source: selinux/build/afsd.if @ 79

Last change on this file since 79 was 79, checked in by presbrey, 16 years ago
vixie-cron executes as the user under SELinux SELinux policy for afsd and afsagent
File size: 933 bytes
Line 
1## <summary>policy for afs</summary>
2
3########################################
4## <summary>
5##      Execute a domain transition to run afs.
6## </summary>
7## <param name="domain">
8## <summary>
9##      Domain allowed to transition.
10## </summary>
11## </param>
12#
13interface(`afsd_domtrans',`
14        gen_require(`
15                type afsd_t, afsd_exec_t;
16        ')
17
18        domain_auto_trans($1,afsd_exec_t,afsd_t)
19
20        allow $1 afsd_t:fd use;
21        allow afsd_t $1:fd use;
22        allow afsd_t $1:fifo_file rw_file_perms;
23        allow afsd_t $1:process sigchld;
24')
25
26interface(`afs_access',`
27        gen_require(`
28                type afsd_t, afsd_etc_t;
29                type autofs_t, nfs_t;
30        ')
31        allow $1 afsd_t:udp_socket all_udp_socket_perms;
32        allow $1 afsd_etc_t:dir r_dir_perms;
33        allow $1 afsd_etc_t:file r_file_perms;
34        allow $1 afsd_etc_t:lnk_file r_file_perms;
35        allow $1 autofs_t:dir r_dir_perms;
36        allow $1 autofs_t:lnk_file r_file_perms;
37        allow $1 nfs_t:dir manage_dir_perms;
38        allow $1 nfs_t:file_class_set manage_file_perms;
39')
Note: See TracBrowser for help on using the repository browser.