rpms / selinux-policy

Clone
Source Code
GIT

Blame refpolicy/policy/modules/services/automount.if

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   f30e6ea8c645fb55d41491f085f5a2a06085aa2f
  2.   refpolicy
  3.   policy
  4.   modules
  5.   services
  6.   automount.if
Blob History Raw
Chris PeBenito 7576fa 
## <summary>Filesystem automounter service.</summary>
Chris PeBenito 7576fa
Chris PeBenito 7576fa 
########################################
Chris PeBenito 7576fa 
## <summary>
Chris PeBenito 7576fa 
##	Execute automount in the automount domain.
Chris PeBenito 7576fa 
## </summary>
Chris PeBenito 7576fa 
## <param name="domain">
Chris PeBenito 885b83 
##	<summary>
Chris PeBenito 7576fa 
##	Domain allowed access.
Chris PeBenito 885b83 
##	</summary>
Chris PeBenito 7576fa 
## </param>
Chris PeBenito 7576fa 
#
Chris PeBenito 7576fa 
interface(`automount_domtrans',`
Chris PeBenito 7576fa 
	gen_require(`
Chris PeBenito 7576fa 
		type automount_t, automount_exec_t;
Chris PeBenito 7576fa 
	')
Chris PeBenito 7576fa
Chris PeBenito 7576fa 
	corecmd_search_sbin($1)
Chris PeBenito 7576fa 
	domain_auto_trans($1, automount_exec_t, automount_t)
Chris PeBenito 7576fa
Chris PeBenito 7576fa 
	allow $1 automount_t:fd use;
Chris PeBenito 7576fa 
	allow automount_t $1:fd use;
Chris PeBenito 7576fa 
	allow automount_t $1:fifo_file rw_file_perms;
Chris PeBenito 7576fa 
	allow automount_t $1:process sigchld;
Chris PeBenito 7576fa
Chris PeBenito 7576fa 
')
Chris PeBenito 7576fa
Chris PeBenito 7576fa 
########################################
Chris PeBenito 7576fa 
## <summary>
Chris PeBenito 7576fa 
##	Execute automount in the caller domain.
Chris PeBenito 7576fa 
## </summary>
Chris PeBenito 7576fa 
## <param name="domain">
Chris PeBenito 885b83 
##	<summary>
Chris PeBenito 7576fa 
##	Domain allowed access.
Chris PeBenito 885b83 
##	</summary>
Chris PeBenito 7576fa 
## </param>
Chris PeBenito 7576fa 
#
Chris PeBenito 3b4da4 
interface(`automount_exec_config',`
Chris PeBenito 7576fa 
	gen_require(`
Chris PeBenito 3b4da4 
		type automount_etc_t;
Chris PeBenito 7576fa 
	')
Chris PeBenito 7576fa
Chris PeBenito 7576fa 
	corecmd_search_sbin($1)
Chris PeBenito 7576fa 
	can_exec($1,automount_etc_t)
Chris PeBenito 7576fa 
')
Chris PeBenito b0d224
Chris PeBenito b0d224 
########################################
Chris PeBenito b0d224 
## <summary>
Chris PeBenito edf241 
##	Allow the domain to read state files in /proc.
Chris PeBenito edf241 
## </summary>
Chris PeBenito edf241 
## <param name="domain">
Chris PeBenito edf241 
##	<summary>
Chris PeBenito edf241 
##	Domain to allow access.
Chris PeBenito edf241 
##	</summary>
Chris PeBenito edf241 
## </param>
Chris PeBenito edf241 
#
Chris PeBenito edf241 
interface(`automount_read_state',`
Chris PeBenito edf241 
	gen_require(`
Chris PeBenito edf241 
		type automount_t;
Chris PeBenito edf241 
	')
Chris PeBenito edf241
Chris PeBenito edf241 
	allow $1 automount_t:dir search_dir_perms;
Chris PeBenito edf241 
	allow $1 automount_t:file r_file_perms;
Chris PeBenito edf241 
')
Chris PeBenito edf241
Chris PeBenito edf241 
########################################
Chris PeBenito edf241 
## <summary>
Chris PeBenito b0d224 
##	Do not audit attempts to get the attributes
Chris PeBenito b0d224 
##	of automount temporary directories.
Chris PeBenito b0d224 
## </summary>
Chris PeBenito b0d224 
## <param name="domain">
Chris PeBenito b0d224 
##	<summary>
Chris PeBenito b0d224 
##	Domain to not audit.
Chris PeBenito b0d224 
##	</summary>
Chris PeBenito b0d224 
## </param>
Chris PeBenito b0d224 
#
Chris PeBenito b0d224 
interface(`automount_dontaudit_getattr_tmp_dirs',`
Chris PeBenito b0d224 
	gen_require(`
Chris PeBenito b0d224 
		type automount_tmp_t;
Chris PeBenito b0d224 
	')
Chris PeBenito b0d224
Chris PeBenito b0d224 
	dontaudit $1 automount_tmp_t:dir getattr;
Chris PeBenito b0d224 
')

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation