|
Chris PeBenito |
f267df |
## <module name="filesystem" layer="kernel">
|
|
Chris PeBenito |
e32d52 |
## <summary>Policy for filesystems.</summary>
|
|
Chris PeBenito |
e181fe |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_make_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Transform specified type into a filesystem type.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the process performing this action.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_make_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
typeattribute $1 fs_type;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
763c44 |
define(`fs_make_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute fs_type;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
0fd9dc |
## <interface name="fs_make_noxattr_fs">
|
|
Chris PeBenito |
0fd9dc |
## <description>
|
|
Chris PeBenito |
0fd9dc |
## Transform specified type into a filesystem
|
|
Chris PeBenito |
0fd9dc |
## type which does not have extended attribute
|
|
Chris PeBenito |
0fd9dc |
## support.
|
|
Chris PeBenito |
0fd9dc |
## </description>
|
|
Chris PeBenito |
0fd9dc |
## <parameter name="domain">
|
|
Chris PeBenito |
0fd9dc |
## The type of the process performing this action.
|
|
Chris PeBenito |
0fd9dc |
## </parameter>
|
|
Chris PeBenito |
0fd9dc |
## </interface>
|
|
Chris PeBenito |
0fd9dc |
#
|
|
Chris PeBenito |
0fd9dc |
define(`fs_make_noxattr_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0fd9dc |
|
|
Chris PeBenito |
0fd9dc |
fs_make_fs($1)
|
|
Chris PeBenito |
0fd9dc |
|
|
Chris PeBenito |
0fd9dc |
typeattribute $1 noxattrfs;
|
|
Chris PeBenito |
0fd9dc |
')
|
|
Chris PeBenito |
0fd9dc |
|
|
Chris PeBenito |
0fd9dc |
define(`fs_make_noxattr_fs_depend',`
|
|
Chris PeBenito |
0fd9dc |
attribute noxattrfs;
|
|
Chris PeBenito |
0fd9dc |
')
|
|
Chris PeBenito |
0fd9dc |
|
|
Chris PeBenito |
0fd9dc |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_associate">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Associate the specified file type to persistent
|
|
Chris PeBenito |
fe040c |
## filesystems with extended attributes. This
|
|
Chris PeBenito |
fe040c |
## allows a file of this type to be created on
|
|
Chris PeBenito |
fe040c |
## a filesystem such as ext3, JFS, and XFS.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="file_type">
|
|
Chris PeBenito |
fe040c |
## The type of the to be associated.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
5d7812 |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_associate',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_t:filesystem associate;
|
|
Chris PeBenito |
5d7812 |
')
|
|
Chris PeBenito |
5d7812 |
|
|
Chris PeBenito |
763c44 |
define(`fs_associate_depend',`
|
|
Chris PeBenito |
0c73cd |
type fs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem associate;
|
|
Chris PeBenito |
5d7812 |
')
|
|
Chris PeBenito |
5d7812 |
|
|
Chris PeBenito |
5d7812 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_associate_noxattr">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Associate the specified file type to
|
|
Chris PeBenito |
fe040c |
## filesystems which lack extended attributes
|
|
Chris PeBenito |
fe040c |
## support. This allows a file of this type
|
|
Chris PeBenito |
fe040c |
## to be created on a filesystem such as
|
|
Chris PeBenito |
fe040c |
## FAT32, and NFS.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="file_type">
|
|
Chris PeBenito |
fe040c |
## The type of the to be associated.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
5d7812 |
#
|
|
Chris PeBenito |
fe040c |
define(`fs_associate_noxattr',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
fe040c |
allow $1 noxattrfs:filesystem associate;
|
|
Chris PeBenito |
5d7812 |
')
|
|
Chris PeBenito |
5d7812 |
|
|
Chris PeBenito |
fe040c |
define(`fs_associate_noxattr_depend',`
|
|
Chris PeBenito |
fe040c |
attribute noxattrfs;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem associate;
|
|
Chris PeBenito |
5d7812 |
')
|
|
Chris PeBenito |
5d7812 |
|
|
Chris PeBenito |
5d7812 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_mount_xattr_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Mount a persistent filesystem which
|
|
Chris PeBenito |
fe040c |
## has extended attributes, such as
|
|
Chris PeBenito |
fe040c |
## ext3, JFS, or XFS.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
5d7812 |
#
|
|
Chris PeBenito |
fe040c |
define(`fs_mount_xattr_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
fe040c |
define(`fs_mount_xattr_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type fs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_remount_xattr_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Remount a persistent filesystem which
|
|
Chris PeBenito |
fe040c |
## has extended attributes, such as
|
|
Chris PeBenito |
fe040c |
## ext3, JFS, or XFS. This allows
|
|
Chris PeBenito |
fe040c |
## some mount options to be changed.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain remounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
fe040c |
define(`fs_remount_xattr_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_t:filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
fe040c |
define(`fs_remount_xattr_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type fs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_unmount_xattr_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Unmount a persistent filesystem which
|
|
Chris PeBenito |
fe040c |
## has extended attributes, such as
|
|
Chris PeBenito |
fe040c |
## ext3, JFS, or XFS.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain unmounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
fe040c |
define(`fs_unmount_xattr_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
fe040c |
define(`fs_unmount_xattr_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type fs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem unmount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_getattr_xattr_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Get the attributes of a persistent
|
|
Chris PeBenito |
fe040c |
## filesystem which has extended
|
|
Chris PeBenito |
fe040c |
## attributes, such as ext3, JFS, or XFS.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain doing the
|
|
Chris PeBenito |
fe040c |
## getattr on the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
fe040c |
define(`fs_getattr_xattr_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_t:filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
fe040c |
define(`fs_getattr_xattr_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type fs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_dontaudit_getattr_xattr_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Do not audit attempts to
|
|
Chris PeBenito |
fe040c |
## get the attributes of a persistent
|
|
Chris PeBenito |
fe040c |
## filesystem which has extended
|
|
Chris PeBenito |
fe040c |
## attributes, such as ext3, JFS, or XFS.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain to not audit.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
0fd9dc |
define(`fs_dontaudit_getattr_xattr_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
dontaudit $1 fs_t:filesystem getattr;
|
|
Chris PeBenito |
053f6a |
')
|
|
Chris PeBenito |
053f6a |
|
|
Chris PeBenito |
0fd9dc |
