selinux-policy/refpolicy/policy/modules/system/locallogin.if

66 lines
1.3 KiB
Plaintext
Raw Normal View History

2005-06-07 22:36:07 +00:00
## <summary>Policy for local logins.</summary>
2005-04-28 19:50:58 +00:00
2005-06-07 22:36:07 +00:00
########################################
2005-06-30 18:54:08 +00:00
## <summary>
## Execute local logins in the local login domain.
## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
2005-04-28 19:50:58 +00:00
#
interface(`locallogin_domtrans',`
2005-06-17 17:59:26 +00:00
gen_require(`
type local_login_t;
')
2005-06-13 17:35:46 +00:00
auth_domtrans_login_program($1,local_login_t)
2005-04-28 19:50:58 +00:00
')
2005-06-07 22:36:07 +00:00
########################################
2005-06-30 18:54:08 +00:00
## <summary>
2005-09-15 15:34:31 +00:00
## Allow processes to inherit local login file descriptors.
2005-06-30 18:54:08 +00:00
## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
2005-06-07 22:36:07 +00:00
#
interface(`locallogin_use_fd',`
2005-06-17 17:59:26 +00:00
gen_require(`
type local_login_t;
')
allow $1 local_login_t:fd use;
')
2005-09-15 15:34:31 +00:00
########################################
## <summary>
## Do not audit attempts to inherit local login file descriptors.
## </summary>
## <param name="domain">
## Domain to not audit.
## </param>
#
interface(`locallogin_dontaudit_use_fd',`
gen_require(`
type local_login_t;
')
dontaudit $1 local_login_t:fd use;
')
2005-06-30 18:54:08 +00:00
########################################
## <summary>
## Send a null signal to local login processes.
## </summary>
## <param name="domain">
## Domain allowed access.
## </param>
#
interface(`locallogin_signull',`
gen_require(`
type local_login_t;
')
allow $1 local_login_t:process signull;
')