diff options
| author | Wladimir J. van der Laan <laanwj@gmail.com> | 2016-03-24 12:19:39 +0100 |
|---|---|---|
| committer | Wladimir J. van der Laan <laanwj@gmail.com> | 2016-03-24 12:19:44 +0100 |
| commit | 3ba07bdf7da40b77f2709ac9628b9d0d20c846e7 (patch) | |
| tree | 30ffb304c5d0e6f9d3f465335aa63ddc6027b555 /contrib/rpm/bitcoin.if | |
| parent | e5c35119e967df94d8ac0d91959c07245d160ec5 (diff) | |
| parent | 0e4b50a48c72061f4bafe7f99f0b261a148b457b (diff) | |
Merge #7609: All files related to my RPM spec file project in one commit
0e4b50a Description of RPM directory (Alice Wonder)
146746b All files related to my RPM spec file project in one commit (Alice Wonder)
Diffstat (limited to 'contrib/rpm/bitcoin.if')
| -rw-r--r-- | contrib/rpm/bitcoin.if | 157 |
1 files changed, 157 insertions, 0 deletions
diff --git a/contrib/rpm/bitcoin.if b/contrib/rpm/bitcoin.if new file mode 100644 index 0000000000..2b096c24dc --- /dev/null +++ b/contrib/rpm/bitcoin.if @@ -0,0 +1,157 @@ + +## <summary>policy for bitcoin</summary> + + +######################################## +## <summary> +## Transition to bitcoin. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +# +interface(`bitcoin_domtrans',` + gen_require(` + type bitcoin_t, bitcoin_exec_t; + ') + + corecmd_search_bin($1) + domtrans_pattern($1, bitcoin_exec_t, bitcoin_t) +') + + +######################################## +## <summary> +## Execute bitcoin server in the bitcoin domain. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`bitcoin_initrc_domtrans',` + gen_require(` + type bitcoin_initrc_exec_t; + ') + + init_labeled_script_domtrans($1, bitcoin_initrc_exec_t) +') + + +######################################## +## <summary> +## Search bitcoin lib directories. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`bitcoin_search_lib',` + gen_require(` + type bitcoin_var_lib_t; + ') + + allow $1 bitcoin_var_lib_t:dir search_dir_perms; + files_search_var_lib($1) +') + +######################################## +## <summary> +## Read bitcoin lib files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`bitcoin_read_lib_files',` + gen_require(` + type bitcoin_var_lib_t; + ') + + files_search_var_lib($1) + read_files_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t) +') + +######################################## +## <summary> +## Manage bitcoin lib files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`bitcoin_manage_lib_files',` + gen_require(` + type bitcoin_var_lib_t; + ') + + files_search_var_lib($1) + manage_files_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t) +') + +######################################## +## <summary> +## Manage bitcoin lib directories. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`bitcoin_manage_lib_dirs',` + gen_require(` + type bitcoin_var_lib_t; + ') + + files_search_var_lib($1) + manage_dirs_pattern($1, bitcoin_var_lib_t, bitcoin_var_lib_t) +') + + +######################################## +## <summary> +## All of the rules required to administrate +## an bitcoin environment +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <param name="role"> +## <summary> +## Role allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`bitcoin_admin',` + gen_require(` + type bitcoin_t; + type bitcoin_initrc_exec_t; + type bitcoin_var_lib_t; + ') + + allow $1 bitcoin_t:process { ptrace signal_perms }; + ps_process_pattern($1, bitcoin_t) + + bitcoin_initrc_domtrans($1) + domain_system_change_exemption($1) + role_transition $2 bitcoin_initrc_exec_t system_r; + allow $2 system_r; + + files_search_var_lib($1) + admin_pattern($1, bitcoin_var_lib_t) + +') + |