|
|
1ec3d1a |
policy_module(namespace,1.0.0)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
# Declarations
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
type namespace_init_t;
|
|
|
1ec3d1a |
type namespace_init_exec_t;
|
|
|
1ec3d1a |
init_system_domain(namespace_init_t, namespace_init_exec_t)
|
|
|
1ec3d1a |
role system_r types namespace_init_t;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
########################################
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
# namespace_init local policy
|
|
|
1ec3d1a |
#
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow namespace_init_t self:capability dac_override;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
allow namespace_init_t self:fifo_file manage_fifo_file_perms;
|
|
|
1ec3d1a |
allow namespace_init_t self:unix_stream_socket create_stream_socket_perms;
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
kernel_read_system_state(namespace_init_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
corecmd_exec_shell(namespace_init_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
domain_use_interactive_fds(namespace_init_t)
|
|
|
1ec3d1a |
domain_obj_id_change_exemption(namespace_init_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
files_polyinstantiate_all(namespace_init_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
auth_use_nsswitch(namespace_init_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
term_use_console(namespace_init_t)
|
|
|
1ec3d1a |
|
|
|
1ec3d1a |
userdom_manage_user_home_content_dirs(namespace_init_t)
|
|
|
1ec3d1a |
userdom_manage_user_home_content_files(namespace_init_t)
|
|
|
1ec3d1a |
userdom_relabelto_user_home_dirs(namespace_init_t)
|
|
|
1ec3d1a |
userdom_relabelto_user_home_files(namespace_init_t)
|
|
|
1ec3d1a |
userdom_user_home_dir_filetrans_user_home_content(namespace_init_t, { dir file lnk_file fifo_file sock_file })
|