[selinux-policy: 1025/3172] add unlabeled association rules
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:33:33 UTC 2010
commit bd70373de4aba5859db39b72deedfdd943cc16a0
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Dec 6 19:59:50 2005 +0000
add unlabeled association rules
refpolicy/Changelog | 2 +
refpolicy/policy/modules/admin/amanda.te | 8 +++--
refpolicy/policy/modules/admin/firstboot.te | 3 +-
refpolicy/policy/modules/admin/netutils.te | 5 ++-
refpolicy/policy/modules/admin/rpm.te | 3 +-
refpolicy/policy/modules/admin/vpn.te | 1 +
refpolicy/policy/modules/apps/gpg.if | 2 +
refpolicy/policy/modules/apps/webalizer.te | 3 +-
refpolicy/policy/modules/kernel/corenetwork.if.in | 16 ++++++++++
refpolicy/policy/modules/kernel/kernel.if | 32 ++++++++++++++++++++
refpolicy/policy/modules/kernel/kernel.te | 3 +-
refpolicy/policy/modules/services/apache.if | 2 +
refpolicy/policy/modules/services/apache.te | 5 ++-
refpolicy/policy/modules/services/arpwatch.te | 3 +-
refpolicy/policy/modules/services/avahi.te | 3 +-
refpolicy/policy/modules/services/bind.te | 4 ++-
refpolicy/policy/modules/services/bluetooth.te | 7 ++--
refpolicy/policy/modules/services/canna.te | 1 +
refpolicy/policy/modules/services/comsat.te | 3 +-
refpolicy/policy/modules/services/cron.if | 1 +
refpolicy/policy/modules/services/cron.te | 3 +-
refpolicy/policy/modules/services/cups.te | 9 ++++-
refpolicy/policy/modules/services/cvs.te | 3 +-
refpolicy/policy/modules/services/cyrus.te | 3 +-
refpolicy/policy/modules/services/dbskk.te | 3 +-
refpolicy/policy/modules/services/dbus.if | 1 +
refpolicy/policy/modules/services/dbus.te | 2 +-
refpolicy/policy/modules/services/dhcp.te | 3 +-
refpolicy/policy/modules/services/dictd.te | 3 +-
refpolicy/policy/modules/services/distcc.te | 5 +--
refpolicy/policy/modules/services/dovecot.te | 1 +
refpolicy/policy/modules/services/finger.te | 3 +-
refpolicy/policy/modules/services/ftp.te | 3 +-
refpolicy/policy/modules/services/hal.te | 3 +-
refpolicy/policy/modules/services/howl.te | 3 +-
refpolicy/policy/modules/services/i18n_input.te | 3 +-
refpolicy/policy/modules/services/inetd.te | 4 ++-
refpolicy/policy/modules/services/inn.te | 3 +-
refpolicy/policy/modules/services/kerberos.if | 1 +
refpolicy/policy/modules/services/kerberos.te | 4 ++-
refpolicy/policy/modules/services/ktalk.te | 3 +-
refpolicy/policy/modules/services/ldap.te | 3 +-
refpolicy/policy/modules/services/lpd.te | 4 ++-
refpolicy/policy/modules/services/mailman.if | 1 +
refpolicy/policy/modules/services/mailman.te | 2 +-
refpolicy/policy/modules/services/mta.if | 1 +
refpolicy/policy/modules/services/mta.te | 2 +-
refpolicy/policy/modules/services/mysql.te | 3 +-
.../policy/modules/services/networkmanager.te | 3 +-
refpolicy/policy/modules/services/nis.if | 2 +
refpolicy/policy/modules/services/nis.te | 7 +++-
refpolicy/policy/modules/services/nscd.te | 3 +-
refpolicy/policy/modules/services/ntp.te | 3 +-
refpolicy/policy/modules/services/pegasus.te | 3 +-
refpolicy/policy/modules/services/portmap.te | 4 ++-
refpolicy/policy/modules/services/postfix.if | 1 +
refpolicy/policy/modules/services/postfix.te | 8 +++--
refpolicy/policy/modules/services/postgresql.te | 3 +-
refpolicy/policy/modules/services/ppp.te | 4 ++-
refpolicy/policy/modules/services/privoxy.te | 3 +-
refpolicy/policy/modules/services/procmail.te | 3 +-
refpolicy/policy/modules/services/radius.te | 5 ++-
refpolicy/policy/modules/services/radvd.te | 3 +-
refpolicy/policy/modules/services/rdisc.te | 3 +-
refpolicy/policy/modules/services/rlogin.te | 3 +-
refpolicy/policy/modules/services/rpc.if | 1 +
refpolicy/policy/modules/services/rpc.te | 2 +-
refpolicy/policy/modules/services/rshd.te | 3 +-
refpolicy/policy/modules/services/rsync.te | 3 +-
refpolicy/policy/modules/services/samba.te | 8 ++++-
refpolicy/policy/modules/services/sasl.te | 3 +-
refpolicy/policy/modules/services/sendmail.te | 3 +-
refpolicy/policy/modules/services/snmp.te | 3 +-
refpolicy/policy/modules/services/spamassassin.if | 2 +
refpolicy/policy/modules/services/spamassassin.te | 3 +-
refpolicy/policy/modules/services/squid.te | 3 +-
refpolicy/policy/modules/services/ssh.if | 2 +
refpolicy/policy/modules/services/ssh.te | 2 +-
refpolicy/policy/modules/services/stunnel.te | 3 +-
refpolicy/policy/modules/services/tcpd.te | 1 +
refpolicy/policy/modules/services/telnet.te | 3 +-
refpolicy/policy/modules/services/tftp.te | 3 +-
refpolicy/policy/modules/services/timidity.te | 3 +-
refpolicy/policy/modules/services/uucp.te | 3 +-
refpolicy/policy/modules/services/zebra.te | 3 +-
refpolicy/policy/modules/system/hotplug.te | 3 +-
refpolicy/policy/modules/system/init.te | 3 +-
refpolicy/policy/modules/system/ipsec.te | 3 +-
refpolicy/policy/modules/system/logging.te | 3 +-
refpolicy/policy/modules/system/lvm.te | 3 +-
refpolicy/policy/modules/system/mount.te | 3 +-
refpolicy/policy/modules/system/sysnetwork.if | 3 ++
refpolicy/policy/modules/system/sysnetwork.te | 3 +-
refpolicy/policy/modules/system/userdomain.if | 1 +
refpolicy/policy/modules/system/userdomain.te | 2 +-
95 files changed, 249 insertions(+), 85 deletions(-)
---
diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index 456d58f..207c23f 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,3 +1,5 @@
+- Add unlabeled IPSEC association to domains with
+ networking permsiisions.
- Merge systemuser back in to users, as these files
do not need to be split.
- Add check for duplicate interface/template definitions.
diff --git a/refpolicy/policy/modules/admin/amanda.te b/refpolicy/policy/modules/admin/amanda.te
index 5aacf1b..496f214 100644
--- a/refpolicy/policy/modules/admin/amanda.te
+++ b/refpolicy/policy/modules/admin/amanda.te
@@ -1,5 +1,5 @@
-policy_module(amanda,1.0)
+policy_module(amanda,1.0.1)
#######################################
#
@@ -132,10 +132,11 @@ corenet_raw_sendrecv_all_if(amanda_t)
corenet_tcp_sendrecv_all_nodes(amanda_t)
corenet_udp_sendrecv_all_nodes(amanda_t)
corenet_raw_sendrecv_all_nodes(amanda_t)
-corenet_tcp_bind_all_nodes(amanda_t)
-corenet_udp_bind_all_nodes(amanda_t)
corenet_tcp_sendrecv_all_ports(amanda_t)
corenet_udp_sendrecv_all_ports(amanda_t)
+corenet_non_ipsec_sendrecv(amanda_t)
+corenet_tcp_bind_all_nodes(amanda_t)
+corenet_udp_bind_all_nodes(amanda_t)
dev_getattr_all_blk_files(amanda_t)
dev_getattr_all_chr_files(amanda_t)
@@ -221,6 +222,7 @@ corenet_udp_sendrecv_all_nodes(amanda_recover_t)
corenet_raw_sendrecv_all_nodes(amanda_recover_t)
corenet_tcp_sendrecv_all_ports(amanda_recover_t)
corenet_udp_sendrecv_all_ports(amanda_recover_t)
+corenet_non_ipsec_sendrecv(amanda_recover_t)
corenet_tcp_bind_all_nodes(amanda_recover_t)
corenet_udp_bind_all_nodes(amanda_recover_t)
corenet_tcp_connect_amanda_port(amanda_recover_t)
diff --git a/refpolicy/policy/modules/admin/firstboot.te b/refpolicy/policy/modules/admin/firstboot.te
index cd171a6..c529711 100644
--- a/refpolicy/policy/modules/admin/firstboot.te
+++ b/refpolicy/policy/modules/admin/firstboot.te
@@ -1,5 +1,5 @@
-policy_module(firstboot,1.0)
+policy_module(firstboot,1.0.1)
gen_require(`
class passwd rootok;
@@ -53,6 +53,7 @@ corenet_raw_sendrecv_all_if(firstboot_t)
corenet_tcp_sendrecv_all_nodes(firstboot_t)
corenet_raw_sendrecv_all_nodes(firstboot_t)
corenet_tcp_sendrecv_all_ports(firstboot_t)
+corenet_non_ipsec_sendrecv(firstboot_t)
corenet_tcp_bind_all_nodes(firstboot_t)
dev_read_urand(firstboot_t)
diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te
index 3842a46..036be3b 100644
--- a/refpolicy/policy/modules/admin/netutils.te
+++ b/refpolicy/policy/modules/admin/netutils.te
@@ -1,5 +1,5 @@
-policy_module(netutils,1.0)
+policy_module(netutils,1.0.1)
########################################
#
@@ -51,6 +51,7 @@ corenet_raw_sendrecv_all_nodes(netutils_t)
corenet_udp_sendrecv_all_nodes(netutils_t)
corenet_tcp_sendrecv_all_ports(netutils_t)
corenet_udp_sendrecv_all_ports(netutils_t)
+corenet_non_ipsec_sendrecv(netutils_t)
corenet_tcp_bind_all_nodes(netutils_t)
corenet_udp_bind_all_nodes(netutils_t)
corenet_tcp_connect_all_ports(netutils_t)
@@ -110,6 +111,7 @@ corenet_tcp_sendrecv_all_nodes(ping_t)
corenet_udp_sendrecv_all_nodes(ping_t)
corenet_tcp_sendrecv_all_ports(ping_t)
corenet_udp_sendrecv_all_ports(ping_t)
+corenet_non_ipsec_sendrecv(ping_t)
corenet_udp_bind_all_nodes(ping_t)
corenet_tcp_bind_all_nodes(ping_t)
@@ -188,6 +190,7 @@ corenet_tcp_sendrecv_all_nodes(traceroute_t)
corenet_udp_sendrecv_all_nodes(traceroute_t)
corenet_tcp_sendrecv_all_ports(traceroute_t)
corenet_udp_sendrecv_all_ports(traceroute_t)
+corenet_non_ipsec_sendrecv(traceroute_t)
corenet_udp_bind_all_nodes(traceroute_t)
corenet_tcp_bind_all_nodes(traceroute_t)
# traceroute needs this but not tracepath
diff --git a/refpolicy/policy/modules/admin/rpm.te b/refpolicy/policy/modules/admin/rpm.te
index 246c73f..0a79744 100644
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@@ -1,5 +1,5 @@
-policy_module(rpm,1.0.2)
+policy_module(rpm,1.0.3)
########################################
#
@@ -104,6 +104,7 @@ corenet_raw_sendrecv_all_nodes(rpm_t)
corenet_udp_sendrecv_all_nodes(rpm_t)
corenet_tcp_sendrecv_all_ports(rpm_t)
corenet_udp_sendrecv_all_ports(rpm_t)
+corenet_non_ipsec_sendrecv(rpm_t)
corenet_tcp_bind_all_nodes(rpm_t)
corenet_udp_bind_all_nodes(rpm_t)
corenet_tcp_connect_all_ports(rpm_t)
diff --git a/refpolicy/policy/modules/admin/vpn.te b/refpolicy/policy/modules/admin/vpn.te
index 832d64d..0dc9382 100644
--- a/refpolicy/policy/modules/admin/vpn.te
+++ b/refpolicy/policy/modules/admin/vpn.te
@@ -55,6 +55,7 @@ corenet_udp_sendrecv_all_nodes(vpnc_t)
corenet_raw_sendrecv_all_nodes(vpnc_t)
corenet_tcp_sendrecv_all_ports(vpnc_t)
corenet_udp_sendrecv_all_ports(vpnc_t)
+corenet_non_ipsec_sendrecv(vpnc_t)
corenet_tcp_bind_all_nodes(vpnc_t)
corenet_udp_bind_all_nodes(vpnc_t)
corenet_udp_bind_generic_port(vpnc_t)
diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if
index 50e1b42..3495ef0 100644
--- a/refpolicy/policy/modules/apps/gpg.if
+++ b/refpolicy/policy/modules/apps/gpg.if
@@ -99,6 +99,7 @@ template(`gpg_per_userdomain_template',`
corenet_udp_sendrecv_all_nodes($1_gpg_t)
corenet_tcp_sendrecv_all_ports($1_gpg_t)
corenet_udp_sendrecv_all_ports($1_gpg_t)
+ corenet_non_ipsec_sendrecv($1_gpg_t)
corenet_tcp_bind_all_nodes($1_gpg_t)
corenet_udp_bind_all_nodes($1_gpg_t)
corenet_tcp_connect_all_ports($1_gpg_t)
@@ -179,6 +180,7 @@ template(`gpg_per_userdomain_template',`
corenet_raw_sendrecv_all_nodes($1_gpg_helper_t)
corenet_tcp_sendrecv_all_ports($1_gpg_helper_t)
corenet_udp_sendrecv_all_ports($1_gpg_helper_t)
+ corenet_non_ipsec_sendrecv($1_gpg_helper_t)
corenet_tcp_bind_all_nodes($1_gpg_helper_t)
corenet_udp_bind_all_nodes($1_gpg_helper_t)
corenet_tcp_connect_all_ports($1_gpg_helper_t)
diff --git a/refpolicy/policy/modules/apps/webalizer.te b/refpolicy/policy/modules/apps/webalizer.te
index 80dcd43..7180ce7 100644
--- a/refpolicy/policy/modules/apps/webalizer.te
+++ b/refpolicy/policy/modules/apps/webalizer.te
@@ -1,5 +1,5 @@
-policy_module(webalizer,1.0.1)
+policy_module(webalizer,1.0.2)
########################################
#
@@ -67,6 +67,7 @@ corenet_tcp_sendrecv_all_nodes(webalizer_t)
corenet_raw_sendrecv_all_nodes(webalizer_t)
corenet_tcp_sendrecv_all_ports(webalizer_t)
corenet_udp_sendrecv_all_ports(webalizer_t)
+corenet_non_ipsec_sendrecv(webalizer_t)
corenet_tcp_bind_all_nodes(webalizer_t)
corenet_udp_bind_all_nodes(webalizer_t)
diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.in b/refpolicy/policy/modules/kernel/corenetwork.if.in
index bd845e4..680714a 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.in
@@ -1041,6 +1041,20 @@ interface(`corenet_use_ppp_device',`
########################################
## <summary>
+## Send and receive messages on a
+## non-encrypted (no IPSEC) network
+## session.
