RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add tun_socket ubac constraint and add tun_socket to socket_class_set.

This commit is contained in:
Chris PeBenito 2010-11-11 09:48:43 -05:00
parent 52f38d23c9
commit 9711c7bdb5
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/constraints
View File

@ -154,6 +154,7 @@ exempted_ubac_constraint(netlink_dnrt_socket, ubacsock)
exempted_ubac_constraint(netlink_kobject_uevent_socket, ubacsock)
exempted_ubac_constraint(appletalk_socket, ubacsock)
exempted_ubac_constraint(dccp_socket, ubacsock)
exempted_ubac_constraint(tun_socket, ubacsock)
constrain socket_class_set { create relabelto relabelfrom }
(

2
policy/support/obj_perm_sets.spt
View File

@ -28,7 +28,7 @@ define(`devfile_class_set', `{ chr_file blk_file }')
#
# All socket classes.
#
define(`socket_class_set', `{ tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket }')
define(`socket_class_set', `{ tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket }')
#