diff options
Diffstat (limited to 'policy/modules/system/netlabel.te')
| -rw-r--r-- | policy/modules/system/netlabel.te | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/policy/modules/system/netlabel.te b/policy/modules/system/netlabel.te new file mode 100644 index 00000000..cbbda4a3 --- /dev/null +++ b/policy/modules/system/netlabel.te @@ -0,0 +1,28 @@ +policy_module(netlabel, 1.3.0) + +######################################## +# +# Declarations +# + +type netlabel_mgmt_t; +type netlabel_mgmt_exec_t; +application_domain(netlabel_mgmt_t, netlabel_mgmt_exec_t) +role system_r types netlabel_mgmt_t; + +######################################## +# +# NetLabel Management Tools Local policy +# + +# modify the network subsystem configuration +allow netlabel_mgmt_t self:capability net_admin; +allow netlabel_mgmt_t self:netlink_socket create_socket_perms; + +kernel_read_network_state(netlabel_mgmt_t) + +files_read_etc_files(netlabel_mgmt_t) + +seutil_use_newrole_fds(netlabel_mgmt_t) + +userdom_use_user_terminals(netlabel_mgmt_t) |