# Copyright (C) 2005 Tresys Technology, LLC policy_module(domain,1.0) # Mark process types as domains attribute domain; # entrypoint executables attribute entry_type; # processes started by init itself attribute init_domain; attribute init_domain_entry; # processes started by init scripts attribute daemon_domain; attribute daemon_domain_entry; # widely-inheritable file descriptors attribute privfd; neverallow domain ~domain:process { transition dyntransition };