From: bigon@debian.org (Laurent Bigonville) Date: Wed, 5 Dec 2012 21:39:25 +0100 Subject: [refpolicy] [PATCH 4/7] authlogin.if: Add auth_create_pam_console_data_dirs and auth_pid_filetrans_pam_var_console interfaces In-Reply-To: <1354739968-4547-1-git-send-email-bigon@debian.org> References: <1354739968-4547-1-git-send-email-bigon@debian.org> Message-ID: <1354739968-4547-4-git-send-email-bigon@debian.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com From: Laurent Bigonville On Debian /var/run/console directory might be created by consolekit, we need these new interfaces to achieve this. --- policy/modules/system/authlogin.if | 50 ++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if index 8cdaa26..3efd5b6 100644 --- a/policy/modules/system/authlogin.if +++ b/policy/modules/system/authlogin.if @@ -1102,6 +1102,25 @@ interface(`auth_list_pam_console_data',` ######################################## ## +## Create pam var console pid directories. +## +## +## +## Domain allowed access. +## +## +# +interface(`auth_create_pam_console_data_dirs',` + gen_require(` + type pam_var_console_t; + ') + + files_search_pids($1) + allow $1 pam_var_console_t:dir create_dir_perms; +') + +######################################## +## ## Relabel pam_console data directories. ## ## @@ -1181,6 +1200,37 @@ interface(`auth_delete_pam_console_data',` ######################################## ## +## Create specified objects in +## pid directories with the pam var +## console pid file type using a +## file type transition. +## +## +## +## Domain allowed access. +## +## +## +## +## Class of the object being created. +## +## +## +## +## The name of the object being created. +## +## +# +interface(`auth_pid_filetrans_pam_var_console',` + gen_require(` + type pam_var_console_t; + ') + + files_pid_filetrans($1, pam_var_console_t, $2, $3) +') + +######################################## +## ## Read all directories on the filesystem, except ## login files and listed exceptions. ## -- 1.7.10.4