Blame refpolicy/policy/modules/system/domain.te
|
Chris PeBenito |
e181fe |
# Copyright (C) 2005 Tresys Technology, LLC
|
|
Chris PeBenito |
e181fe |
|
|
Chris PeBenito |
960373 |
policy_module(domain,1.0)
|
|
Chris PeBenito |
960373 |
|
|
Chris PeBenito |
b4cd15 |
# Mark process types as domains
|
|
Chris PeBenito |
b4cd15 |
attribute domain;
|
|
Chris PeBenito |
b4cd15 |
|
|
Chris PeBenito |
960373 |
# entrypoint executables
|
|
Chris PeBenito |
960373 |
attribute entry_type;
|
|
Chris PeBenito |
960373 |
|
|
Chris PeBenito |
219bcf |
# processes started by init itself
|
|
Chris PeBenito |
219bcf |
attribute init_domain;
|
|
Chris PeBenito |
219bcf |
attribute init_domain_entry;
|
|
Chris PeBenito |
219bcf |
|
|
Chris PeBenito |
d0eddb |
# short running processes started by init scripts,
|
|
Chris PeBenito |
d0eddb |
# such as mount, usually for initializing the system
|
|
Chris PeBenito |
d0eddb |
attribute system_domain;
|
|
Chris PeBenito |
d0eddb |
attribute system_domain_entry;
|
|
Chris PeBenito |
d0eddb |
|
|
Chris PeBenito |
d0eddb |
# long running application processes started by
|
|
Chris PeBenito |
d0eddb |
# init scripts, such as sshd
|
|
Chris PeBenito |
219bcf |
attribute daemon_domain;
|
|
Chris PeBenito |
219bcf |
attribute daemon_domain_entry;
|
|
Chris PeBenito |
219bcf |
|
|
Chris PeBenito |
8a0da1 |
# widely-inheritable file descriptors
|
|
Chris PeBenito |
8a0da1 |
attribute privfd;
|
|
Chris PeBenito |
8a0da1 |
|
|
Chris PeBenito |
b4cd15 |
neverallow domain ~domain:process { transition dyntransition };
|