add authlogin_read_pam_runtime_data and cleanup interfaces
This commit is contained in:
parent
9f2f9e6dfe
commit
dfaf6c2ad8
@ -72,10 +72,10 @@ class unix_dgram_socket { create read getattr write setattr append bind connect
|
||||
|
||||
#######################################
|
||||
#
|
||||
# authlogin_make_login_program_entrypoint(type,[`optional'])
|
||||
# authlogin_make_login_program_entrypoint(domain)
|
||||
#
|
||||
define(`authlogin_make_login_program_entrypoint',`
|
||||
requires_block_template(authlogin_make_login_program_entrypoint_depend,$2)
|
||||
requires_block_template(authlogin_make_login_program_entrypoint_depend)
|
||||
domain_make_entrypoint_file($1,login_exec_t)
|
||||
')
|
||||
|
||||
@ -86,10 +86,10 @@ domain_make_entrypoint_file_depend
|
||||
|
||||
#######################################
|
||||
#
|
||||
# authlogin_check_password_transition(type,[`optional'])
|
||||
# authlogin_check_password_transition(domain)
|
||||
#
|
||||
define(`authlogin_check_password_transition',`
|
||||
requires_block_template(authlogin_check_password_transition_depend,$2)
|
||||
requires_block_template(authlogin_check_password_transition_depend)
|
||||
allow $1 chkpwd_exec_t:file { getattr read execute };
|
||||
allow $1 system_chkpwd_t:process transition;
|
||||
dontaudit $1 shadow_t:file { getattr read };
|
||||
@ -108,10 +108,10 @@ class process transition;
|
||||
|
||||
#######################################
|
||||
#
|
||||
# authlogin_modify_login_records(type,[`optional'])
|
||||
# authlogin_modify_login_records(domain)
|
||||
#
|
||||
define(`authlogin_modify_login_records',`
|
||||
requires_block_template(authlogin_modify_login_records_depend,$2)
|
||||
requires_block_template(authlogin_modify_login_records_depend)
|
||||
allow $1 wtmp_t:file { getattr read write setattr };
|
||||
')
|
||||
|
||||
@ -122,10 +122,10 @@ class file { getattr read write setattr };
|
||||
|
||||
#######################################
|
||||
#
|
||||
# authlogin_read_shadow_passwords(type,[`optional'])
|
||||
# authlogin_read_shadow_passwords(domain)
|
||||
#
|
||||
define(`authlogin_read_shadow_passwords',`
|
||||
requires_block_template(authlogin_read_shadow_passwords_depend,$2)
|
||||
requires_block_template(authlogin_read_shadow_passwords_depend)
|
||||
allow $1 shadow_t:file { getattr read };
|
||||
typeattribute $1 can_read_shadow_passwords;
|
||||
')
|
||||
@ -138,10 +138,10 @@ class file { getattr read };
|
||||
|
||||
#######################################
|
||||
#
|
||||
# authlogin_ignore_read_shadow_passwords(type,[`optional'])
|
||||
# authlogin_ignore_read_shadow_passwords(domain)
|
||||
#
|
||||
define(`authlogin_ignore_read_shadow_passwords',`
|
||||
requires_block_template(authlogin_ignore_read_shadow_passwords_depend,$2)
|
||||
requires_block_template(authlogin_ignore_read_shadow_passwords_depend)
|
||||
dontaudit $1 shadow_t:file { getattr read };
|
||||
')
|
||||
|
||||
@ -152,10 +152,10 @@ class file { getattr read };
|
||||
|
||||
#######################################
|
||||
#
|
||||
# authlogin_modify_shadow_passwords(type,[`optional'])
|
||||
# authlogin_modify_shadow_passwords(domain)
|
||||
#
|
||||
define(`authlogin_modify_shadow_passwords',`
|
||||
requires_block_template(authlogin_modify_shadow_passwords_depend,$2)
|
||||
requires_block_template(authlogin_modify_shadow_passwords_depend)
|
||||
allow $1 shadow_t:file { getattr read write };
|
||||
typeattribute $1 can_read_shadow_passwords;
|
||||
typeattribute $1 can_write_shadow_passwords;
|
||||
@ -170,10 +170,10 @@ class file { getattr read write };
|
||||
|
||||
#######################################
|
||||
#
|
||||
# authlogin_modify_last_login_log(type,[`optional'])
|
||||
# authlogin_modify_last_login_log(domain)
|
||||
#
|
||||
define(`authlogin_modify_last_login_log',`
|
||||
requires_block_template(authlogin_modify_last_login_log_depend,$2)
|
||||
requires_block_template(authlogin_modify_last_login_log_depend)
|
||||
allow $1 lastlog_t:file { getattr read write setattr };
|
||||
')
|
||||
|
||||
@ -181,3 +181,19 @@ define(`authlogin_modify_last_login_log_depend',`
|
||||
type lastlog_t;
|
||||
class file { getattr read write setattr };
|
||||
')
|
||||
|
||||
#######################################
|
||||
#
|
||||
# authlogin_read_pam_runtime_data(domain)
|
||||
#
|
||||
define(`authlogin_read_pam_runtime_data',`
|
||||
requires_block_template(authlogin_read_pam_runtime_data_depend)
|
||||
# FIXME: search var_t
|
||||
# FIXME: search var_run_t
|
||||
allow $1 pam_var_run_t:file { getattr read };
|
||||
')
|
||||
|
||||
define(`authlogin_read_pam_runtime_data_depend',`
|
||||
type lastlog_t;
|
||||
class file { getattr read };
|
||||
')
|
||||
|
Loading…
Reference in New Issue
Block a user