48 lines
1023 B
Plaintext
48 lines
1023 B
Plaintext
|
|
policy_module(loadkeys, 1.5.1)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
# cjp: this should probably be rewritten
|
|
# per user domain, since it can rw
|
|
# all user domain ttys
|
|
type loadkeys_t;
|
|
type loadkeys_exec_t;
|
|
init_system_domain(loadkeys_t, loadkeys_exec_t)
|
|
|
|
########################################
|
|
#
|
|
# Local policy
|
|
#
|
|
|
|
allow loadkeys_t self:capability { dac_override dac_read_search setuid sys_tty_config };
|
|
allow loadkeys_t self:fifo_file rw_fifo_file_perms;
|
|
|
|
kernel_read_system_state(loadkeys_t)
|
|
|
|
corecmd_exec_bin(loadkeys_t)
|
|
corecmd_exec_shell(loadkeys_t)
|
|
|
|
files_read_etc_files(loadkeys_t)
|
|
files_read_etc_runtime_files(loadkeys_t)
|
|
|
|
term_dontaudit_use_console(loadkeys_t)
|
|
term_use_unallocated_ttys(loadkeys_t)
|
|
|
|
init_dontaudit_use_fds(loadkeys_t)
|
|
init_dontaudit_use_script_ptys(loadkeys_t)
|
|
|
|
locallogin_use_fds(loadkeys_t)
|
|
|
|
miscfiles_read_localization(loadkeys_t)
|
|
|
|
userdom_use_user_ttys(loadkeys_t)
|
|
userdom_list_user_home_dirs(loadkeys_t)
|
|
|
|
optional_policy(`
|
|
nscd_dontaudit_search_pid(loadkeys_t)
|
|
')
|