[people/stevee/selinux-policy.git] / policy / modules / roles / unprivuser.te

policy_module(unprivuser, 2.2.0)

# this module should be named user, but that is
# a compile error since user is a keyword.

########################################
#
# Declarations
#

role user_r;

userdom_unpriv_user_template(user)

fs_exec_noxattr(user_t)

tunable_policy(`allow_execmod',`
	userdom_execmod_user_home_files(user_usertype)
')

optional_policy(`
	abrt_cache_read(user_t)
')

optional_policy(`
	apache_role(user_r, user_t)
')

optional_policy(`
	gnome_role(user_r, user_t)
')

optional_policy(`
	oident_manage_user_content(user_t)
	oident_relabel_user_content(user_t)
')

optional_policy(`
	mozilla_run_plugin(user_t, user_r)
')

optional_policy(`
	netutils_run_ping_cond(user_t, user_r)
	netutils_run_traceroute_cond(user_t, user_r)
')

optional_policy(`
	rpm_dontaudit_dbus_chat(user_t)
')

optional_policy(`
	rtkit_scheduled(user_t)
')

optional_policy(`
	sandbox_transition(user_t, user_r)
')

optional_policy(`
	screen_role_template(user, user_r, user_t)
')

optional_policy(`
	setroubleshoot_dontaudit_stream_connect(user_t)
')

optional_policy(`
	telepathy_dbus_session_role(user_r, user_t)
')

optional_policy(`
	vlock_run(user_t, user_r)
')

optional_policy(`
	xserver_role(user_r, user_t)
')

ifndef(`distro_redhat',`
	optional_policy(`
		auth_role(user_r, user_t)
	')

	optional_policy(`
		bluetooth_role(user_r, user_t)
	')

	optional_policy(`
		cdrecord_role(user_r, user_t)
	')

	optional_policy(`
		cron_role(user_r, user_t)
	')

	optional_policy(`
		dbus_role_template(user, user_r, user_t)
	')

	optional_policy(`
		evolution_role(user_r, user_t)
	')

	optional_policy(`
		games_role(user_r, user_t)
	')

	optional_policy(`
		gift_role(user_r, user_t)
	')

	optional_policy(`
		gpg_role(user_r, user_t)
	')

	optional_policy(`
        	hadoop_role(user_r, user_t)
	')

	optional_policy(`
		irc_role(user_r, user_t)
	')

	optional_policy(`
		java_role(user_r, user_t)
	')

	optional_policy(`
		lockdev_role(user_r, user_t)
	')

	optional_policy(`
		lpd_role(user_r, user_t)
	')

	optional_policy(`
		mozilla_role(user_r, user_t)
	')

	optional_policy(`
		mplayer_role(user_r, user_t)
	')

	optional_policy(`
		mta_role(user_r, user_t)
	')

	optional_policy(`
		postgresql_role(user_r, user_t)
	')

	optional_policy(`
		pyzor_role(user_r, user_t)
	')

	optional_policy(`
		razor_role(user_r, user_t)
	')

	optional_policy(`
		rssh_role(user_r, user_t)
	')

	optional_policy(`
		spamassassin_role(user_r, user_t)
	')

	optional_policy(`
		ssh_role_template(user, user_r, user_t)
	')

	optional_policy(`
		su_role_template(user, user_r, user_t)
	')

	optional_policy(`
		sudo_role_template(user, user_r, user_t)
	')

	optional_policy(`
		thunderbird_role(user_r, user_t)
	')

	optional_policy(`
		tvtime_role(user_r, user_t)
	')

	optional_policy(`
		uml_role(user_r, user_t)
	')

	optional_policy(`
		userhelper_role_template(user, user_r, user_t)
	')

	optional_policy(`
		vmware_role(user_r, user_t)
	')

