## Policy for user domains ####################################### ## ## The template containing the most basic rules common to all users. ## ## ##

## The template containing the most basic rules common to all users. ##

##

## This template creates a user domain, types, and ## rules for the user's tty and pty. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## # template(`userdom_base_user_template',` attribute $1_file_type; type $1_t, userdomain; domain_type($1_t) corecmd_shell_entry_type($1_t) corecmd_bin_entry_type($1_t) corecmd_sbin_entry_type($1_t) domain_user_exemption_target($1_t) role $1_r types $1_t; allow system_r $1_r; type $1_devpts_t; term_user_pty($1_t,$1_devpts_t) files_type($1_devpts_t) type $1_tty_device_t; term_tty($1_t,$1_tty_device_t) allow $1_t self:process { signal_perms getsched setsched share getpgid setpgid setcap getsession }; allow $1_t self:fd use; allow $1_t self:fifo_file rw_file_perms; allow $1_t self:unix_dgram_socket { create_socket_perms sendto }; allow $1_t self:unix_stream_socket { create_stream_socket_perms connectto }; allow $1_t self:shm create_shm_perms; allow $1_t self:sem create_sem_perms; allow $1_t self:msgq create_msgq_perms; allow $1_t self:msg { send receive }; dontaudit $1_t self:socket create; allow $1_t $1_devpts_t:chr_file { setattr ioctl read getattr lock write append }; term_create_pty($1_t,$1_devpts_t) allow $1_t $1_tty_device_t:chr_file { setattr rw_file_perms }; kernel_read_kernel_sysctls($1_t) kernel_dontaudit_list_unlabeled($1_t) kernel_dontaudit_getattr_unlabeled_files($1_t) kernel_dontaudit_getattr_unlabeled_symlinks($1_t) kernel_dontaudit_getattr_unlabeled_pipes($1_t) kernel_dontaudit_getattr_unlabeled_sockets($1_t) kernel_dontaudit_getattr_unlabeled_blk_files($1_t) kernel_dontaudit_getattr_unlabeled_chr_files($1_t) # When the user domain runs ps, there will be a number of access # denials when ps tries to search /proc. Do not audit these denials. domain_dontaudit_read_all_domains_state($1_t) domain_dontaudit_getattr_all_domains($1_t) domain_dontaudit_getsession_all_domains($1_t) files_read_etc_files($1_t) files_read_etc_runtime_files($1_t) files_read_usr_files($1_t) # Read directories and files with the readable_t type. # This type is a general type for "world"-readable files. files_list_world_readable($1_t) files_read_world_readable_files($1_t) files_read_world_readable_symlinks($1_t) files_read_world_readable_pipes($1_t) files_read_world_readable_sockets($1_t) # old broswer_domain(): files_dontaudit_list_non_security($1_t) files_dontaudit_getattr_non_security_files($1_t) files_dontaudit_getattr_non_security_symlinks($1_t) files_dontaudit_getattr_non_security_pipes($1_t) files_dontaudit_getattr_non_security_sockets($1_t) files_dontaudit_getattr_non_security_blk_files($1_t) files_dontaudit_getattr_non_security_chr_files($1_t) libs_use_ld_so($1_t) libs_use_shared_libs($1_t) libs_exec_ld_so($1_t) miscfiles_read_localization($1_t) tunable_policy(`allow_execmem',` # Allow loading DSOs that require executable stack. allow $1_t self:process execmem; ') tunable_policy(`allow_execmem && allow_execstack',` # Allow making the stack executable via mprotect. allow $1_t self:process execstack; ') ') ####################################### ## ## The template for creating a home directory ## that the user has read-only access. ## ## ##

## The template for creating a home directory ## that the user has read-only access. ##

##

## This does not allow execute access. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## # template(`userdom_ro_home_template',` # type for contents of home directory type $1_home_t, $1_file_type, home_type; files_type($1_home_t) files_associate_tmp($1_home_t) fs_associate_tmpfs($1_home_t) # type of home directory type $1_home_dir_t, home_dir_type, home_type; files_type($1_home_dir_t) files_associate_tmp($1_home_dir_t) fs_associate_tmpfs($1_home_dir_t) ############################## # # User home directory file rules # allow $1_file_type $1_home_t:filesystem associate; # Rules used to associate a homedir as a mountpoint allow $1_home_t self:filesystem associate; ############################## # # Domain access to home dir # # read-only home directory allow $1_t $1_home_t:file { read_file_perms entrypoint }; allow $1_t $1_home_t:lnk_file read_file_perms; allow $1_t $1_home_t:dir list_dir_perms; allow $1_t $1_home_t:sock_file read_file_perms; allow $1_t $1_home_t:fifo_file read_file_perms; allow $1_t $1_home_dir_t:dir list_dir_perms; files_list_home($1_t) tunable_policy(`use_nfs_home_dirs',` fs_list_nfs_dirs($1_t) fs_read_nfs_files($1_t) fs_read_nfs_symlinks($1_t) fs_read_nfs_named_sockets($1_t) fs_read_nfs_named_pipes($1_t) ',` fs_dontaudit_read_nfs_dirs($1_t) fs_dontaudit_read_nfs_files($1_t) ') tunable_policy(`use_samba_home_dirs',` fs_list_cifs_dirs($1_t) fs_read_cifs_files($1_t) fs_read_cifs_symlinks($1_t) fs_read_cifs_named_sockets($1_t) fs_read_cifs_named_pipes($1_t) ',` fs_dontaudit_list_cifs_dirs($1_t) fs_dontaudit_read_cifs_files($1_t) ') ') ####################################### ## ## The template for creating a home directory ## that the user has full access. ## ## ##

## The template for creating a home directory ## that the user has full access. ##

##

## This does not allow execute access. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## # template(`userdom_manage_home_template',` # type for contents of home directory type $1_home_t, $1_file_type, home_type; files_type($1_home_t) files_associate_tmp($1_home_t) fs_associate_tmpfs($1_home_t) # type of home directory type $1_home_dir_t, home_dir_type, home_type; files_type($1_home_dir_t) files_associate_tmp($1_home_dir_t) fs_associate_tmpfs($1_home_dir_t) ############################## # # User home directory file rules # allow $1_file_type $1_home_t:filesystem associate; # Rules used to associate a homedir as a mountpoint allow $1_home_t self:filesystem associate; ############################## # # Domain access to home dir # # full control of the home directory allow $1_t $1_home_t:file { manage_file_perms relabelfrom relabelto entrypoint }; allow $1_t $1_home_t:lnk_file { create_lnk_perms relabelfrom relabelto }; allow $1_t $1_home_t:dir { manage_dir_perms relabelfrom relabelto }; allow $1_t $1_home_t:sock_file { manage_file_perms relabelfrom relabelto }; allow $1_t $1_home_t:fifo_file { manage_file_perms relabelfrom relabelto }; allow $1_t $1_home_dir_t:dir { manage_dir_perms relabelfrom relabelto }; type_transition $1_t $1_home_dir_t:{ dir file lnk_file sock_file fifo_file } $1_home_t; files_list_home($1_t) tunable_policy(`use_nfs_home_dirs',` fs_manage_nfs_dirs($1_t) fs_manage_nfs_files($1_t) fs_manage_nfs_symlinks($1_t) fs_manage_nfs_named_sockets($1_t) fs_manage_nfs_named_pipes($1_t) ',` fs_dontaudit_manage_nfs_dirs($1_t) fs_dontaudit_manage_nfs_files($1_t) ') tunable_policy(`use_samba_home_dirs',` fs_manage_cifs_dirs($1_t) fs_manage_cifs_files($1_t) fs_manage_cifs_symlinks($1_t) fs_manage_cifs_named_sockets($1_t) fs_manage_cifs_named_pipes($1_t) ',` fs_dontaudit_manage_cifs_dirs($1_t) fs_dontaudit_manage_cifs_files($1_t) ') ') ####################################### ## ## The template for allowing the user ## to execute files in their home directory. ## ## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## # template(`userdom_exec_home_template',` can_exec($1_t,$1_home_t) tunable_policy(`use_nfs_home_dirs',` fs_exec_nfs_files($1_t) ') tunable_policy(`use_samba_home_dirs',` fs_exec_cifs_files($1_t) ') ') ####################################### ## ## The template for polyinstantiating ## a user home directory. ## ## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## # template(`userdom_poly_home_template',` ifdef(`enable_polyinstantiation',` type_member $1_t $1_home_dir_t:dir $1_home_t; files_poly($1_home_dir_t) files_poly_member($1_home_t) ') ') ####################################### ## ## The template for full access to the temporary directories. ## ## ##

## The template for full access to the temporary directories. ## This creates a derived type for the user ## temporary type. Execute access is not given. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## # template(`userdom_manage_tmp_template',` type $1_tmp_t, $1_file_type; files_tmp_file($1_tmp_t) allow $1_t $1_tmp_t:dir manage_dir_perms; allow $1_t $1_tmp_t:file manage_file_perms; allow $1_t $1_tmp_t:lnk_file create_lnk_perms; allow $1_t $1_tmp_t:sock_file manage_file_perms; allow $1_t $1_tmp_t:fifo_file manage_file_perms; files_tmp_filetrans($1_t, $1_tmp_t, { dir file lnk_file sock_file fifo_file }) ') ####################################### ## ## The template for execute access to the user temporary files. ## ## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## # template(`userdom_exec_tmp_template',` can_exec($1_t,$1_tmp_t) ') ####################################### ## ## The template for a polyinstantiated temporary directory. ## ## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## # template(`userdom_poly_tmp_template',` ifdef(`enable_polyinstantiation',` files_poly_member_tmp($1_t,$1_tmp_t) ') ') ####################################### ## ## The template for creating a tmpfs type ## that the user has full access. ## ## ##

