diff options
Diffstat (limited to 'policy/modules/contrib/puppet.if')
| -rw-r--r-- | policy/modules/contrib/puppet.if | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/policy/modules/contrib/puppet.if b/policy/modules/contrib/puppet.if new file mode 100644 index 00000000..2855a443 --- /dev/null +++ b/policy/modules/contrib/puppet.if @@ -0,0 +1,31 @@ +## <summary>Puppet client daemon</summary> +## <desc> +## <p> +## Puppet is a configuration management system written in Ruby. +## The client daemon is responsible for periodically requesting the +## desired system state from the server and ensuring the state of +## the client system matches. +## </p> +## </desc> + +################################################ +## <summary> +## Read / Write to Puppet temp files. Puppet uses +## some system binaries (groupadd, etc) that run in +## a non-puppet domain and redirects output into temp +## files. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`puppet_rw_tmp', ` + gen_require(` + type puppet_tmp_t; + ') + + allow $1 puppet_tmp_t:file rw_file_perms; + files_search_tmp($1) +') |