1 # IPv6 proxying 2 type ipv6proxy, domain; 3 type ipv6proxy_exec, exec_type, vendor_file_type, file_type; 4 5 init_daemon_domain(ipv6proxy) 6 net_domain(ipv6proxy) 7 8 # Allow ipv6proxy to be run by execns in its own domain 9 domain_auto_trans(execns, ipv6proxy_exec, ipv6proxy); 10 allow ipv6proxy execns:fd use; 11 12 allow ipv6proxy self:capability { sys_admin sys_module net_admin net_raw }; 13 allow ipv6proxy self:packet_socket { bind create read }; 14 allow ipv6proxy self:netlink_route_socket nlmsg_write; 15 allow ipv6proxy varrun_file:dir search; 16 allowxperm ipv6proxy self:udp_socket ioctl { SIOCSIFFLAGS SIOCGIFHWADDR }; 17
