policy_module(netlabel,1.0.2) ######################################## # # Declarations # type netlabel_mgmt_t; type netlabel_mgmt_exec_t; application_domain(netlabel_mgmt_t,netlabel_mgmt_exec_t) ######################################## # # NetLabel Management Tools Local policy # # modify the network subsystem configuration allow netlabel_mgmt_t self:capability net_admin; allow netlabel_mgmt_t self:netlink_socket create_socket_perms; kernel_read_network_state(netlabel_mgmt_t) files_read_etc_files(netlabel_mgmt_t) libs_use_ld_so(netlabel_mgmt_t) libs_use_shared_libs(netlabel_mgmt_t) seutil_use_newrole_fds(netlabel_mgmt_t)