policy_module(publicfile, 1.2.0) ######################################## # # Declarations # type publicfile_t; type publicfile_exec_t; init_daemon_domain(publicfile_t, publicfile_exec_t) type publicfile_content_t; files_type(publicfile_content_t) ######################################## # # Local policy # allow publicfile_t self:capability { dac_read_search setgid setuid sys_chroot }; allow publicfile_t publicfile_content_t:dir list_dir_perms; allow publicfile_t publicfile_content_t:file read_file_perms; allow publicfile_t publicfile_content_t:lnk_file read_lnk_file_perms; files_search_var(publicfile_t) optional_policy(` daemontools_ipc_domain(publicfile_t) ') optional_policy(` ucspitcp_service_domain(publicfile_t, publicfile_exec_t) ')