## Fast incremental file transfer for synchronization
#######################################
##
## Sendmail stub interface. No access allowed.
##
##
##
## Domain allowed access.
##
##
#
interface(`rsync_stub',`
gen_require(`
type rsync_t;
')
')
########################################
##
## Make rsync an entry point for
## the specified domain.
##
##
##
## The domain for which init scripts are an entrypoint.
##
##
# cjp: added for portage
interface(`rsync_entry_type',`
gen_require(`
type rsync_exec_t;
')
domain_entry_file($1, rsync_exec_t)
')
########################################
##
## Execute a rsync in a specified domain.
##
##
##
## Execute a rsync in a specified domain.
##
##
## No interprocess communication (signals, pipes,
## etc.) is provided by this interface since
## the domains are not owned by this module.
##
##
##
##
## Domain allowed to transition.
##
##
##
##
## Domain to transition to.
##
##
# cjp: added for portage
interface(`rsync_entry_spec_domtrans',`
gen_require(`
type rsync_exec_t;
')
domain_trans($1, rsync_exec_t, $2)
')
########################################
##
## Execute a rsync in a specified domain.
##
##
##
## Execute a rsync in a specified domain.
##
##
## No interprocess communication (signals, pipes,
## etc.) is provided by this interface since
## the domains are not owned by this module.
##
##
##
##
## Domain allowed to transition.
##
##
##
##
## Domain to transition to.
##
##
# cjp: added for portage
interface(`rsync_entry_domtrans',`
gen_require(`
type rsync_exec_t;
')
domain_auto_trans($1, rsync_exec_t, $2)
')
########################################
##
## Execute rsync in the caller domain domain.
##
##
##
## Domain allowed access.
##
##
##
#
interface(`rsync_exec',`
gen_require(`
type rsync_exec_t;
')
can_exec($1, rsync_exec_t)
')
##
## Allow the specified domain to ioctl an
## rsync with a unix domain stream socket.
##
##
##
## Domain allowed access.
##
##
#
interface(`rsync_ioctl_stream_sockets',`
gen_require(`
type rsync_t;
')
allow $1 rsync_t:unix_stream_socket ioctl;
')
########################################
##
## Read rsync config files.
##
##
##
## Domain allowed access.
##
##
#
interface(`rsync_read_config',`
gen_require(`
type rsync_etc_t;
')
read_files_pattern($1, rsync_etc_t, rsync_etc_t)
files_search_etc($1)
')
########################################
##
## Read rsync data files.
##
##
##
## Domain allowed access.
##
##
#
interface(`rsync_read_data',`
gen_require(`
type rsync_data_t;
')
read_files_pattern($1, rsync_data_t, rsync_data_t)
')
########################################
##
## Read and write rsync unix_stream_sockets.
##
##
##
## Domain allowed access.
##
##
#
interface(`rsync_rw_unix_stream_sockets',`
gen_require(`
type rsync_t;
')
allow $1 rsync_t:unix_stream_socket rw_socket_perms;
')
########################################
##
## Write to rsync config files.
##
##
##
## Domain allowed access.
##
##
#
interface(`rsync_write_config',`
gen_require(`
type rsync_etc_t;
')
write_files_pattern($1, rsync_etc_t, rsync_etc_t)
files_search_etc($1)
')
########################################
##
## Manage rsync config files.
##
##
##
## Domain allowed access.
##
##
#
interface(`rsync_manage_config',`
gen_require(`
type rsync_etc_t;
')
manage_files_pattern($1, rsync_etc_t, rsync_etc_t)
files_search_etc($1)
')
########################################
##
## Create objects in etc directories
## with rsync etc type.
##
##
##
## Domain allowed to transition.
##
##
##
##
## Class of the object being created.
##
##
##
##
## The name of the object being created.
##
##
#
interface(`rsync_etc_filetrans_config',`
gen_require(`
type rsync_etc_t;
')
files_etc_filetrans($1, rsync_etc_t, $2, $3)
')
########################################
##
## Transition to rsync named content
##
##
##
## Domain allowed access.
##
##
#
interface(`rsync_filetrans_named_content',`
gen_require(`
type rsync_etc_t;
type rsync_var_run_t;
')
files_etc_filetrans($1, rsync_etc_t, file, "rsyncd.conf")
files_pid_filetrans($1, rsync_var_run_t, file, "swift_server.lock")
files_pid_filetrans($1, rsync_var_run_t, file, "rsyncd.lock")
')