1 # Network namespace transitions 2 type execns, domain; 3 type execns_exec, exec_type, vendor_file_type, file_type; 4 5 init_daemon_domain(execns) 6 7 allow execns varrun_file:dir search; 8 allow execns varrun_file:file r_file_perms; 9 allow execns self:capability { sys_admin setuid setgid }; 10 allow execns nsfs:file { open read }; 11 12 #Allow execns itself to be run by init in its own domain 13 domain_auto_trans(init, execns_exec, execns); 14 15 # Allow dhcpclient to be run by execns in its own domain 16 domain_auto_trans(execns, dhcpclient_exec, dhcpclient); 17 18 # Allow dhcpserver to be run by execns in its own domain 19 domain_auto_trans(execns, dhcpserver_exec, dhcpserver); 20 21 # Allow hostapd_nohidl to be run by execns in its own domain 22 domain_auto_trans(execns, hostapd_nohidl_exec, hostapd_nohidl); 23 24 # Allow netmgr to be run by execns in its own domain 25 domain_auto_trans(execns, netmgr_exec, netmgr); 26 27 # Allow execns to read createns proc file to get the namespace file 28 allow execns createns:file read; 29 allow execns createns:dir search; 30 allow execns createns:lnk_file read; 31
