[refpolicy] Write permission for /proc/net/xt_recent/

Christopher J. PeBenito cpebenito at tresys.com
Fri Jan 31 22:37:02 EST 2014


On 1/25/2014 11:36 AM, Luis Ressel wrote:
> On my systems, it's neccessary for sysadm_t to be allowed to write to
> proc_net_t files, specifically to the files in /proc/net/xt_recent/,
> which allow manual control of the "recent" module of iptables. I don't

What program is used to do this?  Perhaps that should be iptables_exec_t instead.


> I don't have a patch, as I'm not sure where to put this (in
> roles/sysadm.te or somewhere else) and if a new interface should be
> added for it.

Accesses of types in other modules need to use interfaces.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com


More information about the refpolicy mailing list