selinux-policy/refpolicy/policy/modules/system/locallogin.if
2005-09-15 15:34:31 +00:00

69 lines
1.4 KiB
Plaintext

## <summary>Policy for local logins.</summary>
########################################
## <summary>
## Execute local logins in the local login domain.
## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
#
interface(`locallogin_domtrans',`
gen_require(`
type local_login_t;
')
auth_domtrans_login_program($1,local_login_t)
')
########################################
## <summary>
## Allow processes to inherit local login file descriptors.
## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
#
interface(`locallogin_use_fd',`
gen_require(`
type local_login_t;
class fd use;
')
allow $1 local_login_t:fd use;
')
########################################
## <summary>
## Do not audit attempts to inherit local login file descriptors.
## </summary>
## <param name="domain">
## Domain to not audit.
## </param>
#
interface(`locallogin_dontaudit_use_fd',`
gen_require(`
type local_login_t;
class fd use;
')
dontaudit $1 local_login_t:fd use;
')
########################################
## <summary>
## Send a null signal to local login processes.
## </summary>
## <param name="domain">
## Domain allowed access.
## </param>
#
interface(`locallogin_signull',`
gen_require(`
type local_login_t;
class process signull;
')
allow $1 local_login_t:process signull;
')