|
Revision 1056, 1.1 kB
(checked in by cpebenito, 3 years ago)
|
add fc mls policy
|
| Line | |
|---|
| 1 |
################################################ |
|---|
| 2 |
# |
|---|
| 3 |
# Role-based access control (RBAC) configuration. |
|---|
| 4 |
# |
|---|
| 5 |
|
|---|
| 6 |
# The RBAC configuration was originally centralized in this |
|---|
| 7 |
# file, but has been decomposed into individual role declarations, |
|---|
| 8 |
# role allow rules, and role transition rules throughout the TE |
|---|
| 9 |
# configuration to support easy removal or adding of domains without |
|---|
| 10 |
# modifying a centralized file each time. This also allowed the macros |
|---|
| 11 |
# to properly instantiate role declarations and rules for domains. |
|---|
| 12 |
# Hence, this file is largely unused, except for miscellaneous |
|---|
| 13 |
# role allow rules. |
|---|
| 14 |
|
|---|
| 15 |
######################################## |
|---|
| 16 |
# |
|---|
| 17 |
# Role allow rules. |
|---|
| 18 |
# |
|---|
| 19 |
# A role allow rule specifies the allowable |
|---|
| 20 |
# transitions between roles on an execve. |
|---|
| 21 |
# If no rule is specified, then the change in |
|---|
| 22 |
# roles will not be permitted. Additional |
|---|
| 23 |
# controls over role transitions based on the |
|---|
| 24 |
# type of the process may be specified through |
|---|
| 25 |
# the constraints file. |
|---|
| 26 |
# |
|---|
| 27 |
# The syntax of a role allow rule is: |
|---|
| 28 |
# allow current_role new_role ; |
|---|
| 29 |
# |
|---|
| 30 |
# Allow the admin role to transition to the system |
|---|
| 31 |
# role for run_init. |
|---|
| 32 |
# |
|---|
| 33 |
allow sysadm_r system_r; |
|---|
