mirrors
/
tigervnc
mirror of https://github.com/TigerVNC/tigervnc.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 37 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4311 Commits
15 Branches
Tree: 23cf514ac2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '23cf514ac2'
${ noResults }
tigervnc/unix/vncserver/selinux/vncsession.te

vncsession.te 2.5KB
Raw Blame History

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 
  1. #

  2. #  Copyright 2018-2020 Pierre Ossman for Cendio AB

  3. #

  4. #  This is free software; you can redistribute it and/or modify

  5. #  it under the terms of the GNU General Public License as published by

  6. #  the Free Software Foundation; either version 2 of the License, or

  7. #  (at your option) any later version.

  8. #

  9. #  This software is distributed in the hope that it will be useful,

  10. #  but WITHOUT ANY WARRANTY; without even the implied warranty of

  11. #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  12. #  GNU General Public License for more details.

  13. #

  14. #  You should have received a copy of the GNU General Public License

  15. #  along with this software; if not, write to the Free Software

  16. #  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,

  17. #  USA.

  18. #

  19. 

  20. policy_module(vncsession, 1.0.0)

  21. 

  22. gen_require(`

  23. 	attribute userdomain;

  24. 	type xdm_home_t;

  25. ')

  26. 

  27. type vnc_session_t;

  28. type vnc_session_exec_t;

  29. init_daemon_domain(vnc_session_t, vnc_session_exec_t)

  30. can_exec(vnc_session_t, vnc_session_exec_t)

  31. 

  32. type vnc_session_var_run_t;

  33. files_pid_file(vnc_session_var_run_t)

  34. 

  35. allow vnc_session_t self:capability { chown dac_override dac_read_search fowner kill setgid setuid sys_resource };

  36. allow vnc_session_t self:process { getcap setexec setrlimit setsched };

  37. allow vnc_session_t self:fifo_file rw_fifo_file_perms;

  38. 

  39. allow vnc_session_t vnc_session_var_run_t:file manage_file_perms;

  40. files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file)

  41. 

  42. manage_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)

  43. manage_fifo_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)

  44. manage_sock_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)

  45. manage_lnk_files_pattern(vnc_session_t, xdm_home_t, xdm_home_t)

  46. 

  47. kernel_read_kernel_sysctls(vnc_session_t)

  48. 

  49. corecmd_executable_file(vnc_session_exec_t)

  50. 

  51. mcs_process_set_categories(vnc_session_t)

  52. mcs_killall(vnc_session_t)

  53. 

  54. optional_policy(`

  55. 	auth_login_pgm_domain(vnc_session_t)

  56. 	auth_write_login_records(vnc_session_t)

  57. ')

  58. 

  59. optional_policy(`

  60. 	logging_append_all_logs(vnc_session_t)

  61. ')

  62. 

  63. optional_policy(`

  64. 	miscfiles_read_localization(vnc_session_t)

  65. ')

  66. 

  67. optional_policy(`

  68. 	userdom_spec_domtrans_all_users(vnc_session_t)

  69. 	userdom_signal_all_users(vnc_session_t)

  70. 

  71. 	userdom_user_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")

  72. 	userdom_admin_home_dir_filetrans(vnc_session_t, xdm_home_t, dir, ".vnc")

  73. 

  74. 	# This also affects other tools, e.g. vncpasswd

  75. 	gen_require(`

  76. 		attribute userdomain;

  77. 	')

  78. 	userdom_admin_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")

  79. 	userdom_user_home_dir_filetrans(userdomain, xdm_home_t, dir, ".vnc")

  80. ')