+## </summary>
+## <param name="domain">
+## Domain allowed access.
+## </param>
+#
+interface(`corenet_non_ipsec_sendrecv',`
+ kernel_sendrecv_unlabeled_association($1)
+')
+
+########################################
+## <summary>
## Unconfined access to network objects.
## </summary>
## <param name="domain">
@@ -1061,4 +1075,6 @@ interface(`corenet_unconfined',`
# cjp: rawip_socket doesnt make any sense
allow $1 port_type:{ tcp_socket udp_socket rawip_socket } name_bind;
allow $1 node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
+
+ corenet_non_ipsec_sendrecv($1)
')
diff --git a/refpolicy/policy/modules/kernel/kernel.if b/refpolicy/policy/modules/kernel/kernel.if
index 9f25444..4b05302 100644
--- a/refpolicy/policy/modules/kernel/kernel.if
+++ b/refpolicy/policy/modules/kernel/kernel.if
@@ -1685,6 +1685,37 @@ interface(`kernel_relabel_unlabeled',`
########################################
## <summary>
+## Send and receive messages from an
+## unlabeled IPSEC association.
+## </summary>
+## <desc>
+## <p>
+## Send and receive messages from an
+## unlabeled IPSEC association. Network
+## connections that are not protected
+## by IPSEC have use an unlabeled
+## assocation.
+## </p>
+## <p>
+## The corenetwork interface
+## corenet_sendrecv_no_ipsec() should
+## be used instead of this one.
+## </p>
+## </desc>
+## <param name="domain">
+## Domain allowed access.
+## </param>
+#
+interface(`kernel_sendrecv_unlabeled_association',`
+ gen_require(`
+ type unlabeled_t;
+ ')
+
+ allow $1 unlabeled_t:association { sendto recvfrom };
+')
+
+########################################
+## <summary>
## Unconfined access to the kernel.
## </summary>
## <param name="domain">
@@ -1709,6 +1740,7 @@ interface(`kernel_unconfined',`
allow $1 unlabeled_t:dir_file_class_set *;
allow $1 unlabeled_t:filesystem *;
+ allow $1 unlabeled_t:association *;
typeattribute $1 can_load_kernmodule, can_receive_kernel_messages;
typeattribute $1 kern_unconfined;
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index 9d670f4..71ba5e8 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -1,5 +1,5 @@
-policy_module(kernel,1.0)
+policy_module(kernel,1.0.1)
########################################
#
@@ -193,6 +193,7 @@ allow kernel_t sysctl_kernel_t:file r_file_perms;
# cjp: this seems questionable
allow kernel_t unlabeled_t:fifo_file rw_file_perms;
+corenet_non_ipsec_sendrecv(kernel_t)
# Kernel-generated traffic e.g., ICMP replies:
corenet_raw_sendrecv_all_if(kernel_t)
corenet_raw_sendrecv_all_nodes(kernel_t)
diff --git a/refpolicy/policy/modules/services/apache.if b/refpolicy/policy/modules/services/apache.if
index ea81708..6748e10 100644
--- a/refpolicy/policy/modules/services/apache.if
+++ b/refpolicy/policy/modules/services/apache.if
@@ -191,6 +191,7 @@ template(`apache_content_template',`
tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
allow httpd_$1_script_t self:tcp_socket create_stream_socket_perms;
allow httpd_$1_script_t self:udp_socket create_socket_perms;
+
corenet_tcp_sendrecv_all_if(httpd_$1_script_t)
corenet_udp_sendrecv_all_if(httpd_$1_script_t)
corenet_raw_sendrecv_all_if(httpd_$1_script_t)
@@ -199,6 +200,7 @@ template(`apache_content_template',`
corenet_raw_sendrecv_all_nodes(httpd_$1_script_t)
corenet_tcp_sendrecv_all_ports(httpd_$1_script_t)
corenet_udp_sendrecv_all_ports(httpd_$1_script_t)
+ corenet_non_ipsec_sendrecv(httpd_$1_script_t)
corenet_tcp_bind_all_nodes(httpd_$1_script_t)
corenet_udp_bind_all_nodes(httpd_$1_script_t)
corenet_tcp_connect_all_ports(httpd_$1_script_t)
diff --git a/refpolicy/policy/modules/services/apache.te b/refpolicy/policy/modules/services/apache.te
index d558496..793754f 100644
--- a/refpolicy/policy/modules/services/apache.te
+++ b/refpolicy/policy/modules/services/apache.te
@@ -1,5 +1,5 @@
-policy_module(apache,1.0.1)
+policy_module(apache,1.0.2)
#
# NOTES:
@@ -221,6 +221,7 @@ corenet_udp_sendrecv_all_nodes(httpd_t)
corenet_raw_sendrecv_all_nodes(httpd_t)
corenet_tcp_sendrecv_all_ports(httpd_t)
corenet_udp_sendrecv_all_ports(httpd_t)
+corenet_non_ipsec_sendrecv(httpd_t)
corenet_tcp_bind_all_nodes(httpd_t)
corenet_udp_bind_all_nodes(httpd_t)
corenet_tcp_bind_http_port(httpd_t)
@@ -315,6 +316,7 @@ tunable_policy(`httpd_can_network_connect',`
corenet_raw_sendrecv_all_nodes(httpd_t)
corenet_tcp_sendrecv_all_ports(httpd_t)
corenet_udp_sendrecv_all_ports(httpd_t)
+ corenet_non_ipsec_sendrecv(httpd_t)
corenet_tcp_bind_all_nodes(httpd_t)
corenet_udp_bind_all_nodes(httpd_t)
corenet_tcp_connect_all_ports(httpd_t)
@@ -568,6 +570,7 @@ tunable_policy(`httpd_can_network_connect',`
corenet_raw_sendrecv_all_nodes(httpd_suexec_t)
corenet_tcp_sendrecv_all_ports(httpd_suexec_t)
corenet_udp_sendrecv_all_ports(httpd_suexec_t)
+ corenet_non_ipsec_sendrecv(httpd_suexec_t)
corenet_tcp_bind_all_nodes(httpd_suexec_t)
corenet_udp_bind_all_nodes(httpd_suexec_t)
corenet_tcp_connect_all_ports(httpd_suexec_t)
diff --git a/refpolicy/policy/modules/services/arpwatch.te b/refpolicy/policy/modules/services/arpwatch.te
index 74e4d5c..03b2386 100644
--- a/refpolicy/policy/modules/services/arpwatch.te
+++ b/refpolicy/policy/modules/services/arpwatch.te
@@ -1,5 +1,5 @@
-policy_module(arpwatch,1.0)
+policy_module(arpwatch,1.0.1)
########################################
#
@@ -57,6 +57,7 @@ corenet_udp_sendrecv_all_nodes(arpwatch_t)
corenet_raw_sendrecv_all_nodes(arpwatch_t)
corenet_tcp_sendrecv_all_ports(arpwatch_t)
corenet_udp_sendrecv_all_ports(arpwatch_t)
+corenet_non_ipsec_sendrecv(arpwatch_t)
corenet_tcp_bind_all_nodes(arpwatch_t)
corenet_udp_bind_all_nodes(arpwatch_t)
diff --git a/refpolicy/policy/modules/services/avahi.te b/refpolicy/policy/modules/services/avahi.te
index fe04bba..148e959 100644
--- a/refpolicy/policy/modules/services/avahi.te
+++ b/refpolicy/policy/modules/services/avahi.te
@@ -1,5 +1,5 @@
-policy_module(avahi,1.0.2)
+policy_module(avahi,1.0.3)
########################################
#
@@ -46,6 +46,7 @@ corenet_raw_sendrecv_all_nodes(avahi_t)
corenet_udp_sendrecv_all_nodes(avahi_t)
corenet_tcp_sendrecv_all_ports(avahi_t)
corenet_udp_sendrecv_all_ports(avahi_t)
+corenet_non_ipsec_sendrecv(avahi_t)
corenet_tcp_bind_all_nodes(avahi_t)
corenet_udp_bind_all_nodes(avahi_t)
corenet_tcp_bind_howl_port(avahi_t)
diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index 659b761..6c24b21 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -1,5 +1,5 @@
-policy_module(bind,1.0.1)
+policy_module(bind,1.0.2)
########################################
#
@@ -107,6 +107,7 @@ corenet_udp_sendrecv_all_nodes(named_t)
corenet_raw_sendrecv_all_nodes(named_t)
corenet_tcp_sendrecv_all_ports(named_t)
corenet_udp_sendrecv_all_ports(named_t)
+corenet_non_ipsec_sendrecv(named_t)
corenet_tcp_bind_all_nodes(named_t)
corenet_udp_bind_all_nodes(named_t)
corenet_tcp_bind_dns_port(named_t)
@@ -243,6 +244,7 @@ corenet_raw_sendrecv_all_if(ndc_t)
corenet_tcp_sendrecv_all_nodes(ndc_t)
corenet_raw_sendrecv_all_nodes(ndc_t)
corenet_tcp_sendrecv_all_ports(ndc_t)
+corenet_non_ipsec_sendrecv(ndc_t)
corenet_tcp_bind_all_nodes(ndc_t)
corenet_tcp_connect_rndc_port(ndc_t)
diff --git a/refpolicy/policy/modules/services/bluetooth.te b/refpolicy/policy/modules/services/bluetooth.te
index 8b35c1d..03e5a29 100644
--- a/refpolicy/policy/modules/services/bluetooth.te
+++ b/refpolicy/policy/modules/services/bluetooth.te
@@ -1,5 +1,5 @@
-policy_module(bluetooth,1.0.1)
+policy_module(bluetooth,1.0.2)
########################################
#
@@ -93,10 +93,11 @@ corenet_raw_sendrecv_all_if(bluetooth_t)
corenet_tcp_sendrecv_all_nodes(bluetooth_t)
corenet_udp_sendrecv_all_nodes(bluetooth_t)
corenet_raw_sendrecv_all_nodes(bluetooth_t)
-corenet_tcp_bind_all_nodes(bluetooth_t)
-corenet_udp_bind_all_nodes(bluetooth_t)
corenet_tcp_sendrecv_all_ports(bluetooth_t)
corenet_udp_sendrecv_all_ports(bluetooth_t)
+corenet_non_ipsec_sendrecv(bluetooth_t)
+corenet_tcp_bind_all_nodes(bluetooth_t)
+corenet_udp_bind_all_nodes(bluetooth_t)
dev_read_sysfs(bluetooth_t)
dev_rw_usbfs(bluetooth_t)
diff --git a/refpolicy/policy/modules/services/canna.te b/refpolicy/policy/modules/services/canna.te
index f0004d8..b119afe 100644
--- a/refpolicy/policy/modules/services/canna.te
+++ b/refpolicy/policy/modules/services/canna.te
@@ -54,6 +54,7 @@ corenet_raw_sendrecv_all_if(canna_t)
corenet_tcp_sendrecv_all_nodes(canna_t)
corenet_raw_sendrecv_all_nodes(canna_t)
corenet_tcp_sendrecv_all_ports(canna_t)
+corenet_non_ipsec_sendrecv(canna_t)
corenet_tcp_bind_all_nodes(canna_t)
corenet_tcp_connect_all_ports(canna_t)
diff --git a/refpolicy/policy/modules/services/comsat.te b/refpolicy/policy/modules/services/comsat.te
index dc2cfb5..7ee2abd 100644
--- a/refpolicy/policy/modules/services/comsat.te
+++ b/refpolicy/policy/modules/services/comsat.te
@@ -1,5 +1,5 @@
-policy_module(comsat,1.0)
+policy_module(comsat,1.0.1)
########################################
#
@@ -51,6 +51,7 @@ corenet_udp_sendrecv_all_nodes(comsat_t)
corenet_raw_sendrecv_all_nodes(comsat_t)
corenet_tcp_sendrecv_all_ports(comsat_t)
corenet_udp_sendrecv_all_ports(comsat_t)
+corenet_non_ipsec_sendrecv(comsat_t)
