Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 928755 Details for
Bug 1122013
pam_systemd causes AVC for ThinLinc
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
Policy file for ThinLinc
thinlinc.te.in (text/plain), 4.68 KB, created by
Pierre Ossman
on 2014-08-20 10:39:04 UTC
(
hide
)
Description:
Policy file for ThinLinc
Filename:
MIME Type:
Creator:
Pierre Ossman
Created:
2014-08-20 10:39:04 UTC
Size:
4.68 KB
patch
obsolete
># Copyright 2002-2014 Cendio AB. ># For more information, see http://www.cendio.com > >policy_module(thinlinc, @VERSION@); > >######################################## ># ># Declarations ># > >type thinlinc_var_run_t; >files_pid_file(thinlinc_var_run_t) > >type thinlinc_agent_exec_t; >corecmd_executable_file(thinlinc_agent_exec_t) >type thinlinc_agent_t; >init_daemon_domain(thinlinc_agent_t, thinlinc_agent_exec_t) > >type thinlinc_master_exec_t; >corecmd_executable_file(thinlinc_master_exec_t) >type thinlinc_master_t; >init_daemon_domain(thinlinc_master_t, thinlinc_master_exec_t) > >type thinlinc_master_var_run_t; >files_pid_file(thinlinc_master_var_run_t) > >type thinlinc_webaccess_exec_t; >corecmd_executable_file(thinlinc_webaccess_exec_t) >type thinlinc_webaccess_t; >init_daemon_domain(thinlinc_webaccess_t, thinlinc_webaccess_exec_t) > >type thinlinc_webaccess_var_run_t; >files_pid_file(thinlinc_webaccess_var_run_t) > >type thinlinc_webadm_exec_t; >corecmd_executable_file(thinlinc_webadm_exec_t) >type thinlinc_webadm_t; >init_daemon_domain(thinlinc_webadm_t, thinlinc_webadm_exec_t) > >type thinlinc_session_exec_t; >corecmd_executable_file(thinlinc_session_exec_t) >type thinlinc_session_t; >domain_type(thinlinc_session_t) >domain_entry_file(thinlinc_session_t, thinlinc_session_exec_t) >auth_login_pgm_domain(thinlinc_session_t) > >type thinlinc_session_root_t; >files_type(thinlinc_session_root_t) > >type thinlinc_user_dir_t; >files_type(thinlinc_user_dir_t) > >type thinlinc_user_t; >files_type(thinlinc_user_t) >ubac_constrained(thinlinc_user_t) > >############################## ># ># agent local policy ># > ># The agent has yet to be properly confined >unconfined_domain(thinlinc_agent_t) > >############################## ># ># master local policy ># > >thinlinc_manage_pids(thinlinc_master_t, thinlinc_master_var_run_t, dir) >manage_sock_files_pattern(thinlinc_master_t, thinlinc_master_var_run_t, thinlinc_master_var_run_t) > ># The master has yet to be properly confined >unconfined_domain(thinlinc_master_t) > >############################## ># ># tlwebaccess local policy ># > >thinlinc_manage_pids(thinlinc_webaccess_t, thinlinc_webaccess_var_run_t, dir) >manage_sock_files_pattern(thinlinc_webaccess_t, thinlinc_webaccess_var_run_t, thinlinc_webaccess_var_run_t) > ># tlwebaccess has yet to be properly confined >unconfined_domain(thinlinc_webaccess_t) > >############################## ># ># tlwebadm local policy ># > ># tlwebadm has yet to be properly confined >unconfined_domain(thinlinc_webadm_t) > >############################## ># ># tl-session local policy ># > >domtrans_pattern(thinlinc_agent_t, thinlinc_session_exec_t, thinlinc_session_t) > >auth_write_login_records(thinlinc_session_t) > >userdom_spec_domtrans_all_users(thinlinc_session_t) >userdom_signal_all_users(thinlinc_session_t) > >allow thinlinc_session_t self:capability { kill chown dac_override fowner setgid setuid }; >allow thinlinc_session_t self:process { getcap setsched setexec }; >allow thinlinc_session_t self:fifo_file rw_fifo_file_perms; > >miscfiles_read_localization(thinlinc_session_t) > >kernel_read_kernel_sysctls(thinlinc_session_t) > >logging_append_all_logs(thinlinc_session_t) > >filetrans_pattern(thinlinc_session_t, thinlinc_session_root_t, thinlinc_user_dir_t, dir) >manage_dirs_pattern(thinlinc_session_t, thinlinc_session_root_t, thinlinc_user_dir_t) > >filetrans_pattern(thinlinc_session_t, thinlinc_user_dir_t, thinlinc_user_t, dir) >manage_dirs_pattern(thinlinc_session_t, thinlinc_user_dir_t, thinlinc_user_t) > >manage_lnk_files_pattern(thinlinc_session_t, thinlinc_user_dir_t, thinlinc_user_dir_t) > >mcs_process_set_categories(thinlinc_session_t) >mcs_killall(thinlinc_session_t) > ># FIXME: Debug >#permissive thinlinc_session_t; > >############################## ># ># Allow access to our Xauthority file ># > >require { > type xauth_t; > type xauth_home_t; >} > >allow xauth_t thinlinc_session_root_t:dir search_dir_perms; >allow xauth_t thinlinc_user_dir_t:dir search_dir_perms; > >filetrans_pattern(xauth_t, thinlinc_user_t, xauth_home_t, file) >manage_files_pattern(xauth_t, thinlinc_user_t, xauth_home_t) > ># Newer systems use the file name based approach instead to ># reduce the number of domain contexts. Only try to do this if ># it looks like one of those systems though. >ifdef(`xserver_filetrans_home_content',` > filetrans_pattern(userdomain, thinlinc_user_t, xauth_home_t, file, "Xauthority") > filetrans_pattern(userdomain, thinlinc_user_t, xauth_home_t, file, "Xauthority-l") > filetrans_pattern(userdomain, thinlinc_user_t, xauth_home_t, file, "Xauthority-c") > filetrans_pattern(userdomain, thinlinc_user_t, xauth_home_t, file, "Xauthority-n") > manage_files_pattern(userdomain, thinlinc_user_t, xauth_home_t) >') > >############################## ># ># File contexts that we use in thinlinc.fc ># > >require { > type httpd_log_t; > type httpd_sys_content_t; > type httpd_sys_script_exec_t; >}
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 1122013
: 928755