diff options
Diffstat (limited to 'frr.te')
| -rw-r--r-- | frr.te | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -27,12 +27,20 @@ systemd_unit_file(frr_unit_file_t) type frr_var_run_t; files_pid_file(frr_var_run_t) +type frr_var_lib_t; +files_type(frr_var_lib_t) + ######################################## # # frr local policy # allow frr_t self:capability { chown dac_override dac_read_search kill net_bind_service net_raw setgid setuid net_admin sys_admin }; allow frr_t self:netlink_route_socket rw_netlink_socket_perms; +allow frr_t self:netlink_generic_socket create; +allow frr_t self:netlink_generic_socket setopt; +allow frr_t self:netlink_generic_socket getopt; +allow frr_t self:netlink_generic_socket getattr; +allow frr_t self:netlink_generic_socket bind; allow frr_t self:packet_socket create_socket_perms; allow frr_t self:process { setcap setpgid }; allow frr_t self:rawip_socket create_socket_perms; @@ -49,6 +57,10 @@ manage_files_pattern(frr_t, frr_log_t, frr_log_t) manage_lnk_files_pattern(frr_t, frr_log_t, frr_log_t) logging_log_filetrans(frr_t, frr_log_t, { dir file lnk_file }) +manage_dirs_pattern(frr_t, frr_var_lib_t, frr_var_lib_t) +manage_files_pattern(frr_t, frr_var_lib_t, frr_var_lib_t) +files_var_lib_filetrans(frr_t, frr_var_lib_t, { dir file }) + allow frr_t frr_tmp_t:file map; manage_dirs_pattern(frr_t, frr_tmp_t, frr_tmp_t) manage_files_pattern(frr_t, frr_tmp_t, frr_tmp_t) |