mirror of
https://github.com/yarrick/iodine.git
synced 2024-11-21 15:05:15 +00:00
26 lines
720 B
Plaintext
26 lines
720 B
Plaintext
|
# Sample post-initialization SELinux policy for Iodine
|
||
|
policy_module(iodine, 1.1)
|
||
|
|
||
|
require {
|
||
|
type init_t;
|
||
|
type initrc_t;
|
||
|
type unconfined_t;
|
||
|
type unlabeled_t;
|
||
|
class udp_socket { read write };
|
||
|
class rawip_socket { write read };
|
||
|
class association recvfrom;
|
||
|
class unix_dgram_socket { create connect };
|
||
|
}
|
||
|
|
||
|
type iodine_t;
|
||
|
domain_type(iodine_t)
|
||
|
domain_dyntrans_type(initrc_t)
|
||
|
allow initrc_t iodine_t:process dyntransition;
|
||
|
|
||
|
allow iodine_t unconfined_t:udp_socket { read write };
|
||
|
allow iodine_t unconfined_t:rawip_socket { write read };
|
||
|
allow iodine_t unlabeled_t:association recvfrom;
|
||
|
allow iodine_t self:unix_dgram_socket { create connect };
|
||
|
corenet_raw_receive_generic_node(iodine_t)
|
||
|
corenet_rw_tun_tap_dev(iodine_t)
|