add home_domain()

This commit is contained in:
Chris PeBenito 2006-01-23 19:02:15 +00:00
parent 6b1c8ee35b
commit 908390511e

View File

@ -932,6 +932,32 @@ kernel_getattr_core($1)
kernel_getattr_message_if($1) kernel_getattr_message_if($1)
kernel_read_kernel_sysctl($1) kernel_read_kernel_sysctl($1)
#
# home_domain($1,$2)
#
type $1_$2_home_t alias $1_$2_rw_t;
files_poly_member($1_$2_home_t)
userdom_home_file($1,$1_$2_home_t)
allow $1_t $1_$2_home_t:dir manage_dir_perms;
allow $1_t $1_$2_home_t:file manage_file_perms;
allow $1_t $1_$2_home_t:lnk_file create_lnk_perms;
allow $1_t $1_$2_home_t:{ dir file lnk_file } { relabelfrom relabelto };
userdom_search_user_home($1,$1_$2_t)
allow $1_$2_t $1_$2_home_t:dir manage_dir_perms;
allow $1_$2_t $1_$2_home_t:file manage_file_perms;
allow $1_$2_t $1_$2_home_t:lnk_file create_lnk_perms;
fs_search_auto_mountpoints($1_$2_t)
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs($1_$2_t)
fs_manage_nfs_files($1_$2_t)
fs_manage_nfs_symlinks($1_$2_t)
')
tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_dirs($1_$2_t)
fs_manage_cifs_files($1_$2_t)
fs_manage_cifs_symlinks($1_$2_t)
')
# #
# in_user_role(): # in_user_role():
# #
@ -1175,7 +1201,7 @@ allow $1_t $1_tmpfs_t:file { create ioctl read getattr lock write setattr append
allow $1_t $1_tmpfs_t:lnk_file { create read getattr setattr link unlink rename }; allow $1_t $1_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
allow $1_t $1_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename }; allow $1_t $1_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
allow $1_t $1_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename }; allow $1_t $1_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
fs_create_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file }) fs_filetrans_tmpfs($1_t,$1_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
# #
# unconfined_domain(): complete # unconfined_domain(): complete