Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/admin/amanda.if
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/admin/amanda.if')
-rw-r--r--policy/modules/admin/amanda.if161
1 files changed, 161 insertions, 0 deletions
diff --git a/policy/modules/admin/amanda.if b/policy/modules/admin/amanda.if
new file mode 100644
index 000000000..1de178801
--- /dev/null
+++ b/policy/modules/admin/amanda.if
@@ -0,0 +1,161 @@
+## <summary>Advanced Maryland Automatic Network Disk Archiver.</summary>
+
+########################################
+## <summary>
+## Execute a domain transition to run
+## Amanda recover.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`amanda_domtrans_recover',`
+ gen_require(`
+ type amanda_recover_t, amanda_recover_exec_t;
+ ')
+
+ corecmd_search_bin($1)
+ domtrans_pattern($1, amanda_recover_exec_t, amanda_recover_t)
+')
+
+########################################
+## <summary>
+## Execute a domain transition to run
+## Amanda recover, and allow the specified
+## role the Amanda recover domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## Role allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`amanda_run_recover',`
+ gen_require(`
+ attribute_role amanda_recover_roles;
+ ')
+
+ amanda_domtrans_recover($1)
+ roleattribute $2 amanda_recover_roles;
+')
+
+########################################
+## <summary>
+## Search Amanda library directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`amanda_search_lib',`
+ gen_require(`
+ type amanda_usr_lib_t;
+ ')
+
+ files_search_usr($1)
+ allow $1 amanda_usr_lib_t:dir search_dir_perms;
+')
+
+########################################
+## <summary>
+## Do not audit attempts to read /etc/dumpdates.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain to not audit.
+## </summary>
+## </param>
+#
+interface(`amanda_dontaudit_read_dumpdates',`
+ gen_require(`
+ type amanda_dumpdates_t;
+ ')
+
+ dontaudit $1 amanda_dumpdates_t:file read_file_perms;
+')
+
+########################################
+## <summary>
+## Read and write /etc/dumpdates.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`amanda_rw_dumpdates_files',`
+ gen_require(`
+ type amanda_dumpdates_t;
+ ')
+
+ files_search_etc($1)
+ allow $1 amanda_dumpdates_t:file rw_file_perms;
+')
+
+########################################
+## <summary>
+## Manage Amanda library directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`amanda_manage_lib',`
+ gen_require(`
+ type amanda_usr_lib_t;
+ ')
+
+ files_search_usr($1)
+ allow $1 amanda_usr_lib_t:dir manage_dir_perms;
+')
+
+########################################
+## <summary>
+## Read and append amanda log files.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`amanda_append_log_files',`
+ gen_require(`
+ type amanda_log_t;
+ ')
+
+ logging_search_logs($1)
+ allow $1 amanda_log_t:file { read_file_perms append_file_perms };
+')
+
+#######################################
+## <summary>
+## Search Amanda var library directories.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`amanda_search_var_lib',`
+ gen_require(`
+ type amanda_var_lib_t;
+ ')
+
+ files_search_var_lib($1)
+ allow $1 amanda_var_lib_t:dir search_dir_perms;
+')