From eeb7616f5e78b46e5016bc49bf5184f690e1620c Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Thu, 4 Mar 2010 13:50:46 -0500 Subject: [PATCH] Corenetwork patch from Dan Walsh. --- policy/modules/kernel/corenetwork.if.in | 19 +++++++++++++++++++ policy/modules/kernel/corenetwork.te.in | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in index b70e8436..a6a115d0 100644 --- a/policy/modules/kernel/corenetwork.if.in +++ b/policy/modules/kernel/corenetwork.if.in @@ -1918,6 +1918,25 @@ interface(`corenet_rw_tun_tap_dev',` allow $1 tun_tap_device_t:chr_file rw_chr_file_perms; ') +######################################## +## +## Do not audit attempts to read or write the TUN/TAP +## virtual network device. +## +## +## +## Domain to not audit. +## +## +# +interface(`corenet_dontaudit_rw_tun_tap_dev',` + gen_require(` + type tun_tap_device_t; + ') + + dontaudit $1 tun_tap_device_t:chr_file { read write }; +') + ######################################## ## ## Getattr the point-to-point device. diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in index d00c76e2..9de9adff 100644 --- a/policy/modules/kernel/corenetwork.te.in +++ b/policy/modules/kernel/corenetwork.te.in @@ -1,5 +1,5 @@ -policy_module(corenetwork, 1.13.6) +policy_module(corenetwork, 1.13.7) ######################################## #