selinux-refpolicy/policy/modules/admin/brctl.te

48 lines
1008 B
Plaintext
Raw Normal View History

policy_module(brctl, 1.8.0)
########################################
#
# Declarations
#
attribute_role brctl_roles;
type brctl_t;
type brctl_exec_t;
init_system_domain(brctl_t, brctl_exec_t)
role brctl_roles types brctl_t;
########################################
#
# Local policy
#
allow brctl_t self:capability net_admin;
allow brctl_t self:fifo_file rw_fifo_file_perms;
allow brctl_t self:unix_stream_socket create_stream_socket_perms;
allow brctl_t self:unix_dgram_socket create_socket_perms;
allow brctl_t self:tcp_socket create_socket_perms;
kernel_request_load_module(brctl_t)
kernel_read_network_state(brctl_t)
kernel_read_sysctl(brctl_t)
corenet_rw_tun_tap_dev(brctl_t)
dev_create_sysfs_files(brctl_t)
dev_rw_sysfs(brctl_t)
dev_write_sysfs_dirs(brctl_t)
domain_use_interactive_fds(brctl_t)
files_read_etc_files(brctl_t)
term_dontaudit_use_console(brctl_t)
miscfiles_read_localization(brctl_t)
optional_policy(`
xen_append_log(brctl_t)
xen_dontaudit_rw_unix_stream_sockets(brctl_t)
')