[selinux-policy: 19/3172] add all types for this module
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:06:37 UTC 2010
commit 3ba13bbf039585bfb2d51cd3efe4f3f4fa850ea9
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Apr 19 20:45:24 2005 +0000
add all types for this module
refpolicy/policy/modules/system/authlogin.te | 46 ++++++++++++++++++++++++++
1 files changed, 46 insertions(+), 0 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te
index 8f9aecb..b673033 100644
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@@ -1,5 +1,51 @@
+########################################
+#
+# Declarations
+#
+type chkpwd_exec_t;
+domain_make_entrypoint_file(system_chkpwd_t,chkpwd_exec_t)
+
+type faillog_t;
+logging_make_log_file(faillog_t)
+
type lastlog_t;
logging_make_log_file(lastlog_t)
+type login_exec_t;
+files_make_file(login_exec_t)
+
+type pam_t;
+domain_make_domain(pam_t)
+
+type pam_tmp_t;
+files_make_file(pam_tmp_t)
+
+type pam_var_console_t;
+files_make_file(pam_var_console_t)
+
+type pam_var_run_t;
+files_make_file(pam_var_run_t)
+
+type shadow_t;
+files_make_file(shadow_t)
+attribute can_read_shadow_passwords;
+attribute can_write_shadow_passwords;
+neverallow ~can_read_shadow_passwords shadow_t:file read;
+neverallow ~can_write_shadow_passwords shadow_t:file write;
+
+type utempter_t;
+domain_make_domain(utempter_t)
+
+type utempter_exec_t;
+domain_make_entrypoint_file(utempter_t,utempter_exec_t)
+
type wtmp_t;
logging_make_log_file(wtmp_t)
+
+########################################
+#
+# Local policy
+#
+authlogin_per_userdomain_template(system)
+#dontaudit system_chkpwd_t { user_tty_type tty_device_t }:chr_file rw_file_perms;
+#dontaudit system_chkpwd_t privfd:fd use;
More information about the scm-commits
mailing list