## Restricted (scp/sftp) only shell ####################################### ## ## The per role template for the rssh module. ## ## ##

## This template creates a derived domains which are used ## for rssh client sessions. Derived types are also created ## for read-only and read-write file access. ##

##

## This template is invoked automatically for each user, and ## generally does not need to be invoked directly ## by policy writers. ##

##
## ## ## The prefix of the user domain (e.g., user ## is the prefix for user_t). ## ## # template(`rssh_per_role_template',` gen_require(` type rssh_exec_t; attribute rssh_domain_type; attribute rssh_ro_content_type; ') ############################## # # Declarations # type $1_rssh_t alias rssh_$1_t, rssh_domain_type; application_domain($1_rssh_t, rssh_exec_t) domain_user_exemption_target($1_t) domain_interactive_fd($1_rssh_t) role system_r types $1_rssh_t; type $1_rssh_devpts_t alias rssh_$1_devpts_t; term_user_pty($1_rssh_t,$1_rssh_devpts_t) type $1_rssh_ro_t alias rssh_$1_ro_t, rssh_ro_content_type; userdom_user_home_content($1,$1_rssh_ro_t) type $1_rssh_rw_t alias rssh_$1_rw_t; userdom_user_home_content($1, $1_rssh_rw_t) ############################## # # Local policy # allow $1_rssh_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap }; allow $1_rssh_t self:fd use; allow $1_rssh_t self:fifo_file rw_fifo_file_perms; allow $1_rssh_t self:unix_dgram_socket create_socket_perms; allow $1_rssh_t self:unix_stream_socket create_stream_socket_perms; allow $1_rssh_t self:unix_dgram_socket sendto; allow $1_rssh_t self:unix_stream_socket connectto; allow $1_rssh_t self:shm create_shm_perms; allow $1_rssh_t self:sem create_sem_perms; allow $1_rssh_t self:msgq create_msgq_perms; allow $1_rssh_t self:msg { send receive }; allow $1_rssh_t $1_rssh_devpts_t:chr_file { rw_file_perms setattr }; term_create_pty($1_rssh_t, $1_rssh_devpts_t) allow $1_rssh_t $1_rssh_ro_t:dir list_dir_perms; read_files_pattern($1_rssh_t, $1_rssh_ro_t, $1_rssh_ro_t) manage_dirs_pattern($1_rssh_t, $1_rssh_rw_t, $1_rssh_rw_t) manage_files_pattern($1_rssh_t, $1_rssh_rw_t, $1_rssh_rw_t) kernel_read_system_state($1_rssh_t) kernel_read_kernel_sysctls($1_rssh_t) files_read_etc_files($1_rssh_t) files_read_etc_runtime_files($1_rssh_t) files_list_home($1_rssh_t) files_read_usr_files($1_rssh_t) files_list_var($1_rssh_t) fs_search_auto_mountpoints($1_rssh_t) libs_use_ld_so($1_rssh_t) libs_use_shared_libs($1_rssh_t) logging_send_syslog_msg($1_rssh_t) miscfiles_read_localization($1_rssh_t) userdom_use_unpriv_users_fds($1_rssh_t) ssh_rw_tcp_sockets($1_rssh_t) ssh_rw_stream_sockets($1_rssh_t) optional_policy(` nis_use_ypbind($1_rssh_t) ') ') ######################################## ## ## Transition to all user rssh domains. ## ## ## ## Domain allowed access. ## ## # interface(`rssh_spec_domtrans_all_users',` gen_require(` attribute rssh_domain_type; type rssh_exec_t; ') spec_domtrans_pattern($1, rssh_exec_t, rssh_domain_type) ') ######################################## ## ## Read all users rssh read-only content. ## ## ## ## Domain allowed access. ## ## # interface(`rssh_read_all_users_ro_content',` gen_require(` attribute rssh_ro_content_type; ') allow $1 rssh_ro_content_type:dir list_dir_perms; read_files_pattern($1, rssh_ro_content_type, rssh_ro_content_type) read_lnk_files_pattern($1, rssh_ro_content_type, rssh_ro_content_type) ')