rpms / selinux-policy

Clone
Source Code
GIT

Blame strict/domains/program/rlogind.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   77f6e2cd27a34a61439d2766f775ed0ba66ede48
  2.   strict
  3.   domains
  4.   program
  5.   rlogind.te
Blob History Raw
Chris PeBenito 0fbfa5 
#DESC Rlogind - Remote login daemon
Chris PeBenito 0fbfa5 
#
Chris PeBenito 0fbfa5 
# Authors:  Stephen Smalley <sds@epoch.ncsc.mil> and Timothy Fraser
Chris PeBenito 0fbfa5 
# X-Debian-Packages: rsh-client rsh-redone-client
Chris PeBenito 0fbfa5 
# Depends: inetd.te
Chris PeBenito 0fbfa5 
#
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
#################################
Chris PeBenito 0fbfa5 
#
Chris PeBenito 0fbfa5 
# Rules for the rlogind_t domain.
Chris PeBenito 0fbfa5 
#
Chris PeBenito 0fbfa5 
remote_login_daemon(rlogind)
Chris PeBenito 0fbfa5 
typeattribute rlogind_t auth_chkpwd;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
ifdef(`tcpd.te', `
Chris PeBenito 0fbfa5 
domain_auto_trans(tcpd_t, rlogind_exec_t, rlogind_t)
Chris PeBenito 0fbfa5 
')
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
# for /usr/lib/telnetlogin
Chris PeBenito 0fbfa5 
can_exec(rlogind_t, rlogind_exec_t)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
# Use capabilities.
Chris PeBenito 0fbfa5 
allow rlogind_t self:capability { net_bind_service };
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
# Run login in remote_login_t.
Chris PeBenito 0fbfa5 
allow remote_login_t inetd_t:fd use;
Chris PeBenito 0fbfa5 
allow remote_login_t inetd_t:tcp_socket rw_file_perms;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
# Send SIGCHLD to inetd on death.
Chris PeBenito 0fbfa5 
allow rlogind_t inetd_t:process sigchld;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
allow rlogind_t home_dir_type:dir search;
Chris PeBenito 0fbfa5 
allow rlogind_t home_type:file { getattr read };
Chris PeBenito 0fbfa5 
allow rlogind_t self:file { getattr read };
Chris PeBenito 0fbfa5 
allow rlogind_t default_t:dir search;
Chris PeBenito 0fbfa5 
typealias rlogind_port_t alias rlogin_port_t;
Chris PeBenito 0fbfa5 
read_sysctl(rlogind_t);
Chris PeBenito 77f6e2 
ifdef(`kerberos.te', `
Chris PeBenito 77f6e2 
allow rlogind_t krb5_keytab_t:file { getattr read };
Chris PeBenito 77f6e2 
')

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation