selinux/passt.te: Allow setting socket option on routing netlink socket

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This commit is contained in:
Stefano Brivio 2023-02-21 18:09:23 +00:00
parent 0c11355e83
commit 933aa1014b

View file

@ -98,7 +98,7 @@ allow passt_t proc_net_t:file read;
allow passt_t net_conf_t:file { open read };
allow passt_t net_conf_t:lnk_file read;
allow passt_t tmp_t:sock_file { create unlink write };
allow passt_t self:netlink_route_socket { bind create nlmsg_read read write };
allow passt_t self:netlink_route_socket { bind create nlmsg_read read write setopt };
allow passt_t self:tcp_socket create_stream_socket_perms;
corenet_tcp_sendrecv_generic_node(passt_t)