On Sun, 2009-09-06 at 16:05 +0200, Stefan Schulze Frielinghaus wrote:
> On Sat, 2009-09-05 at 21:50 +0200, Stefan Schulze Frielinghaus wrote:
> > is there an interface available to post a message to every logged in
> > user, for example generated via /usr/bin/wall?
>
> OK I'm pretty sure there is no interface for just writing to every
> logged in user, the attached patch solves this.
> I could use the "term_use_all_terms" interface but this is not really
> what I wanted because /usr/bin/wall does not need to read all the
> consoles/ptys/ttys. Write access is enough.
>
> Chris, is this patch OK?
Yes. Merged.
>
>
>
>
>
> differences
> between files
> attachment
> (terminal.if.patch)
>
> --- kernel/terminal.if 2009-09-06 15:04:36.000000000 +0200
> +++ kernel/terminal.if 2009-09-06 15:09:19.000000000 +0200
> @@ -178,6 +178,29 @@
>
> ########################################
> ## <summary>
> +## Write the console, all
> +## ttys and all ptys.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <rolecap/>
> +#
> +interface(`term_write_all_terms',`
> + gen_require(`
> + attribute ttynode, ptynode;
> + type console_device_t, devpts_t, tty_device_t;
> + ')
> +
> + dev_list_all_dev_nodes($1)
> + allow $1 devpts_t:dir list_dir_perms;
> + allow $1 { console_device_t tty_device_t ttynode ptynode }:chr_file write_chr_file_perms;
> +')
> +
> +########################################
> +## <summary>
> ## Write to the console.
> ## </summary>
> ## <param name="domain">
>
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
