nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
25f29bcfa4
selinux-refpolicy/support
History
Topi Miettinen 25f29bcfa4
gennetfilter: generate nft tables with --nft 
Optionally generate Netfilter NFT tables. Sample output:

```#!/usr/sbin/nft -f
flush ruleset
table inet security {
        secmark default_input_packet {
                "system_u:object_r:server_packet_t:s0"
        }
        secmark default_output_packet {
                "system_u:object_r:client_packet_t:s0"
        }
        secmark afs_bos_input {
                "system_u:object_r:afs_bos_server_packet_t:s0"
        }
        secmark afs_bos_output {
                "system_u:object_r:afs_bos_client_packet_t:s0"
        }
...
        chain INPUT {
                type filter hook input priority 0; policy accept;
                ct state new meta secmark set "default_input_packet"
                ct state new udp dport 7007 meta secmark set "afs_bos_input"
...
                ct state new ct secmark set meta secmark
                ct state established,related meta secmark set ct secmark
        }
        chain FORWARD {
                type filter hook forward priority 0; policy accept;
        }
        chain OUTPUT {
                type filter hook output priority 0; policy accept;
                ct state new meta secmark set "default_output_packet"
                ct state new udp dport 7007 meta secmark set "afs_bos_output"
...
                ct state new ct secmark set meta secmark
                ct state established,related meta secmark set ct secmark
        }
}
```

The labels are applied to TCP and/or UDP as needed. MCS and MLS are
not really handled.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
2020-04-16 23:46:02 +03:00
..
comment_move_decl.sed refpolicy: Infiniband pkeys and endports 2017-05-24 19:23:18 -04:00
divert.m4
fatal_error.m4 m4 errprint: add __program__ info 2017-03-08 17:16:27 +01:00
fc_sort.py fc_sort.py: Use "==" for comparing integers. 2019-10-08 15:45:27 -04:00
genclassperms.py convert build scripts to python3 2017-03-15 02:09:20 +01:00
genhomedircon.py Remove incorrect usages of "is" operator from Python scripts. 2019-11-23 10:12:53 -05:00
gennetfilter.py gennetfilter: generate nft tables with --nft 2020-04-16 23:46:02 +03:00
gentemplates.sh Add gentemplates.sh to extract template content 2018-06-10 13:23:01 -04:00
get_type_attr_decl.sed Move role declarations to the top of base.conf 2012-02-29 12:08:22 -05:00
iferror.m4
Makefile.devel Fix find commands in Makefiles 2019-05-22 09:00:23 +02:00
policyvers.py fix travis and genhomedircon 2017-03-18 18:38:20 +01:00
pyplate.py Use raw strings in regular expressions 2017-04-08 12:29:07 +02:00
sedoctool.py Remove incorrect usages of "is" operator from Python scripts. 2019-11-23 10:12:53 -05:00
segenxml.py segenxml.py: fix format usage in warning message 2019-10-01 20:38:58 +02:00
selinux-policy-refpolicy.spec Switch all remaining Python references to the Python 3 interpreter. 2018-05-31 17:41:59 -04:00
selinux-refpolicy-sources.spec.skel Switch all remaining Python references to the Python 3 interpreter. 2018-05-31 17:41:59 -04:00
set_bools_tuns.awk remove trailing whitespaces 2016-12-06 13:45:13 +01:00
undivert.m4
vagrant-vm.cil Vagrant: allow VirtualBox provisionning to use dhclient and ip 2020-01-12 22:45:18 +01:00