## The template for creating a tmpfs type ## that the user has full access. ##

##

## This does not allow execute access. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## # template(`userdom_manage_tmpfs_template',` type $1_tmpfs_t, $1_file_type; files_tmpfs_file($1_tmpfs_t) allow $1_t $1_tmpfs_t:dir rw_dir_perms; allow $1_t $1_tmpfs_t:file manage_file_perms; allow $1_t $1_tmpfs_t:lnk_file create_lnk_perms; allow $1_t $1_tmpfs_t:sock_file manage_file_perms; allow $1_t $1_tmpfs_t:fifo_file manage_file_perms; fs_tmpfs_filetrans($1_t,$1_tmpfs_t, { dir file lnk_file sock_file fifo_file }) ') ####################################### ## ## The template for creating a set of types ## for untrusted content. ## ## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## # template(`userdom_untrusted_content_template',` gen_require(` attribute $1_file_type; attribute untrusted_content_type, untrusted_content_tmp_type; type $1_t; ') # types for network-obtained content type $1_untrusted_content_t, $1_file_type, untrusted_content_type; #, customizable files_type($1_untrusted_content_t) files_poly_member($1_untrusted_content_t) type $1_untrusted_content_tmp_t, $1_file_type, untrusted_content_tmp_type; # customizable files_tmp_file($1_untrusted_content_tmp_t) # Allow user to relabel untrusted content allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:dir { manage_dir_perms relabelto relabelfrom }; allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:file { getattr unlink relabelto relabelfrom rename }; tunable_policy(`read_untrusted_content',` allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:dir list_dir_perms; allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:file read_file_perms; allow $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:lnk_file { getattr read }; ',` dontaudit $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:dir list_dir_perms; dontaudit $1_t { $1_untrusted_content_t $1_untrusted_content_tmp_t }:file read_file_perms; ') ') ####################################### ## ## The template allowing the user to execute ## generic programs, such as those found in /bin, ## /sbin, /usr/bin, and /usr/sbin. ## ## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## # template(`userdom_exec_generic_pgms_template',` gen_require(` type $1_t; ') corecmd_exec_bin($1_t) corecmd_exec_sbin($1_t) corecmd_exec_ls($1_t) ') ####################################### ## ## The template allowing the user basic ## network permissions ## ## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## # template(`userdom_basic_networking_template',` gen_require(` type $1_t; ') allow $1_t self:tcp_socket create_stream_socket_perms; allow $1_t self:udp_socket create_socket_perms; corenet_non_ipsec_sendrecv($1_t) corenet_tcp_sendrecv_all_if($1_t) corenet_udp_sendrecv_all_if($1_t) corenet_tcp_sendrecv_all_nodes($1_t) corenet_udp_sendrecv_all_nodes($1_t) corenet_tcp_sendrecv_all_ports($1_t) corenet_udp_sendrecv_all_ports($1_t) corenet_tcp_connect_all_ports($1_t) corenet_sendrecv_all_client_packets($1_t) ') ####################################### ## ## The template for creating a user xwindows client. ## ## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## # template(`userdom_xwindows_client_template',` gen_require(` type $1_t, $1_tmpfs_t; ') optional_policy(` dev_rw_xserver_misc($1_t) dev_rw_power_management($1_t) dev_read_input($1_t) dev_read_misc($1_t) dev_write_misc($1_t) # open office is looking for the following dev_getattr_agp_dev($1_t) dev_dontaudit_rw_dri($1_t) # GNOME checks for usb and other devices: dev_rw_usbfs($1_t) xserver_user_client_template($1,$1_t,$1_tmpfs_t) xserver_xsession_entry_type($1_t) xserver_dontaudit_write_log($1_t) xserver_stream_connect_xdm($1_t) # certain apps want to read xdm.pid file xserver_read_xdm_pid($1_t) # gnome-session creates socket under /tmp/.ICE-unix/ xserver_create_xdm_tmp_sockets($1_t) ') ') ####################################### ## ## The template for allowing the user to change passwords. ## ## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## # template(`userdom_change_password_template',` gen_require(` type $1_t, $1_devpts_t, $1_tty_device_t; role $1_r; ') optional_policy(` usermanage_run_chfn($1_t,$1_r,{ $1_devpts_t $1_tty_device_t }) usermanage_run_passwd($1_t,$1_r,{ $1_devpts_t $1_tty_device_t }) ') ') ####################################### ## ## The template for allowing the user to change roles. ## ## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## # template(`userdom_role_change_template',` gen_require(` role $1_r, $2_r; type $1_t, $2_t; type $1_devpts_t, $2_devpts_t; type $1_tty_device_t, $2_tty_device_t; ') allow $1_r $2_r; type_change $2_t $1_devpts_t:chr_file $2_devpts_t; type_change $2_t $1_tty_device_t:chr_file $2_tty_device_t; # avoid annoying messages on terminal hangup dontaudit $1_t { $2_devpts_t $2_tty_device_t }:chr_file ioctl; ') ####################################### ## ## The template containing rules common to unprivileged ## users and administrative users. ## ## ##

## This template creates a user domain, types, and ## rules for the user's tty, pty, tmp, and tmpfs files. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## # template(`userdom_common_user_template',` userdom_base_user_template($1) userdom_manage_home_template($1) userdom_exec_home_template($1) userdom_manage_tmp_template($1) userdom_exec_tmp_template($1) userdom_manage_tmpfs_template($1) userdom_untrusted_content_template($1) userdom_basic_networking_template($1) userdom_exec_generic_pgms_template($1) userdom_xwindows_client_template($1) userdom_change_password_template($1) ############################## # # User domain Local policy # allow $1_t self:capability { setgid chown fowner }; dontaudit $1_t self:capability { sys_nice fsetid }; allow $1_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap }; allow $1_t self:process { ptrace setfscreate }; # evolution and gnome-session try to create a netlink socket dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown }; dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write }; allow $1_t unpriv_userdomain:fd use; kernel_read_system_state($1_t) kernel_read_network_state($1_t) kernel_read_net_sysctls($1_t) # Very permissive allowing every domain to see every type: kernel_get_sysvipc_info($1_t) # Find CDROM devices: kernel_read_device_sysctls($1_t) corenet_udp_bind_all_nodes($1_t) corenet_udp_bind_generic_port($1_t) dev_read_sysfs($1_t) dev_read_rand($1_t) dev_read_urand($1_t) dev_write_sound($1_t) dev_read_sound($1_t) dev_read_sound_mixer($1_t) dev_write_sound_mixer($1_t) domain_use_interactive_fds($1_t) files_exec_etc_files($1_t) files_search_locks($1_t) # Check to see if cdrom is mounted files_search_mnt($1_t) # cjp: perhaps should cut back on file reads: files_read_var_files($1_t) files_read_var_symlinks($1_t) files_read_generic_spool($1_t) files_read_var_lib_files($1_t) # Stat lost+found. files_getattr_lost_found_dirs($1_t) fs_get_all_fs_quotas($1_t) fs_getattr_all_fs($1_t) fs_getattr_all_dirs($1_t) fs_search_auto_mountpoints($1_t) fs_list_inotifyfs($1_t) # cjp: some of this probably can be removed selinux_get_fs_mount($1_t) selinux_validate_context($1_t) selinux_compute_access_vector($1_t) selinux_compute_create_context($1_t) selinux_compute_relabel_context($1_t) selinux_compute_user_contexts($1_t) # for eject storage_getattr_fixed_disk_dev($1_t) auth_read_login_records($1_t) auth_dontaudit_write_login_records($1_t) auth_search_pam_console_data($1_t) auth_run_pam($1_t,$1_r,{ $1_tty_device_t $1_devpts_t }) auth_run_utempter($1_t,$1_r,{ $1_tty_device_t $1_devpts_t }) init_read_utmp($1_t) # The library functions always try to open read-write first, # then fall back to read-only if it fails. init_dontaudit_write_utmp($1_t) # Stop warnings about access to /dev/console init_dontaudit_use_fds($1_t) init_dontaudit_use_script_fds($1_t) libs_exec_lib_files($1_t) logging_dontaudit_getattr_all_logs($1_t) miscfiles_read_man_pages($1_t) # for running TeX programs miscfiles_read_tetex_data($1_t) miscfiles_exec_tetex_data($1_t) seutil_read_file_contexts($1_t) seutil_read_default_contexts($1_t) seutil_read_config($1_t) seutil_run_newrole($1_t,$1_r,{ $1_devpts_t $1_tty_device_t }) # for when the network connection is killed # this is needed when a login role can change # to this one. seutil_dontaudit_signal_newrole($1_t) tunable_policy(`read_default_t',` files_list_default($1_t) files_read_default_files($1_t) files_read_default_symlinks($1_t) files_read_default_sockets($1_t) files_read_default_pipes($1_t) ',` files_dontaudit_list_default($1_t) files_dontaudit_read_default_files($1_t) ') tunable_policy(`user_direct_mouse',` dev_read_mouse($1_t) ') tunable_policy(`user_ttyfile_stat',` term_getattr_all_user_ttys($1_t) ') optional_policy(` # Allow graphical boot to check battery lifespan apm_stream_connect($1_t) ') optional_policy(` canna_stream_connect($1_t) ') optional_policy(` cups_stream_connect_ptal($1_t) ') optional_policy(` dbus_system_bus_client_template($1,$1_t) optional_policy(` bluetooth_dbus_chat($1_t) ') optional_policy(` cups_dbus_chat_config($1_t) ') optional_policy(` hal_dbus_chat($1_t) ') optional_policy(` networkmanager_dbus_chat($1_t) ') ') optional_policy(` inetd_use_fds($1_t) inetd_rw_tcp_sockets($1_t) ') optional_policy(` inn_read_config($1_t) inn_read_news_lib($1_t) inn_read_news_spool($1_t) ') # for running depmod as part of the kernel packaging process optional_policy(` modutils_read_module_config($1_t) ') optional_policy(` mta_rw_spool($1_t) ') optional_policy(` nis_use_ypbind($1_t) ') optional_policy(` tunable_policy(`allow_user_mysql_connect',` mysql_stream_connect($1_t) ') ') optional_policy(` nscd_socket_use($1_t) ') optional_policy(` # to allow monitoring of pcmcia status pcmcia_read_pid($1_t) ') optional_policy(` quota_dontaudit_getattr_db($1_t) ') optional_policy(` resmgr_stream_connect($1_t) ') optional_policy(` rpc_dontaudit_getattr_exports($1_t) rpc_manage_nfs_rw_content($1_t) ') optional_policy(` rpm_read_db($1_t) rpm_dontaudit_manage_db($1_t) ') optional_policy(` samba_stream_connect_winbind($1_t) ') optional_policy(` slrnpull_search_spool($1_t) ') optional_policy(` usernetctl_run($1_t,$1_r,{ $1_devpts_t $1_tty_device_t }) ') ') ####################################### ## ## The template for creating a unprivileged user. ## ## ##

