TheArchive/iodine
1
0
Fork 0
mirror of https://github.com/yarrick/iodine.git synced 2025-08-14 23:07:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add support for applying SELinux context

Browse Source
This commit is contained in:
Sebastien Raveau
2009-06-24 17:28:13 +00:00
committed by Erik Ekman
parent 17105a26db
commit d5acb508bc
8 changed files with 80 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
doc/iodine.te Normal file
View File

@@ -0,0 +1,25 @@
# Sample post-initialization SELinux policy for Iodine
policy_module(iodine, 1.1)
require {
type init_t;
type initrc_t;
type unconfined_t;
type unlabeled_t;
class udp_socket { read write };
class rawip_socket { write read };
class association recvfrom;
class unix_dgram_socket { create connect };
}
type iodine_t;
domain_type(iodine_t)
domain_dyntrans_type(initrc_t)
allow initrc_t iodine_t:process dyntransition;
allow iodine_t unconfined_t:udp_socket { read write };
allow iodine_t unconfined_t:rawip_socket { write read };
allow iodine_t unlabeled_t:association recvfrom;
allow iodine_t self:unix_dgram_socket { create connect };
corenet_raw_receive_generic_node(iodine_t)
corenet_rw_tun_tap_dev(iodine_t)