Clone `xguest_connect_network` for guest role
Signed-off-by: Pat Riehecky <riehecky@fnal.gov>
This commit is contained in:
parent
f311d401cd
commit
53ed120ece
|
@ -11,6 +11,14 @@ userdom_restricted_user_template(guest)
|
||||||
|
|
||||||
kernel_read_system_state(guest_t)
|
kernel_read_system_state(guest_t)
|
||||||
|
|
||||||
|
## <desc>
|
||||||
|
## <p>
|
||||||
|
## Determine whether guest can
|
||||||
|
## configure network manager.
|
||||||
|
## </p>
|
||||||
|
## </desc>
|
||||||
|
gen_tunable(guest_connect_network, false)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Local policy
|
# Local policy
|
||||||
|
@ -20,4 +28,51 @@ optional_policy(`
|
||||||
dbus_role_template(guest, guest_r, guest_t)
|
dbus_role_template(guest, guest_r, guest_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
optional_policy(`
|
||||||
|
tunable_policy(`guest_connect_network',`
|
||||||
|
kernel_read_network_state(guest_t)
|
||||||
|
|
||||||
|
networkmanager_dbus_chat(guest_t)
|
||||||
|
networkmanager_read_lib_files(guest_t)
|
||||||
|
|
||||||
|
corenet_all_recvfrom_netlabel(guest_t)
|
||||||
|
corenet_tcp_sendrecv_generic_if(guest_t)
|
||||||
|
corenet_raw_sendrecv_generic_if(guest_t)
|
||||||
|
corenet_tcp_sendrecv_generic_node(guest_t)
|
||||||
|
corenet_raw_sendrecv_generic_node(guest_t)
|
||||||
|
|
||||||
|
corenet_sendrecv_pulseaudio_client_packets(guest_t)
|
||||||
|
corenet_tcp_connect_pulseaudio_port(guest_t)
|
||||||
|
|
||||||
|
corenet_sendrecv_http_client_packets(guest_t)
|
||||||
|
corenet_tcp_connect_http_port(guest_t)
|
||||||
|
|
||||||
|
corenet_sendrecv_http_cache_client_packets(guest_t)
|
||||||
|
corenet_tcp_connect_http_cache_port(guest_t)
|
||||||
|
|
||||||
|
corenet_sendrecv_squid_client_packets(guest_t)
|
||||||
|
corenet_tcp_connect_squid_port(guest_t)
|
||||||
|
|
||||||
|
corenet_sendrecv_ftp_client_packets(guest_t)
|
||||||
|
corenet_tcp_connect_ftp_port(guest_t)
|
||||||
|
|
||||||
|
corenet_sendrecv_ipp_client_packets(guest_t)
|
||||||
|
corenet_tcp_connect_ipp_port(guest_t)
|
||||||
|
|
||||||
|
corenet_sendrecv_generic_client_packets(guest_t)
|
||||||
|
corenet_tcp_connect_generic_port(guest_t)
|
||||||
|
|
||||||
|
corenet_sendrecv_soundd_client_packets(guest_t)
|
||||||
|
corenet_tcp_connect_soundd_port(guest_t)
|
||||||
|
|
||||||
|
corenet_sendrecv_speech_client_packets(guest_t)
|
||||||
|
corenet_tcp_connect_speech_port(guest_t)
|
||||||
|
|
||||||
|
corenet_sendrecv_transproxy_client_packets(guest_t)
|
||||||
|
corenet_tcp_connect_transproxy_port(guest_t)
|
||||||
|
|
||||||
|
corenet_dontaudit_tcp_bind_generic_port(guest_t)
|
||||||
|
')
|
||||||
|
')
|
||||||
|
|
||||||
#gen_user(guest_u, user, guest_r, s0, s0)
|
#gen_user(guest_u, user, guest_r, s0, s0)
|
||||||
|
|
Loading…
Reference in New Issue