> its a fifo_file on device pipefs with name/path: pipe:[11951]
>
> This type of internal communication is very common. We use the following
> policy for this:
>
> allow voip_sandbox_t self:fifo_file rw_fifo_file_perms;
>
Is 'rw_fifo_file_perms' custom-defined somewhere?
All I can see on the fifo_file is { append create execute getattr ioctl
link lock mounton quotaon read relabelfrom relabelto rename setattr
swapon unlink write }, of which, 'read' and 'write' are the relevant
ones. If I do 'allow voip_sandbox_t self:fifo_file { read write }' would
that be the same thing or am I missing something?
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
