## Concurrent versions system. ######################################## ## ## Read CVS data and metadata content. ## ## ## ## Domain allowed access. ## ## # interface(`cvs_read_data',` gen_require(` type cvs_data_t; ') list_dirs_pattern($1, cvs_data_t, cvs_data_t) read_files_pattern($1, cvs_data_t, cvs_data_t) read_lnk_files_pattern($1, cvs_data_t, cvs_data_t) ') ######################################## ## ## Execute cvs in the caller domain. ## ## ## ## Domain allowed access. ## ## # interface(`cvs_exec',` gen_require(` type cvs_exec_t; ') corecmd_search_bin($1) can_exec($1, cvs_exec_t) ') ######################################## ## ## All of the rules required to ## administrate an cvs environment ## ## ## ## Domain allowed access. ## ## ## ## ## Role allowed access. ## ## ## # interface(`cvs_admin',` gen_require(` type cvs_t, cvs_tmp_t, cvs_initrc_exec_t; type cvs_data_t, cvs_runtime_t, cvs_keytab_t; ') allow $1 cvs_t:process { ptrace signal_perms }; ps_process_pattern($1, cvs_t) init_startstop_service($1, $2, cvs_t, cvs_initrc_exec_t) files_search_etc($1) admin_pattern($1, cvs_keytab_t) files_list_tmp($1) admin_pattern($1, cvs_tmp_t) files_search_usr($1) admin_pattern($1, cvs_data_t) files_list_runtime($1) admin_pattern($1, cvs_runtime_t) ')