## SELinux MLS/MCS label translation service. ######################################## ## ## Execute setrans server in the setrans domain. ## ## ## ## Domain allowed to transition. ## ## # # interface(`setrans_initrc_domtrans',` gen_require(` type setrans_initrc_exec_t; ') init_labeled_script_domtrans($1, setrans_initrc_exec_t) ') ####################################### ## ## Allow a domain to translate contexts. ## ## ## ## Domain allowed access. ## ## # interface(`setrans_translate_context',` gen_require(` type setrans_t, setrans_var_run_t; class context translate; ') allow $1 self:unix_stream_socket create_stream_socket_perms; allow $1 setrans_t:context translate; stream_connect_pattern($1, setrans_var_run_t, setrans_var_run_t, setrans_t) files_list_pids($1) ') ####################################### ## ## Allow a domain to manage pid files ## ## ## ## Domain allowed access. ## ## # interface(`setrans_manage_pid_files',` gen_require(` type setrans_var_run_t; ') files_search_pids($1) manage_files_pattern($1, setrans_var_run_t, setrans_var_run_t) ')