29 lines
614 B
Text
29 lines
614 B
Text
|
policy_module(kafs, 1.0)
|
||
|
|
||
|
type kafs_exec_t;
|
||
|
files_type(kafs_exec_t)
|
||
|
|
||
|
type kafs_t;
|
||
|
domain_type(kafs_t)
|
||
|
application_domain(kafs_t, kafs_exec_t)
|
||
|
role system_r types kafs_t;
|
||
|
|
||
|
allow kafs_t self:netlink_route_socket create_netlink_socket_perms;
|
||
|
allow kafs_t self:udp_socket create_socket_perms;
|
||
|
allow kafs_t self:unix_dgram_socket create_socket_perms;
|
||
|
|
||
|
kernel_read_key(kafs_t)
|
||
|
kernel_view_key(kafs_t)
|
||
|
kernel_setattr_key(kafs_t)
|
||
|
|
||
|
sysnet_read_config(kafs_t)
|
||
|
|
||
|
optional_policy(`
|
||
|
logging_send_syslog_msg(kafs_t)
|
||
|
')
|
||
|
|
||
|
optional_policy(`
|
||
|
# /etc/request-key.d/kafs_dns.conf
|
||
|
keyutils_request_domtrans_to(kafs_t, kafs_exec_t)
|
||
|
')
|