Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/contrib/cgroup.if
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/contrib/cgroup.if')
-rw-r--r--policy/modules/contrib/cgroup.if190
1 files changed, 0 insertions, 190 deletions
diff --git a/policy/modules/contrib/cgroup.if b/policy/modules/contrib/cgroup.if
deleted file mode 100644
index 85ca63f9a..000000000
--- a/policy/modules/contrib/cgroup.if
+++ /dev/null
@@ -1,190 +0,0 @@
-## <summary>libcg is a library that abstracts the control group file system in Linux.</summary>
-
-########################################
-## <summary>
-## Execute a domain transition to run
-## CG Clear.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`cgroup_domtrans_cgclear',`
- gen_require(`
- type cgclear_t, cgclear_exec_t;
- ')
-
- domtrans_pattern($1, cgclear_exec_t, cgclear_t)
- corecmd_search_bin($1)
-')
-
-########################################
-## <summary>
-## Execute a domain transition to run
-## CG config parser.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`cgroup_domtrans_cgconfig',`
- gen_require(`
- type cgconfig_t, cgconfig_exec_t;
- ')
-
- domtrans_pattern($1, cgconfig_exec_t, cgconfig_t)
- corecmd_search_bin($1)
-')
-
-########################################
-## <summary>
-## Execute a domain transition to run
-## CG config parser.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`cgroup_initrc_domtrans_cgconfig',`
- gen_require(`
- type cgconfig_initrc_exec_t;
- ')
-
- init_labeled_script_domtrans($1, cgconfig_initrc_exec_t)
-')
-
-########################################
-## <summary>
-## Execute a domain transition to run
-## CG rules engine daemon.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`cgroup_domtrans_cgred',`
- gen_require(`
- type cgred_t, cgred_exec_t;
- ')
-
- domtrans_pattern($1, cgred_exec_t, cgred_t)
- corecmd_search_bin($1)
-')
-
-########################################
-## <summary>
-## Execute a domain transition to run
-## CG rules engine daemon.
-## domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`cgroup_initrc_domtrans_cgred',`
- gen_require(`
- type cgred_initrc_exec_t;
- ')
-
- init_labeled_script_domtrans($1, cgred_initrc_exec_t)
-')
-
-########################################
-## <summary>
-## Execute a domain transition to
-## run CG Clear and allow the
-## specified role the CG Clear
-## domain.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed to transition.
-## </summary>
-## </param>
-## <param name="role">
-## <summary>
-## Role allowed access.
-## </summary>
-## </param>
-## <rolecap/>
-#
-interface(`cgroup_run_cgclear',`
- gen_require(`
- type cgclear_t;
- ')
-
- cgroup_domtrans_cgclear($1)
- role $2 types cgclear_t;
-')
-
-########################################
-## <summary>
-## Connect to CG rules engine daemon
-## over unix stream sockets.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`cgroup_stream_connect_cgred', `
- gen_require(`
- type cgred_var_run_t, cgred_t;
- ')
-
- stream_connect_pattern($1, cgred_var_run_t, cgred_var_run_t, cgred_t)
- files_search_pids($1)
-')
-
-########################################
-## <summary>
-## All of the rules required to administrate
-## an cgroup environment.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-## <param name="role">
-## <summary>
-## Role allowed access.
-## </summary>
-## </param>
-## <rolecap/>
-#
-interface(`cgroup_admin',`
- gen_require(`
- type cgred_t, cgconfig_t, cgred_var_run_t;
- type cgconfig_etc_t, cgconfig_initrc_exec_t, cgred_initrc_exec_t;
- type cgrules_etc_t, cgclear_t;
- ')
-
- allow $1 { cgclear_t cgconfig_t cgred_t }:process { ptrace signal_perms };
- ps_process_pattern($1, { cgclear_t cgconfig_t cgred_t })
-
- admin_pattern($1, { cgconfig_etc_t cgrules_etc_t })
- files_list_etc($1)
-
- admin_pattern($1, cgred_var_run_t)
- files_list_pids($1)
-
- cgroup_initrc_domtrans_cgconfig($1)
- cgroup_initrc_domtrans_cgred($1)
- domain_system_change_exemption($1)
- role_transition $2 { cgconfig_initrc_exec_t cgred_initrc_exec_t } system_r;
- allow $2 system_r;
-
- cgroup_run_cgclear($1, $2)
-')