define(`fs_dontaudit_getattr_xattr_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type fs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem getattr;
|
|
Chris PeBenito |
053f6a |
')
|
|
Chris PeBenito |
053f6a |
|
|
Chris PeBenito |
053f6a |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_relabelfrom_xattr_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Allow changing of the label of a
|
|
Chris PeBenito |
fe040c |
## filesystem with extended attributes
|
|
Chris PeBenito |
fe040c |
## using the context= mount option.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
053f6a |
#
|
|
Chris PeBenito |
fe040c |
define(`fs_relabelfrom_xattr_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_t:filesystem relabelfrom;
|
|
Chris PeBenito |
dc771f |
')
|
|
Chris PeBenito |
dc771f |
|
|
Chris PeBenito |
fe040c |
define(`fs_relabelfrom_xattr_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type fs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem relabelfrom;
|
|
Chris PeBenito |
dc771f |
')
|
|
Chris PeBenito |
dc771f |
|
|
Chris PeBenito |
dc771f |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_mount_autofs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Mount an automount pseudo filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_mount_autofs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 autofs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_mount_autofs_depend',`
|
|
Chris PeBenito |
0c73cd |
type autofs_t;
|
|
Chris PeBenito |
0c73cd |
class filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
fe040c |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_remount_autofs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Remount an automount pseudo filesystem
|
|
Chris PeBenito |
fe040c |
## This allows some mount options to be changed.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain remounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_remount_autofs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 autofs_t:filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_remount_autofs_depend',`
|
|
Chris PeBenito |
0c73cd |
type autofs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_unmount_autofs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Unmount an automount pseudo filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain unmounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_unmount_autofs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 autofs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_unmount_autofs_depend',`
|
|
Chris PeBenito |
0c73cd |
type autofs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem unmount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_getattr_autofs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Get the attributes of an automount
|
|
Chris PeBenito |
fe040c |
## pseudo filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain doing the
|
|
Chris PeBenito |
fe040c |
## getattr on the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_autofs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 autofs_t:filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_autofs_depend',`
|
|
Chris PeBenito |
0c73cd |
type autofs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_register_binary_executable_type">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Register an interpreter for new binary
|
|
Chris PeBenito |
fe040c |
## file types, using the kernel binfmt_misc
|
|
Chris PeBenito |
fe040c |
## support. A common use for this is to
|
|
Chris PeBenito |
fe040c |
## register a JVM as an interpreter for
|
|
Chris PeBenito |
fe040c |
## Java byte code. Registered binaries
|
|
Chris PeBenito |
fe040c |
## can be directly executed on a command line
|
|
Chris PeBenito |
fe040c |
## without specifying the interpreter.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain registering
|
|
Chris PeBenito |
fe040c |
## the interpreter.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_register_binary_executable_type',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 binfmt_misc_fs_t:dir { getattr search };
|
|
Chris PeBenito |
0c73cd |
allow $1 binfmt_misc_fs_t:file { getattr ioctl write };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
763c44 |
define(`fs_register_binary_executable_type_depend',`
|
|
Chris PeBenito |
0c73cd |
type binfmt_misc_fs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir { getattr search };
|
|
Chris PeBenito |
0c73cd |
class file { getattr ioctl write };
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_mount_cifs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Mount a CIFS or SMB network filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_mount_cifs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 cifs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_mount_cifs_depend',`
|
|
Chris PeBenito |
0c73cd |
type cifs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_remount_cifs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Remount a CIFS or SMB network filesystem.
|
|
Chris PeBenito |
fe040c |
## This allows some mount options to be changed.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_remount_cifs',`
|
|
Chris PeBenito |
d35c62 |
gen_require(`
|
|
Chris PeBenito |
d35c62 |
type cifs_t;
|
|
Chris PeBenito |
d35c62 |
class filesystem remount;
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 cifs_t:filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_unmount_cifs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Unmount a CIFS or SMB network filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_unmount_cifs',`
|
|
Chris PeBenito |
d35c62 |
gen_require(`
|
|
Chris PeBenito |
d35c62 |
type cifs_t;
|
|
Chris PeBenito |
d35c62 |
class filesystem unmount;
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 cifs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_getattr_cifs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Get the attributes of a CIFS or
|
|
Chris PeBenito |
fe040c |
## SMB network filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain doing the
|
|
Chris PeBenito |
fe040c |
## getattr on the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_cifs',`
|
|
Chris PeBenito |
d35c62 |
gen_require(`
|
|
Chris PeBenito |
d35c62 |
type cifs_t;
|
|
Chris PeBenito |
d35c62 |
class filesystem getattr;
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 cifs_t:filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
d35c62 |
########################################
|
|
Chris PeBenito |
d35c62 |
## <interface name="fs_read_cifs_files">
|
|
Chris PeBenito |
d35c62 |
## <description>
|
|
Chris PeBenito |
d35c62 |
## Read files on a CIFS or SMB filesystem.
|
|
Chris PeBenito |
d35c62 |
## </description>
|
|
Chris PeBenito |
d35c62 |
## <parameter name="domain">
|
|
Chris PeBenito |
d35c62 |
## The type of the domain reading the files.
|
|
Chris PeBenito |
d35c62 |
## </parameter>
|
|
Chris PeBenito |
d35c62 |
## </interface>
|
|
Chris PeBenito |
d35c62 |
#
|
|
Chris PeBenito |
d35c62 |
define(`fs_read_cifs_files',`
|
|
Chris PeBenito |
d35c62 |
gen_require(`
|
|
Chris PeBenito |
d35c62 |
type cifs_t;
|
|
Chris PeBenito |
d35c62 |
class dir r_dir_perms;
|
|
Chris PeBenito |
d35c62 |
class file r_file_perms;
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
d35c62 |
allow $1 cifs_t:dir r_dir_perms;
|
|
Chris PeBenito |
d35c62 |
allow $1 cifs_t:file r_file_perms;
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
d35c62 |
|
|
Chris PeBenito |
d35c62 |
########################################
|
|
Chris PeBenito |
d35c62 |
## <interface name="fs_dontaudit_rw_cifs_files">
|
|
Chris PeBenito |
d35c62 |
## <description>
|
|
Chris PeBenito |
d35c62 |
## Do not audit attempts to read or
|
|
Chris PeBenito |
d35c62 |
## write files on a CIFS or SMB filesystem.
|
|
Chris PeBenito |
d35c62 |
## </description>
|
|
Chris PeBenito |
d35c62 |
## <parameter name="domain">
|
|
Chris PeBenito |
d35c62 |
## The type of the domain to not audit.
|
|
Chris PeBenito |
d35c62 |
## </parameter>
|
|
Chris PeBenito |
d35c62 |
## </interface>
|
|
Chris PeBenito |
d35c62 |
#
|
|
Chris PeBenito |
d35c62 |
define(`fs_dontaudit_rw_cifs_files',`
|
|
Chris PeBenito |
d35c62 |
gen_require(`
|
|
Chris PeBenito |
d35c62 |
type cifs_t;
|
|
Chris PeBenito |
d35c62 |
class file { read write };
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
d35c62 |
|
|
Chris PeBenito |
d35c62 |
dontaudit $1 cifs_t:file { read write };
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
d35c62 |
|
|
Chris PeBenito |
d35c62 |
########################################
|
|
Chris PeBenito |
d35c62 |
## <interface name="fs_read_cifs_symlinks">
|
|
Chris PeBenito |
d35c62 |
## <description>
|
|
Chris PeBenito |
d35c62 |
## Read symbolic links on a CIFS or SMB filesystem.
|
|
Chris PeBenito |
d35c62 |
## </description>
|
|
Chris PeBenito |
d35c62 |
## <parameter name="domain">
|
|
Chris PeBenito |
d35c62 |
## The type of the domain reading the symbolic links.
|
|
Chris PeBenito |
d35c62 |
## </parameter>
|
|
Chris PeBenito |
d35c62 |
## </interface>
|
|
Chris PeBenito |
d35c62 |
#
|
|
Chris PeBenito |
d35c62 |
define(`fs_read_cifs_symlinks',`
|
|
Chris PeBenito |
d35c62 |
gen_require(`
|
|
Chris PeBenito |
d35c62 |
type cifs_t;
|
|
Chris PeBenito |
d35c62 |
class dir r_dir_perms;
|
|
Chris PeBenito |
d35c62 |
class lnk_file r_file_perms;
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
d35c62 |
|
|
Chris PeBenito |
d35c62 |
allow $1 cifs_t:dir r_dir_perms;
|
|
Chris PeBenito |
d35c62 |
allow $1 cifs_t:lnk_file r_file_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_execute_cifs_files">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Execute files on a CIFS or SMB
|
|
Chris PeBenito |
fe040c |
## network filesystem, in the caller
|
|
Chris PeBenito |
fe040c |
## domain.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain executing the files.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
1694de |
define(`fs_execute_cifs_files',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 cifs_t:dir r_dir_perms;
|
|
Chris PeBenito |
c2c00b |
can_exec($1, cifs_t)
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
1694de |
define(`fs_execute_cifs_files_depend',`
|
|
Chris PeBenito |
0c73cd |
type cifs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class file { getattr read execute execute_no_trans };
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
########################################
|
|
Chris PeBenito |
d35c62 |
## <interface name="fs_dontaudit_rw_cifs_files">
|
|
Chris PeBenito |
d35c62 |
## <description>
|
|
Chris PeBenito |
d35c62 |
## Do not audit attempts to read or
|
|
Chris PeBenito |
d35c62 |
## write files on a CIFS or SMB filesystems.
|
|
Chris PeBenito |
d35c62 |
## </description>
|
|
Chris PeBenito |
d35c62 |
## <parameter name="domain">
|
|
Chris PeBenito |
d35c62 |
## The type of the domain to not audit.
|
|
Chris PeBenito |
d35c62 |
## </parameter>
|
|
Chris PeBenito |
d35c62 |
## </interface>
|
|
Chris PeBenito |
d35c62 |
#
|
|
Chris PeBenito |
d35c62 |
define(`fs_read_cifs_files',`
|
|
Chris PeBenito |
d35c62 |
gen_require(`
|
|
Chris PeBenito |
d35c62 |
type cifs_t;
|
|
Chris PeBenito |
d35c62 |
class file { read write };
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
d35c62 |
|
|
Chris PeBenito |
d35c62 |
dontaudit $1 cifs_t:file { read write };
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
d35c62 |
|
|
Chris PeBenito |
d35c62 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_manage_cifs_dirs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Create, read, write, and delete directories
|
|
Chris PeBenito |
fe040c |
## on a CIFS or SMB network filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain managing the directories.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
fe040c |
define(`fs_manage_cifs_dirs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 cifs_t:dir create_file_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
fe040c |
define(`fs_manage_cifs_dirs_depend',`
|
|
Chris PeBenito |
0c73cd |
type cifs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir create_file_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_manage_cifs_files">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Create, read, write, and delete files
|
|
Chris PeBenito |
fe040c |
## on a CIFS or SMB network filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain managing the files.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
1694de |
define(`fs_manage_cifs_files',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 cifs_t:dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 cifs_t:file create_file_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
1694de |
define(`fs_manage_cifs_files_depend',`
|
|
Chris PeBenito |
0c73cd |
type cifs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class file create_file_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_manage_cifs_symlinks">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Create, read, write, and delete symbolic links
|
|
Chris PeBenito |
fe040c |
## on a CIFS or SMB network filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain managing the symbolic links.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
fe040c |
define(`fs_manage_cifs_symlinks',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 cifs_t:dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 cifs_t:lnk_file create_lnk_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
fe040c |
define(`fs_manage_cifs_symlinks_depend',`
|
|
Chris PeBenito |
0c73cd |
type cifs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class lnk_file create_lnk_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_manage_cifs_named_pipes">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Create, read, write, and delete named pipes
|
|
Chris PeBenito |
fe040c |
## on a CIFS or SMB network filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain managing the pipes.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
1694de |
define(`fs_manage_cifs_named_pipes',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 cifs_t:dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 cifs_t:fifo_file create_file_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
1694de |
define(`fs_manage_cifs_named_pipes_depend',`
|
|
Chris PeBenito |
0c73cd |
type cifs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class fifo_file create_file_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_manage_cifs_named_sockets">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Create, read, write, and delete named sockets
|
|
Chris PeBenito |
fe040c |
## on a CIFS or SMB network filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain managing the sockets.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
1694de |
define(`fs_manage_cifs_named_sockets',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 cifs_t:dir rw_file_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 cifs_t:sock_file create_file_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
1694de |
