RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy/modules/apps
History
Paul Moore 9dc3cd1635 refpol: Policy for the new TUN driver access controls 
Add policy for the new TUN driver access controls which allow policy to
control which domains have the ability to create and attach to TUN/TAP
devices.  The policy rules for creating and attaching to a device are as
shown below:

  # create a new device
  allow domain_t self:tun_socket { create };

  # attach to a persistent device (created by tunlbl_t)
  allow domain_t tunlbl_t:tun_socket { relabelfrom };
  allow domain_t self:tun_socket { relabelto };

Further discussion can be found on this thread:

 * http://marc.info/?t=125080850900002&r=1&w=2

Signed-off-by: Paul Moore <paul.moore@hp.com>
 		2009-08-31 08:36:06 -04:00
..
ada.fc trunk: merge strict and targeted policies. merge shlib_t into lib_t. 2007-10-02 16:04:50 +00:00
ada.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
ada.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
authbind.fc
authbind.if trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00
authbind.te trunk: remove redundant shared lib calls. 2008-10-17 17:31:04 +00:00
awstats.fc trunk: add awstats from Stefan Schulze Frielinghaus. 2007-09-17 17:25:40 +00:00
awstats.if trunk: whitespace fixes in xml blocks. 2008-12-03 19:16:20 +00:00
awstats.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
calamaris.fc
calamaris.if trunk: massive whitespace cleanup from dominick grift. 2008-07-23 21:38:39 +00:00
calamaris.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
cdrecord.fc three debian patches from manoj 2009-07-14 09:05:59 -04:00
cdrecord.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
cdrecord.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
cpufreqselector.fc add cpufreqselector from dan 2009-07-27 09:09:00 -04:00
cpufreqselector.if add cpufreqselector from dan 2009-07-27 09:09:00 -04:00
cpufreqselector.te add cpufreqselector from dan 2009-07-27 09:09:00 -04:00
ethereal.fc trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
ethereal.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
ethereal.te trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
evolution.fc trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
evolution.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
evolution.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
games.fc trunk: 7 patches from dan, slocate, games, amavis, radius, sendmail, rshd, logrotate. 2007-08-27 17:57:36 +00:00
games.if trunk: 4 patches from dan. 2009-03-11 13:32:23 +00:00
games.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
gift.fc trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
gift.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
gift.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
gnome.fc trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
gnome.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
gnome.te trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
gpg.fc gpg patch from dan 2009-07-21 10:07:38 -04:00
gpg.if gpg patch from dan 2009-07-21 10:07:38 -04:00
gpg.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
irc.fc trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
irc.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
irc.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
java.fc trunk: whitespace fix changing multiple spaces into tabs. 2008-12-03 18:33:19 +00:00
java.if Fix unconfined_r use of unconfined_java_t. 2009-08-17 13:19:26 -04:00
java.te Fix unconfined_r use of unconfined_java_t. 2009-08-17 13:19:26 -04:00
loadkeys.fc
loadkeys.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
loadkeys.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
lockdev.fc
lockdev.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
lockdev.te trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
metadata.xml
mono.fc
mono.if trunk: podsleuth and hal updates from dan. 2008-06-17 14:07:44 +00:00
mono.te trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
mozilla.fc mozilla patch from dan. 2009-07-27 09:11:12 -04:00
mozilla.if mozilla patch from dan. 2009-07-27 09:11:12 -04:00
mozilla.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
mplayer.fc trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
mplayer.if trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
mplayer.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
podsleuth.fc podsleuth patch from dan. 2009-07-21 10:11:16 -04:00
podsleuth.if podsleuth patch from dan. 2009-07-21 10:11:16 -04:00
podsleuth.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
pulseaudio.fc add pulseaudio from dan. 2009-07-21 10:05:38 -04:00
pulseaudio.if add pulseaudio from dan. 2009-07-21 10:05:38 -04:00
pulseaudio.te add pulseaudio from dan. 2009-07-21 10:05:38 -04:00
qemu.fc trunk: add qemu and virt from dan. 2008-06-16 18:59:07 +00:00
qemu.if refpol: Policy for the new TUN driver access controls 2009-08-31 08:36:06 -04:00
qemu.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
rssh.fc
rssh.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
rssh.te trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
screen.fc trunk: 9 patches from dan. 2009-06-01 16:03:42 +00:00
screen.if remove read_default_t tunable 2009-07-23 08:58:35 -04:00
screen.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
slocate.fc
slocate.if trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
slocate.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
thunderbird.fc trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
thunderbird.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
thunderbird.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
tvtime.fc
tvtime.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
tvtime.te trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
uml.fc trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
uml.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
uml.te refpol: Policy for the new TUN driver access controls 2009-08-31 08:36:06 -04:00
userhelper.fc patch to fix escaping of . in file contexts from james athey 2006-07-24 15:43:57 +00:00
userhelper.if trunk: whitespace fixes in xml blocks. 2008-12-03 19:16:20 +00:00
userhelper.te trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
usernetctl.fc
usernetctl.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
usernetctl.te trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
vmware.fc vmware patch from dan. 2009-07-28 11:37:34 -04:00
vmware.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
vmware.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
webalizer.fc
webalizer.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
webalizer.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00
wine.fc Patch for an additional wine executable from Dan Walsh. 2007-02-28 16:23:06 +00:00
wine.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
wine.te trunk: bump module versions for release. 2008-12-10 19:38:10 +00:00
wireshark.fc trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
wireshark.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
wireshark.te patch from Eamon Walsh to remove useage of deprecated xserver interfaces. 2009-08-28 13:40:29 -04:00
wm.fc wm policy from dan 2009-07-27 15:11:22 -04:00
wm.if wm policy from dan 2009-07-27 15:11:22 -04:00
wm.te wm policy from dan 2009-07-27 15:11:22 -04:00
yam.fc patch to fix escaping of . in file contexts from james athey 2006-07-24 15:43:57 +00:00
yam.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
yam.te module version number bump for release 2.20090730 that was mistakenly omitted. 2009-08-05 10:59:21 -04:00