rpms / selinux-policy

Clone
Source Code
GIT

Blame policy/modules/admin/shutdown.if

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   4192c80c13b83eca126a4d33256270655b3bcff6
  2.   policy
  3.   modules
  4.   admin
  5.   shutdown.if
Blob History Raw
Chris PeBenito 7e265a 
## <summary>System shutdown command</summary>
Chris PeBenito 7e265a
Chris PeBenito 7e265a 
########################################
Chris PeBenito 7e265a 
## <summary>
Chris PeBenito 7e265a 
##	Execute a domain transition to run shutdown.
Chris PeBenito 7e265a 
## </summary>
Chris PeBenito 7e265a 
## <param name="domain">
Chris PeBenito 7e265a 
## <summary>
Chris PeBenito 7e265a 
##	Domain allowed to transition.
Chris PeBenito 7e265a 
## </summary>
Chris PeBenito 7e265a 
## </param>
Chris PeBenito 7e265a 
#
Chris PeBenito 7e265a 
interface(`shutdown_domtrans',`
Chris PeBenito 7e265a 
	gen_require(`
Chris PeBenito 7e265a 
		type shutdown_t, shutdown_exec_t;
Chris PeBenito 7e265a 
	')
Chris PeBenito 7e265a
Chris PeBenito 7e265a 
	domtrans_pattern($1, shutdown_exec_t, shutdown_t)
Chris PeBenito 7e265a
Chris PeBenito 7e265a 
	ifdef(`hide_broken_symptoms', `
Chris PeBenito 7e265a 
		dontaudit shutdown_t $1:socket_class_set { read write };
Dan Walsh 3eaa99 
		dontaudit shutdown_t $1:fifo_file rw_inherited_fifo_file_perms;
Chris PeBenito 7e265a 
	')
Chris PeBenito 7e265a 
')
Chris PeBenito 7e265a
Dan Walsh 3eaa99
Chris PeBenito 7e265a 
########################################
Chris PeBenito 7e265a 
## <summary>
Chris PeBenito 7e265a 
##	Execute shutdown in the shutdown domain, and
Chris PeBenito 7e265a 
##	allow the specified role the shutdown domain.
Chris PeBenito 7e265a 
## </summary>
Chris PeBenito 7e265a 
## <param name="domain">
Chris PeBenito 7e265a 
##	<summary>
Dominick Grift 77e4b5 
##	Domain allowed to transition.
Chris PeBenito 7e265a 
##	</summary>
Chris PeBenito 7e265a 
## </param>
Chris PeBenito 7e265a 
## <param name="role">
Chris PeBenito 7e265a 
##	<summary>
Chris PeBenito a7ee7f 
##	Role allowed access.
Chris PeBenito 7e265a 
##	</summary>
Chris PeBenito 7e265a 
## </param>
Chris PeBenito 7e265a 
#
Chris PeBenito 7e265a 
interface(`shutdown_run',`
Chris PeBenito 7e265a 
	gen_require(`
Chris PeBenito 7e265a 
		type shutdown_t;
Chris PeBenito 7e265a 
	')
Chris PeBenito 7e265a
Chris PeBenito 7e265a 
	shutdown_domtrans($1)
Chris PeBenito 7e265a 
	role $2 types shutdown_t;
Chris PeBenito 7e265a 
')
Chris PeBenito 7e265a
Chris PeBenito 7e265a 
########################################
Chris PeBenito 7e265a 
## <summary>
Dan Walsh 3eaa99 
##	Role access for shutdown
Dan Walsh 3eaa99 
## </summary>
Dan Walsh 3eaa99 
## <param name="role">
Dan Walsh 3eaa99 
##	<summary>
Dan Walsh 3eaa99 
##	Role allowed access
Dan Walsh 3eaa99 
##	</summary>
Dan Walsh 3eaa99 
## </param>
Dan Walsh 3eaa99 
## <param name="domain">
Dan Walsh 3eaa99 
##	<summary>
Dan Walsh 3eaa99 
##	User domain for the role
Dan Walsh 3eaa99 
##	</summary>
Dan Walsh 3eaa99 
## </param>
Dan Walsh 3eaa99 
#
Dan Walsh 3eaa99 
interface(`shutdown_role',`
Dan Walsh 3eaa99 
	gen_require(`
Dan Walsh 3eaa99 
              type shutdown_t;
Dan Walsh 3eaa99 
	')
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
	role $1 types shutdown_t;
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
	shutdown_domtrans($2)
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
	ps_process_pattern($2, shutdown_t)
Dan Walsh 3eaa99 
	allow $2 shutdown_t:process signal;
Dan Walsh 3eaa99 
')
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
########################################
Dan Walsh 3eaa99 
## <summary>
Dan Walsh 3eaa99 
##	Recieve sigchld from shutdown
Dan Walsh 3eaa99 
## </summary>
Dan Walsh 3eaa99 
## <param name="domain">
Dan Walsh 3eaa99 
##	<summary>
Dan Walsh 3eaa99 
##	Domain allowed access
Dan Walsh 3eaa99 
##	</summary>
Dan Walsh 3eaa99 
## </param>
Dan Walsh 3eaa99 
#
Dan Walsh 3eaa99 
interface(`shutdown_send_sigchld',`
Dan Walsh 3eaa99 
	gen_require(`
Dan Walsh 3eaa99 
              type shutdown_t;
Dan Walsh 3eaa99 
	')
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
	allow shutdown_t $1:process signal;
Dan Walsh 3eaa99 
')
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
########################################
Dan Walsh 3eaa99 
## <summary>
Dan Walsh 3eaa99 
##	Send and receive messages from
Dan Walsh 3eaa99 
##	shutdown over dbus.
Dan Walsh 3eaa99 
## </summary>
Dan Walsh 3eaa99 
## <param name="domain">
Dan Walsh 3eaa99 
##	<summary>
Dan Walsh 3eaa99 
##	Domain allowed access.
Dan Walsh 3eaa99 
##	</summary>
Dan Walsh 3eaa99 
## </param>
Dan Walsh 3eaa99 
#
Dan Walsh 3eaa99 
interface(`shutdown_dbus_chat',`
Dan Walsh 3eaa99 
	gen_require(`
Dan Walsh 3eaa99 
		type shutdown_t;
Dan Walsh 3eaa99 
		class dbus send_msg;
Dan Walsh 3eaa99 
	')
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
	allow $1 shutdown_t:dbus send_msg;
Dan Walsh 3eaa99 
	allow shutdown_t $1:dbus send_msg;
Dan Walsh 3eaa99 
')
Dan Walsh 3eaa99
Dan Walsh 3eaa99 
########################################
Dan Walsh 3eaa99 
## <summary>
Chris PeBenito 7e265a 
##	Get attributes of shutdown executable.
Chris PeBenito 7e265a 
## </summary>
Chris PeBenito 7e265a 
## <param name="domain">
Chris PeBenito 7e265a 
##	<summary>
Chris PeBenito 7e265a 
##	Domain allowed access.
Chris PeBenito 7e265a 
##	</summary>
Chris PeBenito 7e265a 
## </param>
Chris PeBenito 7e265a 
#
Chris PeBenito 7e265a 
interface(`shutdown_getattr_exec_files',`
Chris PeBenito 7e265a 
	gen_require(`
Chris PeBenito 7e265a 
		type shutdown_exec_t;
Chris PeBenito 7e265a 
	')
Chris PeBenito 7e265a
Chris PeBenito 7e265a 
	allow $1 shutdown_exec_t:file getattr;
Chris PeBenito 7e265a 
')

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation