21 lines
314 B
Plaintext
21 lines
314 B
Plaintext
module my_module 1.0;
|
|
|
|
require {
|
|
bool secure_mode;
|
|
type system_t, sysadm_t, file_t;
|
|
attribute domain;
|
|
role system_r;
|
|
class file {read write};
|
|
|
|
}
|
|
|
|
type new_t, domain;
|
|
role system_r types new_t;
|
|
|
|
allow system_t file_t : file { read write };
|
|
|
|
if (secure_mode)
|
|
{
|
|
allow sysadm_t file_t : file { read write };
|
|
}
|