RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy/modules/admin
History
Paul Moore 9dc3cd1635 refpol: Policy for the new TUN driver access controls 
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices.  The policy rules for creating and attaching to a device are as
shown below:

  # create a new device
  allow domain_t self:tun_socket { create };

  # attach to a persistent device (created by tunlbl_t)
  allow domain_t tunlbl_t:tun_socket { relabelfrom };
  allow domain_t self:tun_socket { relabelto };

Further discussion can be found on this thread:

 * http://marc.info/?t=125080850900002&r=1&w=2

Signed-off-by: Paul Moore <paul.moore@hp.com>
 		2009-08-31 08:36:06 -04:00
..
acct.fc three debian patches from manoj 2009-07-14 09:05:59 -04:00
acct.if trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00
acct.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
alsa.fc alsa file location update for debian, from Manoj. 2009-07-29 15:28:14 -04:00
alsa.if trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00
alsa.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
amanda.fc trunk: add an empty m4 string so the index macro is not invoked, to prevent a warning. 2008-08-12 19:30:54 +00:00
amanda.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
amanda.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
amtu.fc trunk: whitespace fix changing multiple spaces into tabs. 2008-12-03 18:33:19 +00:00
amtu.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
amtu.te trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
anaconda.fc
anaconda.if
anaconda.te trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
apt.fc Update apt/aptitude policy to add support for lock/log files 2009-07-29 15:00:39 -04:00
apt.if whitespace fixes in apt. 2009-07-29 15:24:52 -04:00
apt.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
backup.fc trunk: Backup update on Debian from Vaclav Ovsik. 2008-02-19 14:26:59 +00:00
backup.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
backup.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
bootloader.fc three debian patches from manoj 2009-07-14 09:05:59 -04:00
bootloader.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
bootloader.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
brctl.fc trunk: udev update and brctl module from dan. 2007-09-05 17:55:57 +00:00
brctl.if trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00
brctl.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
certwatch.fc
certwatch.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
certwatch.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
consoletype.fc
consoletype.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
consoletype.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
ddcprobe.fc trunk: whitespace fix changing multiple spaces into tabs. 2008-12-03 18:33:19 +00:00
ddcprobe.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
ddcprobe.te trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
dmesg.fc
dmesg.if trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00
dmesg.te trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
dmidecode.fc
dmidecode.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
dmidecode.te trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
dpkg.fc
dpkg.if trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
dpkg.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
firstboot.fc patch from dan Fri, 01 Sep 2006 15:45:24 -0400 2006-09-04 15:15:35 +00:00
firstboot.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
firstboot.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
kismet.fc trunk: add kismet from dan. 2008-05-26 15:35:25 +00:00
kismet.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
kismet.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
kudzu.fc
kudzu.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
kudzu.te trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
logrotate.fc trunk: Backup update on Debian from Vaclav Ovsik. 2008-02-19 14:26:59 +00:00
logrotate.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
logrotate.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
logwatch.fc patches from erich Wed, 13 Sep 2006 16:18:18 +0200 2006-09-13 18:35:10 +00:00
logwatch.if merge policy patterns to trunk 2006-12-12 20:08:08 +00:00
logwatch.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
metadata.xml
mrtg.fc patch from Stefan for mrtg daemon operation. 2006-08-07 17:14:00 +00:00
mrtg.if trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00
mrtg.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
netutils.fc
netutils.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
netutils.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
portage.fc trunk: add additional portage log locations. 2008-05-26 18:37:05 +00:00
portage.if trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
portage.te module version bumps and changelog update for the previous 3 commits. 2009-08-18 13:20:01 -04:00
prelink.fc 4 patches from dan. 2009-07-20 11:34:46 -04:00
prelink.if 4 patches from dan. 2009-07-20 11:34:46 -04:00
prelink.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
quota.fc patch from dan, Thu, 2007-01-25 at 08:12 -0500 2007-02-16 23:01:42 +00:00
quota.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
quota.te trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
readahead.fc readahead patch from dan. 2009-07-28 10:08:02 -04:00
readahead.if
readahead.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
rpm.fc patch from dan Wed, 20 Sep 2006 12:12:49 -0400 2006-09-22 17:14:35 +00:00
rpm.if trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
rpm.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
su.fc
su.if trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
su.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
sudo.fc
sudo.if fix ordering of interface calls in sudo. 2009-08-05 09:48:46 -04:00
sudo.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
sxid.fc
sxid.if merge policy patterns to trunk 2006-12-12 20:08:08 +00:00
sxid.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
tmpreaper.fc
tmpreaper.if trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00
tmpreaper.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
tripwire.fc
tripwire.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
tripwire.te trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
tzdata.fc patch from dan, Thu, 2007-01-25 at 08:12 -0500 2007-02-16 23:01:42 +00:00
tzdata.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
tzdata.te trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
updfstab.fc
updfstab.if trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00
updfstab.te trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
usbmodules.fc
usbmodules.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
usbmodules.te trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
usermanage.fc
usermanage.if trunk: 6 patches from dan. 2009-03-19 17:56:10 +00:00
usermanage.te Handle unix_chkpwd usage by useradd and groupadd; fixes ticket #49. 2009-08-05 14:19:54 -04:00
vbetool.fc
vbetool.if trunk: 5 patches from dan. 2009-03-10 19:32:04 +00:00
vbetool.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
vpn.fc trunk: 8 patches from dan. 2008-10-13 15:06:23 +00:00
vpn.if trunk: 5 patches from dan. 2009-03-10 19:32:04 +00:00
vpn.te refpol: Policy for the new TUN driver access controls 2009-08-31 08:36:06 -04:00