1 policy_module(wine, 1.8.1)
3 ########################################
10 ## Ignore wine mmap_zero errors.
13 gen_tunable(wine_mmap_zero_ignore, false)
17 application_domain(wine_t, wine_exec_t)
18 ubac_constrained(wine_t)
19 role system_r types wine_t;
22 files_tmp_file(wine_tmp_t)
23 ubac_constrained(wine_tmp_t)
25 ########################################
30 allow wine_t self:process { execstack execmem execheap };
31 allow wine_t self:fifo_file manage_fifo_file_perms;
33 can_exec(wine_t, wine_exec_t)
35 manage_dirs_pattern(wine_t, wine_tmp_t, wine_tmp_t)
36 manage_files_pattern(wine_t, wine_tmp_t, wine_tmp_t)
37 files_tmp_filetrans(wine_t, wine_tmp_t, { file dir })
39 domain_mmap_low(wine_t)
41 files_execmod_all_files(wine_t)
43 userdom_use_inherited_user_terminals(wine_t)
45 tunable_policy(`wine_mmap_zero_ignore',`
46 dontaudit wine_t self:memprotect mmap_zero;
54 policykit_dbus_chat(wine_t)
58 unconfined_domain(wine_t)
62 xserver_read_xdm_pid(wine_t)
63 xserver_rw_shm(wine_t)