X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fceph%2Fselinux%2Fceph.if;fp=src%2Fceph%2Fselinux%2Fceph.if;h=0000000000000000000000000000000000000000;hb=7da45d65be36d36b880cc55c5036e96c24b53f00;hp=ed747a82ae8b346c7e69dadf5512942eca84bd95;hpb=691462d09d0987b47e112d6ee8740375df3c51b2;p=stor4nfv.git

diff --git a/src/ceph/selinux/ceph.if b/src/ceph/selinux/ceph.if
deleted file mode 100644
index ed747a8..0000000
--- a/src/ceph/selinux/ceph.if
+++ /dev/null
@@ -1,265 +0,0 @@
-
-## <summary>policy for ceph</summary>
-
-########################################
-## <summary>
-##	Execute ceph_exec_t in the ceph domain.
-## </summary>
-## <param name="domain">
-## <summary>
-##	Domain allowed to transition.
-## </summary>
-## </param>
-#
-interface(`ceph_domtrans',`
-	gen_require(`
-		type ceph_t, ceph_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, ceph_exec_t, ceph_t)
-')
-
-######################################
-## <summary>
-##	Execute ceph in the caller domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ceph_exec',`
-	gen_require(`
-		type ceph_exec_t;
-	')
-
-	corecmd_search_bin($1)
-	can_exec($1, ceph_exec_t)
-')
-
-########################################
-## <summary>
-##	Execute ceph server in the ceph domain.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ceph_initrc_domtrans',`
-	gen_require(`
-		type ceph_initrc_exec_t;
-	')
-
-	init_labeled_script_domtrans($1, ceph_initrc_exec_t)
-')
-########################################
-## <summary>
-##	Read ceph's log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ceph_read_log',`
-	gen_require(`
-		type ceph_log_t;
-	')
-
-	logging_search_logs($1)
-	read_files_pattern($1, ceph_log_t, ceph_log_t)
-')
-
-########################################
-## <summary>
-##	Append to ceph log files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ceph_append_log',`
-	gen_require(`
-		type ceph_log_t;
-	')
-
-	logging_search_logs($1)
-	append_files_pattern($1, ceph_log_t, ceph_log_t)
-')
-
-########################################
-## <summary>
-##	Manage ceph log files
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ceph_manage_log',`
-	gen_require(`
-		type ceph_log_t;
-	')
-
-	logging_search_logs($1)
-	manage_dirs_pattern($1, ceph_log_t, ceph_log_t)
-	manage_files_pattern($1, ceph_log_t, ceph_log_t)
-	manage_lnk_files_pattern($1, ceph_log_t, ceph_log_t)
-')
-
-########################################
-## <summary>
-##	Search ceph lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ceph_search_lib',`
-	gen_require(`
-		type ceph_var_lib_t;
-	')
-
-	allow $1 ceph_var_lib_t:dir search_dir_perms;
-	files_search_var_lib($1)
-')
-
-########################################
-## <summary>
-##	Read ceph lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ceph_read_lib_files',`
-	gen_require(`
-		type ceph_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	read_files_pattern($1, ceph_var_lib_t, ceph_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Manage ceph lib files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ceph_manage_lib_files',`
-	gen_require(`
-		type ceph_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_files_pattern($1, ceph_var_lib_t, ceph_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Manage ceph lib directories.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ceph_manage_lib_dirs',`
-	gen_require(`
-		type ceph_var_lib_t;
-	')
-
-	files_search_var_lib($1)
-	manage_dirs_pattern($1, ceph_var_lib_t, ceph_var_lib_t)
-')
-
-########################################
-## <summary>
-##	Read ceph PID files.
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-#
-interface(`ceph_read_pid_files',`
-	gen_require(`
-		type ceph_var_run_t;
-	')
-
-	files_search_pids($1)
-	read_files_pattern($1, ceph_var_run_t, ceph_var_run_t)
-')
-
-
-########################################
-## <summary>
-##	All of the rules required to administrate
-##	an ceph environment
-## </summary>
-## <param name="domain">
-##	<summary>
-##	Domain allowed access.
-##	</summary>
-## </param>
-## <param name="role">
-##	<summary>
-##	Role allowed access.
-##	</summary>
-## </param>
-## <rolecap/>
-#
-interface(`ceph_admin',`
-	gen_require(`
-		type ceph_t;
-		type ceph_initrc_exec_t;
-		type ceph_log_t;
-		type ceph_var_lib_t;
-		type ceph_var_run_t;
-	')
-
-	allow $1 ceph_t:process { signal_perms };
-	ps_process_pattern($1, ceph_t)
-
-    tunable_policy(`deny_ptrace',`',`
-        allow $1 ceph_t:process ptrace;
-    ')
-
-	ceph_initrc_domtrans($1)
-	domain_system_change_exemption($1)
-	role_transition $2 ceph_initrc_exec_t system_r;
-	allow $2 system_r;
-
-	logging_search_logs($1)
-	admin_pattern($1, ceph_log_t)
-
-	files_search_var_lib($1)
-	admin_pattern($1, ceph_var_lib_t)
-
-	files_search_pids($1)
-	admin_pattern($1, ceph_var_run_t)
-	optional_policy(`
-		systemd_passwd_agent_exec($1)
-		systemd_read_fifo_file_passwd_run($1)
-	')
-')