policy/modules/services/fcoemon.if

   1
   2 ## <summary>policy for fcoemon</summary>
   3
   4 ########################################
   5 ## <summary>
   6 ##      Transition to fcoemon.
   7 ## </summary>
   8 ## <param name="domain">
   9 ## <summary>
  10 ##      Domain allowed to transition.
  11 ## </summary>
  12 ## </param>
  13 #
  14 interface(`fcoemon_domtrans',`
  15         gen_require(`
  16                 type fcoemon_t, fcoemon_exec_t;
  17         ')
  18
  19         corecmd_search_bin($1)
  20         domtrans_pattern($1, fcoemon_exec_t, fcoemon_t)
  21 ')
  22
  23
  24 ########################################
  25 ## <summary>
  26 ##      Read fcoemon PID files.
  27 ## </summary>
  28 ## <param name="domain">
  29 ##      <summary>
  30 ##      Domain allowed access.
  31 ##      </summary>
  32 ## </param>
  33 #
  34 interface(`fcoemon_read_pid_files',`
  35         gen_require(`
  36                 type fcoemon_var_run_t;
  37         ')
  38
  39         files_search_pids($1)
  40         allow $1 fcoemon_var_run_t:file read_file_perms;
  41 ')
  42
  43 #######################################
  44 ## <summary>
  45 ##      Send to a fcoemon unix dgram socket.
  46 ## </summary>
  47 ## <param name="domain">
  48 ##      <summary>
  49 ##      Domain allowed access.
  50 ##      </summary>
  51 ## </param>
  52 #
  53 interface(`fcoemon_dgram_send',`
  54         gen_require(`
  55                 type fcoemon_t;
  56         ')
  57
  58         allow $1 fcoemon_t:unix_dgram_socket sendto;
  59 ')
  60
  61 ########################################
  62 ## <summary>
  63 ##      All of the rules required to administrate
  64 ##      an fcoemon environment
  65 ## </summary>
  66 ## <param name="domain">
  67 ##      <summary>
  68 ##      Domain allowed access.
  69 ##      </summary>
  70 ## </param>
  71 ## <param name="role">
  72 ##      <summary>
  73 ##      Role allowed access.
  74 ##      </summary>
  75 ## </param>
  76 ## <rolecap/>
  77 #
  78 interface(`fcoemon_admin',`
  79         gen_require(`
  80                 type fcoemon_t;
  81         type fcoemon_var_run_t;
  82         ')
  83
  84         allow $1 fcoemon_t:process signal_perms;
  85         ps_process_pattern($1, fcoemon_t)
  86         tunable_policy(`deny_ptrace',`',`
  87                 allow $1 fcoemon_t:process ptrace;
  88         ')
  89
  90         files_search_pids($1)
  91         admin_pattern($1, fcoemon_var_run_t)
  92
  93 ')
  94