Created
September 6, 2016 23:32
-
-
Save apcera-code/9d490114187fd77c4b845f926f17b5d8 to your computer and use it in GitHub Desktop.
The controlling policy which grants the jobs binding permission then takes the form of the following four rules:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on job::/ { | |
| if (service == PV->SvcGroups.service) | |
| { | |
| request_category PV->SvcGroups.category | |
| } | |
| if (request_category == PV->Bindings.svcCategory && | |
| query->target fqnMatch PV->Bindings.jobNamespace) | |
| { | |
| permit bind | |
| } | |
| } | |
| on service::/ { | |
| if (query->target_str == PV->SvcGroups.service) | |
| { | |
| request_category PV->SvcGroups.category | |
| } | |
| if (request_category == PV->Bindings.svcCategory && | |
| job fqnMatch PV->Bindings.jobNamespace) | |
| { | |
| permit bind | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment