-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/19/2012 03:20 PM, Dominick Grift wrote:
On Wed, 2012-09-19 at 15:07 -0400, Daniel J Walsh wrote:
>
> ## <desc> ## <p> +## Allow postgresql to use ssh and rsync to
> replicate databases +## </p> +## </desc>
> +gen_tunable(postgesql_replication, false)
typo in there
we should probably implement a ssh_tcp_connect if it doesnt exists already
and use that (that goes for all service ports)
######################################## ## <summary> ## Connect to ssh
over the TCP network. ## </summary> ## <param name="domain">
## <summary>
## Domain allowed access. ## </summary> ## </param> #
interface(`ssh_tcp_connect',` gen_require(` type sshd_t; ')
corenet_tcp_recvfrom_labeled($1, sshd_t) corenet_tcp_sendrecv_ssh_port($1)
corenet_tcp_connect_ssh_port($1) corenet_sendrecv_ssh_client_packets($1)
')
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
Looks like Chris did not like a previous interface by that name.
########################################
## <summary>
## Connect to SSH daemons over TCP sockets. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`ssh_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
')
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://www.enigmail.net/
iEYEARECAAYFAlBaJIAACgkQrlYvE4MpobMA8gCgi81QZHdyOWfNS1skLKRCG8KP
0NsAoNB0yEWWYLumGnMORfqoEVfQUkj6
=4GY9
-----END PGP SIGNATURE-----