43 lines
1.1 KiB
Text
43 lines
1.1 KiB
Text
policy_module(netlabel, 1.3.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type netlabel_mgmt_t;
|
|
type netlabel_mgmt_exec_t;
|
|
init_daemon_domain(netlabel_mgmt_t, netlabel_mgmt_exec_t)
|
|
application_domain(netlabel_mgmt_t, netlabel_mgmt_exec_t)
|
|
role system_r types netlabel_mgmt_t;
|
|
|
|
type netlabel_mgmt_unit_file_t;
|
|
systemd_unit_file(netlabel_mgmt_unit_file_t)
|
|
|
|
########################################
|
|
#
|
|
# NetLabel Management Tools Local policy
|
|
#
|
|
|
|
# modify the network subsystem configuration
|
|
allow netlabel_mgmt_t self:capability net_admin;
|
|
allow netlabel_mgmt_t self:netlink_socket create_socket_perms;
|
|
allow netlabel_mgmt_t self:netlink_generic_socket create_socket_perms;
|
|
|
|
can_exec(netlabel_mgmt_t, netlabel_mgmt_exec_t)
|
|
|
|
kernel_read_network_state(netlabel_mgmt_t)
|
|
kernel_read_system_state(netlabel_mgmt_t)
|
|
|
|
corecmd_exec_bin(netlabel_mgmt_t)
|
|
corecmd_exec_shell(netlabel_mgmt_t)
|
|
|
|
files_read_etc_files(netlabel_mgmt_t)
|
|
|
|
term_use_all_inherited_terms(netlabel_mgmt_t)
|
|
|
|
seutil_use_newrole_fds(netlabel_mgmt_t)
|
|
|
|
auth_read_passwd(netlabel_mgmt_t)
|
|
|
|
userdom_use_inherited_user_terminals(netlabel_mgmt_t)
|