#DESC Rlogind - Remote login daemon
#
# Authors:  Stephen Smalley <sds@epoch.ncsc.mil> and Timothy Fraser  
# X-Debian-Packages: rsh-client rsh-redone-client
# Depends: inetd.te
#

#################################
#
# Rules for the rlogind_t domain.
#
remote_login_daemon(rlogind)
typeattribute rlogind_t auth_chkpwd;

ifdef(`tcpd.te', `
domain_auto_trans(tcpd_t, rlogind_exec_t, rlogind_t)
')

# for /usr/lib/telnetlogin
can_exec(rlogind_t, rlogind_exec_t)

# Use capabilities.
allow rlogind_t self:capability { net_bind_service };

# Run login in remote_login_t.
allow remote_login_t inetd_t:fd use;
allow remote_login_t inetd_t:tcp_socket rw_file_perms;

# Send SIGCHLD to inetd on death.
allow rlogind_t inetd_t:process sigchld;

allow rlogind_t home_dir_type:dir search;
allow rlogind_t home_type:file { getattr read };
allow rlogind_t self:file { getattr read };
allow rlogind_t default_t:dir search;
typealias rlogind_port_t alias rlogin_port_t;
read_sysctl(rlogind_t);
ifdef(`kerberos.te', `
allow rlogind_t krb5_keytab_t:file { getattr read };
')