Commit Graph

7 Commits

Author SHA1 Message Date
Paul Moore 9dc3cd1635 refpol: Policy for the new TUN driver access controls
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices.  The policy rules for creating and attaching to a device are as
shown below:

  # create a new device
  allow domain_t self:tun_socket { create };

  # attach to a persistent device (created by tunlbl_t)
  allow domain_t tunlbl_t:tun_socket { relabelfrom };
  allow domain_t self:tun_socket { relabelto };

Further discussion can be found on this thread:

 * http://marc.info/?t=125080850900002&r=1&w=2

Signed-off-by: Paul Moore <paul.moore@hp.com>
2009-08-31 08:36:06 -04:00
Chris PeBenito 3f67f722bb trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
Chris PeBenito 6073ea1e13 trunk: whitespace fix changing multiple spaces into tabs. 2008-12-03 18:33:19 +00:00
Chris PeBenito a057e0462e trunk: fix missing xml parameter. 2008-12-03 15:51:53 +00:00
Chris PeBenito fb4826f424 trunk: 3 patches from dan. 2008-12-03 15:21:33 +00:00
Chris PeBenito aa7c463e5d trunk: a pile of misc fixes. 2008-10-13 13:36:50 +00:00
Chris PeBenito eb4216397c trunk: add qemu and virt from dan. 2008-06-16 18:59:07 +00:00