From: cpebenito@tresys.com (Christopher J. PeBenito)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH] Introduce init_startstop_service interface
Date: Fri, 22 May 2015 14:30:41 -0400 [thread overview]
Message-ID: <555F75D1.1080808@tresys.com> (raw)
In-Reply-To: <1432303685-7695-1-git-send-email-jason@perfinion.com>
On 5/22/2015 10:08 AM, Jason Zaman wrote:
> This is to be used where a role needs to start and stop a labeled
> service. It centralizes all the rules for redhat < 6 sysvinit that
> were used in the _admin interfaces. The rules for other inits will
> be added later.
This set is merged.
> ---
> policy/modules/system/init.if | 40 ++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 40 insertions(+)
>
> diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
> index 0e7eaec..f39437e 100644
> --- a/policy/modules/system/init.if
> +++ b/policy/modules/system/init.if
> @@ -963,6 +963,46 @@ interface(`init_all_labeled_script_domtrans',`
>
> ########################################
> ## <summary>
> +## Allow the role to start and stop
> +## labeled services.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed to transition.
> +## </summary>
> +## </param>
> +## <param name="role">
> +## <summary>
> +## The role to be performing this action.
> +## </summary>
> +## </param>
> +## <param name="domain">
> +## <summary>
> +## Type to be used as a daemon domain.
> +## </summary>
> +## </param>
> +## <param name="init_script_file">
> +## <summary>
> +## Labeled init script file.
> +## </summary>
> +## </param>
> +#
> +interface(`init_startstop_service',`
> + gen_require(`
> + role system_r;
> + ')
> +
> + ifndef(`direct_sysadm_daemon',`
> + # rules for sysvinit / upstart
> + init_labeled_script_domtrans($1, $4)
> + domain_system_change_exemption($1)
> + role_transition $2 $4 system_r;
> + allow $2 system_r;
> + ')
> +')
> +
> +########################################
> +## <summary>
> ## Start and stop daemon programs directly.
> ## </summary>
> ## <desc>
>
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
prev parent reply other threads:[~2015-05-22 18:30 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-22 14:08 [refpolicy] [PATCH] Introduce init_startstop_service interface Jason Zaman
2015-05-22 18:30 ` Christopher J. PeBenito [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=555F75D1.1080808@tresys.com \
--to=cpebenito@tresys.com \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.