diff options
Diffstat (limited to 'policy/modules/contrib/condor.if')
-rw-r--r-- | policy/modules/contrib/condor.if | 88 |
1 files changed, 0 insertions, 88 deletions
diff --git a/policy/modules/contrib/condor.if b/policy/modules/contrib/condor.if deleted file mode 100644 index 3fe3cb84c..000000000 --- a/policy/modules/contrib/condor.if +++ /dev/null @@ -1,88 +0,0 @@ -## <summary>High-Throughput Computing System.</summary> - -####################################### -## <summary> -## The template to define a condor domain. -## </summary> -## <param name="domain_prefix"> -## <summary> -## Domain prefix to be used. -## </summary> -## </param> -# -template(`condor_domain_template',` - gen_require(` - attribute condor_domain; - type condor_master_t; - ') - - ############################# - # - # Declarations - # - - type condor_$1_t, condor_domain; - type condor_$1_exec_t; - domain_type(condor_$1_t) - domain_entry_file(condor_$1_t, condor_$1_exec_t) - role system_r types condor_$1_t; - - ############################# - # - # Policy - # - - domtrans_pattern(condor_master_t, condor_$1_exec_t, condor_$1_t) - allow condor_master_t condor_$1_exec_t:file ioctl; - - auth_use_nsswitch(condor_$1_t) -') - -######################################## -## <summary> -## All of the rules required to -## administrate an condor environment. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -## <param name="role"> -## <summary> -## Role allowed access. -## </summary> -## </param> -## <rolecap/> -# -interface(`condor_admin',` - gen_require(` - attribute condor_domain; - type condor_initrc_exec_config_t, condor_log_t; - type condor_var_lib_t, condor_var_lock_t, condor_schedd_tmp_t; - type condor_var_run_t, condor_startd_tmp_t; - ') - - allow $1 condor_domain:process { ptrace signal_perms }; - ps_process_pattern($1, condor_domain) - - init_labeled_script_domtrans($1, condor_initrc_exec_t) - domain_system_change_exemption($1) - role_transition $2 condor_initrc_exec_t system_r; - allow $2 system_r; - - logging_search_logs($1) - admin_pattern($1, condor_log_t) - - files_search_locks($1) - admin_pattern($1, condor_var_lock_t) - - files_search_var_lib($1) - admin_pattern($1, condor_var_lib_t) - - files_search_pids($1) - admin_pattern($1, condor_var_run_t) - - files_search_tmp($1) - admin_pattern($1, { condor_schedd_tmp_t condor_startd_tmp_t }) -') |