diff options
Diffstat (limited to 'selinux/openvswitch-custom.te.in')
| -rw-r--r-- | selinux/openvswitch-custom.te.in | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/selinux/openvswitch-custom.te.in b/selinux/openvswitch-custom.te.in new file mode 100644 index 000000000..47ddb562c --- /dev/null +++ b/selinux/openvswitch-custom.te.in @@ -0,0 +1,16 @@ +module openvswitch-custom 1.0.1; + +require { + type openvswitch_t; + type openvswitch_tmp_t; + type ifconfig_exec_t; + type hostname_exec_t; + class netlink_socket { setopt getopt create connect getattr write read }; + class file { write getattr read open execute execute_no_trans }; +} + +#============= openvswitch_t ============== +allow openvswitch_t self:netlink_socket { setopt getopt create connect getattr write read }; +allow openvswitch_t hostname_exec_t:file { read getattr open execute execute_no_trans }; +allow openvswitch_t ifconfig_exec_t:file { read getattr open execute execute_no_trans }; +allow openvswitch_t openvswitch_tmp_t:file { execute execute_no_trans }; |