* [PATCH 2/2] interface to enable/disable systemd_networkd service
2018-11-17 4:23 [PATCH 1/2] Add interfaces to control ntpd_unit_t systemd services David Sugar
@ 2018-11-17 4:23 ` David Sugar
2018-11-17 23:54 ` Chris PeBenito
2018-11-17 23:54 ` [PATCH 1/2] Add interfaces to control ntpd_unit_t systemd services Chris PeBenito
1 sibling, 1 reply; 4+ messages in thread
From: David Sugar @ 2018-11-17 4:23 UTC (permalink / raw)
To: selinux-refpolicy
Signed-off-by: Dave Sugar <dsugar@tresys.com>
---
policy/modules/system/systemd.if | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
index 9247924b..74f0b215 100644
--- a/policy/modules/system/systemd.if
+++ b/policy/modules/system/systemd.if
@@ -467,6 +467,25 @@ interface(`systemd_manage_networkd_units',`
manage_files_pattern($1, systemd_networkd_unit_t, systemd_networkd_unit_t)
')
+########################################
+## <summary>
+## Allow specified domain to enable systemd-networkd units
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`systemd_enabledisable_networkd',`
+ gen_require(`
+ type systemd_networkd_unit_t;
+ class service { enable disable };
+ ')
+
+ allow $1 systemd_networkd_unit_t:service { enable disable };
+')
+
########################################
## <summary>
## Allow specified domain to start systemd-networkd units
--
2.19.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 1/2] Add interfaces to control ntpd_unit_t systemd services
@ 2018-11-17 4:23 David Sugar
2018-11-17 4:23 ` [PATCH 2/2] interface to enable/disable systemd_networkd service David Sugar
2018-11-17 23:54 ` [PATCH 1/2] Add interfaces to control ntpd_unit_t systemd services Chris PeBenito
0 siblings, 2 replies; 4+ messages in thread
From: David Sugar @ 2018-11-17 4:23 UTC (permalink / raw)
To: selinux-refpolicy
Signed-off-by: Dave Sugar <dsugar@tresys.com>
---
policy/modules/services/ntp.if | 63 ++++++++++++++++++++++++++++++++++
1 file changed, 63 insertions(+)
diff --git a/policy/modules/services/ntp.if b/policy/modules/services/ntp.if
index 00c7620b..f1a90c55 100644
--- a/policy/modules/services/ntp.if
+++ b/policy/modules/services/ntp.if
@@ -177,6 +177,69 @@ interface(`ntp_rw_shm',`
fs_search_tmpfs($1)
')
+########################################
+## <summary>
+## Allow specified domain to enable/disable ntpd unit
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ntp_enabledisable',`
+ ifdef(`init_systemd',`
+ gen_require(`
+ type ntpd_unit_t;
+ class service { enable disable };
+ ')
+
+ allow $1 ntpd_unit_t:service { enable disable };
+ ')
+')
+
+########################################
+## <summary>
+## Allow specified domain to start/stop ntpd unit
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ntp_startstop',`
+ ifdef(`init_systemd',`
+ gen_require(`
+ type ntpd_unit_t;
+ class service { start stop };
+ ')
+
+ allow $1 ntpd_unit_t:service { start stop };
+ ')
+')
+
+########################################
+## <summary>
+## Allow specified domain to get status of ntpd unit
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ntp_status',`
+ ifdef(`init_systemd',`
+ gen_require(`
+ type ntpd_unit_t;
+ class service status;
+ ')
+
+ allow $1 ntpd_unit_t:service status;
+ ')
+')
+
########################################
## <summary>
## All of the rules required to
--
2.19.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH 1/2] Add interfaces to control ntpd_unit_t systemd services
2018-11-17 4:23 [PATCH 1/2] Add interfaces to control ntpd_unit_t systemd services David Sugar
2018-11-17 4:23 ` [PATCH 2/2] interface to enable/disable systemd_networkd service David Sugar
@ 2018-11-17 23:54 ` Chris PeBenito
1 sibling, 0 replies; 4+ messages in thread
From: Chris PeBenito @ 2018-11-17 23:54 UTC (permalink / raw)
To: David Sugar, selinux-refpolicy
On 11/16/18 11:23 PM, David Sugar wrote:
> Signed-off-by: Dave Sugar <dsugar@tresys.com>
> ---
> policy/modules/services/ntp.if | 63 ++++++++++++++++++++++++++++++++++
> 1 file changed, 63 insertions(+)
>
> diff --git a/policy/modules/services/ntp.if b/policy/modules/services/ntp.if
> index 00c7620b..f1a90c55 100644
> --- a/policy/modules/services/ntp.if
> +++ b/policy/modules/services/ntp.if
> @@ -177,6 +177,69 @@ interface(`ntp_rw_shm',`
> fs_search_tmpfs($1)
> ')
>
> +########################################
> +## <summary>
> +## Allow specified domain to enable/disable ntpd unit
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`ntp_enabledisable',`
> + ifdef(`init_systemd',`
> + gen_require(`
> + type ntpd_unit_t;
> + class service { enable disable };
> + ')
> +
> + allow $1 ntpd_unit_t:service { enable disable };
> + ')
> +')
> +
> +########################################
> +## <summary>
> +## Allow specified domain to start/stop ntpd unit
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`ntp_startstop',`
> + ifdef(`init_systemd',`
> + gen_require(`
> + type ntpd_unit_t;
> + class service { start stop };
> + ')
> +
> + allow $1 ntpd_unit_t:service { start stop };
> + ')
> +')
> +
> +########################################
> +## <summary>
> +## Allow specified domain to get status of ntpd unit
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`ntp_status',`
> + ifdef(`init_systemd',`
> + gen_require(`
> + type ntpd_unit_t;
> + class service status;
> + ')
> +
> + allow $1 ntpd_unit_t:service status;
> + ')
> +')
> +
> ########################################
> ## <summary>
> ## All of the rules required to
Merged.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 2/2] interface to enable/disable systemd_networkd service
2018-11-17 4:23 ` [PATCH 2/2] interface to enable/disable systemd_networkd service David Sugar
@ 2018-11-17 23:54 ` Chris PeBenito
0 siblings, 0 replies; 4+ messages in thread
From: Chris PeBenito @ 2018-11-17 23:54 UTC (permalink / raw)
To: David Sugar, selinux-refpolicy
On 11/16/18 11:23 PM, David Sugar wrote:
> Signed-off-by: Dave Sugar <dsugar@tresys.com>
> ---
> policy/modules/system/systemd.if | 19 +++++++++++++++++++
> 1 file changed, 19 insertions(+)
>
> diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
> index 9247924b..74f0b215 100644
> --- a/policy/modules/system/systemd.if
> +++ b/policy/modules/system/systemd.if
> @@ -467,6 +467,25 @@ interface(`systemd_manage_networkd_units',`
> manage_files_pattern($1, systemd_networkd_unit_t, systemd_networkd_unit_t)
> ')
>
> +########################################
> +## <summary>
> +## Allow specified domain to enable systemd-networkd units
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +#
> +interface(`systemd_enabledisable_networkd',`
> + gen_require(`
> + type systemd_networkd_unit_t;
> + class service { enable disable };
> + ')
> +
> + allow $1 systemd_networkd_unit_t:service { enable disable };
> +')
> +
> ########################################
> ## <summary>
> ## Allow specified domain to start systemd-networkd units
Merged.
--
Chris PeBenito
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-11-18 0:03 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-17 4:23 [PATCH 1/2] Add interfaces to control ntpd_unit_t systemd services David Sugar
2018-11-17 4:23 ` [PATCH 2/2] interface to enable/disable systemd_networkd service David Sugar
2018-11-17 23:54 ` Chris PeBenito
2018-11-17 23:54 ` [PATCH 1/2] Add interfaces to control ntpd_unit_t systemd services Chris PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.