mirror/udica
1
1
Fork 0
mirror of https://github.com/containers/udica synced 2024-09-25 10:30:52 +02:00
Code Issues

sctp socket support

Browse Source 
The net_container template is updated, when restricted_net_container block
is used, container could also create and use sctp sockets.

Also when container exposes sctp sockets, udica will identify it and
generate policy where only sctp communication is allowed.
This commit is contained in:
Lukas Vrabec 2019-11-11 12:53:16 +01:00
parent 98f6d4ee7c
commit b406f782c5
No known key found for this signature in database
GPG Key ID: 47201AC42F29CE06
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
udica/perms.py
View File

@ -63,4 +63,4 @@ perm = {
"sro": "getattr read open ",
}
socket = {"tcp": "tcp_socket", "udp": "udp_socket"}
socket = {"tcp": "tcp_socket", "udp": "udp_socket", "sctp": "sctp_socket"}

1
udica/templates/net_container.cil
View File

@ -8,6 +8,7 @@
(allow process process (tcp_socket (ioctl read getattr lock write setattr append bind connect getopt setopt shutdown create listen accept)))
(allow process process (udp_socket (ioctl read getattr lock write setattr append bind connect getopt setopt shutdown create)))
(allow process process (sctp_socket (ioctl read getattr lock write setattr append bind connect getopt setopt shutdown create)))
(allow process proc_t (lnk_file (read)))