policy/modules/system/lvm.if

   1 ## <summary>Policy for logical volume management programs.</summary>
   2
   3 ########################################
   4 ## <summary>
   5 ##      Execute lvm programs in the lvm domain.
   6 ## </summary>
   7 ## <param name="domain">
   8 ##      <summary>
   9 ##      Domain allowed to transition.
  10 ##      </summary>
  11 ## </param>
  12 #
  13 interface(`lvm_domtrans',`
  14         gen_require(`
  15                 type lvm_t, lvm_exec_t;
  16         ')
  17
  18         corecmd_search_bin($1)
  19         domtrans_pattern($1, lvm_exec_t, lvm_t)
  20 ')
  21
  22 ########################################
  23 ## <summary>
  24 ##      Execute lvm programs in the caller domain.
  25 ## </summary>
  26 ## <param name="domain">
  27 ##      <summary>
  28 ##      Domain allowed access.
  29 ##      </summary>
  30 ## </param>
  31 #
  32 interface(`lvm_exec',`
  33         gen_require(`
  34                 type lvm_exec_t;
  35         ')
  36
  37         corecmd_search_bin($1)
  38         can_exec($1, lvm_exec_t)
  39 ')
  40
  41 ########################################
  42 ## <summary>
  43 ##      Execute lvm programs in the lvm domain.
  44 ## </summary>
  45 ## <param name="domain">
  46 ##      <summary>
  47 ##      Domain allowed to transition.
  48 ##      </summary>
  49 ## </param>
  50 ## <param name="role">
  51 ##      <summary>
  52 ##      The role to allow the LVM domain.
  53 ##      </summary>
  54 ## </param>
  55 ## <rolecap/>
  56 #
  57 interface(`lvm_run',`
  58         gen_require(`
  59                 type lvm_t;
  60         ')
  61
  62         lvm_domtrans($1)
  63         role $2 types lvm_t;
  64 ')
  65
  66 ########################################
  67 ## <summary>
  68 ##      Read LVM configuration files.
  69 ## </summary>
  70 ## <param name="domain">
  71 ##      <summary>
  72 ##      Domain allowed access.
  73 ##      </summary>
  74 ## </param>
  75 ## <rolecap/>
  76 #
  77 interface(`lvm_read_config',`
  78         gen_require(`
  79                 type lvm_etc_t;
  80         ')
  81
  82         files_search_etc($1)
  83         allow $1 lvm_etc_t:dir list_dir_perms;
  84         read_files_pattern($1, lvm_etc_t, lvm_etc_t)
  85 ')
  86
  87 ########################################
  88 ## <summary>
  89 ##      Manage LVM configuration files.
  90 ## </summary>
  91 ## <param name="domain">
  92 ##      <summary>
  93 ##      Domain allowed access.
  94 ##      </summary>
  95 ## </param>
  96 ## <rolecap/>
  97 #
  98 interface(`lvm_manage_config',`
  99         gen_require(`
 100                 type lvm_etc_t;
 101         ')
 102
 103         files_search_etc($1)
 104         manage_dirs_pattern($1, lvm_etc_t, lvm_etc_t)
 105         manage_files_pattern($1, lvm_etc_t, lvm_etc_t)
 106 ')
 107
 108 ######################################
 109 ## <summary>
 110 ##      Execute a domain transition to run clvmd.
 111 ## </summary>
 112 ## <param name="domain">
 113 ## <summary>
 114 ##      Domain allowed to transition.
 115 ## </summary>
 116 ## </param>
 117 #
 118 interface(`lvm_domtrans_clvmd',`
 119         gen_require(`
 120                 type clvmd_t, clvmd_exec_t;
 121         ')
 122
 123         corecmd_search_bin($1)
 124         domtrans_pattern($1, clvmd_exec_t, clvmd_t)
 125 ')