1 ## <summary>Varnishd http accelerator daemon</summary>
3 #######################################
5 ## Execute varnishd in the varnishd domain.
7 ## <param name="domain">
9 ## Domain allowed to transition.
13 interface(`varnishd_domtrans',`
15 type varnishd_t, varnishd_exec_t;
18 corecmd_search_bin($1)
19 domtrans_pattern($1, varnishd_exec_t, varnishd_t)
22 #######################################
26 ## <param name="domain">
28 ## Domain allowed access.
32 interface(`varnishd_exec',`
37 can_exec($1, varnishd_exec_t)
40 ######################################
42 ## Read varnishd configuration file.
44 ## <param name="domain">
46 ## Domain allowed access.
50 interface(`varnishd_read_config',`
56 read_files_pattern($1, varnishd_etc_t, varnishd_etc_t)
59 #####################################
61 ## Read varnish lib files.
63 ## <param name="domain">
65 ## Domain allowed access.
69 interface(`varnishd_read_lib_files',`
71 type varnishd_var_lib_t;
74 files_search_var_lib($1)
75 read_files_pattern($1, varnishd_var_lib_t, varnishd_var_lib_t)
78 #######################################
82 ## <param name="domain">
84 ## Domain allowed access.
88 interface(`varnishd_read_log',`
90 type varnishlog_log_t;
93 logging_search_logs($1)
94 read_files_pattern($1, varnishlog_log_t, varnishlog_log_t)
97 ######################################
99 ## Append varnish logs.
101 ## <param name="domain">
103 ## Domain allowed access.
107 interface(`varnishd_append_log',`
109 type varnishlog_log_t;
112 logging_search_logs($1)
113 append_files_pattern($1, varnishlog_log_t, varnishlog_log_t)
116 #####################################
118 ## Manage varnish logs.
120 ## <param name="domain">
122 ## Domain allowed access.
126 interface(`varnishd_manage_log',`
128 type varnishlog_log_t;
131 logging_search_logs($1)
132 manage_files_pattern($1, varnishlog_log_t, varnishlog_log_t)
135 ######################################
137 ## All of the rules required to administrate
138 ## an varnishlog environment
140 ## <param name="domain">
142 ## Domain allowed access.
145 ## <param name="role">
147 ## The role to be allowed to manage the varnishlog domain.
152 interface(`varnishd_admin_varnishlog',`
154 type varnishlog_t, varnishlog_initrc_exec_t;
155 type varnishlog_var_run_t, varnishlog_log_t;
158 allow $1 varnishlog_t:process { ptrace signal_perms };
159 ps_process_pattern($1, varnishlog_t)
161 init_labeled_script_domtrans($1, varnishlog_initrc_exec_t)
162 domain_system_change_exemption($1)
163 role_transition $2 varnishlog_initrc_exec_t system_r;
166 files_search_pids($1)
167 admin_pattern($1, varnishlog_var_run_t)
169 logging_list_logs($1)
170 admin_pattern($1, varnishlog_log_t)
173 #######################################
175 ## All of the rules required to administrate
176 ## an varnishd environment
178 ## <param name="domain">
180 ## Domain allowed access.
183 ## <param name="role">
185 ## The role to be allowed to manage the varnishd domain.
190 interface(`varnishd_admin',`
192 type varnishd_t, varnishd_var_lib_t, varnishd_etc_t;
193 type varnishd_var_run_t, varnishd_tmp_t;
194 type varnishd_initrc_exec_t;
197 allow $1 varnishd_t:process { ptrace signal_perms };
198 ps_process_pattern($1, varnishd_t)
200 init_labeled_script_domtrans($1, varnishd_initrc_exec_t)
201 domain_system_change_exemption($1)
202 role_transition $2 varnishd_initrc_exec_t system_r;
205 files_search_var_lib($1)
206 admin_pattern($1, varnishd_var_lib_t)
209 admin_pattern($1, varnishd_etc_t)
211 files_search_pids($1)
212 admin_pattern($1, varnishd_var_run_t)
215 admin_pattern($1, varnishd_tmp_t)