[selinux-policy: 661/3172] fix can_network_server expansion
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:02:04 UTC 2010
commit a47ea60ca98f9b1cd9202c649d23eb67143fccb2
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Sep 16 17:28:10 2005 +0000
fix can_network_server expansion
docs/macro_conversion_guide | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
---
diff --git a/docs/macro_conversion_guide b/docs/macro_conversion_guide
index 0d6aeb2..84fdff0 100644
--- a/docs/macro_conversion_guide
+++ b/docs/macro_conversion_guide
@@ -373,7 +373,9 @@ sysnet_read_config($1)
# can_network_server():
#
allow $1 self:tcp_socket create_stream_socket_perms;
+allow $1 self:udp_socket { connect };
base_can_network($1, tcp, `$2')
+base_can_network($1, udp, `$2')
#
# can_network_server_tcp():
@@ -754,11 +756,15 @@ kernel_read_kernel_sysctl($1_t)
kernel_read_system_state($1_t)
kernel_read_network_state($1_t)
corenet_tcp_sendrecv_all_if($1_t)
+corenet_udp_sendrecv_all_if($1_t)
corenet_raw_sendrecv_all_if($1_t)
corenet_tcp_sendrecv_all_nodes($1_t)
+corenet_udp_sendrecv_all_nodes($1_t)
corenet_raw_sendrecv_all_nodes($1_t)
-corenet_tcp_bind_all_nodes($1_t)
corenet_tcp_sendrecv_all_ports($1_t)
+corenet_udp_sendrecv_all_ports($1_t)
+corenet_tcp_bind_all_nodes($1_t)
+corenet_udp_bind_all_nodes($1_t)
dev_read_urand($1_t)
fs_getattr_xattr_fs($1_t)
files_read_etc_files($1_t)
More information about the scm-commits
mailing list