X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fceph%2Fselinux%2Fceph.if;fp=src%2Fceph%2Fselinux%2Fceph.if;h=0000000000000000000000000000000000000000;hb=7da45d65be36d36b880cc55c5036e96c24b53f00;hp=ed747a82ae8b346c7e69dadf5512942eca84bd95;hpb=691462d09d0987b47e112d6ee8740375df3c51b2;p=stor4nfv.git
diff --git a/src/ceph/selinux/ceph.if b/src/ceph/selinux/ceph.if
deleted file mode 100644
index ed747a8..0000000
--- a/src/ceph/selinux/ceph.if
+++ /dev/null
@@ -1,265 +0,0 @@
-
-## policy for ceph
-
-########################################
-##
-## Execute ceph_exec_t in the ceph domain.
-##
-##
-##
-## Domain allowed to transition.
-##
-##
-#
-interface(`ceph_domtrans',`
- gen_require(`
- type ceph_t, ceph_exec_t;
- ')
-
- corecmd_search_bin($1)
- domtrans_pattern($1, ceph_exec_t, ceph_t)
-')
-
-######################################
-##
-## Execute ceph in the caller domain.
-##
-##
-##
-## Domain allowed access.
-##
-##
-#
-interface(`ceph_exec',`
- gen_require(`
- type ceph_exec_t;
- ')
-
- corecmd_search_bin($1)
- can_exec($1, ceph_exec_t)
-')
-
-########################################
-##
-## Execute ceph server in the ceph domain.
-##
-##
-##
-## Domain allowed access.
-##
-##
-#
-interface(`ceph_initrc_domtrans',`
- gen_require(`
- type ceph_initrc_exec_t;
- ')
-
- init_labeled_script_domtrans($1, ceph_initrc_exec_t)
-')
-########################################
-##
-## Read ceph's log files.
-##
-##
-##
-## Domain allowed access.
-##
-##
-##
-#
-interface(`ceph_read_log',`
- gen_require(`
- type ceph_log_t;
- ')
-
- logging_search_logs($1)
- read_files_pattern($1, ceph_log_t, ceph_log_t)
-')
-
-########################################
-##
-## Append to ceph log files.
-##
-##
-##
-## Domain allowed access.
-##
-##
-#
-interface(`ceph_append_log',`
- gen_require(`
- type ceph_log_t;
- ')
-
- logging_search_logs($1)
- append_files_pattern($1, ceph_log_t, ceph_log_t)
-')
-
-########################################
-##
-## Manage ceph log files
-##
-##
-##
-## Domain allowed access.
-##
-##
-#
-interface(`ceph_manage_log',`
- gen_require(`
- type ceph_log_t;
- ')
-
- logging_search_logs($1)
- manage_dirs_pattern($1, ceph_log_t, ceph_log_t)
- manage_files_pattern($1, ceph_log_t, ceph_log_t)
- manage_lnk_files_pattern($1, ceph_log_t, ceph_log_t)
-')
-
-########################################
-##
-## Search ceph lib directories.
-##
-##
-##
-## Domain allowed access.
-##
-##
-#
-interface(`ceph_search_lib',`
- gen_require(`
- type ceph_var_lib_t;
- ')
-
- allow $1 ceph_var_lib_t:dir search_dir_perms;
- files_search_var_lib($1)
-')
-
-########################################
-##
-## Read ceph lib files.
-##
-##
-##
-## Domain allowed access.
-##
-##
-#
-interface(`ceph_read_lib_files',`
- gen_require(`
- type ceph_var_lib_t;
- ')
-
- files_search_var_lib($1)
- read_files_pattern($1, ceph_var_lib_t, ceph_var_lib_t)
-')
-
-########################################
-##
-## Manage ceph lib files.
-##
-##
-##
-## Domain allowed access.
-##
-##
-#
-interface(`ceph_manage_lib_files',`
- gen_require(`
- type ceph_var_lib_t;
- ')
-
- files_search_var_lib($1)
- manage_files_pattern($1, ceph_var_lib_t, ceph_var_lib_t)
-')
-
-########################################
-##
-## Manage ceph lib directories.
-##
-##
-##
-## Domain allowed access.
-##
-##
-#
-interface(`ceph_manage_lib_dirs',`
- gen_require(`
- type ceph_var_lib_t;
- ')
-
- files_search_var_lib($1)
- manage_dirs_pattern($1, ceph_var_lib_t, ceph_var_lib_t)
-')
-
-########################################
-##
-## Read ceph PID files.
-##
-##
-##
-## Domain allowed access.
-##
-##
-#
-interface(`ceph_read_pid_files',`
- gen_require(`
- type ceph_var_run_t;
- ')
-
- files_search_pids($1)
- read_files_pattern($1, ceph_var_run_t, ceph_var_run_t)
-')
-
-
-########################################
-##
-## All of the rules required to administrate
-## an ceph environment
-##
-##
-##
-## Domain allowed access.
-##
-##
-##
-##
-## Role allowed access.
-##
-##
-##
-#
-interface(`ceph_admin',`
- gen_require(`
- type ceph_t;
- type ceph_initrc_exec_t;
- type ceph_log_t;
- type ceph_var_lib_t;
- type ceph_var_run_t;
- ')
-
- allow $1 ceph_t:process { signal_perms };
- ps_process_pattern($1, ceph_t)
-
- tunable_policy(`deny_ptrace',`',`
- allow $1 ceph_t:process ptrace;
- ')
-
- ceph_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 ceph_initrc_exec_t system_r;
- allow $2 system_r;
-
- logging_search_logs($1)
- admin_pattern($1, ceph_log_t)
-
- files_search_var_lib($1)
- admin_pattern($1, ceph_var_lib_t)
-
- files_search_pids($1)
- admin_pattern($1, ceph_var_run_t)
- optional_policy(`
- systemd_passwd_agent_exec($1)
- systemd_read_fifo_file_passwd_run($1)
- ')
-')