udica/udica/templates/net_container.cil

(block net_container
	(optional net_container_optional
		(typeattributeset sandbox_net_domain (process))
	)
)

(block restricted_net_container
	(optional restricted_net_container_optional
		(allow process process (tcp_socket (ioctl read getattr lock write setattr append bind connect getopt setopt shutdown create listen accept)))
		(allow process process (udp_socket (ioctl read getattr lock write setattr append bind connect getopt setopt shutdown create)))
		(allow process process (sctp_socket (ioctl read getattr lock write setattr append bind connect getopt setopt shutdown create)))

		(allow process proc_t (lnk_file (read)))

		(allow process node_t (node (tcp_recv tcp_send recvfrom sendto)))
		(allow process node_t (node (udp_recv recvfrom)))
		(allow process node_t (node (udp_send sendto)))

		(allow process node_t (udp_socket (node_bind)))
		(allow process node_t (tcp_socket (node_bind)))

		(allow process http_port_t (tcp_socket (name_connect)))
		(allow process http_port_t (tcp_socket (recv_msg send_msg)))
	)
)