## Zebra border gateway protocol network routing service.
########################################
##
## Read zebra configuration content.
##
##
##
## Domain allowed access.
##
##
##
#
interface(`zebra_read_config',`
gen_require(`
type zebra_conf_t;
')
files_search_etc($1)
allow $1 zebra_conf_t:dir list_dir_perms;
allow $1 zebra_conf_t:file read_file_perms;
allow $1 zebra_conf_t:lnk_file read_lnk_file_perms;
')
########################################
##
## Connect to zebra with a unix
## domain stream socket.
##
##
##
## Domain allowed access.
##
##
#
interface(`zebra_stream_connect',`
gen_require(`
type zebra_t, zebra_runtime_t;
')
files_search_runtime($1)
stream_connect_pattern($1, zebra_runtime_t, zebra_runtime_t, zebra_t)
')
########################################
##
## All of the rules required to
## administrate an zebra environment.
##
##
##
## Domain allowed access.
##
##
##
##
## Role allowed access.
##
##
##
#
interface(`zebra_admin',`
gen_require(`
type zebra_t, zebra_tmp_t, zebra_log_t;
type zebra_conf_t, zebra_runtime_t;
type zebra_initrc_exec_t;
')
allow $1 zebra_t:process { ptrace signal_perms };
ps_process_pattern($1, zebra_t)
init_startstop_service($1, $2, zebra_t, zebra_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, zebra_conf_t)
logging_list_logs($1)
admin_pattern($1, zebra_log_t)
files_list_tmp($1)
admin_pattern($1, zebra_tmp_t)
files_list_runtime($1)
admin_pattern($1, zebra_runtime_t)
')