Oreon-Lime-R2/selinux-policy/selinux-policy-bc228bd/selinux-policy-bc228bd0c249a9e4aa3dcf238c2b1bb138943b07/policy/modules/contrib/namespace.if

48 lines
1,009 B
Text

## <summary>policy for namespace</summary>
########################################
## <summary>
## Execute a domain transition to run namespace_init.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`namespace_init_domtrans',`
gen_require(`
type namespace_init_t, namespace_init_exec_t;
')
domtrans_pattern($1, namespace_init_exec_t, namespace_init_t)
')
########################################
## <summary>
## Execute namespace_init in the namespace_init domain, and
## allow the specified role the namespace_init domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed the namespace_init domain.
## </summary>
## </param>
#
interface(`namespace_init_run',`
gen_require(`
type namespace_init_t;
')
namespace_init_domtrans($1)
role $2 types namespace_init_t;
seutil_run_setfiles(namespace_init_t, $2)
')