rpms / selinux-policy

Clone
Source Code
GIT

9dc3cd1 refpol: Policy for the new TUN driver access controls

8 files Authored by Paul Moore 14 years ago, Committed by Chris PeBenito 14 years ago,
raw patch tree parent
8 files changed. 56 lines added. 0 lines removed.
policy/modules/admin/vpn.te
file modified
+1 -0
policy/modules/apps/qemu.if
file modified
+3 -0
policy/modules/apps/uml.te
file modified
+6 -0
policy/modules/services/openvpn.te
file modified
+1 -0
policy/modules/services/virt.if
file modified
+19 -0
policy/modules/services/virt.te
file modified
+1 -0
policy/modules/system/userdomain.if
file modified
+23 -0
policy/modules/system/userdomain.te
file modified
+2 -0 
    refpol: Policy for the new TUN driver access controls
    
    Add policy for the new TUN driver access controls which allow policy to
    control which domains have the ability to create and attach to TUN/TAP
    devices.  The policy rules for creating and attaching to a device are as
    shown below:
    
      # create a new device
      allow domain_t self:tun_socket { create };
    
      # attach to a persistent device (created by tunlbl_t)
      allow domain_t tunlbl_t:tun_socket { relabelfrom };
      allow domain_t self:tun_socket { relabelto };
    
    Further discussion can be found on this thread:
    
     * http://marc.info/?t=125080850900002&r=1&w=2
    
    Signed-off-by: Paul Moore <paul.moore@hp.com>
file modified
+1 -0
file modified
+3 -0
file modified
+6 -0
file modified
+1 -0
file modified
+19 -0
file modified
+1 -0
file modified
+23 -0
file modified
+2 -0
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.