[mirror_ovs.git] / selinux / openvswitch-custom.te

module openvswitch-custom 1.0.1;

require {
        type openvswitch_t;
        type openvswitch_tmp_t;
        type ifconfig_exec_t;
        type hostname_exec_t;
        class netlink_socket { setopt getopt create connect getattr write read };
        class file { write getattr read open execute execute_no_trans };
}

#============= openvswitch_t ==============
allow openvswitch_t self:netlink_socket { setopt getopt create connect getattr write read };
allow openvswitch_t hostname_exec_t:file { read getattr open execute execute_no_trans };
allow openvswitch_t ifconfig_exec_t:file { read getattr open execute execute_no_trans };
allow openvswitch_t openvswitch_tmp_t:file { execute execute_no_trans };
Commit	Line	Data
5e2e3ada	1	module openvswitch-custom 1.0.1;
9b897c91 AA	2
	3	require {
	4	type openvswitch_t;
5e2e3ada JS	5	type openvswitch_tmp_t;
	6	type ifconfig_exec_t;
	7	type hostname_exec_t;
9b897c91	8	class netlink_socket { setopt getopt create connect getattr write read };
5e2e3ada	9	class file { write getattr read open execute execute_no_trans };
9b897c91 AA	10	}
	11
	12	#============= openvswitch_t ==============
	13	allow openvswitch_t self:netlink_socket { setopt getopt create connect getattr write read };
5e2e3ada JS	14	allow openvswitch_t hostname_exec_t:file { read getattr open execute execute_no_trans };
	15	allow openvswitch_t ifconfig_exec_t:file { read getattr open execute execute_no_trans };
	16	allow openvswitch_t openvswitch_tmp_t:file { execute execute_no_trans };