From 0404a3903a51b576c492214cd2d9be45a2252003 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Tue, 21 Jun 2005 21:07:46 +0000 Subject: [PATCH] initial commit of ssh. --- refpolicy/policy/modules/kernel/terminal.if | 20 ++ refpolicy/policy/modules/services/ssh.fc | 0 refpolicy/policy/modules/services/ssh.if | 285 ++++++++++++++++++ refpolicy/policy/modules/services/ssh.te | 229 ++++++++++++++ refpolicy/policy/modules/system/userdomain.if | 127 ++++---- 5 files changed, 605 insertions(+), 56 deletions(-) create mode 100644 refpolicy/policy/modules/services/ssh.fc create mode 100644 refpolicy/policy/modules/services/ssh.if create mode 100644 refpolicy/policy/modules/services/ssh.te diff --git a/refpolicy/policy/modules/kernel/terminal.if b/refpolicy/policy/modules/kernel/terminal.if index c41a0654e..a9871a072 100644 --- a/refpolicy/policy/modules/kernel/terminal.if +++ b/refpolicy/policy/modules/kernel/terminal.if @@ -47,6 +47,26 @@ define(`term_user_pty',` type_change $1 server_ptynode:chr_file $2; ') +######################################## +## +## +## Transform specified type into a pty type +## used by login programs, such as sshd. +## +## +## An object type that will applied to a pty. +## +## +# +define(`term_login_pty',` + gen_require(` + attribute server_ptynode; + ') + + term_pty($1) + typeattribute $1 server_ptynode; +') + ######################################## ## ## diff --git a/refpolicy/policy/modules/services/ssh.fc b/refpolicy/policy/modules/services/ssh.fc new file mode 100644 index 000000000..e69de29bb diff --git a/refpolicy/policy/modules/services/ssh.if b/refpolicy/policy/modules/services/ssh.if new file mode 100644 index 000000000..ad7afd5d1 --- /dev/null +++ b/refpolicy/policy/modules/services/ssh.if @@ -0,0 +1,285 @@ +define(`ssh_per_userdomain_template',` + # Derived domain based on the calling user domain and the program. + type $1_ssh_t; #, privlog, nscd_client_domain; + domain_type($1_ssh_t) + + type $1_home_ssh_t; #, $1_file_type; + files_file_type($1_home_ssh_t) + role $1_r types $1_ssh_t; + + # Transition from the user domain to the derived domain. + domain_auto_trans($1_t, ssh_exec_t, $1_ssh_t) + + libs_use_ld_so($1_ssh_t) + libs_use_shared_libs($1_ssh_t) + + tunable_policy(`use_nfs_home_dirs',` + fs_manage_nfs_dirs($1_ssh_t) + fs_manage_nfs_files($1_ssh_t) + ') + + tunable_policy(`use_samba_home_dirs',` + fs_manage_cifs_dirs($1_ssh_t) + fs_manage_cifs_files($1_ssh_t) + ') + + ifdef(`TODO',` + # Grant permissions within the domain. + general_domain_access($1_ssh_t) + allow $1_ssh_t autofs_t:dir { search getattr }; + + # Use descriptors created by sshd + allow $1_ssh_t privfd:fd use; + + read_locale($1_ssh_t) + + # Get attributes of file systems. + allow $1_ssh_t fs_type:filesystem getattr; + + base_file_read_access($1_ssh_t) + + # Read /var. + allow $1_ssh_t var_t:dir r_dir_perms; + allow $1_ssh_t var_t:notdevfile_class_set r_file_perms; + + # Read /var/run, /var/log. + allow $1_ssh_t var_run_t:dir r_dir_perms; + allow $1_ssh_t var_run_t:{ file lnk_file } r_file_perms; + allow $1_ssh_t var_log_t:dir r_dir_perms; + allow $1_ssh_t var_log_t:{ file lnk_file } r_file_perms; + + # Read /etc. + allow $1_ssh_t etc_t:dir r_dir_perms; + allow $1_ssh_t etc_t:notdevfile_class_set r_file_perms; + allow $1_ssh_t etc_runtime_t:{ file lnk_file } r_file_perms; + + # Read /dev directories and any symbolic links. + allow $1_ssh_t device_t:dir r_dir_perms; + allow $1_ssh_t device_t:lnk_file r_file_perms; + + # Read /dev/urandom. + allow $1_ssh_t urandom_device_t:chr_file r_file_perms; + + # Read and write /dev/null. + allow $1_ssh_t { null_device_t zero_device_t }:chr_file rw_file_perms; + + # Grant permissions needed to create TCP and UDP sockets and + # to access the network. + can_network_client_tcp($1_ssh_t) + can_resolve($1_ssh_t) + can_ypbind($1_ssh_t) + can_kerberos($1_ssh_t) + + # for port forwarding + if (user_tcp_server) { + allow $1_ssh_t port_t:tcp_socket name_bind; + } + + # Use capabilities. + allow $1_ssh_t self:capability { setuid setgid dac_override dac_read_search }; + + # run helper programs - needed eg for x11-ssh-askpass + can_exec($1_ssh_t, { shell_exec_t bin_t }) + + # Read the ssh key file. + allow $1_ssh_t sshd_key_t:file r_file_perms; + + # Access the ssh temporary files. + file_type_auto_trans($1_ssh_t, tmp_t, sshd_tmp_t) + allow $1_ssh_t $1_tmp_t:dir r_dir_perms; + + # for rsync + allow $1_ssh_t $1_t:unix_stream_socket rw_socket_perms; + + # Access the users .ssh directory. + file_type_auto_trans({ sysadm_ssh_t $1_ssh_t }, $1_home_dir_t, $1_home_ssh_t, dir) + file_type_auto_trans($1_ssh_t, $1_home_dir_t, $1_home_ssh_t, sock_file) + allow $1_t $1_home_ssh_t:sock_file create_file_perms; + allow { sysadm_ssh_t $1_ssh_t } $1_home_ssh_t:file create_file_perms; + allow { sysadm_ssh_t $1_ssh_t } $1_home_ssh_t:lnk_file { getattr read }; + dontaudit $1_ssh_t $1_home_t:dir { getattr search }; + r_dir_file({ sshd_t sshd_extern_t }, $1_home_ssh_t) + rw_dir_create_file($1_t, $1_home_ssh_t) + + # for /bin/sh used to execute xauth + dontaudit $1_ssh_t proc_t:dir search; + dontaudit $1_ssh_t proc_t:{ lnk_file file } { getattr read }; + + # Inherit and use descriptors from gnome-pty-helper. + ifdef(`gnome-pty-helper.te', `allow $1_ssh_t $1_gph_t:fd use;') + + # Write to the user domain tty. + access_terminal($1_ssh_t, $1) + + # Allow the user shell to signal the ssh program. + allow $1_t $1_ssh_t:process signal; + # allow ps to show ssh + can_ps($1_t, $1_ssh_t) + + ifdef(`xserver.te', ` + # Communicate with the X server. + ifdef(`startx.te', ` + can_unix_connect($1_ssh_t, $1_xserver_t) + allow $1_ssh_t $1_xserver_tmp_t:sock_file rw_file_perms; + allow $1_ssh_t $1_xserver_tmp_t:dir search; + ')dnl end if startx + ifdef(`xdm.te', ` + allow $1_ssh_t { xdm_xserver_tmp_t xdm_tmp_t }:dir search; + allow $1_ssh_t { xdm_tmp_t }:sock_file write; + ') + ')dnl end if xserver + + ifdef(`ssh-agent.te', ` + ssh_agent_domain($1) + ')dnl end if ssh_agent.te + + #allow ssh to access keys stored on removable media + # Should we have a boolean around this? + allow $1_ssh_t mnt_t:dir search; + r_dir_file($1_ssh_t, removable_t) + + ifdef(`xdm.te', ` + # should be able to remove these two later + allow $1_ssh_t xdm_xserver_tmp_t:sock_file { read write }; + allow $1_ssh_t xdm_xserver_tmp_t:dir search; + allow $1_ssh_t xdm_xserver_t:unix_stream_socket connectto; + allow $1_ssh_t xdm_xserver_t:shm r_shm_perms; + allow $1_ssh_t xdm_xserver_t:fd use; + allow $1_ssh_t xdm_xserver_tmpfs_t:file read; + allow $1_ssh_t xdm_t:fd use; + ')dnl end if xdm.te + ') dnl endif TODO +') + +######################################## +# +# +# +define(`sshd_program_domain', ` + # auth_chkpwd is for running unix_chkpwd and unix_verify. + type $1_t; #, nscd_client_domain; + role system_r types $1_t; + + type $1_devpts_t; + term_login_pty($1_devpts_t) + + type $1_var_run_t; + files_pid_file($1_var_run_t) + + allow $1_t self:capability { kill sys_chroot sys_resource chown dac_override fowner fsetid setgid setuid sys_tty_config }; + allow $1_t self:fifo_file rw_file_perms; + allow $1_t self:process { signal setsched setrlimit setexec }; + + allow $1_t self:tcp_socket { listen accept create connect ioctl read