Created
August 29, 2017 21:42
-
-
Save rkujawa/3566705043b803d40ca9b5731071910f to your computer and use it in GitHub Desktop.
fooapp - SELinux policy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
policy_module(fooapp, 1.0.19) | |
require { | |
type unconfined_t; | |
role unconfined_r; | |
class process { transition siginh noatsecure rlimitinh }; | |
} | |
attribute_role fooapp_roles; | |
roleattribute system_r fooapp_roles; | |
type fooapp_t; | |
type fooapp_exec_t; | |
application_domain(fooapp_t, fooapp_exec_t) | |
role fooapp_roles types fooapp_t; | |
# for the purpose of demonstation, allow transitioning from unconfined user shell directly into fooapp_t | |
role unconfined_r types fooapp_t; | |
type_transition unconfined_t fooapp_exec_t:process fooapp_t; | |
allow unconfined_t fooapp_t:process { siginh rlimitinh noatsecure transition }; | |
userdom_use_inherited_user_ptys(fooapp_t) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment