|
Server : Apache System : Linux server.mata-lashes.com 3.10.0-1160.90.1.el7.x86_64 #1 SMP Thu May 4 15:21:22 UTC 2023 x86_64 User : matalashes ( 1004) PHP Version : 8.1.29 Disable Function : NONE Directory : /usr/share/selinux/devel/include/contrib/ |
Upload File : |
## <summary>policy for sandbox</summary>
########################################
## <summary>
## Execute sandbox in the sandbox domain, and
## allow the specified role the sandbox domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
## <param name="role">
## <summary>
## The role to be allowed the sandbox domain.
## </summary>
## </param>
#
interface(`sandbox_transition',`
gen_require(`
attribute sandbox_domain;
')
sandbox_dyntransition($1) #885288
allow $1 sandbox_domain:process transition;
dontaudit $1 sandbox_domain:process { noatsecure siginh rlimitinh };
role $2 types sandbox_domain;
allow sandbox_domain $1:process { sigchld signull };
allow sandbox_domain $1:fifo_file rw_inherited_fifo_file_perms;
dontaudit sandbox_domain $1:process signal;
dontaudit sandbox_domain $1:key { link read search view };
dontaudit sandbox_domain $1:unix_stream_socket rw_socket_perms;
')
########################################
## <summary>
## Execute sandbox in the sandbox domain, and
## allow the specified role the sandbox domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access
## </summary>
## </param>
#
interface(`sandbox_dyntransition',`
gen_require(`
attribute sandbox_domain;
')
allow $1 sandbox_domain:process dyntransition;
')
########################################
## <summary>
## Creates types and rules for a basic
## sandbox process domain.
## </summary>
## <param name="prefix">
## <summary>
## Prefix for the domain.
## </summary>
## </param>
#
template(`sandbox_domain_template',`
gen_require(`
attribute sandbox_domain;
')
type $1_t, sandbox_domain;
application_type($1_t)
mls_rangetrans_target($1_t)
mcs_constrained($1_t)
')