## Linux Target Framework Daemon. ##################################### ## ## Read and write tgtd semaphores. ## ## ## ## Domain allowed access. ## ## # interface(`tgtd_rw_semaphores',` gen_require(` type tgtd_t; ') allow $1 tgtd_t:sem rw_sem_perms; ') ###################################### ## ## Create, read, write, and delete ## tgtd sempaphores. ## ## ## ## Domain allowed access. ## ## # interface(`tgtd_manage_semaphores',` gen_require(` type tgtd_t; ') allow $1 tgtd_t:sem create_sem_perms; ') ###################################### ## ## Connect to tgtd with a unix ## domain stream socket. ## ## ## ## Domain allowed access. ## ## # interface(`tgtd_stream_connect',` gen_require(` type tgtd_t, tgtd_var_run_t; ') files_search_pids($1) stream_connect_pattern($1, tgtd_var_run_t, tgtd_var_run_t, tgtd_t) ') ######################################## ## ## All of the rules required to ## administrate an tgtd environment. ## ## ## ## Domain allowed access. ## ## ## ## ## Role allowed access. ## ## ## # interface(`tgtd_admin',` gen_require(` type tgtd_t, tgtd_initrc_exec_t, tgtd_var_lib_t; type tgtd_var_run_t, tgtd_tmp_t, tgtd_tmpfs_t; ') allow $1 tgtd_t:process { ptrace signal_perms }; ps_process_pattern($1, tgtd_t) init_labeled_script_domtrans($1, tgtd_initrc_exec_t) domain_system_change_exemption($1) role_transition $2 tgtd_initrc_exec_t system_r; allow $2 system_r; files_search_var_lib($1) admin_pattern($1, tgtd_var_lib_t) files_search_pids($1) admin_pattern($1, tgtd_var_run_t) files_search_tmp($1) admin_pattern($1, tgtd_tmp_t) fs_search_tmpfs($1) admin_pattern($1, tgtd_tmpfs_t) ')