34 lines
1.1 KiB
Plaintext
34 lines
1.1 KiB
Plaintext
policy_module(ostree, 1.3.0)
|
|
|
|
require {
|
|
type init_t;
|
|
type root_t;
|
|
type var_log_t;
|
|
type games_data_t;
|
|
type var_yp_t;
|
|
type systemd_tmpfiles_t;
|
|
type local_login_t;
|
|
type admin_home_t;
|
|
type ldconfig_cache_t;
|
|
type var_t;
|
|
type var_run_t;
|
|
class lnk_file { relabelfrom relabelto read getattr };
|
|
class dir { relabelfrom relabelto create setattr write };
|
|
}
|
|
|
|
# init_t
|
|
allow init_t admin_home_t:lnk_file { read getattr };
|
|
allow init_t root_t:dir { write };
|
|
|
|
#============= systemd_tmpfiles_t ==============
|
|
allow systemd_tmpfiles_t games_data_t:dir relabelto;
|
|
allow systemd_tmpfiles_t var_log_t:dir create;
|
|
allow systemd_tmpfiles_t var_run_t:lnk_file { relabelfrom relabelto };
|
|
allow systemd_tmpfiles_t var_t:dir { create relabelfrom relabelto setattr };
|
|
allow systemd_tmpfiles_t var_yp_t:dir relabelto;
|
|
allow systemd_tmpfiles_t ldconfig_cache_t:dir { relabelfrom relabelto setattr };
|
|
allow systemd_tmpfiles_t var_t:dir { relabelfrom relabelto setattr };
|
|
|
|
#============= local_login_t ==============
|
|
allow local_login_t admin_home_t:lnk_file read;
|