documentation for the macro "base_allowed"

Minimal permissions for a one-type-system.

It is defined in the file minimal.m4.

m4 code:

define(`base_allowed',
`allow kernel_t kernel_t:blk_file *;
allow kernel_t kernel_t:capability *;
allow kernel_t kernel_t:capability2 *;
allow kernel_t kernel_t:chr_file *;
allow kernel_t kernel_t:dir *;
allow kernel_t kernel_t:fifo_file *;
allow kernel_t kernel_t:file *;
allow kernel_t kernel_t:filesystem *;
allow kernel_t kernel_t:key *;
allow kernel_t kernel_t:lnk_file *;
allow kernel_t kernel_t:msg *;
allow kernel_t kernel_t:msgq *;
allow kernel_t kernel_t:netlink_route_socket *;
allow kernel_t kernel_t:node *;
allow kernel_t kernel_t:packet_socket *;
allow kernel_t kernel_t:passwd *;
allow kernel_t kernel_t:peer *;
allow kernel_t kernel_t:process *;
allow kernel_t kernel_t:rawip_socket *;
allow kernel_t kernel_t:security *;
allow kernel_t kernel_t:sem *;
allow kernel_t kernel_t:shm *;
allow kernel_t kernel_t:sock_file *;
allow kernel_t kernel_t:socket *;
allow kernel_t kernel_t:system *;
allow kernel_t kernel_t:tcp_socket *;
allow kernel_t kernel_t:udp_socket *;
allow kernel_t kernel_t:unix_dgram_socket *;
allow kernel_t kernel_t:unix_stream_socket *;
allow kernel_t kernel_t:netif *;')