# $1 is the source domain (or domains), $2 is the source role (or roles) and $3

# is the base name for the domain to run.  $1 is normally sysadm_t, and $2 is

# normally sysadm_r.  $4 is the type of program to run and $5 is the domain to

# transition to.

# sample usage:

# run_program(sysadm_t, sysadm_r, init, etc_t, initrc_t)

#

# if you have several users who run the same run_init type program for

# different purposes (think of a run_db program used by several database

# administrators to start several databases) then you can list all the source

# domains in $1, all the source roles in $2, but you may not want to list all

# types of programs to run in $4 and target domains in $5 (as that may permit

# entering a domain from the wrong type).  In such a situation just specify

# one value for each of $4 and $5 and have some rules such as the following:

# domain_trans(run_whatever_t, whatever_exec_t, whatever_t)

define(`run_program', `

type run_$3_exec_t, file_type, exec_type, sysadmfile;

# domain for program to run in, needs to change role (priv_system_role), change

# identity to system_u (privuser), log failures to syslog (privlog) and

# authenticate users

type run_$3_t, domain, priv_system_role, privuser, privlog;

domain_auto_trans($1, run_$3_exec_t, run_$3_t)

role $2 types run_$3_t;

domain_auto_trans(run_$3_t, chkpwd_exec_t, sysadm_chkpwd_t)

dontaudit run_$3_t shadow_t:file getattr;

# for utmp

allow run_$3_t initrc_var_run_t:file rw_file_perms;

allow run_$3_t admin_tty_type:chr_file rw_file_perms;

dontaudit run_$3_t devpts_t:dir { getattr read };

dontaudit run_$3_t device_t:dir read;

# for auth_chkpwd

dontaudit run_$3_t shadow_t:file read;

allow run_$3_t self:process { fork sigchld };

allow run_$3_t self:fifo_file rw_file_perms;

allow run_$3_t self:capability setuid;

allow run_$3_t self:lnk_file read;

# often the administrator runs such programs from a directory that is owned

# by a different user or has restrictive SE permissions, do not want to audit

# the failed access to the current directory

dontaudit run_$3_t file_type:dir search;

dontaudit run_$3_t self:capability { dac_override dac_read_search };

allow run_$3_t bin_t:lnk_file read;

can_exec(run_$3_t, { bin_t shell_exec_t })

ifdef(`chkpwd.te', `

can_exec(run_$3_t, chkpwd_exec_t)

')

domain_trans(run_$3_t, $4, $5)

can_setexec(run_$3_t)

allow run_$3_t privfd:fd use;

uses_shlib(run_$3_t)

allow run_$3_t lib_t:file { getattr read };

can_getsecurity(run_$3_t)

r_dir_file(run_$3_t,selinux_config_t)

r_dir_file(run_$3_t,default_context_t)

allow run_$3_t self:unix_stream_socket create_socket_perms;

allow run_$3_t self:unix_dgram_socket create_socket_perms;

allow run_$3_t etc_t:file { getattr read };

read_locale(run_$3_t)

allow run_$3_t fs_t:filesystem getattr;

allow run_$3_t { bin_t sbin_t }:dir search;

dontaudit run_$3_t device_t:dir { getattr search };

')