policy_module(livecd, 1.3.0) ######################################## # # Declarations # attribute_role livecd_roles; roleattribute system_r livecd_roles; type livecd_t; type livecd_exec_t; application_domain(livecd_t, livecd_exec_t) role livecd_roles types livecd_t; type livecd_tmp_t; files_tmp_file(livecd_tmp_t) ######################################## # # Local policy # allow livecd_t self:capability2 mac_admin; tunable_policy(`deny_ptrace',`',` domain_ptrace_all_domains(livecd_t) ') manage_dirs_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t) manage_files_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t) files_tmp_filetrans(livecd_t, livecd_tmp_t, { dir file }) sysnet_manage_config(livecd_t) sysnet_etc_filetrans_config(livecd_t) optional_policy(` mount_run(livecd_t, livecd_roles) ') optional_policy(` seutil_run_setfiles_mac(livecd_t, livecd_roles) ') optional_policy(` unconfined_domain_noaudit(livecd_t) ')