87 lines
1.6 KiB
Plaintext
87 lines
1.6 KiB
Plaintext
|
|
policy_module(userdomain, 3.1.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
## <desc>
|
|
## <p>
|
|
## Allow users to connect to mysql
|
|
## </p>
|
|
## </desc>
|
|
gen_tunable(allow_user_mysql_connect,false)
|
|
|
|
## <desc>
|
|
## <p>
|
|
## Allow users to connect to PostgreSQL
|
|
## </p>
|
|
## </desc>
|
|
gen_tunable(allow_user_postgresql_connect,false)
|
|
|
|
## <desc>
|
|
## <p>
|
|
## Allow regular users direct mouse access
|
|
## </p>
|
|
## </desc>
|
|
gen_tunable(user_direct_mouse,false)
|
|
|
|
## <desc>
|
|
## <p>
|
|
## Allow users to read system messages.
|
|
## </p>
|
|
## </desc>
|
|
gen_tunable(user_dmesg,false)
|
|
|
|
## <desc>
|
|
## <p>
|
|
## Allow user to r/w files on filesystems
|
|
## that do not have extended attributes (FAT, CDROM, FLOPPY)
|
|
## </p>
|
|
## </desc>
|
|
gen_tunable(user_rw_noexattrfile,false)
|
|
|
|
## <desc>
|
|
## <p>
|
|
## Allow w to display everyone
|
|
## </p>
|
|
## </desc>
|
|
gen_tunable(user_ttyfile_stat,false)
|
|
|
|
# admin users terminals (tty and pty)
|
|
attribute admin_terminal;
|
|
|
|
# users home directory
|
|
attribute home_dir_type;
|
|
|
|
# users home directory contents
|
|
attribute home_type;
|
|
|
|
# The privhome attribute identifies every domain that can create files under
|
|
# regular user home directories in the regular context (IE act on behalf of
|
|
# a user in writing regular files)
|
|
attribute privhome;
|
|
|
|
# all unprivileged users home directories
|
|
attribute user_home_dir_type;
|
|
attribute user_home_type;
|
|
|
|
# all unprivileged users ptys
|
|
attribute user_ptynode;
|
|
|
|
# all unprivileged users tmp files
|
|
attribute user_tmpfile;
|
|
|
|
# all unprivileged users ttys
|
|
attribute user_ttynode;
|
|
|
|
# all user domains
|
|
attribute userdomain;
|
|
|
|
# unprivileged user domains
|
|
attribute unpriv_userdomain;
|
|
|
|
attribute untrusted_content_type;
|
|
attribute untrusted_content_tmp_type;
|