policy/modules/contrib/gorg.if


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

## <summary>Policy for gorg</summary>

#######################################
## <summary>
##      Role access for gorg
## </summary>
## <param name="role">
##      <summary>
##      Role allowed access
##      </summary>
## </param>
## <param name="domain">
##      <summary>
##      User domain for the role
##      </summary>
## </param>
#
interface(`gorg_role',`
	gen_require(`
		type gorg_t, gorg_exec_t;
	')

	role $1 types gorg_t;

	domain_auto_transition_pattern($2, gorg_exec_t, gorg_t)
	allow $2 gorg_t:process { noatsecure siginh rlimitinh };
	allow gorg_t $2:fd use;
	allow gorg_t $2:process { sigchld signull };

	ps_process_pattern($2, gorg_t)
	allow $2 gorg_t:process signal_perms;
	# Needed for command-usage (pipe)
	allow gorg_t $2:fifo_file write;
')