source: branches/locker-dev/selinux/build/openafs.if @ 1262

Last change on this file since 1262 was 117, checked in by presbrey, 18 years ago
appropriately named the signup_t domain module new domain user_setuid_t to confine setuid user programs (i.e. SQL signup)
File size: 939 bytes
Line 
1# Joe Presbrey
2# presbrey@mit.edu
3# 2006/1/15
4
5interface(`afsd_domtrans',`
6        gen_require(`
7                type afsd_t, afsd_exec_t;
8        ')
9
10        domain_auto_trans($1,afsd_exec_t,afsd_t)
11
12        allow $1 afsd_t:fd use;
13        allow afsd_t $1:fd use;
14        allow afsd_t $1:fifo_file rw_file_perms;
15        allow afsd_t $1:process sigchld;
16')
17
18interface(`afs_access',`
19        gen_require(`
20                type afs_t, afs_bin_t;
21                type afsd_t, afsd_etc_t;
22        ')
23
24        allow $1 afs_bin_t:file rx_file_perms;
25        domain_auto_trans($1, afs_bin_t, afs_t)
26        allow afs_t $1:fd use;
27        allow afs_t $1:process sigchld;
28
29        allow $1 afsd_t:udp_socket write;
30        allow $1 afsd_etc_t:dir r_dir_perms;
31        allow $1 afsd_etc_t:file r_file_perms;
32        allow $1 afsd_etc_t:lnk_file r_file_perms;
33        fs_manage_autofs_symlinks($1)
34        fs_manage_nfs_dirs($1)
35        fs_manage_nfs_files($1)
36        fs_manage_nfs_symlinks($1)
37        fs_manage_nfs_named_pipes($1)
38        fs_manage_nfs_named_sockets($1)
39        allow $1 nfs_t:file entrypoint;
40        allow $1 nfs_t:{file dir} rx_file_perms;
41')
Note: See TracBrowser for help on using the repository browser.