mkinitcpio
This commit is contained in:
22
local-mkinitcpio.te
Normal file
22
local-mkinitcpio.te
Normal file
@@ -0,0 +1,22 @@
|
||||
|
||||
module local-mkinitcpio 1.0;
|
||||
|
||||
require {
|
||||
type user_tmp_t;
|
||||
type unconfined_t;
|
||||
type kmod_t;
|
||||
type tmp_t;
|
||||
class unix_stream_socket { read write };
|
||||
class file all;
|
||||
class dir all;
|
||||
class lnk_file all;
|
||||
}
|
||||
|
||||
#============= kmod_t ==============
|
||||
allow kmod_t tmp_t:file all;
|
||||
allow kmod_t tmp_t:dir all;
|
||||
allow kmod_t tmp_t:lnk_file all;
|
||||
allow kmod_t unconfined_t:unix_stream_socket { read write };
|
||||
allow kmod_t user_tmp_t:file all;
|
||||
allow kmod_t user_tmp_t:dir all;
|
||||
allow kmod_t user_tmp_t:lnk_file all;
|
||||
Reference in New Issue
Block a user