nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
25bc2d5c1d
selinux-refpolicy/policy
History
Nicolas Iooss 25bc2d5c1d Allow systemd services to use PrivateNetwork feature 
systemd creates a new network namespace for services which are using
PrivateNetwork=yes.

In the implementation, systemd uses a socketpair as a storage buffer for
the namespace reference file descriptor (c.f.
https://github.com/systemd/systemd/blob/v228/src/core/namespace.c#L660).
One end of this socketpair is locked (hence the need of "lock" access to
self:unix_dgram_socket for init_t) while systemd opens
/proc/self/ns/net, which lives in nsfs.

While at it, add filesystem_type attribute to nsfs_t.
2016-01-11 13:17:16 -05:00
..
flask Add systemd access vectors. 2015-10-20 15:01:27 -04:00
modules Allow systemd services to use PrivateNetwork feature 2016-01-11 13:17:16 -05:00
support Update netlink socket classes. 2015-05-22 08:29:03 -04:00
constraints Update netlink socket classes. 2015-05-22 08:29:03 -04:00
context_defaults Fix error in default_user example. 2014-04-28 10:19:22 -04:00
global_booleans
global_tunables
mcs
mls Update netlink socket classes. 2015-05-22 08:29:03 -04:00
policy_capabilities Add always_check_network policy capability. 2015-01-27 17:25:36 -05:00
users