Date: Mon, 22 Jan 2007 20:21:49 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 113429 for review Message-ID: <200701222021.l0MKLnrQ094899@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=113429 Change 113429 by millert@millert_macbook on 2007/01/22 20:21:42 Allow kernel-generated packets, such as ICMP replies, to be sent. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/corenetwork.te.in#4 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/corenetwork.te.in#4 (text+ko) ==== @@ -188,6 +188,9 @@ type netif_t, netif_type; sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh) +# Allow in-kernel transmission for ICMP replies and the like +corenet_raw_send_all_if(netif_t) + build_option(`enable_mls',` network_interface(lo, lo,s0 - mls_systemhigh) ')
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701222021.l0MKLnrQ094899>