selinux-policy

History

Paul Moore 9dc3cd1635 refpol: Policy for the new TUN driver access controls Add policy for the new TUN driver access controls which allow policy to control which domains have the ability to create and attach to TUN/TAP devices. The policy rules for creating and attaching to a device are as shown below: # create a new device allow domain_t self:tun_socket { create }; # attach to a persistent device (created by tunlbl_t) allow domain_t tunlbl_t:tun_socket { relabelfrom }; allow domain_t self:tun_socket { relabelto }; Further discussion can be found on this thread: * http://marc.info/?t=125080850900002&r=1&w=2 Signed-off-by: Paul Moore <paul.moore@hp.com>		2009-08-31 08:36:06 -04:00
..
flask	refpol: Add the "tun_socket" object class flask definitions	2009-08-31 08:36:00 -04:00
modules	refpol: Policy for the new TUN driver access controls	2009-08-31 08:36:06 -04:00
support	trunk: add open perm to sock_file.	2009-03-11 14:58:03 +00:00
constraints	trunk: fix role change constraint.	2008-12-03 20:16:08 +00:00
global_booleans	trunk: merge strict and targeted policies. merge shlib_t into lib_t.	2007-10-02 16:04:50 +00:00
global_tunables	remove read_default_t tunable	2009-07-23 08:58:35 -04:00
mcs	se-postgresql update from kaigai	2009-05-07 12:35:32 +00:00
mls	trunk: MLS constraints for the x_selection class, from Eamon Walsh.	2009-06-05 13:36:19 +00:00
policy_capabilities	trunk: update policycaps comments for sock_file open perm.	2009-07-01 13:34:54 +00:00
rolemap	trunk: merge UBAC.	2008-11-05 16:10:46 +00:00
users	trunk: drop workaround rules.	2008-07-02 12:17:38 +00:00