Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKenton Groombridge <concord@gentoo.org>2021-01-26 20:02:21 -0500
committerKenton Groombridge <me@concord.sh>2022-06-06 11:12:50 -0400
commit8759c1b535b50b190e9df5dfa37425c21ca2d9ce (patch)
tree6725e2602e97dfc93ce0239173eb7fbf47663feb
parentUpdate copyright in release-userspace script (diff)
downloadhardened-refpolicy-8759c1b5.tar.gz
hardened-refpolicy-8759c1b5.tar.bz2
hardened-refpolicy-8759c1b5.zip
iptables: add file context for saved rules
Bug: https://bugs.gentoo.org/840230 Signed-off-by: Kenton Groombridge <me@concord.sh>
Diffstat
-rw-r--r--policy/modules/system/init.fc1
-rw-r--r--policy/modules/system/iptables.fc5
2 files changed, 5 insertions, 1 deletions
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
index fe661d5d..4a7c0e00 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -82,7 +82,6 @@ ifdef(`distro_debian',`
ifdef(`distro_gentoo', `
/var/lib/init\.d(/.*)? gen_context(system_u:object_r:initrc_state_t,s0)
-/var/lib/ip6?tables(/.*)? gen_context(system_u:object_r:initrc_tmp_t,s0)
/run/openrc(/.*)? gen_context(system_u:object_r:initrc_state_t,s0)
/run/svscan\.pid -- gen_context(system_u:object_r:initrc_runtime_t,s0)
diff --git a/policy/modules/system/iptables.fc b/policy/modules/system/iptables.fc
index ba65e811..6157f313 100644
--- a/policy/modules/system/iptables.fc
+++ b/policy/modules/system/iptables.fc
@@ -45,3 +45,8 @@
/usr/sbin/xtables-legacy-multi -- gen_context(system_u:object_r:iptables_exec_t,s0)
/usr/sbin/xtables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0)
/usr/sbin/xtables-nft-multi -- gen_context(system_u:object_r:iptables_exec_t,s0)
+
+ifdef(`distro_gentoo', `
+/var/lib/ip6?tables(/.*)? gen_context(system_u:object_r:iptables_conf_t,s0)
+/var/lib/nftables(/.*)? gen_context(system_u:object_r:iptables_conf_t,s0)
+')