Changeset 90 for selinux/build/afsd.if


Ignore:
Timestamp:
Jan 20, 2007, 9:31:21 PM (17 years ago)
Author:
presbrey
Message:
OpenAFS Client strict SELinux module
File:
1 edited

Legend:

Unmodified
Added
Removed
  • selinux/build/afsd.if

    r81 r90  
    1 ## <summary>policy for afs</summary>
     1# Joe Presbrey
     2# presbrey@mit.edu
     3# 2006/1/15
    24
    3 ########################################
    4 ## <summary>
    5 ##      Execute a domain transition to run afs.
    6 ## </summary>
    7 ## <param name="domain">
    8 ## <summary>
    9 ##      Domain allowed to transition.
    10 ## </summary>
    11 ## </param>
    12 #
    135interface(`afsd_domtrans',`
    146        gen_require(`
     
    2618interface(`afs_access',`
    2719        gen_require(`
     20                type afs_t, afs_bin_t;
    2821                type afsd_t, afsd_etc_t;
    29                 type autofs_t, nfs_t;
    3022        ')
    31         allow $1 afsd_t:udp_socket all_udp_socket_perms;
     23
     24        allow $1 afs_bin_t:file rx_file_perms;
     25        domain_auto_trans($1, afs_bin_t, afs_t)
     26        allow afs_t $1:fd use;
     27        allow afs_t $1:process sigchld;
     28
     29        allow $1 afsd_t:udp_socket write;
    3230        allow $1 afsd_etc_t:dir r_dir_perms;
    3331        allow $1 afsd_etc_t:file r_file_perms;
    3432        allow $1 afsd_etc_t:lnk_file r_file_perms;
    35         allow $1 autofs_t:dir all_dir_perms;
    36         allow $1 autofs_t:lnk_file all_lnk_file_perms;
    37         allow $1 nfs_t:dir all_dir_perms;
    38         allow $1 nfs_t:file all_file_perms;
    39         allow $1 nfs_t:lnk_file all_lnk_file_perms;
    40         allow $1 nfs_t:sock_file all_sock_file_perms;
    41         allow $1 nfs_t:fifo_file all_fifo_file_perms;
    42         allow $1 nfs_t:chr_file all_chr_file_perms;
    43         allow $1 nfs_t:blk_file all_blk_file_perms;
     33        fs_manage_autofs_symlinks($1)
     34        fs_manage_nfs_dirs($1)
     35        fs_manage_nfs_files($1)
     36        fs_manage_nfs_symlinks($1)
     37        fs_manage_nfs_named_pipes($1)
     38        fs_manage_nfs_named_sockets($1)
    4439')
Note: See TracChangeset for help on using the changeset viewer.