155 lines
2.9 KiB
Plaintext
155 lines
2.9 KiB
Plaintext
## <summary>Who is logged in on other machines?</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute a domain transition to run rwho.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed to transition.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`rwho_domtrans',`
|
|
gen_require(`
|
|
type rwho_t, rwho_exec_t;
|
|
')
|
|
|
|
domtrans_pattern($1, rwho_exec_t, rwho_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search rwho log directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`rwho_search_log',`
|
|
gen_require(`
|
|
type rwho_log_t;
|
|
')
|
|
|
|
allow $1 rwho_log_t:dir search_dir_perms;
|
|
logging_search_logs($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read rwho log files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`rwho_read_log_files',`
|
|
gen_require(`
|
|
type rwho_log_t;
|
|
')
|
|
|
|
allow $1 rwho_log_t:file read_file_perms;
|
|
allow $1 rwho_log_t:dir list_dir_perms;
|
|
logging_search_logs($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Search rwho spool directories.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`rwho_search_spool',`
|
|
gen_require(`
|
|
type rwho_spool_t;
|
|
')
|
|
|
|
allow $1 rwho_spool_t:dir search_dir_perms;
|
|
files_search_spool($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Read rwho spool files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`rwho_read_spool_files',`
|
|
gen_require(`
|
|
type rwho_spool_t;
|
|
')
|
|
|
|
read_files_pattern($1, rwho_spool_t, rwho_spool_t)
|
|
files_search_spool($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Create, read, write, and delete
|
|
## rwho spool files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`rwho_manage_spool_files',`
|
|
gen_require(`
|
|
type rwho_spool_t;
|
|
')
|
|
|
|
manage_files_pattern($1,rwho_spool_t,rwho_spool_t)
|
|
files_search_spool($1)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## All of the rules required to administrate
|
|
## an rwho environment
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <param name="role">
|
|
## <summary>
|
|
## The role allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`rwho_admin',`
|
|
gen_require(`
|
|
type rwho_t, rwho_log_t, rwho_spool_t;
|
|
type rwho_initrc_exec_t;
|
|
')
|
|
|
|
allow $1 rwho_t:process { ptrace signal_perms };
|
|
ps_process_pattern($1, rwho_t)
|
|
|
|
init_labeled_script_domtrans($1, rwho_initrc_exec_t)
|
|
domain_system_change_exemption($1)
|
|
role_transition $2 rwho_initrc_exec_t system_r;
|
|
allow $2 system_r;
|
|
|
|
logging_list_logs($1)
|
|
admin_pattern($1, rwho_log_t)
|
|
|
|
files_list_spool($1)
|
|
admin_pattern($1, rwho_spool_t)
|
|
')
|