getattr write setattr append bind getopt setopt shutdown }; + allow $1_t self:udp_socket { connect create ioctl read getattr write setattr append bind getopt setopt shutdown }; + + allow $1_t $1_devpts_t:chr_file { rw_file_perms setattr getattr relabelfrom }; + term_create_pty($1_t,$1_devpts_t) + + allow $1_t $1_var_run_t:file create_file_perms; + files_create_pid($1_t,$1_var_run_t,file) + + can_exec($1_t, sshd_exec_t) + + # Access key files + allow $1_t sshd_key_t:file { getattr read }; + + kernel_read_kernel_sysctl($1_t) + + corenet_tcp_sendrecv_all_if($1_t) + corenet_udp_sendrecv_all_if($1_t) + corenet_raw_sendrecv_all_if($1_t) + corenet_tcp_sendrecv_all_nodes($1_t) + corenet_udp_sendrecv_all_nodes($1_t) + corenet_raw_sendrecv_all_nodes($1_t) + corenet_udp_sendrecv_all_ports($1_t) + corenet_tcp_sendrecv_all_ports($1_t) + corenet_tcp_bind_all_nodes($1_t) + corenet_udp_bind_all_nodes($1_t) + + dev_read_urand($1_t) + + selinux_get_fs_mount($1_t) + selinux_validate_context($1_t) + selinux_compute_access_vector($1_t) + selinux_compute_create_context($1_t) + selinux_compute_relabel_context($1_t) + selinux_compute_user_contexts($1_t) + + auth_dontaudit_read_shadow($1_t) + auth_domtrans_chk_passwd($1_t) + auth_rw_login_records($1_t) + auth_rw_lastlog($1_t) + + domain_wide_inherit_fd($1_t) + domain_subj_id_change_exempt($1_t) + domain_role_change_exempt($1_t) + domain_obj_id_change_exempt($1_t) + + files_read_generic_etc_files($1_t) + files_read_etc_runtime_files($1_t) + + init_rw_script_pid($1_t) + + libs_use_ld_so($1_t) + libs_use_shared_libs($1_t) + + logging_search_logs($1_t) + logging_send_syslog_msg($1_t) + + miscfiles_read_localization($1_t) + + seutil_read_default_contexts($1_t) + + sysnet_read_config($1_t) + + tunable_policy(`use_nfs_home_dirs',` + fs_read_nfs_files($1_t) + ') + + tunable_policy(`use_samba_home_dirs',` + fs_read_cifs_files($1_t) + ') + + ifdef(`TODO',` + + # do not allow statfs() + dontaudit $1_t fs_type:filesystem getattr; + + allow $1_t bin_t:dir search; + allow $1_t bin_t:lnk_file read; + + # for sshd subsystems, such as sftp-server. + allow $1_t bin_t:file getattr; + + # Read /var. + allow $1_t var_t:dir getattr; + + ifdef(`mount.te', ` + allow $1_t mount_t:udp_socket rw_socket_perms; + ') + + allow $1_t { home_root_t home_dir_type }:dir { search getattr }; + allow $1_t autofs_t:dir { search getattr }; + + dontaudit sshd_t userpty_type:chr_file relabelfrom; + + optional_policy(`inetd.te',` + if (run_ssh_inetd) { + allow $1_t self:process signal; + allow $1_t inetd_t:tcp_socket rw_socket_perms; + allow $1_t var_run_t:dir { getattr search }; + } else { + corenet_tcp_bind_ssh_port($1_t) + init_use_fd($1_t) + init_use_script_pty($1_t) + } + ',` + # These rules should match the else block + # of the run_ssh_inetd conditional directly above + corenet_tcp_bind_ssh_port($1_t) + init_use_fd($1_t) + init_use_script_pty($1_t) + ') + ') dnl end TODO +') diff --git a/refpolicy/policy/modules/services/ssh.te b/refpolicy/policy/modules/services/ssh.te new file mode 100644 index 000000000..2a0290df9 --- /dev/null +++ b/refpolicy/policy/modules/services/ssh.te @@ -0,0 +1,229 @@ + +policy_module(ssh,1.0) + +######################################## +# +# Declarations +# + +# Allow ssh logins as sysadm_r:sysadm_t +bool ssh_sysadm_login false; + +# Allow ssh to run from inetd instead of as a daemon. +bool run_ssh_inetd false; + +# Type for the ssh-agent executable. +type ssh_agent_exec_t; +files_file_type(ssh_agent_exec_t) + +# ssh client executable. +type ssh_exec_t; +files_file_type(ssh_exec_t) + +type ssh_keygen_t; +type