RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy
History
Stephen Smalley 58b3029576 Update netlink socket classes. 
Define new netlink socket security classes introduced by kernel commit
223ae516404a7a65f09e79a1c0291521c233336e.

Note that this does not remove the long-since obsolete
netlink_firewall_socket and netlink_ip6_fw_socket classes
from refpolicy in case they are still needed for legacy
distribution policies.

Add the new socket classes to socket_class_set.
Update ubac and mls constraints for the new socket classes.
Add allow rules for a few specific known cases (netutils, iptables,
netlabel, ifconfig, udev) in core policy that require access.
Further refinement for the contrib tree will be needed.  Any allow
rule previously written on :netlink_socket may need to be rewritten or
duplicated for one of the more specific classes.  For now, we retain the
existing :netlink_socket rules for compatibility on older kernels.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 		2015-05-22 08:29:03 -04:00
..
flask Update netlink socket classes. 2015-05-22 08:29:03 -04:00
modules Update netlink socket classes. 2015-05-22 08:29:03 -04:00
support Update netlink socket classes. 2015-05-22 08:29:03 -04:00
constraints Update netlink socket classes. 2015-05-22 08:29:03 -04:00
context_defaults Fix error in default_user example. 2014-04-28 10:19:22 -04:00
global_booleans
global_tunables
mcs Implement mcs_constrained_type 2012-11-28 16:12:25 -05:00
mls Update netlink socket classes. 2015-05-22 08:29:03 -04:00
policy_capabilities Add always_check_network policy capability. 2015-01-27 17:25:36 -05:00
users Apply direct_initrc to unconfined_r:unconfined_t 2014-01-16 15:27:18 -05:00