## This template creates a user domain, types, and ## rules for the user's tty, pty, home directories, ## tmp, and tmpfs files. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## # template(`userdom_unpriv_user_template', ` ############################## # # Declarations # # Inherit rules for ordinary users. userdom_common_user_template($1) typeattribute $1_t unpriv_userdomain; domain_interactive_fd($1_t) typeattribute $1_devpts_t user_ptynode; typeattribute $1_home_dir_t user_home_dir_type; typeattribute $1_home_t user_home_type; typeattribute $1_tmp_t user_tmpfile; typeattribute $1_tty_device_t user_ttynode; userdom_poly_home_template($1) userdom_poly_tmp_template($1) ############################## # # Local policy # # privileged home directory writers allow privhome $1_home_t:file manage_file_perms; allow privhome $1_home_t:lnk_file create_lnk_perms; allow privhome $1_home_t:dir manage_dir_perms; allow privhome $1_home_t:sock_file manage_file_perms; allow privhome $1_home_t:fifo_file manage_file_perms; type_transition privhome $1_home_dir_t:{ dir file lnk_file sock_file fifo_file } $1_home_t; corecmd_exec_all_executables($1_t) # port access is audited even if dac would not have allowed it, so dontaudit it here corenet_dontaudit_tcp_bind_all_reserved_ports($1_t) # Need the following rule to allow users to run vpnc corenet_tcp_bind_xserver_port($1_t) files_exec_usr_files($1_t) # cjp: why? files_read_kernel_symbol_table($1_t) ifndef(`enable_mls',` fs_exec_noxattr($1_t) tunable_policy(`user_rw_noexattrfile',` fs_manage_noxattr_fs_files($1_t) fs_manage_noxattr_fs_dirs($1_t) # Write floppies storage_raw_read_removable_device($1_t) storage_raw_write_removable_device($1_t) ',` storage_raw_read_removable_device($1_t) ') ') tunable_policy(`user_dmesg',` kernel_read_ring_buffer($1_t) ',` kernel_dontaudit_read_ring_buffer($1_t) ') # Allow users to run TCP servers (bind to ports and accept connection from # the same domain and outside users) disabling this forces FTP passive mode # and may change other protocols tunable_policy(`user_tcp_server',` corenet_tcp_bind_all_nodes($1_t) corenet_tcp_bind_generic_port($1_t) ') optional_policy(` kerberos_use($1_t) ') optional_policy(` loadkeys_run($1_t,$1_r,$1_tty_device_t) ') optional_policy(` netutils_run_ping_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t }) netutils_run_traceroute_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t }) ') # Run pppd in pppd_t by default for user optional_policy(` ppp_run_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t }) ') ifdef(`TODO',` ifdef(`xdm.te', ` # this should cause the .xsession-errors file to be written to /tmp dontaudit xdm_t $1_home_t:file rw_file_perms; ') # Do not audit write denials to /etc/ld.so.cache. dontaudit $1_t ld_so_cache_t:file write; dontaudit $1_t sysadm_home_t:file { read append }; ') dnl end TODO ') ####################################### ## ## The template for creating an administrative user. ## ## ##

## This template creates a user domain, types, and ## rules for the user's tty, pty, home directories, ## tmp, and tmpfs files. ##

##

## The privileges given to administrative users are: ##

    ##
  • Raw disk access
  • ##
  • Set all sysctls
  • ##
  • All kernel ring buffer controls
  • ##
  • Create, read, write, and delete all files but shadow
  • ##
  • Manage source and binary format SELinux policy
  • ##
  • Run insmod
  • ##
##

##
## ## ## The prefix of the user domain (e.g., sysadm ## is the prefix for sysadm_t). ## ## # template(`userdom_admin_user_template',` gen_require(` class passwd { passwd chfn chsh rootok crontab }; ') ############################## # # Declarations # # Inherit rules for ordinary users. userdom_common_user_template($1) typeattribute $1_t privhome; domain_obj_id_change_exemption($1_t) role system_r types $1_t; ifdef(`direct_sysadm_daemon',` domain_system_change_exemption($1_t) ') typeattribute $1_devpts_t admin_terminal; typeattribute $1_tty_device_t admin_terminal; ############################## # # $1_t local policy # allow $1_t self:capability ~sys_module; allow $1_t self:process { setexec setfscreate }; # Set password information for other users. allow $1_t self:passwd { passwd chfn chsh }; # Skip authentication when pam_rootok is specified. allow $1_t self:passwd rootok; # Manipulate other users crontab. allow $1_t self:passwd crontab; allow $1_t self:netlink_audit_socket nlmsg_readpriv; kernel_read_software_raid_state($1_t) kernel_getattr_core_if($1_t) kernel_getattr_message_if($1_t) kernel_change_ring_buffer_level($1_t) kernel_clear_ring_buffer($1_t) kernel_read_ring_buffer($1_t) kernel_get_sysvipc_info($1_t) kernel_rw_all_sysctls($1_t) # signal unlabeled processes: kernel_kill_unlabeled($1_t) kernel_signal_unlabeled($1_t) kernel_sigstop_unlabeled($1_t) kernel_signull_unlabeled($1_t) kernel_sigchld_unlabeled($1_t) corenet_tcp_bind_generic_port($1_t) # allow setting up tunnels corenet_rw_tun_tap_dev($1_t) dev_getattr_generic_blk_files($1_t) dev_getattr_generic_chr_files($1_t) # for lsof dev_getattr_mtrr_dev($1_t) # Allow MAKEDEV to work dev_create_all_blk_files($1_t) dev_create_all_chr_files($1_t) dev_delete_all_blk_files($1_t) dev_delete_all_chr_files($1_t) dev_rename_all_blk_files($1_t) dev_rename_all_chr_files($1_t) dev_create_generic_symlinks($1_t) domain_setpriority_all_domains($1_t) domain_read_all_domains_state($1_t) domain_getattr_all_domains($1_t) domain_dontaudit_ptrace_all_domains($1_t) # signal all domains: domain_kill_all_domains($1_t) domain_signal_all_domains($1_t) domain_signull_all_domains($1_t) domain_sigstop_all_domains($1_t) domain_sigstop_all_domains($1_t) domain_sigchld_all_domains($1_t) # for lsof domain_getattr_all_sockets($1_t) files_exec_usr_src_files($1_t) fs_getattr_all_fs($1_t) fs_set_all_quotas($1_t) fs_exec_noxattr($1_t) storage_raw_read_removable_device($1_t) storage_raw_write_removable_device($1_t) term_use_all_terms($1_t) auth_getattr_shadow($1_t) # Manage almost all files auth_manage_all_files_except_shadow($1_t) # Relabel almost all files auth_relabel_all_files_except_shadow($1_t) init_telinit($1_t) logging_send_syslog_msg($1_t) modutils_domtrans_insmod($1_t) # The following rule is temporary until such time that a complete # policy management infrastructure is in place so that an administrator # cannot directly manipulate policy files with arbitrary programs. seutil_manage_src_policy($1_t) # Violates the goal of limiting write access to checkpolicy. # But presently necessary for installing the file_contexts file. seutil_manage_bin_policy($1_t) tunable_policy(`user_rw_noexattrfile',` fs_manage_noxattr_fs_files($1_t) fs_manage_noxattr_fs_dirs($1_t) ',` fs_read_noxattr_fs_files($1_t) ') optional_policy(` cron_admin_template($1,$1_t,$1_r) ') optional_policy(` ethereal_admin_template($1,$1_t,$1_r) ') optional_policy(` lpr_admin_template($1,$1_t,$1_r) ') optional_policy(` mta_admin_template($1,$1_t,$1_r) ') ifdef(`TODO',` ifdef(`xserver.te', ` tunable_policy(`xdm_sysadm_login',` allow xdm_t $1_home_t:lnk_file read; allow xdm_t $1_home_t:dir search; ') ') ') dnl endif TODO ') ######################################## ## ## Change to the generic user role. ## ## ##

## Change to the generic user role. ##

##

## This is a template to support third party modules ## and its use is not allowed in upstream reference ## policy. ##

##
## ## ## The prefix of the user role (e.g., user ## is the prefix for user_r). ## ## ## # template(`userdom_role_change_generic_user',` ifdef(`strict_policy',` userdom_role_change_template($1,user) ',` refpolicywarn(`$0($*) has no effect in targeted policy.') ') ') ######################################## ## ## Change from the generic user role. ## ## ##

## Change from the generic user role to ## the specified role. ##

##

## This is a template to support third party modules ## and its use is not allowed in upstream reference ## policy. ##

##
## ## ## The prefix of the user role (e.g., user ## is the prefix for user_r). ## ## ## # template(`userdom_role_change_from_generic_user',` ifdef(`strict_policy',` userdom_role_change_template(user,$1) ',` refpolicywarn(`$0($*) has no effect in targeted policy.') ') ') ######################################## ## ## Change to the staff user role. ## ## ##

## Change to the staff user role. ##

##

## This is a template to support third party modules ## and its use is not allowed in upstream reference ## policy. ##

##
## ## ## The prefix of the user role (e.g., user ## is the prefix for user_r). ## ## ## # template(`userdom_role_change_staff',` ifdef(`strict_policy',` userdom_role_change_template($1,staff) ',` refpolicywarn(`$0($*) has no effect in targeted policy.') ') ') ######################################## ## ## Change from the staff user role. ## ## ##

## Change from the staff user role to ## the specified role. ##

##

## This is a template to support third party modules ## and its use is not allowed in upstream reference ## policy. ##

##
## ## ## The prefix of the user role (e.g., user ## is the prefix for user_r). ## ## ## # template(`userdom_role_change_from_staff',` ifdef(`strict_policy',` userdom_role_change_template(staff,$1) ',` refpolicywarn(`$0($*) has no effect in targeted policy.') ') ') ######################################## ## ## Change to the sysadm user role. ## ## ##

## Change to the sysadm user role. ##

##

## This is a template to support third party modules ## and its use is not allowed in upstream reference ## policy. ##

##
## ## ## The prefix of the user role (e.g., user ## is the prefix for user_r). ## ## ## # template(`userdom_role_change_sysadm',` ifdef(`strict_policy',` userdom_role_change_template($1,sysadm) ',` refpolicywarn(`$0($*) has no effect in targeted policy.') ') ') ######################################## ## ## Change from the sysadm user role. ## ## ##

## Change from the sysadm user role to ## the specified role. ##

##

## This is a template to support third party modules ## and its use is not allowed in upstream reference ## policy. ##

##
## ## ## The prefix of the user role (e.g., user ## is the prefix for user_r). ## ## ## # template(`userdom_role_change_from_sysadm',` ifdef(`strict_policy',` userdom_role_change_template(sysadm,$1) ',` refpolicywarn(`$0($*) has no effect in targeted policy.') ') ') ######################################## ## ## Change to the secadm user role. ## ## ##

