## X Windows Font Server. ######################################## ## ## Read xfs temporary sock files. ## ## ## ## Domain allowed access. ## ## # interface(`xfs_read_sockets',` gen_require(` type xfs_tmp_t; ') files_search_tmp($1) read_sock_files_pattern($1, xfs_tmp_t, xfs_tmp_t) ') ######################################## ## ## Connect to xfs with a unix ## domain stream socket. ## ## ## ## Domain allowed access. ## ## # interface(`xfs_stream_connect',` gen_require(` type xfs_tmp_t, xfs_t; ') files_search_tmp($1) stream_connect_pattern($1, xfs_tmp_t, xfs_tmp_t, xfs_t) ') ######################################## ## ## Execute xfs in the caller domain. ## ## ## ## Domain allowed access. ## ## # interface(`xfs_exec',` gen_require(` type xfs_exec_t; ') corecmd_search_bin($1) can_exec($1, xfs_exec_t) ') ######################################## ## ## Create xfs temporary dirs ## ## ## ## Domain allowed access. ## ## # interface(`xfs_create_tmp_dirs',` gen_require(` type xfs_tmp_t; ') files_search_tmp($1) allow $1 xfs_tmp_t:dir create; ') ######################################## ## ## All of the rules required to ## administrate an xfs environment. ## ## ## ## Domain allowed access. ## ## ## ## ## Role allowed access. ## ## ## # interface(`xfs_admin',` gen_require(` type xfs_t, xfs_initrc_exec_t, xfs_runtime_t; type xfs_tmp_t; ') allow $1 xfs_t:process { ptrace signal_perms }; ps_process_pattern($1, xfs_t) init_startstop_service($1, $2, xfs_t, xfs_initrc_exec_t) files_search_pids($1) admin_pattern($1, xfs_runtime_t) files_search_tmp($1) admin_pattern($1, xfs_tmp_t) ')