corenet_tcp_bind_all_nodes(comsat_t)
corenet_udp_bind_all_nodes(comsat_t)
diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if
index ad04e4d..72f4d10 100644
--- a/refpolicy/policy/modules/services/cron.if
+++ b/refpolicy/policy/modules/services/cron.if
@@ -93,6 +93,7 @@ template(`cron_per_userdomain_template',`
corenet_udp_sendrecv_all_nodes($1_crond_t)
corenet_tcp_sendrecv_all_ports($1_crond_t)
corenet_udp_sendrecv_all_ports($1_crond_t)
+ corenet_non_ipsec_sendrecv($1_crond_t)
corenet_tcp_bind_all_nodes($1_crond_t)
corenet_udp_bind_all_nodes($1_crond_t)
corenet_tcp_connect_all_ports($1_crond_t)
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index c59ade9..e5792d2 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -1,5 +1,5 @@
-policy_module(cron, 1.0.2)
+policy_module(cron, 1.0.3)
gen_require(`
class passwd rootok;
@@ -285,6 +285,7 @@ ifdef(`targeted_policy',`
corenet_udp_sendrecv_all_nodes(system_crond_t)
corenet_tcp_sendrecv_all_ports(system_crond_t)
corenet_udp_sendrecv_all_ports(system_crond_t)
+ corenet_non_ipsec_sendrecv(system_crond_t)
corenet_tcp_bind_all_nodes(system_crond_t)
corenet_udp_bind_all_nodes(system_crond_t)
diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te
index 34be188..1ff7d20 100644
--- a/refpolicy/policy/modules/services/cups.te
+++ b/refpolicy/policy/modules/services/cups.te
@@ -1,5 +1,5 @@
-policy_module(cups,1.0.2)
+policy_module(cups,1.0.3)
########################################
#
@@ -130,6 +130,7 @@ corenet_udp_sendrecv_all_nodes(cupsd_t)
corenet_raw_sendrecv_all_nodes(cupsd_t)
corenet_tcp_sendrecv_all_ports(cupsd_t)
corenet_udp_sendrecv_all_ports(cupsd_t)
+corenet_non_ipsec_sendrecv(cupsd_t)
corenet_tcp_bind_all_nodes(cupsd_t)
corenet_udp_bind_all_nodes(cupsd_t)
corenet_tcp_bind_ipp_port(cupsd_t)
@@ -312,8 +313,9 @@ corenet_tcp_sendrecv_all_if(ptal_t)
corenet_raw_sendrecv_all_if(ptal_t)
corenet_tcp_sendrecv_all_nodes(ptal_t)
corenet_raw_sendrecv_all_nodes(ptal_t)
-corenet_tcp_bind_all_nodes(ptal_t)
corenet_tcp_sendrecv_all_ports(ptal_t)
+corenet_non_ipsec_sendrecv(ptal_t)
+corenet_tcp_bind_all_nodes(ptal_t)
corenet_tcp_bind_ptal_port(ptal_t)
dev_read_sysfs(ptal_t)
@@ -400,6 +402,7 @@ corenet_udp_sendrecv_all_nodes(hplip_t)
corenet_raw_sendrecv_all_nodes(hplip_t)
corenet_tcp_sendrecv_all_ports(hplip_t)
corenet_udp_sendrecv_all_ports(hplip_t)
+corenet_non_ipsec_sendrecv(hplip_t)
corenet_tcp_bind_all_nodes(hplip_t)
corenet_udp_bind_all_nodes(hplip_t)
corenet_tcp_bind_hplip_port(hplip_t)
@@ -518,6 +521,7 @@ corenet_raw_sendrecv_all_if(cupsd_config_t)
corenet_tcp_sendrecv_all_nodes(cupsd_config_t)
corenet_raw_sendrecv_all_nodes(cupsd_config_t)
corenet_tcp_sendrecv_all_ports(cupsd_config_t)
+corenet_non_ipsec_sendrecv(cupsd_config_t)
corenet_tcp_bind_all_nodes(cupsd_config_t)
corenet_tcp_connect_all_ports(cupsd_config_t)
@@ -694,6 +698,7 @@ corenet_udp_sendrecv_all_nodes(cupsd_lpd_t)
corenet_raw_sendrecv_all_nodes(cupsd_lpd_t)
corenet_tcp_sendrecv_all_ports(cupsd_lpd_t)
corenet_udp_sendrecv_all_ports(cupsd_lpd_t)
+corenet_non_ipsec_sendrecv(cupsd_lpd_t)
corenet_tcp_bind_all_nodes(cupsd_lpd_t)
corenet_udp_bind_all_nodes(cupsd_lpd_t)
corenet_tcp_connect_ipp_port(cupsd_lpd_t)
diff --git a/refpolicy/policy/modules/services/cvs.te b/refpolicy/policy/modules/services/cvs.te
index e2c87e1..0dd1d2d 100644
--- a/refpolicy/policy/modules/services/cvs.te
+++ b/refpolicy/policy/modules/services/cvs.te
@@ -1,5 +1,5 @@
-policy_module(cvs,1.0)
+policy_module(cvs,1.0.1)
########################################
#
@@ -56,6 +56,7 @@ corenet_udp_sendrecv_all_nodes(cvs_t)
corenet_raw_sendrecv_all_nodes(cvs_t)
corenet_tcp_sendrecv_all_ports(cvs_t)
corenet_udp_sendrecv_all_ports(cvs_t)
+corenet_non_ipsec_sendrecv(cvs_t)
corenet_tcp_bind_all_nodes(cvs_t)
corenet_udp_bind_all_nodes(cvs_t)
diff --git a/refpolicy/policy/modules/services/cyrus.te b/refpolicy/policy/modules/services/cyrus.te
index fa3c897..83d91ad 100644
--- a/refpolicy/policy/modules/services/cyrus.te
+++ b/refpolicy/policy/modules/services/cyrus.te
@@ -1,5 +1,5 @@
-policy_module(cyrus,1.0)
+policy_module(cyrus,1.0.1)
########################################
#
@@ -67,6 +67,7 @@ corenet_udp_sendrecv_all_nodes(cyrus_t)
corenet_raw_sendrecv_all_nodes(cyrus_t)
corenet_tcp_sendrecv_all_ports(cyrus_t)
corenet_udp_sendrecv_all_ports(cyrus_t)
+corenet_non_ipsec_sendrecv(cyrus_t)
corenet_tcp_bind_all_nodes(cyrus_t)
corenet_udp_bind_all_nodes(cyrus_t)
corenet_tcp_bind_mail_port(cyrus_t)
diff --git a/refpolicy/policy/modules/services/dbskk.te b/refpolicy/policy/modules/services/dbskk.te
index 935427c..09a97b8 100644
--- a/refpolicy/policy/modules/services/dbskk.te
+++ b/refpolicy/policy/modules/services/dbskk.te
@@ -1,5 +1,5 @@
-policy_module(dbskk,1.0)
+policy_module(dbskk,1.0.1)
########################################
#
@@ -57,6 +57,7 @@ corenet_udp_sendrecv_all_nodes(dbskkd_t)
corenet_raw_sendrecv_all_nodes(dbskkd_t)
corenet_tcp_sendrecv_all_ports(dbskkd_t)
corenet_udp_sendrecv_all_ports(dbskkd_t)
+corenet_non_ipsec_sendrecv(dbskkd_t)
corenet_tcp_bind_all_nodes(dbskkd_t)
corenet_udp_bind_all_nodes(dbskkd_t)
diff --git a/refpolicy/policy/modules/services/dbus.if b/refpolicy/policy/modules/services/dbus.if
index 3259c6a..a271d27 100644
--- a/refpolicy/policy/modules/services/dbus.if
+++ b/refpolicy/policy/modules/services/dbus.if
@@ -107,6 +107,7 @@ template(`dbus_per_userdomain_template',`
corenet_tcp_sendrecv_all_nodes($1_dbusd_t)
corenet_raw_sendrecv_all_nodes($1_dbusd_t)
corenet_tcp_sendrecv_all_ports($1_dbusd_t)
+ corenet_non_ipsec_sendrecv($1_dbusd_t)
corenet_tcp_bind_all_nodes($1_dbusd_t)
corenet_tcp_bind_reserved_port($1_dbusd_t)
diff --git a/refpolicy/policy/modules/services/dbus.te b/refpolicy/policy/modules/services/dbus.te
index ff68da7..64d25a9 100644
--- a/refpolicy/policy/modules/services/dbus.te
+++ b/refpolicy/policy/modules/services/dbus.te
@@ -1,5 +1,5 @@
-policy_module(dbus,1.0.1)
+policy_module(dbus,1.0.2)
gen_require(`
class dbus { send_msg acquire_svc };
diff --git a/refpolicy/policy/modules/services/dhcp.te b/refpolicy/policy/modules/services/dhcp.te
index 0ad9809..9b879a7 100644
--- a/refpolicy/policy/modules/services/dhcp.te
+++ b/refpolicy/policy/modules/services/dhcp.te
@@ -1,5 +1,5 @@
-policy_module(dhcp,1.0)
+policy_module(dhcp,1.0.1)
########################################
#
@@ -62,6 +62,7 @@ corenet_udp_sendrecv_all_nodes(dhcpd_t)
corenet_raw_sendrecv_all_nodes(dhcpd_t)
corenet_tcp_sendrecv_all_ports(dhcpd_t)
corenet_udp_sendrecv_all_ports(dhcpd_t)
+corenet_non_ipsec_sendrecv(dhcpd_t)
corenet_tcp_bind_all_nodes(dhcpd_t)
corenet_udp_bind_all_nodes(dhcpd_t)
corenet_tcp_bind_dhcpd_port(dhcpd_t)
diff --git a/refpolicy/policy/modules/services/dictd.te b/refpolicy/policy/modules/services/dictd.te
index c13cf87..3fb6a03 100644
--- a/refpolicy/policy/modules/services/dictd.te
+++ b/refpolicy/policy/modules/services/dictd.te
@@ -1,5 +1,5 @@
-policy_module(dictd,1.0)
+policy_module(dictd,1.0.1)
########################################
#
@@ -46,6 +46,7 @@ corenet_udp_sendrecv_all_nodes(dictd_t)
corenet_raw_sendrecv_all_nodes(dictd_t)
corenet_tcp_sendrecv_all_ports(dictd_t)
corenet_udp_sendrecv_all_ports(dictd_t)
+corenet_non_ipsec_sendrecv(dictd_t)
corenet_tcp_bind_all_nodes(dictd_t)
corenet_udp_bind_all_nodes(dictd_t)
corenet_tcp_bind_dict_port(dictd_t)
diff --git a/refpolicy/policy/modules/services/distcc.te b/refpolicy/policy/modules/services/distcc.te
index c84cd3a..b480c93 100644
--- a/refpolicy/policy/modules/services/distcc.te
+++ b/refpolicy/policy/modules/services/distcc.te
@@ -1,5 +1,5 @@
-policy_module(distcc,1.0)
+policy_module(distcc,1.0.1)
########################################
#
@@ -45,8 +45,6 @@ files_create_pid(distccd_t,distccd_var_run_t)
kernel_read_system_state(distccd_t)
kernel_read_kernel_sysctl(distccd_t)
-allow distccd_t self:tcp_socket create_stream_socket_perms;
-allow distccd_t self:udp_socket create_socket_perms;
corenet_tcp_sendrecv_all_if(distccd_t)
corenet_udp_sendrecv_all_if(distccd_t)
corenet_raw_sendrecv_all_if(distccd_t)
@@ -55,6 +53,7 @@ corenet_udp_sendrecv_all_nodes(distccd_t)
corenet_raw_sendrecv_all_nodes(distccd_t)
corenet_tcp_sendrecv_all_ports(distccd_t)
corenet_udp_sendrecv_all_ports(distccd_t)
+corenet_non_ipsec_sendrecv(distccd_t)
corenet_tcp_bind_all_nodes(distccd_t)
corenet_udp_bind_all_nodes(distccd_t)
corenet_tcp_bind_distccd_port(distccd_t)
diff --git a/refpolicy/policy/modules/services/dovecot.te b/refpolicy/policy/modules/services/dovecot.te
index 718dc0f..df37872 100644
--- a/refpolicy/policy/modules/services/dovecot.te
+++ b/refpolicy/policy/modules/services/dovecot.te
@@ -75,6 +75,7 @@ corenet_raw_sendrecv_all_if(dovecot_t)
corenet_tcp_sendrecv_all_nodes(dovecot_t)
corenet_raw_sendrecv_all_nodes(dovecot_t)
corenet_tcp_sendrecv_all_ports(dovecot_t)
+corenet_non_ipsec_sendrecv(dovecot_t)
corenet_tcp_bind_all_nodes(dovecot_t)
corenet_tcp_bind_pop_port(dovecot_t)
corenet_tcp_connect_all_ports(dovecot_t)
diff --git a/refpolicy/policy/modules/services/finger.te b/refpolicy/policy/modules/services/finger.te
index 50b6769..0667d93 100644
--- a/refpolicy/policy/modules/services/finger.te
+++ b/refpolicy/policy/modules/services/finger.te
@@ -1,5 +1,5 @@
-policy_module(finger,1.0)
+policy_module(finger,1.0.1)
########################################
#
@@ -55,6 +55,7 @@ corenet_udp_sendrecv_all_nodes(fingerd_t)
corenet_raw_sendrecv_all_nodes(fingerd_t)
corenet_tcp_sendrecv_all_ports(fingerd_t)
corenet_udp_sendrecv_all_ports(fingerd_t)
+corenet_non_ipsec_sendrecv(fingerd_t)
corenet_tcp_bind_all_nodes(fingerd_t)
corenet_udp_bind_all_nodes(fingerd_t)
corenet_tcp_bind_fingerd_port(fingerd_t)
diff --git a/refpolicy/policy/modules/services/ftp.te b/refpolicy/policy/modules/services/ftp.te
index 1490fb1..1a83d1c 100644
--- a/refpolicy/policy/modules/services/ftp.te
+++ b/refpolicy/policy/modules/services/ftp.te
@@ -1,5 +1,5 @@
-policy_module(ftp,1.0.1)
+policy_module(ftp,1.0.2)
########################################
#
@@ -82,6 +82,7 @@ corenet_udp_sendrecv_all_nodes(ftpd_t)
corenet_raw_sendrecv_all_nodes(ftpd_t)
corenet_tcp_sendrecv_all_ports(ftpd_t)
corenet_udp_sendrecv_all_ports(ftpd_t)
+corenet_non_ipsec_sendrecv(ftpd_t)
corenet_tcp_bind_all_nodes(ftpd_t)
corenet_udp_bind_all_nodes(ftpd_t)
corenet_tcp_bind_ftp_data_port(ftpd_t)
diff --git a/refpolicy/policy/modules/services/hal.te b/refpolicy/policy/modules/services/hal.te
index 215e5bc..8f5a8f3 100644
--- a/refpolicy/policy/modules/services/hal.te
+++ b/refpolicy/policy/modules/services/hal.te
@@ -1,5 +1,5 @@
-policy_module(hal,1.0.3)
+policy_module(hal,1.0.4)
########################################
#
@@ -55,6 +55,7 @@ corenet_udp_sendrecv_all_nodes(hald_t)
corenet_raw_sendrecv_all_nodes(hald_t)
corenet_tcp_sendrecv_all_ports(hald_t)
corenet_udp_sendrecv_all_ports(hald_t)
+corenet_non_ipsec_sendrecv(hald_t)
corenet_tcp_bind_all_nodes(hald_t)
corenet_udp_bind_all_nodes(hald_t)
diff --git a/refpolicy/policy/modules/services/howl.te b/refpolicy/policy/modules/services/howl.te
index 5673c90..3e1c8fc 100644
--- a/refpolicy/policy/modules/services/howl.te
+++ b/refpolicy/policy/modules/services/howl.te
@@ -1,5 +1,5 @@
-policy_module(howl,1.0)
+policy_module(howl,1.0.1)
########################################
#
@@ -43,6 +43,7 @@ corenet_udp_sendrecv_all_nodes(howl_t)
corenet_raw_sendrecv_all_nodes(howl_t)
corenet_tcp_sendrecv_all_ports(howl_t)
corenet_udp_sendrecv_all_ports(howl_t)
+corenet_non_ipsec_sendrecv(howl_t)
corenet_tcp_bind_all_nodes(howl_t)
corenet_udp_bind_all_nodes(howl_t)
corenet_tcp_bind_howl_port(howl_t)
diff --git a/refpolicy/policy/modules/services/i18n_input.te b/refpolicy/policy/modules/services/i18n_input.te
index 9501590..02ac2a4 100644
--- a/refpolicy/policy/modules/services/i18n_input.te
+++ b/refpolicy/policy/modules/services/i18n_input.te
@@ -1,5 +1,5 @@
-policy_module(i18n_input,1.0.0)
+policy_module(i18n_input,1.0.1)
########################################
#
@@ -46,6 +46,7 @@ corenet_udp_sendrecv_all_nodes(i18n_input_t)
corenet_raw_sendrecv_all_nodes(i18n_input_t)
corenet_tcp_sendrecv_all_ports(i18n_input_t)
corenet_udp_sendrecv_all_ports(i18n_input_t)
+corenet_non_ipsec_sendrecv(i18n_input_t)
corenet_tcp_bind_all_nodes(i18n_input_t)
corenet_udp_bind_all_nodes(i18n_input_t)
corenet_tcp_bind_i18n_input_port(i18n_input_t)
diff --git a/refpolicy/policy/modules/services/inetd.te b/refpolicy/policy/modules/services/inetd.te
index 37de543..898b551 100644
--- a/refpolicy/policy/modules/services/inetd.te
+++ b/refpolicy/policy/modules/services/inetd.te
@@ -1,5 +1,5 @@
-policy_module(inetd,1.0.1)
+policy_module(inetd,1.0.2)
########################################
#
@@ -66,6 +66,7 @@ corenet_udp_sendrecv_all_nodes(inetd_t)
corenet_raw_sendrecv_all_nodes(inetd_t)
corenet_tcp_sendrecv_all_ports(inetd_t)
corenet_udp_sendrecv_all_ports(inetd_t)
+corenet_non_ipsec_sendrecv(inetd_t)
corenet_tcp_bind_all_nodes(inetd_t)
corenet_udp_bind_all_nodes(inetd_t)
corenet_tcp_connect_all_ports(inetd_t)
@@ -192,6 +193,7 @@ corenet_udp_sendrecv_all_nodes(inetd_child_t)
corenet_raw_sendrecv_all_nodes(inetd_child_t)
corenet_tcp_sendrecv_all_ports(inetd_child_t)
corenet_udp_sendrecv_all_ports(inetd_child_t)
+corenet_non_ipsec_sendrecv(inetd_child_t)
corenet_tcp_bind_all_nodes(inetd_child_t)
corenet_udp_bind_all_nodes(inetd_child_t)
diff --git a/refpolicy/policy/modules/services/inn.te b/refpolicy/policy/modules/services/inn.te
index cc15668..95b87dc 100644
--- a/refpolicy/policy/modules/services/inn.te
+++ b/refpolicy/policy/modules/services/inn.te
@@ -1,5 +1,5 @@
-policy_module(inn,1.0)
+policy_module(inn,1.0.1)
########################################
#
@@ -71,6 +71,7 @@ corenet_tcp_sendrecv_all_nodes(innd_t)
corenet_udp_sendrecv_all_nodes(innd_t)
corenet_tcp_sendrecv_all_ports(innd_t)
corenet_udp_sendrecv_all_ports(innd_t)
+corenet_non_ipsec_sendrecv(innd_t)
corenet_tcp_bind_all_nodes(innd_t)
corenet_udp_bind_all_nodes(innd_t)
corenet_tcp_bind_innd_port(innd_t)
diff --git a/refpolicy/policy/modules/services/kerberos.if b/refpolicy/policy/modules/services/kerberos.if
index 9821152..153fd02 100644
--- a/refpolicy/policy/modules/services/kerberos.if
+++ b/refpolicy/policy/modules/services/kerberos.if
@@ -49,6 +49,7 @@ interface(`kerberos_use',`
corenet_raw_sendrecv_all_nodes($1)
corenet_tcp_sendrecv_kerberos_port($1)
corenet_udp_sendrecv_kerberos_port($1)
+ corenet_non_ipsec_sendrecv($1)
corenet_tcp_bind_all_nodes($1)
corenet_udp_bind_all_nodes($1)
corenet_tcp_connect_kerberos_port($1)
diff --git a/refpolicy/policy/modules/services/kerberos.te b/refpolicy/policy/modules/services/kerberos.te
index 852efe5..3406a9f 100644
--- a/refpolicy/policy/modules/services/kerberos.te
+++ b/refpolicy/policy/modules/services/kerberos.te
@@ -1,5 +1,5 @@
-policy_module(kerberos,1.0)
+policy_module(kerberos,1.0.1)
########################################
#
@@ -95,6 +95,7 @@ corenet_udp_sendrecv_all_nodes(kadmind_t)
corenet_raw_sendrecv_all_nodes(kadmind_t)
corenet_tcp_sendrecv_all_ports(kadmind_t)
corenet_udp_sendrecv_all_ports(kadmind_t)
+corenet_non_ipsec_sendrecv(kadmind_t)
corenet_tcp_bind_all_nodes(kadmind_t)
corenet_udp_bind_all_nodes(kadmind_t)
corenet_tcp_bind_kerberos_admin_port(kadmind_t)
@@ -197,6 +198,7 @@ corenet_udp_sendrecv_all_nodes(krb5kdc_t)
corenet_raw_sendrecv_all_nodes(krb5kdc_t)
corenet_tcp_sendrecv_all_ports(krb5kdc_t)
corenet_udp_sendrecv_all_ports(krb5kdc_t)
+corenet_non_ipsec_sendrecv(krb5kdc_t)
corenet_tcp_bind_all_nodes(krb5kdc_t)
corenet_udp_bind_all_nodes(krb5kdc_t)
corenet_tcp_bind_kerberos_port(krb5kdc_t)
diff --git a/refpolicy/policy/modules/services/ktalk.te b/refpolicy/policy/modules/services/ktalk.te
index e346e99..9966c38 100644
--- a/refpolicy/policy/modules/services/ktalk.te
+++ b/refpolicy/policy/modules/services/ktalk.te
@@ -1,5 +1,5 @@
-policy_module(ktalk,1.0)
+policy_module(ktalk,1.0.1)
########################################
#
@@ -58,6 +58,7 @@ corenet_udp_sendrecv_all_nodes(ktalkd_t)
corenet_raw_sendrecv_all_nodes(ktalkd_t)
corenet_tcp_sendrecv_all_ports(ktalkd_t)
corenet_udp_sendrecv_all_ports(ktalkd_t)
+corenet_non_ipsec_sendrecv(ktalkd_t)
corenet_tcp_bind_all_nodes(ktalkd_t)
corenet_udp_bind_all_nodes(ktalkd_t)
diff --git a/refpolicy/policy/modules/services/ldap.te b/refpolicy/policy/modules/services/ldap.te
index 973a7d3..5ac2495 100644
--- a/refpolicy/policy/modules/services/ldap.te
+++ b/refpolicy/policy/modules/services/ldap.te
@@ -1,5 +1,5 @@
-policy_module(ldap,1.0.1)
+policy_module(ldap,1.0.2)
########################################
#
@@ -86,6 +86,7 @@ corenet_udp_sendrecv_all_nodes(slapd_t)
corenet_raw_sendrecv_all_nodes(slapd_t)
corenet_tcp_sendrecv_all_ports(slapd_t)
corenet_udp_sendrecv_all_ports(slapd_t)
+corenet_non_ipsec_sendrecv(slapd_t)
corenet_tcp_bind_all_nodes(slapd_t)
corenet_udp_bind_all_nodes(slapd_t)
corenet_tcp_bind_ldap_port(slapd_t)
diff --git a/refpolicy/policy/modules/services/lpd.te b/refpolicy/policy/modules/services/lpd.te
index 976f754..5498f9e 100644
--- a/refpolicy/policy/modules/services/lpd.te
+++ b/refpolicy/policy/modules/services/lpd.te
@@ -1,5 +1,5 @@
-policy_module(lpd,1.0)
+policy_module(lpd,1.0.1)
########################################
#
@@ -70,6 +70,7 @@ corenet_udp_sendrecv_all_nodes(checkpc_t)
corenet_raw_sendrecv_all_nodes(checkpc_t)
corenet_tcp_sendrecv_all_ports(checkpc_t)
corenet_udp_sendrecv_all_ports(checkpc_t)
+corenet_non_ipsec_sendrecv(checkpc_t)
corenet_tcp_bind_all_nodes(checkpc_t)
corenet_udp_bind_all_nodes(checkpc_t)
corenet_tcp_connect_all_ports(checkpc_t)
@@ -164,6 +165,7 @@ corenet_udp_sendrecv_all_nodes(lpd_t)
corenet_raw_sendrecv_all_nodes(lpd_t)
corenet_tcp_sendrecv_all_ports(lpd_t)
corenet_udp_sendrecv_all_ports(lpd_t)
+corenet_non_ipsec_sendrecv(lpd_t)
corenet_tcp_bind_all_nodes(lpd_t)
corenet_udp_bind_all_nodes(lpd_t)
corenet_tcp_bind_printer_port(lpd_t)
diff --git a/refpolicy/policy/modules/services/mailman.if b/refpolicy/policy/modules/services/mailman.if
index 626e96c..cd4e1a5 100644
--- a/refpolicy/policy/modules/services/mailman.if
+++ b/refpolicy/policy/modules/services/mailman.if
@@ -56,6 +56,7 @@ template(`mailman_domain_template', `
corenet_raw_sendrecv_all_nodes(mailman_$1_t)
