56 lines
1.2 KiB
Plaintext
56 lines
1.2 KiB
Plaintext
# Copyright (C) 2005 Tresys Technology, LLC
|
|
|
|
policy_module(authlogin,1.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
type chkpwd_exec_t;
|
|
authlogin_per_userdomain_template(system)
|
|
domain_make_entrypoint_file(system_chkpwd_t,chkpwd_exec_t)
|
|
|
|
type faillog_t;
|
|
logging_make_log_file(faillog_t)
|
|
|
|
type lastlog_t;
|
|
logging_make_log_file(lastlog_t)
|
|
|
|
type login_exec_t;
|
|
files_make_file(login_exec_t)
|
|
|
|
type pam_t;
|
|
domain_make_domain(pam_t)
|
|
|
|
type pam_tmp_t;
|
|
files_make_file(pam_tmp_t)
|
|
|
|
type pam_var_console_t;
|
|
files_make_file(pam_var_console_t)
|
|
|
|
type pam_var_run_t;
|
|
files_make_file(pam_var_run_t)
|
|
|
|
type shadow_t;
|
|
files_make_file(shadow_t)
|
|
attribute can_read_shadow_passwords;
|
|
attribute can_write_shadow_passwords;
|
|
neverallow ~can_read_shadow_passwords shadow_t:file read;
|
|
neverallow ~can_write_shadow_passwords shadow_t:file write;
|
|
|
|
type utempter_t;
|
|
domain_make_domain(utempter_t)
|
|
|
|
type utempter_exec_t;
|
|
domain_make_entrypoint_file(utempter_t,utempter_exec_t)
|
|
|
|
type wtmp_t;
|
|
logging_make_log_file(wtmp_t)
|
|
|
|
########################################
|
|
#
|
|
# Local policy
|
|
#
|
|
#dontaudit system_chkpwd_t { user_tty_type tty_device_t }:chr_file rw_file_perms;
|
|
#dontaudit system_chkpwd_t privfd:fd use;
|