passt/contrib/selinux, branch 2023_02_27.c538ee8 Plug A Simple Socket Transport selinux/passt.te: Allow setting socket option on routing netlink socket 2023-02-21T18:12:37+00:00 Stefano Brivio sbrivio@redhat.com 2023-02-21T18:09:23+00:00 933aa1014bb9012fa20974945502c6687beaaebe Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
selinux/passt.te: Allow /etc/resolv.conf symlinks to be followed 2023-02-21T18:12:37+00:00 Stefano Brivio sbrivio@redhat.com 2023-02-21T18:07:31+00:00 0c11355e834d542f17073721b6462668680a2c86 Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
selinux/passt.te: Allow setcap on the process itself 2023-02-21T18:12:37+00:00 Stefano Brivio sbrivio@redhat.com 2023-02-21T18:06:05+00:00 7d9150db0ac72cde46b48b916daefa6e70a751b0 This is needed by the new functions in isolate.c, add the corresponding rule. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
This is needed by the new functions in isolate.c, add the
corresponding rule.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
selinux: Switch to a more reasonable model for PID and socket files 2023-02-21T18:12:37+00:00 Stefano Brivio sbrivio@redhat.com 2023-02-21T18:03:49+00:00 01801b131f21f126b341f0db069727d6f9bd8d2e Instead of restricting PID files to /var/run/passt.pid, which is a single file and unlikely to be used, use the user_tmp_t type which should cover any reasonable need. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Instead of restricting PID files to /var/run/passt.pid, which is a
single file and unlikely to be used, use the user_tmp_t type which
should cover any reasonable need.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
selinux: Define interfaces for libvirt and similar frameworks 2023-02-21T18:12:37+00:00 Stefano Brivio sbrivio@redhat.com 2023-02-21T18:00:13+00:00 49024476309df1f6f32f34c40e793592687c9f26 Services running passt will commonly need to transition to its domain, terminate it, connect and write to its socket. The init_daemon_domain() macro now defines the default transition to the passt_t domain, using the passt_exec_t type. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
Services running passt will commonly need to transition to its
domain, terminate it, connect and write to its socket.

The init_daemon_domain() macro now defines the default transition to
the passt_t domain, using the passt_exec_t type.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
selinux/passt.if: Fix typo in passt_read_data interface definition 2023-02-21T18:12:30+00:00 Stefano Brivio sbrivio@redhat.com 2023-02-21T17:56:07+00:00 9136f74015106e938db6e91672d502d007d59816 This is an example interface, currently unused, so it went undetected: m4 macros need a backtick at the beginning of a block instead of a single quote. Fixes: 1f4b7fa0d75d ("passt, pasta: Add examples of SELinux policy modules") Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
This is an example interface, currently unused, so it went undetected:
m4 macros need a backtick at the beginning of a block instead of a
single quote.

Fixes: 1f4b7fa0d75d ("passt, pasta: Add examples of SELinux policy modules")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
passt, pasta: Add examples of SELinux policy modules 2022-03-29T13:35:38+00:00 Stefano Brivio sbrivio@redhat.com 2022-03-28T09:08:39+00:00 1f4b7fa0d75d25f518047e77c88718ec1cc3f5bb These should cover any reasonably common use case in distributions. Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 
These should cover any reasonably common use case in distributions.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>