Blame strict/domains/program/newrole.te
|
Chris PeBenito |
0fbfa5 |
#DESC Newrole - SELinux utility to run a shell with a new role
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Authors: Anthony Colatrella (NSA)
|
|
Chris PeBenito |
0fbfa5 |
# Maintained by Stephen Smalley <sds@epoch.ncsc.mil>
|
|
Chris PeBenito |
0fbfa5 |
# X-Debian-Packages: policycoreutils
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# secure mode means that newrole/sudo/su/userhelper cannot reach sysadm_t
|
|
Chris PeBenito |
0fbfa5 |
bool secure_mode false;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
type newrole_exec_t, file_type, exec_type, sysadmfile;
|
|
Chris PeBenito |
0fbfa5 |
domain_auto_trans(userdomain, newrole_exec_t, newrole_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
newrole_domain(newrole)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Write to utmp.
|
|
Chris PeBenito |
0fbfa5 |
allow newrole_t var_run_t:dir r_dir_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow newrole_t initrc_var_run_t:file rw_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
5493c2 |
role secadm_r types newrole_t;
|
|
Chris PeBenito |
77f6e2 |
|
|
Chris PeBenito |
77f6e2 |
ifdef(`targeted_policy', `
|
|
Chris PeBenito |
77f6e2 |
typeattribute newrole_t unconfinedtrans;
|
|
Chris PeBenito |
77f6e2 |
')
|