Created
August 26, 2018 10:07
-
-
Save qubitrenegade/0ae199d6369637ba9eb0116ac551ab98 to your computer and use it in GitHub Desktop.
Habitat Type Enforcement for SELinux on Fedora 28 - THIS IS UNVERIFIED!!! DON'T USE THIS!
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| module my-hab 1.0; | |
| require { | |
| type init_t; | |
| type tmp_t; | |
| type default_t; | |
| type http_port_t; | |
| class sock_file { create write }; | |
| class process setpgid; | |
| class file { create execute execute_no_trans map open read rename setattr unlink write }; | |
| class lnk_file read; | |
| class dir { create rename reparent rmdir setattr }; | |
| class tcp_socket name_connect; | |
| } | |
| #============= init_t ============== | |
| #!!!! This avc is allowed in the current policy | |
| allow init_t default_t:dir { create rename reparent rmdir setattr }; | |
| #!!!! This avc is allowed in the current policy | |
| allow init_t default_t:file { create execute execute_no_trans map open read rename setattr unlink write }; | |
| #!!!! This avc is allowed in the current policy | |
| allow init_t default_t:lnk_file read; | |
| #!!!! This avc is allowed in the current policy | |
| allow init_t http_port_t:tcp_socket name_connect; | |
| allow init_t self:process setpgid; | |
| #!!!! This avc is allowed in the current policy | |
| allow init_t tmp_t:sock_file { create write }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment