From mboxrd@z Thu Jan  1 00:00:00 1970
From: aranea@aixah.de (Luis Ressel)
Date: Sat, 1 Feb 2014 11:08:27 +0100
Subject: [refpolicy] Write permission for /proc/net/xt_recent/
In-Reply-To: <52EC6BDE.3080200@tresys.com>
References: <20140125173626.1c346eb8@gentp.lnet> <52EC6BDE.3080200@tresys.com>
Message-ID: <20140201110827.6344991a@gentp.lnet>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 31 Jan 2014 22:37:02 -0500
"Christopher J. PeBenito" <cpebenito@tresys.com> wrote:

> On 1/25/2014 11:36 AM, Luis Ressel wrote:
> > On my systems, it's neccessary for sysadm_t to be allowed to write
> > to proc_net_t files, specifically to the files
> > in /proc/net/xt_recent/, which allow manual control of the "recent"
> > module of iptables. I don't
> 
> What program is used to do this?  Perhaps that should be
> iptables_exec_t instead.

I'm writing to those files manually via echo. I'll just write a helper
script then and label it accordingly.


--
Luis Ressel <aranea@aixah.de>
GPG fpr: F08D 2AF6 655E 25DE 52BC  E53D 08F5 7F90 3029 B5BD
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 966 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20140201/ff7e3ae3/attachment.bin