## high-performance authoritative-only DNS server.
########################################
##
## Execute knotc in the knotc domain.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`knot_domtrans_client',`
gen_require(`
type knotc_t, knotc_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, knotc_exec_t, knotc_t)
')
########################################
##
## Execute knotc in the knotc domain, and
## allow the specified role the knotc domain.
##
##
##
## Domain allowed to transition.
##
##
##
##
## Role allowed access.
##
##
##
#
interface(`knot_run_client',`
gen_require(`
attribute_role knot_roles;
')
knot_domtrans_client($1)
roleattribute $2 knot_roles;
')
########################################
##
## Read knot config files.
##
##
##
## Domain allowed access.
##
##
#
interface(`knot_read_config_file',`
gen_require(`
type knot_conf_t;
')
read_files_pattern($1, knot_conf_t, knot_conf_t)
files_search_etc($1)
')
########################################
##
## All of the rules required to
## administrate an knot environment.
##
##
##
## Domain allowed access.
##
##
##
##
## Role allowed access.
##
##
##
#
interface(`knot_admin',`
gen_require(`
type knotc_t, knotd_t, knot_conf_t, knot_initrc_exec_t;
type knot_runtime_t, knot_tmp_t, knot_var_lib_t;
')
allow $2 knotc_t:process signal_perms;
allow $1 knotd_t:process { ptrace signal_perms };
ps_process_pattern($2, knotc_t)
ps_process_pattern($1, knotd_t)
init_startstop_service($1, $2, knotd_t, knot_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, knot_conf_t)
files_search_pids($1)
admin_pattern($1, knot_runtime_t)
files_search_tmp($1)
admin_pattern($1, knot_tmp_t)
files_search_var_lib($1)
admin_pattern($1, knot_var_lib_t)
')