Oreon-Lime-R2/selinux-policy/selinux-policy-d9f4a2b/selinux-policy-d9f4a2bbeb91fd95d0c35a90936efb9ea99d2455/policy/modules/contrib/namespace.te

42 lines
1.1 KiB
Text
Raw Normal View History

policy_module(namespace,1.0.0)
########################################
#
# Declarations
#
type namespace_init_t;
type namespace_init_exec_t;
init_system_domain(namespace_init_t, namespace_init_exec_t)
role system_r types namespace_init_t;
########################################
#
# namespace_init local policy
#
allow namespace_init_t self:capability { dac_read_search dac_override sys_ptrace };
allow namespace_init_t self:fifo_file manage_fifo_file_perms;
allow namespace_init_t self:unix_stream_socket create_stream_socket_perms;
kernel_read_system_state(namespace_init_t)
corecmd_exec_shell(namespace_init_t)
domain_use_interactive_fds(namespace_init_t)
domain_obj_id_change_exemption(namespace_init_t)
files_polyinstantiate_all(namespace_init_t)
fs_getattr_xattr_fs(namespace_init_t)
auth_use_nsswitch(namespace_init_t)
term_use_console(namespace_init_t)
userdom_manage_user_home_content(namespace_init_t)
userdom_relabelto_user_home_dirs(namespace_init_t)
userdom_relabelto_user_home_files(namespace_init_t)
userdom_filetrans_home_content(namespace_init_t)