## myjboss module
########################################
##
## Execute a domain transition to run jboss.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`jboss_domtrans',`
gen_require(`
type jboss_t, jboss_exec_t;
')
domain_auto_trans($1,jboss_exec_t,jboss_t)
allow jboss_t $1:fd use;
allow jboss_t $1:fifo_file rw_file_perms;
allow jboss_t $1:process sigchld;
')
########################################
##
## Do not audit attempts to read,
## jboss tmp files
##
##
##
## Domain to not audit.
##
##
#
interface(`jboss_dontaudit_read_tmp_files',`
gen_require(`
type jboss_tmp_t;
')
dontaudit $1 jboss_tmp_t:file r_file_perms;
')
########################################
##
## Allow domain to read, jboss tmp files
##
##
##
## Domain to not audit.
##
##
#
interface(`jboss_read_tmp_files',`
gen_require(`
type jboss_tmp_t;
')
dontaudit $1 jboss_tmp_t:file r_file_perms;
')
########################################
##
## Search jboss rw directories.
##
##
##
## Domain allowed access.
##
##
#
interface(`jboss_search_rw_dir',`
gen_require(`
type jboss_rw_t;
')
allow $1 jboss_rw_t:dir search_dir_perms;
files_search_rw($1)
')
########################################
##
## Read jboss rw files.
##
##
##
## Domain allowed access.
##
##
#
interface(`jboss_read_rw_files',`
gen_require(`
type jboss_rw_t;
')
allow $1 jboss_rw_t:file r_file_perms;
allow $1 jboss_rw_t:dir list_dir_perms;
files_search_rw($1)
')
########################################
##
## Create, read, write, and delete
## jboss rw files.
##
##
##
## Domain allowed access.
##
##
#
interface(`jboss_manage_rw_files',`
gen_require(`
type jboss_rw_t;
')
allow $1 jboss_rw_t:file manage_file_perms;
allow $1 jboss_rw_t:dir rw_dir_perms;
')
########################################
##
## Allow the specified domain to manage
## jboss pid file
##
##
##
## Domain allowed access.
##
##
#
interface(`jboss_manage_pid',`
gen_require(`
type jboss_var_run_t;
')
manage_files_pattern($1,jboss_var_run_t,httpd_var_run_t)
files_pid_filetrans($1,jboss_var_run_t, file)
')