nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
25bc2d5c1d
selinux-refpolicy/policy/modules
History
Nicolas Iooss 25bc2d5c1d Allow systemd services to use PrivateNetwork feature 
systemd creates a new network namespace for services which are using
PrivateNetwork=yes.

In the implementation, systemd uses a socketpair as a storage buffer for
the namespace reference file descriptor (c.f.
https://github.com/systemd/systemd/blob/v228/src/core/namespace.c#L660).
One end of this socketpair is locked (hence the need of "lock" access to
self:unix_dgram_socket for init_t) while systemd opens
/proc/self/ns/net, which lives in nsfs.

While at it, add filesystem_type attribute to nsfs_t.
2016-01-11 13:17:16 -05:00
..
admin Bump module versions for release. 2015-12-08 09:53:02 -05:00
apps Move modules to contrib submodule. 2011-09-09 10:10:03 -04:00
contrib@35cd3decfd Update contrib. 2015-12-14 10:40:04 -05:00
kernel Allow systemd services to use PrivateNetwork feature 2016-01-11 13:17:16 -05:00
roles Bump module versions for release. 2015-12-08 09:53:02 -05:00
services Module version bump for Debian Xorg fc fixes from Laurent Bigonville 2016-01-07 13:11:50 -05:00
system Allow systemd services to use PrivateNetwork feature 2016-01-11 13:17:16 -05:00