psss / rpms / selinux-policy

Forked from rpms/selinux-policy 5 years ago
Clone
Source Code
GIT

Blame sandbox.if

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f7 f8 f9 master master-docker master_contrib private-master-atomic-policy private-master-migrate-to-var-lib-selinux requires tests
  1.   master_contrib
  2.   sandbox.if
Blob History Raw
1ec3d1a
1ec3d1a 
## <summary>policy for sandbox</summary>
1ec3d1a
1ec3d1a 
########################################
1ec3d1a 
## <summary>
1ec3d1a 
##	Execute sandbox in the sandbox domain, and
1ec3d1a 
##	allow the specified role the sandbox domain.
1ec3d1a 
## </summary>
1ec3d1a 
## <param name="domain">
1ec3d1a 
##	<summary>
1ec3d1a 
##	Domain allowed access
1ec3d1a 
##	</summary>
1ec3d1a 
## </param>
1ec3d1a 
## <param name="role">
1ec3d1a 
##	<summary>
1ec3d1a 
##	The role to be allowed the sandbox domain.
1ec3d1a 
##	</summary>
1ec3d1a 
## </param>
1ec3d1a 
#
1ec3d1a 
interface(`sandbox_transition',`
1ec3d1a 
	gen_require(`
1ec3d1a 
		attribute sandbox_domain;
1ec3d1a 
	')
1ec3d1a
1ec3d1a 
	allow $1 sandbox_domain:process transition;
1ec3d1a 
	dontaudit $1 sandbox_domain:process { noatsecure siginh rlimitinh };
1ec3d1a 
	role $2 types sandbox_domain;
1ec3d1a 
	allow sandbox_domain $1:process { sigchld signull };
1ec3d1a 
	allow sandbox_domain $1:fifo_file rw_inherited_fifo_file_perms;
1ec3d1a 
	dontaudit sandbox_domain $1:process signal;
1ec3d1a 
')
1ec3d1a
1ec3d1a 
########################################
1ec3d1a 
## <summary>
1ec3d1a 
##	Creates types and rules for a basic
1ec3d1a 
##	sandbox process domain.
1ec3d1a 
## </summary>
1ec3d1a 
## <param name="prefix">
1ec3d1a 
##	<summary>
1ec3d1a 
##	Prefix for the domain.
1ec3d1a 
##	</summary>
1ec3d1a 
## </param>
1ec3d1a 
#
1ec3d1a 
template(`sandbox_domain_template',`
1ec3d1a
1ec3d1a 
	gen_require(`
1ec3d1a 
		attribute sandbox_domain;
1ec3d1a 
	')
b1a0be0 
	type $1_t, sandbox_domain;
1ec3d1a
1ec3d1a 
	application_type($1_t)
1ec3d1a
1ec3d1a 
	mls_rangetrans_target($1_t)
1f86dac 
	mcs_constrained($1_t)
1ec3d1a 
')
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.