-
Notifications
You must be signed in to change notification settings - Fork 28
/
Copy pathqm.te
40 lines (31 loc) · 931 Bytes
/
qm.te
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
policy_module(qm, 0.6.9)
gen_require(`
attribute container_file_type;
attribute container_runtime_domain;
type init_t;
')
type ipc_t;
domain_type(ipc_t)
role system_r types ipc_t;
unconfined_domain_noaudit(ipc_t)
type ipc_exec_t;
application_executable_file(ipc_exec_t)
allow ipc_t { ipc_exec_t container_file_type}:file entrypoint;
init_system_domain(ipc_t, ipc_exec_t)
role system_r types ipc_t;
domtrans_pattern(container_runtime_domain, ipc_exec_t, ipc_t)
type ipc_var_run_t;
files_pid_file(ipc_var_run_t)
files_mountpoint(ipc_var_run_t)
files_pid_filetrans(ipc_t, ipc_var_run_t, { dir file lnk_file sock_file })
files_pid_filetrans(init_t, ipc_var_run_t, dir, "ipc")
unconfined_domain(ipc_t)
qm_domain_template(qm)
optional_policy(`
require{
type bluechi_var_run_t;
type bluechi_t;
}
stream_connect_pattern(qm_t, bluechi_var_run_t, bluechi_var_run_t, bluechi_t)
unconfined_server_stream_connectto(qm_t)
')