Add interface to start/stop iptables service

Signed-off-by: Dave Sugar <dsugar@tresys.com>
This commit is contained in:
Sugar, David 2019-01-11 15:30:52 +00:00 committed by Chris PeBenito
parent da1de46f66
commit f0860ff0bb
1 changed files with 19 additions and 0 deletions

View File

@ -183,6 +183,25 @@ interface(`iptables_dontaudit_read_pids',`
dontaudit $1 iptables_runtime_t:file read;
')
########################################
## <summary>
## Allow specified domain to start and stop iptables service
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`iptables_startstop',`
gen_require(`
type iptables_unit_t;
class service { start stop };
')
allow $1 iptables_unit_t:service { start stop };
')
########################################
## <summary>
## Allow specified domain to get status of iptables service