Layer: services

Module: cockpit

Description:

Cockpit is a web console that enables users to administer Linux servers via a web browser. see https://cockpit-project.org/ For linux logins that are allowed access they must be associated with a SELinux user that uses ssh_role_template (sysadm, system). To be able to alter system settings the must be allowed sudo access.

Interfaces:

cockpit_admin(
	
		domain
		
	)

Summary

All of the rules required to administrate an cockpit environment

Parameters

Parameter:	Description:
domain	Domain allowed access.

cockpit_delete_cert_files(
	
		domain
		
	)

Summary

Delete cockpit certificate files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

cockpit_domtrans_session(
	
		domain
		
	)

Summary

Transition to the cockpit session domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

cockpit_enabledisable(
	
		domain
		
	)

Summary

Allow specified domain to enable cockpit units

Parameters

Parameter:	Description:
domain	Domain allowed access.

cockpit_get_service_status(
	
		domain
		
	)

Summary

Allow specified domain to get status of cockpit service

Parameters

Parameter:	Description:
domain	Domain allowed access.

cockpit_manage_cert_files(
	
		domain
		
	)

Summary

Manage the cockpit certificate files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

cockpit_manage_runtime_symlnks(
	
		domain
		
	)

Summary

Create, read, write, and delete the cockpick runtime symlink files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

cockpit_read_cert_files(
	
		domain
		
	)

Summary

Read cockpit certificate files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

cockpit_rw_session_pipes(
	
		domain
		
	)

Summary

Read and write cockpit session unnamed pipes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

cockpit_rw_ws_stream_sockets(
	
		domain
		
	)

Summary

Read and write cockpit web service stream socket

Parameters

Parameter:	Description:
domain	Domain allowed access.

cockpit_send_signal(
	
		domain
		
	)

Summary

Allow cockpit to send signals to another domain.

Parameters

Parameter:	Description:
domain	Domain allowed to send to,

cockpit_startstop(
	
		domain
		
	)

Summary

Allow specified domain to start cockpit units

Parameters

Parameter:	Description:
domain	Domain allowed access.

cockpit_use_session_fds(
	
		domain
		
	)

Summary

Inherit and use cockpit session file descriptors.

Parameters

Parameter:	Description:
domain	Domain allowed access.

cockpit_use_ws_fds(
	
		domain
		
	)

Summary

Inherit and use cockpit web service file descriptors.

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return

Templates:

cockpit_role_template(
	
		role_prefix
		
			,
		
		user_domain
		
			,
		
		user_exec_domain
		
			,
		
		role
		
	)

Summary

The role template for the cockpit module.

Description

This template creates a derived domain which is allowed to change the linux user id, to run commands as a different user.

Parameters

Parameter:	Description:
role_prefix	The prefix of the user role (e.g., user is the prefix for user_r).
user_domain	User domain for the role.
user_exec_domain	User exec domain for execute access.
role	Role allowed access

Return