[refpolicy] Write permission for /proc/net/xt_recent/

All of lore.kernel.org
 help / color / mirror / Atom feed

From: aranea@aixah.de (Luis Ressel)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] Write permission for /proc/net/xt_recent/
Date: Sat, 25 Jan 2014 17:36:26 +0100	[thread overview]
Message-ID: <20140125173626.1c346eb8@gentp.lnet> (raw)

Hello,

On my systems, it's neccessary for sysadm_t to be allowed to write to
proc_net_t files, specifically to the files in /proc/net/xt_recent/,
which allow manual control of the "recent" module of iptables. I don't
think it's neccessary to add another type for these files, as the other
proc_net_t files aren't writeable anyway. So I'd propose
"allow sysadm_t proc_net_t:file write;"

I don't have a patch, as I'm not sure where to put this (in
roles/sysadm.te or somewhere else) and if a new interface should be
added for it.

Regards,
Luis Ressel

-- 
Luis Ressel <aranea@aixah.de>
GPG fpr: F08D 2AF6 655E 25DE 52BC  E53D 08F5 7F90 3029 B5BD
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 966 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20140125/d3e26b77/attachment.bin

next             reply	other threads:[~2014-01-25 16:36 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-01-25 16:36 Luis Ressel [this message]
2014-02-01  3:37 ` [refpolicy] Write permission for /proc/net/xt_recent/ Christopher J. PeBenito
2014-02-01 10:08   ` Luis Ressel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140125173626.1c346eb8@gentp.lnet \
    --to=aranea@aixah.de \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.