selinux-policy/refpolicy/policy/modules/system/authlogin.te

54 lines
1.1 KiB
Plaintext
Raw Normal View History

2005-04-20 19:07:16 +00:00
# Copyright (C) 2005 Tresys Technology, LLC
2005-04-19 20:45:24 +00:00
########################################
#
# Declarations
#
type chkpwd_exec_t;
domain_make_entrypoint_file(system_chkpwd_t,chkpwd_exec_t)
type faillog_t;
logging_make_log_file(faillog_t)
2005-04-14 20:18:17 +00:00
type lastlog_t;
logging_make_log_file(lastlog_t)
2005-04-19 20:45:24 +00:00
type login_exec_t;
files_make_file(login_exec_t)
type pam_t;
domain_make_domain(pam_t)
type pam_tmp_t;
files_make_file(pam_tmp_t)
type pam_var_console_t;
files_make_file(pam_var_console_t)
type pam_var_run_t;
files_make_file(pam_var_run_t)
type shadow_t;
files_make_file(shadow_t)
attribute can_read_shadow_passwords;
attribute can_write_shadow_passwords;
neverallow ~can_read_shadow_passwords shadow_t:file read;
neverallow ~can_write_shadow_passwords shadow_t:file write;
type utempter_t;
domain_make_domain(utempter_t)
type utempter_exec_t;
domain_make_entrypoint_file(utempter_t,utempter_exec_t)
2005-04-14 20:18:17 +00:00
type wtmp_t;
logging_make_log_file(wtmp_t)
2005-04-19 20:45:24 +00:00
########################################
#
# Local policy
#
authlogin_per_userdomain_template(system)
#dontaudit system_chkpwd_t { user_tty_type tty_device_t }:chr_file rw_file_perms;
#dontaudit system_chkpwd_t privfd:fd use;