corenet_tcp_sendrecv_all_ports(mailman_$1_t)
corenet_udp_sendrecv_all_ports(mailman_$1_t)
+ corenet_non_ipsec_sendrecv(mailman_$1_t)
corenet_tcp_bind_all_nodes(mailman_$1_t)
corenet_udp_bind_all_nodes(mailman_$1_t)
corenet_tcp_connect_smtp_port(mailman_$1_t)
diff --git a/refpolicy/policy/modules/services/mailman.te b/refpolicy/policy/modules/services/mailman.te
index e834aca..aefb7ec 100644
--- a/refpolicy/policy/modules/services/mailman.te
+++ b/refpolicy/policy/modules/services/mailman.te
@@ -1,5 +1,5 @@
-policy_module(mailman,1.0)
+policy_module(mailman,1.0.1)
########################################
#
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 29ef578..bf2bb0f 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -73,6 +73,7 @@ template(`mta_base_mail_template',`
corenet_tcp_sendrecv_all_nodes($1_mail_t)
corenet_raw_sendrecv_all_nodes($1_mail_t)
corenet_tcp_sendrecv_all_ports($1_mail_t)
+ corenet_non_ipsec_sendrecv($1_mail_t)
corenet_tcp_bind_all_nodes($1_mail_t)
corenet_tcp_connect_all_ports($1_mail_t)
corenet_tcp_connect_smtp_port($1_mail_t)
diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index b9ff82f..810d711 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -1,5 +1,5 @@
-policy_module(mta,1.0.3)
+policy_module(mta,1.0.4)
########################################
#
diff --git a/refpolicy/policy/modules/services/mysql.te b/refpolicy/policy/modules/services/mysql.te
index 6a23c8d..8810a01 100644
--- a/refpolicy/policy/modules/services/mysql.te
+++ b/refpolicy/policy/modules/services/mysql.te
@@ -1,5 +1,5 @@
-policy_module(mysql,1.0)
+policy_module(mysql,1.0.1)
########################################
#
@@ -73,6 +73,7 @@ corenet_udp_sendrecv_all_nodes(mysqld_t)
corenet_raw_sendrecv_all_nodes(mysqld_t)
corenet_tcp_sendrecv_all_ports(mysqld_t)
corenet_udp_sendrecv_all_ports(mysqld_t)
+corenet_non_ipsec_sendrecv(mysqld_t)
corenet_tcp_bind_all_nodes(mysqld_t)
corenet_udp_bind_all_nodes(mysqld_t)
corenet_tcp_bind_mysqld_port(mysqld_t)
diff --git a/refpolicy/policy/modules/services/networkmanager.te b/refpolicy/policy/modules/services/networkmanager.te
index 68ac5a7..c378bee 100644
--- a/refpolicy/policy/modules/services/networkmanager.te
+++ b/refpolicy/policy/modules/services/networkmanager.te
@@ -1,5 +1,5 @@
-policy_module(networkmanager,1.0.1)
+policy_module(networkmanager,1.0.2)
########################################
#
@@ -48,6 +48,7 @@ corenet_udp_sendrecv_all_nodes(NetworkManager_t)
corenet_raw_sendrecv_all_nodes(NetworkManager_t)
corenet_tcp_sendrecv_all_ports(NetworkManager_t)
corenet_udp_sendrecv_all_ports(NetworkManager_t)
+corenet_non_ipsec_sendrecv(NetworkManager_t)
corenet_tcp_bind_all_nodes(NetworkManager_t)
corenet_udp_bind_all_nodes(NetworkManager_t)
corenet_tcp_connect_all_ports(NetworkManager_t)
diff --git a/refpolicy/policy/modules/services/nis.if b/refpolicy/policy/modules/services/nis.if
index e7b62b6..9193fbe 100644
--- a/refpolicy/policy/modules/services/nis.if
+++ b/refpolicy/policy/modules/services/nis.if
@@ -43,6 +43,7 @@ interface(`nis_use_ypbind_uncond',`
corenet_raw_sendrecv_all_nodes($1)
corenet_tcp_sendrecv_all_ports($1)
corenet_udp_sendrecv_all_ports($1)
+ corenet_non_ipsec_sendrecv($1)
corenet_tcp_bind_all_nodes($1)
corenet_udp_bind_all_nodes($1)
corenet_tcp_bind_generic_port($1)
@@ -90,6 +91,7 @@ interface(`nis_use_ypbind',`
corenet_raw_sendrecv_all_nodes($1)
corenet_tcp_sendrecv_all_ports($1)
corenet_udp_sendrecv_all_ports($1)
+ corenet_non_ipsec_sendrecv($1)
corenet_tcp_bind_all_nodes($1)
corenet_udp_bind_all_nodes($1)
corenet_tcp_bind_generic_port($1)
diff --git a/refpolicy/policy/modules/services/nis.te b/refpolicy/policy/modules/services/nis.te
index c730053..9eb0bfa 100644
--- a/refpolicy/policy/modules/services/nis.te
+++ b/refpolicy/policy/modules/services/nis.te
@@ -74,10 +74,11 @@ corenet_raw_sendrecv_all_if(ypbind_t)
corenet_tcp_sendrecv_all_nodes(ypbind_t)
corenet_udp_sendrecv_all_nodes(ypbind_t)
corenet_raw_sendrecv_all_nodes(ypbind_t)
-corenet_tcp_bind_all_nodes(ypbind_t)
-corenet_udp_bind_all_nodes(ypbind_t)
corenet_tcp_sendrecv_all_ports(ypbind_t)
corenet_udp_sendrecv_all_ports(ypbind_t)
+corenet_non_ipsec_sendrecv(ypbind_t)
+corenet_tcp_bind_all_nodes(ypbind_t)
+corenet_udp_bind_all_nodes(ypbind_t)
corenet_tcp_bind_generic_port(ypbind_t)
corenet_udp_bind_generic_port(ypbind_t)
corenet_tcp_bind_reserved_port(ypbind_t)
@@ -169,6 +170,7 @@ corenet_udp_sendrecv_all_nodes(yppasswdd_t)
corenet_raw_sendrecv_all_nodes(yppasswdd_t)
corenet_tcp_sendrecv_all_ports(yppasswdd_t)
corenet_udp_sendrecv_all_ports(yppasswdd_t)
+corenet_non_ipsec_sendrecv(yppasswdd_t)
corenet_tcp_bind_all_nodes(yppasswdd_t)
corenet_udp_bind_all_nodes(yppasswdd_t)
corenet_tcp_bind_reserved_port(yppasswdd_t)
@@ -272,6 +274,7 @@ corenet_udp_sendrecv_all_nodes(ypserv_t)
corenet_raw_sendrecv_all_nodes(ypserv_t)
corenet_tcp_sendrecv_all_ports(ypserv_t)
corenet_udp_sendrecv_all_ports(ypserv_t)
+corenet_non_ipsec_sendrecv(ypserv_t)
corenet_tcp_bind_all_nodes(ypserv_t)
corenet_udp_bind_all_nodes(ypserv_t)
corenet_tcp_bind_reserved_port(ypserv_t)
diff --git a/refpolicy/policy/modules/services/nscd.te b/refpolicy/policy/modules/services/nscd.te
index ff3eedf..f03d6eb 100644
--- a/refpolicy/policy/modules/services/nscd.te
+++ b/refpolicy/policy/modules/services/nscd.te
@@ -1,5 +1,5 @@
-policy_module(nscd,1.0)
+policy_module(nscd,1.0.1)
gen_require(`
class nscd all_nscd_perms;
@@ -76,6 +76,7 @@ corenet_udp_sendrecv_all_nodes(nscd_t)
corenet_raw_sendrecv_all_nodes(nscd_t)
corenet_tcp_sendrecv_all_ports(nscd_t)
corenet_udp_sendrecv_all_ports(nscd_t)
+corenet_non_ipsec_sendrecv(nscd_t)
corenet_tcp_bind_all_nodes(nscd_t)
corenet_udp_bind_all_nodes(nscd_t)
corenet_tcp_connect_all_ports(nscd_t)
diff --git a/refpolicy/policy/modules/services/ntp.te b/refpolicy/policy/modules/services/ntp.te
index 2752ca5..9d112cb 100644
--- a/refpolicy/policy/modules/services/ntp.te
+++ b/refpolicy/policy/modules/services/ntp.te
@@ -1,5 +1,5 @@
-policy_module(ntp,1.0)
+policy_module(ntp,1.0.1)
########################################
#
@@ -71,6 +71,7 @@ corenet_udp_sendrecv_all_nodes(ntpd_t)
corenet_raw_sendrecv_all_nodes(ntpd_t)
corenet_tcp_sendrecv_all_ports(ntpd_t)
corenet_udp_sendrecv_all_ports(ntpd_t)
+corenet_non_ipsec_sendrecv(ntpd_t)
corenet_tcp_bind_all_nodes(ntpd_t)
corenet_udp_bind_all_nodes(ntpd_t)
corenet_udp_bind_ntp_port(ntpd_t)
diff --git a/refpolicy/policy/modules/services/pegasus.te b/refpolicy/policy/modules/services/pegasus.te
index d55ed99..6c16b99 100644
--- a/refpolicy/policy/modules/services/pegasus.te
+++ b/refpolicy/policy/modules/services/pegasus.te
@@ -1,5 +1,5 @@
-policy_module(pegasus,1.0.2)
+policy_module(pegasus,1.0.3)
########################################
#
@@ -71,6 +71,7 @@ corenet_raw_sendrecv_all_if(pegasus_t)
corenet_tcp_sendrecv_all_nodes(pegasus_t)
corenet_raw_sendrecv_all_nodes(pegasus_t)
corenet_tcp_sendrecv_all_ports(pegasus_t)
+corenet_non_ipsec_sendrecv(pegasus_t)
corenet_tcp_bind_all_nodes(pegasus_t)
corenet_tcp_bind_pegasus_http_port(pegasus_t)
corenet_tcp_bind_pegasus_https_port(pegasus_t)
diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te
index b3c0188..789ca01 100644
--- a/refpolicy/policy/modules/services/portmap.te
+++ b/refpolicy/policy/modules/services/portmap.te
@@ -1,5 +1,5 @@
-policy_module(portmap,1.0)
+policy_module(portmap,1.0.1)
########################################
#
@@ -56,6 +56,7 @@ corenet_udp_sendrecv_all_nodes(portmap_t)
corenet_raw_sendrecv_all_nodes(portmap_t)
corenet_tcp_sendrecv_all_ports(portmap_t)
corenet_udp_sendrecv_all_ports(portmap_t)
+corenet_non_ipsec_sendrecv(portmap_t)
corenet_tcp_bind_all_nodes(portmap_t)
corenet_udp_bind_all_nodes(portmap_t)
corenet_tcp_bind_portmap_port(portmap_t)
@@ -172,6 +173,7 @@ corenet_udp_sendrecv_all_nodes(portmap_helper_t)
corenet_raw_sendrecv_all_nodes(portmap_helper_t)
corenet_tcp_sendrecv_all_ports(portmap_helper_t)
corenet_udp_sendrecv_all_ports(portmap_helper_t)
+corenet_non_ipsec_sendrecv(portmap_helper_t)
corenet_tcp_bind_all_nodes(portmap_helper_t)
corenet_udp_bind_all_nodes(portmap_helper_t)
corenet_tcp_bind_reserved_port(portmap_helper_t)
diff --git a/refpolicy/policy/modules/services/postfix.if b/refpolicy/policy/modules/services/postfix.if
index d4afb66..3c4f403 100644
--- a/refpolicy/policy/modules/services/postfix.if
+++ b/refpolicy/policy/modules/services/postfix.if
@@ -120,6 +120,7 @@ template(`postfix_server_domain_template',`
corenet_raw_sendrecv_all_nodes(postfix_$1_t)
corenet_tcp_sendrecv_all_ports(postfix_$1_t)
corenet_udp_sendrecv_all_ports(postfix_$1_t)
+ corenet_non_ipsec_sendrecv(postfix_$1_t)
corenet_tcp_bind_all_nodes(postfix_$1_t)
corenet_udp_bind_all_nodes(postfix_$1_t)
corenet_tcp_connect_all_ports(postfix_$1_t)
diff --git a/refpolicy/policy/modules/services/postfix.te b/refpolicy/policy/modules/services/postfix.te
index 6cbbec1..3575eb5 100644
--- a/refpolicy/policy/modules/services/postfix.te
+++ b/refpolicy/policy/modules/services/postfix.te
@@ -1,5 +1,5 @@
-policy_module(postfix,1.0.3)
+policy_module(postfix,1.0.4)
########################################
