RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow syncthing_t to execute ifconfig/iproute2. 

Add new boolean which can allow syncthing_t to execute ifconfig/iproute2 to determinate gateway for NAT-PMP.
This commit is contained in:
Alexander Miroshnichenko 2018-12-30 17:43:16 +03:00
parent 2b3473c40c
commit 8b2add4140
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
policy/modules/apps/syncthing.te
View File

@ -5,6 +5,14 @@ policy_module(syncthing, 1.1.0)
# Declarations # Declarations
# #
## <desc>
## <p>
## Determine whether syncthing can
## run ifconfig/iproute2 to find gateway.
## </p>
## </desc>
gen_tunable(syncthing_can_run_ifconfig, false)
attribute_role syncthing_roles; attribute_role syncthing_roles;
role syncthing_roles types syncthing_t; role syncthing_roles types syncthing_t;
@ -69,3 +77,7 @@ optional_policy(`
# temporary hack for /run/NetworkManager/resolv.conf until we make this part of sysnet_dns_name_resolve() # temporary hack for /run/NetworkManager/resolv.conf until we make this part of sysnet_dns_name_resolve()
networkmanager_read_pid_files(syncthing_t) networkmanager_read_pid_files(syncthing_t)
') ')
tunable_policy(`syncthing_can_run_ifconfig',`
sysnet_domtrans_ifconfig(syncthing_t)
')