diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in index b70e843..a6a115d 100644 --- a/policy/modules/kernel/corenetwork.if.in +++ b/policy/modules/kernel/corenetwork.if.in @@ -1920,6 +1920,25 @@ interface(`corenet_rw_tun_tap_dev',` ######################################## ## <summary> +## Do not audit attempts to read or write the TUN/TAP +## virtual network device. +## </summary> +## <param name="domain"> +## <summary> +## Domain to not audit. +## </summary> +## </param> +# +interface(`corenet_dontaudit_rw_tun_tap_dev',` + gen_require(` + type tun_tap_device_t; + ') + + dontaudit $1 tun_tap_device_t:chr_file { read write }; +') + +######################################## +## <summary> ## Getattr the point-to-point device. ## </summary> ## <param name="domain"> diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in index d00c76e..9de9adf 100644 --- a/policy/modules/kernel/corenetwork.te.in +++ b/policy/modules/kernel/corenetwork.te.in @@ -1,5 +1,5 @@ -policy_module(corenetwork, 1.13.6) +policy_module(corenetwork, 1.13.7) ######################################## #