9127219358
There is more than 5000 parameter documentations. Only about 300 are
differently done. Change them to be consistently indented.
param with one space
and content inside with one tab
This was done with:
sed -ri '
/^##[[:space:]]*<param/,/^##[[:space:]]*<[/]param>/{
s/^##[[:space:]]*/##\t/;
s/^##[[:space:]]*(<[/]?summary)/##\t\1/;
s/^##[[:space:]]*(<[/]?param)/## \1/;
}' policy/modules/*/*.if
Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
125 lines
2.5 KiB
Plaintext
125 lines
2.5 KiB
Plaintext
## <summary>Establish connections to iSCSI devices.</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to run iscsid.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`iscsid_domtrans',`
|
|
gen_require(`
|
|
type iscsid_t, iscsid_exec_t;
|
|
')
|
|
|
|
corecmd_search_bin($1)
|
|
domtrans_pattern($1, iscsid_exec_t, iscsid_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete
|
|
## iscsid sempaphores.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`iscsi_manage_semaphores',`
|
|
gen_require(`
|
|
type iscsid_t;
|
|
')
|
|
|
|
allow $1 iscsid_t:sem create_sem_perms;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Connect to iscsid using a unix
|
|
## domain stream socket.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`iscsi_stream_connect',`
|
|
gen_require(`
|
|
type iscsid_t, iscsi_var_lib_t;
|
|
')
|
|
|
|
files_search_var_lib($1)
|
|
stream_connect_pattern($1, iscsi_var_lib_t, iscsi_var_lib_t, iscsid_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read iscsid lib files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`iscsi_read_lib_files',`
|
|
gen_require(`
|
|
type iscsi_var_lib_t;
|
|
')
|
|
|
|
read_files_pattern($1, iscsi_var_lib_t, iscsi_var_lib_t)
|
|
allow $1 iscsi_var_lib_t:dir list_dir_perms;
|
|
files_search_var_lib($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## All of the rules required to
|
|
## administrate an iscsi environment.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## Role allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`iscsi_admin',`
|
|
gen_require(`
|
|
type iscsid_t, iscsi_lock_t, iscsi_log_t;
|
|
type iscsi_var_lib_t, iscsi_runtime_t, iscsi_tmp_t;
|
|
type iscsi_initrc_exec_t;
|
|
')
|
|
|
|
allow $1 iscsid_t:process { ptrace signal_perms };
|
|
ps_process_pattern($1, iscsid_t)
|
|
|
|
init_startstop_service($1, $2, iscsi_t, iscsi_initrc_exec_t)
|
|
|
|
logging_search_logs($1)
|
|
admin_pattern($1, iscsi_log_t)
|
|
|
|
files_search_locks($1)
|
|
admin_pattern($1, iscsi_lock_t)
|
|
|
|
files_search_var_lib($1)
|
|
admin_pattern($1, iscsi_var_lib_t)
|
|
|
|
files_search_runtime($1)
|
|
admin_pattern($1, iscsi_runtime_t)
|
|
|
|
files_search_tmp($1)
|
|
admin_pattern($1, iscsi_tmp_t)
|
|
')
|