[policy] post a message to logged in users

[policy] post a message to logged in users

[Stefan Schulze Frielinghaus]

Hi,

is there an interface available to post a message to every logged in
user, for example generated via /usr/bin/wall?

cheers
Stefan


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [policy] post a message to logged in users

[Stefan Schulze Frielinghaus]

[-- Attachment #1: Type: text/plain, Size: 512 bytes --]

On Sat, 2009-09-05 at 21:50 +0200, Stefan Schulze Frielinghaus wrote:
> is there an interface available to post a message to every logged in
> user, for example generated via /usr/bin/wall?

OK I'm pretty sure there is no interface for just writing to every
logged in user, the attached patch solves this.
I could use the "term_use_all_terms" interface but this is not really
what I wanted because /usr/bin/wall does not need to read all the
consoles/ptys/ttys. Write access is enough.

Chris, is this patch OK?

[-- Attachment #2: terminal.if.patch --]
[-- Type: text/x-patch, Size: 830 bytes --]

--- kernel/terminal.if	2009-09-06 15:04:36.000000000 +0200
+++ kernel/terminal.if	2009-09-06 15:09:19.000000000 +0200
@@ -178,6 +178,29 @@
 
 ########################################
 ## <summary>
+##      Write the console, all
+##      ttys and all ptys.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+## <rolecap/>
+#
+interface(`term_write_all_terms',`
+	gen_require(`
+		attribute ttynode, ptynode;
+		type console_device_t, devpts_t, tty_device_t;
+	')
+
+	dev_list_all_dev_nodes($1)
+	allow $1 devpts_t:dir list_dir_perms;
+	allow $1 { console_device_t tty_device_t ttynode ptynode }:chr_file write_chr_file_perms;
+')
+
+########################################
+## <summary>
 ##	Write to the console.
 ## </summary>
 ## <param name="domain">

Re: [policy] post a message to logged in users

[Christopher J. PeBenito]

On Sun, 2009-09-06 at 16:05 +0200, Stefan Schulze Frielinghaus wrote:
> On Sat, 2009-09-05 at 21:50 +0200, Stefan Schulze Frielinghaus wrote:
> > is there an interface available to post a message to every logged in
> > user, for example generated via /usr/bin/wall?
> 
> OK I'm pretty sure there is no interface for just writing to every
> logged in user, the attached patch solves this.
> I could use the "term_use_all_terms" interface but this is not really
> what I wanted because /usr/bin/wall does not need to read all the
> consoles/ptys/ttys. Write access is enough.
> 
> Chris, is this patch OK?

Yes.  Merged.

> 
> 
> 
> 
> 
> differences
> between files
> attachment
> (terminal.if.patch)
> 
> --- kernel/terminal.if  2009-09-06 15:04:36.000000000 +0200
> +++ kernel/terminal.if  2009-09-06 15:09:19.000000000 +0200
> @@ -178,6 +178,29 @@
>  
>  ########################################
>  ## <summary>
> +##      Write the console, all
> +##      ttys and all ptys.
> +## </summary>
> +## <param name="domain">
> +##      <summary>
> +##      Domain allowed access.
> +##      </summary>
> +## </param>
> +## <rolecap/>
> +#
> +interface(`term_write_all_terms',`
> +       gen_require(`
> +               attribute ttynode, ptynode;
> +               type console_device_t, devpts_t, tty_device_t;
> +       ')
> +
> +       dev_list_all_dev_nodes($1)
> +       allow $1 devpts_t:dir list_dir_perms;
> +       allow $1 { console_device_t tty_device_t ttynode ptynode }:chr_file write_chr_file_perms;
> +')
> +
> +########################################
> +## <summary>
>  ##     Write to the console.
>  ## </summary>
>  ## <param name="domain">
> 
-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.