cjeanner/tmp.te

## tmp.te

module tmp 1.0;

require {
	type svirt_tcg_t;
	type container_share_t;
  type container_runtime_t;
  class process sigchld;
	class file { entrypoint execute getattr open read };
	class dir read;
  class lnk_file read;
}

#============= svirt_tcg_t ==============
allow svirt_tcg_t container_runtime_t:process sigchld;
allow svirt_tcg_t container_share_t:file { execute getattr read entrypoint open };
allow svirt_tcg_t container_share_t:lnk_file read;
allow svirt_tcg_t container_share_t:dir read;

	module tmp 1.0;

	require {
	type svirt_tcg_t;
	type container_share_t;
	type container_runtime_t;
	class process sigchld;
	class file { entrypoint execute getattr open read };
	class dir read;
	class lnk_file read;
	}

	#============= svirt_tcg_t ==============
	allow svirt_tcg_t container_runtime_t:process sigchld;
	allow svirt_tcg_t container_share_t:file { execute getattr read entrypoint open };
	allow svirt_tcg_t container_share_t:lnk_file read;
	allow svirt_tcg_t container_share_t:dir read;