define(`fs_manage_cifs_named_sockets_depend',`
|
|
Chris PeBenito |
0c73cd |
type cifs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class sock_file create_file_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_mount_dos_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Mount a DOS filesystem, such as
|
|
Chris PeBenito |
fe040c |
## FAT32 or NTFS.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_mount_dos_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 dosfs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
763c44 |
define(`fs_mount_dos_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type dosfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_remount_dos_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Remount a DOS filesystem, such as
|
|
Chris PeBenito |
fe040c |
## FAT32 or NTFS. This allows
|
|
Chris PeBenito |
fe040c |
## some mount options to be changed.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain remounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_remount_dos_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 dosfs_t:filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
763c44 |
define(`fs_remount_dos_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type dosfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_unmount_dos_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Unmount a DOS filesystem, such as
|
|
Chris PeBenito |
fe040c |
## FAT32 or NTFS.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain unmounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_unmount_dos_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 dosfs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
763c44 |
define(`fs_unmount_dos_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type dosfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem unmount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_getattr_dos_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Get the attributes of a DOS
|
|
Chris PeBenito |
fe040c |
## filesystem, such as FAT32 or NTFS.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain doing the
|
|
Chris PeBenito |
fe040c |
## getattr on the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_dos_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 dosfs_t:filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_dos_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type dosfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_relabelfrom_dos_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Allow changing of the label of a
|
|
Chris PeBenito |
fe040c |
## DOS filesystem using the context= mount option.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
dc771f |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_relabelfrom_dos_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 dosfs_t:filesystem relabelfrom;
|
|
Chris PeBenito |
dc771f |
')
|
|
Chris PeBenito |
dc771f |
|
|
Chris PeBenito |
763c44 |
define(`fs_relabelfrom_dos_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type dosfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem relabelfrom;
|
|
Chris PeBenito |
dc771f |
')
|
|
Chris PeBenito |
dc771f |
|
|
Chris PeBenito |
dc771f |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_mount_iso9660_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Mount an iso9660 filesystem, which
|
|
Chris PeBenito |
fe040c |
## is usually used on CDs.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
dc771f |
#
|
|
Chris PeBenito |
fe040c |
define(`fs_mount_iso9660_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 iso9660_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
fe040c |
define(`fs_mount_iso9660_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type iso9660_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_remount_iso9660_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Remount an iso9660 filesystem, which
|
|
Chris PeBenito |
fe040c |
## is usually used on CDs. This allows
|
|
Chris PeBenito |
fe040c |
## some mount options to be changed.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain remounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
fe040c |
define(`fs_remount_iso9660_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 iso9660_t:filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
fe040c |
define(`fs_remount_iso9660_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type iso9660_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_unmount_iso9660_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Unmount an iso9660 filesystem, which
|
|
Chris PeBenito |
fe040c |
## is usually used on CDs.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain unmounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
fe040c |
define(`fs_unmount_iso9660_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 iso9660_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
fe040c |
define(`fs_unmount_iso9660_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type iso9660_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem unmount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_mount_iso9660_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Get the attributes of an iso9660
|
|
Chris PeBenito |
fe040c |
## filesystem, which is usually used on CDs.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain doing the
|
|
Chris PeBenito |
fe040c |
## getattr on the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
fe040c |
define(`fs_getattr_iso9660_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 iso9660_t:filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
fe040c |
define(`fs_getattr_iso9660_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type iso9660_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_mount_nfs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Mount a NFS filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_mount_nfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 nfs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_mount_nfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type nfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_remount_nfs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Remount a NFS filesystem. This allows
|
|
Chris PeBenito |
fe040c |
## some mount options to be changed.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain remounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_remount_nfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 nfs_t:filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_remount_nfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type nfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_mount_nfs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Unmount a NFS filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain unmounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_unmount_nfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 nfs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_unmount_nfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type nfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem unmount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_getattr_nfs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Get the attributes of a NFS filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain doing the
|
|
Chris PeBenito |
fe040c |
## getattr on the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_nfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 nfs_t:filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_nfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type nfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
