gen_require(`
type var_auth_t, auth_cache_t;
attribute polydomain;
+ type auth_home_t;
')
domain_type($1)
manage_sock_files_pattern($1, auth_cache_t, auth_cache_t)
files_var_filetrans($1, auth_cache_t, dir)
+ manage_dirs_pattern($1, auth_home_t, auth_home_t)
+ manage_files_pattern($1, auth_home_t, auth_home_t)
+ auth_filetrans_admin_home_content($1)
+ auth_filetrans_home_content($1)
+
# needed for afs - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=253321
kernel_rw_afs_state($1)
## </summary>
## </param>
#
-interface(`authlogin_filetrans_named_content',`
+interface(`auth_filetrans_named_content',`
gen_require(`
type shadow_t;
type passwd_file_t;
files_etc_filetrans($1, passwd_file_t, file, "group")
files_etc_filetrans($1, passwd_file_t, file, "group-")
')
+
+########################################
+## <summary>
+## Create auth directory in the /root directory
+## with an correct label.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`auth_filetrans_admin_home_content',`
+ gen_require(`
+ type auth_home_t;
+ ')
+
+ userdom_admin_home_dir_filetrans($1, auth_home_t, file, ".google_authenticator")
+')
+
+########################################
+## <summary>
+## Create auth directory in the user home directory
+## with an correct label.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`auth_filetrans_home_content',`
+
+ gen_require(`
+ type auth_home_t;
+ ')
+
+ userdom_user_home_dir_filetrans($1, auth_home_t, file, ".google_authenticator")
+')
attribute can_write_shadow_passwords;
attribute can_relabelto_shadow_passwords;
attribute polydomain;
-attribute nsswitch_domain;
+attribute nsswitch_domain;<
type auth_cache_t;
logging_log_file(auth_cache_t)
+type auth_home_t;
+userdom_user_home_content(auth_home_t)
+
type chkpwd_t, can_read_shadow_passwords;
type chkpwd_exec_t;
typealias chkpwd_t alias { user_chkpwd_t staff_chkpwd_t sysadm_chkpwd_t };