|
Dominick Grift |
5bb255b |
policy_module(anaconda, 1.6.1)
|
|
Dominick Grift |
5bb255b |
|
|
Dominick Grift |
5bb255b |
gen_require(`
|
|
Dominick Grift |
5bb255b |
class passwd all_passwd_perms;
|
|
Dominick Grift |
5bb255b |
')
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
########################################
|
|
Chris PeBenito |
9401ae1 |
#
|
|
Chris PeBenito |
9401ae1 |
# Declarations
|
|
Chris PeBenito |
9401ae1 |
#
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
type anaconda_t;
|
|
Chris PeBenito |
9401ae1 |
type anaconda_exec_t;
|
|
Chris PeBenito |
9401ae1 |
domain_type(anaconda_t)
|
|
Dominick Grift |
5bb255b |
domain_entry_file(anaconda_t, anaconda_exec_t)
|
|
Chris PeBenito |
9401ae1 |
domain_obj_id_change_exemption(anaconda_t)
|
|
Chris PeBenito |
9401ae1 |
role system_r types anaconda_t;
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
########################################
|
|
Chris PeBenito |
9401ae1 |
#
|
|
Chris PeBenito |
9401ae1 |
# Local policy
|
|
Chris PeBenito |
9401ae1 |
#
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
allow anaconda_t self:process execmem;
|
|
Dominick Grift |
5bb255b |
allow anaconda_t self:passwd { rootok passwd chfn chsh };
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
kernel_domtrans_to(anaconda_t, anaconda_exec_t)
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
init_domtrans_script(anaconda_t)
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
logging_send_syslog_msg(anaconda_t)
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
modutils_domtrans_insmod(anaconda_t)
|
|
Chris PeBenito |
9401ae1 |
modutils_domtrans_depmod(anaconda_t)
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
seutil_domtrans_semanage(anaconda_t)
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
optional_policy(`
|
|
Chris PeBenito |
9401ae1 |
rpm_domtrans(anaconda_t)
|
|
Chris PeBenito |
9401ae1 |
rpm_domtrans_script(anaconda_t)
|
|
Chris PeBenito |
9401ae1 |
')
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
optional_policy(`
|
|
Chris PeBenito |
9401ae1 |
ssh_domtrans_keygen(anaconda_t)
|
|
Chris PeBenito |
9401ae1 |
')
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
optional_policy(`
|
|
Chris PeBenito |
9401ae1 |
udev_domtrans(anaconda_t)
|
|
Chris PeBenito |
9401ae1 |
')
|
|
Chris PeBenito |
9401ae1 |
|
|
Chris PeBenito |
9401ae1 |
optional_policy(`
|
|
Dominick Grift |
5bb255b |
unconfined_domain_noaudit(anaconda_t)
|
|
Chris PeBenito |
9401ae1 |
')
|