mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-24 21:34:08 +03:00
51 lines
1.5 KiB
Plaintext
51 lines
1.5 KiB
Plaintext
|
policy_module(systemd_test, 0.0.1)
|
||
|
|
||
|
# declarations
|
||
|
attribute systemd_test_domain_type;
|
||
|
|
||
|
systemd_test_base_template(systemd_test)
|
||
|
systemd_test_base_template(systemd_test_status)
|
||
|
systemd_test_base_template(systemd_test_start)
|
||
|
systemd_test_base_template(systemd_test_stop)
|
||
|
systemd_test_base_template(systemd_test_reload)
|
||
|
|
||
|
# systemd_test_domain_type
|
||
|
|
||
|
require {
|
||
|
role system_r;
|
||
|
role unconfined_r;
|
||
|
type bin_t;
|
||
|
type initrc_t;
|
||
|
type systemd_systemctl_exec_t;
|
||
|
type unconfined_service_t;
|
||
|
}
|
||
|
|
||
|
role system_r types systemd_test_domain_type;
|
||
|
role unconfined_r types systemd_test_domain_type;
|
||
|
|
||
|
allow systemd_test_domain_type bin_t: file entrypoint;
|
||
|
allow systemd_test_domain_type systemd_systemctl_exec_t: file entrypoint;
|
||
|
allow initrc_t systemd_test_domain_type: process transition;
|
||
|
allow unconfined_service_t systemd_test_domain_type: process transition;
|
||
|
corecmd_exec_bin(systemd_test_domain_type)
|
||
|
init_signal_script(systemd_test_domain_type)
|
||
|
init_sigchld_script(systemd_test_domain_type)
|
||
|
systemd_exec_systemctl(systemd_test_domain_type)
|
||
|
userdom_use_user_ttys(systemd_test_domain_type)
|
||
|
userdom_use_user_ptys(systemd_test_domain_type)
|
||
|
|
||
|
optional_policy(`
|
||
|
dbus_system_bus_client(systemd_test_domain_type)
|
||
|
init_dbus_chat(systemd_test_domain_type)
|
||
|
')
|
||
|
|
||
|
# systemd_test_*_t
|
||
|
require {
|
||
|
type systemd_unit_file_t;
|
||
|
}
|
||
|
|
||
|
allow systemd_test_status_t systemd_unit_file_t: service { status };
|
||
|
allow systemd_test_start_t systemd_unit_file_t: service { start };
|
||
|
allow systemd_test_stop_t systemd_unit_file_t: service { stop };
|
||
|
allow systemd_test_reload_t systemd_unit_file_t: service { reload };
|