policy_module(userdomain, 3.1.1)
########################################
#
# Declarations
#
## <desc>
## <p>
## Allow users to connect to mysql
## </p>
## </desc>
gen_tunable(allow_user_mysql_connect,false)
## <desc>
## <p>
## Allow users to connect to PostgreSQL
## </p>
## </desc>
gen_tunable(allow_user_postgresql_connect,false)
## <desc>
## <p>
## Allow regular users direct mouse access
## </p>
## </desc>
gen_tunable(user_direct_mouse,false)
## <desc>
## <p>
## Allow users to read system messages.
## </p>
## </desc>
gen_tunable(user_dmesg,false)
## <desc>
## <p>
## Allow user to r/w files on filesystems
## that do not have extended attributes (FAT, CDROM, FLOPPY)
## </p>
## </desc>
gen_tunable(user_rw_noexattrfile,false)
## <desc>
## <p>
## Allow w to display everyone
## </p>
## </desc>
gen_tunable(user_ttyfile_stat,false)
# admin users terminals (tty and pty)
attribute admin_terminal;
# users home directory
attribute home_dir_type;
# users home directory contents
attribute home_type;
# The privhome attribute identifies every domain that can create files under
# regular user home directories in the regular context (IE act on behalf of
# a user in writing regular files)
attribute privhome;
# all unprivileged users home directories
attribute user_home_dir_type;
attribute user_home_type;
# all unprivileged users ptys
attribute user_ptynode;
# all unprivileged users tmp files
attribute user_tmpfile;
# all unprivileged users ttys
attribute user_ttynode;
# all user domains
attribute userdomain;
# unprivileged user domains
attribute unpriv_userdomain;
attribute untrusted_content_type;
attribute untrusted_content_tmp_type;