projects / people / stevee / selinux-policy.git / blame
| Commit | Line | Data |
|---|---|---|
| b16c6b8c | 1 | |
| 5d4f4b53 | 2 | policy_module(userdomain, 3.2.0) |
| b16c6b8c CP |
3 | |
| 4 | ######################################## | |
| 5 | # | |
| 6 | # Declarations | |
| 7 | # | |
| 8 | ||
| 56e1b3d2 CP |
9 | ## <desc> |
| 10 | ## <p> | |
| 11 | ## Allow users to connect to mysql | |
| 12 | ## </p> | |
| 13 | ## </desc> | |
| 14 | gen_tunable(allow_user_mysql_connect,false) | |
| 15 | ||
| cb10a2d5 CP |
16 | ## <desc> |
| 17 | ## <p> | |
| 18 | ## Allow users to connect to PostgreSQL | |
| 19 | ## </p> | |
| 20 | ## </desc> | |
| 21 | gen_tunable(allow_user_postgresql_connect,false) | |
| 22 | ||
| 56e1b3d2 CP |
23 | ## <desc> |
| 24 | ## <p> | |
| 25 | ## Allow regular users direct mouse access | |
| 26 | ## </p> | |
| 27 | ## </desc> | |
| 28 | gen_tunable(user_direct_mouse,false) | |
| 29 | ||
| 30 | ## <desc> | |
| 31 | ## <p> | |
| 32 | ## Allow users to read system messages. | |
| 33 | ## </p> | |
| 34 | ## </desc> | |
| 35 | gen_tunable(user_dmesg,false) | |
| 36 | ||
| 37 | ## <desc> | |
| 38 | ## <p> | |
| 39 | ## Allow user to r/w files on filesystems | |
| 40 | ## that do not have extended attributes (FAT, CDROM, FLOPPY) | |
| 41 | ## </p> | |
| 42 | ## </desc> | |
| 43 | gen_tunable(user_rw_noexattrfile,false) | |
| 44 | ||
| 45 | ## <desc> | |
| 46 | ## <p> | |
| 47 | ## Allow w to display everyone | |
| 48 | ## </p> | |
| 49 | ## </desc> | |
| 50 | gen_tunable(user_ttyfile_stat,false) | |
| 56e1b3d2 | 51 | |
| daa0e0b0 CP |
52 | # admin users terminals (tty and pty) |
| 53 | attribute admin_terminal; | |
| 54 | ||
| 55 | # users home directory | |
| 56 | attribute home_dir_type; | |
| 57 | ||
| 58 | # users home directory contents | |
| 59 | attribute home_type; | |
| 60 | ||
| b16c6b8c CP |
61 | # The privhome attribute identifies every domain that can create files under |
| 62 | # regular user home directories in the regular context (IE act on behalf of | |
| 63 | # a user in writing regular files) | |
| 64 | attribute privhome; | |
| 65 | ||
| 23ca91f8 CP |
66 | # all unprivileged users home directories |
| 67 | attribute user_home_dir_type; | |
| 68 | attribute user_home_type; | |
| 69 | ||
| 70 | # all unprivileged users ptys | |
| 71 | attribute user_ptynode; | |
| 72 | ||
| ab940a4c CP |
73 | # all unprivileged users tmp files |
| 74 | attribute user_tmpfile; | |
| 75 | ||
| ebdc3b79 CP |
76 | # all unprivileged users ttys |
| 77 | attribute user_ttynode; | |
| 78 | ||
| b16c6b8c CP |
79 | # all user domains |
| 80 | attribute userdomain; | |
| 81 | ||
| 82 | # unprivileged user domains | |
| 83 | attribute unpriv_userdomain; | |
| 84 | ||
| 8dca6b97 CP |
85 | attribute untrusted_content_type; |
| 86 | attribute untrusted_content_tmp_type; |