d35c62 |
## <interface name="fs_read_nfs_files">
|
|
Chris PeBenito |
d35c62 |
## <description>
|
|
Chris PeBenito |
d35c62 |
## Read files on a NFS filesystem.
|
|
Chris PeBenito |
d35c62 |
## </description>
|
|
Chris PeBenito |
d35c62 |
## <parameter name="domain">
|
|
Chris PeBenito |
d35c62 |
## The type of the domain reading the files.
|
|
Chris PeBenito |
d35c62 |
## </parameter>
|
|
Chris PeBenito |
d35c62 |
## </interface>
|
|
Chris PeBenito |
d35c62 |
#
|
|
Chris PeBenito |
d35c62 |
define(`fs_read_nfs_files',`
|
|
Chris PeBenito |
d35c62 |
gen_require(`
|
|
Chris PeBenito |
d35c62 |
type nfs_t;
|
|
Chris PeBenito |
d35c62 |
class dir r_dir_perms;
|
|
Chris PeBenito |
d35c62 |
class file r_file_perms;
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
d35c62 |
|
|
Chris PeBenito |
d35c62 |
allow $1 nfs_t:dir r_dir_perms;
|
|
Chris PeBenito |
d35c62 |
allow $1 nfs_t:file r_file_perms;
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
d35c62 |
|
|
Chris PeBenito |
d35c62 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_execute_nfs_files">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Execute files on a NFS filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain executing the files.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_execute_nfs_files',`
|
|
Chris PeBenito |
d35c62 |
gen_require(`
|
|
Chris PeBenito |
d35c62 |
type nfs_t;
|
|
Chris PeBenito |
d35c62 |
class dir r_dir_perms;
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 nfs_t:dir r_dir_perms;
|
|
Chris PeBenito |
c2c00b |
can_exec($1, nfs_t)
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
d35c62 |
########################################
|
|
Chris PeBenito |
d35c62 |
## <interface name="fs_dontaudit_rw_nfs_files">
|
|
Chris PeBenito |
d35c62 |
## <description>
|
|
Chris PeBenito |
d35c62 |
## Do not audit attempts to read or
|
|
Chris PeBenito |
d35c62 |
## write files on a NFS filesystem.
|
|
Chris PeBenito |
d35c62 |
## </description>
|
|
Chris PeBenito |
d35c62 |
## <parameter name="domain">
|
|
Chris PeBenito |
d35c62 |
## The type of the domain to not audit.
|
|
Chris PeBenito |
d35c62 |
## </parameter>
|
|
Chris PeBenito |
d35c62 |
## </interface>
|
|
Chris PeBenito |
d35c62 |
#
|
|
Chris PeBenito |
d35c62 |
define(`fs_dontaudit_rw_nfs_files',`
|
|
Chris PeBenito |
d35c62 |
gen_require(`
|
|
Chris PeBenito |
d35c62 |
type nfs_t;
|
|
Chris PeBenito |
d35c62 |
class file { read write };
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
d35c62 |
dontaudit $1 nfs_t:file { read write };
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
d35c62 |
|
|
Chris PeBenito |
d35c62 |
########################################
|
|
Chris PeBenito |
d35c62 |
## <interface name="fs_read_nfs_symlinks">
|
|
Chris PeBenito |
d35c62 |
## <description>
|
|
Chris PeBenito |
d35c62 |
## Read symbolic links on a NFS filesystem.
|
|
Chris PeBenito |
d35c62 |
## </description>
|
|
Chris PeBenito |
d35c62 |
## <parameter name="domain">
|
|
Chris PeBenito |
d35c62 |
## The type of the domain reading the symbolic links.
|
|
Chris PeBenito |
d35c62 |
## </parameter>
|
|
Chris PeBenito |
d35c62 |
## </interface>
|
|
Chris PeBenito |
d35c62 |
#
|
|
Chris PeBenito |
d35c62 |
define(`fs_read_nfs_symlinks',`
|
|
Chris PeBenito |
d35c62 |
gen_require(`
|
|
Chris PeBenito |
d35c62 |
type nfs_t;
|
|
Chris PeBenito |
d35c62 |
class dir r_dir_perms;
|
|
Chris PeBenito |
d35c62 |
class lnk_file r_file_perms;
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
d35c62 |
|
|
Chris PeBenito |
d35c62 |
allow $1 nfs_t:dir r_dir_perms;
|
|
Chris PeBenito |
d35c62 |
allow $1 nfs_t:lnk_file r_file_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_manage_nfs_dirs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Create, read, write, and delete directories
|
|
Chris PeBenito |
fe040c |
## on a NFS filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain managing the directories.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
fe040c |
define(`fs_manage_nfs_dirs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 nfs_t:dir create_dir_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
fe040c |
define(`fs_manage_nfs_dirs_depend',`
|
|
Chris PeBenito |
0c73cd |
type nfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir create_dir_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_manage_nfs_files">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Create, read, write, and delete files
|
|
Chris PeBenito |
fe040c |
## on a NFS filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain managing the files.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_manage_nfs_files',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 nfs_t:dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 nfs_t:file create_file_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
763c44 |
define(`fs_manage_nfs_files_depend',`
|
|
Chris PeBenito |
0c73cd |
type nfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class file create_file_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
fe040c |
#########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_manage_nfs_symlinks">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Create, read, write, and delete symbolic links
|
|
Chris PeBenito |
fe040c |
## on a CIFS or SMB network filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain managing the symbolic links.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
fe040c |
define(`fs_manage_nfs_symlinks',`
|
|
Chris PeBenito |
d35c62 |
gen_require(`
|
|
Chris PeBenito |
d35c62 |
type nfs_t;
|
|
Chris PeBenito |
d35c62 |
class dir r_dir_perms;
|
|
Chris PeBenito |
d35c62 |
class lnk_file create_lnk_perms;
|
|
Chris PeBenito |
d35c62 |
')
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 nfs_t:dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 nfs_t:lnk_file create_lnk_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
fe040c |
#########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_manage_nfs_named_pipes">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Create, read, write, and delete named pipes
|
|
Chris PeBenito |
fe040c |
## on a NFS filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain managing the pipes.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_manage_nfs_named_pipes',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 nfs_t:dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 nfs_t:fifo_file create_file_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
763c44 |
define(`fs_manage_nfs_named_pipes_depend',`
|
|
Chris PeBenito |
0c73cd |
type nfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
c2c00b |
class dir rw_dir_perms;
|
|
Chris PeBenito |
c2c00b |
class fifo_file create_file_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
fe040c |
#########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_manage_nfs_named_sockets">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Create, read, write, and delete named sockets
|
|
Chris PeBenito |
fe040c |
## on a NFS filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain managing the sockets.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_manage_nfs_named_sockets',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 nfs_t:dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 nfs_t:sock_file create_file_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
763c44 |
define(`fs_manage_nfs_named_sockets_depend',`
|
|
Chris PeBenito |
0c73cd |
type nfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class sock_file create_file_perms;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_mount_nfsd_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Mount a NFS server pseudo filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_mount_nfsd_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 nfsd_fs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
763c44 |
define(`fs_mount_nfsd_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type nfsd_fs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_remount_nfsd_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Mount a NFS server pseudo filesystem.
