]>
Commit | Line | Data |
---|---|---|
b16c6b8c | 1 | |
5d4f4b53 | 2 | policy_module(userdomain, 3.2.0) |
b16c6b8c CP |
3 | |
4 | ######################################## | |
5 | # | |
6 | # Declarations | |
7 | # | |
8 | ||
56e1b3d2 CP |
9 | ## <desc> |
10 | ## <p> | |
11 | ## Allow users to connect to mysql | |
12 | ## </p> | |
13 | ## </desc> | |
14 | gen_tunable(allow_user_mysql_connect,false) | |
15 | ||
cb10a2d5 CP |
16 | ## <desc> |
17 | ## <p> | |
18 | ## Allow users to connect to PostgreSQL | |
19 | ## </p> | |
20 | ## </desc> | |
21 | gen_tunable(allow_user_postgresql_connect,false) | |
22 | ||
56e1b3d2 CP |
23 | ## <desc> |
24 | ## <p> | |
25 | ## Allow regular users direct mouse access | |
26 | ## </p> | |
27 | ## </desc> | |
28 | gen_tunable(user_direct_mouse,false) | |
29 | ||
30 | ## <desc> | |
31 | ## <p> | |
32 | ## Allow users to read system messages. | |
33 | ## </p> | |
34 | ## </desc> | |
35 | gen_tunable(user_dmesg,false) | |
36 | ||
37 | ## <desc> | |
38 | ## <p> | |
39 | ## Allow user to r/w files on filesystems | |
40 | ## that do not have extended attributes (FAT, CDROM, FLOPPY) | |
41 | ## </p> | |
42 | ## </desc> | |
43 | gen_tunable(user_rw_noexattrfile,false) | |
44 | ||
45 | ## <desc> | |
46 | ## <p> | |
47 | ## Allow w to display everyone | |
48 | ## </p> | |
49 | ## </desc> | |
50 | gen_tunable(user_ttyfile_stat,false) | |
56e1b3d2 | 51 | |
daa0e0b0 CP |
52 | # admin users terminals (tty and pty) |
53 | attribute admin_terminal; | |
54 | ||
55 | # users home directory | |
56 | attribute home_dir_type; | |
57 | ||
58 | # users home directory contents | |
59 | attribute home_type; | |
60 | ||
b16c6b8c CP |
61 | # The privhome attribute identifies every domain that can create files under |
62 | # regular user home directories in the regular context (IE act on behalf of | |
63 | # a user in writing regular files) | |
64 | attribute privhome; | |
65 | ||
23ca91f8 CP |
66 | # all unprivileged users home directories |
67 | attribute user_home_dir_type; | |
68 | attribute user_home_type; | |
69 | ||
70 | # all unprivileged users ptys | |
71 | attribute user_ptynode; | |
72 | ||
ab940a4c CP |
73 | # all unprivileged users tmp files |
74 | attribute user_tmpfile; | |
75 | ||
ebdc3b79 CP |
76 | # all unprivileged users ttys |
77 | attribute user_ttynode; | |
78 | ||
b16c6b8c CP |
79 | # all user domains |
80 | attribute userdomain; | |
81 | ||
82 | # unprivileged user domains | |
83 | attribute unpriv_userdomain; | |
84 | ||
8dca6b97 CP |
85 | attribute untrusted_content_type; |
86 | attribute untrusted_content_tmp_type; |