-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
dd24a3e
commit 46fc5a9
Showing
9 changed files
with
113 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| (block adguardhome | ||
| (blockinherit container) | ||
| (blockinherit restricted_net_container) | ||
| (allow process process ( capability ( net_bind_service ))) | ||
|
|
||
| (allow process dns_port_t ( tcp_socket ( name_bind ))) | ||
| (allow process dns_port_t ( udp_socket ( name_bind ))) | ||
| (allow process dhcpd_port_t ( udp_socket ( name_bind ))) | ||
| (allow process dhcpc_port_t ( udp_socket ( name_bind ))) | ||
| (allow process http_port_t ( tcp_socket ( name_bind ))) | ||
| (allow process http_port_t ( tcp_socket ( name_bind ))) | ||
| (allow process reserved_port_t ( udp_socket ( name_bind ))) | ||
| (allow process hi_reserved_port_t ( udp_socket ( name_bind ))) | ||
| (allow process ntop_port_t ( tcp_socket ( name_bind ))) | ||
| (allow process ntop_port_t ( udp_socket ( name_bind ))) | ||
| (allow process unreserved_port_t ( tcp_socket ( name_bind ))) | ||
| (allow process unreserved_port_t ( udp_socket ( name_bind ))) | ||
|
|
||
| (allow process port_type ( tcp_socket ( name_connect recv_msg send_msg ))) | ||
| (allow process port_type ( udp_socket ( recv_msg send_msg ))) | ||
|
|
||
| (allow process cert_t ( dir ( watch getattr open read search ))) | ||
| (allow process cert_t ( file ( watch getattr open read ))) | ||
| (allow process cert_t ( lnk_file ( read ))) | ||
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| (block cloudflare_with_socket_access | ||
| (blockinherit container) | ||
| (blockinherit net_container) | ||
|
|
||
| (allow process node_t ( icmp_socket ( node_bind ))) | ||
|
|
||
| (allow process var_run_t ( sock_file ( write ))) | ||
| (allow process comiclib.process ( unix_stream_socket ( connectto ))) | ||
| (allow process cockpit_ws_t ( unix_stream_socket ( connectto ))) | ||
| (allow process container_caddy.process ( unix_stream_socket ( connectto ))) | ||
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| (block comiclib | ||
| (blockinherit container) | ||
|
|
||
|
|
||
| (allow process user_home_t ( dir ( watch getattr ioctl lock open read search ))) | ||
| (allow process user_home_t ( file ( watch getattr ioctl lock open read ))) | ||
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| (block container_caddy | ||
| (blockinherit container) | ||
| (blockinherit net_container) | ||
| (allow process process ( capability ( net_bind_service ))) | ||
|
|
||
| (allow process user_home_t ( dir ( watch getattr ioctl lock open read search ))) | ||
| (allow process user_home_t ( file ( watch getattr ioctl lock open read ))) | ||
|
|
||
| (allow process var_run_t ( sock_file ( write ))) | ||
| (allow process cockpit_ws_t ( unix_stream_socket ( connectto ))) | ||
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| (block container_hath | ||
| (blockinherit container) | ||
| (blockinherit restricted_net_container) | ||
| (allow process process ( capability ( net_bind_service ))) | ||
|
|
||
| (allow process port_type ( tcp_socket ( name_connect recv_msg send_msg ))) | ||
| (allow process port_type ( udp_socket ( recv_msg send_msg ))) | ||
|
|
||
| (allow process http_port_t ( tcp_socket ( name_bind ))) | ||
|
|
||
| (allow process user_home_t ( dir ( watch add_name create getattr ioctl lock open read remove_name rmdir search setattr write ))) | ||
| (allow process user_home_t ( file ( watch append create getattr ioctl lock map open read rename setattr unlink write ))) | ||
|
|
||
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| (block container_rohome_allbind | ||
| (blockinherit container) | ||
| (blockinherit net_container) | ||
|
|
||
| (allow process user_home_t ( dir ( watch getattr ioctl lock open read search ))) | ||
| (allow process user_home_t ( file ( watch getattr ioctl lock open read ))) | ||
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| (block container_rwhome_allbind | ||
| (blockinherit container) | ||
| (blockinherit net_container) | ||
|
|
||
| (allow process user_home_t ( dir ( watch add_name create getattr ioctl lock open read remove_name rmdir search setattr write ))) | ||
| (allow process user_home_t ( file ( watch append create getattr ioctl lock map open read rename setattr unlink write ))) | ||
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| (block container_wireguard | ||
| (blockinherit container) | ||
| (allow process process ( capability ( net_admin ))) | ||
|
|
||
| (allow process container_wireguard.process ( netlink_route_socket ( nlmsg_write ))) | ||
|
|
||
| ) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters