selinux-policy/strict/domains/program/readahead.te

22 lines
651 B
Plaintext
Raw Normal View History

#DESC readahead - read files in page cache
#
# Author: Dan Walsh (dwalsh@redhat.com)
#
#################################
#
# Declarations for readahead
#
daemon_domain(readahead)
#
# readahead asks for these
#
allow readahead_t { file_type -secure_file_type }:{ file lnk_file } { getattr read };
allow readahead_t { file_type -secure_file_type }:dir r_dir_perms;
dontaudit readahead_t shadow_t:file { getattr read };
allow readahead_t { device_t device_type }:{ lnk_file chr_file blk_file } getattr;
dontaudit readahead_t file_type:sock_file getattr;
allow readahead_t proc_t:file { getattr read };
dontaudit readahead_t device_type:blk_file read;