mirror of
https://github.com/containers/udica
synced 2024-09-25 10:30:52 +02:00
sctp socket support
The net_container template is updated, when restricted_net_container block is used, container could also create and use sctp sockets. Also when container exposes sctp sockets, udica will identify it and generate policy where only sctp communication is allowed.
This commit is contained in:
parent
98f6d4ee7c
commit
b406f782c5
@ -63,4 +63,4 @@ perm = {
|
||||
"sro": "getattr read open ",
|
||||
}
|
||||
|
||||
socket = {"tcp": "tcp_socket", "udp": "udp_socket"}
|
||||
socket = {"tcp": "tcp_socket", "udp": "udp_socket", "sctp": "sctp_socket"}
|
||||
|
@ -8,6 +8,7 @@
|
||||
|
||||
(allow process process (tcp_socket (ioctl read getattr lock write setattr append bind connect getopt setopt shutdown create listen accept)))
|
||||
(allow process process (udp_socket (ioctl read getattr lock write setattr append bind connect getopt setopt shutdown create)))
|
||||
(allow process process (sctp_socket (ioctl read getattr lock write setattr append bind connect getopt setopt shutdown create)))
|
||||
|
||||
(allow process proc_t (lnk_file (read)))
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user