14 lines
248 B
Plaintext
14 lines
248 B
Plaintext
|
|
policy_module(domain,1.0)
|
|
|
|
# Mark process types as domains
|
|
attribute domain;
|
|
|
|
# entrypoint executables
|
|
attribute entry_type;
|
|
|
|
# widely-inheritable file descriptors
|
|
attribute privfd;
|
|
|
|
neverallow domain ~domain:process { transition dyntransition };
|