|
@@ -1,16 +1,23 @@
|
|
|
-policy_module(sysadm_additional, 0.0.4)
|
|
|
+policy_module(sysadm_additional, 0.0.11)
|
|
|
|
|
|
require {
|
|
|
type sysadm_t;
|
|
|
type atop_initrc_exec_t;
|
|
|
- type spamd_initrc_exec_t;
|
|
|
- type auditd_initrc_exec_t;
|
|
|
+ type atop_t;
|
|
|
+ type atop_unit_t;
|
|
|
+ type phpfpm_t;
|
|
|
type phpfpm_initrc_exec_t;
|
|
|
- type syslogd_initrc_exec_t;
|
|
|
+ type phpfpm_unit_t;
|
|
|
+ type spamd_t;
|
|
|
+ type spamd_initrc_exec_t;
|
|
|
+ type spamd_unit_t;
|
|
|
+ type unconfined_t;
|
|
|
+ role sysadm_r;
|
|
|
}
|
|
|
|
|
|
-init_labeled_script_domtrans(sysadm_t, atop_initrc_exec_t)
|
|
|
-init_labeled_script_domtrans(sysadm_t, spamd_initrc_exec_t)
|
|
|
-init_labeled_script_domtrans(sysadm_t, auditd_initrc_exec_t)
|
|
|
-init_labeled_script_domtrans(sysadm_t, phpfpm_initrc_exec_t)
|
|
|
-init_labeled_script_domtrans(sysadm_t, syslogd_initrc_exec_t)
|
|
|
+init_startstop_service(sysadm_t, sysadm_r, atop_t, atop_initrc_exec_t, atop_unit_t)
|
|
|
+init_startstop_service(sysadm_t, sysadm_r, spamd_t, spamd_initrc_exec_t, spamd_unit_t)
|
|
|
+init_startstop_service(sysadm_t, sysadm_r, phpfpm_t, phpfpm_initrc_exec_t, phpfpm_unit_t)
|
|
|
+logging_admin_syslog(sysadm_t, sysadm_r)
|
|
|
+logging_admin_audit(sysadm_t, sysadm_r)
|
|
|
+allow sysadm_t unconfined_t:fd use;
|