mkinitcpio

local-mkinitcpio.te

@@ -0,0 +1,22 @@
+
+module local-mkinitcpio 1.0;
+
+require {
+	type user_tmp_t;
+	type unconfined_t;
+	type kmod_t;
+	type tmp_t;
+	class unix_stream_socket { read write };
+	class file all;
+	class dir all;
+	class lnk_file all;
+}
+
+#============= kmod_t ==============
+allow kmod_t tmp_t:file all;
+allow kmod_t tmp_t:dir all;
+allow kmod_t tmp_t:lnk_file all;
+allow kmod_t unconfined_t:unix_stream_socket { read write };
+allow kmod_t user_tmp_t:file all;
+allow kmod_t user_tmp_t:dir all;
+allow kmod_t user_tmp_t:lnk_file all;