Does something equivalent to the below interface exist for the strict
policy? I'm using RHEL5.1 and didn't see anything. If not, it would be a
nice addition. I added this to userdomain.if
################################################
## <summary>
## Allow the ps command visibility to processes in
## the specified domain when used by an
## unprivileged user
## </summary>
## <desc>
## <param name="domain_allowed_access">
## Domain for which the ps command will have access
## </param
##
interface(`allow_unpriv_ps_access',`
gen_require(`
type $1;
attribute unpriv_userdomain;
')
## need this to allow ps to see the process files in the /proc dir
allow unpriv_userdomain $1:dir search_dir_perms;
allow unpriv_userdomain $1:file read_file_perms;
allow unpriv_userdomain $1:lnk_file read_lnk_file_perms;
allow unpriv_userdomain $1:process getattr;
')
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
