f95131dadf
Signed-off-by: Kenton Groombridge <me@concord.sh>
27 lines
666 B
Plaintext
27 lines
666 B
Plaintext
(block net_container
|
|
(blockabstract net_container)
|
|
|
|
(optional net_container_optional
|
|
(typeattributeset container_net_domain (process))
|
|
)
|
|
)
|
|
|
|
(block restricted_net_container
|
|
(blockabstract restricted_net_container)
|
|
|
|
(optional restricted_net_container_optional
|
|
(allow process self create_tcp_socket_perms)
|
|
(allow process self create_udp_socket_perms)
|
|
(allow process self create_sctp_socket_perms)
|
|
|
|
(call .read_lnk_files (process proc_t))
|
|
|
|
(allow process node_t (node (recvfrom sendto)))
|
|
|
|
(allow process node_t (udp_socket (node_bind)))
|
|
(allow process node_t (tcp_socket (node_bind)))
|
|
|
|
(allow process http_port_t (tcp_socket (name_connect)))
|
|
)
|
|
)
|