#
@@ -142,6 +142,7 @@ corenet_udp_sendrecv_all_nodes(postfix_master_t)
corenet_raw_sendrecv_all_nodes(postfix_master_t)
corenet_tcp_sendrecv_all_ports(postfix_master_t)
corenet_udp_sendrecv_all_ports(postfix_master_t)
+corenet_non_ipsec_sendrecv(postfix_master_t)
corenet_tcp_bind_all_nodes(postfix_master_t)
corenet_udp_bind_all_nodes(postfix_master_t)
corenet_tcp_bind_amavisd_send_port(postfix_master_t)
@@ -309,10 +310,11 @@ corenet_raw_sendrecv_all_if(postfix_map_t)
corenet_tcp_sendrecv_all_nodes(postfix_map_t)
corenet_udp_sendrecv_all_nodes(postfix_map_t)
corenet_raw_sendrecv_all_nodes(postfix_map_t)
-corenet_tcp_bind_all_nodes(postfix_map_t)
-corenet_udp_bind_all_nodes(postfix_map_t)
corenet_tcp_sendrecv_all_ports(postfix_map_t)
corenet_udp_sendrecv_all_ports(postfix_map_t)
+corenet_non_ipsec_sendrecv(postfix_map_t)
+corenet_tcp_bind_all_nodes(postfix_map_t)
+corenet_udp_bind_all_nodes(postfix_map_t)
corenet_tcp_connect_all_ports(postfix_map_t)
corecmd_list_bin(postfix_map_t)
diff --git a/refpolicy/policy/modules/services/postgresql.te b/refpolicy/policy/modules/services/postgresql.te
index fad6075..a89c5bb 100644
--- a/refpolicy/policy/modules/services/postgresql.te
+++ b/refpolicy/policy/modules/services/postgresql.te
@@ -1,5 +1,5 @@
-policy_module(postgresql,1.0)
+policy_module(postgresql,1.0.1)
#################################
#
@@ -92,6 +92,7 @@ corenet_udp_sendrecv_all_nodes(postgresql_t)
corenet_raw_sendrecv_all_nodes(postgresql_t)
corenet_tcp_sendrecv_all_ports(postgresql_t)
corenet_udp_sendrecv_all_ports(postgresql_t)
+corenet_non_ipsec_sendrecv(postgresql_t)
corenet_tcp_bind_all_nodes(postgresql_t)
corenet_udp_bind_all_nodes(postgresql_t)
corenet_tcp_bind_postgresql_port(postgresql_t)
diff --git a/refpolicy/policy/modules/services/ppp.te b/refpolicy/policy/modules/services/ppp.te
index 3f55df5..3fdaafd 100644
--- a/refpolicy/policy/modules/services/ppp.te
+++ b/refpolicy/policy/modules/services/ppp.te
@@ -1,5 +1,5 @@
-policy_module(ppp,1.0)
+policy_module(ppp,1.0.1)
########################################
#
@@ -125,6 +125,7 @@ corenet_raw_sendrecv_all_nodes(pppd_t)
corenet_udp_sendrecv_all_nodes(pppd_t)
corenet_tcp_sendrecv_all_ports(pppd_t)
corenet_udp_sendrecv_all_ports(pppd_t)
+corenet_non_ipsec_sendrecv(pppd_t)
corenet_tcp_bind_all_nodes(pppd_t)
corenet_udp_bind_all_nodes(pppd_t)
# Access /dev/ppp.
@@ -265,6 +266,7 @@ corenet_raw_sendrecv_all_if(pptp_t)
corenet_tcp_sendrecv_all_nodes(pptp_t)
corenet_raw_sendrecv_all_nodes(pptp_t)
corenet_tcp_sendrecv_all_ports(pptp_t)
+corenet_non_ipsec_sendrecv(pptp_t)
corenet_tcp_bind_all_nodes(pptp_t)
corenet_tcp_connect_generic_port(pptp_t)
corenet_tcp_connect_all_reserved_ports(pptp_t)
diff --git a/refpolicy/policy/modules/services/privoxy.te b/refpolicy/policy/modules/services/privoxy.te
index 5b2780c..e791b62 100644
--- a/refpolicy/policy/modules/services/privoxy.te
+++ b/refpolicy/policy/modules/services/privoxy.te
@@ -1,5 +1,5 @@
-policy_module(privoxy,1.0.1)
+policy_module(privoxy,1.0.2)
########################################
#
@@ -47,6 +47,7 @@ corenet_raw_sendrecv_all_if(privoxy_t)
corenet_tcp_sendrecv_all_nodes(privoxy_t)
corenet_raw_sendrecv_all_nodes(privoxy_t)
corenet_tcp_sendrecv_all_ports(privoxy_t)
+corenet_non_ipsec_sendrecv(privoxy_t)
corenet_tcp_bind_http_cache_port(privoxy_t)
corenet_tcp_connect_http_port(privoxy_t)
corenet_tcp_connect_ftp_port(privoxy_t)
diff --git a/refpolicy/policy/modules/services/procmail.te b/refpolicy/policy/modules/services/procmail.te
index 3862316..6b1038c 100644
--- a/refpolicy/policy/modules/services/procmail.te
+++ b/refpolicy/policy/modules/services/procmail.te
@@ -1,5 +1,5 @@
-policy_module(procmail,1.0.1)
+policy_module(procmail,1.0.2)
########################################
#
@@ -36,6 +36,7 @@ corenet_udp_sendrecv_all_nodes(procmail_t)
corenet_raw_sendrecv_all_nodes(procmail_t)
corenet_tcp_sendrecv_all_ports(procmail_t)
corenet_udp_sendrecv_all_ports(procmail_t)
+corenet_non_ipsec_sendrecv(procmail_t)
corenet_tcp_bind_all_nodes(procmail_t)
corenet_udp_bind_all_nodes(procmail_t)
corenet_tcp_connect_spamd_port(procmail_t)
diff --git a/refpolicy/policy/modules/services/radius.te b/refpolicy/policy/modules/services/radius.te
index e115360..dfddca6 100644
--- a/refpolicy/policy/modules/services/radius.te
+++ b/refpolicy/policy/modules/services/radius.te
@@ -56,10 +56,11 @@ corenet_raw_sendrecv_all_if(radiusd_t)
corenet_tcp_sendrecv_all_nodes(radiusd_t)
corenet_udp_sendrecv_all_nodes(radiusd_t)
corenet_raw_sendrecv_all_nodes(radiusd_t)
-corenet_tcp_bind_all_nodes(radiusd_t)
-corenet_udp_bind_all_nodes(radiusd_t)
corenet_tcp_sendrecv_all_ports(radiusd_t)
corenet_udp_sendrecv_all_ports(radiusd_t)
+corenet_non_ipsec_sendrecv(radiusd_t)
+corenet_tcp_bind_all_nodes(radiusd_t)
+corenet_udp_bind_all_nodes(radiusd_t)
corenet_udp_bind_radacct_port(radiusd_t)
corenet_udp_bind_radius_port(radiusd_t)
# for RADIUS proxy port
diff --git a/refpolicy/policy/modules/services/radvd.te b/refpolicy/policy/modules/services/radvd.te
index b5b07b2..6af8039 100644
--- a/refpolicy/policy/modules/services/radvd.te
+++ b/refpolicy/policy/modules/services/radvd.te
@@ -1,5 +1,5 @@
-policy_module(radvd,1.0)
+policy_module(radvd,1.0.1)
########################################
#
@@ -47,6 +47,7 @@ corenet_udp_sendrecv_all_nodes(radvd_t)
corenet_raw_sendrecv_all_nodes(radvd_t)
corenet_tcp_sendrecv_all_ports(radvd_t)
corenet_udp_sendrecv_all_ports(radvd_t)
+corenet_non_ipsec_sendrecv(radvd_t)
corenet_tcp_bind_all_nodes(radvd_t)
corenet_udp_bind_all_nodes(radvd_t)
diff --git a/refpolicy/policy/modules/services/rdisc.te b/refpolicy/policy/modules/services/rdisc.te
index 97c573b..873b86f 100644
--- a/refpolicy/policy/modules/services/rdisc.te
+++ b/refpolicy/policy/modules/services/rdisc.te
@@ -1,5 +1,5 @@
-policy_module(rdisc,1.0.0)
+policy_module(rdisc,1.0.1)
########################################
#
@@ -31,6 +31,7 @@ corenet_raw_sendrecv_generic_if(rdisc_t)
corenet_udp_sendrecv_all_nodes(rdisc_t)
corenet_raw_sendrecv_all_nodes(rdisc_t)
corenet_udp_sendrecv_all_ports(rdisc_t)
+corenet_non_ipsec_sendrecv(rdisc_t)
corenet_udp_bind_all_nodes(rdisc_t)
dev_read_sysfs(rdisc_t)
diff --git a/refpolicy/policy/modules/services/rlogin.te b/refpolicy/policy/modules/services/rlogin.te
index 2b284e4..bf05a19 100644
--- a/refpolicy/policy/modules/services/rlogin.te
+++ b/refpolicy/policy/modules/services/rlogin.te
@@ -1,5 +1,5 @@
-policy_module(rlogin,1.0)
+policy_module(rlogin,1.0.1)
########################################
#
@@ -59,6 +59,7 @@ corenet_udp_sendrecv_all_nodes(rlogind_t)
corenet_raw_sendrecv_all_nodes(rlogind_t)
corenet_tcp_sendrecv_all_ports(rlogind_t)
corenet_udp_sendrecv_all_ports(rlogind_t)
+corenet_non_ipsec_sendrecv(rlogind_t)
corenet_tcp_bind_all_nodes(rlogind_t)
corenet_udp_bind_all_nodes(rlogind_t)
diff --git a/refpolicy/policy/modules/services/rpc.if b/refpolicy/policy/modules/services/rpc.if
index da50403..50ba3a3 100644
--- a/refpolicy/policy/modules/services/rpc.if
+++ b/refpolicy/policy/modules/services/rpc.if
@@ -58,6 +58,7 @@ template(`rpc_domain_template', `
corenet_raw_sendrecv_all_nodes($1_t)
corenet_tcp_sendrecv_all_ports($1_t)
corenet_udp_sendrecv_all_ports($1_t)
+ corenet_non_ipsec_sendrecv($1_t)
corenet_tcp_bind_all_nodes($1_t)
corenet_udp_bind_all_nodes($1_t)
corenet_tcp_bind_reserved_port($1_t)
diff --git a/refpolicy/policy/modules/services/rpc.te b/refpolicy/policy/modules/services/rpc.te
index cb50dd5..dd7df90 100644
--- a/refpolicy/policy/modules/services/rpc.te
+++ b/refpolicy/policy/modules/services/rpc.te
@@ -1,5 +1,5 @@
-policy_module(rpc,1.0.2)
+policy_module(rpc,1.0.3)
########################################
#
diff --git a/refpolicy/policy/modules/services/rshd.te b/refpolicy/policy/modules/services/rshd.te
index 2ebf6f0..87e8e12 100644
--- a/refpolicy/policy/modules/services/rshd.te
+++ b/refpolicy/policy/modules/services/rshd.te
@@ -1,5 +1,5 @@
-policy_module(rshd,1.0)
+policy_module(rshd,1.0.1)
########################################
#
@@ -31,6 +31,7 @@ corenet_udp_sendrecv_all_nodes(rshd_t)
corenet_raw_sendrecv_all_nodes(rshd_t)
corenet_tcp_sendrecv_all_ports(rshd_t)
corenet_udp_sendrecv_all_ports(rshd_t)
+corenet_non_ipsec_sendrecv(rshd_t)
corenet_tcp_bind_all_nodes(rshd_t)
corenet_tcp_bind_rsh_port(rshd_t)
diff --git a/refpolicy/policy/modules/services/rsync.te b/refpolicy/policy/modules/services/rsync.te
index 57211ca..94a560d 100644
--- a/refpolicy/policy/modules/services/rsync.te
+++ b/refpolicy/policy/modules/services/rsync.te
@@ -1,5 +1,5 @@
-policy_module(rsync,1.0)
+policy_module(rsync,1.0.1)
########################################
#
@@ -63,6 +63,7 @@ corenet_udp_sendrecv_all_nodes(rsync_t)
corenet_raw_sendrecv_all_nodes(rsync_t)
corenet_tcp_sendrecv_all_ports(rsync_t)
corenet_udp_sendrecv_all_ports(rsync_t)
+corenet_non_ipsec_sendrecv(rsync_t)
corenet_tcp_bind_all_nodes(rsync_t)
corenet_udp_bind_all_nodes(rsync_t)
diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te
index f4536be..06eea35 100644
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@@ -1,5 +1,5 @@
