1 # Network namespace creation 2 type createns, domain; 3 type createns_exec, exec_type, vendor_file_type, file_type; 4 5 init_daemon_domain(createns) 6 7 allow createns self:capability { sys_admin net_raw setuid setgid }; 8 allow createns varrun_file:dir { add_name search write }; 9 allow createns varrun_file:file { create mounton open read write }; 10 11 #Allow createns itself to be run by init in its own domain 12 domain_auto_trans(goldfish_setup, createns_exec, createns); 13 allow createns goldfish_setup:fd use; 14 15
