## Policy for getty.
########################################
##
## Execute gettys in the getty domain.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`getty_domtrans',`
gen_require(`
type getty_t, getty_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, getty_exec_t, getty_t)
')
########################################
##
## Inherit and use getty file descriptors.
##
##
##
## Domain allowed access.
##
##
#
interface(`getty_use_fds',`
gen_require(`
type getty_t;
')
allow $1 getty_t:fd use;
')
########################################
##
## Allow process to read getty log file.
##
##
##
## Domain allowed access.
##
##
##
#
interface(`getty_read_log',`
gen_require(`
type getty_log_t;
')
logging_search_logs($1)
allow $1 getty_log_t:file read_file_perms;
')
########################################
##
## Allow process to read getty config file.
##
##
##
## Domain allowed access.
##
##
##
#
interface(`getty_read_config',`
gen_require(`
type getty_etc_t;
')
files_search_etc($1)
allow $1 getty_etc_t:file read_file_perms;
')
########################################
##
## Allow process to edit getty config file.
##
##
##
## Domain allowed access.
##
##
##
#
interface(`getty_rw_config',`
gen_require(`
type getty_etc_t;
')
files_search_etc($1)
allow $1 getty_etc_t:file rw_file_perms;
')
########################################
##
## Execute getty server in the getty domain.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`getty_systemctl',`
gen_require(`
type getty_unit_file_t;
type getty_t;
')
systemd_exec_systemctl($1)
allow $1 getty_unit_file_t:file read_file_perms;
allow $1 getty_unit_file_t:service manage_service_perms;
ps_process_pattern($1, getty_t)
')
########################################
##
## Start getty unit files domain.
##
##
##
## Domain allowed to transition.
##
##
#
interface(`getty_start_services',`
gen_require(`
type getty_unit_file_t;
')
systemd_exec_systemctl($1)
allow $1 getty_unit_file_t:service start;
')