diff options
Diffstat (limited to 'policy/modules/contrib/gitosis.if')
-rw-r--r-- | policy/modules/contrib/gitosis.if | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/policy/modules/contrib/gitosis.if b/policy/modules/contrib/gitosis.if new file mode 100644 index 00000000..e898b911 --- /dev/null +++ b/policy/modules/contrib/gitosis.if @@ -0,0 +1,86 @@ +## <summary>Tools for managing and hosting git repositories.</summary> + +####################################### +## <summary> +## Execute a domain transition to run gitosis. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +# +interface(`gitosis_domtrans',` + gen_require(` + type gitosis_t, gitosis_exec_t; + ') + + domtrans_pattern($1, gitosis_exec_t, gitosis_t) +') + +####################################### +## <summary> +## Execute gitosis-serve in the gitosis domain, and +## allow the specified role the gitosis domain. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access +## </summary> +## </param> +## <param name="role"> +## <summary> +## Role allowed access. +## </summary> +## </param> +# +interface(`gitosis_run',` + gen_require(` + type gitosis_t; + ') + + gitosis_domtrans($1) + role $2 types gitosis_t; +') + +####################################### +## <summary> +## Allow the specified domain to read +## gitosis lib files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`gitosis_read_lib_files',` + gen_require(` + type gitosis_var_lib_t; + ') + + files_search_var_lib($1) + read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t) + read_lnk_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t) + list_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t) +') + +###################################### +## <summary> +## Allow the specified domain to manage +## gitosis lib files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`gitosis_manage_lib_files',` + gen_require(` + type gitosis_var_lib_t; + ') + + files_search_var_lib($1) + manage_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t) +') |