On Wed, 2012-09-19 at 16:01 -0400, Daniel J Walsh wrote:
On 09/19/2012 03:20 PM, Dominick Grift wrote:
>
>
> On Wed, 2012-09-19 at 15:07 -0400, Daniel J Walsh wrote:
>>
>> ## <desc> ## <p> +## Allow postgresql to use ssh and rsync
to
>> replicate databases +## </p> +## </desc>
>> +gen_tunable(postgesql_replication, false)
>
> typo in there
>
> we should probably implement a ssh_tcp_connect if it doesnt exists already
> and use that (that goes for all service ports)
>
> ######################################## ## <summary> ## Connect to ssh
> over the TCP network. ## </summary> ## <param name="domain">
## <summary>
> ## Domain allowed access. ## </summary> ## </param> #
> interface(`ssh_tcp_connect',` gen_require(` type sshd_t; ')
>
> corenet_tcp_recvfrom_labeled($1, sshd_t) corenet_tcp_sendrecv_ssh_port($1)
> corenet_tcp_connect_ssh_port($1) corenet_sendrecv_ssh_client_packets($1)
> ')
>
>
>
> -- selinux mailing list selinux(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/selinux
>
Looks like Chris did not like a previous interface by that name.
########################################
## <summary>
## Connect to SSH daemons over TCP sockets. (Deprecated)
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`ssh_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
')
Anyways , ok ignore it for now. I guess this should be discussed with
pebenito. I can always change it later