diff options
Diffstat (limited to 'netd.te')
-rw-r--r-- | netd.te | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -1,5 +1,5 @@ # network manager -type netd, domain; +type netd, domain, mlstrustedsubject; type netd_exec, exec_type, file_type; init_daemon_domain(netd) @@ -11,13 +11,13 @@ allow netd self:capability { net_admin net_raw kill }; # than one of the groups assigned to the current process to see if # the setgid bit should be cleared, regardless of whether the setgid # bit was even set. We do not appear to truly need this capability -# for netd to operate. Uncomment the dontaudit rule below after -# sufficient testing of the fsetid removal. -# dontaudit netd self:capability fsetid; +# for netd to operate. +dontaudit netd self:capability fsetid; allow netd self:netlink_kobject_uevent_socket create_socket_perms; allow netd self:netlink_route_socket nlmsg_write; allow netd self:netlink_nflog_socket create_socket_perms; +allow netd self:netlink_socket create_socket_perms; allow netd shell_exec:file rx_file_perms; allow netd system_file:file x_file_perms; allow netd devpts:chr_file rw_file_perms; |