rpms / selinux-policy

Clone
Source Code
GIT

Blame policy/modules/services/oident.if

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   c4786dd6ff3a8b5e111ea64e7ec721328e252b24
  2.   policy
  3.   modules
  4.   services
  5.   oident.if
Blob History Raw
Chris PeBenito 73edbc 
## <summary>SELinux policy for Oident daemon.</summary>
Chris PeBenito 73edbc 
## <desc>
Chris PeBenito 73edbc 
##
Chris PeBenito 73edbc 
##	Oident daemon is a server that implements the TCP/IP
Chris PeBenito 73edbc 
##	standard IDENT user identification protocol as
Chris PeBenito 73edbc 
##	specified in the RFC 1413 document.
Chris PeBenito 73edbc 
##
Chris PeBenito 73edbc 
## </desc>
Chris PeBenito 73edbc
Chris PeBenito 296273 
########################################
Chris PeBenito 73edbc 
## <summary>
Chris PeBenito 296273 
##	Allow the specified domain to read
Chris PeBenito 296273 
##	Oidentd personal configuration files.
Chris PeBenito 73edbc 
## </summary>
Chris PeBenito 296273 
## <param name="domain">
Chris PeBenito 296273 
##	<summary>
Chris PeBenito 296273 
##	Domain allowed access.
Chris PeBenito 296273 
##	</summary>
Chris PeBenito 73edbc 
## </param>
Chris PeBenito 73edbc 
#
Dominick Grift 1976dd 
interface(`oident_read_user_content',`
Chris PeBenito 73edbc 
	gen_require(`
Chris PeBenito 296273 
		type oidentd_home_t;
Chris PeBenito 73edbc 
	')
Chris PeBenito 73edbc
Chris PeBenito 296273 
	allow $1 oidentd_home_t:file read_file_perms;
Chris PeBenito 296273 
	userdom_search_user_home_dirs($1)
Chris PeBenito 296273 
')
Chris PeBenito 73edbc
Chris PeBenito 296273 
########################################
Chris PeBenito 296273 
## <summary>
Chris PeBenito 296273 
##	Allow the specified domain to create, read, write, and delete
Chris PeBenito 296273 
##	Oidentd personal configuration files.
Chris PeBenito 296273 
## </summary>
Chris PeBenito 296273 
## <param name="domain">
Chris PeBenito 296273 
##	<summary>
Chris PeBenito 296273 
##	Domain allowed access.
Chris PeBenito 296273 
##	</summary>
Chris PeBenito 296273 
## </param>
Chris PeBenito 296273 
#
Dominick Grift 1976dd 
interface(`oident_manage_user_content',`
Chris PeBenito 296273 
	gen_require(`
Chris PeBenito 296273 
		type oidentd_home_t;
Chris PeBenito 296273 
	')
Chris PeBenito 73edbc
Chris PeBenito 296273 
	allow $1 oidentd_home_t:file manage_file_perms;
Chris PeBenito 296273 
	userdom_search_user_home_dirs($1)
Chris PeBenito 73edbc 
')
Chris PeBenito 73edbc
Chris PeBenito 73edbc 
########################################
Chris PeBenito 73edbc 
## <summary>
Chris PeBenito 296273 
##	Allow the specified domain to relabel
Chris PeBenito 73edbc 
##	Oidentd personal configuration files.
Chris PeBenito 73edbc 
## </summary>
Chris PeBenito 73edbc 
## <param name="domain">
Chris PeBenito 73edbc 
##	<summary>
Chris PeBenito 73edbc 
##	Domain allowed access.
Chris PeBenito 73edbc 
##	</summary>
Chris PeBenito 73edbc 
## </param>
Chris PeBenito 73edbc 
#
Dominick Grift 1976dd 
interface(`oident_relabel_user_content',`
Chris PeBenito 73edbc 
	gen_require(`
Chris PeBenito 296273 
		type oidentd_home_t;
Chris PeBenito 73edbc 
	')
Chris PeBenito 73edbc
Chris PeBenito 296273 
	allow $1 oidentd_home_t:file relabel_file_perms;
Chris PeBenito 296273 
	userdom_search_user_home_dirs($1)
Chris PeBenito 73edbc 
')
Dominick Grift c4786d
Dominick Grift c4786d 
########################################
Dominick Grift c4786d 
## <summary>
Dominick Grift c4786d 
##	All of the rules required to administrate
Dominick Grift c4786d 
##	an oident environment
Dominick Grift c4786d 
## </summary>
Dominick Grift c4786d 
## <param name="domain">
Dominick Grift c4786d 
##	<summary>
Dominick Grift c4786d 
##	Domain allowed access.
Dominick Grift c4786d 
##	</summary>
Dominick Grift c4786d 
## </param>
Dominick Grift c4786d 
## <param name="role">
Dominick Grift c4786d 
##	<summary>
Dominick Grift c4786d 
##	Role allowed access.
Dominick Grift c4786d 
##	</summary>
Dominick Grift c4786d 
## </param>
Dominick Grift c4786d 
## <rolecap/>
Dominick Grift c4786d 
#
Dominick Grift c4786d 
interface(`oident_admin',`
Dominick Grift c4786d 
	gen_require(`
Dominick Grift c4786d 
		type oidentd_t, oidentd_initrc_exec_t, oidentd_config_t;
Dominick Grift c4786d 
	')
Dominick Grift c4786d
Dominick Grift c4786d 
	allow $1 oidentd_t:process { ptrace signal_perms };
Dominick Grift c4786d 
	ps_process_pattern($1, oidentd_t)
Dominick Grift c4786d
Dominick Grift c4786d 
	init_labeled_script_domtrans($1, oidentd_initrc_exec_t)
Dominick Grift c4786d 
	domain_system_change_exemption($1)
Dominick Grift c4786d 
	role_transition $2 oidentd_initrc_exec_t system_r;
Dominick Grift c4786d 
	allow $2 system_r;
Dominick Grift c4786d
Dominick Grift c4786d 
	files_search_etc($1)
Dominick Grift c4786d 
	admin_pattern($1, oidentd_config_t)
Dominick Grift c4786d 
')

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation