* [policy] post a message to logged in users
@ 2009-09-05 19:50 Stefan Schulze Frielinghaus
2009-09-06 14:05 ` Stefan Schulze Frielinghaus
0 siblings, 1 reply; 3+ messages in thread
From: Stefan Schulze Frielinghaus @ 2009-09-05 19:50 UTC (permalink / raw)
To: SE-Linux
Hi,
is there an interface available to post a message to every logged in
user, for example generated via /usr/bin/wall?
cheers
Stefan
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [policy] post a message to logged in users
2009-09-05 19:50 [policy] post a message to logged in users Stefan Schulze Frielinghaus
@ 2009-09-06 14:05 ` Stefan Schulze Frielinghaus
2009-09-08 14:09 ` Christopher J. PeBenito
0 siblings, 1 reply; 3+ messages in thread
From: Stefan Schulze Frielinghaus @ 2009-09-06 14:05 UTC (permalink / raw)
To: SE-Linux; +Cc: Christopher J. PeBenito
[-- Attachment #1: Type: text/plain, Size: 512 bytes --]
On Sat, 2009-09-05 at 21:50 +0200, Stefan Schulze Frielinghaus wrote:
> is there an interface available to post a message to every logged in
> user, for example generated via /usr/bin/wall?
OK I'm pretty sure there is no interface for just writing to every
logged in user, the attached patch solves this.
I could use the "term_use_all_terms" interface but this is not really
what I wanted because /usr/bin/wall does not need to read all the
consoles/ptys/ttys. Write access is enough.
Chris, is this patch OK?
[-- Attachment #2: terminal.if.patch --]
[-- Type: text/x-patch, Size: 830 bytes --]
--- kernel/terminal.if 2009-09-06 15:04:36.000000000 +0200
+++ kernel/terminal.if 2009-09-06 15:09:19.000000000 +0200
@@ -178,6 +178,29 @@
########################################
## <summary>
+## Write the console, all
+## ttys and all ptys.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`term_write_all_terms',`
+ gen_require(`
+ attribute ttynode, ptynode;
+ type console_device_t, devpts_t, tty_device_t;
+ ')
+
+ dev_list_all_dev_nodes($1)
+ allow $1 devpts_t:dir list_dir_perms;
+ allow $1 { console_device_t tty_device_t ttynode ptynode }:chr_file write_chr_file_perms;
+')
+
+########################################
+## <summary>
## Write to the console.
## </summary>
## <param name="domain">
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [policy] post a message to logged in users
2009-09-06 14:05 ` Stefan Schulze Frielinghaus
@ 2009-09-08 14:09 ` Christopher J. PeBenito
0 siblings, 0 replies; 3+ messages in thread
From: Christopher J. PeBenito @ 2009-09-08 14:09 UTC (permalink / raw)
To: Stefan Schulze Frielinghaus; +Cc: SE-Linux
On Sun, 2009-09-06 at 16:05 +0200, Stefan Schulze Frielinghaus wrote:
> On Sat, 2009-09-05 at 21:50 +0200, Stefan Schulze Frielinghaus wrote:
> > is there an interface available to post a message to every logged in
> > user, for example generated via /usr/bin/wall?
>
> OK I'm pretty sure there is no interface for just writing to every
> logged in user, the attached patch solves this.
> I could use the "term_use_all_terms" interface but this is not really
> what I wanted because /usr/bin/wall does not need to read all the
> consoles/ptys/ttys. Write access is enough.
>
> Chris, is this patch OK?
Yes. Merged.
>
>
>
>
>
> differences
> between files
> attachment
> (terminal.if.patch)
>
> --- kernel/terminal.if 2009-09-06 15:04:36.000000000 +0200
> +++ kernel/terminal.if 2009-09-06 15:09:19.000000000 +0200
> @@ -178,6 +178,29 @@
>
> ########################################
> ## <summary>
> +## Write the console, all
> +## ttys and all ptys.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed access.
> +## </summary>
> +## </param>
> +## <rolecap/>
> +#
> +interface(`term_write_all_terms',`
> + gen_require(`
> + attribute ttynode, ptynode;
> + type console_device_t, devpts_t, tty_device_t;
> + ')
> +
> + dev_list_all_dev_nodes($1)
> + allow $1 devpts_t:dir list_dir_perms;
> + allow $1 { console_device_t tty_device_t ttynode ptynode }:chr_file write_chr_file_perms;
> +')
> +
> +########################################
> +## <summary>
> ## Write to the console.
> ## </summary>
> ## <param name="domain">
>
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-09-08 14:09 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-09-05 19:50 [policy] post a message to logged in users Stefan Schulze Frielinghaus
2009-09-06 14:05 ` Stefan Schulze Frielinghaus
2009-09-08 14:09 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.