|
|
Chris PeBenito |
fe040c |
## This allows some mount options to be changed.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain remounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_remount_nfsd_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 nfsd_fs_t:filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
763c44 |
define(`fs_remount_nfsd_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type nfsd_fs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_unmount_nfsd_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Unmount a NFS server pseudo filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain unmounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_unmount_nfsd_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 nfsd_fs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
763c44 |
define(`fs_unmount_nfsd_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type nfsd_fs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem unmount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_getattr_nfsd_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Get the attributes of a NFS server
|
|
Chris PeBenito |
fe040c |
## pseudo filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain doing the
|
|
Chris PeBenito |
fe040c |
## getattr on the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_nfsd_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 nfsd_fs_t:filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_nfsd_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
type nfsd_fs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_mount_ramfs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Mount a RAM filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_mount_ramfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 ramfs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_mount_ramfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type ramfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_remount_ramfs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Remount a RAM filesystem. This allows
|
|
Chris PeBenito |
fe040c |
## some mount options to be changed.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain remounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_remount_ramfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 ramfs_t:filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_remount_ramfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type ramfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_unmount_ramfs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Unmount a RAM filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain unmounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_unmount_ramfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 ramfs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_unmount_ramfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type ramfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem unmount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_getattr_ramfs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Get the attributes of a RAM filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain doing the
|
|
Chris PeBenito |
fe040c |
## getattr on the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_ramfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 ramfs_t:filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_ramfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type ramfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_mount_romfs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Mount a ROM filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_mount_romfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 romfs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_mount_romfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type romfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_remount_romfs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Remount a ROM filesystem. This allows
|
|
Chris PeBenito |
fe040c |
## some mount options to be changed.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain remounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_remount_romfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 romfs_t:filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_remount_romfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type romfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_unmount_romfs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Unmount a ROM filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain unmounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_unmount_romfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 romfs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_unmount_romfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type romfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem unmount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_getattr_romfs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Get the attributes of a ROM
|
|
Chris PeBenito |
fe040c |
## filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain doing the
|
|
Chris PeBenito |
fe040c |
## getattr on the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_romfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 romfs_t:filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_romfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type romfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_mount_rpc_pipefs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Mount a RPC pipe filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_mount_rpc_pipefs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 rpc_pipefs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_mount_rpc_pipefs_depend',`
|
|
Chris PeBenito |
0c73cd |
type rpc_pipefs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_remount_rpc_pipefs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Remount a RPC pipe filesystem. This
|
|
Chris PeBenito |
fe040c |
## allows some mount option to be changed.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain remounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_remount_rpc_pipefs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 rpc_pipefs_t:filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_remount_rpc_pipefs_depend',`
|
|
Chris PeBenito |
0c73cd |
type rpc_pipefs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_unmount_rpc_pipefs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Unmount a RPC pipe filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain unmounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_unmount_rpc_pipefs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 rpc_pipefs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_unmount_rpc_pipefs_depend',`
|
|
Chris PeBenito |
0c73cd |
type rpc_pipefs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem unmount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_getattr_rpc_pipefs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Get the attributes of a RPC pipe
|
|
Chris PeBenito |
fe040c |
## filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain doing the
|
|
Chris PeBenito |
fe040c |
## getattr on the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_rpc_pipefs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 rpc_pipefs_t:filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_rpc_pipefs_depend',`
|
|
Chris PeBenito |
0c73cd |
type rpc_pipefs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_mount_tmpfs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Mount a tmpfs filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_mount_tmpfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_mount_tmpfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type tmpfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_remount_tmpfs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Remount a tmpfs filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain remounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_remount_tmpfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_remount_tmpfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type tmpfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_unmount_tmpfs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Unmount a tmpfs filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain unmounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_unmount_tmpfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_unmount_tmpfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type tmpfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem unmount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_getattr_tmpfs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Get the attributes of a tmpfs
|
|
Chris PeBenito |
fe040c |
## filesystem.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain doing the
|
|
Chris PeBenito |
fe040c |
## getattr on the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_tmpfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_tmpfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type tmpfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem getattr;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_associate_tmpfs">
|
|
Chris PeBenito |
daa0e0 |
## <description>
|
|
Chris PeBenito |
daa0e0 |
## Allow the type to associate to tmpfs filesystems.
|
|
Chris PeBenito |
daa0e0 |
## </description>
|
|
Chris PeBenito |
daa0e0 |
## <parameter name="type">
|
|
Chris PeBenito |
daa0e0 |
## The type of the object to be associated.
|
|
Chris PeBenito |
daa0e0 |
## </parameter>
|
|
Chris PeBenito |
daa0e0 |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
fe040c |
define(`fs_associate_tmpfs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:filesystem associate;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
fe040c |
define(`fs_associate_tmpfs_depend',`
|
|
Chris PeBenito |
0c73cd |
type tmpfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem associate;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
# fs_create_tmpfs_data(domain,derivedtype,[class])
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_create_tmpfs_data',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $2 tmpfs_t:filesystem associate;
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
ifelse(`$3',`',`
|
|
Chris PeBenito |
0c73cd |
type_transition $1 tmpfs_t:file $2;
|
|
Chris PeBenito |
0c73cd |
',`
|
|
Chris PeBenito |
0c73cd |
type_transition $1 tmpfs_t:$3 $2;
|
|
Chris PeBenito |
0c73cd |
')
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
0fd9dc |
define(`fs_create_tmpfs_data_depend',`
|
|
Chris PeBenito |
0c73cd |
type tmpfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem associate;
