rpms / selinux-policy

Clone
Source Code
GIT

Blame refpolicy/policy/modules/admin/certwatch.if

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   3b311307cdbde8fb8c0a5ebdfd791f67c082858f
  2.   refpolicy
  3.   policy
  4.   modules
  5.   admin
  6.   certwatch.if
Blob History Raw
Chris PeBenito 2bcdbd 
## <summary>Digital Certificate Tracking</summary>
Chris PeBenito 2bcdbd
Chris PeBenito 2bcdbd 
########################################
Chris PeBenito 2bcdbd 
## <summary>
Chris PeBenito 2bcdbd 
##	Domain transition to certwatch.
Chris PeBenito 2bcdbd 
## </summary>
Chris PeBenito 2bcdbd 
## <param name="domain">
Chris PeBenito 2bcdbd 
##	Domain allowed access.
Chris PeBenito 2bcdbd 
## </param>
Chris PeBenito 2bcdbd 
#
Chris PeBenito 2bcdbd 
interface(`certwatch_domtrans',`
Chris PeBenito 2bcdbd 
	gen_require(`
Chris PeBenito 2bcdbd 
		type certwatch_exec_t, certwatch_t;
Chris PeBenito 2bcdbd 
	')
Chris PeBenito 2bcdbd
Chris PeBenito 2bcdbd 
	files_search_usr($1)
Chris PeBenito 2bcdbd 
	corecmd_search_sbin($1)
Chris PeBenito 2bcdbd 
	domain_auto_trans($1,certwatch_exec_t,certwatch_t)
Chris PeBenito 2bcdbd
Chris PeBenito 2bcdbd 
	allow $1 certwatch_t:fd use;
Chris PeBenito 2bcdbd 
	allow certwatch_t $1:fd use;
Chris PeBenito 2bcdbd 
	allow certwatch_t $1:fifo_file rw_file_perms;
Chris PeBenito 2bcdbd 
	allow certwatch_t $1:process sigchld;
Chris PeBenito 2bcdbd 
')
Chris PeBenito 2bcdbd
Chris PeBenito 2bcdbd 
########################################
Chris PeBenito 2bcdbd 
## <summary>
Chris PeBenito 2bcdbd 
##	Execute certwatch in the certwatch domain, and
Chris PeBenito 2bcdbd 
##	allow the specified role the certwatch domain,
Chris PeBenito 2bcdbd 
##	and use the caller's terminal. Has a sigchld
Chris PeBenito 2bcdbd 
##	backchannel.
Chris PeBenito 2bcdbd 
## </summary>
Chris PeBenito 2bcdbd 
## <param name="domain">
Chris PeBenito 2bcdbd 
##	The type of the process performing this action.
Chris PeBenito 2bcdbd 
## </param>
Chris PeBenito 2bcdbd 
## <param name="role">
Chris PeBenito 2bcdbd 
##	The role to be allowed the certwatch domain.
Chris PeBenito 2bcdbd 
## </param>
Chris PeBenito 2bcdbd 
## <param name="terminal">
Chris PeBenito 2bcdbd 
##	The type of the terminal allow the certwatch domain to use.
Chris PeBenito 2bcdbd 
## </param>
Chris PeBenito 2bcdbd 
#
Chris PeBenito 2bcdbd 
interface(`certwatach_run',`
Chris PeBenito 2bcdbd 
	gen_require(`
Chris PeBenito 2bcdbd 
		type certwatch_t;
Chris PeBenito 2bcdbd 
	')
Chris PeBenito 2bcdbd
Chris PeBenito 2bcdbd 
	certwatch_domtrans($1)
Chris PeBenito 2bcdbd 
	role $2 types certwatch_t;
Chris PeBenito 2bcdbd 
	allow certwatch_t $3:chr_file rw_term_perms;
Chris PeBenito 2bcdbd 
')

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation