nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0dd9d69d92
selinux-refpolicy/policy/modules/system/lvm.if
Markus Linnala 9127219358 policy: interfaces: doc: indent param blocks consistently 
There is more than 5000 parameter documentations. Only about 300 are
differently done. Change them to be consistently indented.

param with one space
and content inside with one tab

This was done with:

sed -ri '
/^##[[:space:]]*<param/,/^##[[:space:]]*<[/]param>/{
	s/^##[[:space:]]*/##\t/;
	s/^##[[:space:]]*(<[/]?summary)/##\t\1/;
	s/^##[[:space:]]*(<[/]?param)/## \1/;
}' policy/modules/*/*.if

Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
2021-07-02 12:19:25 +03:00

228 lines
4.1 KiB
Plaintext
Raw Blame History

## <summary>Policy for logical volume management programs.</summary>
########################################
## <summary>
## Execute lvm programs in the lvm domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`lvm_domtrans',`
gen_require(`
type lvm_t, lvm_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, lvm_exec_t, lvm_t)
')
########################################
## <summary>
## Execute lvm programs in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`lvm_exec',`
gen_require(`
type lvm_exec_t;
')
corecmd_search_bin($1)
can_exec($1, lvm_exec_t)
')
########################################
## <summary>
## Execute lvm programs in the lvm domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to allow the LVM domain.
## </summary>
## </param>
## <rolecap/>
#
interface(`lvm_run',`
gen_require(`
type lvm_t;
')
lvm_domtrans($1)
role $2 types lvm_t;
')
########################################
## <summary>
## Send lvm a null signal.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`lvm_signull',`
gen_require(`
type lvm_t;
')
allow $1 lvm_t:process signull;
')
########################################
## <summary>
## Read LVM configuration files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`lvm_read_config',`
gen_require(`
type lvm_etc_t;
')
files_search_etc($1)
allow $1 lvm_etc_t:dir list_dir_perms;
read_files_pattern($1, lvm_etc_t, lvm_etc_t)
')
########################################
## <summary>
## Map lvm config files.
## </summary>
## <desc>
## <p>
## Allow the specified domain to map lvm config files.
## </p>
## <p>
## Related interfaces:
## </p>
## <ul>
## <li>lvm_read_config()</li>
## </ul>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`lvm_map_config',`
gen_require(`
type lvm_etc_t;
')
allow $1 lvm_etc_t:file map;
')
########################################
## <summary>
## Manage LVM configuration files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`lvm_manage_config',`
gen_require(`
type lvm_etc_t;
')
files_search_etc($1)
manage_dirs_pattern($1, lvm_etc_t, lvm_etc_t)
manage_files_pattern($1, lvm_etc_t, lvm_etc_t)
')
########################################
## <summary>
## Create lvm_lock_t directories
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`lvm_create_lock_dirs',`
gen_require(`
type lvm_lock_t;
')
create_dirs_pattern($1, lvm_lock_t, lvm_lock_t)
files_add_entry_lock_dirs($1)
')
########################################
## <summary>
## Read and write a lvm unnamed pipe. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`lvm_rw_inherited_pid_pipes',`
refpolicywarn(`$0($*) has been deprecated.')
')
######################################
## <summary>
## All of the rules required to
## administrate an lvm environment.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
#
interface(`lvm_admin',`
gen_require(`
type lvm_t, lvm_etc_t, lvm_lock_t, lvm_metadata_t;
type lvm_var_lib_t, lvm_runtime_t, lvm_tmp_t;
')
admin_process_pattern($1, lvm_t)
files_search_etc($1)
admin_pattern($1, { lvm_etc_t lvm_metadata_t })
files_search_locks($1)
admin_pattern($1, lvm_lock_t)
files_search_var_lib($1)
admin_pattern($1, lvm_var_lib_t)
files_search_runtime($1)
admin_pattern($1, lvm_runtime_t)
files_search_tmp($1)
admin_pattern($1, lvm_tmp_t)
')
Reference in New Issue View Git Blame Copy Permalink