diff options
Diffstat (limited to 'policy/modules/contrib/cgroup.if')
-rw-r--r-- | policy/modules/contrib/cgroup.if | 190 |
1 files changed, 0 insertions, 190 deletions
diff --git a/policy/modules/contrib/cgroup.if b/policy/modules/contrib/cgroup.if deleted file mode 100644 index 85ca63f9a..000000000 --- a/policy/modules/contrib/cgroup.if +++ /dev/null @@ -1,190 +0,0 @@ -## <summary>libcg is a library that abstracts the control group file system in Linux.</summary> - -######################################## -## <summary> -## Execute a domain transition to run -## CG Clear. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -# -interface(`cgroup_domtrans_cgclear',` - gen_require(` - type cgclear_t, cgclear_exec_t; - ') - - domtrans_pattern($1, cgclear_exec_t, cgclear_t) - corecmd_search_bin($1) -') - -######################################## -## <summary> -## Execute a domain transition to run -## CG config parser. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -# -interface(`cgroup_domtrans_cgconfig',` - gen_require(` - type cgconfig_t, cgconfig_exec_t; - ') - - domtrans_pattern($1, cgconfig_exec_t, cgconfig_t) - corecmd_search_bin($1) -') - -######################################## -## <summary> -## Execute a domain transition to run -## CG config parser. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -# -interface(`cgroup_initrc_domtrans_cgconfig',` - gen_require(` - type cgconfig_initrc_exec_t; - ') - - init_labeled_script_domtrans($1, cgconfig_initrc_exec_t) -') - -######################################## -## <summary> -## Execute a domain transition to run -## CG rules engine daemon. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -# -interface(`cgroup_domtrans_cgred',` - gen_require(` - type cgred_t, cgred_exec_t; - ') - - domtrans_pattern($1, cgred_exec_t, cgred_t) - corecmd_search_bin($1) -') - -######################################## -## <summary> -## Execute a domain transition to run -## CG rules engine daemon. -## domain. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -# -interface(`cgroup_initrc_domtrans_cgred',` - gen_require(` - type cgred_initrc_exec_t; - ') - - init_labeled_script_domtrans($1, cgred_initrc_exec_t) -') - -######################################## -## <summary> -## Execute a domain transition to -## run CG Clear and allow the -## specified role the CG Clear -## domain. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed to transition. -## </summary> -## </param> -## <param name="role"> -## <summary> -## Role allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`cgroup_run_cgclear',` - gen_require(` - type cgclear_t; - ') - - cgroup_domtrans_cgclear($1) - role $2 types cgclear_t; -') - -######################################## -## <summary> -## Connect to CG rules engine daemon -## over unix stream sockets. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`cgroup_stream_connect_cgred', ` - gen_require(` - type cgred_var_run_t, cgred_t; - ') - - stream_connect_pattern($1, cgred_var_run_t, cgred_var_run_t, cgred_t) - files_search_pids($1) -') - -######################################## -## <summary> -## All of the rules required to administrate -## an cgroup environment. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <param name="role"> -## <summary> -## Role allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`cgroup_admin',` - gen_require(` - type cgred_t, cgconfig_t, cgred_var_run_t; - type cgconfig_etc_t, cgconfig_initrc_exec_t, cgred_initrc_exec_t; - type cgrules_etc_t, cgclear_t; - ') - - allow $1 { cgclear_t cgconfig_t cgred_t }:process { ptrace signal_perms }; - ps_process_pattern($1, { cgclear_t cgconfig_t cgred_t }) - - admin_pattern($1, { cgconfig_etc_t cgrules_etc_t }) - files_list_etc($1) - - admin_pattern($1, cgred_var_run_t) - files_list_pids($1) - - cgroup_initrc_domtrans_cgconfig($1) - cgroup_initrc_domtrans_cgred($1) - domain_system_change_exemption($1) - role_transition $2 { cgconfig_initrc_exec_t cgred_initrc_exec_t } system_r; - allow $2 system_r; - - cgroup_run_cgclear($1, $2) -') |