51 lines
1.1 KiB
Plaintext
51 lines
1.1 KiB
Plaintext
## <summary>GIT revision control system.</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Role access for Git session.
|
|
## </summary>
|
|
## <param name="role">
|
|
## <summary>
|
|
## Role allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## User domain for the role.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
template(`git_role',`
|
|
gen_require(`
|
|
type git_session_t, gitd_exec_t, git_user_content_t;
|
|
')
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
role $1 types git_session_t;
|
|
|
|
########################################
|
|
#
|
|
# Policy
|
|
#
|
|
|
|
manage_dirs_pattern($2, git_user_content_t, git_user_content_t)
|
|
relabel_dirs_pattern($2, git_user_content_t, git_user_content_t)
|
|
|
|
exec_files_pattern($2, git_user_content_t, git_user_content_t)
|
|
manage_files_pattern($2, git_user_content_t, git_user_content_t)
|
|
relabel_files_pattern($2, git_user_content_t, git_user_content_t)
|
|
|
|
allow $2 git_session_t:process { ptrace signal_perms };
|
|
ps_process_pattern($2, git_session_t)
|
|
|
|
tunable_policy(`git_session_users',`
|
|
domtrans_pattern($2, gitd_exec_t, git_session_t)
|
|
',`
|
|
can_exec($2, gitd_exec_t)
|
|
')
|
|
')
|