68ac47d8c5
Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes. Whitespace, newline and tab fixes.
146 lines
3.5 KiB
Plaintext
146 lines
3.5 KiB
Plaintext
policy_module(consolekit, 1.6.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type consolekit_t;
|
|
type consolekit_exec_t;
|
|
init_daemon_domain(consolekit_t, consolekit_exec_t)
|
|
|
|
type consolekit_log_t;
|
|
logging_log_file(consolekit_log_t)
|
|
|
|
type consolekit_var_run_t;
|
|
files_pid_file(consolekit_var_run_t)
|
|
|
|
type consolekit_tmpfs_t;
|
|
files_tmpfs_file(consolekit_tmpfs_t)
|
|
|
|
########################################
|
|
#
|
|
# consolekit local policy
|
|
#
|
|
|
|
allow consolekit_t self:capability { chown setuid setgid sys_tty_config dac_override sys_nice sys_ptrace };
|
|
allow consolekit_t self:process { getsched signal };
|
|
allow consolekit_t self:fifo_file rw_fifo_file_perms;
|
|
allow consolekit_t self:unix_stream_socket create_stream_socket_perms;
|
|
allow consolekit_t self:unix_dgram_socket create_socket_perms;
|
|
|
|
manage_files_pattern(consolekit_t, consolekit_log_t, consolekit_log_t)
|
|
logging_log_filetrans(consolekit_t, consolekit_log_t, file)
|
|
|
|
manage_dirs_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t)
|
|
manage_files_pattern(consolekit_t, consolekit_var_run_t, consolekit_var_run_t)
|
|
files_pid_filetrans(consolekit_t, consolekit_var_run_t, { file dir })
|
|
|
|
kernel_read_system_state(consolekit_t)
|
|
|
|
corecmd_exec_bin(consolekit_t)
|
|
corecmd_exec_shell(consolekit_t)
|
|
|
|
dev_read_urand(consolekit_t)
|
|
dev_read_sysfs(consolekit_t)
|
|
|
|
domain_read_all_domains_state(consolekit_t)
|
|
domain_use_interactive_fds(consolekit_t)
|
|
domain_dontaudit_ptrace_all_domains(consolekit_t)
|
|
|
|
files_read_etc_files(consolekit_t)
|
|
files_read_usr_files(consolekit_t)
|
|
# needs to read /var/lib/dbus/machine-id
|
|
files_read_var_lib_files(consolekit_t)
|
|
files_search_all_mountpoints(consolekit_t)
|
|
|
|
fs_list_inotifyfs(consolekit_t)
|
|
|
|
mcs_ptrace_all(consolekit_t)
|
|
|
|
term_use_all_terms(consolekit_t)
|
|
|
|
auth_use_nsswitch(consolekit_t)
|
|
auth_manage_pam_console_data(consolekit_t)
|
|
auth_write_login_records(consolekit_t)
|
|
|
|
init_telinit(consolekit_t)
|
|
init_rw_utmp(consolekit_t)
|
|
|
|
logging_send_syslog_msg(consolekit_t)
|
|
logging_send_audit_msgs(consolekit_t)
|
|
|
|
miscfiles_read_localization(consolekit_t)
|
|
|
|
# consolekit needs to be able to ptrace all logged in users
|
|
userdom_ptrace_all_users(consolekit_t)
|
|
userdom_dontaudit_read_user_home_content_files(consolekit_t)
|
|
userdom_dontaudit_getattr_admin_home_files(consolekit_t)
|
|
userdom_read_user_tmp_files(consolekit_t)
|
|
|
|
hal_ptrace(consolekit_t)
|
|
|
|
tunable_policy(`use_nfs_home_dirs',`
|
|
fs_read_nfs_files(consolekit_t)
|
|
')
|
|
|
|
tunable_policy(`use_samba_home_dirs',`
|
|
fs_read_cifs_files(consolekit_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
cron_read_system_job_lib_files(consolekit_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
dbus_system_domain(consolekit_t, consolekit_exec_t)
|
|
|
|
optional_policy(`
|
|
hal_dbus_chat(consolekit_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
rpm_dbus_chat(consolekit_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
unconfined_dbus_chat(consolekit_t)
|
|
')
|
|
')
|
|
|
|
optional_policy(`
|
|
networkmanager_append_log(consolekit_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
policykit_dbus_chat(consolekit_t)
|
|
policykit_domtrans_auth(consolekit_t)
|
|
policykit_read_lib(consolekit_t)
|
|
policykit_read_reload(consolekit_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
shutdown_domtrans(consolekit_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
xserver_read_xdm_pid(consolekit_t)
|
|
xserver_read_user_xauth(consolekit_t)
|
|
xserver_non_drawing_client(consolekit_t)
|
|
corenet_tcp_connect_xserver_port(consolekit_t)
|
|
xserver_stream_connect(consolekit_t)
|
|
xserver_user_x_domain_template(consolekit, consolekit_t, consolekit_tmpfs_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
udev_domtrans(consolekit_t)
|
|
udev_read_db(consolekit_t)
|
|
udev_signal(consolekit_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
#reading .Xauthity
|
|
unconfined_ptrace(consolekit_t)
|
|
unconfined_stream_connect(consolekit_t)
|
|
')
|