aboutgitcodebugslistschat
diff options
context:
space:
mode:
authorStefano Brivio <sbrivio@redhat.com>2023-02-21 18:09:23 +0000
committerStefano Brivio <sbrivio@redhat.com>2023-02-21 19:12:37 +0100
commit933aa1014bb9012fa20974945502c6687beaaebe (patch)
tree21f7c60985e02062a4f349ee7df0330a0b6ae7fa
parent0c11355e834d542f17073721b6462668680a2c86 (diff)
downloadpasst-933aa1014bb9012fa20974945502c6687beaaebe.tar
passt-933aa1014bb9012fa20974945502c6687beaaebe.tar.gz
passt-933aa1014bb9012fa20974945502c6687beaaebe.tar.bz2
passt-933aa1014bb9012fa20974945502c6687beaaebe.tar.lz
passt-933aa1014bb9012fa20974945502c6687beaaebe.tar.xz
passt-933aa1014bb9012fa20974945502c6687beaaebe.tar.zst
passt-933aa1014bb9012fa20974945502c6687beaaebe.zip
selinux/passt.te: Allow setting socket option on routing netlink socket
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
-rw-r--r--contrib/selinux/passt.te2
1 files changed, 1 insertions, 1 deletions
diff --git a/contrib/selinux/passt.te b/contrib/selinux/passt.te
index 3125d52..7fa4fb9 100644
--- a/contrib/selinux/passt.te
+++ b/contrib/selinux/passt.te
@@ -98,7 +98,7 @@ allow passt_t proc_net_t:file read;
allow passt_t net_conf_t:file { open read };
allow passt_t net_conf_t:lnk_file read;
allow passt_t tmp_t:sock_file { create unlink write };
-allow passt_t self:netlink_route_socket { bind create nlmsg_read read write };
+allow passt_t self:netlink_route_socket { bind create nlmsg_read read write setopt };
allow passt_t self:tcp_socket create_stream_socket_perms;
corenet_tcp_sendrecv_generic_node(passt_t)