	optional_policy(`
		wireshark_role(user_r, user_t)
	')
')
Commit	Line	Data
826d0142	1	policy_module(unprivuser, 2.2.0)
e9c6cda7 CP	2
	3	# this module should be named user, but that is
	4	# a compile error since user is a keyword.
	5
	6	########################################
	7	#
	8	# Declarations
	9	#
	10
	11	role user_r;
	12
	13	userdom_unpriv_user_template(user)
	14
3eaa9939 DW	15	fs_exec_noxattr(user_t)
3eaa9939 DW	16
4d22fba0 DW	17	tunable_policy(`allow_execmod',`
	18	userdom_execmod_user_home_files(user_usertype)
	19	')
	20
4ad28653 DW	21	optional_policy(`
	22	abrt_cache_read(user_t)
	23	')
	24
296273a7 CP	25	optional_policy(`
	26	apache_role(user_r, user_t)
	27	')
	28
ca9e8850 DW	29	optional_policy(`
	30	gnome_role(user_r, user_t)
	31	')
	32
941e3db5 DG	33	optional_policy(`
	34	oident_manage_user_content(user_t)
	35	oident_relabel_user_content(user_t)
	36	')
	37
296273a7	38	optional_policy(`
3eaa9939	39	mozilla_run_plugin(user_t, user_r)
296273a7 CP	40	')
296273a7 CP	41
27720a24 DW	42	optional_policy(`
	43	netutils_run_ping_cond(user_t, user_r)
	44	netutils_run_traceroute_cond(user_t, user_r)
	45	')
	46
3eaa9939 DW	47	optional_policy(`
	48	rpm_dontaudit_dbus_chat(user_t)
	49	')
296273a7	50
3eaa9939 DW	51	optional_policy(`
	52	rtkit_scheduled(user_t)
	53	')
296273a7	54
3eaa9939 DW	55	optional_policy(`
	56	sandbox_transition(user_t, user_r)
	57	')
296273a7	58
3eaa9939 DW	59	optional_policy(`
	60	screen_role_template(user, user_r, user_t)
	61	')
296273a7	62
3eaa9939	63	optional_policy(`
14ffaf83	64	setroubleshoot_dontaudit_stream_connect(user_t)
3eaa9939	65	')
296273a7	66
3eaa9939	67	optional_policy(`
14ffaf83	68	telepathy_dbus_session_role(user_r, user_t)
3eaa9939 DW	69	')
3eaa9939 DW	70
d35e2ee0	71	optional_policy(`
7f9f5bce	72	vlock_run(user_t, user_r)
d35e2ee0 HC	73	')
d35e2ee0 HC	74
3eaa9939 DW	75	optional_policy(`
3eaa9939 DW	76	xserver_role(user_r, user_t)
296273a7	77	')
2968e068 DW	78
	79	ifndef(`distro_redhat',`
	80	optional_policy(`
	81	auth_role(user_r, user_t)
c87e1502	82	')
2968e068 DW	83
	84	optional_policy(`
	85	bluetooth_role(user_r, user_t)
	86	')
	87
	88	optional_policy(`
	89	cdrecord_role(user_r, user_t)
	90	')
	91
	92	optional_policy(`
	93	cron_role(user_r, user_t)
	94	')
	95
	96	optional_policy(`
	97	dbus_role_template(user, user_r, user_t)
	98	')
296273a7	99
2968e068 DW	100	optional_policy(`
	101	evolution_role(user_r, user_t)
	102	')
	103
	104	optional_policy(`
	105	games_role(user_r, user_t)
	106	')
	107
	108	optional_policy(`
	109	gift_role(user_r, user_t)
	110	')
	111
2968e068 DW	112	optional_policy(`
	113	gpg_role(user_r, user_t)
	114	')
	115
fcb67e8c PN	116	optional_policy(`
	117	hadoop_role(user_r, user_t)
	118	')
	119
2968e068 DW	120	optional_policy(`
	121	irc_role(user_r, user_t)
	122	')
	123
	124	optional_policy(`
	125	java_role(user_r, user_t)
	126	')
	127
	128	optional_policy(`
	129	lockdev_role(user_r, user_t)
	130	')
	131
	132	optional_policy(`
	133	lpd_role(user_r, user_t)
	134	')
	135
	136	optional_policy(`
	137	mozilla_role(user_r, user_t)
	138	')
	139
	140	optional_policy(`
	141	mplayer_role(user_r, user_t)
	142	')
	143
	144	optional_policy(`
	145	mta_role(user_r, user_t)
	146	')
	147
2968e068 DW	148	optional_policy(`
	149	postgresql_role(user_r, user_t)
	150	')
	151
	152	optional_policy(`
	153	pyzor_role(user_r, user_t)
	154	')
	155
	156	optional_policy(`
	157	razor_role(user_r, user_t)
	158	')
	159
	160	optional_policy(`
	161	rssh_role(user_r, user_t)
	162	')
	163
	164	optional_policy(`
	165	spamassassin_role(user_r, user_t)
	166	')
	167
	168	optional_policy(`
	169	ssh_role_template(user, user_r, user_t)
	170	')
	171
	172	optional_policy(`
	173	su_role_template(user, user_r, user_t)
	174	')
	175
	176	optional_policy(`
	177	sudo_role_template(user, user_r, user_t)
	178	')
	179
	180	optional_policy(`
	181	thunderbird_role(user_r, user_t)
	182	')
	183
	184	optional_policy(`
	185	tvtime_role(user_r, user_t)
	186	')
	187
	188	optional_policy(`
	189	uml_role(user_r, user_t)
	190	')
	191
	192	optional_policy(`
	193	userhelper_role_template(user, user_r, user_t)
	194	')
	195
	196	optional_policy(`
	197	vmware_role(user_r, user_t)
	198	')
	199
	200	optional_policy(`
	201	wireshark_role(user_r, user_t)
	202	')
	203	')
27720a24	204