ssh_keygen_exec_t; +init_daemon_domain(ssh_keygen_t,ssh_keygen_exec_t) +role system_r types ssh_keygen_t; + +# ssh server executable +type sshd_exec_t; +files_file_type(sshd_exec_t) + +type sshd_key_t; +files_file_type(sshd_key_t) + +type sshd_tmp_t; +files_tmp_file(sshd_tmp_t) + +################################# +# +# sshd local policy +# +# sshd_t is the domain for the sshd program. +# + +sshd_program_domain(sshd) + +allow sshd_t sshd_tmp_t:dir create_dir_perms; +allow sshd_t sshd_tmp_t:file create_file_perms; +allow sshd_t sshd_tmp_t:sock_file create_file_perms; +files_create_tmp_files(sshd_t, sshd_tmp_t, { dir file sock_file }) + +# for X forwarding +corenet_tcp_bind_xserver_port(sshd_t) + +auth_exec_pam(sshd_t) + +seutil_read_config(sshd_t) + +ifdef(`TODO',` +if (ssh_sysadm_login) { + userdom_spec_domtrans_all_users(sshd_t) + userdom_signal_all_users(sshd_t) + + ifdef(`xauth.te',` + domain_trans(sshd_t, xauth_exec_t, userdomain) + ') + # Relabel and access ptys created by sshd + # ioctl is necessary for logout() processing for utmp entry and for w to + # display the tty. + # some versions of sshd on the new SE Linux require setattr + allow sshd_t ptyfile:chr_file { relabelto read write getattr ioctl setattr }; + # inheriting stream sockets is needed for "ssh host command" as no pty + # is allocated + allow userdomain sshd_t:unix_stream_socket rw_stream_socket_perms; +} else { + userdom_spec_domtrans_unpriv_users(sshd_t) + userdom_signal_unpriv_users(sshd_t) + + ifdef(`xauth.te',` + domain_trans(sshd_t, xauth_exec_t, unpriv_userdomain) + ') + # Relabel and access ptys created by sshd + # ioctl is necessary for logout() processing for utmp entry and for w to + # display the tty. + # some versions of sshd on the new SE Linux require setattr + allow sshd_t userpty_type:chr_file { relabelto read write getattr ioctl setattr }; + # inheriting stream sockets is needed for "ssh host command" as no pty + # is allocated + allow userdomain sshd_t:unix_stream_socket rw_stream_socket_perms; +} + +# for when the network connection breaks after running newrole -r sysadm_r +dontaudit sshd_t sysadm_devpts_t:chr_file setattr; + +# Allow checking users mail at login +allow sshd_t { var_spool_t mail_spool_t }:dir search; +allow sshd_t mail_spool_t:lnk_file read; +allow sshd_t mail_spool_t:file getattr; +') dnl endif TODO + +################################# +# +# sshd_extern local policy +# +# sshd_extern_t is the domain for ssh from outside our network +# +ifdef(`TODO',` +sshd_program_domain(sshd_extern) + +domain_trans(sshd_extern_t, shell_exec_t, user_mini_domain) +# Signal the user domains. +allow sshd_extern_t user_mini_domain:process signal; + +ifdef(`xauth.te', ` +domain_trans(sshd_extern_t, xauth_exec_t, user_mini_domain) +') + +# Relabel and access ptys created by sshd +# ioctl is necessary for logout() processing for utmp entry and for w to +# display the tty. +# some versions of sshd on the new SE Linux require setattr +allow sshd_extern_t user_mini_domain:chr_file { relabelto read write getattr ioctl setattr }; + +# inheriting stream sockets is needed for "ssh host command" as no pty +# is allocated +allow user_mini_domain sshd_extern_t:unix_stream_socket rw_stream_socket_perms; + +optional_policy(`inetd.te',` + if (run_ssh_inetd) { + allow inetd_t ssh_port_t:tcp_socket name_bind; + domain_auto_trans(inetd_t, sshd_exec_t, sshd_t) + domain_trans(inetd_t, sshd_exec_t, sshd_extern_t) + } else { + domain_auto_trans(initrc_t, sshd_exec_t, sshd_t) + domain_trans(initrc_t, sshd_exec_t, sshd_extern_t) + dontaudit initrc_t sshd_key_t:file { getattr read }; + } +',` + # These