# cache, on behalf of the processes accessing the cache through a network
# filesystem such as NFS
#
-policy_module(cachefilesd,1.0.17)
+policy_module(cachefilesd, 1.0.17)
###############################################################################
#
# Check in /usr/share/selinux/devel/include/ for macros to use instead of allow
# rules.
#
-allow cachefilesd_t self : capability { setuid setgid sys_admin dac_override };
+allow cachefilesd_t self:capability { setuid setgid sys_admin dac_override };
# Basic access
files_read_etc_files(cachefilesd_t)
# Allow manipulation of pid file
allow cachefilesd_t cachefilesd_var_run_t:file create_file_perms;
-manage_files_pattern(cachefilesd_t,cachefilesd_var_run_t, cachefilesd_var_run_t)
-manage_dirs_pattern(cachefilesd_t,cachefilesd_var_run_t, cachefilesd_var_run_t)
+manage_files_pattern(cachefilesd_t, cachefilesd_var_run_t, cachefilesd_var_run_t)
+manage_dirs_pattern(cachefilesd_t, cachefilesd_var_run_t, cachefilesd_var_run_t)
files_pid_file(cachefilesd_var_run_t)
-files_pid_filetrans(cachefilesd_t,cachefilesd_var_run_t,file)
+files_pid_filetrans(cachefilesd_t, cachefilesd_var_run_t, file)
files_create_as_is_all_files(cachefilesd_t)
# Allow access to cachefiles device file
-allow cachefilesd_t cachefiles_dev_t : chr_file rw_file_perms;
+allow cachefilesd_t cachefiles_dev_t:chr_file rw_file_perms;
# Allow access to cache superstructure
-allow cachefilesd_t cachefiles_var_t : dir { rw_dir_perms rmdir };
-allow cachefilesd_t cachefiles_var_t : file { getattr rename unlink };
+allow cachefilesd_t cachefiles_var_t:dir { rw_dir_perms rmdir };
+allow cachefilesd_t cachefiles_var_t:file { getattr rename unlink };
# Permit statfs on the backing filesystem
fs_getattr_xattr_fs(cachefilesd_t)
# (1) the security context used by the module to access files in the cache,
# as set by the 'secctx' command in /etc/cachefilesd.conf, and
#
-allow cachefilesd_t cachefiles_kernel_t : kernel_service { use_as_override };
+allow cachefilesd_t cachefiles_kernel_t:kernel_service { use_as_override };
#
# (2) the label that will be assigned to new files and directories created in
# the cache by the module, which will be the same as the label on the
# directory pointed to by the 'dir' command.
#
-allow cachefilesd_t cachefiles_var_t : kernel_service { create_files_as };
+allow cachefilesd_t cachefiles_var_t:kernel_service { create_files_as };
###############################################################################
#
allow cachefiles_kernel_t self:capability { dac_override dac_read_search };
allow cachefiles_kernel_t initrc_t:process sigchld;
-manage_dirs_pattern(cachefiles_kernel_t,cachefiles_var_t, cachefiles_var_t)
-manage_files_pattern(cachefiles_kernel_t,cachefiles_var_t, cachefiles_var_t)
+manage_dirs_pattern(cachefiles_kernel_t, cachefiles_var_t, cachefiles_var_t)
+manage_files_pattern(cachefiles_kernel_t, cachefiles_var_t, cachefiles_var_t)
fs_getattr_xattr_fs(cachefiles_kernel_t)