2006-02-16 19:32:13 +00:00
|
|
|
|
2006-09-22 17:14:35 +00:00
|
|
|
policy_module(mcs,1.0.4)
|
2006-02-16 19:32:13 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Declarations
|
|
|
|
#
|
|
|
|
|
|
|
|
attribute mcskillall;
|
2006-07-28 15:13:58 +00:00
|
|
|
attribute mcsptraceall;
|
2006-03-29 16:23:17 +00:00
|
|
|
attribute mcssetcats;
|
2006-02-16 19:32:13 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# THIS IS A HACK
|
|
|
|
#
|
|
|
|
# Only the base module can have range_transitions, so we
|
|
|
|
# temporarily have to break encapsulation to work around this.
|
|
|
|
#
|
|
|
|
|
|
|
|
type auditd_exec_t;
|
|
|
|
type crond_exec_t;
|
|
|
|
type cupsd_exec_t;
|
|
|
|
type getty_t;
|
|
|
|
type init_t;
|
|
|
|
type init_exec_t;
|
|
|
|
type initrc_t;
|
|
|
|
type initrc_exec_t;
|
|
|
|
type login_exec_t;
|
|
|
|
type sshd_exec_t;
|
|
|
|
type udev_exec_t;
|
|
|
|
type unconfined_t;
|
|
|
|
type xdm_exec_t;
|
|
|
|
|
|
|
|
ifdef(`enable_mcs',`
|
2006-04-17 17:32:54 +00:00
|
|
|
# The eventual plan is to have a range_transition to s0 for the daemon by
|
|
|
|
# default and have the daemons which need to run with all categories be
|
|
|
|
# exceptions. But while range_transitions have to be in the base module
|
|
|
|
# this is not possible.
|
2006-02-16 19:32:13 +00:00
|
|
|
range_transition getty_t login_exec_t s0 - s0:c0.c255;
|
|
|
|
range_transition init_t xdm_exec_t s0 - s0:c0.c255;
|
|
|
|
range_transition initrc_t crond_exec_t s0 - s0:c0.c255;
|
|
|
|
range_transition initrc_t cupsd_exec_t s0 - s0:c0.c255;
|
|
|
|
range_transition initrc_t sshd_exec_t s0 - s0:c0.c255;
|
|
|
|
range_transition initrc_t udev_exec_t s0 - s0:c0.c255;
|
2006-09-22 17:14:35 +00:00
|
|
|
range_transition initrc_t setrans_exec_t s0 - s0:c0.c255;
|
2006-02-16 19:32:13 +00:00
|
|
|
range_transition initrc_t xdm_exec_t s0 - s0:c0.c255;
|
|
|
|
range_transition kernel_t udev_exec_t s0 - s0:c0.c255;
|
|
|
|
|
|
|
|
# these might be targeted_policy only
|
|
|
|
range_transition unconfined_t initrc_exec_t s0;
|
|
|
|
')
|