mirror/ udica
1
1
Fork 0
mirror of https://github.com/containers/udica synced 2024-05-26 02:06:12 +02:00
Code Issues
udica/tests/test_basic.oci.cil
Vit Mojzis d6e5a0d99a tests: Remove duplicate rules from test cil files 
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
2022-06-22 11:41:10 +02:00

256 lines
27 KiB
Plaintext
Raw Permalink Blame History

(block my_container
(blockinherit container)
(blockinherit restricted_net_container)
(allow process process ( capability ( audit_write chown dac_override fowner fsetid kill mknod net_bind_service net_raw setfcap setgid setpcap setuid sys_chroot )))
(allow process ftp_port_t ( tcp_socket ( name_bind )))
(blockinherit home_container)
(allow process abrt_retrace_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_retrace_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_retrace_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_retrace_spool_t ( sock_file ( append getattr open read write )))
(allow process abrt_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process abrt_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process abrt_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process abrt_var_cache_t ( sock_file ( append getattr open read write )))
(allow process antivirus_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process antivirus_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process antivirus_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process antivirus_db_t ( sock_file ( append getattr open read write )))
(allow process asterisk_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process asterisk_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process asterisk_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process asterisk_spool_t ( sock_file ( append getattr open read write )))
(allow process audit_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process audit_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process audit_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process audit_spool_t ( sock_file ( append getattr open read write )))
(allow process bacula_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process bacula_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process bacula_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process bacula_spool_t ( sock_file ( append getattr open read write )))
(allow process callweaver_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process callweaver_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process callweaver_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process callweaver_spool_t ( sock_file ( append getattr open read write )))
(allow process courier_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process courier_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process courier_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process courier_spool_t ( sock_file ( append getattr open read write )))
(allow process cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process cron_spool_t ( sock_file ( append getattr open read write )))
(allow process ctdbd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ctdbd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ctdbd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ctdbd_spool_t ( sock_file ( append getattr open read write )))
(allow process device_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process device_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process device_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process device_t ( sock_file ( append getattr open read write )))
(allow process devlog_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process devlog_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process devlog_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process devlog_t ( sock_file ( append getattr open read write )))
(allow process dkim_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dkim_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dkim_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dkim_milter_data_t ( sock_file ( append getattr open read write )))
(allow process dovecot_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process dovecot_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process dovecot_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process dovecot_spool_t ( sock_file ( append getattr open read write )))
(allow process etc_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process etc_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process etc_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process etc_t ( sock_file ( append getattr open read write )))
(allow process exim_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process exim_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process exim_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process exim_spool_t ( sock_file ( append getattr open read write )))
(allow process getty_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process getty_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process getty_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process getty_var_run_t ( sock_file ( append getattr open read write )))
(allow process httpd_sys_rw_content_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process httpd_sys_rw_content_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process httpd_sys_rw_content_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process httpd_sys_rw_content_t ( sock_file ( append getattr open read write )))
(allow process ld_so_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process ld_so_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process ld_so_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process ld_so_t ( sock_file ( append getattr open read write )))
(allow process lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lib_t ( sock_file ( append getattr open read write )))
(allow process locale_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process locale_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process locale_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process locale_t ( sock_file ( append getattr open read write )))
(allow process lpd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process lpd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process lpd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process lpd_var_run_t ( sock_file ( append getattr open read write )))
(allow process mail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mail_spool_t ( sock_file ( append getattr open read write )))
(allow process mailman_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mailman_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mailman_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mailman_data_t ( sock_file ( append getattr open read write )))
(allow process mqueue_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mqueue_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mqueue_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mqueue_spool_t ( sock_file ( append getattr open read write )))
(allow process mscan_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process mscan_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process mscan_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process mscan_spool_t ( sock_file ( append getattr open read write )))
(allow process nagios_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process nagios_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process nagios_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process nagios_spool_t ( sock_file ( append getattr open read write )))
(allow process news_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process news_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process news_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process news_spool_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_spool_t ( sock_file ( append getattr open read write )))
(allow process plymouthd_var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process plymouthd_var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process plymouthd_var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process plymouthd_var_log_t ( sock_file ( append getattr open read write )))
(allow process postfix_private_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_private_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_private_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_private_t ( sock_file ( append getattr open read write )))
