]> git.ipfire.org Git - people/stevee/selinux-policy.git/blob - policy/modules/system/fstools.if
projects / people / stevee / selinux-policy.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
trunk: whitespace fixes
[people/stevee/selinux-policy.git] / policy / modules / system / fstools.if
1 ## <summary>Tools for filesystem management, such as mkfs and fsck.</summary>
2
3 ########################################
4 ## <summary>
5 ## Execute fs tools in the fstools domain.
6 ## </summary>
7 ## <param name="domain">
8 ## <summary>
9 ## The type of the process performing this action.
10 ## </summary>
11 ## </param>
12 #
13 interface(`fstools_domtrans',`
14 gen_require(`
15 type fsadm_t, fsadm_exec_t;
16 ')
17
18 corecmd_search_bin($1)
19 domtrans_pattern($1, fsadm_exec_t, fsadm_t)
20 ')
21
22 ########################################
23 ## <summary>
24 ## Execute fs tools in the fstools domain, and
25 ## allow the specified role the fs tools domain.
26 ## </summary>
27 ## <param name="domain">
28 ## <summary>
29 ## The type of the process performing this action.
30 ## </summary>
31 ## </param>
32 ## <param name="role">
33 ## <summary>
34 ## The role to be allowed the fs tools domain.
35 ## </summary>
36 ## </param>
37 ## <rolecap/>
38 #
39 interface(`fstools_run',`
40 gen_require(`
41 type fsadm_t;
42 ')
43
44 fstools_domtrans($1)
45 role $2 types fsadm_t;
46 ')
47
48 ########################################
49 ## <summary>
50 ## Execute fsadm in the caller domain.
51 ## </summary>
52 ## <param name="domain">
53 ## <summary>
54 ## The type of the process performing this action.
55 ## </summary>
56 ## </param>
57 #
58 interface(`fstools_exec',`
59 gen_require(`
60 type fsadm_exec_t;
61 ')
62
63 can_exec($1, fsadm_exec_t)
64 ')
65
66 ########################################
67 ## <summary>
68 ## Send signal to fsadm process
69 ## </summary>
70 ## <param name="domain">
71 ## <summary>
72 ## Domain allowed access.
73 ## </summary>
74 ## </param>
75 #
76 interface(`fstools_signal',`
77 gen_require(`
78 type fsadm_t;
79 ')
80
81 allow $1 fsadm_t:process signal;
82 ')
83
84 ########################################
85 ## <summary>
86 ## Read fstools unnamed pipes.
87 ## </summary>
88 ## <param name="domain">
89 ## <summary>
90 ## Domain allowed access.
91 ## </summary>
92 ## </param>
93 #
94 interface(`fstools_read_pipes',`
95 gen_require(`
96 type fsadm_t;
97 ')
98
99 allow $1 fsadm_t:fifo_file read_fifo_file_perms;
100 ')
101
102 ########################################
103 ## <summary>
104 ## Relabel a file to the type used by the
105 ## filesystem tools programs.
106 ## </summary>
107 ## <param name="domain">
108 ## <summary>
109 ## The type of the process performing this action.
110 ## </summary>
111 ## </param>
112 #
113 interface(`fstools_relabelto_entry_files',`
114 gen_require(`
115 type fsadm_exec_t;
116 ')
117
118 allow $1 fsadm_exec_t:file relabelto;
119 ')
120
121 ########################################
122 ## <summary>
123 ## Create, read, write, and delete a file used by the
124 ## filesystem tools programs.
125 ## </summary>
126 ## <param name="domain">
127 ## <summary>
128 ## The type of the process performing this action.
129 ## </summary>
130 ## </param>
131 #
132 interface(`fstools_manage_entry_files',`
133 gen_require(`
134 type fsadm_exec_t;
135 ')
136
137 allow $1 fsadm_exec_t:file manage_file_perms;
138 ')
139
140 ########################################
141 ## <summary>
142 ## Getattr swapfile
143 ## </summary>
144 ## <param name="domain">
145 ## <summary>
146 ## The type of the process performing this action.
147 ## </summary>
148 ## </param>
149 #
150 interface(`fstools_getattr_swap_files',`
151 gen_require(`
152 type swapfile_t;
153 ')
154
155 allow $1 swapfile_t:file getattr;
156 ')
The IPFire selinux policy.