-policy_module(samba,1.0)
+policy_module(samba,1.0.1)
#################################
#
@@ -108,6 +108,7 @@ corenet_udp_sendrecv_all_nodes(samba_net_t)
corenet_raw_sendrecv_all_nodes(samba_net_t)
corenet_tcp_sendrecv_all_ports(samba_net_t)
corenet_udp_sendrecv_all_ports(samba_net_t)
+corenet_non_ipsec_sendrecv(samba_net_t)
corenet_tcp_bind_all_nodes(samba_net_t)
corenet_udp_bind_all_nodes(samba_net_t)
corenet_tcp_connect_smbd_port(samba_net_t)
@@ -145,6 +146,7 @@ optional_policy(`ldap',`
corenet_tcp_sendrecv_all_nodes(samba_net_t)
corenet_raw_sendrecv_all_nodes(samba_net_t)
corenet_tcp_sendrecv_ldap_port(samba_net_t)
+ corenet_non_ipsec_sendrecv(samba_net_t)
corenet_tcp_bind_all_nodes(samba_net_t)
sysnet_read_config(samba_net_t)
')
@@ -225,6 +227,7 @@ corenet_udp_sendrecv_all_nodes(smbd_t)
corenet_raw_sendrecv_all_nodes(smbd_t)
corenet_tcp_sendrecv_all_ports(smbd_t)
corenet_udp_sendrecv_all_ports(smbd_t)
+corenet_non_ipsec_sendrecv(smbd_t)
corenet_tcp_bind_all_nodes(smbd_t)
corenet_udp_bind_all_nodes(smbd_t)
corenet_tcp_bind_smbd_port(smbd_t)
@@ -370,6 +373,7 @@ corenet_udp_sendrecv_all_nodes(nmbd_t)
corenet_raw_sendrecv_all_nodes(nmbd_t)
corenet_tcp_sendrecv_all_ports(nmbd_t)
corenet_udp_sendrecv_all_ports(nmbd_t)
+corenet_non_ipsec_sendrecv(nmbd_t)
corenet_tcp_bind_all_nodes(nmbd_t)
corenet_udp_bind_all_nodes(nmbd_t)
corenet_udp_bind_nmbd_port(nmbd_t)
@@ -458,6 +462,7 @@ corenet_raw_sendrecv_all_nodes(smbmount_t)
corenet_udp_sendrecv_all_nodes(smbmount_t)
corenet_tcp_sendrecv_all_ports(smbmount_t)
corenet_udp_sendrecv_all_ports(smbmount_t)
+corenet_non_ipsec_sendrecv(smbmount_t)
corenet_tcp_bind_all_nodes(smbmount_t)
corenet_udp_bind_all_nodes(smbmount_t)
corenet_tcp_connect_all_ports(smbmount_t)
@@ -567,6 +572,7 @@ corenet_udp_sendrecv_all_nodes(winbind_t)
corenet_raw_sendrecv_all_nodes(winbind_t)
corenet_tcp_sendrecv_all_ports(winbind_t)
corenet_udp_sendrecv_all_ports(winbind_t)
+corenet_non_ipsec_sendrecv(winbind_t)
corenet_tcp_bind_all_nodes(winbind_t)
corenet_udp_bind_all_nodes(winbind_t)
corenet_tcp_connect_smbd_port(winbind_t)
diff --git a/refpolicy/policy/modules/services/sasl.te b/refpolicy/policy/modules/services/sasl.te
index 2baadce..c81a934 100644
--- a/refpolicy/policy/modules/services/sasl.te
+++ b/refpolicy/policy/modules/services/sasl.te
@@ -1,5 +1,5 @@
-policy_module(sasl,1.0.1)
+policy_module(sasl,1.0.2)
########################################
#
@@ -38,6 +38,7 @@ corenet_raw_sendrecv_all_if(saslauthd_t)
corenet_tcp_sendrecv_all_nodes(saslauthd_t)
corenet_raw_sendrecv_all_nodes(saslauthd_t)
corenet_tcp_sendrecv_all_ports(saslauthd_t)
+corenet_non_ipsec_sendrecv(saslauthd_t)
corenet_tcp_bind_all_nodes(saslauthd_t)
corenet_tcp_connect_pop_port(saslauthd_t)
diff --git a/refpolicy/policy/modules/services/sendmail.te b/refpolicy/policy/modules/services/sendmail.te
index 593d14f..0253360 100644
--- a/refpolicy/policy/modules/services/sendmail.te
+++ b/refpolicy/policy/modules/services/sendmail.te
@@ -1,5 +1,5 @@
-policy_module(sendmail,1.0)
+policy_module(sendmail,1.0.1)
########################################
#
@@ -51,6 +51,7 @@ corenet_raw_sendrecv_all_nodes(sendmail_t)
corenet_udp_sendrecv_all_nodes(sendmail_t)
corenet_tcp_sendrecv_all_ports(sendmail_t)
corenet_udp_sendrecv_all_ports(sendmail_t)
+corenet_non_ipsec_sendrecv(sendmail_t)
corenet_tcp_bind_all_nodes(sendmail_t)
corenet_udp_bind_all_nodes(sendmail_t)
corenet_tcp_bind_smtp_port(sendmail_t)
diff --git a/refpolicy/policy/modules/services/snmp.te b/refpolicy/policy/modules/services/snmp.te
index a7ed81b..9bd0b09 100644
--- a/refpolicy/policy/modules/services/snmp.te
+++ b/refpolicy/policy/modules/services/snmp.te
@@ -1,5 +1,5 @@
-policy_module(snmp,1.0.2)
+policy_module(snmp,1.0.3)
########################################
#
@@ -68,6 +68,7 @@ corenet_udp_sendrecv_all_nodes(snmpd_t)
corenet_raw_sendrecv_all_nodes(snmpd_t)
corenet_tcp_sendrecv_all_ports(snmpd_t)
corenet_udp_sendrecv_all_ports(snmpd_t)
+corenet_non_ipsec_sendrecv(snmpd_t)
corenet_tcp_bind_all_nodes(snmpd_t)
corenet_udp_bind_all_nodes(snmpd_t)
corenet_tcp_bind_snmp_port(snmpd_t)
diff --git a/refpolicy/policy/modules/services/spamassassin.if b/refpolicy/policy/modules/services/spamassassin.if
index 83179b8..589ae52 100644
--- a/refpolicy/policy/modules/services/spamassassin.if
+++ b/refpolicy/policy/modules/services/spamassassin.if
@@ -100,6 +100,7 @@ template(`spamassassin_per_userdomain_template',`
corenet_raw_sendrecv_all_nodes($1_spamc_t)
corenet_tcp_sendrecv_all_ports($1_spamc_t)
corenet_udp_sendrecv_all_ports($1_spamc_t)
+ corenet_non_ipsec_sendrecv($1_spamc_t)
corenet_tcp_bind_all_nodes($1_spamc_t)
corenet_udp_bind_all_nodes($1_spamc_t)
corenet_tcp_connect_all_ports($1_spamc_t)
@@ -282,6 +283,7 @@ template(`spamassassin_per_userdomain_template',`
corenet_raw_sendrecv_all_nodes($1_spamassassin_t)
corenet_tcp_sendrecv_all_ports($1_spamassassin_t)
corenet_udp_sendrecv_all_ports($1_spamassassin_t)
+ corenet_non_ipsec_sendrecv($1_spamassassin_t)
corenet_tcp_bind_all_nodes($1_spamassassin_t)
corenet_udp_bind_all_nodes($1_spamassassin_t)
corenet_tcp_connect_all_ports($1_spamassassin_t)
diff --git a/refpolicy/policy/modules/services/spamassassin.te b/refpolicy/policy/modules/services/spamassassin.te
index f58f940..ba7b467 100644
--- a/refpolicy/policy/modules/services/spamassassin.te
+++ b/refpolicy/policy/modules/services/spamassassin.te
@@ -1,5 +1,5 @@
-policy_module(spamassassin,1.0.0)
+policy_module(spamassassin,1.0.1)
########################################
#
@@ -69,6 +69,7 @@ corenet_udp_sendrecv_all_nodes(spamd_t)
corenet_raw_sendrecv_all_nodes(spamd_t)
corenet_tcp_sendrecv_all_ports(spamd_t)
corenet_udp_sendrecv_all_ports(spamd_t)
+corenet_non_ipsec_sendrecv(spamd_t)
corenet_tcp_bind_all_nodes(spamd_t)
corenet_udp_bind_all_nodes(spamd_t)
corenet_tcp_bind_spamd_port(spamd_t)
diff --git a/refpolicy/policy/modules/services/squid.te b/refpolicy/policy/modules/services/squid.te
index f4cc464..f4dfdec 100644
--- a/refpolicy/policy/modules/services/squid.te
+++ b/refpolicy/policy/modules/services/squid.te
@@ -1,5 +1,5 @@
-policy_module(squid,1.0)
+policy_module(squid,1.0.1)
########################################
#
@@ -78,6 +78,7 @@ corenet_udp_sendrecv_all_nodes(squid_t)
corenet_raw_sendrecv_all_nodes(squid_t)
corenet_tcp_sendrecv_all_ports(squid_t)
corenet_udp_sendrecv_all_ports(squid_t)
+corenet_non_ipsec_sendrecv(squid_t)
corenet_tcp_bind_all_nodes(squid_t)
corenet_udp_bind_all_nodes(squid_t)
corenet_tcp_bind_http_cache_port(squid_t)
diff --git a/refpolicy/policy/modules/services/ssh.if b/refpolicy/policy/modules/services/ssh.if
index 5ca043f..f804d88 100644
--- a/refpolicy/policy/modules/services/ssh.if
+++ b/refpolicy/policy/modules/services/ssh.if
@@ -123,6 +123,7 @@ template(`ssh_per_userdomain_template',`
corenet_tcp_sendrecv_all_nodes($1_ssh_t)
corenet_raw_sendrecv_all_nodes($1_ssh_t)
corenet_tcp_sendrecv_all_ports($1_ssh_t)
+ corenet_non_ipsec_sendrecv($1_ssh_t)
corenet_tcp_bind_all_nodes($1_ssh_t)
corenet_tcp_connect_ssh_port($1_ssh_t)
@@ -437,6 +438,7 @@ template(`ssh_server_template', `
corenet_raw_sendrecv_all_nodes($1_t)
corenet_udp_sendrecv_all_ports($1_t)
corenet_tcp_sendrecv_all_ports($1_t)
+ corenet_non_ipsec_sendrecv($1_t)
corenet_tcp_bind_all_nodes($1_t)
corenet_udp_bind_all_nodes($1_t)
corenet_tcp_connect_all_ports($1_t)
diff --git a/refpolicy/policy/modules/services/ssh.te b/refpolicy/policy/modules/services/ssh.te
index d7b84d7..391a989 100644
--- a/refpolicy/policy/modules/services/ssh.te
+++ b/refpolicy/policy/modules/services/ssh.te
@@ -1,5 +1,5 @@
-policy_module(ssh,1.0)
+policy_module(ssh,1.0.1)
########################################
#
diff --git a/refpolicy/policy/modules/services/stunnel.te b/refpolicy/policy/modules/services/stunnel.te
index f274d29..b2c0c55 100644
--- a/refpolicy/policy/modules/services/stunnel.te
+++ b/refpolicy/policy/modules/services/stunnel.te
@@ -1,5 +1,5 @@
-policy_module(stunnel,1.0)
+policy_module(stunnel,1.0.1)
########################################
#
@@ -63,6 +63,7 @@ corenet_udp_sendrecv_all_nodes(stunnel_t)
corenet_raw_sendrecv_all_nodes(stunnel_t)
corenet_tcp_sendrecv_all_ports(stunnel_t)
corenet_udp_sendrecv_all_ports(stunnel_t)
+corenet_non_ipsec_sendrecv(stunnel_t)
corenet_tcp_bind_all_nodes(stunnel_t)
corenet_udp_bind_all_nodes(stunnel_t)
#corenet_tcp_bind_stunnel_port(stunnel_t)
diff --git a/refpolicy/policy/modules/services/tcpd.te b/refpolicy/policy/modules/services/tcpd.te
index fea2784..e8d843e 100644
--- a/refpolicy/policy/modules/services/tcpd.te
+++ b/refpolicy/policy/modules/services/tcpd.te
@@ -28,6 +28,7 @@ corenet_tcp_sendrecv_all_if(tcpd_t)
corenet_raw_sendrecv_all_nodes(tcpd_t)
corenet_tcp_sendrecv_all_nodes(tcpd_t)
corenet_tcp_sendrecv_all_ports(tcpd_t)
+corenet_non_ipsec_sendrecv(tcpd_t)
corenet_tcp_bind_all_nodes(tcpd_t)
fs_getattr_xattr_fs(tcpd_t)
diff --git a/refpolicy/policy/modules/services/telnet.te b/refpolicy/policy/modules/services/telnet.te
index 85a20c4..814832a 100644
--- a/refpolicy/policy/modules/services/telnet.te
+++ b/refpolicy/policy/modules/services/telnet.te