|
|
Chris PeBenito |
0c73cd |
class dir rw_dir_perms;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
763c44 |
## <interface name="fs_use_tmpfs_character_devices">
|
|
Chris PeBenito |
daa0e0 |
## <description>
|
|
Chris PeBenito |
daa0e0 |
## Read and write character nodes on tmpfs filesystems.
|
|
Chris PeBenito |
daa0e0 |
## </description>
|
|
Chris PeBenito |
daa0e0 |
## <parameter name="domain">
|
|
Chris PeBenito |
daa0e0 |
## The type of the process performing this action.
|
|
Chris PeBenito |
daa0e0 |
## </parameter>
|
|
Chris PeBenito |
daa0e0 |
## </interface>
|
|
Chris PeBenito |
daa0e0 |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_use_tmpfs_character_devices',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
daa0e0 |
')
|
|
Chris PeBenito |
daa0e0 |
|
|
Chris PeBenito |
763c44 |
define(`fs_use_tmpfs_character_devices_depend',`
|
|
Chris PeBenito |
0c73cd |
type tmpfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file rw_file_perms;
|
|
Chris PeBenito |
daa0e0 |
')
|
|
Chris PeBenito |
daa0e0 |
|
|
Chris PeBenito |
daa0e0 |
########################################
|
|
Chris PeBenito |
763c44 |
## <interface name="fs_relabel_tmpfs_character_devices">
|
|
Chris PeBenito |
efd8ed |
## <description>
|
|
Chris PeBenito |
efd8ed |
## Relabel character nodes on tmpfs filesystems.
|
|
Chris PeBenito |
efd8ed |
## </description>
|
|
Chris PeBenito |
efd8ed |
## <parameter name="domain">
|
|
Chris PeBenito |
efd8ed |
## The type of the process performing this action.
|
|
Chris PeBenito |
efd8ed |
## </parameter>
|
|
Chris PeBenito |
efd8ed |
## </interface>
|
|
Chris PeBenito |
efd8ed |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_relabel_tmpfs_character_devices',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:chr_file { getattr relabelfrom relabelto };
|
|
Chris PeBenito |
efd8ed |
')
|
|
Chris PeBenito |
efd8ed |
|
|
Chris PeBenito |
763c44 |
define(`fs_relabel_tmpfs_character_devices_depend',`
|
|
Chris PeBenito |
0c73cd |
type tmpfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file { getattr relabelfrom relabelto };
|
|
Chris PeBenito |
efd8ed |
')
|
|
Chris PeBenito |
efd8ed |
|
|
Chris PeBenito |
efd8ed |
########################################
|
|
Chris PeBenito |
763c44 |
## <interface name="fs_use_tmpfs_block_devices">
|
|
Chris PeBenito |
daa0e0 |
## <description>
|
|
Chris PeBenito |
daa0e0 |
## Read and write block nodes on tmpfs filesystems.
|
|
Chris PeBenito |
daa0e0 |
## </description>
|
|
Chris PeBenito |
daa0e0 |
## <parameter name="domain">
|
|
Chris PeBenito |
daa0e0 |
## The type of the process performing this action.
|
|
Chris PeBenito |
daa0e0 |
## </parameter>
|
|
Chris PeBenito |
daa0e0 |
## </interface>
|
|
Chris PeBenito |
daa0e0 |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_use_tmpfs_block_devices',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:blk_file rw_file_perms;
|
|
Chris PeBenito |
daa0e0 |
')
|
|
Chris PeBenito |
daa0e0 |
|
|
Chris PeBenito |
763c44 |
define(`fs_use_tmpfs_block_devices_depend',`
|
|
Chris PeBenito |
0c73cd |
type tmpfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class blk_file rw_file_perms;
|
|
Chris PeBenito |
daa0e0 |
')
|
|
Chris PeBenito |
daa0e0 |
|
|
Chris PeBenito |
daa0e0 |
########################################
|
|
Chris PeBenito |
763c44 |
## <interface name="fs_relabel_tmpfs_block_devices">
|
|
Chris PeBenito |
efd8ed |
## <description>
|
|
Chris PeBenito |
efd8ed |
## Relabel block nodes on tmpfs filesystems.
|
|
Chris PeBenito |
efd8ed |
## </description>
|
|
Chris PeBenito |
efd8ed |
## <parameter name="domain">
|
|
Chris PeBenito |
efd8ed |
## The type of the process performing this action.
|
|
Chris PeBenito |
efd8ed |
## </parameter>
|
|
Chris PeBenito |
efd8ed |
## </interface>
|
|
Chris PeBenito |
efd8ed |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_relabel_tmpfs_block_devices',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:blk_file { getattr relabelfrom relabelto };
|
|
Chris PeBenito |
efd8ed |
')
|
|
Chris PeBenito |
efd8ed |
|
|
Chris PeBenito |
763c44 |
define(`fs_use_tmpfs_block_devices_depend',`
|
|
Chris PeBenito |
0c73cd |
type tmpfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir r_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class blk_file { getattr relabelfrom relabelto };
|
|
Chris PeBenito |
efd8ed |
')
|
|
Chris PeBenito |
efd8ed |
|
|
Chris PeBenito |
efd8ed |
########################################
|
|
Chris PeBenito |
763c44 |
## <interface name="fs_manage_tmpfs_character_devices">
|
|
Chris PeBenito |
daa0e0 |
## <description>
|
|
Chris PeBenito |
daa0e0 |
## Read and write, create and delete character
|
|
Chris PeBenito |
daa0e0 |
## nodes on tmpfs filesystems.
|
|
Chris PeBenito |
daa0e0 |
## </description>
|
|
Chris PeBenito |
daa0e0 |
## <parameter name="domain">
|
|
Chris PeBenito |
daa0e0 |
## The type of the process performing this action.
|
|
Chris PeBenito |
daa0e0 |
## </parameter>
|
|
Chris PeBenito |
daa0e0 |
## </interface>
|
|
Chris PeBenito |
daa0e0 |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_manage_tmpfs_character_devices',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:chr_file create_file_perms;
|
|
Chris PeBenito |
daa0e0 |
')
|
|
Chris PeBenito |
daa0e0 |
|
|
Chris PeBenito |
763c44 |
define(`fs_manage_tmpfs_character_devices_depend',`
|
|
Chris PeBenito |
0c73cd |
type tmpfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class chr_file create_file_perms;
|
|
Chris PeBenito |
daa0e0 |
')
