Skip to content
Snippets Groups Projects
Commit 23ceab3f authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Confine ping, but leave it permissive for now. 


Change-Id: I3fda2946271456dbe0905651c5015d9eb120a8ea
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent fd22922d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 10 additions and 1 deletion
ping.te
+ 10
1
View file @ 23ceab3f
type ping, domain; type ping, domain;
permissive ping;
type ping_exec, exec_type, file_type; type ping_exec, exec_type, file_type;
domain_auto_trans(shell, ping_exec, ping) domain_auto_trans(shell, ping_exec, ping)
unconfined_domain(ping)
allow ping self:capability net_raw;
allow ping self:rawip_socket create_socket_perms;
allow ping self:udp_socket create_socket_perms;
allow ping node:rawip_socket node_bind;
allow ping dnsproxyd_socket:sock_file write;
allow ping netd:unix_stream_socket connectto;
allow ping devpts:chr_file rw_file_perms;
allow ping shell:fd use;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment