aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Moore <pmoore@redhat.com>2013-01-14 07:12:13 +0000
committerDavid S. Miller <davem@davemloft.net>2013-01-14 18:16:59 -0500
commit6f96c142f77c96a34ac377a3616ee7abcd77fb4d (patch)
treea481cf442e39dae7f0392b38db461f5b3076e7eb
parentcce894bb824429fd312706c7012acae43e725865 (diff)
selinux: add the "attach_queue" permission to the "tun_socket" class
Add a new permission to align with the new TUN multiqueue support, "tun_socket:attach_queue". The corresponding SELinux reference policy patch is show below: diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors index 28802c5..a0664a1 100644 --- a/policy/flask/access_vectors +++ b/policy/flask/access_vectors @@ -827,6 +827,9 @@ class kernel_service class tun_socket inherits socket +{ + attach_queue +} class x_pointer inherits x_device Signed-off-by: Paul Moore <pmoore@redhat.com> Acked-by: Eric Paris <eparis@parisplace.org> Tested-by: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--security/selinux/include/classmap.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index df2de54a958..14d04e63b1f 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -150,6 +150,6 @@ struct security_class_mapping secclass_map[] = {
NULL } },
{ "kernel_service", { "use_as_override", "create_files_as", NULL } },
{ "tun_socket",
- { COMMON_SOCK_PERMS, NULL } },
+ { COMMON_SOCK_PERMS, "attach_queue", NULL } },
{ NULL }
};