rpms / selinux-policy

Clone
Source Code
GIT

Blame policy/modules/roles/dbadm.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   e9bf16d2d91d8a92b96f060cabeda85e4c8b8005
  2.   policy
  3.   modules
  4.   roles
  5.   dbadm.te
Blob History Raw
Chris PeBenito 22a287 
policy_module(dbadm, 1.0.0)
Chris PeBenito 22a287
Chris PeBenito 22a287 
########################################
Chris PeBenito 22a287 
#
Chris PeBenito 22a287 
# Declarations
Chris PeBenito 22a287 
#
Chris PeBenito 22a287
Chris PeBenito c62f1b 
## <desc>
Chris PeBenito c62f1b 
##
Chris PeBenito c62f1b 
## Allow dbadm to manage files in users home directories
Chris PeBenito c62f1b 
##
Chris PeBenito c62f1b 
## </desc>
Chris PeBenito c62f1b 
gen_tunable(dbadm_manage_user_files, false)
Chris PeBenito c62f1b
Chris PeBenito c62f1b 
## <desc>
Chris PeBenito c62f1b 
##
Chris PeBenito c62f1b 
## Allow dbadm to read files in users home directories
Chris PeBenito c62f1b 
##
Chris PeBenito c62f1b 
## </desc>
Chris PeBenito c62f1b 
gen_tunable(dbadm_read_user_files, false)
Chris PeBenito c62f1b
Chris PeBenito 22a287 
role dbadm_r;
Chris PeBenito 22a287
Chris PeBenito c62f1b 
userdom_base_user_template(dbadm)
Chris PeBenito 22a287
Chris PeBenito 22a287 
########################################
Chris PeBenito 22a287 
#
Chris PeBenito 22a287 
# database admin local policy
Chris PeBenito 22a287 
#
Chris PeBenito 22a287
Chris PeBenito c62f1b 
allow dbadm_t self:capability { dac_override dac_read_search sys_ptrace };
Chris PeBenito c62f1b
Chris PeBenito c62f1b 
files_dontaudit_search_all_dirs(dbadm_t)
Chris PeBenito c62f1b 
files_delete_generic_locks(dbadm_t)
Chris PeBenito c62f1b 
files_list_var(dbadm_t)
Chris PeBenito c62f1b
Chris PeBenito c62f1b 
selinux_get_enforce_mode(dbadm_t)
Chris PeBenito c62f1b
Chris PeBenito c62f1b 
logging_send_syslog_msg(dbadm_t)
Chris PeBenito c62f1b
Chris PeBenito c62f1b 
userdom_dontaudit_search_user_home_dirs(dbadm_t)
Chris PeBenito c62f1b
Chris PeBenito c62f1b 
tunable_policy(`dbadm_manage_user_files',`
Chris PeBenito c62f1b 
	userdom_manage_user_home_content_files(dbadm_t)
Chris PeBenito c62f1b 
	userdom_read_user_tmp_files(dbadm_t)
Chris PeBenito c62f1b 
	userdom_write_user_tmp_files(dbadm_t)
Chris PeBenito 22a287 
')
Chris PeBenito 22a287
Chris PeBenito c62f1b 
tunable_policy(`dbadm_read_user_files',`
Chris PeBenito c62f1b 
	userdom_read_user_home_content_files(dbadm_t)
Chris PeBenito c62f1b 
	userdom_read_user_tmp_files(dbadm_t)
Chris PeBenito 22a287 
')
Chris PeBenito 22a287
Chris PeBenito 22a287 
optional_policy(`
Chris PeBenito c62f1b 
	mysql_admin(dbadm_t, dbadm_r)
Chris PeBenito 22a287 
')
Chris PeBenito 22a287
Chris PeBenito 22a287 
optional_policy(`
Chris PeBenito c62f1b 
	postgresql_admin(dbadm_t, dbadm_r)
Chris PeBenito 22a287 
')

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation