On Fri, 2007-12-21 at 14:22 -0500, Paul Moore wrote:
> plain text document attachment (selinux-flask_peer_perms)
> This patch reserves a new object class and permissions needed by the labeled
> networking changes scheduled for 2.6.25.
Merged.
> Signed-off-by: Paul Moore <paul.moore@xxxxxx>
> ---
> policy/flask/access_vectors | 10 ++++++++++
> policy/flask/security_classes | 3 +++
> 2 files changed, 13 insertions(+)
>
> Index: refpolicy_svn_repo/policy/flask/access_vectors
> ===================================================================
> --- refpolicy_svn_repo.orig/policy/flask/access_vectors
> +++ refpolicy_svn_repo/policy/flask/access_vectors
> @@ -201,6 +201,8 @@ class node
> enforce_dest
> dccp_recv
> dccp_send
> + recvfrom
> + sendto
> }
>
> class netif
> @@ -213,6 +215,8 @@ class netif
> rawip_send
> dccp_recv
> dccp_send
> + ingress
> + egress
> }
>
> class netlink_socket
> @@ -726,3 +730,9 @@ inherits database
> import
> export
> }
> +
> +# network peer labels
> +class peer
> +{
> + recv
> +}
> Index: refpolicy_svn_repo/policy/flask/security_classes
> ===================================================================
> --- refpolicy_svn_repo.orig/policy/flask/security_classes
> +++ refpolicy_svn_repo/policy/flask/security_classes
> @@ -106,4 +106,7 @@ class db_column # userspace
> class db_tuple # userspace
> class db_blob # userspace
>
> +# network peer labels
> +class peer
> +
> # FLASK
>
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
