Introduce exec-check interfaces for passwd binaries and useradd binaries
Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
parent
be31d3a183
commit
517f37fd26
|
@ -138,6 +138,24 @@ interface(`usermanage_kill_passwd',`
|
||||||
allow $1 passwd_t:process sigkill;
|
allow $1 passwd_t:process sigkill;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Check if the passwd binary is executable.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`usermanage_check_exec_passwd',`
|
||||||
|
gen_require(`
|
||||||
|
type passwd_exec_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 passwd_exec_t:file { execute getattr_file_perms };
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute passwd in the passwd domain, and
|
## Execute passwd in the passwd domain, and
|
||||||
|
@ -251,6 +269,24 @@ interface(`usermanage_domtrans_useradd',`
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Check if the useradd binaries are executable.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`usermanage_check_exec_useradd',`
|
||||||
|
gen_require(`
|
||||||
|
type useradd_exec_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
allow $1 useradd_exec_t:file { execute getattr_file_perms };
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Execute useradd in the useradd domain, and
|
## Execute useradd in the useradd domain, and
|
||||||
|
|
Loading…
Reference in New Issue