## Zebra border gateway protocol network routing service. ######################################## ## ## Read zebra configuration content. ## ## ## ## Domain allowed access. ## ## ## # interface(`zebra_read_config',` gen_require(` type zebra_conf_t; ') files_search_etc($1) allow $1 zebra_conf_t:dir list_dir_perms; allow $1 zebra_conf_t:file read_file_perms; allow $1 zebra_conf_t:lnk_file read_lnk_file_perms; ') ######################################## ## ## Connect to zebra with a unix ## domain stream socket. ## ## ## ## Domain allowed access. ## ## # interface(`zebra_stream_connect',` gen_require(` type zebra_t, zebra_runtime_t; ') files_search_runtime($1) stream_connect_pattern($1, zebra_runtime_t, zebra_runtime_t, zebra_t) ') ######################################## ## ## All of the rules required to ## administrate an zebra environment. ## ## ## ## Domain allowed access. ## ## ## ## ## Role allowed access. ## ## ## # interface(`zebra_admin',` gen_require(` type zebra_t, zebra_tmp_t, zebra_log_t; type zebra_conf_t, zebra_runtime_t; type zebra_initrc_exec_t; ') allow $1 zebra_t:process { ptrace signal_perms }; ps_process_pattern($1, zebra_t) init_startstop_service($1, $2, zebra_t, zebra_initrc_exec_t) files_list_etc($1) admin_pattern($1, zebra_conf_t) logging_list_logs($1) admin_pattern($1, zebra_log_t) files_list_tmp($1) admin_pattern($1, zebra_tmp_t) files_list_runtime($1) admin_pattern($1, zebra_runtime_t) ')