type firewalld_tmpfs_t; files_tmpfs_file(firewalld_tmpfs_t) fs_tmpfs_filetrans(firewalld_t, firewalld_tmpfs_t, file) manage_files_pattern(firewalld_t, firewalld_tmpfs_t, firewalld_tmpfs_t) allow firewalld_t firewalld_tmpfs_t:file { map execute };
allow firewalld_t self:netlink_netfilter_socket { create getopt read setopt write }; miscfiles_read_generic_certs(firewalld_t) allow firewalld_t firewalld_etc_rw_t:dir watch; libs_watch_shared_libs_dir(firewalld_t) I'm going to put something like the above in the next upload, which covers most of what you suggested. The "(null) 0x2" is dbus stuff, it's displayed like that due to a bug in the dbusd logging. I don't think it should be accessing /root. Can it work OK without such access? Generally we don't want to give daemons access to user_home_dir_t or xdg_data_t unless they have a good reason for it. What does it need capability setpcap for? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ _______________________________________________ SELinux-devel mailing list SELinux-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/selinux-devel