| Message ID | 20231012103210.2915871-11-adam.duskett@amarulasolutions.com |
|---|---|
| State | New |
| Headers | show |
| Series | SELinux: Basic config enforcing mode support. | expand |
diff --git a/DEVELOPERS b/DEVELOPERS index 695738c4a9..05b4be1830 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -40,6 +40,7 @@ F: package/flutter-engine/ F: package/flutter-gallery/ F: package/flutter-pi/ F: package/flutter-sdk-bin/ +F: package/network-manager/selinux/ F: package/openssh/selinux/ F: package/polkit/selinux/ F: package/refpolicy/selinux/ diff --git a/package/network-manager/selinux/buildroot-network-manager.fc b/package/network-manager/selinux/buildroot-network-manager.fc new file mode 100644 index 0000000000..e69de29bb2 diff --git a/package/network-manager/selinux/buildroot-network-manager.if b/package/network-manager/selinux/buildroot-network-manager.if new file mode 100644 index 0000000000..2f33fa0b81 --- /dev/null +++ b/package/network-manager/selinux/buildroot-network-manager.if @@ -0,0 +1 @@ +## <summary>Buildroot network-manager rules</summary> diff --git a/package/network-manager/selinux/buildroot-network-manager.te b/package/network-manager/selinux/buildroot-network-manager.te new file mode 100644 index 0000000000..ce5180494c --- /dev/null +++ b/package/network-manager/selinux/buildroot-network-manager.te @@ -0,0 +1,4 @@ +policy_module(buildroot-network-manager, 1.0.0) + +#============= NetworkManager_t ============== +allow NetworkManager_t tmpfs_t:sock_file write;
This is a basic policy necessary for network-manager to work properly in enforcing mode without any denials. Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> --- DEVELOPERS | 1 + package/network-manager/selinux/buildroot-network-manager.fc | 0 package/network-manager/selinux/buildroot-network-manager.if | 1 + package/network-manager/selinux/buildroot-network-manager.te | 4 ++++ 4 files changed, 6 insertions(+) create mode 100644 package/network-manager/selinux/buildroot-network-manager.fc create mode 100644 package/network-manager/selinux/buildroot-network-manager.if create mode 100644 package/network-manager/selinux/buildroot-network-manager.te