Policy for local logins.
true
Allow accountutils fallback to be able to directly access /etc/shadow. This will cause older pam_unix to fail the login as they are checking if an caller's domain is confined by checking the access to /etc/shadow. See also: https://github.com/linux-pam/linux-pam/blob/d74c4294d32cffcf5dbc7a4491142877471b98a0/modules/pam_unix/passverify.c#L557
false
Allow login console run podman
Execute local logins in the local login domain.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed to transition. |
Execute local logins in the local login domain.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed to transition. |
Do not audit attempts to inherit local login file descriptors.
| Parameter: | Description: |
|---|---|
| domain |
Domain to not audit. |
create local login content in the in the /root directory with an correct label.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Transition to local login named content
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Allow domain to gettatr local login home content
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Allow link to the local_login key ring.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Search for key.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Send a null signal to local login processes.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |
Allow processes to inherit local login file descriptors.
| Parameter: | Description: |
|---|---|
| domain |
Domain allowed access. |