From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 16 May 2016 09:20:56 -0400
Subject: [refpolicy] [PATCH] iptables: add fcontext for nftables
In-Reply-To: <1463144967-17923-1-git-send-email-jason@perfinion.com>
References: <1463144967-17923-1-git-send-email-jason@perfinion.com>
Message-ID: <8675339a-3f29-b7d7-5147-665c3cc95d52@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 5/13/2016 9:09 AM, Jason Zaman wrote:
> ---
>  policy/modules/system/iptables.fc | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/policy/modules/system/iptables.fc b/policy/modules/system/iptables.fc
> index 0e1ecd3..2b52e21 100644
> --- a/policy/modules/system/iptables.fc
> +++ b/policy/modules/system/iptables.fc
> @@ -1,5 +1,6 @@
>  /etc/rc\.d/init\.d/ip6?tables	--	gen_context(system_u:object_r:iptables_initrc_exec_t,s0)
>  /etc/rc\.d/init\.d/ebtables	--	gen_context(system_u:object_r:iptables_initrc_exec_t,s0)
> +/etc/rc\.d/init\.d/nftables	--	gen_context(system_u:object_r:iptables_initrc_exec_t,s0)
>  /etc/sysconfig/ip6?tables.*	--	gen_context(system_u:object_r:iptables_conf_t,s0)
>  /etc/sysconfig/system-config-firewall.* -- gen_context(system_u:object_r:iptables_conf_t,s0)
>  
> @@ -13,6 +14,7 @@
>  /sbin/ipvsadm			--	gen_context(system_u:object_r:iptables_exec_t,s0)
>  /sbin/ipvsadm-restore		--	gen_context(system_u:object_r:iptables_exec_t,s0)
>  /sbin/ipvsadm-save		--	gen_context(system_u:object_r:iptables_exec_t,s0)
> +/sbin/nft			--	gen_context(system_u:object_r:iptables_exec_t,s0)
>  /sbin/xtables-multi		--	gen_context(system_u:object_r:iptables_exec_t,s0)
>  
>  /usr/lib/systemd/system/[^/]*arptables.* -- gen_context(system_u:object_r:iptables_unit_t,s0)

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com