Notes from my testing on ec2 with NodeHttpServer.js

Contexts:
Orig NodeHttpServer.js file: unconfined_u:object_r:user_home_t:s0
/usr/bin/node file: system_u:object_r:bin_t:s0
Pid 10682
Orig NodeHttpServer.js ps: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
  From ps output, looks like rule identifier is 'node bin/NodeHttpServer.js'
  DON'T THINK THIS VALID since non-interpret. invoc shows exactly what was typed to shell.



REQUIREMENTS.  #1 and #2 usually satisfied by same single rule.
1 File-type executable by Origin-domain?
  sesearch -s <SRC_DOM> -t <FILE_EXEC_T> -c file -p execute -Ad
  Output:  allow <SRC_DOM> <FILE_EXEC_T> : file {*execute*} ;
2 File-type an entrypoint for Origin-domain?
  sesearch -s <SRC_DOM> -t <FILE_EXEC_T> -c file -p entrypoint -Ad
  Output:  allow <SRC_DOM> <FILE_EXEC_T> : file {*entrypoint*} ;
2 Domain transition
  sesearch -s <SRC_DOM> -t <TARG_DOM> -c process -p transition -Ad
  Output:  allow <SRC_DOM <TARG_DOM> : process {*transition*} ;