Message ID | 20231012103210.2915871-12-adam.duskett@amarulasolutions.com |
---|---|
State | New |
Headers | show |
Series | SELinux: Basic config enforcing mode support. | expand |
diff --git a/DEVELOPERS b/DEVELOPERS index 05b4be1830..cfa0095969 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -40,6 +40,7 @@ F: package/flutter-engine/ F: package/flutter-gallery/ F: package/flutter-pi/ F: package/flutter-sdk-bin/ +F: package/iptables/selinux/ F: package/network-manager/selinux/ F: package/openssh/selinux/ F: package/polkit/selinux/ diff --git a/package/iptables/selinux/buildroot-iptables.fc b/package/iptables/selinux/buildroot-iptables.fc new file mode 100644 index 0000000000..e69de29bb2 diff --git a/package/iptables/selinux/buildroot-iptables.if b/package/iptables/selinux/buildroot-iptables.if new file mode 100644 index 0000000000..cb7e08744e --- /dev/null +++ b/package/iptables/selinux/buildroot-iptables.if @@ -0,0 +1 @@ +## <summary>Buildroot iptables rules</summary> diff --git a/package/iptables/selinux/buildroot-iptables.te b/package/iptables/selinux/buildroot-iptables.te new file mode 100644 index 0000000000..37107749ea --- /dev/null +++ b/package/iptables/selinux/buildroot-iptables.te @@ -0,0 +1,5 @@ +policy_module(buildroot-iptables, 1.0.0) + +#============= iptables_t ============== +allow iptables_t root_t:chr_file { read write }; +
This is a basic policy necessary for iptables to work properly in enforcing mode without any denials. Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> --- DEVELOPERS | 1 + package/iptables/selinux/buildroot-iptables.fc | 0 package/iptables/selinux/buildroot-iptables.if | 1 + package/iptables/selinux/buildroot-iptables.te | 5 +++++ 4 files changed, 7 insertions(+) create mode 100644 package/iptables/selinux/buildroot-iptables.fc create mode 100644 package/iptables/selinux/buildroot-iptables.if create mode 100644 package/iptables/selinux/buildroot-iptables.te