tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "selinux - remove clatd tun creation privs"

Browse source
This commit is contained in:
Maciej Żenczykowski 2019-05-09 00:11:29 +00:00 committed by Gerrit Code Review
commit fbae4d9b35
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
public/clatd.te
View file

@ -32,6 +32,5 @@ allow clatd self:global_capability_class_set { net_admin net_raw setuid setgid }
allow clatd self:global_capability_class_set ipc_lock; allow clatd self:global_capability_class_set ipc_lock;
allow clatd self:netlink_route_socket nlmsg_write; allow clatd self:netlink_route_socket nlmsg_write;
allow clatd self:{ packet_socket rawip_socket tun_socket } create_socket_perms_no_ioctl; allow clatd self:{ packet_socket rawip_socket } create_socket_perms_no_ioctl;
allow clatd tun_device:chr_file rw_file_perms; allow clatd tun_device:chr_file rw_file_perms;
allowxperm clatd tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF };