systemd: Logind removes /run/user/* user temp files.
See systemd-user-runtime-dir stop. Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
This commit is contained in:
parent
cb5e78abe7
commit
42145d226a
@ -524,6 +524,11 @@ userdom_delete_all_user_runtime_files(systemd_logind_t)
|
||||
userdom_delete_all_user_runtime_named_pipes(systemd_logind_t)
|
||||
userdom_delete_all_user_runtime_named_sockets(systemd_logind_t)
|
||||
userdom_delete_all_user_runtime_symlinks(systemd_logind_t)
|
||||
userdom_delete_user_tmp_dirs(systemd_logind_t)
|
||||
userdom_delete_user_tmp_files(systemd_logind_t)
|
||||
userdom_delete_user_tmp_symlinks(systemd_logind_t)
|
||||
userdom_delete_user_tmp_named_pipes(systemd_logind_t)
|
||||
userdom_delete_user_tmp_named_sockets(systemd_logind_t)
|
||||
# user_tmp_t is for the dbus-1 directory
|
||||
userdom_list_user_tmp(systemd_logind_t)
|
||||
userdom_manage_user_runtime_dirs(systemd_logind_t)
|
||||
|
@ -2680,6 +2680,24 @@ interface(`userdom_dontaudit_list_user_tmp',`
|
||||
dontaudit $1 user_tmp_t:dir list_dir_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Delete users temporary directories.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`userdom_delete_user_tmp_dirs',`
|
||||
gen_require(`
|
||||
type user_tmp_t;
|
||||
')
|
||||
|
||||
delete_dirs_pattern($1, user_tmp_t, user_tmp_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to manage users
|
||||
@ -2797,6 +2815,24 @@ interface(`userdom_rw_user_tmp_files',`
|
||||
userdom_search_user_runtime($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Delete users temporary files.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`userdom_delete_user_tmp_files',`
|
||||
gen_require(`
|
||||
type user_tmp_t;
|
||||
')
|
||||
|
||||
delete_files_pattern($1, user_tmp_t, user_tmp_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Do not audit attempts to manage users
|
||||
@ -2837,6 +2873,24 @@ interface(`userdom_read_user_tmp_symlinks',`
|
||||
userdom_search_user_runtime($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Delete users temporary symbolic links.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`userdom_delete_user_tmp_symlinks',`
|
||||
gen_require(`
|
||||
type user_tmp_t;
|
||||
')
|
||||
|
||||
delete_lnk_files_pattern($1, user_tmp_t, user_tmp_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Create, read, write, and delete user
|
||||
@ -2858,6 +2912,24 @@ interface(`userdom_manage_user_tmp_dirs',`
|
||||
userdom_search_user_runtime($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Delete users temporary named pipes.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`userdom_delete_user_tmp_named_pipes',`
|
||||
gen_require(`
|
||||
type user_tmp_t;
|
||||
')
|
||||
|
||||
delete_fifo_files_pattern($1, user_tmp_t, user_tmp_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Create, read, write, and delete user
|
||||
@ -2879,6 +2951,24 @@ interface(`userdom_manage_user_tmp_files',`
|
||||
userdom_search_user_runtime($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Delete users temporary named sockets.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`userdom_delete_user_tmp_named_sockets',`
|
||||
gen_require(`
|
||||
type user_tmp_t;
|
||||
')
|
||||
|
||||
delete_sock_files_pattern($1, user_tmp_t, user_tmp_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Create, read, write, and delete user
|
||||
|
Loading…
Reference in New Issue
Block a user