Oreon-Lime-R2/selinux-policy/selinux-policy-bc228bd/selinux-policy-bc228bd0c249a9e4aa3dcf238c2b1bb138943b07/policy/modules/contrib/iotop.if

47 lines
970 B
Text
Raw Normal View History

## <summary>Simple top-like I/O monitor</summary>
########################################
## <summary>
## Allow execution of iotop in the iotop domain from the target domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition to iotop.
## </summary>
## </param>
#
interface(`iotop_domtrans',`
gen_require(`
type iotop_t, iotop_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, iotop_exec_t, iotop_t)
')
########################################
## <summary>
## Execute iotop in the iotop domain, and
## allow the specified role to access the iotop domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed into the iotop domain.
## </summary>
## </param>
#
interface(`iotop_run',`
gen_require(`
type iotop_t;
attribute_role iotop_roles;
')
iotop_domtrans($1)
roleattribute $2 iotop_roles;
')