diff options
author | Kenton Groombridge <concord@gentoo.org> | 2021-01-26 20:02:21 -0500 |
---|---|---|
committer | Kenton Groombridge <me@concord.sh> | 2022-06-06 11:07:02 -0400 |
commit | 7ba50b32de5ca3b9a416234e20f1673ca4ab1452 (patch) | |
tree | 6725e2602e97dfc93ce0239173eb7fbf47663feb | |
parent | Update copyright in release-userspace script (diff) | |
download | hardened-refpolicy-7ba50b32.tar.gz hardened-refpolicy-7ba50b32.tar.bz2 hardened-refpolicy-7ba50b32.zip |
iptables: add file context for saved rules
Signed-off-by: Kenton Groombridge <me@concord.sh>
-rw-r--r-- | policy/modules/system/init.fc | 1 | ||||
-rw-r--r-- | policy/modules/system/iptables.fc | 5 |
2 files changed, 5 insertions, 1 deletions
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc index fe661d5d..4a7c0e00 100644 --- a/policy/modules/system/init.fc +++ b/policy/modules/system/init.fc @@ -82,7 +82,6 @@ ifdef(`distro_debian',` ifdef(`distro_gentoo', ` /var/lib/init\.d(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) -/var/lib/ip6?tables(/.*)? gen_context(system_u:object_r:initrc_tmp_t,s0) /run/openrc(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) /run/svscan\.pid -- gen_context(system_u:object_r:initrc_runtime_t,s0) diff --git a/policy/modules/system/iptables.fc b/policy/modules/system/iptables.fc index ba65e811..6157f313 100644 --- a/policy/modules/system/iptables.fc +++ b/policy/modules/system/iptables.fc @@ -45,3 +45,8 @@ /usr/sbin/xtables-legacy-multi -- gen_context(system_u:object_r:iptables_exec_t,s0) /usr/sbin/xtables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0) /usr/sbin/xtables-nft-multi -- gen_context(system_u:object_r:iptables_exec_t,s0) + +ifdef(`distro_gentoo', ` +/var/lib/ip6?tables(/.*)? gen_context(system_u:object_r:iptables_conf_t,s0) +/var/lib/nftables(/.*)? gen_context(system_u:object_r:iptables_conf_t,s0) +') |