## Change to the secadm user role. ##

##

## This is a template to support third party modules ## and its use is not allowed in upstream reference ## policy. ##

##
## ## ## The prefix of the user role (e.g., user ## is the prefix for user_r). ## ## ## # template(`userdom_role_change_secadm',` ifdef(`enable_mls',` userdom_role_change_template($1,secadm) ',` refpolicywarn(`$0($*) has no effect in non-MLS policy.') ') ') ######################################## ## ## Change from the secadm user role. ## ## ##

## Change from the secadm user role to ## the specified role. ##

##

## This is a template to support third party modules ## and its use is not allowed in upstream reference ## policy. ##

##
## ## ## The prefix of the user role (e.g., user ## is the prefix for user_r). ## ## ## # template(`userdom_role_change_from_secadm',` ifdef(`enable_mls',` userdom_role_change_template(secadm,$1) ',` refpolicywarn(`$0($*) has no effect in non-MLS policy.') ') ') ######################################## ## ## Change to the auditadm user role. ## ## ##

## Change to the auditadm user role. ##

##

## This is a template to support third party modules ## and its use is not allowed in upstream reference ## policy. ##

##
## ## ## The prefix of the auditadm role (e.g., user ## is the prefix for user_r). ## ## ## # template(`userdom_role_change_auditadm',` ifdef(`enable_mls',` userdom_role_change_template($1,auditadm) ',` refpolicywarn(`$0($*) has no effect in non-MLS policy.') ') ') ######################################## ## ## Change from the auditadm user role. ## ## ##

## Change from the auditadm user role to ## the specified role. ##

##

## This is a template to support third party modules ## and its use is not allowed in upstream reference ## policy. ##

##
## ## ## The prefix of the user role (e.g., user ## is the prefix for user_r). ## ## ## # template(`userdom_role_change_from_auditadm',` ifdef(`enable_mls',` userdom_role_change_template(auditadm,$1) ',` refpolicywarn(`$0($*) has no effect in non-MLS policy.') ') ') ######################################## ## ## Make the specified type usable in a ## user home directory. ## ## ##

## Make the specified type usable in a ## user home directory. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Type to be used as a file in the ## user home directory. ## ## # template(`userdom_user_home_content',` gen_require(` attribute $1_file_type; ') typeattribute $2 $1_file_type; files_type($2) ') ######################################## ## ## Set the attributes of a user pty. ## ## ##

## Set the attributes of a user pty. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_setattr_user_ptys',` ifdef(`strict_policy',` gen_require(` type $1_devpts_t; ') allow $2 $1_devpts_t:chr_file setattr; ') ') ######################################## ## ## Create a user pty. ## ## ##

## Create a user pty. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_create_user_pty',` ifdef(`strict_policy',` gen_require(` type $1_devpts_t; ') term_create_pty($2,$1_devpts_t) ') ') ######################################## ## ## Search user home directories. ## ## ##

## Search user home directories. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_search_user_home_dirs',` gen_require(` type $1_home_dir_t; ') files_search_home($2) allow $2 $1_home_dir_t:dir { getattr search }; ') ######################################## ## ## List user home directories. ## ## ##

## List user home directories. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_list_user_home_dirs',` gen_require(` type $1_home_dir_t; ') files_search_home($2) allow $2 $1_home_dir_t:dir r_dir_perms; ') ######################################## ## ## Do a domain transition to the specified ## domain when executing a program in the ## user home directory. ## ## ##

## Do a domain transition to the specified ## domain when executing a program in the ## user home directory. ##

##

## No interprocess communication (signals, pipes, ## etc.) is provided by this interface since ## the domains are not owned by this module. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## ## ## ## Domain to transition to. ## ## # template(`userdom_user_home_domtrans',` gen_require(` type $1_home_dir_t, $1_home_t; ') files_search_home($2) allow $2 $1_home_dir_t:dir search_dir_perms; domain_auto_trans($2,$1_home_t,$3) ') ######################################## ## ## Do not audit attempts to list user home subdirectories. ## ## ##

## Do not audit attempts to list user home subdirectories. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain to not audit ## ## # template(`userdom_dontaudit_list_user_home_dirs',` gen_require(` type $1_home_dir_t; ') dontaudit $2 $1_home_dir_t:dir r_dir_perms; ') ######################################## ## ## Create, read, write, and delete directories ## in a user home subdirectory. ## ## ##

## Create, read, write, and delete directories ## in a user home subdirectory. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_manage_user_home_content_dirs',` gen_require(` type $1_home_dir_t, $1_home_t; ') files_search_home($2) allow $2 $1_home_dir_t:dir rw_dir_perms; allow $2 $1_home_t:dir manage_dir_perms; ') ######################################## ## ## Do not audit attempts to set the ## attributes of user home files. ## ## ##

## Do not audit attempts to set the ## attributes of user home files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_dontaudit_setattr_user_home_content_files',` gen_require(` type $1_home_dir_t, $1_home_t; ') dontaudit $2 $1_home_t:file setattr; ') ######################################## ## ## Read user home files. ## ## ##

## Read user home files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_read_user_home_content_files',` gen_require(` type $1_home_dir_t, $1_home_t; ') files_search_home($2) allow $2 $1_home_dir_t:dir search; allow $2 $1_home_t:dir search_dir_perms; allow $2 $1_home_t:file r_file_perms; ') ######################################## ## ## Do not audit attempts to read user home files. ## ## ##

## Do not audit attempts to read user home files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain to not audit. ## ## # template(`userdom_dontaudit_read_user_home_content_files',` gen_require(` type $1_home_t; ') dontaudit $2 $1_home_t:dir r_dir_perms; dontaudit $2 $1_home_t:file r_file_perms; ') ######################################## ## ## Do not audit attempts to write user home files. ## ## ##

## Do not audit attempts to write user home files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain to not audit. ## ## # template(`userdom_dontaudit_write_user_home_content_files',` gen_require(` type $1_home_t; ') dontaudit $2 $1_home_t:file write; ') ######################################## ## ## Read user home subdirectory symbolic links. ## ## ##

## Read user home subdirectory symbolic links. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_read_user_home_content_symlinks',` gen_require(` type $1_home_dir_t, $1_home_t; ') files_search_home($2) allow $2 $1_home_dir_t:dir search; allow $2 $1_home_t:dir search; allow $2 $1_home_t:lnk_file r_file_perms; ') ######################################## ## ## Execute user home files. ## ## ##

## Execute user home files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_exec_user_home_content_files',` gen_require(` type $1_home_dir_t, $1_home_t; ') files_search_home($2) allow $2 $1_home_dir_t:dir search; allow $2 $1_home_t:dir search; can_exec($2,$1_home_t) ') ######################################## ## ## Do not audit attempts to execute user home files. ## ## ##

## Do not audit attempts to execute user home files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_dontaudit_exec_user_home_content_files',` gen_require(` type $1_home_t; ') dontaudit $2 $1_home_t:file execute; ') ######################################## ## ## Create, read, write, and delete files ## in a user home subdirectory. ## ## ##

## Create, read, write, and delete files ## in a user home subdirectory. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_manage_user_home_content_files',` gen_require(` type $1_home_dir_t, $1_home_t; ') files_search_home($2) allow $2 $1_home_dir_t:dir search; allow $2 $1_home_t:dir rw_dir_perms; allow $2 $1_home_t:file create_file_perms; ') ######################################## ## ## Do not audit attempts to create, read, write, and delete directories ## in a user home subdirectory. ## ## ##

## Do not audit attempts to create, read, write, and delete directories ## in a user home subdirectory. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_dontaudit_manage_user_home_content_dirs',` gen_require(` type $1_home_dir_t, $1_home_t; ') dontaudit $2 $1_home_t:dir manage_dir_perms; ') ######################################## ## ## Create, read, write, and delete symbolic links ## in a user home subdirectory. ## ## ##

## Create, read, write, and delete symbolic links ## in a user home subdirectory. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_manage_user_home_content_symlinks',` gen_require(` type $1_home_dir_t, $1_home_t; ') files_search_home($2) allow $2 $1_home_dir_t:dir search; allow $2 $1_home_t:dir rw_dir_perms; allow $2 $1_home_t:lnk_file create_lnk_perms; ') ######################################## ## ## Create, read, write, and delete named pipes ## in a user home subdirectory. ## ## ##

## Create, read, write, and delete named pipes ## in a user home subdirectory. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_manage_user_home_content_pipes',` gen_require(` type $1_home_dir_t, $1_home_t; ') files_search_home($2) allow $2 $1_home_dir_t:dir search; allow $2 $1_home_t:dir rw_dir_perms; allow $2 $1_home_t:fifo_file create_file_perms; ') ######################################## ## ## Create, read, write, and delete named sockets ## in a user home subdirectory. ## ## ##

## Create, read, write, and delete named sockets ## in a user home subdirectory. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_manage_user_home_content_sockets',` gen_require(` type $1_home_dir_t, $1_home_t; ') files_search_home($2) allow $2 $1_home_dir_t:dir search; allow $2 $1_home_t:dir rw_dir_perms; allow $2 $1_home_t:sock_file create_file_perms; ') ######################################## ## ## Create objects in a user home directory ## with an automatic type transition to ## a specified private type. ## ## ##

## Create objects in a user home directory ## with an automatic type transition to ## a specified private type. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## ## ## ## The type of the object to create. ## ## ## ## ## The class of the object to be created. If not ## specified, file is used. ## ## # template(`userdom_user_home_dir_filetrans',` gen_require(` type $1_home_dir_t; ') files_search_home($2) allow $2 $1_home_dir_t:dir rw_dir_perms; type_transition $2 $1_home_dir_t:$4 $3; ') ######################################## ## ## Create objects in a user home directory ## with an automatic type transition to ## the user home file type. ## ## ##

## Create objects in a user home directory ## with an automatic type transition to ## the user home file type. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## ## ## ## The class of the object to be created. If not ## specified, file is used. ## ## # template(`userdom_user_home_dir_filetrans_user_home_content',` gen_require(` type $1_home_dir_t, $1_home_t; ') files_search_home($2) allow $2 $1_home_dir_t:dir rw_dir_perms; type_transition $2 $1_home_dir_t:$3 $1_home_t; ') ######################################## ## ## Write to user temporary named sockets. ## ## ##

## Write to user temporary named sockets. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_write_user_tmp_sockets',` gen_require(` type $1_tmp_t; ') files_search_tmp($2) allow $2 $1_tmp_t:sock_file write; ') ######################################## ## ## List user temporary directories. ## ## ##

