RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2024-12-12 17:15:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
01b88ac323
selinux/libsepol
History
Christian Göttsche 413518a637 libsepol/cil: support IPv4/IPv6 address embedding 
Accept IPv4 addresses embedded in IPv6, like `::ffff:127.0.0.1`.
This allows using those in nodecon statements leading to fine grained
access control:

    type=AVC msg=audit(11/29/21 20:27:44.437:419) : avc:  granted  { node_bind } for  pid=27500 comm=intercept saddr=::ffff:127.0.0.1 src=46293 scontext=xuser_u:xuser_r:xuser_t:s0 tcontext=system_u:object_r:lo_node_t:s0 tclass=tcp_socket

This does effect policies in the traditional language due to CIL usage
in semodule(8).

Also print on conversion failures the address in question.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2021-12-15 12:47:17 -05:00
..
cil libsepol/cil: support IPv4/IPv6 address embedding 2021-12-15 12:47:17 -05:00
fuzz libsepol/cil: move the fuzz target and build script to the selinux repository 2021-08-17 10:33:47 -04:00
include libsepol: avoid implicit conversions 2021-07-13 21:01:07 +02:00
man selinux: Update manpages after removing legacy boolean and user code 2019-07-29 23:46:47 +02:00
src libsepol: Write out genfscon file type when writing out CIL policy 2021-12-09 10:46:30 -05:00
tests libsepol: silence -Wextra-semi-stmt warning 2021-07-06 11:08:11 -04:00
utils libsepol: build: follow standard semantics for DESTDIR and PREFIX 2018-02-14 15:59:36 +01:00
.gitignore libsepol: build cil into libsepol 2014-08-26 08:03:31 -04:00
COPYING initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
Makefile libsepol: build cil into libsepol 2014-08-26 08:03:31 -04:00
VERSION Update VERSIONs to 3.3 for release. 2021-10-21 16:31:23 +02:00