diff options
Diffstat (limited to 'contrib/selinux/passt.if')
| -rw-r--r-- | contrib/selinux/passt.if | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/contrib/selinux/passt.if b/contrib/selinux/passt.if index f689a99..893395b 100644 --- a/contrib/selinux/passt.if +++ b/contrib/selinux/passt.if @@ -15,3 +15,29 @@ interface(`passt_read_data',` allow $1 passt_t:dir { search add_name }; allow $1 passt_t:file { open read getattr }; ') + +interface(`passt_domtrans',` + gen_require(` + type passt_t, passt_exec_t; + ') + + corecmd_search_bin($1) + domtrans_pattern($1, passt_exec_t, passt_t) +') + +interface(`passt_socket',` + gen_require(` + type passt_t; + ') + + allow $1 user_tmp_t:sock_file write; + allow $1 passt_t:unix_stream_socket connectto; +') + +interface(`passt_kill',` + gen_require(` + type passt_t; + ') + + allow $1 passt_t:process { signal sigkill }; +') |