[refpolicy] Write permission for /proc/net/xt_recent/

Luis Ressel aranea at aixah.de
Sat Jan 25 11:36:26 EST 2014


On my systems, it's neccessary for sysadm_t to be allowed to write to
proc_net_t files, specifically to the files in /proc/net/xt_recent/,
which allow manual control of the "recent" module of iptables. I don't
think it's neccessary to add another type for these files, as the other
proc_net_t files aren't writeable anyway. So I'd propose
"allow sysadm_t proc_net_t:file write;"

I don't have a patch, as I'm not sure where to put this (in
roles/sysadm.te or somewhere else) and if a new interface should be
added for it.

Luis Ressel

Luis Ressel <aranea at aixah.de>
GPG fpr: F08D 2AF6 655E 25DE 52BC  E53D 08F5 7F90 3029 B5BD
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 966 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20140125/d3e26b77/attachment.bin 

More information about the refpolicy mailing list