selinux-refpolicy/policy/modules/apps/seunshare.te

45 lines
1011 B
Plaintext

policy_module(seunshare, 1.1.1)
########################################
#
# Declarations
#
type seunshare_t;
type seunshare_exec_t;
application_domain(seunshare_t, seunshare_exec_t)
role system_r types seunshare_t;
########################################
#
# seunshare local policy
#
allow seunshare_t self:capability { dac_override setpcap setuid sys_admin };
allow seunshare_t self:process { setexec signal getcap setcap };
allow seunshare_t self:fifo_file rw_file_perms;
allow seunshare_t self:unix_stream_socket create_stream_socket_perms;
corecmd_exec_shell(seunshare_t)
corecmd_exec_bin(seunshare_t)
files_read_etc_files(seunshare_t)
files_mounton_all_poly_members(seunshare_t)
auth_use_nsswitch(seunshare_t)
logging_send_syslog_msg(seunshare_t)
miscfiles_read_localization(seunshare_t)
userdom_use_user_terminals(seunshare_t)
ifdef(`hide_broken_symptoms', `
fs_dontaudit_rw_anon_inodefs_files(seunshare_t)
optional_policy(`
mozilla_dontaudit_manage_user_home_files(seunshare_t)
')
')