Second, and hopefully final, version of the SELinux policy for the new TUN
hooks. This version includes all the feedback from Chris discussed on the
list as well as my sign-off.
---
Paul Moore (2):
refpol: Policy for the new TUN driver access controls
refpol: Add the "tun_socket" object class flask definitions
policy/flask/access_vectors | 2 ++
policy/flask/security_classes | 2 ++
policy/modules/admin/vpn.te | 1 +
policy/modules/apps/qemu.if | 3 +++
policy/modules/apps/uml.te | 6 ++++++
policy/modules/services/openvpn.te | 1 +
policy/modules/services/virt.if | 19 +++++++++++++++++++
policy/modules/services/virt.te | 1 +
policy/modules/system/userdomain.if | 23 +++++++++++++++++++++++
policy/modules/system/userdomain.te | 2 ++
10 files changed, 60 insertions(+), 0 deletions(-)
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
