nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
d5c571c855
selinux-refpolicy/policy/modules/admin/puppet.if
Markus Linnala 9127219358 policy: interfaces: doc: indent param blocks consistently 
There is more than 5000 parameter documentations. Only about 300 are
differently done. Change them to be consistently indented.

param with one space
and content inside with one tab

This was done with:

sed -ri '
/^##[[:space:]]*<param/,/^##[[:space:]]*<[/]param>/{
	s/^##[[:space:]]*/##\t/;
	s/^##[[:space:]]*(<[/]?summary)/##\t\1/;
	s/^##[[:space:]]*(<[/]?param)/## \1/;
}' policy/modules/*/*.if

Signed-off-by: Markus Linnala <Markus.Linnala@cybercom.com>
2021-07-02 12:19:25 +03:00

234 lines
4.7 KiB
Plaintext
Raw Blame History

## <summary>Configuration management system.</summary>
########################################
## <summary>
## Execute puppetca in the puppetca
## domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`puppet_domtrans_puppetca',`
gen_require(`
type puppetca_t, puppetca_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, puppetca_exec_t, puppetca_t)
')
#####################################
## <summary>
## Execute puppetca in the puppetca
## domain and allow the specified
## role the puppetca domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`puppet_run_puppetca',`
gen_require(`
attribute_role puppetca_roles;
')
puppet_domtrans_puppetca($1)
roleattribute $2 puppetca_roles;
')
####################################
## <summary>
## Read puppet configuration content.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`puppet_read_config',`
gen_require(`
type puppet_etc_t;
')
files_search_etc($1)
allow $1 puppet_etc_t:dir list_dir_perms;
allow $1 puppet_etc_t:file read_file_perms;
allow $1 puppet_etc_t:lnk_file read_lnk_file_perms;
')
################################################
## <summary>
## Read Puppet lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`puppet_read_lib_files',`
gen_require(`
type puppet_var_lib_t;
')
files_search_var_lib($1)
read_files_pattern($1, puppet_var_lib_t, puppet_var_lib_t)
')
###############################################
## <summary>
## Create, read, write, and delete
## puppet lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`puppet_manage_lib_files',`
gen_require(`
type puppet_var_lib_t;
')
files_search_var_lib($1)
manage_files_pattern($1, puppet_var_lib_t, puppet_var_lib_t)
')
#####################################
## <summary>
## Append puppet log files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`puppet_append_log_files',`
gen_require(`
type puppet_log_t;
')
logging_search_logs($1)
append_files_pattern($1, puppet_log_t, puppet_log_t)
')
#####################################
## <summary>
## Create puppet log files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`puppet_create_log_files',`
gen_require(`
type puppet_log_t;
')
logging_search_logs($1)
create_files_pattern($1, puppet_log_t, puppet_log_t)
')
#####################################
## <summary>
## Read puppet log files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`puppet_read_log_files',`
gen_require(`
type puppet_log_t;
')
logging_search_logs($1)
read_files_pattern($1, puppet_log_t, puppet_log_t)
')
################################################
## <summary>
## Read and write to puppet tempoprary files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`puppet_rw_tmp', `
gen_require(`
type puppet_tmp_t;
')
files_search_tmp($1)
allow $1 puppet_tmp_t:file rw_file_perms;
')
########################################
## <summary>
## All of the rules required to
## administrate an puppet environment.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="role">
## <summary>
## Role allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`puppet_admin',`
gen_require(`
type puppet_initrc_exec_t, puppetmaster_initrc_exec_t, puppet_log_t;
type puppet_var_lib_t, puppet_tmp_t, puppet_etc_t;
type puppet_runtime_t, puppetmaster_tmp_t;
type puppet_t, puppetca_t, puppetmaster_t;
')
allow $1 { puppet_t puppetca_t puppetmaster_t }:process { ptrace signal_perms };
ps_process_pattern($1, { puppet_t puppetca_t puppetmaster_t })
init_startstop_service($1, $2, puppet_t, puppet_initrc_exec_t)
init_startstop_service($1, $2, puppetmaster_t, puppetmaster_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, puppet_etc_t)
logging_search_logs($1)
admin_pattern($1, puppet_log_t)
files_search_var_lib($1)
admin_pattern($1, puppet_var_lib_t)
files_search_runtime($1)
admin_pattern($1, puppet_runtime_t)
files_search_tmp($1)
admin_pattern($1, { puppet_tmp_t puppetmaster_tmp_t })
puppet_run_puppetca($1, $2)
')
Reference in New Issue View Git Blame Copy Permalink