This patch reserves a new object class and permissions needed by the labeled
networking changes scheduled for 2.6.25.
Signed-off-by: Paul Moore <paul.moore@xxxxxx>
---
policy/flask/access_vectors | 10 ++++++++++
policy/flask/security_classes | 3 +++
2 files changed, 13 insertions(+)
Index: refpolicy_svn_repo/policy/flask/access_vectors
===================================================================
--- refpolicy_svn_repo.orig/policy/flask/access_vectors
+++ refpolicy_svn_repo/policy/flask/access_vectors
@@ -201,6 +201,8 @@ class node
enforce_dest
dccp_recv
dccp_send
+ recvfrom
+ sendto
}
class netif
@@ -213,6 +215,8 @@ class netif
rawip_send
dccp_recv
dccp_send
+ ingress
+ egress
}
class netlink_socket
@@ -726,3 +730,9 @@ inherits database
import
export
}
+
+# network peer labels
+class peer
+{
+ recv
+}
Index: refpolicy_svn_repo/policy/flask/security_classes
===================================================================
--- refpolicy_svn_repo.orig/policy/flask/security_classes
+++ refpolicy_svn_repo/policy/flask/security_classes
@@ -106,4 +106,7 @@ class db_column # userspace
class db_tuple # userspace
class db_blob # userspace
+# network peer labels
+class peer
+
# FLASK
--
paul moore
linux security @ hp
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
