1 ## <summary> ShoutCast compatible streaming media server</summary>
3 ########################################
5 ## Execute a domain transition to run icecast.
7 ## <param name="domain">
9 ## Domain allowed to transition.
13 interface(`icecast_domtrans',`
15 type icecast_t, icecast_exec_t;
18 domtrans_pattern($1, icecast_exec_t, icecast_t)
21 ########################################
23 ## Allow domain signal icecast
25 ## <param name="domain">
27 ## Domain allowed access.
31 interface(`icecast_signal',`
36 allow $1 icecast_t:process signal;
39 ########################################
41 ## Execute icecast server in the icecast domain.
43 ## <param name="domain">
45 ## Domain allowed to transition.
49 interface(`icecast_initrc_domtrans',`
51 type icecast_initrc_exec_t;
54 init_labeled_script_domtrans($1, icecast_initrc_exec_t)
57 ########################################
59 ## Read icecast PID files.
61 ## <param name="domain">
63 ## Domain allowed access.
67 interface(`icecast_read_pid_files',`
69 type icecast_var_run_t;
73 allow $1 icecast_var_run_t:file read_file_perms;
76 ########################################
78 ## Manage icecast pid files.
80 ## <param name="domain">
82 ## Domain allowed access.
86 interface(`icecast_manage_pid_files',`
88 type icecast_var_run_t;
92 manage_files_pattern($1, icecast_var_run_t, icecast_var_run_t)
95 ########################################
97 ## Allow the specified domain to read icecast's log files.
99 ## <param name="domain">
101 ## Domain allowed access.
106 interface(`icecast_read_log',`
111 logging_search_logs($1)
112 read_files_pattern($1, icecast_log_t, icecast_log_t)
115 ########################################
117 ## Allow the specified domain to append
118 ## icecast log files.
120 ## <param name="domain">
122 ## Domain allowed access.
126 interface(`icecast_append_log',`
131 logging_search_logs($1)
132 append_files_pattern($1, icecast_log_t, icecast_log_t)
135 ########################################
137 ## Allow domain to manage icecast log files
139 ## <param name="domain">
141 ## Domain allow access.
145 interface(`icecast_manage_log',`
150 logging_search_logs($1)
151 manage_files_pattern($1, icecast_log_t, icecast_log_t)
154 ########################################
156 ## All of the rules required to administrate
157 ## an icecast environment
159 ## <param name="domain">
161 ## Domain allowed access.
164 ## <param name="role">
166 ## Role allowed access.
171 interface(`icecast_admin',`
173 type icecast_t, icecast_initrc_exec_t;
176 allow $1 icecast_t:process signal_perms;
177 ps_process_pattern($1, icecast_t)
178 tunable_policy(`deny_ptrace',`',`
179 allow $1 icecast_t:process ptrace;
182 # Allow icecast_t to restart the apache service
183 icecast_initrc_domtrans($1)
184 domain_system_change_exemption($1)
185 role_transition $2 icecast_initrc_exec_t system_r;
188 icecast_manage_pid_files($1)
189 icecast_manage_log($1)