[people/stevee/selinux-policy.git] / policy / modules / roles / unprivuser.te

policy_module(unprivuser, 2.2.0)

# this module should be named user, but that is
# a compile error since user is a keyword.

########################################
#
# Declarations
#

role user_r;

userdom_unpriv_user_template(user)

fs_exec_noxattr(user_t)
fs_read_hugetlbfs_files(user_t)

storage_read_scsi_generic(user_t)
storage_write_scsi_generic(user_t)

tunable_policy(`allow_execmod',`
	userdom_execmod_user_home_files(user_t)
')

optional_policy(`
	abrt_read_cache(user_t)
')

optional_policy(`
	apache_role(user_r, user_t)
')

optional_policy(`
	blueman_dbus_chat(user_t)
')

optional_policy(`
	colord_dbus_chat(user_t)
')

optional_policy(`
	chrome_role(user_r, user_t)
')

optional_policy(`
	gnome_role(user_r, user_t)
')

optional_policy(`
	irc_role(user_r, user_t)
')

optional_policy(`
	oident_manage_user_content(user_t)
	oident_relabel_user_content(user_t)
')

optional_policy(`
	mta_role(user_r, user_t)
')

optional_policy(`
	netutils_run_ping_cond(user_t, user_r)
	netutils_run_traceroute_cond(user_t, user_r)
')

optional_policy(`
	polipo_role(user_r, user_t)
	polipo_named_filetrans_cache_home_dirs(user_t)
	polipo_named_filetrans_config_home_files(user_t)
')

optional_policy(`
	rpm_dontaudit_dbus_chat(user_t)
')

optional_policy(`
	rtkit_scheduled(user_t)
')

optional_policy(`
	sandbox_transition(user_t, user_r)
')

optional_policy(`
	ssh_role_template(user, user_r, user_t)
')

optional_policy(`
	screen_role_template(user, user_r, user_t)
')

optional_policy(`
	setroubleshoot_dontaudit_stream_connect(user_t)
')

#optional_policy(`
#	telepathy_dbus_session_role(user_r, user_t)
#')

optional_policy(`
	usbmuxd_stream_connect(user_t)
')

optional_policy(`
	vlock_run(user_t, user_r)
')

optional_policy(`
	xserver_role(user_r, user_t)
')

ifndef(`distro_redhat',`
	optional_policy(`
		auth_role(user_r, user_t)
	')

	optional_policy(`
		bluetooth_role(user_r, user_t)
	')

	optional_policy(`
		cdrecord_role(user_r, user_t)
	')

	optional_policy(`
		cron_role(user_r, user_t)
	')

	optional_policy(`
		dbus_role_template(user, user_r, user_t)
	')

	optional_policy(`
		evolution_role(user_r, user_t)
	')

	optional_policy(`
		games_role(user_r, user_t)
	')

	optional_policy(`
		gift_role(user_r, user_t)
	')

	optional_policy(`
		gpg_role(user_r, user_t)
	')

	optional_policy(`
		hadoop_role(user_r, user_t)
	')

	optional_policy(`
		java_role(user_r, user_t)
	')

	optional_policy(`
		lockdev_role(user_r, user_t)
	')

	optional_policy(`
		lpd_role(user_r, user_t)
	')

	optional_policy(`
		mozilla_role(user_r, user_t)
	')

	optional_policy(`
		mplayer_role(user_r, user_t)
	')

	optional_policy(`
		postgresql_role(user_r, user_t)
	')

	optional_policy(`
		pyzor_role(user_r, user_t)
	')

	optional_policy(`
		razor_role(user_r, user_t)
	')

	optional_policy(`
		rssh_role(user_r, user_t)
	')

	optional_policy(`
		spamassassin_role(user_r, user_t)
	')

	optional_policy(`
		su_role_template(user, user_r, user_t)
	')

	optional_policy(`
		sudo_role_template(user, user_r, user_t)
	')

	optional_policy(`
		thunderbird_role(user_r, user_t)
	')

	optional_policy(`
		tvtime_role(user_r, user_t)
	')

	optional_policy(`
		uml_role(user_r, user_t)
	')

	optional_policy(`
		userhelper_role_template(user, user_r, user_t)
	')

	optional_policy(`
		vmware_role(user_r, user_t)
	')

	optional_policy(`
		wireshark_role(user_r, user_t)
	')
')
Commit	Line	Data
826d0142	1	policy_module(unprivuser, 2.2.0)
e9c6cda7 CP	2
	3	# this module should be named user, but that is
	4	# a compile error since user is a keyword.
	5
	6	########################################
	7	#
	8	# Declarations
	9	#
	10
	11	role user_r;
	12
	13	userdom_unpriv_user_template(user)
	14
3eaa9939	15	fs_exec_noxattr(user_t)
a6c4623b	16	fs_read_hugetlbfs_files(user_t)
3eaa9939	17
56dc5bdf DW	18	storage_read_scsi_generic(user_t)
	19	storage_write_scsi_generic(user_t)
	20
4d22fba0	21	tunable_policy(`allow_execmod',`
a6c4623b	22	userdom_execmod_user_home_files(user_t)
4d22fba0 DW	23	')
4d22fba0 DW	24
4ad28653	25	optional_policy(`
0e7fbb58	26	abrt_read_cache(user_t)
4ad28653 DW	27	')
4ad28653 DW	28
296273a7 CP	29	optional_policy(`
	30	apache_role(user_r, user_t)
	31	')
	32
a3cfe808	33	optional_policy(`
eba77273	34	blueman_dbus_chat(user_t)
a3cfe808 DW	35	')
a3cfe808 DW	36
27608c5b DW	37	optional_policy(`
	38	colord_dbus_chat(user_t)
	39	')
	40
00a867b0	41	optional_policy(`
a6c4623b	42	chrome_role(user_r, user_t)
00a867b0 DG	43	')
00a867b0 DG	44
ca9e8850 DW	45	optional_policy(`
	46	gnome_role(user_r, user_t)
	47	')
	48
f8f030aa DG	49	optional_policy(`
	50	irc_role(user_r, user_t)
	51	')
	52
941e3db5 DG	53	optional_policy(`
	54	oident_manage_user_content(user_t)
	55	oident_relabel_user_content(user_t)
	56	')
	57
9a52a69e MG	58	optional_policy(`
	59	mta_role(user_r, user_t)
	60	')
	61
27720a24 DW	62	optional_policy(`
	63	netutils_run_ping_cond(user_t, user_r)
	64	netutils_run_traceroute_cond(user_t, user_r)
	65	')
	66
f1b7d092 DG	67	optional_policy(`
	68	polipo_role(user_r, user_t)
	69	polipo_named_filetrans_cache_home_dirs(user_t)
	70	polipo_named_filetrans_config_home_files(user_t)
	71	')
	72
3eaa9939 DW	73	optional_policy(`
	74	rpm_dontaudit_dbus_chat(user_t)
	75	')
296273a7	76
3eaa9939 DW	77	optional_policy(`
	78	rtkit_scheduled(user_t)
	79	')
296273a7	80
3eaa9939 DW	81	optional_policy(`
	82	sandbox_transition(user_t, user_r)
	83	')
296273a7	84
32c61288	85	optional_policy(`
4e857ebf	86	ssh_role_template(user, user_r, user_t)
32c61288 MG	87	')
32c61288 MG	88
3eaa9939 DW	89	optional_policy(`
	90	screen_role_template(user, user_r, user_t)
	91	')
296273a7	92
3eaa9939	93	optional_policy(`
14ffaf83	94	setroubleshoot_dontaudit_stream_connect(user_t)
3eaa9939	95	')
296273a7	96
6b772880 DW	97	#optional_policy(`
	98	# telepathy_dbus_session_role(user_r, user_t)
	99	#')
3eaa9939	100
3bf6566d	101	optional_policy(`
	102	usbmuxd_stream_connect(user_t)
	103	')
	104
d35e2ee0	105	optional_policy(`
7f9f5bce	106	vlock_run(user_t, user_r)
d35e2ee0 HC	107	')
d35e2ee0 HC	108
3eaa9939 DW	109	optional_policy(`
3eaa9939 DW	110	xserver_role(user_r, user_t)
296273a7	111	')
2968e068 DW	112
	113	ifndef(`distro_redhat',`
	114	optional_policy(`
	115	auth_role(user_r, user_t)
c87e1502	116	')
2968e068 DW	117
	118	optional_policy(`
	119	bluetooth_role(user_r, user_t)
	120	')
	121
	122	optional_policy(`
	123	cdrecord_role(user_r, user_t)
	124	')
	125
	126	optional_policy(`
	127	cron_role(user_r, user_t)
	128	')
	129
	130	optional_policy(`
	131	dbus_role_template(user, user_r, user_t)
	132	')
296273a7	133
2968e068 DW	134	optional_policy(`
	135	evolution_role(user_r, user_t)
	136	')
	137
	138	optional_policy(`
	139	games_role(user_r, user_t)
	140	')
	141
	142	optional_policy(`
	143	gift_role(user_r, user_t)
	144	')
	145
2968e068 DW	146	optional_policy(`
	147	gpg_role(user_r, user_t)
	148	')
	149
fcb67e8c	150	optional_policy(`
f8f030aa	151	hadoop_role(user_r, user_t)
2968e068 DW	152	')
	153
	154	optional_policy(`
	155	java_role(user_r, user_t)
	156	')
	157
	158	optional_policy(`
	159	lockdev_role(user_r, user_t)
	160	')
	161
	162	optional_policy(`
	163	lpd_role(user_r, user_t)
	164	')
	165
	166	optional_policy(`
	167	mozilla_role(user_r, user_t)
	168	')
	169
	170	optional_policy(`
	171	mplayer_role(user_r, user_t)
	172	')
	173
2968e068 DW	174	optional_policy(`
	175	postgresql_role(user_r, user_t)
	176	')
	177
	178	optional_policy(`
	179	pyzor_role(user_r, user_t)
	180	')
	181
	182	optional_policy(`
	183	razor_role(user_r, user_t)
	184	')
	185
	186	optional_policy(`
	187	rssh_role(user_r, user_t)
	188	')
	189
	190	optional_policy(`
	191	spamassassin_role(user_r, user_t)
	192	')
	193
2968e068 DW	194	optional_policy(`
	195	su_role_template(user, user_r, user_t)
	196	')
	197
	198	optional_policy(`
	199	sudo_role_template(user, user_r, user_t)
	200	')
	201
	202	optional_policy(`
	203	thunderbird_role(user_r, user_t)
	204	')
	205
	206	optional_policy(`
	207	tvtime_role(user_r, user_t)
	208	')
	209
	210	optional_policy(`
	211	uml_role(user_r, user_t)
	212	')
	213
	214	optional_policy(`
	215	userhelper_role_template(user, user_r, user_t)
	216	')
	217
	218	optional_policy(`
	219	vmware_role(user_r, user_t)
	220	')
	221
	222	optional_policy(`
	223	wireshark_role(user_r, user_t)
	224	')
	225	')
27720a24	226