Add an interface to allow the specified domain to mmap the general network configuration files
Signed-off-by: Laurent Bigonville <bigon@bigon.be>
This commit is contained in:
Laurent Bigonville
parent
61923c23d7
commit
c89e121db4
|
|
@ -364,6 +364,31 @@ interface(`sysnet_read_config',`
|
||||||
')
|
')
|
||||||
')
|
')
|
||||||
|
|
||||||
|
#######################################
|
||||||
|
## <summary>
|
||||||
|
## Map network config files.
|
||||||
|
## </summary>
|
||||||
|
## <desc>
|
||||||
|
## <p>
|
||||||
|
## Allow the specified domain to mmap the
|
||||||
|
## general network configuration files.
|
||||||
|
## </p>
|
||||||
|
## </desc>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`sysnet_mmap_config_files',`
|
||||||
|
gen_require(`
|
||||||
|
type net_conf_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
files_search_etc($1)
|
||||||
|
allow $1 net_conf_t:file map;
|
||||||
|
')
|
||||||
|
|
||||||
#######################################
|
#######################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Do not audit attempts to read network config files.
|
## Do not audit attempts to read network config files.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue