Bjoern Johansson | 127395f | 2017-02-09 22:28:47 -0800 | [diff] [blame] | 1 | # IPv6 proxying |
Bjoern Johansson | 760871c | 2017-08-31 12:57:18 -0700 | [diff] [blame] | 2 | type ipv6proxy, domain; |
| 3 | type ipv6proxy_exec, exec_type, vendor_file_type, file_type; |
Bjoern Johansson | 127395f | 2017-02-09 22:28:47 -0800 | [diff] [blame] | 4 | |
| 5 | init_daemon_domain(ipv6proxy) |
| 6 | net_domain(ipv6proxy) |
| 7 | |
| 8 | # Allow ipv6proxy to be run by execns in its own domain |
| 9 | domain_auto_trans(execns, ipv6proxy_exec, ipv6proxy); |
| 10 | allow ipv6proxy execns:fd use; |
| 11 | |
| 12 | allow ipv6proxy self:capability { sys_admin sys_module net_admin net_raw }; |
| 13 | allow ipv6proxy self:packet_socket { bind create read }; |
| 14 | allow ipv6proxy self:netlink_route_socket nlmsg_write; |
| 15 | allow ipv6proxy varrun_file:dir search; |
Bjoern Johansson | 760871c | 2017-08-31 12:57:18 -0700 | [diff] [blame] | 16 | allowxperm ipv6proxy self:udp_socket ioctl { SIOCSIFFLAGS SIOCGIFHWADDR }; |