Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/contrib/sanlock.te
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/contrib/sanlock.te')
-rw-r--r--policy/modules/contrib/sanlock.te106
1 files changed, 0 insertions, 106 deletions
diff --git a/policy/modules/contrib/sanlock.te b/policy/modules/contrib/sanlock.te
deleted file mode 100644
index a34eac42e..000000000
--- a/policy/modules/contrib/sanlock.te
+++ /dev/null
@@ -1,106 +0,0 @@
-policy_module(sanlock, 1.0.2)
-
-########################################
-#
-# Declarations
-#
-
-## <desc>
-## <p>
-## Determine whether sanlock can use
-## nfs file systems.
-## </p>
-## </desc>
-gen_tunable(sanlock_use_nfs, false)
-
-## <desc>
-## <p>
-## Determine whether sanlock can use
-## cifs file systems.
-## </p>
-## </desc>
-gen_tunable(sanlock_use_samba, false)
-
-type sanlock_t;
-type sanlock_exec_t;
-init_daemon_domain(sanlock_t, sanlock_exec_t)
-
-type sanlock_var_run_t;
-files_pid_file(sanlock_var_run_t)
-
-type sanlock_log_t;
-logging_log_file(sanlock_log_t)
-
-type sanlock_initrc_exec_t;
-init_script_file(sanlock_initrc_exec_t)
-
-ifdef(`enable_mcs',`
- init_ranged_daemon_domain(sanlock_t, sanlock_exec_t, s0 - mcs_systemhigh)
-')
-
-ifdef(`enable_mls',`
- init_ranged_daemon_domain(sanlock_t, sanlock_exec_t, s0 - mls_systemhigh)
-')
-
-########################################
-#
-# Local policy
-#
-
-allow sanlock_t self:capability { chown dac_override ipc_lock kill setgid setuid sys_nice sys_resource };
-allow sanlock_t self:process { setrlimit setsched signull signal sigkill };
-allow sanlock_t self:fifo_file rw_fifo_file_perms;
-allow sanlock_t self:unix_stream_socket { accept listen };
-
-append_files_pattern(sanlock_t, sanlock_log_t, sanlock_log_t)
-create_files_pattern(sanlock_t, sanlock_log_t, sanlock_log_t)
-setattr_files_pattern(sanlock_t, sanlock_log_t, sanlock_log_t)
-logging_log_filetrans(sanlock_t, sanlock_log_t, file)
-
-manage_dirs_pattern(sanlock_t, sanlock_var_run_t, sanlock_var_run_t)
-manage_files_pattern(sanlock_t, sanlock_var_run_t, sanlock_var_run_t)
-manage_sock_files_pattern(sanlock_t, sanlock_var_run_t, sanlock_var_run_t)
-files_pid_filetrans(sanlock_t, sanlock_var_run_t, { file dir sock_file })
-
-kernel_read_system_state(sanlock_t)
-kernel_read_kernel_sysctls(sanlock_t)
-
-dev_read_rand(sanlock_t)
-dev_read_urand(sanlock_t)
-
-domain_use_interactive_fds(sanlock_t)
-
-storage_raw_rw_fixed_disk(sanlock_t)
-
-auth_use_nsswitch(sanlock_t)
-
-init_read_utmp(sanlock_t)
-init_dontaudit_write_utmp(sanlock_t)
-
-logging_send_syslog_msg(sanlock_t)
-
-miscfiles_read_localization(sanlock_t)
-
-tunable_policy(`sanlock_use_nfs',`
- fs_manage_nfs_dirs(sanlock_t)
- fs_manage_nfs_files(sanlock_t)
- fs_manage_nfs_named_sockets(sanlock_t)
- fs_read_nfs_symlinks(sanlock_t)
-')
-
-tunable_policy(`sanlock_use_samba',`
- fs_manage_cifs_dirs(sanlock_t)
- fs_manage_cifs_files(sanlock_t)
- fs_manage_cifs_named_sockets(sanlock_t)
- fs_read_cifs_symlinks(sanlock_t)
-')
-
-optional_policy(`
- wdmd_stream_connect(sanlock_t)
-')
-
-optional_policy(`
- virt_kill_all_virt_domains(sanlock_t)
- virt_manage_lib_files(sanlock_t)
- virt_signal_all_virt_domains(sanlock_t)
-')