|
Chris PeBenito |
6a2975 |
## <summary>Who is logged in on other machines?</summary>
|
|
Chris PeBenito |
d13941 |
|
|
Chris PeBenito |
d13941 |
########################################
|
|
Chris PeBenito |
d13941 |
## <summary>
|
|
Chris PeBenito |
d13941 |
## Execute a domain transition to run rwho.
|
|
Chris PeBenito |
d13941 |
## </summary>
|
|
Chris PeBenito |
d13941 |
## <param name="domain">
|
|
Chris PeBenito |
d13941 |
## <summary>
|
|
Chris PeBenito |
d13941 |
## Domain allowed to transition.
|
|
Chris PeBenito |
d13941 |
## </summary>
|
|
Chris PeBenito |
d13941 |
## </param>
|
|
Chris PeBenito |
d13941 |
#
|
|
Chris PeBenito |
d13941 |
interface(`rwho_domtrans',`
|
|
Chris PeBenito |
d13941 |
gen_require(`
|
|
Chris PeBenito |
d13941 |
type rwho_t, rwho_exec_t;
|
|
Chris PeBenito |
d13941 |
')
|
|
Chris PeBenito |
d13941 |
|
|
Chris PeBenito |
0bfccd |
domtrans_pattern($1, rwho_exec_t, rwho_t)
|
|
Chris PeBenito |
d13941 |
')
|
|
Chris PeBenito |
d13941 |
|
|
Chris PeBenito |
d13941 |
########################################
|
|
Chris PeBenito |
72f82c |
## <summary>
|
|
Chris PeBenito |
72f82c |
## Search rwho log directories.
|
|
Chris PeBenito |
72f82c |
## </summary>
|
|
Chris PeBenito |
72f82c |
## <param name="domain">
|
|
Chris PeBenito |
72f82c |
## <summary>
|
|
Chris PeBenito |
72f82c |
## Domain allowed access.
|
|
Chris PeBenito |
72f82c |
## </summary>
|
|
Chris PeBenito |
72f82c |
## </param>
|
|
Chris PeBenito |
72f82c |
#
|
|
Chris PeBenito |
72f82c |
interface(`rwho_search_log',`
|
|
Chris PeBenito |
72f82c |
gen_require(`
|
|
Chris PeBenito |
72f82c |
type rwho_log_t;
|
|
Chris PeBenito |
72f82c |
')
|
|
Chris PeBenito |
72f82c |
|
|
Chris PeBenito |
72f82c |
allow $1 rwho_log_t:dir search_dir_perms;
|
|
Chris PeBenito |
72f82c |
logging_search_logs($1)
|
|
Chris PeBenito |
72f82c |
')
|
|
Chris PeBenito |
72f82c |
|
|
Chris PeBenito |
72f82c |
########################################
|
|
Chris PeBenito |
72f82c |
## <summary>
|
|
Chris PeBenito |
72f82c |
## Read rwho log files.
|
|
Chris PeBenito |
72f82c |
## </summary>
|
|
Chris PeBenito |
72f82c |
## <param name="domain">
|
|
Chris PeBenito |
72f82c |
## <summary>
|
|
Chris PeBenito |
72f82c |
## Domain allowed access.
|
|
Chris PeBenito |
72f82c |
## </summary>
|
|
Chris PeBenito |
72f82c |
## </param>
|
|
Chris PeBenito |
72f82c |
#
|
|
Chris PeBenito |
72f82c |
interface(`rwho_read_log_files',`
|
|
Chris PeBenito |
72f82c |
gen_require(`
|
|
Chris PeBenito |
72f82c |
type rwho_log_t;
|
|
Chris PeBenito |
72f82c |
')
|
|
Chris PeBenito |
72f82c |
|
|
Chris PeBenito |
72f82c |
allow $1 rwho_log_t:file read_file_perms;
|
|
Chris PeBenito |
72f82c |
allow $1 rwho_log_t:dir list_dir_perms;
|
|
Chris PeBenito |
72f82c |
logging_search_logs($1)
|
|
Chris PeBenito |
72f82c |
')
|
|
Chris PeBenito |
72f82c |
|
|
Chris PeBenito |
72f82c |
########################################
|
|
Chris PeBenito |
d13941 |
## <summary>
|
|
Chris PeBenito |
d13941 |
## Search rwho spool directories.
|
|
Chris PeBenito |
d13941 |
## </summary>
|
|
Chris PeBenito |
d13941 |
## <param name="domain">
|
|
Chris PeBenito |
d13941 |
## <summary>
|
|
Chris PeBenito |
d13941 |
## Domain allowed access.
|
|
Chris PeBenito |
d13941 |
## </summary>
|
|
Chris PeBenito |
d13941 |
## </param>
|
|
Chris PeBenito |
d13941 |
#
|
|
Chris PeBenito |
d13941 |
interface(`rwho_search_spool',`
|
|
Chris PeBenito |
d13941 |
gen_require(`
|
|
Chris PeBenito |
d13941 |
type rwho_spool_t;
|
|
Chris PeBenito |
d13941 |
')
|
|
Chris PeBenito |
d13941 |
|
|
Chris PeBenito |
d13941 |
allow $1 rwho_spool_t:dir search_dir_perms;
|
|
Chris PeBenito |
d13941 |
files_search_spool($1)
|
|
Chris PeBenito |
d13941 |
')
