fedora9のselinux
2日間使ってみた感じ。
module local 1.0; require { type user_tmp_t; type ntpd_t; type rpcbind_t; type fixed_disk_device_t; type NetworkManager_t; type rpcd_t; type procmail_t; class blk_file getattr; class file { read getattr }; } #============= NetworkManager_t ============== allow NetworkManager_t fixed_disk_device_t:blk_file getattr; #============= ntpd_t ============== allow ntpd_t user_tmp_t:file { read getattr }; #============= procmail_t ============== allow procmail_t user_tmp_t:file read; #============= rpcbind_t ============== allow rpcbind_t user_tmp_t:file read; #============= rpcd_t ============== allow rpcd_t user_tmp_t:file read;