* [PATCH] REFPOL: Add new object classes and permissions for labeled networking
@ 2007-12-21 19:22 Paul Moore
2008-01-03 16:10 ` Christopher J. PeBenito
0 siblings, 1 reply; 2+ messages in thread
From: Paul Moore @ 2007-12-21 19:22 UTC (permalink / raw)
To: selinux
This patch reserves a new object class and permissions needed by the labeled
networking changes scheduled for 2.6.25.
Signed-off-by: Paul Moore <paul.moore@hp.com>
---
policy/flask/access_vectors | 10 ++++++++++
policy/flask/security_classes | 3 +++
2 files changed, 13 insertions(+)
Index: refpolicy_svn_repo/policy/flask/access_vectors
===================================================================
--- refpolicy_svn_repo.orig/policy/flask/access_vectors
+++ refpolicy_svn_repo/policy/flask/access_vectors
@@ -201,6 +201,8 @@ class node
enforce_dest
dccp_recv
dccp_send
+ recvfrom
+ sendto
}
class netif
@@ -213,6 +215,8 @@ class netif
rawip_send
dccp_recv
dccp_send
+ ingress
+ egress
}
class netlink_socket
@@ -726,3 +730,9 @@ inherits database
import
export
}
+
+# network peer labels
+class peer
+{
+ recv
+}
Index: refpolicy_svn_repo/policy/flask/security_classes
===================================================================
--- refpolicy_svn_repo.orig/policy/flask/security_classes
+++ refpolicy_svn_repo/policy/flask/security_classes
@@ -106,4 +106,7 @@ class db_column # userspace
class db_tuple # userspace
class db_blob # userspace
+# network peer labels
+class peer
+
# FLASK
--
paul moore
linux security @ hp
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [PATCH] REFPOL: Add new object classes and permissions for labeled networking
2007-12-21 19:22 [PATCH] REFPOL: Add new object classes and permissions for labeled networking Paul Moore
@ 2008-01-03 16:10 ` Christopher J. PeBenito
0 siblings, 0 replies; 2+ messages in thread
From: Christopher J. PeBenito @ 2008-01-03 16:10 UTC (permalink / raw)
To: Paul Moore; +Cc: selinux
On Fri, 2007-12-21 at 14:22 -0500, Paul Moore wrote:
> plain text document attachment (selinux-flask_peer_perms)
> This patch reserves a new object class and permissions needed by the labeled
> networking changes scheduled for 2.6.25.
Merged.
> Signed-off-by: Paul Moore <paul.moore@hp.com>
> ---
> policy/flask/access_vectors | 10 ++++++++++
> policy/flask/security_classes | 3 +++
> 2 files changed, 13 insertions(+)
>
> Index: refpolicy_svn_repo/policy/flask/access_vectors
> ===================================================================
> --- refpolicy_svn_repo.orig/policy/flask/access_vectors
> +++ refpolicy_svn_repo/policy/flask/access_vectors
> @@ -201,6 +201,8 @@ class node
> enforce_dest
> dccp_recv
> dccp_send
> + recvfrom
> + sendto
> }
>
> class netif
> @@ -213,6 +215,8 @@ class netif
> rawip_send
> dccp_recv
> dccp_send
> + ingress
> + egress
> }
>
> class netlink_socket
> @@ -726,3 +730,9 @@ inherits database
> import
> export
> }
> +
> +# network peer labels
> +class peer
> +{
> + recv
> +}
> Index: refpolicy_svn_repo/policy/flask/security_classes
> ===================================================================
> --- refpolicy_svn_repo.orig/policy/flask/security_classes
> +++ refpolicy_svn_repo/policy/flask/security_classes
> @@ -106,4 +106,7 @@ class db_column # userspace
> class db_tuple # userspace
> class db_blob # userspace
>
> +# network peer labels
> +class peer
> +
> # FLASK
>
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2008-01-03 16:11 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-12-21 19:22 [PATCH] REFPOL: Add new object classes and permissions for labeled networking Paul Moore
2008-01-03 16:10 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.