selinux-policy/policy/modules/roles/xguest.te

84 lines
1.4 KiB
Plaintext
Raw Normal View History

2009-03-31 13:40:59 +00:00
policy_module(xguest, 1.0.0)
########################################
#
# Declarations
#
## <desc>
## <p>
## Allow xguest users to mount removable media
## </p>
## </desc>
gen_tunable(xguest_mount_media, true)
## <desc>
## <p>
## Allow xguest to configure Network Manager
## </p>
## </desc>
gen_tunable(xguest_connect_network, true)
## <desc>
## <p>
## Allow xguest to use blue tooth devices
## </p>
## </desc>
gen_tunable(xguest_use_bluetooth, true)
role xguest_r;
userdom_restricted_xwindows_user_template(xguest)
########################################
#
# Local policy
#
# Allow mounting of file systems
optional_policy(`
tunable_policy(`xguest_mount_media',`
kernel_read_fs_sysctls(xguest_t)
files_dontaudit_getattr_boot_dirs(xguest_t)
files_search_mnt(xguest_t)
fs_manage_noxattr_fs_files(xguest_t)
fs_manage_noxattr_fs_dirs(xguest_t)
fs_manage_noxattr_fs_dirs(xguest_t)
fs_getattr_noxattr_fs(xguest_t)
fs_read_noxattr_fs_symlinks(xguest_t)
auth_list_pam_console_data(xguest_t)
init_read_utmp(xguest_t)
')
')
optional_policy(`
tunable_policy(`xguest_use_bluetooth',`
bluetooth_dbus_chat(xguest_t)
')
')
optional_policy(`
hal_dbus_chat(xguest_t)
')
optional_policy(`
java_role(xguest_r, xguest_t)
')
optional_policy(`
mozilla_role(xguest_r, xguest_t)
')
optional_policy(`
tunable_policy(`xguest_connect_network',`
networkmanager_dbus_chat(xguest_t)
')
')
#gen_user(xguest_u,, xguest_r, s0, s0)