domain: unconfined access to bpf
Signed-off-by: Dominick Grift <dac.override@gmail.com>
This commit is contained in:
parent
6b11dcef89
commit
3228c2b997
@ -152,6 +152,9 @@ optional_policy(`
|
||||
# is handled in the interface as typeattribute cannot
|
||||
# be used on an attribute.
|
||||
|
||||
# unconfined access to bpf
|
||||
allow unconfined_domain_type domain:bpf { map_create map_read map_write prog_load prog_run };
|
||||
|
||||
# Use/sendto/connectto sockets created by any domain.
|
||||
allow unconfined_domain_type domain:{ socket_class_set socket key_socket } { create_stream_socket_perms send_msg lock relabelto name_bind recv_msg map sendto recvfrom relabelfrom };
|
||||
allow unconfined_domain_type domain:rawip_socket node_bind;
|
||||
|
Loading…
Reference in New Issue
Block a user