3c3c0439f6
Allow unconfined processes to see unlabeled processes in ps. Removed a redundant rule in samba.te Removed support for the pre-Fedora Red Hat code to create sym-links in /boot. Removed support for devpts_t files in /tmp (there is no way that would ever work). Allowed postgrey to create socket files. Made the specs for the /lib and /lib64 directories better support stem compression.
68 lines
1.2 KiB
Plaintext
68 lines
1.2 KiB
Plaintext
|
|
policy_module(terminal,1.1.10)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
attribute ttynode;
|
|
attribute ptynode;
|
|
attribute server_ptynode;
|
|
attribute serial_device;
|
|
|
|
#
|
|
# bsdpty_device_t is the type of /dev/[tp]ty[abcdepqrstuvwxyz][0-9a-f]
|
|
type bsdpty_device_t;
|
|
dev_node(bsdpty_device_t)
|
|
|
|
#
|
|
# console_device_t is the type of /dev/console.
|
|
#
|
|
type console_device_t;
|
|
dev_node(console_device_t)
|
|
|
|
#
|
|
# devpts_t is the type of the devpts file system and
|
|
# the type of the root directory of the file system.
|
|
#
|
|
type devpts_t;
|
|
files_mountpoint(devpts_t)
|
|
fs_associate_tmpfs(devpts_t)
|
|
fs_type(devpts_t)
|
|
fs_use_trans devpts gen_context(system_u:object_r:devpts_t,s0);
|
|
|
|
ifdef(`targeted_policy',`
|
|
# cjp: the ttynode should probably be removed.
|
|
typeattribute devpts_t ttynode, ptynode;
|
|
')
|
|
|
|
#
|
|
# devtty_t is the type of /dev/tty.
|
|
#
|
|
type devtty_t;
|
|
dev_node(devtty_t)
|
|
mls_trusted_object(devtty_t)
|
|
|
|
#
|
|
# ptmx_t is the type for /dev/ptmx.
|
|
#
|
|
type ptmx_t;
|
|
dev_node(ptmx_t)
|
|
mls_trusted_object(ptmx_t)
|
|
|
|
#
|
|
# tty_device_t is the type of /dev/*tty*
|
|
#
|
|
type tty_device_t, serial_device;
|
|
dev_node(tty_device_t)
|
|
|
|
ifdef(`targeted_policy',`
|
|
typeattribute tty_device_t ttynode;
|
|
')
|
|
|
|
#
|
|
# usbtty_device_t is the type of /dev/usr/tty*
|
|
#
|
|
type usbtty_device_t, serial_device;
|
|
dev_node(usbtty_device_t)
|