From d7af45d3741648c45560797a5b6f02dec784668f Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 6 Jun 2014 16:51:11 -0700
Subject: [PATCH] add attach_queue to tun_socket

Modeled after http://oss.tresys.com/pipermail/refpolicy/2013-January/006283.html

Addresses the following kernel error message:

  <6>[    3.855423] SELinux:  Permission attach_queue in class tun_socket not defined in policy.
  <6>[    3.862482] SELinux: the above unknown classes and permissions will be denied
  <7>[    3.869668] SELinux:  Completing initialization.

Change-Id: Iad87fcd5348d121a808dbe7ae3c63f8c90fc09fc
---
 access_vectors | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/access_vectors b/access_vectors
index ff631f5f7..265587220 100644
--- a/access_vectors
+++ b/access_vectors
@@ -829,6 +829,9 @@ class kernel_service
 
 class tun_socket
 inherits socket
+{
+	attach_queue
+}
 
 class x_pointer
 inherits x_device
-- 
GitLab