Ben Radey
25 lines
865 B
Plaintext
25 lines
865 B
Plaintext
module benZfsSnapshotAutomount 1.1;
|
|
|
|
require {
|
|
type container_file_t;
|
|
type device_t;
|
|
type fs_t;
|
|
type kernel_generic_helper_t;
|
|
type mount_exec_t;
|
|
type unlabeled_t;
|
|
class capability { setgid setuid sys_admin };
|
|
class chr_file { ioctl open read write };
|
|
class dir { mounton search };
|
|
class file { execute open read execute_no_trans map getattr };
|
|
class filesystem mount;
|
|
}
|
|
|
|
#============= kernel_generic_helper_t ==============
|
|
allow kernel_generic_helper_t container_file_t:dir search;
|
|
allow kernel_generic_helper_t device_t:chr_file { ioctl open read write };
|
|
allow kernel_generic_helper_t fs_t:filesystem mount;
|
|
allow kernel_generic_helper_t mount_exec_t:file { execute open read execute_no_trans map getattr };
|
|
allow kernel_generic_helper_t self:capability { setgid setuid sys_admin };
|
|
allow kernel_generic_helper_t unlabeled_t:dir { mounton search };
|
|
|