Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/policy/modules/roles/guest.if
diff options
context:
space:
mode:
Diffstat (limited to 'policy/modules/roles/guest.if')
-rw-r--r--policy/modules/roles/guest.if50
1 files changed, 50 insertions, 0 deletions
diff --git a/policy/modules/roles/guest.if b/policy/modules/roles/guest.if
new file mode 100644
index 00000000..ad1653f9
--- /dev/null
+++ b/policy/modules/roles/guest.if
@@ -0,0 +1,50 @@
+## <summary>Least privledge terminal user role.</summary>
+
+########################################
+## <summary>
+## Change to the guest role.
+## </summary>
+## <param name="role">
+## <summary>
+## Role allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`guest_role_change',`
+ gen_require(`
+ role guest_r;
+ ')
+
+ allow $1 guest_r;
+')
+
+########################################
+## <summary>
+## Change from the guest role.
+## </summary>
+## <desc>
+## <p>
+## Change from the guest role to
+## the specified role.
+## </p>
+## <p>
+## This is an interface to support third party modules
+## and its use is not allowed in upstream reference
+## policy.
+## </p>
+## </desc>
+## <param name="role">
+## <summary>
+## Role allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`guest_role_change_to',`
+ gen_require(`
+ role guest_r;
+ ')
+
+ allow guest_r $1;
+')