policy_module(lsm, 1.3.0) ######################################## # # Declarations # type lsmd_t; type lsmd_exec_t; init_daemon_domain(lsmd_t, lsmd_exec_t) type lsmd_runtime_t alias lsmd_var_run_t; files_runtime_file(lsmd_runtime_t) ######################################## # # Local policy # allow lsmd_t self:capability setgid; allow lsmd_t self:unix_stream_socket create_stream_socket_perms; manage_dirs_pattern(lsmd_t, lsmd_runtime_t, lsmd_runtime_t) manage_files_pattern(lsmd_t, lsmd_runtime_t, lsmd_runtime_t) manage_lnk_files_pattern(lsmd_t, lsmd_runtime_t, lsmd_runtime_t) manage_sock_files_pattern(lsmd_t, lsmd_runtime_t, lsmd_runtime_t) files_runtime_filetrans(lsmd_t, lsmd_runtime_t, { dir file sock_file }) logging_send_syslog_msg(lsmd_t)