| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 1 | # init switches to init domain (via init.rc). |
| 2 | type init, domain; |
| repo sync | 50e37b9 | 2013-05-14 21:02:55 -0700 | [diff] [blame] | 3 | permissive init; |
| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 4 | # init is unconfined. |
| 5 | unconfined_domain(init) |
| 6 | tmpfs_domain(init) |
| Nick Kralevich | 0c9708b | 2013-07-10 14:46:05 -0700 | [diff] [blame^] | 7 | relabelto_domain(init) |
| repo sync | 77d4731 | 2013-05-17 17:11:29 -0700 | [diff] [blame] | 8 | # add a rule to handle unlabelled mounts |
| 9 | allow init unlabeled:filesystem mount; |
| Nick Kralevich | 0c9708b | 2013-07-10 14:46:05 -0700 | [diff] [blame^] | 10 | |
| 11 | allow init {fs_type dev_type file_type}:dir_file_class_set relabelto; |