## List user temporary directories. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_list_user_tmp',` gen_require(` type $1_tmp_t; ') files_search_tmp($2) allow $2 $1_tmp_t:dir r_dir_perms; ') ######################################## ## ## Do not audit attempts to list user ## temporary directories. ## ## ##

## Do not audit attempts to list user ## temporary directories. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain to not audit. ## ## # template(`userdom_dontaudit_list_user_tmp',` gen_require(` type $1_tmp_t; ') dontaudit $2 $1_tmp_t:dir r_dir_perms; ') ######################################## ## ## Do not audit attempts to manage users ## temporary directories. ## ## ##

## Do not audit attempts to manage users ## temporary directories. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain to not audit. ## ## # template(`userdom_dontaudit_manage_user_tmp_dirs',` gen_require(` type $1_tmp_t; ') dontaudit $2 $1_tmp_t:dir manage_dir_perms; ') ######################################## ## ## Read user temporary files. ## ## ##

## Read user temporary files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_read_user_tmp_files',` gen_require(` type $1_tmp_t; ') files_search_tmp($2) allow $2 $1_tmp_t:dir r_dir_perms; allow $2 $1_tmp_t:file r_file_perms; ') ######################################## ## ## Do not audit attempts to read users ## temporary files. ## ## ##

## Do not audit attempts to read users ## temporary files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain to not audit. ## ## # template(`userdom_dontaudit_read_user_tmp_files',` gen_require(` type $1_tmp_t; ') dontaudit $2 $1_tmp_t:file r_file_perms; ') ######################################## ## ## Do not audit attempts to append users ## temporary files. ## ## ##

## Do not audit attempts to append users ## temporary files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain to not audit. ## ## # template(`userdom_dontaudit_append_user_tmp_files',` gen_require(` type $1_tmp_t; ') dontaudit $2 $1_tmp_t:file append; ') ######################################## ## ## Read and write user temporary files. ## ## ##

## Read and write user temporary files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_rw_user_tmp_files',` gen_require(` type $1_tmp_t; ') files_search_tmp($2) allow $2 $1_tmp_t:dir r_dir_perms; allow $2 $1_tmp_t:file rw_file_perms; ') ######################################## ## ## Do not audit attempts to manage users ## temporary files. ## ## ##

## Do not audit attempts to manage users ## temporary files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain to not audit. ## ## # template(`userdom_dontaudit_manage_user_tmp_files',` gen_require(` type $1_tmp_t; ') dontaudit $2 $1_tmp_t:file manage_file_perms; ') ######################################## ## ## Read user ## temporary symbolic links. ## ## ##

## Read user ## temporary symbolic links. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_read_user_tmp_symlinks',` gen_require(` type $1_tmp_t; ') files_search_tmp($2) allow $2 $1_tmp_t:dir r_dir_perms; allow $2 $1_tmp_t:lnk_file r_file_perms; ') ######################################## ## ## Create, read, write, and delete user ## temporary directories. ## ## ##

## Create, read, write, and delete user ## temporary directories. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_manage_user_tmp_dirs',` gen_require(` type $1_tmp_t; ') files_search_tmp($2) allow $2 $1_tmp_t:dir manage_dir_perms; ') ######################################## ## ## Create, read, write, and delete user ## temporary files. ## ## ##

## Create, read, write, and delete user ## temporary files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_manage_user_tmp_files',` gen_require(` type $1_tmp_t; ') files_search_tmp($2) allow $2 $1_tmp_t:dir rw_dir_perms; allow $2 $1_tmp_t:file create_file_perms; ') ######################################## ## ## Create, read, write, and delete user ## temporary symbolic links. ## ## ##

## Create, read, write, and delete user ## temporary symbolic links. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_manage_user_tmp_symlinks',` gen_require(` type $1_tmp_t; ') files_search_tmp($2) allow $2 $1_tmp_t:dir rw_dir_perms; allow $2 $1_tmp_t:lnk_file create_lnk_perms; ') ######################################## ## ## Create, read, write, and delete user ## temporary named pipes. ## ## ##

## Create, read, write, and delete user ## temporary named pipes. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_manage_user_tmp_pipes',` gen_require(` type $1_tmp_t; ') files_search_tmp($2) allow $2 $1_tmp_t:dir rw_dir_perms; allow $2 $1_tmp_t:fifo_file create_file_perms; ') ######################################## ## ## Create, read, write, and delete user ## temporary named sockets. ## ## ##

## Create, read, write, and delete user ## temporary named sockets. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_manage_user_tmp_sockets',` gen_require(` type $1_tmp_t; ') files_search_tmp($2) allow $2 $1_tmp_t:dir rw_dir_perms; allow $2 $1_tmp_t:sock_file create_file_perms; ') ######################################## ## ## Create objects in a user temporary directory ## with an automatic type transition to ## a specified private type. ## ## ##

## Create objects in a user temporary directory ## with an automatic type transition to ## a specified private type. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## ## ## ## The type of the object to create. ## ## ## ## ## The class of the object to be created. If not ## specified, file is used. ## ## # template(`userdom_user_tmp_filetrans',` gen_require(` type $1_tmp_t; ') allow $2 $1_tmp_t:dir rw_dir_perms; type_transition $2 $1_tmp_t:$4 $3; files_search_tmp($2) ') ######################################## ## ## Create objects in the temporary directory ## with an automatic type transition to ## the user temporary type. ## ## ##

## Create objects in the temporary directory ## with an automatic type transition to ## the user temporary type. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## ## ## ## The class of the object to be created. If not ## specified, file is used. ## ## # template(`userdom_tmp_filetrans_user_tmp',` gen_require(` type $1_home_dir_t; ') files_tmp_filetrans($2,$1_tmp_t,$3) ') ######################################## ## ## Read user tmpfs files. ## ## ##

## Read user tmpfs files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_rw_user_tmpfs_files',` gen_require(` type $1_tmpfs_t; ') fs_search_tmpfs($2) allow $2 $1_tmpfs_t:dir list_dir_perms; allow $2 $1_tmpfs_t:file rw_file_perms; allow $2 $1_tmpfs_t:lnk_file { getattr read }; ') ######################################## ## ## List users untrusted directories. ## ## ##

## List users untrusted directories. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_list_user_untrusted_content',` gen_require(` type $1_untrusted_content_t; ') allow $2 $1_untrusted_content_t:dir r_dir_perms; ') ######################################## ## ## Do not audit attempts to list user ## untrusted directories. ## ## ##

## Do not audit attempts to read user ## untrusted directories. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain to not audit. ## ## # template(`userdom_dontaudit_list_user_untrusted_content',` gen_require(` type $1_untrusted_content_t; ') dontaudit $2 $1_untrusted_content_t:dir r_dir_perms; ') ######################################## ## ## Read user untrusted files. ## ## ##

## Read user untrusted files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_read_user_untrusted_content_files',` gen_require(` type $1_untrusted_content_t; ') allow $2 $1_untrusted_content_t:dir r_dir_perms; allow $2 $1_untrusted_content_t:file r_file_perms; ') ######################################## ## ## Manage user untrusted files. ## ## ##

## Create, read, write, and delete untrusted files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_manage_user_untrusted_content_files',` gen_require(` type $1_untrusted_content_t; ') allow $2 $1_tmp_t:dir rw_dir_perms; allow $2 $1_untrusted_content_tmp_t:file manage_file_perms; ') ######################################## ## ## Do not audit attempts to read users ## untrusted files. ## ## ##

## Do not audit attempts to read users ## untrusted files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain to not audit. ## ## # template(`userdom_dontaudit_read_user_untrusted_content_files',` gen_require(` type $1_untrusted_content_t; ') dontaudit $2 $1_untrusted_content_t:file r_file_perms; ') ######################################## ## ## Read user untrusted symbolic links. ## ## ##

## Read user untrusted symbolic links. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_read_user_untrusted_content_symlinks',` gen_require(` type $1_untrusted_content_t; ') allow $2 $1_untrusted_content_t:dir r_dir_perms; allow $2 $1_untrusted_content_t:lnk_file r_file_perms; ') ######################################## ## ## List users temporary untrusted directories. ## ## ##

## List users temporary untrusted directories. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_list_user_tmp_untrusted_content',` gen_require(` type $1_untrusted_content_tmp_t; ') allow $2 $1_untrusted_content_tmp_t:dir r_dir_perms; ') ######################################## ## ## Do not audit attempts to list user ## temporary untrusted directories. ## ## ##

## Do not audit attempts to list user ## temporary directories. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain to not audit. ## ## # template(`userdom_dontaudit_list_user_tmp_untrusted_content',` gen_require(` type $1_untrusted_content_tmp_t; ') dontaudit $2 $1_untrusted_content_tmp_t:dir r_dir_perms; ') ######################################## ## ## Read user temporary untrusted files. ## ## ##

## Read user temporary untrusted files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_read_user_tmp_untrusted_content_files',` gen_require(` type $1_untrusted_content_tmp_t; ') allow $2 $1_untrusted_content_tmp_t:dir r_dir_perms; allow $2 $1_untrusted_content_tmp_t:file r_file_perms; ') ######################################## ## ## Do not audit attempts to read users ## temporary untrusted files. ## ## ##

## Do not audit attempts to read users ## temporary untrusted files. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain to not audit. ## ## # template(`userdom_dontaudit_read_user_tmp_untrusted_content_files',` gen_require(` type $1_untrusted_content_tmp_t; ') dontaudit $2 $1_untrusted_content_tmp_t:file r_file_perms; ') ######################################## ## ## Read user temporary untrusted symbolic links. ## ## ##

## Read user temporary untrusted symbolic links. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_read_user_tmp_untrusted_content_symlinks',` gen_require(` type $1_untrusted_content_tmp_t; ') allow $2 $1_untrusted_content_tmp_t:dir r_dir_perms; allow $2 $1_untrusted_content_tmp_t:lnk_file r_file_perms; ') ######################################## ## ## Read all user untrusted content files. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_read_all_untrusted_content',` gen_require(` attribute untrusted_content_type; ') allow $1 untrusted_content_type:dir r_dir_perms; allow $1 untrusted_content_type:{ file lnk_file } r_file_perms; ') ######################################## ## ## Read all user temporary untrusted content files. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_read_all_tmp_untrusted_content',` gen_require(` attribute untrusted_content_tmp_type; ') allow $1 untrusted_content_tmp_type:dir r_dir_perms; allow $1 untrusted_content_tmp_type:{ file lnk_file } r_file_perms; ') ######################################## ## ## Set the attributes of a user domain tty. ## ## ##

