## <summary>Policy for getty.</summary> ######################################## ## <summary> ## Execute gettys in the getty domain. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`getty_domtrans',` gen_require(` type getty_t, getty_exec_t; ') corecmd_search_bin($1) domtrans_pattern($1,getty_exec_t,getty_t) ') ######################################## ## <summary> ## Inherit and use getty file descriptors. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`getty_use_fds',` gen_require(` type getty_t; ') allow $1 getty_t:fd use; ') ######################################## ## <summary> ## Allow process to read getty log file. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> ## <rolecap/> # interface(`getty_read_log',` gen_require(` type getty_log_t; ') logging_search_logs($1) allow $1 getty_log_t:file { getattr read }; ') ######################################## ## <summary> ## Allow process to read getty config file. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> ## <rolecap/> # interface(`getty_read_config',` gen_require(` type getty_etc_t; ') files_search_etc($1) allow $1 getty_etc_t:file { getattr read }; ') ######################################## ## <summary> ## Allow process to edit getty config file. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> ## <rolecap/> # interface(`getty_rw_config',` gen_require(` type getty_etc_t; ') files_search_etc($1) allow $1 getty_etc_t:file rw_file_perms; ')