#DESC Su - Run shells with substitute user and group

#

# Domains for the su program.

# X-Debian-Packages: login

#

# su_exec_t is the type of the su executable.

#

type su_exec_t, file_type, sysadmfile;

allow sysadm_su_t user_home_dir_type:dir search;

# Everything else is in the su_domain macro in

# macros/program/su_macros.te.

ifdef(`use_mcs', `

ifdef(`targeted_policy', `

range_transition unconfined_t su_exec_t s0 - s0:c0.c255;

domain_auto_trans(unconfined_t, su_exec_t, sysadm_su_t)

can_exec(sysadm_su_t, bin_t)

rw_dir_create_file(sysadm_su_t, home_dir_type)

')

')