diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in index b70e843..a6a115d 100644 --- a/policy/modules/kernel/corenetwork.if.in +++ b/policy/modules/kernel/corenetwork.if.in @@ -1920,6 +1920,25 @@ interface(`corenet_rw_tun_tap_dev',` ######################################## ## +## Do not audit attempts to read or write the TUN/TAP +## virtual network device. +## +## +## +## Domain to not audit. +## +## +# +interface(`corenet_dontaudit_rw_tun_tap_dev',` + gen_require(` + type tun_tap_device_t; + ') + + dontaudit $1 tun_tap_device_t:chr_file { read write }; +') + +######################################## +## ## Getattr the point-to-point device. ## ## diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in index d00c76e..9de9adf 100644 --- a/policy/modules/kernel/corenetwork.te.in +++ b/policy/modules/kernel/corenetwork.te.in @@ -1,5 +1,5 @@ -policy_module(corenetwork, 1.13.6) +policy_module(corenetwork, 1.13.7) ######################################## #