[refpolicy] Write permission for /proc/net/xt_recent/
Christopher J. PeBenito
cpebenito at tresys.com
Fri Jan 31 22:37:02 EST 2014
On 1/25/2014 11:36 AM, Luis Ressel wrote:
> On my systems, it's neccessary for sysadm_t to be allowed to write to
> proc_net_t files, specifically to the files in /proc/net/xt_recent/,
> which allow manual control of the "recent" module of iptables. I don't
What program is used to do this? Perhaps that should be iptables_exec_t instead.
> I don't have a patch, as I'm not sure where to put this (in
> roles/sysadm.te or somewhere else) and if a new interface should be
> added for it.
Accesses of types in other modules need to use interfaces.
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
More information about the refpolicy