auth_dontaudit_write_login_records($1_t)
auth_rw_cache($1_t)
+ application_exec_all($1_t)
+ # The library functions always try to open read-write first,
+ # then fall back to read-only if it fails.
+ init_dontaudit_rw_utmp($1_t)
+
# Stop warnings about access to /dev/console
init_dontaudit_use_fds($1_usertype)
init_dontaudit_use_script_fds($1_usertype)
#
optional_policy(`
- loadkeys_run($1_t,$1_r)
+ loadkeys_run($1_t, $1_r)
')
')
storage_rw_fuse($1_t)
+ files_exec_usr_files($1_t)
+ # cjp: why?
+ files_read_kernel_symbol_table($1_t)
+
+ ifndef(`enable_mls',`
+ fs_exec_noxattr($1_t)
+
+ tunable_policy(`user_rw_noexattrfile',`
+ fs_manage_noxattr_fs_files($1_t)
+ fs_manage_noxattr_fs_dirs($1_t)
+ # Write floppies
+ storage_raw_read_removable_device($1_t)
+ storage_raw_write_removable_device($1_t)
+ ',`
+ storage_raw_read_removable_device($1_t)
+ ')
+ ')
+
miscfiles_read_hwdata($1_usertype)
# Allow users to run TCP servers (bind to ports and accept connection from