#
typeattribute sandbox_web_client_t sandbox_web_type;
+auth_use_nsswitch(sandbox_web_client_t)
+
allow sandbox_web_type self:capability { setuid setgid };
allow sandbox_web_type self:netlink_audit_socket nlmsg_relay;
dontaudit sandbox_web_type self:process setrlimit;
storage_dontaudit_getattr_fixed_disk_dev(sandbox_web_type)
-auth_use_nsswitch(sandbox_web_type)
-
dbus_system_bus_client(sandbox_web_type)
dbus_read_config(sandbox_web_type)
selinux_get_fs_mount(sandbox_web_type)
corenet_tcp_connect_all_ports(sandbox_net_client_t)
corenet_sendrecv_all_client_packets(sandbox_net_client_t)
+auth_use_nsswitch(sandbox_net_client_t)
+
optional_policy(`
mozilla_dontaudit_rw_user_home_files(sandbox_x_t)
mozilla_dontaudit_rw_user_home_files(sandbox_xserver_t)
allow user_mail_domain mta_exec_type:file entrypoint;
append_files_pattern(user_mail_domain, mail_home_t, mail_home_t)
+read_files_pattern(user_mail_domain, mail_home_t, mail_home_t)
read_files_pattern(user_mail_domain, etc_aliases_t, etc_aliases_t)
userdom_user_home_dir_filetrans($1, home_cert_t, dir, ".cert")
userdom_user_home_dir_filetrans($1, home_cert_t, dir, ".pki")
- optional_policy(`
- gnome_admin_home_gconf_filetrans($1, home_bin_t, dir, "bin")
- ')
+ #optional_policy(`
+ # gnome_admin_home_gconf_filetrans($1, home_bin_t, dir, "bin")
+ #')
')
projects / people / stevee / selinux-policy.git / commitdiff
