[selinux-policy: 44/3172] add sysnetwork
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:08:45 UTC 2010
commit 91a7ab6cb339b7e2a4556c6d5ff945484f537869
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Apr 25 21:28:25 2005 +0000
add sysnetwork
refpolicy/policy/modules/system/init.te | 10 +++++-----
refpolicy/policy/modules/system/logging.te | 2 ++
2 files changed, 7 insertions(+), 5 deletions(-)
---
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index 02c82e2..9b53826 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -186,6 +186,9 @@ allow initrc_t initrc_state_t:dir { create read getattr lock setattr ioctl unlin
allow initrc_t initrc_state_t:file { create ioctl read getattr lock write setattr append link unlink rename };
allow initrc_t initrc_state_t:lnk_file { create read getattr setattr unlink rename };
+allow initrc_t self:tcp_socket { connect listen accept create ioctl read getattr write setattr append bind getopt setopt shutdown };
+allow initrc_t self:udp_socket { connect create ioctl read getattr write setattr append bind getopt setopt shutdown };
+
kernel_read_system_state(initrc_t)
kernel_read_software_raid_state(initrc_t)
kernel_read_network_state(initrc_t)
@@ -207,9 +210,6 @@ filesystem_unmount_all_filesystems(initrc_t)
filesystem_remount_all_filesystems(initrc_t)
filesystem_get_all_filesystems_attributes(initrc_t)
-# can_network(initrc_t):
-allow initrc_t self:tcp_socket { connect listen accept create ioctl read getattr write setattr append bind getopt setopt shutdown };
-allow initrc_t self:udp_socket { connect create ioctl read getattr write setattr append bind getopt setopt shutdown };
corenetwork_network_tcp_on_all_interfaces(initrc_t)
corenetwork_network_raw_on_all_interfaces(initrc_t)
corenetwork_network_udp_on_all_interfaces(initrc_t)
@@ -220,8 +220,6 @@ corenetwork_network_tcp_on_all_ports(initrc_t)
corenetwork_network_udp_on_all_ports(initrc_t)
corenetwork_bind_tcp_on_all_nodes(initrc_t)
corenetwork_bind_udp_on_all_nodes(initrc_t)
-#allow initrc_t net_conf_t:file r_file_perms;
-#sysnetwork_read_network_config(initrc_t)
domain_kill_all_domains(initrc_t)
domain_read_all_domains_process_state(initrc_t)
@@ -270,6 +268,8 @@ logging_send_system_log_message(initrc_t)
selinux_read_config(initrc_t)
selinux_read_default_contexts(run_init_t)
+sysnetwork_read_network_config(initrc_t)
+
modutils_read_kernel_module_loading_config(initrc_t)
authlogin_modify_login_records(initrc_t)
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index 30c6978..de0a6e3 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -116,6 +116,8 @@ file_type_auto_trans(syslogd_t, var_lib_t, devlog_t, sock_file)
libraries_use_dynamic_loader(syslogd_t)
libraries_read_shared_libraries(syslogd_t)
+sysnetwork_read_network_config(syslogd_t)
+
miscfiles_read_localization(syslogd_t)
#
More information about the scm-commits
mailing list