RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux-refpolicy/policy/flask
History
Stephen Smalley 58b3029576 Update netlink socket classes. 
Define new netlink socket security classes introduced by kernel commit
223ae516404a7a65f09e79a1c0291521c233336e.

Note that this does not remove the long-since obsolete
netlink_firewall_socket and netlink_ip6_fw_socket classes
from refpolicy in case they are still needed for legacy
distribution policies.

Add the new socket classes to socket_class_set.
Update ubac and mls constraints for the new socket classes.
Add allow rules for a few specific known cases (netutils, iptables,
netlabel, ifconfig, udev) in core policy that require access.
Further refinement for the contrib tree will be needed.  Any allow
rule previously written on :netlink_socket may need to be rewritten or
duplicated for one of the more specific classes.  For now, we retain the
existing :netlink_socket rules for compatibility on older kernels.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
 		2015-05-22 08:29:03 -04:00
..
Makefile trunk: do not emit lines in the kernel version of av_inherit.h for commons that are only inherited by userspace object classes. 2007-10-16 18:30:23 +00:00
access_vectors Update netlink socket classes. 2015-05-22 08:29:03 -04:00
flask.py Refactoring code to support python3 2012-06-26 09:08:48 -04:00
initial_sids remove extra level of directory 2006-07-12 20:32:27 +00:00
security_classes Update netlink socket classes. 2015-05-22 08:29:03 -04:00