mirror of
https://github.com/containers/udica
synced 2024-05-23 01:36:21 +02:00
confined: make "-l" non optional
The confinedom_user_login_macro is needed for all custom users. Also, allow the new user type to be accessed via remote login. Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
This commit is contained in:
parent
d444e67ead
commit
f411c14698
|
@ -92,7 +92,7 @@ def get_args():
|
|||
"-l",
|
||||
"--user_login",
|
||||
action="store_true",
|
||||
default=False,
|
||||
default=True,
|
||||
dest="user_login",
|
||||
help="Basic rules common to all users (tty, pty, ...)",
|
||||
)
|
||||
|
|
|
@ -2411,7 +2411,7 @@
|
|||
(typetransition utype sudo_exec_t process sudo_type)
|
||||
(allow sudo_type utype (fd (use)))
|
||||
(allow sudo_type utype (fifo_file (ioctl read write getattr lock append)))
|
||||
(allow sudo_type utype (process (sigchld)))
|
||||
(allow sudo_type utype (process (getpgid sigchld)))
|
||||
(allow sudo_type bin_t (dir (getattr open search)))
|
||||
(allow sudo_type bin_t (dir (ioctl read getattr lock open search)))
|
||||
(allow sudo_type bin_t (dir (getattr open search)))
|
||||
|
@ -4006,6 +4006,12 @@
|
|||
)
|
||||
)
|
||||
)
|
||||
; Telnet login
|
||||
(optional confinedom_user_login_optional_3
|
||||
(typeattributeset cil_gen_require remote_login_t)
|
||||
(allow remote_login_t utype (process (signal transition)))
|
||||
(allow utype self (bpf (prog_load)))
|
||||
)
|
||||
)
|
||||
|
||||
(macro confined_ssh_connect_macro ((type utype) (role urole) (type ssh_agent_type))
|
||||
|
|
Loading…
Reference in New Issue