]> git.ipfire.org Git - people/stevee/selinux-policy.git/blob - policy/modules/services/smartmon.if
projects / people / stevee / selinux-policy.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add a boolean to turn off all instances of ptrace in the policy
[people/stevee/selinux-policy.git] / policy / modules / services / smartmon.if
1 ## <summary>Smart disk monitoring daemon policy</summary>
2
3 #######################################
4 ## <summary>
5 ## Allow caller to read smartmon temporary files.
6 ## </summary>
7 ## <param name="domain">
8 ## <summary>
9 ## Domain allowed access.
10 ## </summary>
11 ## </param>
12 #
13 interface(`smartmon_read_tmp_files',`
14 gen_require(`
15 type fsdaemon_tmp_t;
16 ')
17
18 files_search_tmp($1)
19 allow $1 fsdaemon_tmp_t:file read_file_perms;
20 ')
21
22 ########################################
23 ## <summary>
24 ## All of the rules required to administrate
25 ## an smartmon environment
26 ## </summary>
27 ## <param name="domain">
28 ## <summary>
29 ## Domain allowed access.
30 ## </summary>
31 ## </param>
32 ## <param name="role">
33 ## <summary>
34 ## Role allowed access.
35 ## </summary>
36 ## </param>
37 ## <rolecap/>
38 #
39 interface(`smartmon_admin',`
40 gen_require(`
41 type fsdaemon_t, fsdaemon_tmp_t, fsdaemon_var_run_t;
42 type fsdaemon_initrc_exec_t;
43 ')
44
45 allow $1 fsdaemon_t:process signal_perms;
46 ps_process_pattern($1, fsdaemon_t)
47 tunable_policy(`deny_ptrace',`',`
48 allow $1 smartmon_t:process ptrace;
49 ')
50
51 init_labeled_script_domtrans($1, fsdaemon_initrc_exec_t)
52 domain_system_change_exemption($1)
53 role_transition $2 fsdaemon_initrc_exec_t system_r;
54 allow $2 system_r;
55
56 files_list_tmp($1)
57 admin_pattern($1, fsdaemon_tmp_t)
58
59 files_list_pids($1)
60 admin_pattern($1, fsdaemon_var_run_t)
61 ')
The IPFire selinux policy.