## <summary> Red Hat Graphical Boot </summary> ######################################## ## <summary> ## RHGB stub interface. No access allowed. ## </summary> ## <param name="domain"> ## <summary> ## N/A ## </summary> ## </param> # interface(`rhgb_stub',` gen_require(` type rhgb_t; ') ') ######################################## ## <summary> ## Use a rhgb file descriptor. ## </summary> ## <param name="domain"> ## <summary> ## The type of the process performing this action. ## </summary> ## </param> # interface(`rhgb_use_fds',` gen_require(` type rhgb_t; ') allow $1 rhgb_t:fd use; ') ######################################## ## <summary> ## Read and write to unix stream sockets. ## </summary> ## <param name="domain"> ## <summary> ## The type of the process performing this action. ## </summary> ## </param> # interface(`rhgb_rw_stream_sockets',` gen_require(` type rhgb_t; ') allow $1 rhgb_t:unix_stream_socket { read write }; ') ######################################## ## <summary> ## Do not audit attempts to read and write ## rhgb unix domain stream sockets. ## </summary> ## <param name="domain"> ## <summary> ## The type of the process performing this action. ## </summary> ## </param> # interface(`rhgb_dontaudit_rw_stream_sockets',` gen_require(` type rhgb_t; ') dontaudit $1 rhgb_t:unix_stream_socket { read write }; ') ######################################## ## <summary> ## Connected to rhgb unix stream socket. ## </summary> ## <param name="domain"> ## <summary> ## The type of the process performing this action. ## </summary> ## </param> # interface(`rhgb_stream_connect',` gen_require(` type rhgb_t; ') allow $1 rhgb_t:unix_stream_socket connectto; ') ######################################## ## <summary> ## Read and write to rhgb shared memory. ## </summary> ## <param name="domain"> ## <summary> ## The type of the process performing this action. ## </summary> ## </param> # interface(`rhgb_rw_shm',` gen_require(` type rhgb_t; ') allow $1 rhgb_t:shm rw_shm_perms; ') ######################################## ## <summary> ## Read and write to rhgb temporary file system. ## </summary> ## <param name="domain"> ## <summary> ## The type of the process performing this action. ## </summary> ## </param> # interface(`rhgb_rw_tmpfs_files',` gen_require(` type rhgb_tmpfs_t; ') allow $1 rhgb_tmpfs_t:file { read write }; ')