1#permissive cnd; 2type cnd, domain, domain_deprecated; 3type cnd_exec, exec_type, file_type; 4 5# cnd is started by init, type transit from init domain to cnd domain 6init_daemon_domain(cnd) 7# associate netdomain as an attribute of cnd domain 8net_domain(cnd) 9 10allow cnd self:capability { net_raw setuid setgid }; 11 12allow cnd netmgrd:dir search; 13allow cnd netmgrd:file r_file_perms; 14