Home | History | Annotate | Download | only in common 
      1 # IPv6 proxying
      2 type ipv6proxy, domain;
      3 type ipv6proxy_exec, exec_type, vendor_file_type, file_type;
      4 
      5 init_daemon_domain(ipv6proxy)
      6 net_domain(ipv6proxy)
      7 
      8 # Allow ipv6proxy to be run by execns in its own domain
      9 domain_auto_trans(execns, ipv6proxy_exec, ipv6proxy);
     10 allow ipv6proxy execns:fd use;
     11 
     12 set_prop(ipv6proxy, net_eth0_prop);
     13 dontaudit ipv6proxy kernel:system module_request;
     14 allow ipv6proxy self:capability { sys_admin sys_module net_admin net_raw };
     15 allow ipv6proxy self:packet_socket { bind create read };
     16 allow ipv6proxy self:netlink_route_socket nlmsg_write;
     17 allow ipv6proxy varrun_file:dir search;
     18 allowxperm ipv6proxy self:udp_socket ioctl { SIOCSIFFLAGS SIOCGIFHWADDR };
     19