Red Hat Graphical Boot.

######################################## ##

## RHGB stub interface. No access allowed. ##

## ##

## N/A ##

## # interface(`rhgb_stub',` gen_require(` type rhgb_t; ') ') ######################################## ##

## Inherit and use rhgb file descriptors. ##

## ##

## Domain allowed access. ##

## # interface(`rhgb_use_fds',` gen_require(` type rhgb_t; ') allow $1 rhgb_t:fd use; ') ######################################## ##

## Get the process group of rhgb. ##

## ##

## Domain allowed access. ##

## # interface(`rhgb_getpgid',` gen_require(` type rhgb_t; ') allow $1 rhgb_t:process getpgid; ') ######################################## ##

## Send generic signals to rhgb. ##

## ##

## Domain allowed access. ##

## # interface(`rhgb_signal',` gen_require(` type rhgb_t; ') allow $1 rhgb_t:process signal; ') ######################################## ##

## Read and write inherited rhgb unix ## domain stream sockets. ##

## ##

## Domain allowed access. ##

## # interface(`rhgb_rw_stream_sockets',` gen_require(` type rhgb_t; ') allow $1 rhgb_t:unix_stream_socket { read write }; ') ######################################## ##

## Do not audit attempts to read and write ## rhgb unix domain stream sockets. ##

## ##

## Domain to not audit. ##

## # interface(`rhgb_dontaudit_rw_stream_sockets',` gen_require(` type rhgb_t; ') dontaudit $1 rhgb_t:unix_stream_socket { read write }; ') ######################################## ##

## Connected to rhgb with a unix ## domain stream socket. ##

## ##

## Domain allowed access. ##

## # interface(`rhgb_stream_connect',` gen_require(` type rhgb_t, rhgb_tmpfs_t; ') fs_search_tmpfs($1) stream_connect_pattern($1, rhgb_tmpfs_t, rhgb_tmpfs_t, rhgb_t) ') ######################################## ##

## Read and write to rhgb shared memory. ##

## ##

## Domain allowed access. ##

## # interface(`rhgb_rw_shm',` gen_require(` type rhgb_t; ') allow $1 rhgb_t:shm rw_shm_perms; ') ######################################## ##

## Read and write rhgb pty devices. ##

## ##

## Domain allowed access. ##

## # interface(`rhgb_use_ptys',` gen_require(` type rhgb_devpts_t; ') dev_list_all_dev_nodes($1) allow $1 rhgb_devpts_t:chr_file rw_term_perms; ') ######################################## ##

## Do not audit attempts to read and ## write rhgb pty devices. ##

## ##

## Domain to not audit. ##

## # interface(`rhgb_dontaudit_use_ptys',` gen_require(` type rhgb_devpts_t; ') dontaudit $1 rhgb_devpts_t:chr_file rw_term_perms; ') ######################################## ##

## Read and write to rhgb tmpfs files. ##

## ##

## Domain allowed access. ##

## # interface(`rhgb_rw_tmpfs_files',` gen_require(` type rhgb_tmpfs_t; ') fs_search_tmpfs($1) allow $1 rhgb_tmpfs_t:file rw_file_perms; ')