nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
34f7b026ea
selinux-refpolicy/policy/modules/services/sanlock.if
Markus Linnala 9127219358 policy: interfaces: doc: indent param blocks consistently 
There is more than 5000 parameter documentations. Only about 300 are
differently done. Change them to be consistently indented.

param with one space
and content inside with one tab

This was done with:

sed -ri '
/^##[[:space:]]*<param/,/^##[[:space:]]*<[/]param>/{
	s/^##[[:space:]]*/##\t/;
	s/^##[[:space:]]*(<[/]?summary)/##\t\1/;
	s/^##[[:space:]]*(<[/]?param)/## \1/;
}' policy/modules/*/*.if

Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
2021-07-02 12:19:25 +03:00

110 lines
2.2 KiB
Plaintext
Raw Blame History

## <summary>shared storage lock manager.</summary>
########################################
## <summary>
## Execute a domain transition to run sanlock.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`sanlock_domtrans',`
gen_require(`
type sanlock_t, sanlock_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, sanlock_exec_t, sanlock_t)
')
########################################
## <summary>
## Execute sanlock init scripts in
## the initrc domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`sanlock_initrc_domtrans',`
gen_require(`
type sanlock_initrc_exec_t;
')
init_labeled_script_domtrans($1, sanlock_initrc_exec_t)
')
######################################
## <summary>
## Create, read, write, and delete
## sanlock pid files. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`sanlock_manage_pid_files',`
refpolicywarn(`$0($*) has been deprecated.')
')
########################################
## <summary>
## Connect to sanlock with a unix
## domain stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`sanlock_stream_connect',`
gen_require(`
type sanlock_t, sanlock_runtime_t;
')
files_search_runtime($1)
stream_connect_pattern($1, sanlock_runtime_t, sanlock_runtime_t, sanlock_t)
')
########################################
## <summary>
## All of the rules required to
## administrate an sanlock environment.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`sanlock_admin',`
gen_require(`
type sanlock_t, sanlock_initrc_exec_t, sanlock_runtime_t;
type sanlock_log_t;
')
allow $1 sanlock_t:process { ptrace signal_perms };
ps_process_pattern($1, sanlock_t)
init_startstop_service($1, $2, sanlock_t, sanlock_initrc_exec_t)
files_search_runtime($1)
admin_pattern($1, sanlock_runtime_t)
logging_search_logs($1)
admin_pattern($1, sanlock_log_t)
')
Reference in New Issue View Git Blame Copy Permalink