RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy/support
History
Stephen Smalley 58b3029576 Update netlink socket classes. 
Define new netlink socket security classes introduced by kernel commit
223ae516404a7a65f09e79a1c0291521c233336e.

Note that this does not remove the long-since obsolete
netlink_firewall_socket and netlink_ip6_fw_socket classes
from refpolicy in case they are still needed for legacy
distribution policies.

Add the new socket classes to socket_class_set.
Update ubac and mls constraints for the new socket classes.
Add allow rules for a few specific known cases (netutils, iptables,
netlabel, ifconfig, udev) in core policy that require access.
Further refinement for the contrib tree will be needed.  Any allow
rule previously written on :netlink_socket may need to be rewritten or
duplicated for one of the more specific classes.  For now, we retain the
existing :netlink_socket rules for compatibility on older kernels.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 		2015-05-22 08:29:03 -04:00
..
file_patterns.spt Add optional file name to filetrans_pattern. 2011-11-02 08:48:25 -04:00
ipc_patterns.spt trunk: add open perm to sock_file. 2009-03-11 14:58:03 +00:00
loadable_module.spt Remove deprecated optional_policy usage. 2011-10-14 10:22:16 -04:00
misc_macros.spt Deprecate some old file and dir permission set macros in favor of the newer, more consistently-named macros. 2007-10-09 17:29:48 +00:00
misc_patterns.spt Remove deprecated send_audit_msgs_pattern(). 2011-10-14 10:23:05 -04:00
mls_mcs_macros.spt - Move range transitions to modules. 2006-10-04 17:25:34 +00:00
obj_perm_sets.spt Update netlink socket classes. 2015-05-22 08:29:03 -04:00