9127219358
There is more than 5000 parameter documentations. Only about 300 are
differently done. Change them to be consistently indented.
param with one space
and content inside with one tab
This was done with:
sed -ri '
/^##[[:space:]]*<param/,/^##[[:space:]]*<[/]param>/{
s/^##[[:space:]]*/##\t/;
s/^##[[:space:]]*(<[/]?summary)/##\t\1/;
s/^##[[:space:]]*(<[/]?param)/## \1/;
}' policy/modules/*/*.if
Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
188 lines
3.8 KiB
Plaintext
188 lines
3.8 KiB
Plaintext
## <summary>libcg is a library that abstracts the control group file system in Linux.</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to run
|
|
## CG Clear.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`cgroup_domtrans_cgclear',`
|
|
gen_require(`
|
|
type cgclear_t, cgclear_exec_t;
|
|
')
|
|
|
|
domtrans_pattern($1, cgclear_exec_t, cgclear_t)
|
|
corecmd_search_bin($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to run
|
|
## CG config parser.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`cgroup_domtrans_cgconfig',`
|
|
gen_require(`
|
|
type cgconfig_t, cgconfig_exec_t;
|
|
')
|
|
|
|
domtrans_pattern($1, cgconfig_exec_t, cgconfig_t)
|
|
corecmd_search_bin($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute CG config init scripts in
|
|
## the init script domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`cgroup_initrc_domtrans_cgconfig',`
|
|
gen_require(`
|
|
type cgconfig_initrc_exec_t;
|
|
')
|
|
|
|
init_labeled_script_domtrans($1, cgconfig_initrc_exec_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to run
|
|
## CG rules engine daemon.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`cgroup_domtrans_cgred',`
|
|
gen_require(`
|
|
type cgred_t, cgred_exec_t;
|
|
')
|
|
|
|
domtrans_pattern($1, cgred_exec_t, cgred_t)
|
|
corecmd_search_bin($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to run
|
|
## CG rules engine daemon.
|
|
## domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`cgroup_initrc_domtrans_cgred',`
|
|
gen_require(`
|
|
type cgred_initrc_exec_t;
|
|
')
|
|
|
|
init_labeled_script_domtrans($1, cgred_initrc_exec_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to
|
|
## run CG Clear and allow the
|
|
## specified role the CG Clear
|
|
## domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## Role allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`cgroup_run_cgclear',`
|
|
gen_require(`
|
|
type cgclear_t;
|
|
')
|
|
|
|
cgroup_domtrans_cgclear($1)
|
|
role $2 types cgclear_t;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Connect to CG rules engine daemon
|
|
## over unix stream sockets.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`cgroup_stream_connect_cgred', `
|
|
gen_require(`
|
|
type cgred_runtime_t, cgred_t;
|
|
')
|
|
|
|
stream_connect_pattern($1, cgred_runtime_t, cgred_runtime_t, cgred_t)
|
|
files_search_runtime($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## All of the rules required to administrate
|
|
## an cgroup environment.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## Role allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`cgroup_admin',`
|
|
gen_require(`
|
|
type cgred_t, cgconfig_t, cgred_runtime_t;
|
|
type cgconfig_etc_t, cgconfig_initrc_exec_t, cgred_initrc_exec_t;
|
|
type cgrules_etc_t, cgclear_t;
|
|
')
|
|
|
|
allow $1 { cgclear_t cgconfig_t cgred_t }:process { ptrace signal_perms };
|
|
ps_process_pattern($1, { cgclear_t cgconfig_t cgred_t })
|
|
|
|
admin_pattern($1, { cgconfig_etc_t cgrules_etc_t })
|
|
files_list_etc($1)
|
|
|
|
admin_pattern($1, cgred_runtime_t)
|
|
files_list_runtime($1)
|
|
|
|
init_startstop_service($1, $2, cgred_t, cgred_initrc_exec_t)
|
|
init_startstop_service($1, $2, cgconfig_t, cgconfig_initrc_exec_t)
|
|
|
|
cgroup_run_cgclear($1, $2)
|
|
')
|