diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2022-03-28 11:08:39 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2022-03-29 15:35:38 +0200 |
| commit | 1f4b7fa0d75d25f518047e77c88718ec1cc3f5bb (patch) | |
| tree | 593b882b328424b079568bf8945cbdfe225c21e7 /contrib/selinux/pasta.if | |
| parent | e9d573b14f28bde604718513ed3d499f621090d8 (diff) | |
| download | passt-1f4b7fa0d75d25f518047e77c88718ec1cc3f5bb.tar passt-1f4b7fa0d75d25f518047e77c88718ec1cc3f5bb.tar.gz passt-1f4b7fa0d75d25f518047e77c88718ec1cc3f5bb.tar.bz2 passt-1f4b7fa0d75d25f518047e77c88718ec1cc3f5bb.tar.lz passt-1f4b7fa0d75d25f518047e77c88718ec1cc3f5bb.tar.xz passt-1f4b7fa0d75d25f518047e77c88718ec1cc3f5bb.tar.zst passt-1f4b7fa0d75d25f518047e77c88718ec1cc3f5bb.zip | |
passt, pasta: Add examples of SELinux policy modules
These should cover any reasonably common use case in distributions.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'contrib/selinux/pasta.if')
| -rw-r--r-- | contrib/selinux/pasta.if | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/contrib/selinux/pasta.if b/contrib/selinux/pasta.if new file mode 100644 index 0000000..a42bfcd --- /dev/null +++ b/contrib/selinux/pasta.if @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: AGPL-3.0-or-later +# +# PASTA - Pack A Subtle Tap Abstraction +# for network namespace/tap device mode +# +# contrib/selinux/pasta.if - SELinux profile example: Interface File for pasta +# +# Copyright (c) 2022 Red Hat GmbH +# Author: Stefano Brivio <sbrivio@redhat.com> + +interface('passt_read_data',' + gen_require(` + type passt_data_t; + ') + allow $1 passt_t:dir { search add_name }; + allow $1 passt_t:file { open read getattr }; +') + +interface('pasta_read_data',' + gen_require(` + type pasta_data_t; + ') + allow $1 pasta_t:dir { search add_name }; + allow $1 pasta_t:file { open read getattr }; +') |