xrdp-next/xrdp.te

module xrdp 1.0.3;
 
require {
        type unconfined_service_t;
        type unconfined_t;
        type unlabeled_t;
        type xserver_exec_t;
        type oddjob_t;
        type oddjob_mkhomedir_exec_t;
        class process transition;
        class process2 nnp_transition;
        class file entrypoint;
        class process2 nnp_transition;
        class vsock_socket { getattr read write };
}
 
#============= unconfined_service_t ==============
allow unconfined_service_t unconfined_t:process transition;
allow unconfined_service_t unconfined_t:process2 nnp_transition;
allow unconfined_service_t oddjob_mkhomedir_exec_t:file entrypoint;
allow unconfined_service_t unlabeled_t:vsock_socket { getattr read write };
 
#============= unconfined_t ==============
allow unconfined_t xserver_exec_t:file entrypoint;
 
#============= oddjob_t ==============
allow oddjob_t unconfined_service_t:process transition;
Remove setpriv patch and adjust SELinux policy to match. 2021-01-02 00:19:51 +00:00			`module xrdp 1.0.3;`

Add SELinux policy sub-package. 2017-04-12 12:15:12 +00:00			`require {`
			`type unconfined_service_t;`
			`type unconfined_t;`
Add vsock items to SELinux policy (thanks to mm19827 of gmail.com). 2020-01-12 20:28:49 +00:00			`type unlabeled_t;`
Add SELinux policy sub-package. 2017-04-12 12:15:12 +00:00			`type xserver_exec_t;`
Some SELinux policy additions/improvements. 2018-04-22 06:37:17 +00:00			`type oddjob_t;`
			`type oddjob_mkhomedir_exec_t;`
Add SELinux policy sub-package. 2017-04-12 12:15:12 +00:00			`class process transition;`
Remove setpriv patch and adjust SELinux policy to match. 2021-01-02 00:19:51 +00:00			`class process2 nnp_transition;`
Add SELinux policy sub-package. 2017-04-12 12:15:12 +00:00			`class file entrypoint;`
Some SELinux policy additions/improvements. 2018-04-22 06:37:17 +00:00			`class process2 nnp_transition;`
Add vsock items to SELinux policy (thanks to mm19827 of gmail.com). 2020-01-12 20:28:49 +00:00			`class vsock_socket { getattr read write };`
Add SELinux policy sub-package. 2017-04-12 12:15:12 +00:00			`}`
Remove setpriv patch and adjust SELinux policy to match. 2021-01-02 00:19:51 +00:00
Add SELinux policy sub-package. 2017-04-12 12:15:12 +00:00			`#============= unconfined_service_t ==============`
			`allow unconfined_service_t unconfined_t:process transition;`
Remove setpriv patch and adjust SELinux policy to match. 2021-01-02 00:19:51 +00:00			`allow unconfined_service_t unconfined_t:process2 nnp_transition;`
Some SELinux policy additions/improvements. 2018-04-22 06:37:17 +00:00			`allow unconfined_service_t oddjob_mkhomedir_exec_t:file entrypoint;`
Add vsock items to SELinux policy (thanks to mm19827 of gmail.com). 2020-01-12 20:28:49 +00:00			`allow unconfined_service_t unlabeled_t:vsock_socket { getattr read write };`
Remove setpriv patch and adjust SELinux policy to match. 2021-01-02 00:19:51 +00:00
Add SELinux policy sub-package. 2017-04-12 12:15:12 +00:00			`#============= unconfined_t ==============`
			`allow unconfined_t xserver_exec_t:file entrypoint;`
Remove setpriv patch and adjust SELinux policy to match. 2021-01-02 00:19:51 +00:00
Some SELinux policy additions/improvements. 2018-04-22 06:37:17 +00:00			`#============= oddjob_t ==============`
			`allow oddjob_t unconfined_service_t:process transition;`