Call init_domain() in addition to init_daemon_domain(), this adds permissions needed...

[selinux.git] / tesseract / tesseract.te

policy_module(tesseract, 0.1.5)

# File context for the executable process
type tesseract_t;
type tesseract_exec_t;

type tesseract_rw_t;
files_type(tesseract_rw_t)

type tesseract_ro_t;
files_type(tesseract_ro_t)

init_domain(tesseract_t, tesseract_exec_t)
init_daemon_domain(tesseract_t, tesseract_exec_t)

corenet_udp_sendrecv_generic_port(tesseract_t)
corenet_udp_bind_generic_port(tesseract_t)
corenet_udp_bind_generic_node(tesseract_t)

read_files_pattern(tesseract_t, tesseract_ro_t, tesseract_ro_t)
list_dirs_pattern(tesseract_t, tesseract_ro_t, tesseract_ro_t)

sysnet_dns_name_resolve(tesseract_t)