Move samhain domain declarations into its template.

2025-03-11 07:40:18 +00:00 · 2010-12-15 11:13:18 -05:00 · 2010-12-15 11:13:18 -05:00 · e579703142
commit e579703142
parent ff449b62d7
2 changed files with 13 additions and 9 deletions
--- a/policy/modules/services/samhain.if
+++ b/policy/modules/services/samhain.if
@ -16,10 +16,14 @@
 #
 template(`samhain_service_template',`
 	gen_require(`
-		type etc_t, samhain_etc_t;
+		type etc_t, samhain_etc_t, samhain_exec_t;
 		type samhain_log_t, samhain_var_run_t;
 	')

+	type $1_t;
+	domain_type($1_t)
+	domain_entry_file($1_t, samhain_exec_t)
+
 	allow $1_t self:capability { dac_override dac_read_search fowner ipc_lock };
 	dontaudit $1_t self:capability { sys_resource sys_ptrace };
 	allow $1_t self:fd use;
--- a/policy/modules/services/samhain.te
+++ b/policy/modules/services/samhain.te
@ -8,6 +8,9 @@ policy_module(samhain, 1.0.0)
 type samhain_etc_t;
 files_config_file(samhain_etc_t)

+type samhain_exec_t;
+corecmd_executable_file(samhain_exec_t)
+
 type samhain_log_t;
 logging_log_file(samhain_log_t)

@ -21,16 +24,13 @@ init_script_file(samhain_initrc_exec_t)
 type samhain_var_run_t;
 files_pid_file(samhain_var_run_t)

-# Domain for samhain service started by samhain init script
-type samhaind_t;
-type samhain_exec_t;
-init_ranged_daemon_domain(samhaind_t, samhain_exec_t, mls_systemhigh)
-samhain_service_template(samhaind)
-
 # Domain for command line access
-type samhain_t;
-application_domain(samhain_t, samhain_exec_t)
 samhain_service_template(samhain)
+application_domain(samhain_t, samhain_exec_t)
+
+# Domain for samhain service started by samhain init script
+samhain_service_template(samhaind)
+init_ranged_daemon_domain(samhaind_t, samhain_exec_t, mls_systemhigh)

 ########################################
 #