diff options
author | David Sugar <dsugar@tresys.com> | 2018-11-17 04:23:43 +0000 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2018-11-18 18:56:47 +0800 |
commit | fc20bbb5187bd1cb4527ebf38390d1a31b8593c4 (patch) | |
tree | cc670fbd93138dc8f51e31aa3edbd6b86e212838 /policy/modules/services/ntp.if | |
parent | dnsmasq: Module version bump. (diff) | |
download | hardened-refpolicy-fc20bbb5187bd1cb4527ebf38390d1a31b8593c4.tar.gz hardened-refpolicy-fc20bbb5187bd1cb4527ebf38390d1a31b8593c4.tar.bz2 hardened-refpolicy-fc20bbb5187bd1cb4527ebf38390d1a31b8593c4.zip |
Add interfaces to control ntpd_unit_t systemd services
Signed-off-by: Dave Sugar <dsugar@tresys.com>
Signed-off-by: Jason Zaman <jason@perfinion.com>
Diffstat (limited to 'policy/modules/services/ntp.if')
-rw-r--r-- | policy/modules/services/ntp.if | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/policy/modules/services/ntp.if b/policy/modules/services/ntp.if index 31f71108..ff85b74b 100644 --- a/policy/modules/services/ntp.if +++ b/policy/modules/services/ntp.if @@ -179,6 +179,69 @@ interface(`ntp_rw_shm',` ######################################## ## <summary> +## Allow specified domain to enable/disable ntpd unit +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`ntp_enabledisable',` + ifdef(`init_systemd',` + gen_require(` + type ntpd_unit_t; + class service { enable disable }; + ') + + allow $1 ntpd_unit_t:service { enable disable }; + ') +') + +######################################## +## <summary> +## Allow specified domain to start/stop ntpd unit +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`ntp_startstop',` + ifdef(`init_systemd',` + gen_require(` + type ntpd_unit_t; + class service { start stop }; + ') + + allow $1 ntpd_unit_t:service { start stop }; + ') +') + +######################################## +## <summary> +## Allow specified domain to get status of ntpd unit +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`ntp_status',` + ifdef(`init_systemd',` + gen_require(` + type ntpd_unit_t; + class service status; + ') + + allow $1 ntpd_unit_t:service status; + ') +') + +######################################## +## <summary> ## All of the rules required to ## administrate an ntp environment. ## </summary> |