rpms / selinux-policy

Clone
Source Code
GIT

Blame refpolicy/policy/modules/services/openca.if

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   8bf6f58e760b42e12e61878bf99575ddbd2a6315
  2.   refpolicy
  3.   policy
  4.   modules
  5.   services
  6.   openca.if
Blob History Raw
Chris PeBenito 5bd9fd 
## <summary>OpenCA - Open Certificate Authority</summary>
Chris PeBenito 5bd9fd
Chris PeBenito 5bd9fd 
########################################
Chris PeBenito 5bd9fd 
## <summary>
Chris PeBenito 5bd9fd 
##	Execute the OpenCA program with
Chris PeBenito 5bd9fd 
##	a domain transition.
Chris PeBenito 5bd9fd 
## </summary>
Chris PeBenito 5bd9fd 
## <param name="domain">
Chris PeBenito 5bd9fd 
##	<summary>
Chris PeBenito 5bd9fd 
##	Domain allowed access.
Chris PeBenito 5bd9fd 
##	</summary>
Chris PeBenito 5bd9fd 
## </param>
Chris PeBenito 5bd9fd 
#
Chris PeBenito 5bd9fd 
interface(`openca_domtrans',`
Chris PeBenito 5bd9fd 
	gen_require(`
Chris PeBenito 5bd9fd 
		type openca_ca_t, openca_ca_exec_t, openca_usr_share_t;
Chris PeBenito 5bd9fd 
	')
Chris PeBenito 5bd9fd
Chris PeBenito 5bd9fd 
	domain_auto_trans($1,openca_ca_exec_t,openca_ca_t)
Chris PeBenito 5bd9fd 
	allow httpd_t openca_usr_share_t:dir search_dir_perms;
Chris PeBenito 5bd9fd 
	files_search_usr(httpd_t)
Chris PeBenito 5bd9fd
Chris PeBenito 5bd9fd 
	allow openca_ca_t $1:fd use;
Chris PeBenito 5bd9fd 
	allow openca_ca_t $1:fifo_file rw_file_perms;
Chris PeBenito 5bd9fd 
	allow openca_ca_t $1:process sigchld;
Chris PeBenito 5bd9fd 
')
Chris PeBenito 5bd9fd
Chris PeBenito 5bd9fd 
########################################
Chris PeBenito 5bd9fd 
## <summary>
Chris PeBenito 5bd9fd 
##	Send OpenCA generic signals.
Chris PeBenito 5bd9fd 
## </summary>
Chris PeBenito 5bd9fd 
## <param name="domain">
Chris PeBenito 5bd9fd 
##	<summary>
Chris PeBenito 5bd9fd 
##	Domain allowed access.
Chris PeBenito 5bd9fd 
##	</summary>
Chris PeBenito 5bd9fd 
## </param>
Chris PeBenito 5bd9fd 
#
Chris PeBenito 5bd9fd 
interface(`openca_signal',`
Chris PeBenito 5bd9fd 
	gen_require(`
Chris PeBenito 5bd9fd 
		type openca_ca_t;
Chris PeBenito 5bd9fd 
	')
Chris PeBenito 5bd9fd
Chris PeBenito 5bd9fd 
	allow $1 openca_ca_t:process signal;
Chris PeBenito 5bd9fd 
')
Chris PeBenito 5bd9fd
Chris PeBenito 5bd9fd 
########################################
Chris PeBenito 5bd9fd 
## <summary>
Chris PeBenito 5bd9fd 
##	Send OpenCA stop signals.
Chris PeBenito 5bd9fd 
## </summary>
Chris PeBenito 5bd9fd 
## <param name="domain">
Chris PeBenito 5bd9fd 
##	<summary>
Chris PeBenito 5bd9fd 
##	Domain allowed access.
Chris PeBenito 5bd9fd 
##	</summary>
Chris PeBenito 5bd9fd 
## </param>
Chris PeBenito 5bd9fd 
#
Chris PeBenito 5bd9fd 
interface(`openca_sigstop',`
Chris PeBenito 5bd9fd 
	gen_require(`
Chris PeBenito 5bd9fd 
		type openca_ca_t;
Chris PeBenito 5bd9fd 
	')
Chris PeBenito 5bd9fd
Chris PeBenito 5bd9fd 
	allow $1 openca_ca_t:process sigstop;
Chris PeBenito 5bd9fd 
')
Chris PeBenito 5bd9fd
Chris PeBenito 5bd9fd 
########################################
Chris PeBenito 5bd9fd 
## <summary>
Chris PeBenito 5bd9fd 
##	Kill OpenCA.
Chris PeBenito 5bd9fd 
## </summary>
Chris PeBenito 5bd9fd 
## <param name="domain">
Chris PeBenito 5bd9fd 
##	<summary>
Chris PeBenito 5bd9fd 
##	Domain allowed access.
Chris PeBenito 5bd9fd 
##	</summary>
Chris PeBenito 5bd9fd 
## </param>
Chris PeBenito 5bd9fd 
#
Chris PeBenito 5bd9fd 
interface(`openca_kill',`
Chris PeBenito 5bd9fd 
	gen_require(`
Chris PeBenito 5bd9fd 
		type openca_ca_t;
Chris PeBenito 5bd9fd 
	')
Chris PeBenito 5bd9fd
Chris PeBenito 5bd9fd 
	allow $1 openca_ca_t:process sigkill;
Chris PeBenito 5bd9fd 
')

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation