|
|
@@ -0,0 +1,67 @@
|
|
|
+policy_module(mysqldump, 0.1.5)
|
|
|
+
|
|
|
+#################################
|
|
|
+#
|
|
|
+# Declarations
|
|
|
+#
|
|
|
+
|
|
|
+type mysqldump_t;
|
|
|
+type mysqldump_exec_t;
|
|
|
+init_system_domain(mysqldump_t, mysqldump_exec_t)
|
|
|
+
|
|
|
+type mysqldump_var_t;
|
|
|
+files_type(mysqldump_var_t)
|
|
|
+
|
|
|
+
|
|
|
+########################################
|
|
|
+#
|
|
|
+# Local policy
|
|
|
+#
|
|
|
+
|
|
|
+allow mysqldump_t self:fifo_file { read write getattr ioctl };
|
|
|
+allow mysqldump_t self:process signal;
|
|
|
+
|
|
|
+optional_policy(`
|
|
|
+ mysql_stream_connect(mysqldump_t)
|
|
|
+')
|
|
|
+
|
|
|
+corecmd_exec_shell(mysqldump_t)
|
|
|
+corecmd_exec_bin(mysqldump_t)
|
|
|
+auth_use_nsswitch(mysqldump_t)
|
|
|
+miscfiles_read_localization(mysqldump_t)
|
|
|
+kernel_read_system_state(mysqldump_t)
|
|
|
+
|
|
|
+manage_dirs_pattern(mysqldump_t, mysqldump_var_t, mysqldump_var_t)
|
|
|
+manage_files_pattern(mysqldump_t, mysqldump_var_t, mysqldump_var_t)
|
|
|
+type_transition mysqldump_t mysqldump_var_t:file mysqldump_var_t;
|
|
|
+
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type mysqld_etc_t;
|
|
|
+ ')
|
|
|
+ allow mysqldump_t mysqld_etc_t:dir { read open search getattr };
|
|
|
+ allow mysqldump_t mysqld_etc_t:file { read getattr open };
|
|
|
+ allow mysqldump_t mysqld_etc_t:lnk_file read;
|
|
|
+')
|
|
|
+
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type crond_tmp_t;
|
|
|
+ ')
|
|
|
+ allow mysqldump_t crond_tmp_t:file { read write ioctl };
|
|
|
+')
|
|
|
+
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type usr_t;
|
|
|
+ ')
|
|
|
+ allow mysqldump_t usr_t:file { read getattr open };
|
|
|
+')
|
|
|
+
|
|
|
+optional_policy(`
|
|
|
+ gen_require(`
|
|
|
+ type backup_store_t;
|
|
|
+ ')
|
|
|
+ search_dirs_pattern(mysqldump_t, backup_store_t, backup_store_t)
|
|
|
+')
|
|
|
+cron_system_entry(mysqldump_t, mysqldump_exec_t)
|
