source: selinux/build/openafs.if @ 1013

Last change on this file since 1013 was 117, checked in by presbrey, 19 years ago
appropriately named the signup_t domain module new domain user_setuid_t to confine setuid user programs (i.e. SQL signup)
File size: 939 bytes
RevLine 
[90]1# Joe Presbrey
2# presbrey@mit.edu
3# 2006/1/15
[28]4
5interface(`afsd_domtrans',`
6        gen_require(`
7                type afsd_t, afsd_exec_t;
8        ')
9
10        domain_auto_trans($1,afsd_exec_t,afsd_t)
11
12        allow $1 afsd_t:fd use;
13        allow afsd_t $1:fd use;
14        allow afsd_t $1:fifo_file rw_file_perms;
15        allow afsd_t $1:process sigchld;
16')
17
18interface(`afs_access',`
19        gen_require(`
[90]20                type afs_t, afs_bin_t;
[28]21                type afsd_t, afsd_etc_t;
22        ')
[90]23
24        allow $1 afs_bin_t:file rx_file_perms;
25        domain_auto_trans($1, afs_bin_t, afs_t)
26        allow afs_t $1:fd use;
27        allow afs_t $1:process sigchld;
28
29        allow $1 afsd_t:udp_socket write;
[28]30        allow $1 afsd_etc_t:dir r_dir_perms;
31        allow $1 afsd_etc_t:file r_file_perms;
[79]32        allow $1 afsd_etc_t:lnk_file r_file_perms;
[90]33        fs_manage_autofs_symlinks($1)
34        fs_manage_nfs_dirs($1)
35        fs_manage_nfs_files($1)
36        fs_manage_nfs_symlinks($1)
37        fs_manage_nfs_named_pipes($1)
38        fs_manage_nfs_named_sockets($1)
[99]39        allow $1 nfs_t:file entrypoint;
[117]40        allow $1 nfs_t:{file dir} rx_file_perms;
[28]41')
Note: See TracBrowser for help on using the repository browser.