## Who is logged in on other machines? ######################################## ## ## Execute a domain transition to run rwho. ## ## ## ## Domain allowed to transition. ## ## # interface(`rwho_domtrans',` gen_require(` type rwho_t, rwho_exec_t; ') corecmd_search_bin($1) domtrans_pattern($1, rwho_exec_t, rwho_t) ') ######################################## ## ## Search rwho log directories. ## ## ## ## Domain allowed access. ## ## # interface(`rwho_search_log',` gen_require(` type rwho_log_t; ') logging_search_logs($1) allow $1 rwho_log_t:dir search_dir_perms; ') ######################################## ## ## Read rwho log files. ## ## ## ## Domain allowed access. ## ## # interface(`rwho_read_log_files',` gen_require(` type rwho_log_t; ') logging_search_logs($1) allow $1 rwho_log_t:dir list_dir_perms; allow $1 rwho_log_t:file read_file_perms; ') ######################################## ## ## Search rwho spool directories. ## ## ## ## Domain allowed access. ## ## # interface(`rwho_search_spool',` gen_require(` type rwho_spool_t; ') files_search_spool($1) allow $1 rwho_spool_t:dir search_dir_perms; ') ######################################## ## ## Read rwho spool files. ## ## ## ## Domain allowed access. ## ## # interface(`rwho_read_spool_files',` gen_require(` type rwho_spool_t; ') files_search_spool($1) read_files_pattern($1, rwho_spool_t, rwho_spool_t) ') ######################################## ## ## Create, read, write, and delete ## rwho spool files. ## ## ## ## Domain allowed access. ## ## # interface(`rwho_manage_spool_files',` gen_require(` type rwho_spool_t; ') files_search_spool($1) manage_files_pattern($1, rwho_spool_t, rwho_spool_t) ') ######################################## ## ## All of the rules required to ## administrate an rwho environment. ## ## ## ## Domain allowed access. ## ## ## ## ## Role allowed access. ## ## ## # interface(`rwho_admin',` gen_require(` type rwho_t, rwho_log_t, rwho_spool_t; type rwho_initrc_exec_t; ') allow $1 rwho_t:process signal_perms; ps_process_pattern($1, rwho_t) tunable_policy(`deny_ptrace',`',` allow $1 rwho_t:process ptrace; ') init_labeled_script_domtrans($1, rwho_initrc_exec_t) domain_system_change_exemption($1) role_transition $2 rwho_initrc_exec_t system_r; allow $2 system_r; logging_list_logs($1) admin_pattern($1, rwho_log_t) files_list_spool($1) admin_pattern($1, rwho_spool_t) ')