1 ## <summary>Zebra border gateway protocol network routing service</summary>
3 ########################################
5 ## Read the configuration files for zebra.
7 ## <param name="domain">
9 ## Domain allowed access.
14 interface(`zebra_read_config',`
20 allow $1 zebra_conf_t:dir list_dir_perms;
21 read_files_pattern($1, zebra_conf_t, zebra_conf_t)
22 read_lnk_files_pattern($1, zebra_conf_t, zebra_conf_t)
25 ########################################
27 ## Connect to zebra over an unix stream socket.
29 ## <param name="domain">
31 ## Domain allowed access.
35 interface(`zebra_stream_connect',`
37 type zebra_t, zebra_var_run_t;
41 stream_connect_pattern($1, zebra_var_run_t, zebra_var_run_t, zebra_t)
44 ########################################
46 ## All of the rules required to administrate
47 ## an zebra environment
49 ## <param name="domain">
51 ## Domain allowed access.
54 ## <param name="role">
56 ## The role to be allowed to manage the zebra domain.
61 interface(`zebra_admin',`
63 type zebra_t, zebra_tmp_t, zebra_log_t;
64 type zebra_conf_t, zebra_var_run_t;
65 type zebra_initrc_exec_t;
68 allow $1 zebra_t:process { ptrace signal_perms };
69 ps_process_pattern($1, zebra_t)
71 init_labeled_script_domtrans($1, zebra_initrc_exec_t)
72 domain_system_change_exemption($1)
73 role_transition $2 zebra_initrc_exec_t system_r;
77 admin_pattern($1, zebra_conf_t)
80 admin_pattern($1, zebra_log_t)
83 admin_pattern($1, zebra_tmp_t)
86 admin_pattern($1, zebra_var_run_t)