## Policy for rtorrent.
############################################################
##
## Role access for rtorrent
##
##
##
## Role allowed access
##
##
##
##
## User domain for the role
##
##
#
interface(`rtorrent_role',`
gen_require(`
attribute_role rtorrent_roles;
type rtorrent_t, rtorrent_exec_t;
')
roleattribute $1 rtorrent_roles;
# transition from the userdomain to the derived domain
domtrans_pattern($2, rtorrent_exec_t, rtorrent_t)
# allow ps to show rtorrent
ps_process_pattern($2, rtorrent_t)
allow $2 rtorrent_t:process { signull sigstop signal sigkill };
ifdef(`hide_broken_symptoms',`
#Leaked File Descriptors
dontaudit rtorrent_t $2:fifo_file rw_fifo_file_perms;
')
')
########################################
##
## Transition to a user torrent domain.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`rtorrent_domtrans',`
gen_require(`
type rtorrent_t, rtorrent_exec_t;
')
domtrans_pattern($1, rtorrent_exec_t, rtorrent_t)
')
######################################
##
## Execute torrent in the caller domain.
##
##
##
## Domain allowed access.
##
##
#
interface(`rtorrent_exec',`
gen_require(`
type rtorrent_exec_t;
')
corecmd_search_bin($1)
can_exec($1, rtorrent_exec_t)
')
######################################
##
## Make rtorrent an entrypoint for
## the specified domain.
##
##
##
## The domain for which cifs_t is an entrypoint.
##
##
#
interface(`rtorrent_entry_type',`
gen_require(`
type rtorrent_exec_t;
')
domain_entry_file($1, rtorrent_exec_t)
')
########################################
##
## Send generic signals to user rtorrent processes.
##
##
##
## Domain allowed access.
##
##
#
interface(`rtorrent_signal',`
gen_require(`
type rtorrent_t;
')
allow $1 rtorrent_t:process signal;
')