policy_module(publicfile, 1.1.0) ######################################## # # Declarations # type publicfile_t; type publicfile_exec_t; init_daemon_domain(publicfile_t, publicfile_exec_t) type publicfile_content_t; files_type(publicfile_content_t) ######################################## # # Local policy # allow publicfile_t self:capability { dac_override setgid setuid sys_chroot }; allow publicfile_t publicfile_content_t:dir list_dir_perms; allow publicfile_t publicfile_content_t:file read_file_perms; files_search_var(publicfile_t) libs_use_ld_so(publicfile_t) libs_use_shared_libs(publicfile_t) optional_policy(` daemontools_ipc_domain(publicfile_t) ') optional_policy(` ucspitcp_service_domain(publicfile_t, publicfile_exec_t) ') #allow publicfile_t initrc_t:tcp_socket { read write };