rpms / selinux-policy

Clone
Source Code
GIT

Blame strict/domains/program/readahead.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   a8b62e799cdc4841a113ad0ee9ed0907c4de91fa
  2.   strict
  3.   domains
  4.   program
  5.   readahead.te
Blob History Raw
Chris PeBenito 77f6e2 
#DESC readahead - read files in page cache
Chris PeBenito 77f6e2 
#
Chris PeBenito 77f6e2 
# Author: Dan Walsh (dwalsh@redhat.com)
Chris PeBenito 77f6e2 
#
Chris PeBenito 77f6e2
Chris PeBenito 77f6e2 
#################################
Chris PeBenito 77f6e2 
#
Chris PeBenito 77f6e2 
# Declarations for readahead
Chris PeBenito 77f6e2 
#
Chris PeBenito 77f6e2
Chris PeBenito 77f6e2 
daemon_domain(readahead)
Chris PeBenito 77f6e2 
#
Chris PeBenito 77f6e2 
# readahead asks for these
Chris PeBenito 77f6e2 
#
Chris PeBenito 77f6e2 
allow readahead_t { file_type -secure_file_type }:{ file lnk_file } { getattr read };
Chris PeBenito 77f6e2 
allow readahead_t { file_type -secure_file_type }:dir r_dir_perms;
Chris PeBenito 77f6e2 
dontaudit readahead_t shadow_t:file { getattr read };
Chris PeBenito 77f6e2 
allow readahead_t { device_t device_type }:{ lnk_file chr_file blk_file } getattr;
Chris PeBenito 77f6e2 
dontaudit readahead_t file_type:sock_file getattr;
Chris PeBenito 77f6e2 
allow readahead_t proc_t:file { getattr read };
Chris PeBenito 77f6e2 
dontaudit readahead_t device_type:blk_file read;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation