Last active
May 9, 2019 20:57
-
-
Save 5quinque/604c26e2cc737ef673c71925b99d066c to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # also run | |
| # chcon -Rt svirt_sandbox_file_t /share/transmission | |
| # | |
| module container_t 1.0; | |
| require { | |
| type init_t; | |
| type samba_share_t; | |
| type devpts_t; | |
| type dhcpc_var_run_t; | |
| type screen_exec_t; | |
| type user_tmp_t; | |
| type ptmx_t; | |
| type avahi_t; | |
| type xdm_t; | |
| type container_t; | |
| type virt_var_run_t; | |
| class dbus send_msg; | |
| class file { create execute execute_no_trans getattr map open read write }; | |
| class chr_file { ioctl open read write }; | |
| class dir { add_name create read setattr write }; | |
| } | |
| #============= container_t ============== | |
| allow container_t samba_share_t:dir { add_name create read setattr write }; | |
| allow container_t samba_share_t:file { create open read write }; | |
| #============= init_t ============== | |
| allow init_t devpts_t:chr_file open; | |
| allow init_t ptmx_t:chr_file { ioctl open read write }; | |
| allow init_t screen_exec_t:file { execute execute_no_trans map open read }; | |
| allow init_t user_tmp_t:file { create write }; | |
| #============= xdm_t ============== | |
| allow xdm_t avahi_t:dbus send_msg; | |
| allow xdm_t dhcpc_var_run_t:file getattr; | |
| allow xdm_t virt_var_run_t:file getattr; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment