## Tool for building alternate livecd for different os and policy versions. ######################################## ## ## Execute a domain transition to run livecd. ## ## ## ## Domain allowed to transition. ## ## # interface(`livecd_domtrans',` gen_require(` type livecd_t, livecd_exec_t; ') corecmd_search_bin($1) domtrans_pattern($1, livecd_exec_t, livecd_t) ') ######################################## ## ## Execute livecd in the livecd ## domain, and allow the specified ## role the livecd domain. ## ## ## ## Domain allowed to transition. ## ## ## ## ## Role allowed access. ## ## # interface(`livecd_run',` gen_require(` type livecd_t; type livecd_exec_t; attribute_role livecd_roles; ') livecd_domtrans($1) roleattribute $2 livecd_roles; role_transition $2 livecd_exec_t system_r; optional_policy(` rpm_transition_script(livecd_t, $2) ') ') ######################################## ## ## Dontaudit read/write to a livecd leaks ## ## ## ## Domain to not audit. ## ## # interface(`livecd_dontaudit_leaks',` gen_require(` type livecd_t; ') dontaudit $1 livecd_t:unix_dgram_socket { read write }; ') ######################################## ## ## Read livecd temporary files. ## ## ## ## Domain allowed access. ## ## # interface(`livecd_read_tmp_files',` gen_require(` type livecd_tmp_t; ') files_search_tmp($1) read_files_pattern($1, livecd_tmp_t, livecd_tmp_t) ') ######################################## ## ## Read and write livecd temporary files. ## ## ## ## Domain allowed access. ## ## # interface(`livecd_rw_tmp_files',` gen_require(` type livecd_tmp_t; ') files_search_tmp($1) rw_files_pattern($1, livecd_tmp_t, livecd_tmp_t) ') ######################################## ## ## Read and write livecd semaphores. ## ## ## ## Domain allowed access. ## ## # interface(`livecd_rw_semaphores',` gen_require(` type livecd_t; ') allow $1 livecd_t:sem rw_sem_perms; ')