rpms / selinux-policy

Clone
Source Code
GIT

Blame strict/macros/program/sudo_macros.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   a0824843c2e6a485abfaadd9e5bf8964051c183a
  2.   strict
  3.   macros
  4.   program
  5.   sudo_macros.te
Blob History Raw
Chris PeBenito 0fbfa5 
# Authors:  Dan Walsh,  Russell Coker
Chris PeBenito 0fbfa5 
# Maintained by Dan Walsh <dwalsh@redhat.com>
Chris PeBenito 0fbfa5 
define(`sudo_domain',`
Chris PeBenito 0fbfa5 
newrole_domain($1_sudo, `, privuser')
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
# By default, revert to the calling domain when a shell is executed.
Chris PeBenito 0fbfa5 
domain_auto_trans($1_sudo_t, shell_exec_t, $1_t)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
ifdef(`mta.te', `
Chris PeBenito 0fbfa5 
domain_auto_trans($1_sudo_t, sendmail_exec_t, $1_mail_t)
Chris PeBenito 0fbfa5 
allow $1_mail_t $1_sudo_t:fifo_file rw_file_perms;
Chris PeBenito 0fbfa5 
')
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
allow $1_sudo_t self:capability sys_resource;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
allow $1_sudo_t self:process setrlimit;
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
ifdef(`pam.te', `
Chris PeBenito 0fbfa5 
allow $1_sudo_t pam_var_run_t:dir create_dir_perms;
Chris PeBenito 0fbfa5 
allow $1_sudo_t pam_var_run_t:file create_file_perms;
Chris PeBenito 0fbfa5 
')
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
allow $1_sudo_t initrc_var_run_t:file rw_file_perms;
Chris PeBenito 0fbfa5 
allow $1_sudo_t sysctl_t:dir search;
Chris PeBenito 0fbfa5 
allow $1_sudo_t { su_exec_t etc_t lib_t usr_t bin_t sbin_t exec_type } :file getattr;
Chris PeBenito 0fbfa5 
allow $1_sudo_t { su_exec_t etc_t lib_t usr_t bin_t sbin_t exec_type } :lnk_file { getattr read };
Chris PeBenito 0fbfa5 
read_sysctl($1_sudo_t)
Chris PeBenito 0fbfa5
Chris PeBenito 0fbfa5 
allow $1_sudo_t var_run_t:dir search;
Chris PeBenito 0fbfa5 
r_dir_file($1_sudo_t, default_context_t)
Chris PeBenito 0fbfa5 
rw_dir_create_file($1_sudo_t, $1_tmp_t)
Chris PeBenito 0fbfa5 
rw_dir_create_file($1_sudo_t, $1_home_t)
Chris PeBenito 0fbfa5 
domain_auto_trans($1_t, sudo_exec_t, $1_sudo_t)
Chris PeBenito 0fbfa5 
')

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation