policy_module(namespace,1.0.0) ######################################## # # Declarations # type namespace_init_t; type namespace_init_exec_t; init_system_domain(namespace_init_t, namespace_init_exec_t) role system_r types namespace_init_t; ######################################## # # namespace_init local policy # allow namespace_init_t self:capability { dac_read_search dac_override sys_ptrace }; allow namespace_init_t self:fifo_file manage_fifo_file_perms; allow namespace_init_t self:unix_stream_socket create_stream_socket_perms; kernel_read_system_state(namespace_init_t) corecmd_exec_shell(namespace_init_t) domain_use_interactive_fds(namespace_init_t) domain_obj_id_change_exemption(namespace_init_t) files_polyinstantiate_all(namespace_init_t) fs_getattr_xattr_fs(namespace_init_t) auth_use_nsswitch(namespace_init_t) term_use_console(namespace_init_t) userdom_manage_user_home_content(namespace_init_t) userdom_relabelto_user_home_dirs(namespace_init_t) userdom_relabelto_user_home_files(namespace_init_t) userdom_filetrans_home_content(namespace_init_t)