Merge pull request #154 from pebenito/logind-user-tmp-rm

This commit is contained in:
Chris PeBenito 2020-01-11 10:29:27 -05:00
commit ced5c5c71e
2 changed files with 95 additions and 0 deletions

View File

@ -527,6 +527,11 @@ userdom_delete_all_user_runtime_files(systemd_logind_t)
userdom_delete_all_user_runtime_named_pipes(systemd_logind_t)
userdom_delete_all_user_runtime_named_sockets(systemd_logind_t)
userdom_delete_all_user_runtime_symlinks(systemd_logind_t)
userdom_delete_user_tmp_dirs(systemd_logind_t)
userdom_delete_user_tmp_files(systemd_logind_t)
userdom_delete_user_tmp_symlinks(systemd_logind_t)
userdom_delete_user_tmp_named_pipes(systemd_logind_t)
userdom_delete_user_tmp_named_sockets(systemd_logind_t)
# user_tmp_t is for the dbus-1 directory
userdom_list_user_tmp(systemd_logind_t)
userdom_manage_user_runtime_dirs(systemd_logind_t)

View File

@ -2680,6 +2680,24 @@ interface(`userdom_dontaudit_list_user_tmp',`
dontaudit $1 user_tmp_t:dir list_dir_perms;
')
########################################
## <summary>
## Delete users temporary directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_delete_user_tmp_dirs',`
gen_require(`
type user_tmp_t;
')
delete_dirs_pattern($1, user_tmp_t, user_tmp_t)
')
########################################
## <summary>
## Do not audit attempts to manage users
@ -2797,6 +2815,24 @@ interface(`userdom_rw_user_tmp_files',`
userdom_search_user_runtime($1)
')
########################################
## <summary>
## Delete users temporary files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_delete_user_tmp_files',`
gen_require(`
type user_tmp_t;
')
delete_files_pattern($1, user_tmp_t, user_tmp_t)
')
########################################
## <summary>
## Do not audit attempts to manage users
@ -2837,6 +2873,24 @@ interface(`userdom_read_user_tmp_symlinks',`
userdom_search_user_runtime($1)
')
########################################
## <summary>
## Delete users temporary symbolic links.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_delete_user_tmp_symlinks',`
gen_require(`
type user_tmp_t;
')
delete_lnk_files_pattern($1, user_tmp_t, user_tmp_t)
')
########################################
## <summary>
## Create, read, write, and delete user
@ -2858,6 +2912,24 @@ interface(`userdom_manage_user_tmp_dirs',`
userdom_search_user_runtime($1)
')
########################################
## <summary>
## Delete users temporary named pipes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_delete_user_tmp_named_pipes',`
gen_require(`
type user_tmp_t;
')
delete_fifo_files_pattern($1, user_tmp_t, user_tmp_t)
')
########################################
## <summary>
## Create, read, write, and delete user
@ -2879,6 +2951,24 @@ interface(`userdom_manage_user_tmp_files',`
userdom_search_user_runtime($1)
')
########################################
## <summary>
## Delete users temporary named sockets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`userdom_delete_user_tmp_named_sockets',`
gen_require(`
type user_tmp_t;
')
delete_sock_files_pattern($1, user_tmp_t, user_tmp_t)
')
########################################
## <summary>
## Create, read, write, and delete user