rules should match the else block + # of the run_ssh_inetd conditional directly above + domain_auto_trans(initrc_t, sshd_exec_t, sshd_t) + domain_trans(initrc_t, sshd_exec_t, sshd_extern_t) + dontaudit initrc_t sshd_key_t:file { getattr read }; +') + +ifdef(`direct_sysadm_daemon', ` +# Direct execution by sysadm_r. +domain_auto_trans(sysadm_t, sshd_exec_t, sshd_t) +role_transition sysadm_r sshd_exec_t system_r; +') + +# so a tunnel can point to another ssh tunnel... +allow sshd_t self:tcp_socket { acceptfrom connectto recvfrom }; +allow sshd_t kernel_t:tcp_socket recvfrom; +allow sshd_t kernel_t:tcp_socket recvfrom; + +# for port forwarding +allow userdomain sshd_t:tcp_socket { connectto recvfrom }; +allow sshd_t userdomain:tcp_socket { acceptfrom recvfrom }; +allow userdomain kernel_t:tcp_socket recvfrom; +allow sshd_t kernel_t:tcp_socket recvfrom; +') dnl endif TODO + +######################################## +# +# ssh_keygen local policy +# + +# ssh_keygen_t is the type of the ssh-keygen program when run at install time +# and by sysadm_t + +dontaudit ssh_keygen_t self:capability sys_tty_config; +allow ssh_keygen_t self:process { sigchld sigkill sigstop signull signal }; + +allow ssh_keygen_t self:unix_stream_socket create_stream_socket_perms; + +allow ssh_keygen_t sshd_key_t:file create_file_perms; +files_create_etc_config(ssh_keygen_t,sshd_key_t,file) + +kernel_read_kernel_sysctl(ssh_keygen_t) + +dev_read_sysfs(ssh_keygen_t) +dev_read_urand(ssh_keygen_t) + +term_dontaudit_use_console(ssh_keygen_t) + +domain_use_wide_inherit_fd(ssh_keygen_t) + +files_read_generic_etc_files(ssh_keygen_t) + +init_use_fd(ssh_keygen_t) +init_use_script_pty(ssh_keygen_t) + +libs_use_ld_so(ssh_keygen_t) +libs_use_shared_libs(ssh_keygen_t) + +logging_send_syslog_msg(ssh_keygen_t) + +allow ssh_keygen_t proc_t:dir r_dir_perms; +allow ssh_keygen_t proc_t:lnk_file read; + +userdom_use_sysadm_tty(ssh_keygen_t) +userdom_dontaudit_use_unpriv_user_fd(ssh_keygen_t) + +ifdef(`direct_sysadm_daemon',` + userdom_dontaudit_use_sysadm_terms(ssh_keygen_t) +') + +ifdef(`targeted_policy', ` + term_dontaudit_use_unallocated_tty(ssh_keygen_t) + term_dontaudit_use_generic_pty(ssh_keygen_t) + files_dontaudit_read_root_file(ssh_keygen_t) +') + +optional_policy(`rhgb.te', ` + rhgb_domain(ssh_keygen_t) +') + +optional_policy(`selinux.te',` + seutil_newrole_sigchld(ssh_keygen_t) +') + +optional_policy(`udev.te', ` + udev_read_db(ssh_keygen_t) +') + +ifdef(`TODO',` +allow ssh_keygen_t autofs_t:dir { search getattr }; +') diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if index 2f804f74f..f129a4373 100644 --- a/refpolicy/policy/modules/system/userdomain.if +++ b/refpolicy/policy/modules/system/userdomain.if @@ -868,11 +868,31 @@ define(`userdom_shell_domtrans_sysadm_depend',` type sysadm_t; ') +######################################## +## +## +## Read and write sysadm ttys. +## +## +## The type of the process performing this action. +## +## +# +define(`userdom_use_sysadm_tty',` + gen_require(` + type sysadm_tty_device_t; + class chr_file { getattr read write ioctl }; + ') + + dev_list_all_dev_nodes($1) + term_list_ptys($1) + allow $1 sysadm_tty_device_t:chr_file { getattr read write ioctl }; +') + ######################################## ## ## -## Read and write administrative users -## physical and pseudo terminals. +## Read and write sysadm ttys and ptys. ## ## ## The type of the process performing this action. @@ -880,19 +900,16 @@ define(`userdom_shell_domtrans_sysadm_depend',` ## # define(`userdom_use_sysadm_terms',` - gen_require(`$0'_depend) + gen_require(` + attribute