From cd2367bf8c02aaf79fc250532958e9f98c7231b8 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: May 31 2012 17:26:34 +0000 Subject: Allow local_login to run directly from init subsystem, needs back port to RHEL6 --- diff --git a/policy/modules/kernel/terminal.if b/policy/modules/kernel/terminal.if index c9ac6c7..b283c17 100644 --- a/policy/modules/kernel/terminal.if +++ b/policy/modules/kernel/terminal.if @@ -973,7 +973,7 @@ interface(`term_relabel_all_ptys',` ') dev_list_all_dev_nodes($1) - relabel_chr_files_pattern($1, devpts_t, ptynode) + relabel_chr_files_pattern($1, devpts_t, { ptynode devpts_t } ) ') ######################################## diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te index 362176f..d7122db 100644 --- a/policy/modules/system/locallogin.te +++ b/policy/modules/system/locallogin.te @@ -9,6 +9,16 @@ type local_login_t; domain_interactive_fd(local_login_t) auth_login_pgm_domain(local_login_t) auth_login_entry_type(local_login_t) +init_daemon_domain(local_login_t, login_exec_t) +init_ranged_daemon_domain(local_login_t, login_exec_t, s0 - mcs_systemhigh) + +ifdef(`enable_mls',` + init_ranged_daemon_domain(local_login_t, login_exec_t, mls_systemhigh) +') + +ifdef(`enable_mcs',` + init_ranged_daemon_domain(local_login_t, login_exec_t, mcs_systemhigh) +') type local_login_lock_t; files_lock_file(local_login_lock_t) @@ -115,6 +125,9 @@ term_relabel_unallocated_ttys(local_login_t) term_relabel_all_ttys(local_login_t) term_setattr_all_ttys(local_login_t) term_setattr_unallocated_ttys(local_login_t) +term_relabel_unallocated_ptys(local_login_t) +term_relabel_all_ptys(local_login_t) +term_setattr_generic_ptys(local_login_t) auth_rw_login_records(local_login_t) auth_rw_faillog(local_login_t)