#permissive cnd; | |
type cnd, domain; | |
type cnd_exec, exec_type, file_type; | |
# cnd is started by init, type transit from init domain to cnd domain | |
init_daemon_domain(cnd) | |
# associate netdomain as an attribute of cnd domain | |
net_domain(cnd) | |
allow cnd self:capability { net_raw setuid setgid }; | |
allow cnd netmgrd:dir search; | |
allow cnd netmgrd:file r_file_perms; |