1 #permissive cnd; 2 type cnd, domain, domain_deprecated; 3 type cnd_exec, exec_type, file_type; 4 5 # cnd is started by init, type transit from init domain to cnd domain 6 init_daemon_domain(cnd) 7 # associate netdomain as an attribute of cnd domain 8 net_domain(cnd) 9 10 allow cnd self:capability { net_raw setuid setgid }; 11 12 allow cnd netmgrd:dir search; 13 allow cnd netmgrd:file r_file_perms; 14
