1
0
mirror of https://passt.top/passt synced 2024-12-22 21:55:22 +00:00
passt/contrib/selinux
Stefano Brivio 74e6f48038 selinux: Allow passt to talk over unconfined_t UNIX domain socket for --fd
If passt is started with --fd to talk over a pre-opened UNIX domain
socket, we don't really know what label might be associated to it,
but at least for an unconfined_t socket, this bit of policy wouldn't
belong to anywhere else: enable that here.

This is rather loose, of course, but on the other hand passt will
sandbox itself into an empty filesystem, so we're not really adding
much to the attack surface except for what --fd is supposed to do.

Reported-by: Matej Hrica <mhrica@redhat.com>
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2247221
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2023-11-07 12:28:27 +01:00
..
passt.fc selinux: Use explicit paths for binaries in file context 2023-08-18 13:18:45 +02:00
passt.if passt: Relicense to GPL 2.0, or any later version 2023-04-06 18:00:33 +02:00
passt.te selinux: Allow passt to talk over unconfined_t UNIX domain socket for --fd 2023-11-07 12:28:27 +01:00
pasta.fc selinux: Use explicit paths for binaries in file context 2023-08-18 13:18:45 +02:00
pasta.te selinux: Drop user_namespace class rules for Fedora 37 2023-11-07 09:52:55 +01:00