systemd: Logind removes /run/user/* user temp files.

See systemd-user-runtime-dir stop.

Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
Chris PeBenito 2019-12-12 13:41:11 -05:00
parent cb5e78abe7
commit 42145d226a
2 changed files with 95 additions and 0 deletions

View File

@ -524,6 +524,11 @@ userdom_delete_all_user_runtime_files(systemd_logind_t)
userdom_delete_all_user_runtime_named_pipes(systemd_logind_t) userdom_delete_all_user_runtime_named_pipes(systemd_logind_t)
userdom_delete_all_user_runtime_named_sockets(systemd_logind_t) userdom_delete_all_user_runtime_named_sockets(systemd_logind_t)
userdom_delete_all_user_runtime_symlinks(systemd_logind_t) userdom_delete_all_user_runtime_symlinks(systemd_logind_t)
userdom_delete_user_tmp_dirs(systemd_logind_t)
userdom_delete_user_tmp_files(systemd_logind_t)
userdom_delete_user_tmp_symlinks(systemd_logind_t)
userdom_delete_user_tmp_named_pipes(systemd_logind_t)
userdom_delete_user_tmp_named_sockets(systemd_logind_t)
# user_tmp_t is for the dbus-1 directory # user_tmp_t is for the dbus-1 directory
userdom_list_user_tmp(systemd_logind_t) userdom_list_user_tmp(systemd_logind_t)
userdom_manage_user_runtime_dirs(systemd_logind_t) userdom_manage_user_runtime_dirs(systemd_logind_t)

View File

@ -2680,6 +2680,24 @@ interface(`userdom_dontaudit_list_user_tmp',`
dontaudit $1 user_tmp_t:dir list_dir_perms; dontaudit $1 user_tmp_t:dir list_dir_perms;
') ')
########################################
## <summary>
## Delete users temporary directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_delete_user_tmp_dirs',`
gen_require(`
type user_tmp_t;
')
delete_dirs_pattern($1, user_tmp_t, user_tmp_t)
')
######################################## ########################################
## <summary> ## <summary>
## Do not audit attempts to manage users ## Do not audit attempts to manage users
@ -2797,6 +2815,24 @@ interface(`userdom_rw_user_tmp_files',`
userdom_search_user_runtime($1) userdom_search_user_runtime($1)
') ')
########################################
## <summary>
## Delete users temporary files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_delete_user_tmp_files',`
gen_require(`
type user_tmp_t;
')
delete_files_pattern($1, user_tmp_t, user_tmp_t)
')
######################################## ########################################
## <summary> ## <summary>
## Do not audit attempts to manage users ## Do not audit attempts to manage users
@ -2837,6 +2873,24 @@ interface(`userdom_read_user_tmp_symlinks',`
userdom_search_user_runtime($1) userdom_search_user_runtime($1)
') ')
########################################
## <summary>
## Delete users temporary symbolic links.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_delete_user_tmp_symlinks',`
gen_require(`
type user_tmp_t;
')
delete_lnk_files_pattern($1, user_tmp_t, user_tmp_t)
')
######################################## ########################################
## <summary> ## <summary>
## Create, read, write, and delete user ## Create, read, write, and delete user
@ -2858,6 +2912,24 @@ interface(`userdom_manage_user_tmp_dirs',`
userdom_search_user_runtime($1) userdom_search_user_runtime($1)
') ')
########################################
## <summary>
## Delete users temporary named pipes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_delete_user_tmp_named_pipes',`
gen_require(`
type user_tmp_t;
')
delete_fifo_files_pattern($1, user_tmp_t, user_tmp_t)
')
######################################## ########################################
## <summary> ## <summary>
## Create, read, write, and delete user ## Create, read, write, and delete user
@ -2879,6 +2951,24 @@ interface(`userdom_manage_user_tmp_files',`
userdom_search_user_runtime($1) userdom_search_user_runtime($1)
') ')
########################################
## <summary>
## Delete users temporary named sockets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_delete_user_tmp_named_sockets',`
gen_require(`
type user_tmp_t;
')
delete_sock_files_pattern($1, user_tmp_t, user_tmp_t)
')
######################################## ########################################
## <summary> ## <summary>
## Create, read, write, and delete user ## Create, read, write, and delete user