## Document database server.
########################################
##
## Read couchdb log files.
##
##
##
## Domain allowed access.
##
##
#
interface(`couchdb_read_log_files',`
gen_require(`
type couchdb_log_t;
')
logging_search_logs($1)
read_files_pattern($1, couchdb_log_t, couchdb_log_t)
')
########################################
##
## Read, write, and create couchdb lib files.
##
##
##
## Domain allowed access.
##
##
#
interface(`couchdb_manage_lib_files',`
gen_require(`
type couchdb_var_lib_t;
')
files_search_var_lib($1)
read_files_pattern($1, couchdb_var_lib_t, couchdb_var_lib_t)
')
########################################
##
## Read couchdb config files.
##
##
##
## Domain allowed access.
##
##
#
interface(`couchdb_read_conf_files',`
gen_require(`
type couchdb_conf_t;
')
files_search_etc($1)
read_files_pattern($1, couchdb_conf_t, couchdb_conf_t)
')
########################################
##
## Read couchdb pid files.
##
##
##
## Domain allowed access.
##
##
#
interface(`couchdb_read_pid_files',`
gen_require(`
type couchdb_var_run_t;
')
files_search_pids($1)
read_files_pattern($1, couchdb_var_run_t, couchdb_var_run_t)
')
########################################
##
## All of the rules required to
## administrate an couchdb environment.
##
##
##
## Domain allowed access.
##
##
##
##
## Role allowed access.
##
##
##
#
interface(`couchdb_admin',`
gen_require(`
type couchdb_t, couchdb_conf_t, couchdb_initrc_exec_t;
type couchdb_log_t, couchdb_var_lib_t, couchdb_var_run_t;
type couchdb_tmp_t;
')
allow $1 couchdb_t:process { ptrace signal_perms };
ps_process_pattern($1, couchdb_t)
init_startstop_service($1, $2, couchdb_t, couchdb_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, couchdb_conf_t)
logging_search_logs($1)
admin_pattern($1, couchdb_log_t)
files_search_tmp($1)
admin_pattern($1, couchdb_tmp_t)
files_search_var_lib($1)
admin_pattern($1, couchdb_var_lib_t)
files_search_pids($1)
admin_pattern($1, couchdb_var_run_t)
')