selinux-policy/mls/macros/program/run_program_macros.te
2005-11-22 19:28:03 +00:00

74 lines
2.8 KiB
Plaintext

# $1 is the source domain (or domains), $2 is the source role (or roles) and $3
# is the base name for the domain to run. $1 is normally sysadm_t, and $2 is
# normally sysadm_r. $4 is the type of program to run and $5 is the domain to
# transition to.
# sample usage:
# run_program(sysadm_t, sysadm_r, init, etc_t, initrc_t)
#
# if you have several users who run the same run_init type program for
# different purposes (think of a run_db program used by several database
# administrators to start several databases) then you can list all the source
# domains in $1, all the source roles in $2, but you may not want to list all
# types of programs to run in $4 and target domains in $5 (as that may permit
# entering a domain from the wrong type). In such a situation just specify
# one value for each of $4 and $5 and have some rules such as the following:
# domain_trans(run_whatever_t, whatever_exec_t, whatever_t)
define(`run_program', `
type run_$3_exec_t, file_type, exec_type, sysadmfile;
# domain for program to run in, needs to change role (priv_system_role), change
# identity to system_u (privuser), log failures to syslog (privlog) and
# authenticate users
type run_$3_t, domain, priv_system_role, privuser, privlog;
domain_auto_trans($1, run_$3_exec_t, run_$3_t)
role $2 types run_$3_t;
domain_auto_trans(run_$3_t, chkpwd_exec_t, sysadm_chkpwd_t)
dontaudit run_$3_t shadow_t:file getattr;
# for utmp
allow run_$3_t initrc_var_run_t:file rw_file_perms;
allow run_$3_t admin_tty_type:chr_file rw_file_perms;
dontaudit run_$3_t devpts_t:dir { getattr read };
dontaudit run_$3_t device_t:dir read;
# for auth_chkpwd
dontaudit run_$3_t shadow_t:file read;
allow run_$3_t self:process { fork sigchld };
allow run_$3_t self:fifo_file rw_file_perms;
allow run_$3_t self:capability setuid;
allow run_$3_t self:lnk_file read;
# often the administrator runs such programs from a directory that is owned
# by a different user or has restrictive SE permissions, do not want to audit
# the failed access to the current directory
dontaudit run_$3_t file_type:dir search;
dontaudit run_$3_t self:capability { dac_override dac_read_search };
allow run_$3_t bin_t:lnk_file read;
can_exec(run_$3_t, { bin_t shell_exec_t })
ifdef(`chkpwd.te', `
can_exec(run_$3_t, chkpwd_exec_t)
')
domain_trans(run_$3_t, $4, $5)
can_setexec(run_$3_t)
allow run_$3_t privfd:fd use;
uses_shlib(run_$3_t)
allow run_$3_t lib_t:file { getattr read };
can_getsecurity(run_$3_t)
r_dir_file(run_$3_t,selinux_config_t)
r_dir_file(run_$3_t,default_context_t)
allow run_$3_t self:unix_stream_socket create_socket_perms;
allow run_$3_t self:unix_dgram_socket create_socket_perms;
allow run_$3_t etc_t:file { getattr read };
read_locale(run_$3_t)
allow run_$3_t fs_t:filesystem getattr;
allow run_$3_t { bin_t sbin_t }:dir search;
dontaudit run_$3_t device_t:dir { getattr search };
')