diff --git a/Changelog b/Changelog index c22e117e9..d53c46846 100644 --- a/Changelog +++ b/Changelog @@ -21,6 +21,7 @@ - Fix clockspeed_run_cli() declaration, it was incorrectly defined as a template instead of an interface. - Added modules: + amtu (Dan Walsh) apcupsd (Dan Walsh) rwho (Nalin Dahyabhai) diff --git a/policy/modules/admin/amtu.fc b/policy/modules/admin/amtu.fc new file mode 100644 index 000000000..809f77424 --- /dev/null +++ b/policy/modules/admin/amtu.fc @@ -0,0 +1 @@ +/usr/bin/amtu -- gen_context(system_u:object_r:amtu_exec_t,s0) diff --git a/policy/modules/admin/amtu.if b/policy/modules/admin/amtu.if new file mode 100644 index 000000000..02559be02 --- /dev/null +++ b/policy/modules/admin/amtu.if @@ -0,0 +1,51 @@ +## Abstract Machine Test Utility + +######################################## +## +## Execute amtu in the amtu domain. +## +## +## +## Domain allowed access. +## +## +# +interface(`amtu_domtrans',` + gen_require(` + type amtu_t, amtu_exec_t; + ') + + corecmd_search_bin($1) + domtrans_pattern($1,amtu_exec_t,amtu_t) +') + +######################################## +## +## Execute amtu in the amtu domain, and +## allow the specified role the amtu domain. +## +## +## +## Domain allowed access. +## +## +## +## +## The role to be allowed the amtu domain. +## +## +## +## +## The type of the terminal allow the amtu domain to use. +## +## +# +interface(`amtu_run',` + gen_require(` + type amtu_t; + ') + + amtu_domtrans($1) + role $2 types amtu_t; + allow amtu_t $3:chr_file rw_term_perms; +') diff --git a/policy/modules/admin/amtu.te b/policy/modules/admin/amtu.te new file mode 100644 index 000000000..ac7c3d84b --- /dev/null +++ b/policy/modules/admin/amtu.te @@ -0,0 +1,35 @@ +policy_module(amtu,1.0.23) + +######################################## +# +# Declarations +# + +type amtu_t; +type amtu_exec_t; +domain_type(amtu_t) +domain_entry_file(amtu_t, amtu_exec_t) + +######################################## +# +# amtu local policy +# + +kernel_read_system_state(amtu_t) + +files_manage_boot_files(amtu_t) +files_read_etc_runtime_files(amtu_t) +files_read_etc_files(amtu_t) + +libs_use_ld_so(amtu_t) +libs_use_shared_libs(amtu_t) + +logging_send_audit_msgs(amtu_t) + +optional_policy(` + nscd_dontaudit_search_pid(amtu_t) +') + +optional_policy(` + seutil_use_newrole_fds(amtu_t) +')