## Set the attributes of a user domain tty. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_setattr_user_ttys',` ifdef(`targeted_policy',` term_setattr_unallocated_ttys($2) ',` gen_require(` type $1_tty_device_t; ') allow $2 $1_tty_device_t:chr_file setattr; ') ') ######################################## ## ## Read and write a user domain tty. ## ## ##

## Read and write a user domain tty. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_use_user_ttys',` ifdef(`targeted_policy',` term_use_unallocated_ttys($2) ',` gen_require(` type $1_tty_device_t; ') allow $2 $1_tty_device_t:chr_file rw_term_perms; ') ') ######################################## ## ## Read and write a user domain tty and pty. ## ## ##

## Read and write a user domain tty and pty. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_use_user_terminals',` ifdef(`targeted_policy',` term_use_unallocated_ttys($2) term_use_generic_ptys($2) ',` gen_require(` type $1_tty_device_t, $1_devpts_t; ') allow $2 $1_tty_device_t:chr_file rw_term_perms; allow $2 $1_devpts_t:chr_file rw_term_perms; term_list_ptys($2) ') ') ######################################## ## ## Do not audit attempts to read and write ## a user domain tty and pty. ## ## ##

## Do not audit attempts to read and write ## a user domain tty and pty. ##

##

## This is a templated interface, and should only ## be called from a per-userdomain template. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## ## ## ## Domain allowed access. ## ## # template(`userdom_dontaudit_use_user_terminals',` gen_require(` type $1_tty_device_t, $1_devpts_t; ') dontaudit $2 $1_tty_device_t:chr_file rw_term_perms; dontaudit $2 $1_devpts_t:chr_file rw_term_perms; ') ######################################## ## ## Execute a shell in all user domains. This ## is an explicit transition, requiring the ## caller to use setexeccon(). ## ## ## ## Domain allowed access. ## ## # interface(`userdom_spec_domtrans_all_users',` gen_require(` attribute userdomain; ') corecmd_shell_spec_domtrans($1,userdomain) allow $1 userdomain:fd use; allow userdomain $1:fd use; allow userdomain $1:fifo_file rw_file_perms; allow userdomain $1:process sigchld; ') ######################################## ## ## Execute an Xserver session in all unprivileged user domains. This ## is an explicit transition, requiring the ## caller to use setexeccon(). ## ## ## ## Domain allowed access. ## ## # interface(`userdom_xsession_spec_domtrans_all_users',` gen_require(` attribute userdomain; ') xserver_xsession_spec_domtrans($1,userdomain) allow $1 userdomain:fd use; allow userdomain $1:fd use; allow userdomain $1:fifo_file rw_file_perms; allow userdomain $1:process sigchld; ') ######################################## ## ## Execute a shell in all unprivileged user domains. This ## is an explicit transition, requiring the ## caller to use setexeccon(). ## ## ## ## Domain allowed access. ## ## # interface(`userdom_spec_domtrans_unpriv_users',` gen_require(` attribute unpriv_userdomain; ') corecmd_shell_spec_domtrans($1,unpriv_userdomain) allow $1 unpriv_userdomain:fd use; allow unpriv_userdomain $1:fd use; allow unpriv_userdomain $1:fifo_file rw_file_perms; allow unpriv_userdomain $1:process sigchld; ') ######################################## ## ## Execute an Xserver session in all unprivileged user domains. This ## is an explicit transition, requiring the ## caller to use setexeccon(). ## ## ## ## Domain allowed access. ## ## # interface(`userdom_xsession_spec_domtrans_unpriv_users',` gen_require(` attribute unpriv_userdomain; ') xserver_xsession_spec_domtrans($1,unpriv_userdomain) allow $1 unpriv_userdomain:fd use; allow unpriv_userdomain $1:fd use; allow unpriv_userdomain $1:fifo_file rw_file_perms; allow unpriv_userdomain $1:process sigchld; ') ######################################## ## ## Manage unpriviledged user SysV sempaphores. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_manage_unpriv_user_semaphores',` gen_require(` attribute unpriv_userdomain; ') allow $1 unpriv_userdomain:sem create_sem_perms; ') ######################################## ## ## Manage unpriviledged user SysV shared ## memory segments. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_manage_unpriv_user_shared_mem',` gen_require(` attribute unpriv_userdomain; ') allow $1 unpriv_userdomain:shm create_shm_perms; ') ######################################## ## ## Execute bin_t in the unprivileged user domains. This ## is an explicit transition, requiring the ## caller to use setexeccon(). ## ## ## ## Domain allowed access. ## ## # interface(`userdom_bin_spec_domtrans_unpriv_users',` gen_require(` attribute unpriv_userdomain; ') corecmd_bin_spec_domtrans($1,unpriv_userdomain) allow $1 unpriv_userdomain:fd use; allow unpriv_userdomain $1:fd use; allow unpriv_userdomain $1:fifo_file rw_file_perms; allow unpriv_userdomain $1:process sigchld; ') ######################################## ## ## Execute generic sbin programs in all unprivileged user ## domains. This is an explicit transition, requiring the ## caller to use setexeccon(). ## ## ## ## Domain allowed access. ## ## # interface(`userdom_sbin_spec_domtrans_unpriv_users',` gen_require(` attribute unpriv_userdomain; ') corecmd_sbin_spec_domtrans($1,unpriv_userdomain) allow $1 unpriv_userdomain:fd use; allow unpriv_userdomain $1:fd use; allow unpriv_userdomain $1:fifo_file rw_file_perms; allow unpriv_userdomain $1:process sigchld; ') ######################################## ## ## Execute all entrypoint files in unprivileged user ## domains. This is an explicit transition, requiring the ## caller to use setexeccon(). ## ## ## ## Domain allowed access. ## ## # interface(`userdom_entry_spec_domtrans_unpriv_users',` gen_require(` attribute unpriv_userdomain; ') domain_entry_file_spec_domtrans($1,unpriv_userdomain) allow $1 unpriv_userdomain:fd use; allow unpriv_userdomain $1:fd use; allow unpriv_userdomain $1:fifo_file rw_file_perms; allow unpriv_userdomain $1:process sigchld; ') ######################################## ## ## Execute a shell in the sysadm domain. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_shell_domtrans_sysadm',` ifdef(`targeted_policy',` #cjp: need to doublecheck this one unconfined_shell_domtrans($1) ',` gen_require(` type sysadm_t; ') corecmd_shell_domtrans($1,sysadm_t) allow $1 sysadm_t:fd use; allow sysadm_t $1:fd use; allow sysadm_t $1:fifo_file rw_file_perms; allow sysadm_t $1:process sigchld; ') ') ######################################## ## ## Execute a generic bin program in the sysadm domain. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_bin_spec_domtrans_sysadm',` gen_require(` type sysadm_t; ') corecmd_bin_spec_domtrans($1,sysadm_t) allow $1 sysadm_t:fd use; allow sysadm_t $1:fd use; allow sysadm_t $1:fifo_file rw_file_perms; allow sysadm_t $1:process sigchld; ') ######################################## ## ## Execute a generic sbin program in the sysadm domain. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_sbin_spec_domtrans_sysadm',` gen_require(` type sysadm_t; ') corecmd_sbin_spec_domtrans($1,sysadm_t) allow $1 sysadm_t:fd use; allow sysadm_t $1:fd use; allow sysadm_t $1:fifo_file rw_file_perms; allow sysadm_t $1:process sigchld; ') ######################################## ## ## Execute all entrypoint files in the sysadm domain. This ## is an explicit transition, requiring the ## caller to use setexeccon(). ## ## ## ## Domain allowed access. ## ## # interface(`userdom_entry_spec_domtrans_sysadm',` gen_require(` type sysadm_t; ') domain_entry_file_spec_domtrans($1,sysadm_t) allow $1 sysadm_t:fd use; allow sysadm_t $1:fd use; allow sysadm_t $1:fifo_file rw_file_perms; allow sysadm_t $1:process sigchld; ') ######################################## ## ## Allow sysadm to execute a generic bin program in ## a specified domain. This is an explicit transition, ## requiring the caller to use setexeccon(). ## ## ##

## Allow sysadm to execute a generic bin program in ## a specified domain. ##

##

## This is a interface to support third party modules ## and its use is not allowed in upstream reference ## policy. ##

##
## ## ## Domain to execute in. ## ## # interface(`userdom_sysadm_bin_spec_domtrans_to',` gen_require(` type sysadm_t; ') corecmd_bin_spec_domtrans(sysadm_t,$1) allow sysadm_t $1:fd use; allow $1 sysadm_t:fd use; allow $1 sysadm_t:fifo_file rw_file_perms; allow $1 sysadm_t:process sigchld; ') ######################################## ## ## Allow sysadm to execute a generic sbin program in ## a specified domain. This is an explicit transition, ## requiring the caller to use setexeccon(). ## ## ##

## Allow sysadm to execute a generic sbin program in ## a specified domain. ##

##

## This is a interface to support third party modules ## and its use is not allowed in upstream reference ## policy. ##

##
## ## ## Domain to execute in. ## ## # interface(`userdom_sysadm_sbin_spec_domtrans_to',` gen_require(` type sysadm_t; ') corecmd_sbin_spec_domtrans(sysadm_t, $1) allow sysadm_t $1:fd use; allow $1 sysadm_t:fd use; allow $1 sysadm_t:fifo_file rw_file_perms; allow $1 sysadm_t:process sigchld; ') ######################################## ## ## Allow sysadm to execute all entrypoint files ## in the specified domain. This is an explicit ## transition, requiring the caller to use setexeccon(). ## ## ##

## Allow sysadm to execute all entrypoint files ## in the specified domain. This is an explicit ## transition, requiring the caller to use setexeccon(). ##

