diff options
author | Paul Moore <pmoore@redhat.com> | 2013-01-14 07:12:13 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2013-01-14 18:16:59 -0500 |
commit | 6f96c142f77c96a34ac377a3616ee7abcd77fb4d (patch) | |
tree | a481cf442e39dae7f0392b38db461f5b3076e7eb /security/selinux | |
parent | cce894bb824429fd312706c7012acae43e725865 (diff) | |
download | lwn-6f96c142f77c96a34ac377a3616ee7abcd77fb4d.tar.gz lwn-6f96c142f77c96a34ac377a3616ee7abcd77fb4d.zip |
selinux: add the "attach_queue" permission to the "tun_socket" class
Add a new permission to align with the new TUN multiqueue support,
"tun_socket:attach_queue".
The corresponding SELinux reference policy patch is show below:
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 28802c5..a0664a1 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -827,6 +827,9 @@ class kernel_service
class tun_socket
inherits socket
+{
+ attach_queue
+}
class x_pointer
inherits x_device
Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Eric Paris <eparis@parisplace.org>
Tested-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/include/classmap.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index df2de54a958d..14d04e63b1f0 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -150,6 +150,6 @@ struct security_class_mapping secclass_map[] = { NULL } }, { "kernel_service", { "use_as_override", "create_files_as", NULL } }, { "tun_socket", - { COMMON_SOCK_PERMS, NULL } }, + { COMMON_SOCK_PERMS, "attach_queue", NULL } }, { NULL } }; |