2 policy_module(acct, 1.2.0)
4 ########################################
11 init_system_domain(acct_t, acct_exec_t)
14 logging_log_file(acct_data_t)
16 ########################################
21 # gzip needs chown capability for some reason
22 allow acct_t self:capability { sys_pacct chown fsetid };
23 # not sure why we need kill, the command "last" is reported as using it
24 dontaudit acct_t self:capability { kill sys_tty_config };
26 allow acct_t self:fifo_file rw_fifo_file_perms;
27 allow acct_t self:process signal_perms;
29 manage_files_pattern(acct_t, acct_data_t, acct_data_t)
30 manage_lnk_files_pattern(acct_t, acct_data_t, acct_data_t)
32 can_exec(acct_t, acct_exec_t)
34 kernel_list_proc(acct_t)
35 kernel_read_system_state(acct_t)
36 kernel_read_kernel_sysctls(acct_t)
38 dev_read_sysfs(acct_t)
40 dev_read_urand(acct_t)
42 fs_search_auto_mountpoints(acct_t)
43 fs_getattr_xattr_fs(acct_t)
45 term_dontaudit_use_console(acct_t)
47 corecmd_exec_bin(acct_t)
48 corecmd_exec_shell(acct_t)
50 domain_use_interactive_fds(acct_t)
52 files_read_etc_files(acct_t)
53 files_read_etc_runtime_files(acct_t)
54 files_list_usr(acct_t)
56 files_dontaudit_search_pids(acct_t)
59 init_use_script_ptys(acct_t)
60 init_exec_script_files(acct_t)
62 libs_use_ld_so(acct_t)
63 libs_use_shared_libs(acct_t)
65 logging_send_syslog_msg(acct_t)
67 miscfiles_read_localization(acct_t)
69 userdom_dontaudit_use_unpriv_user_fds(acct_t)
71 sysadm_dontaudit_search_home_dirs(acct_t)
75 # for monthly cron job
76 auth_log_filetrans_login_records(acct_t)
77 auth_manage_login_records(acct_t)
80 cron_system_entry(acct_t, acct_exec_t)
84 nscd_socket_use(acct_t)
88 seutil_sigchld_newrole(acct_t)