1 ## <summary>Policy for logical volume management programs.</summary>
3 ########################################
5 ## Execute lvm programs in the lvm domain.
7 ## <param name="domain">
9 ## Domain allowed to transition.
13 interface(`lvm_domtrans',`
15 type lvm_t, lvm_exec_t;
18 corecmd_search_bin($1)
19 domtrans_pattern($1, lvm_exec_t, lvm_t)
22 ########################################
24 ## Execute lvm programs in the caller domain.
26 ## <param name="domain">
28 ## Domain allowed access.
32 interface(`lvm_exec',`
37 corecmd_search_bin($1)
38 can_exec($1, lvm_exec_t)
41 ########################################
43 ## Execute lvm programs in the lvm domain.
45 ## <param name="domain">
47 ## Domain allowed to transition.
50 ## <param name="role">
52 ## The role to allow the LVM domain.
66 ########################################
68 ## Read LVM configuration files.
70 ## <param name="domain">
72 ## Domain allowed access.
77 interface(`lvm_read_config',`
83 allow $1 lvm_etc_t:dir list_dir_perms;
84 read_files_pattern($1, lvm_etc_t, lvm_etc_t)
87 ########################################
89 ## Manage LVM configuration files.
91 ## <param name="domain">
93 ## Domain allowed access.
98 interface(`lvm_manage_config',`
104 manage_dirs_pattern($1, lvm_etc_t, lvm_etc_t)
105 manage_files_pattern($1, lvm_etc_t, lvm_etc_t)
108 ######################################
110 ## Execute a domain transition to run clvmd.
112 ## <param name="domain">
114 ## Domain allowed to transition.
118 interface(`lvm_domtrans_clvmd',`
120 type clvmd_t, clvmd_exec_t;
123 corecmd_search_bin($1)
124 domtrans_pattern($1, clvmd_exec_t, clvmd_t)