##

## This is a interface to support third party modules ## and its use is not allowed in upstream reference ## policy. ##

##
## ## ## Domain to execute in. ## ## # interface(`userdom_sysadm_entry_spec_domtrans_to',` gen_require(` type sysadm_t; ') domain_entry_file_spec_domtrans(sysadm_t, $1) allow sysadm_t $1:fd use; allow $1 sysadm_t:fd use; allow $1 sysadm_t:fifo_file rw_file_perms; allow $1 sysadm_t:process sigchld; ') ######################################## ## ## Search the staff users home directory. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_search_staff_home_dirs',` gen_require(` type staff_home_dir_t; ') files_search_home($1) allow $1 staff_home_dir_t:dir search; ') ######################################## ## ## Do not audit attempts to search the staff ## users home directory. ## ## ## ## Domain to not audit. ## ## # interface(`userdom_dontaudit_search_staff_home_dirs',` gen_require(` type staff_home_dir_t; ') dontaudit $1 staff_home_dir_t:dir search; ') ######################################## ## ## Create, read, write, and delete staff ## home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_manage_staff_home_dirs',` ifdef(`targeted_policy',` gen_require(` type user_home_dir_t; ') files_search_home($1) allow $1 user_home_dir_t:dir manage_dir_perms; ',` gen_require(` type staff_home_dir_t; ') files_search_home($1) allow $1 staff_home_dir_t:dir manage_dir_perms; ') ') ######################################## ## ## Do not audit attempts to append to the staff ## users home directory. ## ## ## ## Domain to not audit. ## ## # interface(`userdom_dontaudit_append_staff_home_content_files',` gen_require(` type staff_home_t; ') dontaudit $1 staff_home_t:file append; ') ######################################## ## ## Read files in the staff users home directory. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_read_staff_home_content_files',` gen_require(` type staff_home_dir_t, staff_home_t; ') files_search_home($1) allow $1 { staff_home_dir_t staff_home_t }:dir r_dir_perms; allow $1 staff_home_t:{ file lnk_file } r_file_perms; ') ######################################## ## ## Send a SIGCHLD signal to sysadm users. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_sigchld_sysadm',` ifdef(`targeted_policy',` unconfined_sigchld($1) ',` gen_require(` type sysadm_t; ') allow $1 sysadm_t:process sigchld; ') ') ######################################## ## ## Do not audit attepts to get the attributes ## of sysadm ttys. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_dontaudit_getattr_sysadm_ttys',` ifdef(`targeted_policy',` term_dontaudit_getattr_unallocated_ttys($1) ',` gen_require(` type sysadm_tty_device_t; ') dontaudit $1 sysadm_tty_device_t:chr_file getattr; ') ') ######################################## ## ## Read and write sysadm ttys. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_use_sysadm_ttys',` ifdef(`targeted_policy',` term_use_unallocated_ttys($1) ',` gen_require(` type sysadm_tty_device_t; ') dev_list_all_dev_nodes($1) term_list_ptys($1) allow $1 sysadm_tty_device_t:chr_file rw_term_perms; ') ') ######################################## ## ## Do not audit attempts to use sysadm ttys. ## ## ## ## Domain to not audit. ## ## # interface(`userdom_dontaudit_use_sysadm_ttys',` ifdef(`targeted_policy',` term_dontaudit_use_unallocated_ttys($1) ',` gen_require(` type sysadm_tty_device_t; ') dontaudit $1 sysadm_tty_device_t:chr_file { read write }; ') ') ######################################## ## ## Read and write sysadm ptys. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_use_sysadm_ptys',` ifdef(`targeted_policy',` term_use_generic_ptys($1) ',` gen_require(` type sysadm_devpts_t; ') dev_list_all_dev_nodes($1) term_list_ptys($1) allow $1 sysadm_devpts_t:chr_file rw_term_perms; ') ') ######################################## ## ## Dont audit attempts to read and write sysadm ptys. ## ## ## ## Domain to not audit. ## ## # interface(`userdom_dontaudit_use_sysadm_ptys',` ifdef(`targeted_policy',` term_dontaudit_use_generic_ptys($1) ',` gen_require(` type sysadm_devpts_t; ') dontaudit $1 sysadm_devpts_t:chr_file { read write }; ') ') ######################################## ## ## Read and write sysadm ttys and ptys. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_use_sysadm_terms',` userdom_use_sysadm_ttys($1) userdom_use_sysadm_ptys($1) ') ######################################## ## ## Do not audit attempts to use sysadm ttys and ptys. ## ## ## ## Domain to not audit. ## ## # interface(`userdom_dontaudit_use_sysadm_terms',` ifdef(`targeted_policy',` term_dontaudit_use_generic_ptys($1) ',` gen_require(` attribute admin_terminal; ') dontaudit $1 admin_terminal:chr_file { read write }; ') ') ######################################## ## ## Inherit and use sysadm file descriptors ## ## ## ## Domain allowed access. ## ## # interface(`userdom_use_sysadm_fds',` ifdef(`targeted_policy',` unconfined_use_fds($1) ',` gen_require(` type sysadm_t; ') allow $1 sysadm_t:fd use; ') ') ######################################## ## ## Read and write sysadm user unnamed pipes. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_rw_sysadm_pipes',` ifdef(`targeted_policy',` #cjp: need to doublecheck this one unconfined_rw_pipes($1) ',` gen_require(` type sysadm_t; ') allow $1 sysadm_t:fifo_file rw_file_perms; ') ') ######################################## ## ## Get the attributes of the sysadm users ## home directory. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_getattr_sysadm_home_dirs',` gen_require(` type sysadm_home_dir_t; ') allow $1 sysadm_home_dir_t:dir getattr; ') ######################################## ## ## Do not audit attempts to get the ## attributes of the sysadm users ## home directory. ## ## ## ## Domain to not audit. ## ## # interface(`userdom_dontaudit_getattr_sysadm_home_dirs',` ifdef(`targeted_policy',` gen_require(` type user_home_dir_t; ') dontaudit $1 user_home_dir_t:dir getattr; ', ` gen_require(` type sysadm_home_dir_t; ') dontaudit $1 sysadm_home_dir_t:dir getattr; ') ') ######################################## ## ## Search the sysadm users home directory. ## ## ## ## Domain to not audit. ## ## # interface(`userdom_search_sysadm_home_dirs',` gen_require(` type sysadm_home_dir_t; ') allow $1 sysadm_home_dir_t:dir search; ') ######################################## ## ## Do not audit attempts to search the sysadm ## users home directory. ## ## ## ## Domain to not audit. ## ## # interface(`userdom_dontaudit_search_sysadm_home_dirs',` ifdef(`targeted_policy',` gen_require(` type user_home_dir_t; ') dontaudit $1 user_home_dir_t:dir search_dir_perms; ',` gen_require(` type sysadm_home_dir_t; ') dontaudit $1 sysadm_home_dir_t:dir search_dir_perms; ') ') ######################################## ## ## List the sysadm users home directory. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_list_sysadm_home_dirs',` gen_require(` type sysadm_home_dir_t; ') allow $1 sysadm_home_dir_t:dir list_dir_perms; ') ######################################## ## ## Do not audit attempts to list the sysadm ## users home directory. ## ## ## ## Domain to not audit. ## ## # interface(`userdom_dontaudit_list_sysadm_home_dirs',` gen_require(` type sysadm_home_dir_t; ') dontaudit $1 sysadm_home_dir_t:dir list_dir_perms; ') ######################################## ## ## Do not audit attempts to search the sysadm ## users home directory. ## ## ## ## Domain to not audit. ## ## # interface(`userdom_dontaudit_read_sysadm_home_content_files',` ifdef(`targeted_policy',` gen_require(` type user_home_dir_t, user_home_t; ') dontaudit $1 user_home_dir_t:dir search_dir_perms; dontaudit $1 user_home_t:dir search_dir_perms; dontaudit $1 user_home_t:file r_file_perms; ',` gen_require(` type sysadm_home_dir_t, sysadm_home_t; ') dontaudit $1 sysadm_home_dir_t:dir search_dir_perms; dontaudit $1 sysadm_home_t:dir search_dir_perms; dontaudit $1 sysadm_home_t:file r_file_perms; ') ') ######################################## ## ## Create objects in sysadm home directories ## with automatic file type transition. ## ## ## ## Domain allowed access. ## ## ## ## ## The type of the object to be created. ## ## ## ## ## The class of the object to be created. ## If not specified, file is used. ## ## # interface(`userdom_sysadm_home_dir_filetrans',` gen_require(` type sysadm_home_dir_t; ') allow $1 sysadm_home_dir_t:dir rw_dir_perms; type_transition $1 sysadm_home_dir_t:$3 $2; ') ######################################## ## ## Search the sysadm users home sub directories. ## ## ## ## Domain to not audit. ## ## # interface(`userdom_search_sysadm_home_content_dirs',` gen_require(` type sysadm_home_dir_t, sysadm_home_t; ') allow $1 { sysadm_home_dir_t sysadm_home_t }:dir search_dir_perms; ') ######################################## ## ## Read files in the sysadm users home directory. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_read_sysadm_home_content_files',` gen_require(` type sysadm_home_dir_t, sysadm_home_t; ') files_search_home($1) allow $1 { sysadm_home_dir_t sysadm_home_t }:dir r_dir_perms; allow $1 sysadm_home_t:{ file lnk_file } r_file_perms; ') ######################################## ## ## Search all users home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_search_all_users_home_dirs',` gen_require(` attribute home_dir_type; ') files_list_home($1) allow $1 home_dir_type:dir search_dir_perms; ') ######################################## ## ## List all users home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_list_all_users_home_dirs',` gen_require(` attribute home_dir_type; ') files_list_home($1) allow $1 home_dir_type:dir list_dir_perms; ') ######################################## ## ## Search all users home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_search_all_users_home_content',` gen_require(` attribute home_dir_type, home_type; ') files_list_home($1) allow $1 { home_dir_type home_type }:dir search_dir_perms; ') ######################################## ## ## Do not audit attempts to search all users home directories. ## ## ## ## Domain to not audit. ## ## # interface(`userdom_dontaudit_search_all_users_home_content',` gen_require(` attribute home_dir_type, home_type; ') dontaudit $1 { home_dir_type home_type }:dir search_dir_perms; ') ######################################## ## ## Read all files in all users home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_read_all_users_home_content_files',` gen_require(` attribute home_type; ') files_list_home($1) allow $1 home_type:dir r_dir_perms; allow $1 home_type:file r_file_perms; ') ######################################## ## ## Create, read, write, and delete all directories ## in all users home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_manage_all_users_home_content_dirs',` gen_require(` attribute home_type; ') files_list_home($1) allow $1 home_type:dir create_dir_perms; ') ######################################## ## ## Create, read, write, and delete all files ## in all users home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_manage_all_users_home_content_files',` gen_require(` attribute home_type; ') files_list_home($1) allow $1 home_type:dir rw_dir_perms; allow $1 home_type:file create_file_perms; ') ######################################## ## ## Create, read, write, and delete all symlinks ## in all users home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_manage_all_users_home_content_symlinks',` gen_require(` attribute home_type; ') files_list_home($1) allow $1 home_type:dir rw_dir_perms; allow $1 home_type:lnk_file create_lnk_perms; ') ######################################## ## ## Make the specified domain a privileged ## home directory manager. ## ## ##

## Make the specified domain a privileged ## home directory manager. This domain will be ## able to manage the contents of all users ## general home directory content, and create ## files with the correct context. ##

