#201: Add SELinux profile for login (fixes TTY and GDM on F40) (#237)

* #201: Add SELinux profile for login (fixes TTY and GDM on F40) * #201: Move profile to distri specific folder
mcdope · Jul 26, 2024 · 4e4cfaa · 4e4cfaa
1 parent d092eaa
commit 4e4cfaa
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/selinux/fedora40/login.pp b/selinux/fedora40/login.pp
diff --git a/selinux/fedora40/login.te b/selinux/fedora40/login.te
@@ -0,0 +1,24 @@
+
+module login 1.0;
+
+require {
+	type local_login_t;
+	type user_home_t;
+	type dosfs_t;
+	class file { create getattr open read setattr write };
+	class dir { add_name getattr search write };
+}
+
+#============= local_login_t ==============
+
+#!!!! This avc is allowed in the current policy
+allow local_login_t dosfs_t:dir { add_name getattr search write };
+
+#!!!! This avc is allowed in the current policy
+allow local_login_t dosfs_t:file { create getattr open read setattr write };
+
+#!!!! This avc is allowed in the current policy
+allow local_login_t user_home_t:dir { add_name write };
+
+#!!!! This avc is allowed in the current policy
+allow local_login_t user_home_t:file { create open read write };