RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add definition of bpf class and systemd perms

This commit is contained in:
Christian Göttsche 2018-03-21 11:57:45 +01:00 committed by Chris PeBenito
parent 1a231081f8
commit 7b6042b29c
3 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
policy/flask/access_vectors
View File

@ -1081,3 +1081,12 @@ inherits socket
class smc_socket class smc_socket
inherits socket inherits socket
class bpf
{
map_create
map_read
map_write
prog_load
prog_run
}

2
policy/flask/security_classes
View File

@ -190,4 +190,6 @@ class smc_socket
class process2 class process2
class bpf
# FLASK # FLASK

1
policy/modules/system/init.te
View File

@ -228,6 +228,7 @@ ifdef(`init_systemd',`
allow init_t self:netlink_route_socket create_netlink_socket_perms; allow init_t self:netlink_route_socket create_netlink_socket_perms;
allow init_t initrc_t:unix_dgram_socket create_socket_perms; allow init_t initrc_t:unix_dgram_socket create_socket_perms;
allow init_t self:capability2 audit_read; allow init_t self:capability2 audit_read;
allow init_t self:bpf { map_create map_read map_write prog_load prog_run };
# for /run/systemd/inaccessible/{chr,blk} # for /run/systemd/inaccessible/{chr,blk}
allow init_t init_var_run_t:blk_file { create getattr }; allow init_t init_var_run_t:blk_file { create getattr };