iptables: calls to firewalld interfaces from Fedora. The firewalld_dontaudit_rw_tmp_files(iptables_t) was confirmed on Debian.

Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
This commit is contained in:
Dominick Grift 2013-11-09 10:44:57 +01:00 committed by Chris PeBenito
parent 872ece4bcf
commit e784e78825

View File

@ -49,6 +49,7 @@ allow iptables_t iptables_tmp_t:dir manage_dir_perms;
allow iptables_t iptables_tmp_t:file manage_file_perms;
files_tmp_filetrans(iptables_t, iptables_tmp_t, { file dir })
kernel_getattr_proc(iptables_t)
kernel_request_load_module(iptables_t)
kernel_read_system_state(iptables_t)
kernel_read_network_state(iptables_t)
@ -104,6 +105,11 @@ optional_policy(`
fail2ban_append_log(iptables_t)
')
optional_policy(`
firewalld_read_config_files(iptables_t)
firewalld_dontaudit_rw_tmp_files(iptables_t)
')
optional_policy(`
firstboot_use_fds(iptables_t)
firstboot_rw_pipes(iptables_t)