1# Network namespace transitions 2type execns, domain; 3type execns_exec, exec_type, vendor_file_type, file_type; 4 5init_daemon_domain(execns) 6 7allow execns varrun_file:dir search; 8allow execns varrun_file:file r_file_perms; 9allow execns self:capability { sys_admin setuid setgid }; 10allow execns nsfs:file { open read }; 11 12#Allow execns itself to be run by init in its own domain 13domain_auto_trans(init, execns_exec, execns); 14 15# Allow dhcpclient to be run by execns in its own domain 16domain_auto_trans(execns, dhcpclient_exec, dhcpclient); 17 18# Allow hostapd_nohidl to be run by execns in its own domain 19domain_auto_trans(execns, hostapd_nohidl_exec, hostapd_nohidl); 20 21# Allow netmgr to be run by execns in its own domain 22domain_auto_trans(execns, netmgr_exec, netmgr); 23 24# Allow execns to read createns proc file to get the namespace file 25allow execns createns:file read; 26allow execns createns:dir search; 27allow execns createns:lnk_file read; 28