source: doc/iodine.te @ d5acb5

Revision d5acb5, 720 bytes checked in by Sebastien Raveau <sebastien.raveau@…>, 3 years ago (diff)

Add support for applying SELinux context
  • Property mode set to 100644
Line 
1# Sample post-initialization SELinux policy for Iodine
2policy_module(iodine, 1.1)
3
4require {
5        type init_t;
6        type initrc_t;
7        type unconfined_t;
8        type unlabeled_t;
9        class udp_socket { read write };
10        class rawip_socket { write read };
11        class association recvfrom;
12        class unix_dgram_socket { create connect };
13}
14
15type iodine_t;
16domain_type(iodine_t)
17domain_dyntrans_type(initrc_t)
18allow initrc_t iodine_t:process dyntransition;
19
20allow iodine_t unconfined_t:udp_socket { read write };
21allow iodine_t unconfined_t:rawip_socket { write read };
22allow iodine_t unlabeled_t:association recvfrom;
23allow iodine_t self:unix_dgram_socket { create connect };
24corenet_raw_receive_generic_node(iodine_t)
25corenet_rw_tun_tap_dev(iodine_t)
Note: See TracBrowser for help on using the repository browser.