Filesystem automounter service.

######################################## ##

## Execute automount in the automount domain. ##

## ##

## Domain allowed to transition. ##

## # interface(`automount_domtrans',` gen_require(` type automount_t, automount_exec_t; ') corecmd_search_bin($1) domtrans_pattern($1, automount_exec_t, automount_t) ') ######################################## ##

## Send automount a signal ##

## ##

## Domain allowed access. ##

## # interface(`automount_signal',` gen_require(` type automount_t; ') allow $1 automount_t:process signal; ') ######################################## ##

## Execute automount in the caller domain. ##

## ##

## Domain allowed access. ##

## # interface(`automount_exec_config',` refpolicywarn(`$0(): has been deprecated, please use files_exec_etc_files() instead.') files_exec_etc_files($1) ') ######################################## ##

## Allow the domain to read state files in /proc. ##

## ##

## Domain to allow access. ##

## # interface(`automount_read_state',` gen_require(` type automount_t; ') kernel_search_proc($1) ps_process_pattern($1, automount_t) ') ######################################## ##

## Do not audit attempts to file descriptors for automount. ##

## ##

## Domain to not audit. ##

## # interface(`automount_dontaudit_use_fds',` gen_require(` type automount_t; ') dontaudit $1 automount_t:fd use; ') ######################################## ##

## Do not audit attempts to write automount daemon unnamed pipes. ##

## ##

## Domain to not audit. ##

## # interface(`automount_dontaudit_write_pipes',` gen_require(` type automount_t; ') dontaudit $1 automount_t:fifo_file write; ') ######################################## ##

## Do not audit attempts to get the attributes ## of automount temporary directories. ##

## ##

## Domain to not audit. ##

## # interface(`automount_dontaudit_getattr_tmp_dirs',` gen_require(` type automount_tmp_t; ') dontaudit $1 automount_tmp_t:dir getattr_dir_perms; ') ######################################## ##

## All of the rules required to administrate ## an automount environment ##

## ##

## Domain allowed access. ##

## ## ##

## The role to be allowed to manage the automount domain. ##

## ## # interface(`automount_admin',` gen_require(` type automount_t, automount_lock_t, automount_tmp_t; type automount_var_run_t, automount_initrc_exec_t; ') allow $1 automount_t:process { ptrace signal_perms }; ps_process_pattern($1, automount_t) init_labeled_script_domtrans($1, automount_initrc_exec_t) domain_system_change_exemption($1) role_transition $2 automount_initrc_exec_t system_r; allow $2 system_r; files_list_var($1) admin_pattern($1, automount_lock_t) files_list_tmp($1) admin_pattern($1, automount_tmp_t) files_list_pids($1) admin_pattern($1, automount_var_run_t) ')