admin_terminal; + class chr_file { getattr read write ioctl }; + ') dev_list_all_dev_nodes($1) term_list_ptys($1) allow $1 admin_terminal:chr_file { getattr read write ioctl }; ') -define(`userdom_use_sysadm_terms_depend',` - attribute admin_terminal; - - class chr_file { getattr read write ioctl }; -') - ######################################## ## ## @@ -904,17 +921,14 @@ define(`userdom_use_sysadm_terms_depend',` ## # define(`userdom_dontaudit_use_sysadm_terms',` - gen_require(`$0'_depend) + gen_require(` + attribute admin_terminal; + class chr_file { read write }; + ') dontaudit $1 admin_terminal:chr_file { read write }; ') -define(`userdom_dontaudit_use_sysadm_terms_depend',` - attribute admin_terminal; - - class chr_file { read write }; -') - ######################################## ## ## @@ -926,18 +940,15 @@ define(`userdom_dontaudit_use_sysadm_terms_depend',` ## # define(`userdom_search_all_users_home',` - gen_require(`$0'_depend) + gen_require(` + attribute home_dir_type, home_type; + class dir search; + ') files_list_home($1) allow $1 { home_dir_type home_type }:dir search; ') -define(`userdom_search_all_users_home_depend',` - attribute home_dir_type, home_type; - - class dir search; -') - ######################################## ## ## @@ -949,20 +960,17 @@ define(`userdom_search_all_users_home_depend',` ## # define(`userdom_read_all_user_data',` - gen_require(`$0'_depend) + gen_require(` + attribute home_type; + class dir r_dir_perms; + class file r_file_perms; + ') files_list_home($1) allow $1 home_type:dir r_dir_perms; allow $1 home_type:file r_file_perms; ') -define(`userdom_read_all_user_data_depend',` - attribute home_type; - - class dir r_dir_perms; - class file r_file_perms; -') - ######################################## ## ## @@ -974,17 +982,14 @@ define(`userdom_read_all_user_data_depend',` ## # define(`userdom_use_all_user_fd',` - gen_require(`$0'_depend) + gen_require(` + attribute userdomain; + class fd use; + ') allow $1 userdomain:fd use; ') -define(`userdom_use_all_user_fd_depend',` - attribute userdomain; - - class fd use; -') - ######################################## ## ## @@ -996,15 +1001,31 @@ define(`userdom_use_all_user_fd_depend',` ## # define(`userdom_signal_all_users',` - gen_require(`$0'_depend) + gen_require(` + attribute userdomain; + class process signal; + ') allow $1 userdomain:process signal; ') -define(`userdom_signal_all_users_depend',` - attribute userdomain; +######################################## +## +## +## Send general signals to unprivileged user domains. +## +## +## The type of the process performing this action. +## +## +# +define(`userdom_signal_unpriv_users',` + gen_require(` + attribute unpriv_userdomain; + class process signal; + ') - class process signal; + allow $1 unpriv_userdomain:process signal; ') ######################################## @@ -1018,17 +1039,14 @@ define(`userdom_signal_all_users_depend',` ## # define(`userdom_use_unpriv_users_fd',` - gen_require(`$0'_depend) + gen_require(` + attribute unpriv_userdomain; + class fd use; + ') allow $1 unpriv_userdomain:fd use; ') -define(`userdom_use_unpriv_users_fd_depend',` - attribute unpriv_userdomain; - - class fd use; -') - ######################################## ## ## @@ -1041,15 +1059,12 @@ define(`userdom_use_unpriv_users_fd_depend',` ## # define(`userdom_dontaudit_use_unpriv_user_fd',` - gen_require(`$0'_depend) + gen_require(` + attribute unpriv_userdomain; + class fd use; + ') dontaudit $1 unpriv_userdomain:fd use; ') -define(`userdom_dontaudit_use_unpriv_user_fd_depend',` - attribute unpriv_userdomain; - - class fd use; -') - ##