blob: 43dbf3e8f44e307907aff766f2517190acea3451 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
# SPDX-License-Identifier: LGPL-2.1-or-later
policy_module(systemd_test, 0.0.1)
# declarations
attribute systemd_test_domain_type;
systemd_test_base_template(systemd_test)
systemd_test_base_template(systemd_test_status)
systemd_test_base_template(systemd_test_start)
systemd_test_base_template(systemd_test_stop)
systemd_test_base_template(systemd_test_reload)
# systemd_test_domain_type
require {
role system_r;
role unconfined_r;
type bin_t;
type initrc_t;
type systemd_systemctl_exec_t;
type unconfined_service_t;
}
role system_r types systemd_test_domain_type;
role unconfined_r types systemd_test_domain_type;
allow systemd_test_domain_type bin_t: file entrypoint;
allow systemd_test_domain_type systemd_systemctl_exec_t: file entrypoint;
allow initrc_t systemd_test_domain_type: process transition;
allow unconfined_service_t systemd_test_domain_type: process transition;
corecmd_exec_bin(systemd_test_domain_type)
init_signal_script(systemd_test_domain_type)
init_sigchld_script(systemd_test_domain_type)
systemd_exec_systemctl(systemd_test_domain_type)
userdom_use_user_ttys(systemd_test_domain_type)
userdom_use_user_ptys(systemd_test_domain_type)
optional_policy(`
dbus_system_bus_client(systemd_test_domain_type)
init_dbus_chat(systemd_test_domain_type)
')
# systemd_test_*_t
require {
type systemd_unit_file_t;
}
allow systemd_test_status_t systemd_unit_file_t: service { status };
allow systemd_test_start_t systemd_unit_file_t: service { start };
allow systemd_test_stop_t systemd_unit_file_t: service { stop };
allow systemd_test_reload_t systemd_unit_file_t: service { reload };
|
