policy_module(brctl, 1.3.0) ######################################## # # Declarations # type brctl_t; type brctl_exec_t; domain_type(brctl_t) init_system_domain(brctl_t, brctl_exec_t) ######################################## # # brctl local policy # allow brctl_t self:capability net_admin; allow brctl_t self:fifo_file rw_file_perms; allow brctl_t self:unix_stream_socket create_stream_socket_perms; allow brctl_t self:unix_dgram_socket create_socket_perms; allow brctl_t self:tcp_socket create_socket_perms; kernel_load_module(brctl_t) kernel_read_network_state(brctl_t) kernel_read_sysctl(brctl_t) dev_rw_sysfs(brctl_t) dev_write_sysfs_dirs(brctl_t) # Init script handling domain_use_interactive_fds(brctl_t) files_read_etc_files(brctl_t) term_dontaudit_use_console(brctl_t) libs_use_ld_so(brctl_t) libs_use_shared_libs(brctl_t) miscfiles_read_localization(brctl_t) optional_policy(` xen_append_log(brctl_t) xen_dontaudit_rw_unix_stream_sockets(brctl_t) ')