selinux-refpolicy/udica-templates/net_container.cil
Kenton Groombridge f95131dadf udica-templates: initial commit of udica templates
Signed-off-by: Kenton Groombridge <me@concord.sh>
2022-05-07 09:20:55 -04:00

27 lines
666 B
Plaintext

(block net_container
(blockabstract net_container)
(optional net_container_optional
(typeattributeset container_net_domain (process))
)
)
(block restricted_net_container
(blockabstract restricted_net_container)
(optional restricted_net_container_optional
(allow process self create_tcp_socket_perms)
(allow process self create_udp_socket_perms)
(allow process self create_sctp_socket_perms)
(call .read_lnk_files (process proc_t))
(allow process node_t (node (recvfrom sendto)))
(allow process node_t (udp_socket (node_bind)))
(allow process node_t (tcp_socket (node_bind)))
(allow process http_port_t (tcp_socket (name_connect)))
)
)