69 lines
1.4 KiB
Plaintext
69 lines
1.4 KiB
Plaintext
## <summary>Policy for local logins.</summary>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Execute local logins in the local login domain.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## The type of the process performing this action.
|
|
## </param>
|
|
#
|
|
interface(`locallogin_domtrans',`
|
|
gen_require(`
|
|
type local_login_t;
|
|
')
|
|
|
|
auth_domtrans_login_program($1,local_login_t)
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Allow processes to inherit local login file descriptors.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## The type of the process performing this action.
|
|
## </param>
|
|
#
|
|
interface(`locallogin_use_fd',`
|
|
gen_require(`
|
|
type local_login_t;
|
|
class fd use;
|
|
')
|
|
|
|
allow $1 local_login_t:fd use;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Do not audit attempts to inherit local login file descriptors.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## Domain to not audit.
|
|
## </param>
|
|
#
|
|
interface(`locallogin_dontaudit_use_fd',`
|
|
gen_require(`
|
|
type local_login_t;
|
|
class fd use;
|
|
')
|
|
|
|
dontaudit $1 local_login_t:fd use;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Send a null signal to local login processes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## Domain allowed access.
|
|
## </param>
|
|
#
|
|
interface(`locallogin_signull',`
|
|
gen_require(`
|
|
type local_login_t;
|
|
class process signull;
|
|
')
|
|
|
|
allow $1 local_login_t:process signull;
|
|
')
|