Blame refpolicy/policy/modules/kernel/selinux.te
|
Chris PeBenito |
ff7bc1 |
|
|
Chris PeBenito |
ff7bc1 |
policy_module(selinux,1.0)
|
|
Chris PeBenito |
ff7bc1 |
|
|
Chris PeBenito |
ff7bc1 |
########################################
|
|
Chris PeBenito |
ff7bc1 |
#
|
|
Chris PeBenito |
ff7bc1 |
# Declarations
|
|
Chris PeBenito |
ff7bc1 |
#
|
|
Chris PeBenito |
ff7bc1 |
|
|
Chris PeBenito |
9726b3 |
attribute can_load_policy;
|
|
Chris PeBenito |
9726b3 |
attribute can_setenforce;
|
|
Chris PeBenito |
9726b3 |
attribute can_setsecparam;
|
|
Chris PeBenito |
9726b3 |
|
|
Chris PeBenito |
ff7bc1 |
#
|
|
Chris PeBenito |
ff7bc1 |
# security_t is the target type when checking
|
|
Chris PeBenito |
ff7bc1 |
# the permissions in the security class. It is also
|
|
Chris PeBenito |
ff7bc1 |
# applied to selinuxfs inodes.
|
|
Chris PeBenito |
ff7bc1 |
#
|
|
Chris PeBenito |
cff75c |
type security_t; #, mlstrustedobject;
|
|
Chris PeBenito |
cbca03 |
fs_type(security_t)
|
|
Chris PeBenito |
ff7bc1 |
sid security context_template(system_u:object_r:security_t,s0)
|
|
Chris PeBenito |
ff7bc1 |
genfscon selinuxfs / context_template(system_u:object_r:security_t,s0)
|
|
Chris PeBenito |
9726b3 |
|
|
Chris PeBenito |
9726b3 |
neverallow ~can_load_policy security_t:security load_policy;
|
|
Chris PeBenito |
9726b3 |
neverallow ~can_setenforce security_t:security setenforce;
|
|
Chris PeBenito |
9726b3 |
neverallow ~can_setsecparam security_t:security setsecparam;
|