commit: eaef7e0bc37c62511400aaf136f8bb6e4e63241a
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Oct 12 08:38:37 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Sun Oct 12 08:38:37 2014 +0000
URL:
http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=eaef7e0b
Add auth_pid_filetrans_pam_var_run
This interface allows a domain to create resources inside the generic
pid location (/var/run) and have them created with the pam_var_run_t
type.
---
policy/modules/system/authlogin.if | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/policy/modules/system/authlogin.if
b/policy/modules/system/authlogin.if
index 8225390..f20a6a6 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -1805,3 +1805,37 @@ interface(`auth_unconfined',`
typeattribute $1 can_write_shadow_passwords;
typeattribute $1 can_relabelto_shadow_passwords;
')
+
+# Should be in an ifdef distro_gentoo but that is not supported in the global
if file
+
+########################################
+## <summary>
+## Create specified objects in
+## pid directories with the pam var
+## run file type using a
+## file type transition.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <param name="object_class">
+## <summary>
+## Class of the object being created.
+## </summary>
+## </param>
+## <param name="name" optional="true">
+## <summary>
+## The name of the object being created.
+## </summary>
+## </param>
+#
+interface(`auth_pid_filetrans_pam_var_run',`
+ gen_require(`
+ type pam_var_run_t;
+ ')
+
+ files_pid_filetrans($1, pam_var_run_t, $2, $3)
+')
+