@@ -1,5 +1,5 @@
-policy_module(telnet,1.0)
+policy_module(telnet,1.0.1)
########################################
#
@@ -57,6 +57,7 @@ corenet_udp_sendrecv_all_nodes(telnetd_t)
corenet_raw_sendrecv_all_nodes(telnetd_t)
corenet_tcp_sendrecv_all_ports(telnetd_t)
corenet_udp_sendrecv_all_ports(telnetd_t)
+corenet_non_ipsec_sendrecv(telnetd_t)
corenet_tcp_bind_all_nodes(telnetd_t)
corenet_udp_bind_all_nodes(telnetd_t)
diff --git a/refpolicy/policy/modules/services/tftp.te b/refpolicy/policy/modules/services/tftp.te
index af3268f..fddd166 100644
--- a/refpolicy/policy/modules/services/tftp.te
+++ b/refpolicy/policy/modules/services/tftp.te
@@ -1,5 +1,5 @@
-policy_module(tftp,1.0)
+policy_module(tftp,1.0.1)
########################################
#
@@ -49,6 +49,7 @@ corenet_udp_sendrecv_all_nodes(tftpd_t)
corenet_raw_sendrecv_all_nodes(tftpd_t)
corenet_tcp_sendrecv_all_ports(tftpd_t)
corenet_udp_sendrecv_all_ports(tftpd_t)
+corenet_non_ipsec_sendrecv(tftpd_t)
corenet_tcp_bind_all_nodes(tftpd_t)
corenet_udp_bind_all_nodes(tftpd_t)
corenet_udp_bind_tftp_port(tftpd_t)
diff --git a/refpolicy/policy/modules/services/timidity.te b/refpolicy/policy/modules/services/timidity.te
index 214c69d..70905d5 100644
--- a/refpolicy/policy/modules/services/timidity.te
+++ b/refpolicy/policy/modules/services/timidity.te
@@ -1,5 +1,5 @@
-policy_module(timidity,1.0.0)
+policy_module(timidity,1.0.1)
# Note: You only need this policy if you want to run timidity as a server
@@ -47,6 +47,7 @@ corenet_udp_sendrecv_all_nodes(timidity_t)
corenet_raw_sendrecv_all_nodes(timidity_t)
corenet_tcp_sendrecv_all_ports(timidity_t)
corenet_udp_sendrecv_all_ports(timidity_t)
+corenet_non_ipsec_sendrecv(timidity_t)
corenet_tcp_bind_all_nodes(timidity_t)
corenet_udp_bind_all_nodes(timidity_t)
diff --git a/refpolicy/policy/modules/services/uucp.te b/refpolicy/policy/modules/services/uucp.te
index 27b822a..262307e 100644
--- a/refpolicy/policy/modules/services/uucp.te
+++ b/refpolicy/policy/modules/services/uucp.te
@@ -1,5 +1,5 @@
-policy_module(uucp,1.0)
+policy_module(uucp,1.0.1)
########################################
#
@@ -75,6 +75,7 @@ corenet_udp_sendrecv_all_nodes(uucpd_t)
corenet_raw_sendrecv_all_nodes(uucpd_t)
corenet_tcp_sendrecv_all_ports(uucpd_t)
corenet_udp_sendrecv_all_ports(uucpd_t)
+corenet_non_ipsec_sendrecv(uucpd_t)
corenet_tcp_bind_all_nodes(uucpd_t)
corenet_udp_bind_all_nodes(uucpd_t)
diff --git a/refpolicy/policy/modules/services/zebra.te b/refpolicy/policy/modules/services/zebra.te
index f08ecdf..0ef18e6 100644
--- a/refpolicy/policy/modules/services/zebra.te
+++ b/refpolicy/policy/modules/services/zebra.te
@@ -1,5 +1,5 @@
-policy_module(zebra,1.0.1)
+policy_module(zebra,1.0.2)
########################################
#
@@ -69,6 +69,7 @@ corenet_udp_sendrecv_all_nodes(zebra_t)
corenet_raw_sendrecv_all_nodes(zebra_t)
corenet_tcp_sendrecv_all_ports(zebra_t)
corenet_udp_sendrecv_all_ports(zebra_t)
+corenet_non_ipsec_sendrecv(zebra_t)
corenet_tcp_bind_all_nodes(zebra_t)
corenet_udp_bind_all_nodes(zebra_t)
corenet_tcp_bind_zebra_port(zebra_t)
diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te
index 675d039..22b0fe5 100644
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@@ -1,5 +1,5 @@
-policy_module(hotplug,1.0.1)
+policy_module(hotplug,1.0.2)
########################################
#
@@ -61,6 +61,7 @@ corenet_udp_sendrecv_all_nodes(hotplug_t)
corenet_raw_sendrecv_all_nodes(hotplug_t)
corenet_tcp_sendrecv_all_ports(hotplug_t)
corenet_udp_sendrecv_all_ports(hotplug_t)
+corenet_non_ipsec_sendrecv(hotplug_t)
corenet_tcp_bind_all_nodes(hotplug_t)
corenet_udp_bind_all_nodes(hotplug_t)
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 72b8312..f5b856d 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -1,5 +1,5 @@
-policy_module(init,1.0.3)
+policy_module(init,1.0.4)
gen_require(`
class passwd rootok;
@@ -257,6 +257,7 @@ corenet_raw_sendrecv_all_nodes(initrc_t)
corenet_udp_sendrecv_all_nodes(initrc_t)
corenet_tcp_sendrecv_all_ports(initrc_t)
corenet_udp_sendrecv_all_ports(initrc_t)
+corenet_non_ipsec_sendrecv(initrc_t)
corenet_tcp_bind_all_nodes(initrc_t)
corenet_udp_bind_all_nodes(initrc_t)
corenet_tcp_connect_all_ports(initrc_t)
diff --git a/refpolicy/policy/modules/system/ipsec.te b/refpolicy/policy/modules/system/ipsec.te
index cc6d402..331dda5 100644
--- a/refpolicy/policy/modules/system/ipsec.te
+++ b/refpolicy/policy/modules/system/ipsec.te
@@ -1,5 +1,5 @@
-policy_module(ipsec,1.0)
+policy_module(ipsec,1.0.1)
########################################
#
@@ -87,6 +87,7 @@ corenet_raw_sendrecv_all_if(ipsec_t)
corenet_tcp_sendrecv_all_nodes(ipsec_t)
corenet_raw_sendrecv_all_nodes(ipsec_t)
corenet_tcp_sendrecv_all_ports(ipsec_t)
+corenet_non_ipsec_sendrecv(ipsec_t)
corenet_tcp_bind_all_nodes(ipsec_t)
corenet_udp_bind_reserved_port(ipsec_t)
corenet_udp_bind_isakmp_port(ipsec_t)
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index 2951995..aac0625 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -1,5 +1,5 @@
-policy_module(logging,1.0.2)
+policy_module(logging,1.0.3)
########################################
#
@@ -313,6 +313,7 @@ corenet_udp_sendrecv_all_if(syslogd_t)
corenet_raw_sendrecv_all_nodes(syslogd_t)
corenet_udp_sendrecv_all_nodes(syslogd_t)
corenet_udp_sendrecv_all_ports(syslogd_t)
+corenet_non_ipsec_sendrecv(syslogd_t)
corenet_udp_bind_all_nodes(syslogd_t)
corenet_tcp_bind_syslogd_port(syslogd_t)
#cjp: why?
diff --git a/refpolicy/policy/modules/system/lvm.te b/refpolicy/policy/modules/system/lvm.te
index 6fadbbc..ed7c016 100644
--- a/refpolicy/policy/modules/system/lvm.te
+++ b/refpolicy/policy/modules/system/lvm.te
@@ -1,5 +1,5 @@
-policy_module(lvm,1.0)
+policy_module(lvm,1.0.1)
########################################
#
@@ -65,6 +65,7 @@ corenet_udp_sendrecv_all_nodes(clvmd_t)
corenet_raw_sendrecv_all_nodes(clvmd_t)
corenet_tcp_sendrecv_all_ports(clvmd_t)
corenet_udp_sendrecv_all_ports(clvmd_t)
+corenet_non_ipsec_sendrecv(clvmd_t)
corenet_tcp_bind_all_nodes(clvmd_t)
corenet_udp_bind_all_nodes(clvmd_t)
corenet_tcp_bind_reserved_port(clvmd_t)
diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te
index 82ae9be..9c724ba 100644
--- a/refpolicy/policy/modules/system/mount.te
+++ b/refpolicy/policy/modules/system/mount.te
@@ -1,5 +1,5 @@
-policy_module(mount,1.0)
+policy_module(mount,1.0.1)
########################################
#
@@ -106,6 +106,7 @@ optional_policy(`portmap',`
corenet_udp_sendrecv_all_nodes(mount_t)
corenet_tcp_sendrecv_all_ports(mount_t)
corenet_udp_sendrecv_all_ports(mount_t)
+ corenet_non_ipsec_sendrecv(mount_t)
corenet_tcp_bind_all_nodes(mount_t)
corenet_udp_bind_all_nodes(mount_t)
corenet_tcp_bind_generic_port(mount_t)
diff --git a/refpolicy/policy/modules/system/sysnetwork.if b/refpolicy/policy/modules/system/sysnetwork.if
index 6ecf59d..9b0a234 100644
--- a/refpolicy/policy/modules/system/sysnetwork.if
+++ b/refpolicy/policy/modules/system/sysnetwork.if
@@ -440,6 +440,7 @@ interface(`sysnet_dns_name_resolve',`
corenet_raw_sendrecv_all_nodes($1)
corenet_tcp_sendrecv_dns_port($1)
corenet_udp_sendrecv_dns_port($1)
+ corenet_non_ipsec_sendrecv($1)
corenet_tcp_bind_all_nodes($1)
corenet_udp_bind_all_nodes($1)
corenet_tcp_connect_dns_port($1)
@@ -468,6 +469,7 @@ interface(`sysnet_use_ldap',`
corenet_tcp_sendrecv_all_nodes($1)
corenet_raw_sendrecv_all_nodes($1)
corenet_tcp_sendrecv_ldap_port($1)
+ corenet_non_ipsec_sendrecv($1)
corenet_tcp_bind_all_nodes($1)
corenet_tcp_connect_ldap_port($1)
@@ -499,6 +501,7 @@ interface(`sysnet_use_portmap',`
corenet_raw_sendrecv_all_nodes($1)
corenet_tcp_sendrecv_portmap_port($1)
corenet_udp_sendrecv_portmap_port($1)
+ corenet_non_ipsec_sendrecv($1)
corenet_tcp_bind_all_nodes($1)
corenet_udp_bind_all_nodes($1)
corenet_tcp_connect_portmap_port($1)
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index 302ae6d..175bb3b 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -1,5 +1,5 @@
-policy_module(sysnetwork,1.0.3)
+policy_module(sysnetwork,1.0.4)
########################################
#
@@ -99,6 +99,7 @@ corenet_raw_sendrecv_all_nodes(dhcpc_t)
corenet_udp_sendrecv_all_nodes(dhcpc_t)
corenet_tcp_sendrecv_all_ports(dhcpc_t)
corenet_udp_sendrecv_all_ports(dhcpc_t)
+corenet_non_ipsec_sendrecv(dhcpc_t)
corenet_tcp_bind_all_nodes(dhcpc_t)
corenet_udp_bind_all_nodes(dhcpc_t)
corenet_udp_bind_dhcpc_port(dhcpc_t)
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 9167d69..53d45a3 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -173,6 +173,7 @@ template(`base_user_template',`
corenet_udp_sendrecv_all_nodes($1_t)
corenet_tcp_sendrecv_all_ports($1_t)
corenet_udp_sendrecv_all_ports($1_t)
+ corenet_non_ipsec_sendrecv($1_t)
corenet_tcp_bind_all_nodes($1_t)
corenet_udp_bind_all_nodes($1_t)
corenet_udp_bind_generic_port($1_t)
diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te
index 6c228fa..7c66a13 100644
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@@ -1,5 +1,5 @@
-policy_module(userdomain,1.0.6)
+policy_module(userdomain,1.0.7)
gen_require(`
role sysadm_r, staff_r, user_r;
More information about the scm-commits
mailing list