File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -39,6 +39,7 @@ desc = Verify only expected domains can change SELinux to permissive mode.
3939tclass = security
4040perms = setenforce
4141exempt_source = cloud_init_t # VM configuration on initial boot
42+ initrc_t
4243 secadm_t # Security admin role
4344 sysadm_t # System admin role
4445
@@ -136,8 +137,10 @@ exempt_source = acpi_t
136137 plymouthd_t
137138 podman_t
138139 podman_user_t
140+ portage_t
139141 postgresql_t
140142 pppd_t
143+ qemu_ga_t
141144 quota_t # Configure filesystem quotas
142145 remote_login_t # Conditional access (allow_polyinstantiation)
143146 resmgrd_t
@@ -295,6 +298,7 @@ exempt_source = arpwatch_t
295298 pegasus_t
296299 podman_t
297300 podman_user_t
301+ portage_t
298302 portslave_t
299303 pppd_t
300304 pptp_t
@@ -311,6 +315,7 @@ exempt_source = arpwatch_t
311315 sosreport_t
312316 spc_t
313317 squid_t # Conditional access (squid_use_tproxy)
318+ ss_t
314319 sssd_t
315320 sysadm_t
316321 syslogd_t # Conditional network config (logging_syslog_can_network)
You can’t perform that action at this time.
0 commit comments