2 ## Final system configuration run during the first boot
3 ## after installation of Red Hat/Fedora systems.
6 ########################################
8 ## Execute firstboot in the firstboot domain.
10 ## <param name="domain">
12 ## The type of the process performing this action.
16 interface(`firstboot_domtrans',`
18 type firstboot_t, firstboot_exec_t;
21 domain_auto_trans($1,firstboot_exec_t,firstboot_t)
23 allow $1 firstboot_t:fd use;
24 allow firstboot_t $1:fd use;
25 allow firstboot_t $1:fifo_file rw_file_perms;
26 allow firstboot_t $1:process sigchld;
29 ########################################
31 ## Execute firstboot in the firstboot domain, and
32 ## allow the specified role the firstboot domain.
34 ## <param name="domain">
36 ## The type of the process performing this action.
39 ## <param name="role">
41 ## The role to be allowed the firstboot domain.
44 ## <param name="terminal">
46 ## The type of the terminal allow the firstboot domain to use.
50 interface(`firstboot_run',`
55 firstboot_domtrans($1)
56 role $2 types firstboot_t;
57 allow firstboot_t $3:chr_file rw_term_perms;
60 ########################################
62 ## Inherit and use a file descriptor from firstboot.
64 ## <param name="domain">
66 ## The type of the process performing this action.
70 interface(`firstboot_use_fds',`
75 allow $1 firstboot_t:fd use;
78 ########################################
80 ## Do not audit attempts to inherit a
81 ## file descriptor from firstboot.
83 ## <param name="domain">
85 ## Domain to not audit.
89 interface(`firstboot_dontaudit_use_fds',`
94 dontaudit $1 firstboot_t:fd use;
97 ########################################
99 ## Write to a firstboot unnamed pipe.
101 ## <param name="domain">
103 ## The type of the process performing this action.
107 interface(`firstboot_write_pipes',`
112 allow $1 firstboot_t:fifo_file write;