##
## ## ## Domain allowed access. ## ## # interface(`userdom_priveleged_home_dir_manager',` gen_require(` attribute privhome; ') files_list_home($1) typeattribute $1 privhome; ') ######################################## ## ## Send general signals to unprivileged user domains. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_signal_unpriv_users',` gen_require(` attribute unpriv_userdomain; ') allow $1 unpriv_userdomain:process signal; ') ######################################## ## ## Inherit the file descriptors from unprivileged user domains. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_use_unpriv_users_fds',` gen_require(` attribute unpriv_userdomain; ') allow $1 unpriv_userdomain:fd use; ') ######################################## ## ## Do not audit attempts to inherit the ## file descriptors from all user domains. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_dontaudit_use_unpriv_user_fds',` gen_require(` attribute unpriv_userdomain; ') dontaudit $1 unpriv_userdomain:fd use; ') ######################################## ## ## Create generic user home directories ## with automatic file type transition. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_home_filetrans_generic_user_home_dir',` gen_require(` type user_home_dir_t; ') files_home_filetrans($1,user_home_dir_t,dir) ') ######################################## ## ## Search generic user home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_search_generic_user_home_dirs',` gen_require(` type user_home_dir_t; ') allow $1 user_home_dir_t:dir search_dir_perms; ') ######################################## ## ## Create objects in generic user home directories ## with automatic file type transition. ## ## ## ## Domain allowed access. ## ## ## ## ## The class of the object to be created. ## If not specified, file is used. ## ## # interface(`userdom_generic_user_home_dir_filetrans_generic_user_home_content',` gen_require(` type user_home_dir_t, user_home_t; ') files_search_home($1) allow $1 user_home_dir_t:dir rw_dir_perms; type_transition $1 user_home_dir_t:$2 user_home_t; ') ######################################## ## ## Don't audit search on the user home subdirectory. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_dontaudit_search_generic_user_home_dirs',` gen_require(` type user_home_t; ') dontaudit $1 user_home_t:dir search; ') ######################################## ## ## Create, read, write, and delete ## subdirectories of generic user ## home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_manage_generic_user_home_content_dirs',` gen_require(` type user_home_t; ') files_search_home($1) allow $1 user_home_dir_t:dir search_dir_perms; allow $1 user_home_t:dir create_dir_perms; ') ######################################## ## ## Read files in generic user home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_read_generic_user_home_content_files',` gen_require(` type user_home_t, user_home_dir_t; ') files_search_home($1) allow $1 user_home_dir_t:dir search_dir_perms; allow $1 user_home_t:dir r_dir_perms; allow $1 user_home_t:file r_file_perms; ') ######################################## ## ## Create, read, write, and delete files ## in generic user home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_manage_generic_user_home_content_files',` gen_require(` type user_home_t; ') files_search_home($1) allow $1 user_home_dir_t:dir search_dir_perms; allow $1 user_home_t:dir rw_dir_perms; allow $1 user_home_t:file create_file_perms; ') ######################################## ## ## Create, read, write, and delete symbolic ## links in generic user home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_manage_generic_user_home_content_symlinks',` gen_require(` type user_home_t; ') files_search_home($1) allow $1 user_home_dir_t:dir search_dir_perms; allow $1 user_home_t:dir rw_dir_perms; allow $1 user_home_t:lnk_file create_lnk_perms; ') ######################################## ## ## Create, read, write, and delete named ## pipes in generic user home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_manage_generic_user_home_content_pipes',` gen_require(` type user_home_t; ') files_search_home($1) allow $1 user_home_dir_t:dir search_dir_perms; allow $1 user_home_t:dir rw_dir_perms; allow $1 user_home_t:fifo_file create_file_perms; ') ######################################## ## ## Create, read, write, and delete named ## sockets in generic user home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_manage_generic_user_home_content_sockets',` gen_require(` type user_home_t; ') files_search_home($1) allow $1 user_home_dir_t:dir search_dir_perms; allow $1 user_home_t:dir rw_dir_perms; allow $1 user_home_t:sock_file create_file_perms; ') ######################################## ## ## Search all unprivileged users home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_search_unpriv_users_home_dirs',` gen_require(` attribute user_home_dir_type; ') files_search_home($1) allow $1 user_home_dir_type:dir search_dir_perms; ') ######################################## ## ## Read all unprivileged users home directory ## files. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_read_unpriv_users_home_content_files',` gen_require(` attribute user_home_dir_type, user_home_type; ') files_search_home($1) allow $1 user_home_dir_type:dir search_dir_perms; allow $1 user_home_type:dir r_dir_perms; allow $1 user_home_type:lnk_file { getattr read }; allow $1 user_home_type:file r_file_perms; ') ######################################## ## ## Create, read, write, and delete directories in ## unprivileged users home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_manage_unpriv_users_home_content_dirs',` gen_require(` attribute user_home_dir_type, user_home_type; ') files_search_home($1) allow $1 user_home_dir_type:dir search_dir_perms; allow $1 user_home_type:dir manage_dir_perms; ') ######################################## ## ## Create, read, write, and delete files in ## unprivileged users home directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_manage_unpriv_users_home_content_files',` gen_require(` attribute user_home_dir_type, user_home_type; ') files_search_home($1) allow $1 user_home_dir_type:dir search_dir_perms; allow $1 user_home_type:dir rw_dir_perms; allow $1 user_home_type:file manage_file_perms; ') ######################################## ## ## Set the attributes of user ptys. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_setattr_unpriv_users_ptys',` gen_require(` attribute user_ptynode; ') allow $1 user_ptynode:chr_file setattr; ') ######################################## ## ## Read and write unprivileged user ptys. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_use_unpriv_users_ptys',` ifdef(`targeted_policy',` term_use_generic_ptys($1) ',` gen_require(` attribute user_ptynode; ') term_search_ptys($1) allow $1 user_ptynode:chr_file rw_file_perms; ') ') ######################################## ## ## Do not audit attempts to use unprivileged ## user ptys. ## ## ## ## Domain to not audit. ## ## # interface(`userdom_dontaudit_use_unpriv_users_ptys',` ifdef(`targeted_policy',` term_dontaudit_use_generic_ptys($1) ',` gen_require(` attribute user_ptynode; ') dontaudit $1 user_ptynode:chr_file rw_file_perms; ') ') ######################################## ## ## Relabel files to unprivileged user pty types. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_relabelto_unpriv_users_ptys',` gen_require(` attribute user_ptynode; ') allow $1 user_ptynode:chr_file relabelto; ') ######################################## ## ## Do not audit attempts to relabel files from ## unprivileged user pty types. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_dontaudit_relabelfrom_unpriv_users_ptys',` gen_require(` attribute user_ptynode; ') dontaudit $1 user_ptynode:chr_file relabelfrom; ') ######################################## ## ## Read all unprivileged users temporary directories. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_list_unpriv_users_tmp',` ifdef(`targeted_policy',` files_list_tmp($1) ',` gen_require(` attribute user_tmpfile; ') allow $1 user_tmpfile:dir list_dir_perms; ') ') ######################################## ## ## Read all unprivileged users temporary files. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_read_unpriv_users_tmp_files',` ifdef(`targeted_policy',` files_read_generic_tmp_files($1) ',` gen_require(` attribute user_tmpfile; ') allow $1 user_tmpfile:file { read getattr }; ') ') ######################################## ## ## Read all unprivileged users temporary symbolic links. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_read_unpriv_users_tmp_symlinks',` ifdef(`targeted_policy',` files_read_generic_tmp_symlinks($1) ',` gen_require(` attribute user_tmpfile; ') allow $1 user_tmpfile:lnk_file { getattr read }; ') ') ######################################## ## ## Write all unprivileged users files in /tmp ## ## ## ## Domain allowed access. ## ## # interface(`userdom_write_unpriv_users_tmp_files',` gen_require(` attribute user_tmpfile; ') allow $1 user_tmpfile:file { getattr write append }; ') ######################################## ## ## Read and write unprivileged user ttys. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_use_unpriv_users_ttys',` ifdef(`targeted_policy',` term_use_unallocated_ttys($1) ',` gen_require(` attribute user_ttynode; ') allow $1 user_ttynode:chr_file rw_file_perms; ') ') ######################################## ## ## Do not audit attempts to use unprivileged ## user ttys. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_dontaudit_use_unpriv_users_ttys',` ifdef(`targeted_policy',` term_dontaudit_use_unallocated_ttys($1) ',` gen_require(` attribute user_ttynode; ') dontaudit $1 user_ttynode:chr_file rw_file_perms; ') ') ######################################## ## ## Read the process state of all user domains. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_read_all_users_state',` gen_require(` attribute userdomain; ') allow $1 userdomain:dir search_dir_perms; allow $1 userdomain:file r_file_perms; kernel_search_proc($1) ') ######################################## ## ## Get the attributes of all user domains. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_getattr_all_users',` gen_require(` attribute userdomain; ') allow $1 userdomain:process getattr; ') ######################################## ## ## Inherit the file descriptors from all user domains ## ## ## ## Domain allowed access. ## ## # interface(`userdom_use_all_users_fds',` gen_require(` attribute userdomain; ') allow $1 userdomain:fd use; ') ######################################## ## ## Do not audit attempts to inherit the file ## descriptors from any user domains. ## ## ## ## Domain to not audit. ## ## # interface(`userdom_dontaudit_use_all_users_fds',` gen_require(` attribute userdomain; ') dontaudit $1 userdomain:fd use; ') ######################################## ## ## Send general signals to all user domains. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_signal_all_users',` gen_require(` attribute userdomain; ') allow $1 userdomain:process signal; ') ######################################## ## ## Send a SIGCHLD signal to all user domains. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_sigchld_all_users',` gen_require(` attribute userdomain; ') allow $1 userdomain:process sigchld; ') ######################################## ## ## Create keys for all user domains. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_create_all_users_keys',` ifdef(`strict_policy',` gen_require(` attribute userdomain; ') allow $1 userdomain:key create; ',` unconfined_create_keys($1) ') ') ######################################## ## ## Send a dbus message to all user domains. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_dbus_send_all_users',` gen_require(` attribute userdomain; class dbus send_msg; ') allow $1 userdomain:dbus send_msg; ') ######################################## ## ## Unconfined access to user domains. ## ## ## ## Domain allowed access. ## ## # interface(`userdom_unconfined',` gen_require(` type user_home_dir_t; ') allow $1 user_home_dir_t:dir create_dir_perms; files_home_filetrans($1,user_home_dir_t,dir) ')