rpms / selinux-policy

Clone
Source Code
GIT

Blame policy/modules/roles/dbadm.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   039c65f92fc219376fdf01c246d1c96651e40a0f
  2.   policy
  3.   modules
  4.   roles
  5.   dbadm.te
Blob History Raw
Chris PeBenito 22a287 
policy_module(dbadm, 1.0.0)
Chris PeBenito 22a287
Chris PeBenito 22a287 
########################################
Chris PeBenito 22a287 
#
Chris PeBenito 22a287 
# Declarations
Chris PeBenito 22a287 
#
Chris PeBenito 22a287
Dan Walsh 2968e0 
## <desc>
Dan Walsh 2968e0 
##
Dan Walsh 2968e0 
## Allow dbadm to manage files in users home directories
Dan Walsh 2968e0 
##
Dan Walsh 2968e0 
## </desc>
Dan Walsh 2968e0 
gen_tunable(dbadm_manage_user_files, false)
Dan Walsh 2968e0
Dan Walsh 2968e0 
## <desc>
Dan Walsh 2968e0 
##
Dan Walsh 2968e0 
## Allow dbadm to read files in users home directories
Dan Walsh 2968e0 
##
Dan Walsh 2968e0 
## </desc>
Dan Walsh 2968e0 
gen_tunable(dbadm_read_user_files, false)
Dan Walsh 2968e0
Chris PeBenito 22a287 
role dbadm_r;
Chris PeBenito 22a287
Dan Walsh ac498f 
userdom_base_user_template(dbadm)
Chris PeBenito 22a287
Chris PeBenito 22a287 
########################################
Chris PeBenito 22a287 
#
Chris PeBenito 22a287 
# database admin local policy
Chris PeBenito 22a287 
#
Chris PeBenito 22a287
Dan Walsh 2968e0 
allow dbadm_t self:capability { dac_override dac_read_search sys_ptrace };
Dan Walsh 2968e0
Dan Walsh 2968e0 
files_dontaudit_search_all_dirs(dbadm_t)
Dan Walsh 2968e0 
files_delete_generic_locks(dbadm_t)
Dan Walsh 2968e0 
files_list_var(dbadm_t)
Dan Walsh 2968e0
Dan Walsh 2968e0 
selinux_get_enforce_mode(dbadm_t)
Dan Walsh 2968e0
Dan Walsh 2968e0 
logging_send_syslog_msg(dbadm_t)
Dan Walsh 9461b6 
logging_send_audit_msgs(dbadm_t)
Dan Walsh 2968e0
Dan Walsh 2968e0 
userdom_dontaudit_search_user_home_dirs(dbadm_t)
Dan Walsh 2968e0
Dan Walsh 2968e0 
tunable_policy(`dbadm_manage_user_files',`
Dan Walsh 2968e0 
	userdom_manage_user_home_content_files(dbadm_t)
Dan Walsh 2968e0 
	userdom_read_user_tmp_files(dbadm_t)
Dan Walsh 2968e0 
	userdom_write_user_tmp_files(dbadm_t)
Dan Walsh 2968e0 
')
Dan Walsh 2968e0
Dan Walsh 2968e0 
tunable_policy(`dbadm_read_user_files',`
Dan Walsh 2968e0 
	userdom_read_user_home_content_files(dbadm_t)
Dan Walsh 2968e0 
	userdom_read_user_tmp_files(dbadm_t)
Chris PeBenito 22a287 
')
Chris PeBenito 22a287
Dan Walsh a947da 
optional_policy(`
Dan Walsh 2968e0 
	mysql_admin(dbadm_t, dbadm_r)
Chris PeBenito 22a287 
')
Chris PeBenito 22a287
Chris PeBenito 22a287 
optional_policy(`
Dan Walsh 2968e0 
	postgresql_admin(dbadm_t, dbadm_r)
Chris PeBenito 22a287 
')
Chris PeBenito 22a287
Chris PeBenito 22a287 
optional_policy(`
Dan Walsh a947da 
	sudo_role_template(dbadm, dbadm_r, dbadm_t)
Chris PeBenito 22a287 
')

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation