policy/modules/roles/unprivuser.te

   1 policy_module(unprivuser, 2.2.0)
   2
   3 # this module should be named user, but that is
   4 # a compile error since user is a keyword.
   5
   6 ########################################
   7 #
   8 # Declarations
   9 #
  10
  11 role user_r;
  12
  13 userdom_unpriv_user_template(user)
  14
  15 fs_exec_noxattr(user_t)
  16 fs_read_hugetlbfs_files(user_t)
  17
  18 storage_read_scsi_generic(user_t)
  19 storage_write_scsi_generic(user_t)
  20
  21 tunable_policy(`allow_execmod',`
  22         userdom_execmod_user_home_files(user_t)
  23 ')
  24
  25 optional_policy(`
  26         abrt_read_cache(user_t)
  27 ')
  28
  29 optional_policy(`
  30         apache_role(user_r, user_t)
  31 ')
  32
  33 optional_policy(`
  34         blueman_dbus_chat(user_t)
  35 ')
  36
  37 optional_policy(`
  38         colord_dbus_chat(user_t)
  39 ')
  40
  41 optional_policy(`
  42         chrome_role(user_r, user_t)
  43 ')
  44
  45 optional_policy(`
  46         gnome_role(user_r, user_t)
  47 ')
  48
  49 optional_policy(`
  50         irc_role(user_r, user_t)
  51 ')
  52
  53 optional_policy(`
  54         oident_manage_user_content(user_t)
  55         oident_relabel_user_content(user_t)
  56 ')
  57
  58 optional_policy(`
  59         mta_role(user_r, user_t)
  60 ')
  61
  62 optional_policy(`
  63         netutils_run_ping_cond(user_t, user_r)
  64         netutils_run_traceroute_cond(user_t, user_r)
  65 ')
  66
  67 optional_policy(`
  68         polipo_role(user_r, user_t)
  69         polipo_named_filetrans_cache_home_dirs(user_t)
  70         polipo_named_filetrans_config_home_files(user_t)
  71 ')
  72
  73 optional_policy(`
  74         rpm_dontaudit_dbus_chat(user_t)
  75 ')
  76
  77 optional_policy(`
  78         rtkit_scheduled(user_t)
  79 ')
  80
  81 optional_policy(`
  82         sandbox_transition(user_t, user_r)
  83 ')
  84
  85 optional_policy(`
  86         ssh_role_template(user, user_r, user_t)
  87 ')
  88
  89 optional_policy(`
  90         screen_role_template(user, user_r, user_t)
  91 ')
  92
  93 optional_policy(`
  94         setroubleshoot_dontaudit_stream_connect(user_t)
  95 ')
  96
  97 #optional_policy(`
  98 #       telepathy_dbus_session_role(user_r, user_t)
  99 #')
 100
 101 optional_policy(`
 102         usbmuxd_stream_connect(user_t)
 103 ')
 104
 105 optional_policy(`
 106         vlock_run(user_t, user_r)
 107 ')
 108
 109 optional_policy(`
 110         xserver_role(user_r, user_t)
 111 ')
 112
 113 ifndef(`distro_redhat',`
 114         optional_policy(`
 115                 auth_role(user_r, user_t)
 116         ')
 117
 118         optional_policy(`
 119                 bluetooth_role(user_r, user_t)
 120         ')
 121
 122         optional_policy(`
 123                 cdrecord_role(user_r, user_t)
 124         ')
 125
 126         optional_policy(`
 127                 cron_role(user_r, user_t)
 128         ')
 129
 130         optional_policy(`
 131                 dbus_role_template(user, user_r, user_t)
 132         ')
 133
 134         optional_policy(`
 135                 evolution_role(user_r, user_t)
 136         ')
 137
 138         optional_policy(`
 139                 games_role(user_r, user_t)
 140         ')
 141
 142         optional_policy(`
 143                 gift_role(user_r, user_t)
 144         ')
 145
 146         optional_policy(`
 147                 gpg_role(user_r, user_t)
 148         ')
 149
 150         optional_policy(`
 151                 hadoop_role(user_r, user_t)
 152         ')
 153
 154         optional_policy(`
 155                 java_role(user_r, user_t)
 156         ')
 157
 158         optional_policy(`
 159                 lockdev_role(user_r, user_t)
 160         ')
 161
 162         optional_policy(`
 163                 lpd_role(user_r, user_t)
 164         ')
 165
 166         optional_policy(`
 167                 mozilla_role(user_r, user_t)
 168         ')
 169
 170         optional_policy(`
 171                 mplayer_role(user_r, user_t)
 172         ')
 173
 174         optional_policy(`
 175                 postgresql_role(user_r, user_t)
 176         ')
 177
 178         optional_policy(`
 179                 pyzor_role(user_r, user_t)
 180         ')
 181
 182         optional_policy(`
 183                 razor_role(user_r, user_t)
 184         ')
 185
 186         optional_policy(`
 187                 rssh_role(user_r, user_t)
 188         ')
 189
 190         optional_policy(`
 191                 spamassassin_role(user_r, user_t)
 192         ')
 193
 194         optional_policy(`
 195                 su_role_template(user, user_r, user_t)
 196         ')
 197
 198         optional_policy(`
 199                 sudo_role_template(user, user_r, user_t)
 200         ')
 201
 202         optional_policy(`
 203                 thunderbird_role(user_r, user_t)
 204         ')
 205
 206         optional_policy(`
 207                 tvtime_role(user_r, user_t)
 208         ')
 209
 210         optional_policy(`
 211                 uml_role(user_r, user_t)
 212         ')
 213
 214         optional_policy(`
 215                 userhelper_role_template(user, user_r, user_t)
 216         ')
 217
 218         optional_policy(`
 219                 vmware_role(user_r, user_t)
 220         ')
 221
 222         optional_policy(`
 223                 wireshark_role(user_r, user_t)
 224         ')
 225 ')
 226