(allow process postfix_public_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_public_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_public_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_public_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_bounce_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_bounce_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_bounce_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_bounce_t ( sock_file ( append getattr open read write )))
(allow process postfix_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_spool_t ( sock_file ( append getattr open read write )))
(allow process postfix_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postfix_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postfix_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postfix_var_run_t ( sock_file ( append getattr open read write )))
(allow process postgrey_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process postgrey_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process postgrey_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process postgrey_spool_t ( sock_file ( append getattr open read write )))
(allow process prelude_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process prelude_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process prelude_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process prelude_spool_t ( sock_file ( append getattr open read write )))
(allow process print_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process print_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process print_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process print_spool_t ( sock_file ( append getattr open read write )))
(allow process public_content_rw_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process public_content_rw_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process public_content_rw_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process public_content_rw_t ( sock_file ( append getattr open read write )))
(allow process pyicqt_var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process pyicqt_var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process pyicqt_var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process pyicqt_var_spool_t ( sock_file ( append getattr open read write )))
(allow process quota_db_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process quota_db_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process quota_db_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process quota_db_t ( sock_file ( append getattr open read write )))
(allow process regex_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process regex_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process regex_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process regex_milter_data_t ( sock_file ( append getattr open read write )))
(allow process rpm_var_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rpm_var_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rpm_var_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rpm_var_cache_t ( sock_file ( append getattr open read write )))
(allow process rwho_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process rwho_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process rwho_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process rwho_spool_t ( sock_file ( append getattr open read write )))
(allow process samba_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process samba_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process samba_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process samba_spool_t ( sock_file ( append getattr open read write )))
(allow process sge_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process sge_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process sge_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process sge_spool_t ( sock_file ( append getattr open read write )))
(allow process smsd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process smsd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process smsd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process smsd_spool_t ( sock_file ( append getattr open read write )))
(allow process snmpd_var_lib_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process snmpd_var_lib_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process snmpd_var_lib_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process snmpd_var_lib_t ( sock_file ( append getattr open read write )))
(allow process spamass_milter_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamass_milter_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamass_milter_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamass_milter_data_t ( sock_file ( append getattr open read write )))
(allow process spamd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_spool_t ( sock_file ( append getattr open read write )))
(allow process spamd_var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process spamd_var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process spamd_var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process spamd_var_run_t ( sock_file ( append getattr open read write )))
(allow process squid_cache_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squid_cache_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squid_cache_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squid_cache_t ( sock_file ( append getattr open read write )))
(allow process squirrelmail_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process squirrelmail_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process squirrelmail_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process squirrelmail_spool_t ( sock_file ( append getattr open read write )))
(allow process system_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process system_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process system_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process system_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process tetex_data_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process tetex_data_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process tetex_data_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process tetex_data_t ( sock_file ( append getattr open read write )))
(allow process user_cron_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process user_cron_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process user_cron_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process user_cron_spool_t ( sock_file ( append getattr open read write )))
(allow process uucpd_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process uucpd_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process uucpd_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process uucpd_spool_t ( sock_file ( append getattr open read write )))
(allow process var_log_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_log_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_log_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_log_t ( sock_file ( append getattr open read write )))
(allow process var_run_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_run_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_run_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_run_t ( sock_file ( append getattr open read write )))
(allow process var_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process var_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process var_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process var_spool_t ( sock_file ( append getattr open read write )))
(allow process xdm_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process xdm_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process xdm_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process xdm_spool_t ( sock_file ( append getattr open read write )))
(allow process zoneminder_spool_t ( dir ( add_name create getattr ioctl lock open read remove_name rmdir search setattr write )))
(allow process zoneminder_spool_t ( file ( append create getattr ioctl lock map open read rename setattr unlink write )))
(allow process zoneminder_spool_t ( fifo_file ( getattr read write append ioctl lock open )))
(allow process zoneminder_spool_t ( sock_file ( append getattr open read write )))
)
View Git Blame Copy Permalink