[selinux-policy: 513/3172] name_connect only on tcp_sockets
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:48:57 UTC 2010
commit ef424c14d42f6536eac7e3c9f668e4eef0fa7b8c
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Jul 20 17:10:07 2005 +0000
name_connect only on tcp_sockets
refpolicy/policy/modules/kernel/corenetwork.if.in | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
---
diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.in b/refpolicy/policy/modules/kernel/corenetwork.if.in
index 25ea9d6..e9416e6 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.in
@@ -984,13 +984,14 @@ interface(`corenet_unconfined',`
gen_require(`
attribute node_type, netif_type, port_type;
class tcp_socket { send_msg recv_msg node_bind name_bind name_connect };
- class udp_socket { send_msg recv_msg node_bind name_bind name_connect };
+ class udp_socket { send_msg recv_msg node_bind name_bind };
class rawip_socket node_bind;
')
allow $1 node_type:node *;
allow $1 netif_type:netif *;
- allow $1 port_type:{ tcp_socket udp_socket } { send_msg recv_msg name_connect };
+ allow $1 port_type:tcp_socket { send_msg recv_msg name_connect };
+ allow $1 port_type:udp_socket { send_msg recv_msg };
# Bind to any network address.
# cjp: rawip_socket doesnt make any sense
More information about the scm-commits
mailing list