Introduce exec-check interfaces for passwd binaries and useradd binaries

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
Sven Vermeulen 2012-12-17 10:42:50 +01:00 committed by Chris PeBenito
parent be31d3a183
commit 517f37fd26
1 changed files with 36 additions and 0 deletions

View File

@ -138,6 +138,24 @@ interface(`usermanage_kill_passwd',`
allow $1 passwd_t:process sigkill; allow $1 passwd_t:process sigkill;
') ')
########################################
## <summary>
## Check if the passwd binary is executable.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`usermanage_check_exec_passwd',`
gen_require(`
type passwd_exec_t;
')
allow $1 passwd_exec_t:file { execute getattr_file_perms };
')
######################################## ########################################
## <summary> ## <summary>
## Execute passwd in the passwd domain, and ## Execute passwd in the passwd domain, and
@ -251,6 +269,24 @@ interface(`usermanage_domtrans_useradd',`
') ')
') ')
########################################
## <summary>
## Check if the useradd binaries are executable.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`usermanage_check_exec_useradd',`
gen_require(`
type useradd_exec_t;
')
allow $1 useradd_exec_t:file { execute getattr_file_perms };
')
######################################## ########################################
## <summary> ## <summary>
## Execute useradd in the useradd domain, and ## Execute useradd in the useradd domain, and