Oreon-Lime-R2/selinux-policy/selinux-policy-d9f4a2b/selinux-policy-d9f4a2bbeb91fd95d0c35a90936efb9ea99d2455/policy/modules/contrib/cinder.if

58 lines
1.3 KiB
Text
Raw Permalink Normal View History

## <summary>openstack-cinder</summary>
######################################
## <summary>
## Manage cinder lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`cinder_manage_lib_files',`
gen_require(`
type cinder_var_lib_t;
')
files_search_var_lib($1)
manage_files_pattern($1, cinder_var_lib_t, cinder_var_lib_t)
')
#######################################
## <summary>
## Creates types and rules for a basic
## openstack-cinder systemd daemon domain.
## </summary>
## <param name="prefix">
## <summary>
## Prefix for the domain.
## </summary>
## </param>
#
template(`cinder_domain_template',`
gen_require(`
attribute cinder_domain;
')
type cinder_$1_t, cinder_domain;
type cinder_$1_exec_t;
init_daemon_domain(cinder_$1_t, cinder_$1_exec_t)
type cinder_$1_unit_file_t;
systemd_unit_file(cinder_$1_unit_file_t)
type cinder_$1_tmp_t;
files_tmp_file(cinder_$1_tmp_t)
manage_dirs_pattern(cinder_$1_t, cinder_$1_tmp_t, cinder_$1_tmp_t)
manage_files_pattern(cinder_$1_t, cinder_$1_tmp_t, cinder_$1_tmp_t)
files_tmp_filetrans(cinder_$1_t, cinder_$1_tmp_t, { file dir })
can_exec(cinder_$1_t, cinder_$1_tmp_t)
kernel_read_system_state(cinder_$1_t)
logging_send_syslog_msg(cinder_$1_t)
')