Oreon-Lime-R2/selinux-policy/selinux-policy-d9f4a2b/selinux-policy-d9f4a2bbeb91fd95d0c35a90936efb9ea99d2455/policy/modules/contrib/iotop.if

46 lines
970 B
Text

## <summary>Simple top-like I/O monitor</summary>
########################################
## <summary>
## Allow execution of iotop in the iotop domain from the target domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition to iotop.
## </summary>
## </param>
#
interface(`iotop_domtrans',`
gen_require(`
type iotop_t, iotop_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, iotop_exec_t, iotop_t)
')
########################################
## <summary>
## Execute iotop in the iotop domain, and
## allow the specified role to access the iotop domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed into the iotop domain.
## </summary>
## </param>
#
interface(`iotop_run',`
gen_require(`
type iotop_t;
attribute_role iotop_roles;
')
iotop_domtrans($1)
roleattribute $2 iotop_roles;
')