blob: 995c7659c51f8f49f7e37017d027b5ca1aa50151 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
policy_module(ptunnel, 1.7)
require {
type initrc_t;
type unconfined_t;
type unlabeled_t;
class tcp_socket { read write create connect };
class association recvfrom;
class rawip_socket { write read };
}
type ptunnel_t;
domain_dyntrans_type(initrc_t)
allow ptunnel_t self:tcp_socket { read write create connect };
allow ptunnel_t unconfined_t:rawip_socket { write read };
allow ptunnel_t unlabeled_t:association recvfrom;
corenet_tcp_sendrecv_generic_if(ptunnel_t)
corenet_tcp_sendrecv_ssh_port(ptunnel_t)
corenet_raw_receive_generic_node(ptunnel_t)
corenet_tcp_connect_ssh_port(ptunnel_t)
corenet_tcp_sendrecv_lo_node(ptunnel_t)
|