psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Clone
Source Code
GIT

Blame xguest.te

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master master-docker master_contrib private-master-atomic-policy private-master-migrate-to-var-lib-selinux requires tests
  1.   53a2fe6864bd08445c33b7bf468690dc3e428eae
  2.   xguest.te
Blob History Raw
Chris PeBenito 67b7e79 
policy_module(xguest, 1.1.1)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
########################################
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1 
# Declarations
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
## <desc>
Chris PeBenito 9401ae1 
##
Chris PeBenito 9401ae1 
## Allow xguest users to mount removable media
Chris PeBenito 9401ae1 
##
Chris PeBenito 9401ae1 
## </desc>
Chris PeBenito 89c62b6 
gen_tunable(xguest_mount_media, false)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
## <desc>
Chris PeBenito 9401ae1 
##
Chris PeBenito 9401ae1 
## Allow xguest to configure Network Manager
Chris PeBenito 9401ae1 
##
Chris PeBenito 9401ae1 
## </desc>
Chris PeBenito 89c62b6 
gen_tunable(xguest_connect_network, false)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
## <desc>
Chris PeBenito 9401ae1 
##
Chris PeBenito 9401ae1 
## Allow xguest to use blue tooth devices
Chris PeBenito 9401ae1 
##
Chris PeBenito 9401ae1 
## </desc>
Chris PeBenito 89c62b6 
gen_tunable(xguest_use_bluetooth, false)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
role xguest_r;
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
userdom_restricted_xwindows_user_template(xguest)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
########################################
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1 
# Local policy
Chris PeBenito 9401ae1 
#
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
ifndef(`enable_mls',`
Chris PeBenito 9401ae1 
	fs_exec_noxattr(xguest_t)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
	tunable_policy(`user_rw_noexattrfile',`
Chris PeBenito 9401ae1 
		fs_manage_noxattr_fs_files(xguest_t)
Chris PeBenito 9401ae1 
		fs_manage_noxattr_fs_dirs(xguest_t)
Chris PeBenito 9401ae1 
		# Write floppies
Chris PeBenito 9401ae1 
		storage_raw_read_removable_device(xguest_t)
Chris PeBenito 9401ae1 
		storage_raw_write_removable_device(xguest_t)
Chris PeBenito 9401ae1 
	',`
Chris PeBenito 9401ae1 
		storage_raw_read_removable_device(xguest_t)
Chris PeBenito 9401ae1 
	')
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
# Allow mounting of file systems
Chris PeBenito 9401ae1 
optional_policy(`
Chris PeBenito 9401ae1 
	tunable_policy(`xguest_mount_media',`
Chris PeBenito 9401ae1 
		kernel_read_fs_sysctls(xguest_t)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
		files_dontaudit_getattr_boot_dirs(xguest_t)
Chris PeBenito 9401ae1 
		files_search_mnt(xguest_t)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
		fs_manage_noxattr_fs_files(xguest_t)
Chris PeBenito 9401ae1 
		fs_manage_noxattr_fs_dirs(xguest_t)
Chris PeBenito 9401ae1 
		fs_manage_noxattr_fs_dirs(xguest_t)
Chris PeBenito 9401ae1 
		fs_getattr_noxattr_fs(xguest_t)
Chris PeBenito 9401ae1 
		fs_read_noxattr_fs_symlinks(xguest_t)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
		auth_list_pam_console_data(xguest_t)
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
		init_read_utmp(xguest_t)
Chris PeBenito 9401ae1 
	')
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
optional_policy(`
Chris PeBenito 9401ae1 
	tunable_policy(`xguest_use_bluetooth',`
Chris PeBenito 9401ae1 
		bluetooth_dbus_chat(xguest_t)
Chris PeBenito 9401ae1 
	')
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
optional_policy(`
Chris PeBenito 9401ae1 
	hal_dbus_chat(xguest_t)
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
optional_policy(`
Chris PeBenito 9401ae1 
	java_role(xguest_r, xguest_t)
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
optional_policy(`
Chris PeBenito 9401ae1 
	mozilla_role(xguest_r, xguest_t)
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
optional_policy(`
Chris PeBenito 9401ae1 
	tunable_policy(`xguest_connect_network',`
Chris PeBenito 9401ae1 
		networkmanager_dbus_chat(xguest_t)
Chris PeBenito 9401ae1 
		corenet_tcp_connect_pulseaudio_port(xguest_t)
Chris PeBenito 9401ae1 
		corenet_tcp_connect_ipp_port(xguest_t)
Chris PeBenito 9401ae1 
	')
Chris PeBenito 9401ae1 
')
Chris PeBenito 9401ae1
Chris PeBenito 9401ae1 
#gen_user(xguest_u,, xguest_r, s0, s0)
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.