Skip to content

Commit

Permalink
selinux: add the "attach_queue" permission to the "tun_socket" class
Browse files Browse the repository at this point in the history 
Add a new permission to align with the new TUN multiqueue support,
"tun_socket:attach_queue".

The corresponding SELinux reference policy patch is show below:

 diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
 index 28802c5..a0664a1 100644
 --- a/policy/flask/access_vectors
 +++ b/policy/flask/access_vectors
 @@ -827,6 +827,9 @@ class kernel_service

  class tun_socket
  inherits socket
 +{
 +       attach_queue
 +}

  class x_pointer
  inherits x_device

Signed-off-by: Paul Moore <pmoore@redhat.com>
Acked-by: Eric Paris <eparis@parisplace.org>
Tested-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Paul Moore authored and David S. Miller committed Jan 14, 2013
1 parent cce894b commit 6f96c14
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion security/selinux/include/classmap.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,6 @@ struct security_class_mapping secclass_map[] = {
NULL } },
{ "kernel_service", { "use_as_override", "create_files_as", NULL } },
{ "tun_socket",
{ COMMON_SOCK_PERMS, NULL } },
{ COMMON_SOCK_PERMS, "attach_queue", NULL } },
{ NULL }
};

0 comments on commit 6f96c14

Please sign in to comment.