policy_module(userdomain, 3.1.0) ######################################## # # Declarations # ## ##

## Allow users to connect to mysql ##

##
gen_tunable(allow_user_mysql_connect,false) ## ##

## Allow users to connect to PostgreSQL ##

##
gen_tunable(allow_user_postgresql_connect,false) ## ##

## Allow regular users direct mouse access ##

##
gen_tunable(user_direct_mouse,false) ## ##

## Allow users to read system messages. ##

##
gen_tunable(user_dmesg,false) ## ##

## Allow user to r/w files on filesystems ## that do not have extended attributes (FAT, CDROM, FLOPPY) ##

##
gen_tunable(user_rw_noexattrfile,false) ## ##

## Allow w to display everyone ##

##
gen_tunable(user_ttyfile_stat,false) # admin users terminals (tty and pty) attribute admin_terminal; # users home directory attribute home_dir_type; # users home directory contents attribute home_type; # The privhome attribute identifies every domain that can create files under # regular user home directories in the regular context (IE act on behalf of # a user in writing regular files) attribute privhome; # all unprivileged users home directories attribute user_home_dir_type; attribute user_home_type; # all unprivileged users ptys attribute user_ptynode; # all unprivileged users tmp files attribute user_tmpfile; # all unprivileged users ttys attribute user_ttynode; # all user domains attribute userdomain; # unprivileged user domains attribute unpriv_userdomain; attribute untrusted_content_type; attribute untrusted_content_tmp_type;