## <module name="hostname" layer="system">

## <summary>Policy for changing the system host name.</summary>

########################################

## <interface name="hostname_domtrans">

##	<description>

##		Execute hostname in the hostname domain.

##	</description>

##	<parameter name="domain">

##		The type of the process performing this action.

##		Has a sigchld signal backchannel.

##	</parameter>

## </interface>

#

define(`hostname_domtrans',`

	gen_require(`$0'_depend)

	allow $1 hostname_exec_t:file rx_file_perms;

	allow $1 hostname_t:process transition;

	type_transition $1 hostname_exec_t:process hostname_t;

	dontaudit $1 hostname_t:process { noatsecure siginh rlimitinh };

	allow $1 hostname_t:fd use;

	allow hostname_t $1:fd use;

	allow hostname_t $1:fifo_file rw_file_perms;

	allow hostname_t $1:process sigchld;

')

define(`hostname_domtrans_depend',`

	type hostname_t, hostname_exec_t;

	class file rx_file_perms;

	class process { transition noatsecure siginh rlimitinh sigchld };

	class fd use;

	class fifo_file rw_file_perms;

')

########################################

## <interface name="hostname_run">

##	<description>

##		Execute hostname in the hostname domain, and

##		allow the specified role the hostname domain.

##		Has a sigchld signal backchannel.

##	</description>

##	<parameter name="domain">

##		The type of the process performing this action.

##	</parameter>

##	<parameter name="role">

##		The role to be allowed the hostname domain.

##	</parameter>

##	<parameter name="terminal">

##		The type of the terminal allow the hostname domain to use.

##	</parameter>

## </interface>

#

define(`hostname_run',`

	gen_require(`$0'_depend)

	hostname_domtrans($1)

	role $2 types hostname_t;

	allow hostname_t $3:chr_file { getattr read write ioctl };

')

define(`hostname_run_depend',`

	type hostname_t;

	class chr_file { getattr read write ioctl };

')

########################################

## <interface name="hostname_exec">

##     <description>

##             Execute hostname in the hostname domain, and

##             Has a sigchld signal backchannel.

##     </description>

##     <parameter name="domain">

##             The type of the process performing this action.

##     </parameter>

## </interface>

#

#######################################

#

# hostname_exec(domain)

#

define(`hostname_exec',`

	gen_require(`$0'_depend)

	can_exec($1,hostname_exec_t)

')

define(`hostname_exec_depend',`

	type hostname_exec_t;

	class file { getattr read execute execute_no_trans };

')

## </module>