policy_module(loadkeys, 1.4.0) ######################################## # # Declarations # # cjp: this should probably be rewritten # per user domain, since it can rw # all user domain ttys type loadkeys_t; type loadkeys_exec_t; init_system_domain(loadkeys_t, loadkeys_exec_t) ######################################## # # Local policy # allow loadkeys_t self:capability { dac_override dac_read_search setuid sys_tty_config }; allow loadkeys_t self:fifo_file rw_fifo_file_perms; kernel_read_system_state(loadkeys_t) corecmd_exec_bin(loadkeys_t) corecmd_exec_shell(loadkeys_t) files_read_etc_files(loadkeys_t) files_read_etc_runtime_files(loadkeys_t) term_dontaudit_use_console(loadkeys_t) term_use_unallocated_ttys(loadkeys_t) init_dontaudit_use_fds(loadkeys_t) init_dontaudit_use_script_ptys(loadkeys_t) locallogin_use_fds(loadkeys_t) miscfiles_read_localization(loadkeys_t) optional_policy(` nscd_dontaudit_search_pid(loadkeys_t) ')