selinux/openvswitch-custom.te


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

module openvswitch-custom 1.0.1;

require {
        type openvswitch_t;
        type openvswitch_tmp_t;
        type ifconfig_exec_t;
        type hostname_exec_t;
        class netlink_socket { setopt getopt create connect getattr write read };
        class file { write getattr read open execute execute_no_trans };
}

#============= openvswitch_t ==============
allow openvswitch_t self:netlink_socket { setopt getopt create connect getattr write read };
allow openvswitch_t hostname_exec_t:file { read getattr open execute execute_no_trans };
allow openvswitch_t ifconfig_exec_t:file { read getattr open execute execute_no_trans };
allow openvswitch_t openvswitch_tmp_t:file { execute execute_no_trans };