developerWorks : Linux : Uncovering the secrets of SE Linux: Part 1

Country/region [select]

Home

Products

Services & solutions

Support & downloads

My account

developerWorks > Linux


	Uncovering the secrets of SE Linux: Part 1

The first in-depth look at the SE Linux code

Return to article


type rlogind_t, domain, privlog, auth;
type rlogind_exec_t, file_type, sysadmfile, exec_type;

type rlogind_tmp_t, file_type, sysadmfile, tmpfile;
file_type_auto_trans(rlogind_t, tmp_t, rlogind_tmp_t)

# Inherit and use descriptors from inetd.
allow rlogind_t inetd_t:fd inherit_fd_perms;

# Use sockets inherited from inetd.
allow rlogind_t inetd_t:tcp_socket rw_stream_socket_perms;

# Use capabilities.
allow rlogind_t rlogind_t:capability { net_bind_service setuid setgid fowner fsetid chown dac_override };

# Perform socket ioctl.
allow rlogind_t kernel_t:system net_io_control;

# Use the network.
can_network(rlogind_t)

# Run login in remote_login_t.
domain_auto_trans(rlogind_t, login_exec_t, remote_login_t)

# Send SIGCHLD to inetd on death.
allow rlogind_t inetd_t:process sigchld;

# Create ptys.
can_create_pty(rlogind)

# Modify /var/run/utmp.
allow rlogind_t initrc_var_run_t:file rw_file_perms;

# Modify /var/log/wtmp.
allow rlogind_t wtmp_t:file rw_file_perms;

# Read /etc/auth/shadow.
allow rlogind_t etc_auth_t:dir r_dir_perms;
allow rlogind_t etc_auth_t:file r_file_perms;

developerWorks > Linux

About IBM | Privacy | Terms of use | Contact