|
|
Chris PeBenito |
d13941 |
|
|
Chris PeBenito |
d13941 |
########################################
|
|
Chris PeBenito |
d13941 |
## <summary>
|
|
Chris PeBenito |
d13941 |
## Read rwho spool files.
|
|
Chris PeBenito |
d13941 |
## </summary>
|
|
Chris PeBenito |
d13941 |
## <param name="domain">
|
|
Chris PeBenito |
d13941 |
## <summary>
|
|
Chris PeBenito |
d13941 |
## Domain allowed access.
|
|
Chris PeBenito |
d13941 |
## </summary>
|
|
Chris PeBenito |
d13941 |
## </param>
|
|
Chris PeBenito |
d13941 |
#
|
|
Chris PeBenito |
d13941 |
interface(`rwho_read_spool_files',`
|
|
Chris PeBenito |
d13941 |
gen_require(`
|
|
Chris PeBenito |
d13941 |
type rwho_spool_t;
|
|
Chris PeBenito |
d13941 |
')
|
|
Chris PeBenito |
d13941 |
|
|
Chris PeBenito |
0bfccd |
read_files_pattern($1, rwho_spool_t, rwho_spool_t)
|
|
Chris PeBenito |
d13941 |
files_search_spool($1)
|
|
Chris PeBenito |
d13941 |
')
|
|
Chris PeBenito |
d13941 |
|
|
Chris PeBenito |
d13941 |
########################################
|
|
Chris PeBenito |
d13941 |
## <summary>
|
|
Chris PeBenito |
d13941 |
## Create, read, write, and delete
|
|
Chris PeBenito |
d13941 |
## rwho spool files.
|
|
Chris PeBenito |
d13941 |
## </summary>
|
|
Chris PeBenito |
d13941 |
## <param name="domain">
|
|
Chris PeBenito |
d13941 |
## <summary>
|
|
Chris PeBenito |
d13941 |
## Domain allowed access.
|
|
Chris PeBenito |
d13941 |
## </summary>
|
|
Chris PeBenito |
d13941 |
## </param>
|
|
Chris PeBenito |
d13941 |
#
|
|
Chris PeBenito |
d13941 |
interface(`rwho_manage_spool_files',`
|
|
Chris PeBenito |
d13941 |
gen_require(`
|
|
Chris PeBenito |
d13941 |
type rwho_spool_t;
|
|
Chris PeBenito |
d13941 |
')
|
|
Chris PeBenito |
d13941 |
|
|
Chris PeBenito |
d13941 |
manage_files_pattern($1,rwho_spool_t,rwho_spool_t)
|
|
Chris PeBenito |
d13941 |
files_search_spool($1)
|
|
Chris PeBenito |
d13941 |
')
|
|
Chris PeBenito |
7a5e2d |
|
|
Chris PeBenito |
7a5e2d |
########################################
|
|
Chris PeBenito |
7a5e2d |
## <summary>
|
|
Chris PeBenito |
7a5e2d |
## All of the rules required to administrate
|
|
Chris PeBenito |
7a5e2d |
## an rwho environment
|
|
Chris PeBenito |
7a5e2d |
## </summary>
|
|
Chris PeBenito |
7a5e2d |
## <param name="domain">
|
|
Chris PeBenito |
7a5e2d |
## <summary>
|
|
Chris PeBenito |
7a5e2d |
## Domain allowed access.
|
|
Chris PeBenito |
7a5e2d |
## </summary>
|
|
Chris PeBenito |
7a5e2d |
## </param>
|
|
Chris PeBenito |
e87221 |
## <param name="role">
|
|
Chris PeBenito |
e87221 |
## <summary>
|
|
Chris PeBenito |
e87221 |
## The role allowed access.
|
|
Chris PeBenito |
e87221 |
## </summary>
|
|
Chris PeBenito |
e87221 |
## </param>
|
|
Chris PeBenito |
7a5e2d |
## <rolecap/>
|
|
Chris PeBenito |
7a5e2d |
#
|
|
Chris PeBenito |
7a5e2d |
interface(`rwho_admin',`
|
|
Chris PeBenito |
7a5e2d |
gen_require(`
|
|
Chris PeBenito |
7a5e2d |
type rwho_t, rwho_log_t, rwho_spool_t;
|
|
Chris PeBenito |
e87221 |
type rwho_initrc_exec_t;
|
|
Chris PeBenito |
7a5e2d |
')
|
|
Chris PeBenito |
7a5e2d |
|
|
Chris PeBenito |
e87221 |
allow $1 rwho_t:process { ptrace signal_perms };
|
|
Chris PeBenito |
7a5e2d |
ps_process_pattern($1, rwho_t)
|
|
Chris PeBenito |
e87221 |
|
|
Chris PeBenito |
e87221 |
init_labeled_script_domtrans($1, rwho_initrc_exec_t)
|
|
Chris PeBenito |
e87221 |
domain_system_change_exemption($1)
|
|
Chris PeBenito |
e87221 |
role_transition $2 rwho_initrc_exec_t system_r;
|
|
Chris PeBenito |
e87221 |
allow $2 system_r;
|
|
Chris PeBenito |
e87221 |
|
|
Chris PeBenito |
7a5e2d |
logging_list_logs($1)
|
|
Chris PeBenito |
e87221 |
admin_pattern($1, rwho_log_t)
|
|
Chris PeBenito |
7a5e2d |
|
|
Chris PeBenito |
7a5e2d |
files_list_spool($1)
|
|
Chris PeBenito |
e87221 |
admin_pattern($1, rwho_spool_t)
|
|
Chris PeBenito |
7a5e2d |
')
|