## High-performance memory object caching system. ######################################## ## ## Execute a domain transition to run memcached. ## ## ## ## Domain allowed to transition. ## ## # interface(`memcached_domtrans',` gen_require(` type memcached_t,memcached_exec_t; ') corecmd_search_bin($1) domtrans_pattern($1, memcached_exec_t, memcached_t) ') ######################################## ## ## Create, read, write, and delete ## memcached pid files. ## ## ## ## Domain allowed access. ## ## # interface(`memcached_manage_pid_files',` gen_require(` type memcached_runtime_t; ') files_search_pids($1) manage_files_pattern($1, memcached_runtime_t, memcached_runtime_t) ') ######################################## ## ## Read memcached pid files. ## ## ## ## Domain allowed access. ## ## # interface(`memcached_read_pid_files',` gen_require(` type memcached_runtime_t; ') files_search_pids($1) allow $1 memcached_runtime_t:file read_file_perms; ') ######################################## ## ## Connect to memcached using a unix ## domain stream socket. ## ## ## ## Domain allowed access. ## ## # interface(`memcached_stream_connect',` gen_require(` type memcached_t, memcached_runtime_t; ') files_search_pids($1) stream_connect_pattern($1, memcached_runtime_t, memcached_runtime_t, memcached_t) ') ######################################## ## ## Connect to memcache over the network. ## ## ## ## Domain allowed access. ## ## # interface(`memcached_tcp_connect',` gen_require(` type memcached_t; ') corenet_sendrecv_memcache_client_packets($1) corenet_tcp_connect_memcache_port($1) corenet_tcp_recvfrom_labeled($1, memcached_t) ') ######################################## ## ## All of the rules required to ## administrate an memcached environment. ## ## ## ## Domain allowed access. ## ## ## ## ## Role allowed access. ## ## ## # interface(`memcached_admin',` gen_require(` type memcached_t, memcached_initrc_exec_t, memcached_runtime_t; ') allow $1 memcached_t:process { ptrace signal_perms }; ps_process_pattern($1, memcached_t) init_startstop_service($1, $2, memcached_t, memcached_initrc_exec_t) files_search_pids($1) admin_pattern($1, memcached_runtime_t) ')