next up previous contents
Next: Assertions Up: Domains Previous: User Program Domains   Contents


User Login Domains

The domains/user subdirectory contains a separate file for each domain used for an ordinary user login. The domains/admin subdirectory contains a separate file for each domain used for an administrator login. Currently, there is a single domain for ordinary users and a single domain for administrators.

The user_t domain is the initial login domain for unprivileged users. The local_login_t, remote_login_t, and rshd_t domains can transition to this domain. This domain is defined using the user_domain macro in user.te. The shell_exec_t type is the type of the entry point executable for this domain. The user_home_t type is the type for home directories of ordinary users. The user_tmp_t type is the type of temporary files created by this domain. The user_tty_device_t type is the type of tty devices owned by this domain. The user_devpts_t type is the type of pty devices owned by this domain. This domain can use the network. It can execute a variety of system programs. It can read, write or execute files in its home directory type. It can transition to several of the user program domains when it executes the corresponding program.

The sysadm_t domain is the initial login domain for system administrators. The init_t and local_login_t domains can transition to this domain. This domain is defined using the admin_domain macro in sysadm.te. The shell_exec_t type is the type of the entry point executable for this domain. The sysadm_home_t type is the type for home directories of administrators. The sysadm_tmp_t type is the type of temporary files created by this domain. The sysadm_tty_device_t type is the type of tty devices owned by this domain. The sysadm_devpts_t type is the type of pty devices owned by this domain. This domain is allowed to perform administrative tasks such as running module utilities, mounting and unmounting file systems, configuring network interfaces, and running telinit. It can read and write all file types with the sysadmfile attribute. It can examine procfs for all processes and send signals to all processes. It can load new policy configurations and it can relabel files.

The file contexts configuration uses user_home_t as the type for /home and sysadm_home_t as the type for /root. This configuration must be customized to properly type the home directories for administrators and ordinary users of the site. Currently, all domains are granted read access to these types. Many domains require read access in order to read user dotfiles. The mail program domains are granted permission to write the corresponding user home directory type to create the dead.letter file. The su program domains are granted permission to update the .Xauthority file. Each user domain is granted permissions to read, write, and execute its own home directory type. The administrator domain is also granted permissions to read and write the ordinary user home directory type, but not to execute it.

Although a user may be authorized as an administrator, the user should still login in the user_t domain unless he is performing administrative tasks. Otherwise, the user may unintentionally abuse his privileges. Currently, the ability of an administrator to login in the user_t domain is complicated by the fact that the administrator's home directory has a separate type that is not writeable by the user_t domain. This problem will be solved either by adding support for multiple home directories for a user or by adding support for polyinstantiated directories.


next up previous contents
Next: Assertions Up: Domains Previous: User Program Domains   Contents