policy_module(livecd, 1.2.0)
########################################
#
# Declarations
#
#attribute_role livecd_roles;
#roleattribute system_r livecd_roles;
type livecd_t;
type livecd_exec_t;
application_domain(livecd_t, livecd_exec_t)
role system_r types livecd_t;
#role livecd_roles types livecd_t;
type livecd_tmp_t;
files_tmp_file(livecd_tmp_t)
########################################
#
# livecd local policy
#
dontaudit livecd_t self:capability2 mac_admin;
domain_ptrace_all_domains(livecd_t)
manage_dirs_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t)
manage_files_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t)
files_tmp_filetrans(livecd_t, livecd_tmp_t, { dir file })
dev_filetrans_all_named_dev(livecd_t)
storage_filetrans_all_named_dev(livecd_t)
term_filetrans_all_named_dev(livecd_t)
sysnet_filetrans_named_content(livecd_t)
#optional_policy(`
# mount_run(livecd_t, livecd_roles)
# seutil_run_setfiles_mac(livecd_t, livecd_roles)
#')
optional_policy(`
ssh_filetrans_admin_home_content(livecd_t)
')
optional_policy(`
unconfined_domain_noaudit(livecd_t)
')
optional_policy(`
# Allow SELinux aware applications to request rpm_script execution
rpm_transition_script(livecd_t)
rpm_domtrans(livecd_t)
')