policy/modules/services/ricci.if

   1 ## <summary>Ricci cluster management agent</summary>
   2
   3 ########################################
   4 ## <summary>
   5 ##      Execute a domain transition to run ricci.
   6 ## </summary>
   7 ## <param name="domain">
   8 ## <summary>
   9 ##      Domain allowed to transition.
  10 ## </summary>
  11 ## </param>
  12 #
  13 interface(`ricci_domtrans',`
  14         gen_require(`
  15                 type ricci_t, ricci_exec_t;
  16         ')
  17
  18         domtrans_pattern($1, ricci_exec_t, ricci_t)
  19 ')
  20
  21 ########################################
  22 ## <summary>
  23 ##      Execute a domain transition to run ricci_modcluster.
  24 ## </summary>
  25 ## <param name="domain">
  26 ## <summary>
  27 ##      Domain allowed to transition.
  28 ## </summary>
  29 ## </param>
  30 #
  31 interface(`ricci_domtrans_modcluster',`
  32         gen_require(`
  33                 type ricci_modcluster_t, ricci_modcluster_exec_t;
  34         ')
  35
  36         domtrans_pattern($1, ricci_modcluster_exec_t, ricci_modcluster_t)
  37 ')
  38
  39 ########################################
  40 ## <summary>
  41 ##      Do not audit attempts to use
  42 ##      ricci_modcluster file descriptors.
  43 ## </summary>
  44 ## <param name="domain">
  45 ##      <summary>
  46 ##      Domain to not audit.
  47 ##      </summary>
  48 ## </param>
  49 #
  50 interface(`ricci_dontaudit_use_modcluster_fds',`
  51         gen_require(`
  52                 type ricci_modcluster_t;
  53         ')
  54
  55         dontaudit $1 ricci_modcluster_t:fd use;
  56 ')
  57
  58 ########################################
  59 ## <summary>
  60 ##      Do not audit attempts to read write
  61 ##      ricci_modcluster unamed pipes.
  62 ## </summary>
  63 ## <param name="domain">
  64 ##      <summary>
  65 ##      Domain to not audit.
  66 ##      </summary>
  67 ## </param>
  68 #
  69 interface(`ricci_dontaudit_rw_modcluster_pipes',`
  70         gen_require(`
  71                 type ricci_modcluster_t;
  72         ')
  73
  74         dontaudit $1 ricci_modcluster_t:fifo_file { read write };
  75 ')
  76
  77 ########################################
  78 ## <summary>
  79 ##      Connect to ricci_modclusterd over an unix stream socket.
  80 ## </summary>
  81 ## <param name="domain">
  82 ##      <summary>
  83 ##      Domain allowed access.
  84 ##      </summary>
  85 ## </param>
  86 #
  87 interface(`ricci_stream_connect_modclusterd',`
  88         gen_require(`
  89                 type ricci_modclusterd_t, ricci_modcluster_var_run_t;
  90         ')
  91
  92         files_search_pids($1)
  93         allow $1 ricci_modcluster_var_run_t:sock_file write;
  94         allow $1 ricci_modclusterd_t:unix_stream_socket connectto;
  95 ')
  96
  97 ########################################
  98 ## <summary>
  99 ##      Execute a domain transition to run ricci_modlog.
 100 ## </summary>
 101 ## <param name="domain">
 102 ## <summary>
 103 ##      Domain allowed to transition.
 104 ## </summary>
 105 ## </param>
 106 #
 107 interface(`ricci_domtrans_modlog',`
 108         gen_require(`
 109                 type ricci_modlog_t, ricci_modlog_exec_t;
 110         ')
 111
 112         domtrans_pattern($1, ricci_modlog_exec_t, ricci_modlog_t)
 113 ')
 114
 115 ########################################
 116 ## <summary>
 117 ##      Execute a domain transition to run ricci_modrpm.
 118 ## </summary>
 119 ## <param name="domain">
 120 ## <summary>
 121 ##      Domain allowed to transition.
 122 ## </summary>
 123 ## </param>
 124 #
 125 interface(`ricci_domtrans_modrpm',`
 126         gen_require(`
 127                 type ricci_modrpm_t, ricci_modrpm_exec_t;
 128         ')
 129
 130         domtrans_pattern($1, ricci_modrpm_exec_t, ricci_modrpm_t)
 131 ')
 132
 133 ########################################
 134 ## <summary>
 135 ##      Execute a domain transition to run ricci_modservice.
 136 ## </summary>
 137 ## <param name="domain">
 138 ## <summary>
 139 ##      Domain allowed to transition.
 140 ## </summary>
 141 ## </param>
 142 #
 143 interface(`ricci_domtrans_modservice',`
 144         gen_require(`
 145                 type ricci_modservice_t, ricci_modservice_exec_t;
 146         ')
 147
 148         domtrans_pattern($1, ricci_modservice_exec_t, ricci_modservice_t)
 149 ')
 150
 151 ########################################
 152 ## <summary>
 153 ##      Execute a domain transition to run ricci_modstorage.
 154 ## </summary>
 155 ## <param name="domain">
 156 ## <summary>
 157 ##      Domain allowed to transition.
 158 ## </summary>
 159 ## </param>
 160 #
 161 interface(`ricci_domtrans_modstorage',`
 162         gen_require(`
 163                 type ricci_modstorage_t, ricci_modstorage_exec_t;
 164         ')
 165
 166         domtrans_pattern($1, ricci_modstorage_exec_t, ricci_modstorage_t)
 167 ')