[selinux-policy: 2520/3172] Rearrange interfaces in fail2ban.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:44:00 UTC 2010
commit bf140fc32c38d23a1c2990db60ac1330436ddc80
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Mar 16 13:14:46 2010 -0400
Rearrange interfaces in fail2ban.
policy/modules/services/fail2ban.if | 76 +++++++++++++++++-----------------
1 files changed, 38 insertions(+), 38 deletions(-)
---
diff --git a/policy/modules/services/fail2ban.if b/policy/modules/services/fail2ban.if
index 83d0241..43dd962 100644
--- a/policy/modules/services/fail2ban.if
+++ b/policy/modules/services/fail2ban.if
@@ -18,6 +18,44 @@ interface(`fail2ban_domtrans',`
domtrans_pattern($1, fail2ban_exec_t, fail2ban_t)
')
+#####################################
+## <summary>
+## Connect to fail2ban over a unix domain
+## stream socket.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`fail2ban_stream_connect',`
+ gen_require(`
+ type fail2ban_t, fail2ban_var_run_t;
+ ')
+
+ files_search_pids($1)
+ stream_connect_pattern($1, fail2ban_var_run_t, fail2ban_var_run_t, fail2ban_t)
+')
+
+########################################
+## <summary>
+## Read and write to an fail2ban unix stream socket.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`fail2ban_rw_stream_sockets',`
+ gen_require(`
+ type fail2ban_t;
+ ')
+
+ allow $1 fail2ban_t:unix_stream_socket rw_stream_socket_perms;
+')
+
########################################
## <summary>
## Read fail2ban lib files.
@@ -98,26 +136,6 @@ interface(`fail2ban_read_pid_files',`
allow $1 fail2ban_var_run_t:file read_file_perms;
')
-#####################################
-## <summary>
-## Connect to fail2ban over a unix domain
-## stream socket.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`fail2ban_stream_connect',`
- gen_require(`
- type fail2ban_t, fail2ban_var_run_t;
- ')
-
- files_search_pids($1)
- stream_connect_pattern($1, fail2ban_var_run_t, fail2ban_var_run_t, fail2ban_t)
-')
-
########################################
## <summary>
## All of the rules required to administrate
@@ -155,21 +173,3 @@ interface(`fail2ban_admin',`
files_list_pids($1)
admin_pattern($1, fail2ban_var_run_t)
')
-
-########################################
-## <summary>
-## Read and write to an fail2ban unix stream socket.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`fail2ban_rw_stream_sockets',`
- gen_require(`
- type fail2ban_t;
- ')
-
- allow $1 fail2ban_t:unix_stream_socket rw_stream_socket_perms;
-')
More information about the scm-commits
mailing list