refpol: Policy for the new TUN driver access controls - ~ewalsh/refpolicy - Experimental SELinux policy for the X object manager.

diff options

author	Paul Moore <paul.moore@hp.com>	2009-08-28 17:13:12 -0400
committer	Chris PeBenito <cpebenito@tresys.com>	2009-08-31 08:36:06 -0400
commit	9dc3cd1635640b6853817546cd3b8d9080a2cc53 (patch)
tree	a0ccf66f271694bfa6485ca325a07de2fc0240f1 /INSTALL
parent	333494fd5929df71bb8c6cddf5b4e34180fcd6b9 (diff)

refpol: Policy for the new TUN driver access controls

Add policy for the new TUN driver access controls which allow policy to control which domains have the ability to create and attach to TUN/TAP devices. The policy rules for creating and attaching to a device are as shown below: # create a new device allow domain_t self:tun_socket { create }; # attach to a persistent device (created by tunlbl_t) allow domain_t tunlbl_t:tun_socket { relabelfrom }; allow domain_t self:tun_socket { relabelto }; Further discussion can be found on this thread: * http://marc.info/?t=125080850900002&r=1&w=2 Signed-off-by: Paul Moore <paul.moore@hp.com>

Diffstat (limited to 'INSTALL')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: