selinux-policy/refpolicy/policy/modules/kernel/selinux.te

26 lines
680 B
Plaintext
Raw Normal View History

2005-06-14 20:40:09 +00:00
policy_module(selinux,1.0)
########################################
#
# Declarations
#
2005-07-05 20:59:51 +00:00
attribute can_load_policy;
attribute can_setenforce;
attribute can_setsecparam;
2005-06-14 20:40:09 +00:00
#
# security_t is the target type when checking
# the permissions in the security class. It is also
# applied to selinuxfs inodes.
#
2005-09-16 19:36:10 +00:00
type security_t; #, mlstrustedobject;
fs_type(security_t)
2005-06-14 20:40:09 +00:00
sid security context_template(system_u:object_r:security_t,s0)
genfscon selinuxfs / context_template(system_u:object_r:security_t,s0)
2005-07-05 20:59:51 +00:00
neverallow ~can_load_policy security_t:security load_policy;
neverallow ~can_setenforce security_t:security setenforce;
neverallow ~can_setsecparam security_t:security setsecparam;