mirrors
/
tigervnc
mirror of https://github.com/TigerVNC/tigervnc.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 37 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4688 Commits
15 Branches
Tree: cbed625888
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cbed625888'
${ noResults }
tigervnc/unix/vncserver/selinux/vncsession.te

vncsession.te 2.7KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. #

  2. #  Copyright 2018-2020 Pierre Ossman for Cendio AB

  3. #

  4. #  This is free software; you can redistribute it and/or modify

  5. #  it under the terms of the GNU General Public License as published by

  6. #  the Free Software Foundation; either version 2 of the License, or

  7. #  (at your option) any later version.

  8. #

  9. #  This software is distributed in the hope that it will be useful,

  10. #  but WITHOUT ANY WARRANTY; without even the implied warranty of

  11. #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  12. #  GNU General Public License for more details.

  13. #

  14. #  You should have received a copy of the GNU General Public License

  15. #  along with this software; if not, write to the Free Software

  16. #  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307,

  17. #  USA.

  18. #

  19. 

  20. policy_module(vncsession, 1.0.0)

  21. 

  22. type vnc_session_t;

  23. type vnc_session_exec_t;

  24. init_daemon_domain(vnc_session_t, vnc_session_exec_t)

  25. can_exec(vnc_session_t, vnc_session_exec_t)

  26. 

  27. type vnc_session_var_run_t;

  28. files_pid_file(vnc_session_var_run_t)

  29. 

  30. type vnc_home_t;

  31. userdom_user_home_content(vnc_home_t)

  32. 

  33. allow vnc_session_t self:capability { chown dac_override dac_read_search fowner kill setgid setuid sys_resource };

  34. allow vnc_session_t self:process { getcap setexec setrlimit setsched };

  35. allow vnc_session_t self:fifo_file rw_fifo_file_perms;

  36. 

  37. allow vnc_session_t vnc_session_var_run_t:file manage_file_perms;

  38. files_pid_filetrans(vnc_session_t, vnc_session_var_run_t, file)

  39. 

  40. create_dirs_pattern(vnc_session_t, vnc_home_t, vnc_home_t)

  41. manage_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t)

  42. manage_fifo_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t)

  43. manage_sock_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t)

  44. manage_lnk_files_pattern(vnc_session_t, vnc_home_t, vnc_home_t)

  45. 

  46. kernel_read_kernel_sysctls(vnc_session_t)

  47. 

  48. corecmd_executable_file(vnc_session_exec_t)

  49. 

  50. mcs_process_set_categories(vnc_session_t)

  51. mcs_killall(vnc_session_t)

  52. 

  53. tunable_policy(`use_nfs_home_dirs',`

  54. 	fs_manage_nfs_dirs(vnc_session_t)

  55. 	fs_manage_nfs_files(vnc_session_t)

  56. ')

  57. 

  58. optional_policy(`

  59. 	auth_login_pgm_domain(vnc_session_t)

  60. 	auth_write_login_records(vnc_session_t)

  61. ')

  62. 

  63. optional_policy(`

  64. 	logging_append_all_logs(vnc_session_t)

  65. ')

  66. 

  67. optional_policy(`

  68. 	miscfiles_read_localization(vnc_session_t)

  69. ')

  70. 

  71. optional_policy(`

  72. 	userdom_spec_domtrans_all_users(vnc_session_t)

  73. 	userdom_signal_all_users(vnc_session_t)

  74. 

  75. 	userdom_user_home_dir_filetrans(vnc_session_t, vnc_home_t, dir, ".vnc")

  76. 	userdom_admin_home_dir_filetrans(vnc_session_t, vnc_home_t, dir, ".vnc")

  77. 

  78. 	# This also affects other tools, e.g. vncpasswd

  79. 	gen_require(`

  80. 		attribute userdomain;

  81. 	')

  82. 	userdom_admin_home_dir_filetrans(userdomain, vnc_home_t, dir, ".vnc")

  83. 	userdom_user_home_dir_filetrans(userdomain, vnc_home_t, dir, ".vnc")

  84. ')