You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
77 lines
760 B
77 lines
760 B
|
|
class testing
|
|
class fooclass
|
|
|
|
sid test_sid
|
|
#end
|
|
|
|
#sid decl
|
|
sid security
|
|
|
|
|
|
class testing
|
|
{
|
|
read
|
|
open
|
|
close
|
|
write
|
|
exec
|
|
}
|
|
class fooclass
|
|
{
|
|
read
|
|
open
|
|
close
|
|
write
|
|
exec
|
|
}
|
|
#end
|
|
|
|
#attribs
|
|
|
|
attribute attrs;
|
|
#end
|
|
|
|
|
|
type foo_t, attrs;
|
|
type typea_t;
|
|
type typeb_t;
|
|
type typec_t;
|
|
#end
|
|
|
|
|
|
bool foo_b true;
|
|
bool baz_b false;
|
|
#end
|
|
|
|
|
|
role foo_r types foo_t;
|
|
role rolea_r;
|
|
role roleb_r;
|
|
#end
|
|
|
|
#role decl
|
|
|
|
|
|
allow typea_t typeb_t : testing write;
|
|
allow typea_t typeb_t : testing {open close};
|
|
type_transition typea_t typeb_t : testing typec_t;
|
|
#end
|
|
|
|
#audit rules
|
|
#dontaudit {kernel} unknown : dir search;
|
|
|
|
|
|
allow rolea_r roleb_r;
|
|
#end
|
|
|
|
#rbac stuff
|
|
#allow system {guest local_user};
|
|
#allow local_user guest;
|
|
|
|
|
|
user foo_u roles foo_r;
|
|
#end
|
|
|
|
sid test_sid foo_u:foo_r:foo_t
|