diff options
Diffstat (limited to 'policy/modules/services/radius.if')
-rw-r--r-- | policy/modules/services/radius.if | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/policy/modules/services/radius.if b/policy/modules/services/radius.if new file mode 100644 index 000000000..bce89c308 --- /dev/null +++ b/policy/modules/services/radius.if @@ -0,0 +1,43 @@ +## <summary>RADIUS authentication and accounting server.</summary> + +######################################## +## <summary> +## All of the rules required to +## administrate an radius environment. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <param name="role"> +## <summary> +## Role allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`radius_admin',` + gen_require(` + type radiusd_t, radiusd_etc_t, radiusd_log_t; + type radiusd_etc_rw_t, radiusd_var_lib_t, radiusd_var_run_t; + type radiusd_initrc_exec_t; + ') + + allow $1 radiusd_t:process { ptrace signal_perms }; + ps_process_pattern($1, radiusd_t) + + init_startstop_service($1, $2, radiusd_t, radiusd_initrc_exec_t) + + files_list_etc($1) + admin_pattern($1, { radiusd_etc_t radiusd_etc_rw_t }) + + logging_list_logs($1) + admin_pattern($1, radiusd_log_t) + + files_list_var_lib($1) + admin_pattern($1, radiusd_var_lib_t) + + files_list_pids($1) + admin_pattern($1, radiusd_var_run_t) +') |