| Bjoern Johansson | ca5bfb1 | 2018-03-19 11:14:30 -0700 | [diff] [blame] | 1 | # Network namespace creation |
| 2 | type createns, domain; |
| 3 | type createns_exec, exec_type, vendor_file_type, file_type; |
| 4 | |
| 5 | init_daemon_domain(createns) |
| 6 | |
| 7 | allow createns self:capability { sys_admin net_raw setuid setgid }; |
| 8 | allow createns varrun_file:dir { add_name search write }; |
| 9 | allow createns varrun_file:file { create mounton open read write }; |
| 10 | |
| 11 | #Allow createns itself to be run by init in its own domain |
| 12 | domain_auto_trans(goldfish_setup, createns_exec, createns); |
| 13 | allow createns goldfish_setup:fd use; |
| 14 | |