From mboxrd@z Thu Jan  1 00:00:00 1970
From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 31 Jan 2014 22:37:02 -0500
Subject: [refpolicy] Write permission for /proc/net/xt_recent/
In-Reply-To: <20140125173626.1c346eb8@gentp.lnet>
References: <20140125173626.1c346eb8@gentp.lnet>
Message-ID: <52EC6BDE.3080200@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 1/25/2014 11:36 AM, Luis Ressel wrote:
> On my systems, it's neccessary for sysadm_t to be allowed to write to
> proc_net_t files, specifically to the files in /proc/net/xt_recent/,
> which allow manual control of the "recent" module of iptables. I don't

What program is used to do this?  Perhaps that should be iptables_exec_t instead.


> I don't have a patch, as I'm not sure where to put this (in
> roles/sysadm.te or somewhere else) and if a new interface should be
> added for it.

Accesses of types in other modules need to use interfaces.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com