rhel: provide our own SELinux custom policy package

[ovs.git] / selinux / openvswitch-custom.te

diff --git a/selinux/openvswitch-custom.te b/selinux/openvswitch-custom.te
new file mode 100644 (file)
index 0000000..fc32b97
--- /dev/null
+++ b/selinux/openvswitch-custom.te
@@ -0,0 +1,9 @@
+module openvswitch-custom 1.0;
+
+require {
+        type openvswitch_t;
+        class netlink_socket { setopt getopt create connect getattr write read };
+}
+
+#============= openvswitch_t ==============
+allow openvswitch_t self:netlink_socket { setopt getopt create connect getattr write read };