Blob Blame History Raw

policy_module(domain,1.0)

# Mark process types as domains
attribute domain;

# entrypoint executables
attribute entry_type;

# widely-inheritable file descriptors
attribute privfd;

neverallow domain ~domain:process { transition dyntransition };