rpms / selinux-policy

Clone
Source Code
GIT

Blame policy/modules/kernel/mcs.if

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   6ed3f15e827cbd4b2bfef723a44f5be3c4aed6cc
  2.   policy
  3.   modules
  4.   kernel
  5.   mcs.if
Blob History Raw
Chris PeBenito 17de1b 
## <summary>Multicategory security policy</summary>
Chris PeBenito 17de1b 
## <required val="true">
Chris PeBenito 17de1b 
##	Contains attributes used in MCS policy.
Chris PeBenito 17de1b 
## </required>
Chris PeBenito 17de1b
Chris PeBenito 17de1b 
########################################
Chris PeBenito 17de1b 
## <summary>
Chris PeBenito 808341 
##	This domain is allowed to read files and directories
Chris PeBenito 808341 
##	regardless of their MCS category set.
Chris PeBenito 808341 
## </summary>
Chris PeBenito 808341 
## <param name="domain">
Chris PeBenito 808341 
##	<summary>
Chris PeBenito 808341 
##	Domain target for user exemption.
Chris PeBenito 808341 
##	</summary>
Chris PeBenito 808341 
## </param>
Chris PeBenito 808341 
## <rolecap/>
Chris PeBenito 808341 
#
Chris PeBenito 808341 
interface(`mcs_file_read_all',`
Chris PeBenito 808341 
	gen_require(`
Chris PeBenito 808341 
		attribute mcsreadall;
Chris PeBenito 808341 
	')
Chris PeBenito 808341
Chris PeBenito 808341 
	typeattribute $1 mcsreadall;
Chris PeBenito 808341 
')
Chris PeBenito 808341
Chris PeBenito 808341 
########################################
Chris PeBenito 808341 
## <summary>
Chris PeBenito 808341 
##	This domain is allowed to write files and directories
Chris PeBenito 808341 
##	regardless of their MCS category set.
Chris PeBenito 808341 
## </summary>
Chris PeBenito 808341 
## <param name="domain">
Chris PeBenito 808341 
##	<summary>
Chris PeBenito 808341 
##	Domain target for user exemption.
Chris PeBenito 808341 
##	</summary>
Chris PeBenito 808341 
## </param>
Chris PeBenito 808341 
## <rolecap/>
Chris PeBenito 808341 
#
Chris PeBenito 808341 
interface(`mcs_file_write_all',`
Chris PeBenito 808341 
	gen_require(`
Chris PeBenito 808341 
		attribute mcswriteall;
Chris PeBenito 808341 
	')
Chris PeBenito 808341
Chris PeBenito 808341 
	typeattribute $1 mcswriteall;
Chris PeBenito 808341 
')
Chris PeBenito 808341
Chris PeBenito 808341 
########################################
Chris PeBenito 808341 
## <summary>
Chris PeBenito 17de1b 
##	This domain is allowed to sigkill and sigstop
Chris PeBenito 465510 
##	all domains regardless of their MCS category set.
Chris PeBenito 17de1b 
## </summary>
Chris PeBenito 17de1b 
## <param name="domain">
Chris PeBenito 17de1b 
##	<summary>
Chris PeBenito 17de1b 
##	Domain target for user exemption.
Chris PeBenito 17de1b 
##	</summary>
Chris PeBenito 17de1b 
## </param>
Chris PeBenito bbcd3c 
## <rolecap/>
Chris PeBenito 17de1b 
#
Chris PeBenito 17de1b 
interface(`mcs_killall',`
Chris PeBenito 17de1b 
	gen_require(`
Chris PeBenito 17de1b 
		attribute mcskillall;
Chris PeBenito 17de1b 
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b 
	typeattribute $1 mcskillall;
Chris PeBenito 17de1b 
')
Chris PeBenito 17de1b
Chris PeBenito 17de1b 
########################################
Chris PeBenito 17de1b 
## <summary>
Chris PeBenito 465510 
##	This domain is allowed to ptrace
Chris PeBenito 465510 
##	all domains regardless of their MCS
Chris PeBenito 465510 
##	category set.
Chris PeBenito 465510 
## </summary>
Chris PeBenito 465510 
## <param name="domain">
Chris PeBenito 465510 
##	<summary>
Chris PeBenito 465510 
##	Domain target for user exemption.
Chris PeBenito 465510 
##	</summary>
Chris PeBenito 465510 
## </param>
Chris PeBenito 465510 
#
Chris PeBenito 465510 
interface(`mcs_ptrace_all',`
Chris PeBenito 465510 
	gen_require(`
Chris PeBenito 465510 
		attribute mcsptraceall;
Chris PeBenito 465510 
	')
Chris PeBenito 465510
Chris PeBenito 465510 
	typeattribute $1 mcsptraceall;
Chris PeBenito 465510 
')
Chris PeBenito 465510
Chris PeBenito 465510 
########################################
Chris PeBenito 465510 
## <summary>
Chris PeBenito 17de1b 
##	Make specified domain MCS trusted
Chris PeBenito 17de1b 
##	for setting any category set for
Chris PeBenito 17de1b 
##	the processes it executes.
Chris PeBenito 17de1b 
## </summary>
Chris PeBenito 17de1b 
## <param name="domain">
Chris PeBenito 17de1b 
##	<summary>
Chris PeBenito 17de1b 
##	Domain target for user exemption.
Chris PeBenito 17de1b 
##	</summary>
Chris PeBenito 17de1b 
## </param>
Chris PeBenito 17de1b 
#
Chris PeBenito 17de1b 
interface(`mcs_process_set_categories',`
Chris PeBenito 17de1b 
	gen_require(`
Chris PeBenito 17de1b 
		attribute mcssetcats;
Chris PeBenito 17de1b 
	')
Chris PeBenito 17de1b
Chris PeBenito 17de1b 
	typeattribute $1 mcssetcats;
Chris PeBenito 17de1b 
')
Dan Walsh 6ed3f1
Dan Walsh 6ed3f1 
########################################
Dan Walsh 6ed3f1 
## <summary>
Dan Walsh 6ed3f1 
##	Make specified process type MCS untrusted.
Dan Walsh 6ed3f1 
## </summary>
Dan Walsh 6ed3f1 
## <desc>
Dan Walsh 6ed3f1 
##
Dan Walsh 6ed3f1 
##	Make specified process type MCS untrusted.  This
Dan Walsh 6ed3f1 
##	prevents this process from sending signals to other processes
Dan Walsh 6ed3f1 
##      with different mcs labels
Dan Walsh 6ed3f1 
##	object.
Dan Walsh 6ed3f1 
##
Dan Walsh 6ed3f1 
## </desc>
Dan Walsh 6ed3f1 
## <param name="domain">
Dan Walsh 6ed3f1 
##	<summary>
Dan Walsh 6ed3f1 
##	The type of the process.
Dan Walsh 6ed3f1 
##	</summary>
Dan Walsh 6ed3f1 
## </param>
Dan Walsh 6ed3f1 
#
Dan Walsh 6ed3f1 
interface(`mcs_untrusted_proc',`
Dan Walsh 6ed3f1 
	gen_require(`
Dan Walsh 6ed3f1 
		attribute mcsuntrustedproc;
Dan Walsh 6ed3f1 
	')
Dan Walsh 6ed3f1
Dan Walsh 6ed3f1 
	typeattribute $1 mcsuntrustedproc;
Dan Walsh 6ed3f1 
')
Dan Walsh 6ed3f1

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation