policy_module(seunshare, 1.3.0) ######################################## # # Declarations # type seunshare_t; type seunshare_exec_t; application_domain(seunshare_t, seunshare_exec_t) role system_r types seunshare_t; ######################################## # # seunshare local policy # allow seunshare_t self:capability { dac_override setpcap setuid sys_admin }; allow seunshare_t self:process { setexec signal getcap setcap }; allow seunshare_t self:fifo_file rw_fifo_file_perms; allow seunshare_t self:unix_stream_socket create_stream_socket_perms; corecmd_exec_shell(seunshare_t) corecmd_exec_bin(seunshare_t) files_read_etc_files(seunshare_t) files_mounton_all_poly_members(seunshare_t) auth_use_nsswitch(seunshare_t) logging_send_syslog_msg(seunshare_t) miscfiles_read_localization(seunshare_t) userdom_use_user_terminals(seunshare_t) ifdef(`hide_broken_symptoms', ` fs_dontaudit_rw_anon_inodefs_files(seunshare_t) optional_policy(` mozilla_dontaudit_manage_user_home_files(seunshare_t) ') ')