47 lines
1 KiB
Text
47 lines
1 KiB
Text
policy_module(rolekit, 1.0.0)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type rolekit_t;
|
|
type rolekit_exec_t;
|
|
init_daemon_domain(rolekit_t, rolekit_exec_t)
|
|
|
|
type rolekit_tmp_t;
|
|
files_tmp_file(rolekit_tmp_t)
|
|
|
|
type rolekit_unit_file_t;
|
|
systemd_unit_file(rolekit_unit_file_t)
|
|
|
|
########################################
|
|
#
|
|
# rolekit local policy
|
|
#
|
|
|
|
allow rolekit_t self:fifo_file rw_fifo_file_perms;
|
|
allow rolekit_t self:unix_stream_socket create_stream_socket_perms;
|
|
|
|
manage_files_pattern(rolekit_t, rolekit_tmp_t, rolekit_tmp_t)
|
|
manage_dirs_pattern(rolekit_t, rolekit_tmp_t, rolekit_tmp_t)
|
|
files_tmp_filetrans(rolekit_t, rolekit_tmp_t, { file dir })
|
|
|
|
kernel_read_system_state(rolekit_t)
|
|
|
|
auth_use_nsswitch(rolekit_t)
|
|
|
|
optional_policy(`
|
|
sssd_domtrans(rolekit_t)
|
|
')
|
|
|
|
optional_policy(`
|
|
rpm_transition_script(rolekit_t, system_r)
|
|
')
|
|
|
|
optional_policy(`
|
|
unconfined_domain_noaudit(rolekit_t)
|
|
#should be changed for debugging
|
|
#unconfined_domain(rolekit_t)
|
|
domain_named_filetrans(rolekit_t)
|
|
')
|