|
|
Chris PeBenito |
daa0e0 |
|
|
Chris PeBenito |
daa0e0 |
########################################
|
|
Chris PeBenito |
763c44 |
## <interface name="fs_manage_tmpfs_block_devices">
|
|
Chris PeBenito |
daa0e0 |
## <description>
|
|
Chris PeBenito |
daa0e0 |
## Read and write, create and delete block nodes
|
|
Chris PeBenito |
daa0e0 |
## on tmpfs filesystems.
|
|
Chris PeBenito |
daa0e0 |
## </description>
|
|
Chris PeBenito |
daa0e0 |
## <parameter name="domain">
|
|
Chris PeBenito |
daa0e0 |
## The type of the process performing this action.
|
|
Chris PeBenito |
daa0e0 |
## </parameter>
|
|
Chris PeBenito |
daa0e0 |
## </interface>
|
|
Chris PeBenito |
daa0e0 |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_manage_tmpfs_block_devices',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
allow $1 tmpfs_t:blk_file create_file_perms;
|
|
Chris PeBenito |
daa0e0 |
')
|
|
Chris PeBenito |
daa0e0 |
|
|
Chris PeBenito |
763c44 |
define(`fs_manage_tmpfs_block_devices_depend',`
|
|
Chris PeBenito |
0c73cd |
type tmpfs_t;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir rw_dir_perms;
|
|
Chris PeBenito |
0c73cd |
class blk_file create_file_perms;
|
|
Chris PeBenito |
daa0e0 |
')
|
|
Chris PeBenito |
daa0e0 |
|
|
Chris PeBenito |
daa0e0 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_mount_all_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Mount all filesystems.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_mount_all_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_type:filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
763c44 |
define(`fs_mount_all_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute fs_type;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem mount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_remount_all_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Remount all filesystems. This
|
|
Chris PeBenito |
fe040c |
## allows some mount options to be changed.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain mounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_remount_all_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_type:filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
763c44 |
define(`fs_remount_all_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute fs_type;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem remount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
b4cd15 |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_unmount_all_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Unmount all filesystems.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain unmounting the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b4cd15 |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_unmount_all_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_type:filesystem unmount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
763c44 |
define(`fs_mount_all_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute fs_type;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem unmount;
|
|
Chris PeBenito |
b4cd15 |
')
|
|
Chris PeBenito |
219bcf |
|
|
Chris PeBenito |
219bcf |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_getattr_all_fs">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Get the attributes of all persistent
|
|
Chris PeBenito |
fe040c |
## filesystems.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain doing the
|
|
Chris PeBenito |
fe040c |
## getattr on the filesystem.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
219bcf |
#
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_all_fs',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_type:filesystem getattr;
|
|
Chris PeBenito |
219bcf |
')
|
|
Chris PeBenito |
219bcf |
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_all_fs_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute fs_type;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem getattr;
|
|
Chris PeBenito |
219bcf |
')
|
|
Chris PeBenito |
075c4f |
|
|
Chris PeBenito |
075c4f |
########################################
|
|
Chris PeBenito |
fe040c |
## <interface name="fs_get_all_fs_quotas">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Get the quotas of all filesystems.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain getting quotas.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
b16c6b |
#
|
|
Chris PeBenito |
763c44 |
define(`fs_get_all_fs_quotas',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_type:filesystem quotaget;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
763c44 |
define(`fs_get_all_fs_quotas_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute fs_type;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem quotaget;
|
|
Chris PeBenito |
b16c6b |
')
|
|
Chris PeBenito |
b16c6b |
|
|
Chris PeBenito |
b16c6b |
########################################
|
|
Chris PeBenito |
0fd9dc |
## <interface name="fs_set_all_quotas">
|
|
Chris PeBenito |
fe040c |
## <description>
|
|
Chris PeBenito |
fe040c |
## Set the quotas of all filesystems.
|
|
Chris PeBenito |
fe040c |
## </description>
|
|
Chris PeBenito |
fe040c |
## <parameter name="domain">
|
|
Chris PeBenito |
fe040c |
## The type of the domain setting quotas.
|
|
Chris PeBenito |
fe040c |
## </parameter>
|
|
Chris PeBenito |
fe040c |
## </interface>
|
|
Chris PeBenito |
759ba0 |
#
|
|
Chris PeBenito |
1694de |
define(`fs_set_all_quotas',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_type:filesystem quotamod;
|
|
Chris PeBenito |
759ba0 |
')
|
|
Chris PeBenito |
759ba0 |
|
|
Chris PeBenito |
1694de |
define(`fs_set_all_quotas_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute fs_type;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class filesystem quotamod;
|
|
Chris PeBenito |
759ba0 |
')
|
|
Chris PeBenito |
759ba0 |
|
|
Chris PeBenito |
759ba0 |
########################################
|
|
Chris PeBenito |
759ba0 |
#
|
|
Chris PeBenito |
1694de |
# fs_getattr_all_files(type)
|
|
Chris PeBenito |
075c4f |
#
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_all_files',`
|
|
Chris PeBenito |
fa7bea |
gen_require(`$0'_depend)
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_type:dir { search getattr };
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_type:file getattr;
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_type:lnk_file getattr;
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_type:fifo_file getattr;
|
|
Chris PeBenito |
0c73cd |
allow $1 fs_type:sock_file getattr;
|
|
Chris PeBenito |
075c4f |
')
|
|
Chris PeBenito |
075c4f |
|
|
Chris PeBenito |
1694de |
define(`fs_getattr_all_files_depend',`
|
|
Chris PeBenito |
0c73cd |
attribute fs_type;
|
|
Chris PeBenito |
0c73cd |
|
|
Chris PeBenito |
0c73cd |
class dir { search getattr };
|
|
Chris PeBenito |
0c73cd |
class file getattr;
|
|
Chris PeBenito |
0c73cd |
class lnk_file getattr;
|
|
Chris PeBenito |
0c73cd |
class fifo_file getattr;
|
|
Chris PeBenito |
0c73cd |
class sock_file getattr;
|
|
Chris PeBenito |
075c4f |
')
|
|
Chris PeBenito |
e32d52 |
|
|
Chris PeBenito |
e32d52 |
## </module>
|