Add role attributes in iptables.
This commit is contained in:
parent
e3a043d18d
commit
a858f08e5b
@ -42,17 +42,11 @@ interface(`iptables_domtrans',`
|
||||
#
|
||||
interface(`iptables_run',`
|
||||
gen_require(`
|
||||
type iptables_t;
|
||||
attribute_role iptables_roles;
|
||||
')
|
||||
|
||||
iptables_domtrans($1)
|
||||
role $2 types iptables_t;
|
||||
|
||||
sysnet_run_ifconfig(iptables_t, $2)
|
||||
|
||||
optional_policy(`
|
||||
modutils_run_insmod(iptables_t, $2)
|
||||
')
|
||||
roleattribute $2 iptables_roles;
|
||||
')
|
||||
|
||||
########################################
|
||||
|
@ -5,10 +5,13 @@ policy_module(iptables, 1.12.1)
|
||||
# Declarations
|
||||
#
|
||||
|
||||
attribute_role iptables_roles;
|
||||
roleattribute system_r iptables_roles;
|
||||
|
||||
type iptables_t;
|
||||
type iptables_exec_t;
|
||||
init_system_domain(iptables_t, iptables_exec_t)
|
||||
role system_r types iptables_t;
|
||||
role iptables_roles types iptables_t;
|
||||
|
||||
type iptables_initrc_exec_t;
|
||||
init_script_file(iptables_initrc_exec_t)
|
||||
@ -87,7 +90,7 @@ logging_send_syslog_msg(iptables_t)
|
||||
|
||||
miscfiles_read_localization(iptables_t)
|
||||
|
||||
sysnet_domtrans_ifconfig(iptables_t)
|
||||
sysnet_run_ifconfig(iptables_t, iptables_roles)
|
||||
sysnet_dns_name_resolve(iptables_t)
|
||||
|
||||
userdom_use_user_terminals(iptables_t)
|
||||
@ -107,7 +110,7 @@ optional_policy(`
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
modutils_domtrans_insmod(iptables_t)
|
||||
modutils_run_insmod(iptables_t, iptables_roles)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
|
Loading…
Reference in New Issue
Block a user