rpms / selinux-policy

Clone
Source Code
GIT

Blame strict/domains/program/usernetctl.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   ec848d247f563b01bb7338b2ef8a00c00c67c0bc
  2.   strict
  3.   domains
  4.   program
  5.   usernetctl.te
Blob History Raw
Chris PeBenito 0fbfa5 
#DESC usernetctl - User network interface configuration helper
Chris PeBenito 0fbfa5 
#
Chris PeBenito 0fbfa5 
# Author: Colin Walters <walters@redhat.com>
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
type usernetctl_exec_t, file_type, sysadmfile, exec_type;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
type usernetctl_t, domain, privfd;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
if (user_net_control) {
Chris PeBenito 0fbfa5 
domain_auto_trans(userdomain, usernetctl_exec_t, usernetctl_t)
Chris PeBenito 0fbfa5 
} else {
Chris PeBenito 0fbfa5 
can_exec(userdomain, usernetctl_exec_t)
Chris PeBenito 0fbfa5 
}
Chris PeBenito 0fbfa5 
in_user_role(usernetctl_t)
Chris PeBenito 0fbfa5 
role sysadm_r types usernetctl_t;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
define(`usernetctl_transition',`
Chris PeBenito 0fbfa5 
domain_auto_trans(usernetctl_t, $1_exec_t, $1_t)
Chris PeBenito 0fbfa5 
in_user_role($1_t)
Chris PeBenito 0fbfa5 
allow $1_t userpty_type:chr_file { getattr read write };
Chris PeBenito 0fbfa5 
')
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
ifdef(`ifconfig.te',`
Chris PeBenito 0fbfa5 
usernetctl_transition(ifconfig)
Chris PeBenito 0fbfa5 
')
Chris PeBenito 0fbfa5 
ifdef(`iptables.te',`
Chris PeBenito 0fbfa5 
usernetctl_transition(iptables)
Chris PeBenito 0fbfa5 
')
Chris PeBenito 0fbfa5 
ifdef(`dhcpc.te',`
Chris PeBenito 0fbfa5 
usernetctl_transition(dhcpc)
Chris PeBenito 0fbfa5 
allow usernetctl_t dhcp_etc_t:file ra_file_perms;
Chris PeBenito 0fbfa5 
')
Chris PeBenito 0fbfa5 
ifdef(`modutil.te',`
Chris PeBenito 0fbfa5 
usernetctl_transition(insmod)
Chris PeBenito 0fbfa5 
')
Chris PeBenito 0fbfa5 
ifdef(`consoletype.te',`
Chris PeBenito 0fbfa5 
usernetctl_transition(consoletype)
Chris PeBenito 0fbfa5 
')
Chris PeBenito 0fbfa5 
ifdef(`hostname.te',`
Chris PeBenito 0fbfa5 
usernetctl_transition(hostname)
Chris PeBenito 0fbfa5 
')
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
allow usernetctl_t self:capability { setuid setgid dac_override };
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
base_file_read_access(usernetctl_t)
Chris PeBenito 0fbfa5 
base_pty_perms(usernetctl)
Chris PeBenito 0fbfa5 
allow usernetctl_t devtty_t:chr_file rw_file_perms;
Chris PeBenito 0fbfa5 
uses_shlib(usernetctl_t)
Chris PeBenito 0fbfa5 
read_locale(usernetctl_t)
Chris PeBenito 0fbfa5 
general_domain_access(usernetctl_t)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
r_dir_file(usernetctl_t, proc_t)
Chris PeBenito 0fbfa5 
dontaudit usernetctl_t { domain - usernetctl_t }:dir search;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
allow usernetctl_t userpty_type:chr_file rw_file_perms;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
can_exec(usernetctl_t, { bin_t sbin_t shell_exec_t usernetctl_exec_t})
Chris PeBenito 0fbfa5 
can_exec(usernetctl_t, etc_t)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
r_dir_file(usernetctl_t, etc_t)
Chris PeBenito 0fbfa5 
allow usernetctl_t { var_t var_run_t }:dir { getattr read search };
Chris PeBenito 0fbfa5 
allow usernetctl_t etc_runtime_t:file r_file_perms;
Chris PeBenito 0fbfa5 
allow usernetctl_t net_conf_t:file r_file_perms;
Chris PeBenito 0fbfa5

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation