[selinux-policy: 1474/3172] initial packet rules
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:12:46 UTC 2010
commit 378d5cda0551cc6f190f4119d516a53e97b10d25
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu May 25 17:56:07 2006 +0000
initial packet rules
refpolicy/policy/modules/services/avahi.te | 4 +++-
refpolicy/policy/modules/services/cups.te | 5 ++++-
refpolicy/policy/modules/services/portmap.te | 8 ++++----
refpolicy/policy/modules/services/rpc.if | 5 ++---
refpolicy/policy/modules/services/rpc.te | 2 +-
5 files changed, 14 insertions(+), 10 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/avahi.te b/refpolicy/policy/modules/services/avahi.te
index 90aa110..86a2b04 100644
--- a/refpolicy/policy/modules/services/avahi.te
+++ b/refpolicy/policy/modules/services/avahi.te
@@ -1,5 +1,5 @@
-policy_module(avahi,1.2.2)
+policy_module(avahi,1.2.3)
########################################
#
@@ -49,6 +49,8 @@ corenet_tcp_bind_all_nodes(avahi_t)
corenet_udp_bind_all_nodes(avahi_t)
corenet_tcp_bind_howl_port(avahi_t)
corenet_udp_bind_howl_port(avahi_t)
+corenet_send_howl_client_packets(avahi_t)
+corenet_receive_howl_server_packets(avahi_t)
dev_read_sysfs(avahi_t)
dev_read_urand(avahi_t)
diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te
index 37c3f43..fd28c56 100644
--- a/refpolicy/policy/modules/services/cups.te
+++ b/refpolicy/policy/modules/services/cups.te
@@ -1,5 +1,5 @@
-policy_module(cups,1.3.4)
+policy_module(cups,1.3.5)
########################################
#
@@ -144,6 +144,7 @@ corenet_udp_bind_ipp_port(cupsd_t)
corenet_tcp_bind_reserved_port(cupsd_t)
corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
corenet_tcp_connect_all_ports(cupsd_t)
+corenet_sendrecv_hplip_client_packets(cupsd_t)
dev_rw_printer(cupsd_t)
dev_read_urand(cupsd_t)
@@ -419,6 +420,8 @@ corenet_udp_bind_all_nodes(hplip_t)
corenet_tcp_bind_hplip_port(hplip_t)
corenet_tcp_connect_hplip_port(hplip_t)
corenet_tcp_connect_ipp_port(hplip_t)
+corenet_sendrecv_hplip_client_packets(hplip_t)
+corenet_receive_hplip_client_packets(hplip_t)
dev_read_sysfs(hplip_t)
dev_rw_printer(hplip_t)
diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te
index 113f921..803db19 100644
--- a/refpolicy/policy/modules/services/portmap.te
+++ b/refpolicy/policy/modules/services/portmap.te
@@ -1,5 +1,5 @@
-policy_module(portmap,1.2.1)
+policy_module(portmap,1.2.2)
########################################
#
@@ -47,20 +47,20 @@ kernel_list_proc(portmap_t)
kernel_read_proc_symlinks(portmap_t)
kernel_tcp_recvfrom(portmap_t)
+corenet_non_ipsec_sendrecv(portmap_t)
corenet_tcp_sendrecv_all_if(portmap_t)
corenet_udp_sendrecv_all_if(portmap_t)
-corenet_raw_sendrecv_all_if(portmap_t)
corenet_tcp_sendrecv_all_nodes(portmap_t)
corenet_udp_sendrecv_all_nodes(portmap_t)
-corenet_raw_sendrecv_all_nodes(portmap_t)
corenet_tcp_sendrecv_all_ports(portmap_t)
corenet_udp_sendrecv_all_ports(portmap_t)
-corenet_non_ipsec_sendrecv(portmap_t)
corenet_tcp_bind_all_nodes(portmap_t)
corenet_udp_bind_all_nodes(portmap_t)
corenet_tcp_bind_portmap_port(portmap_t)
corenet_udp_bind_portmap_port(portmap_t)
corenet_tcp_connect_all_ports(portmap_t)
+corenet_sendrecv_portmap_client_packets(portmap_t)
+corenet_receive_portmap_server_packets(portmap_t)
# portmap binds to arbitary ports
corenet_tcp_bind_generic_port(portmap_t)
corenet_udp_bind_generic_port(portmap_t)
diff --git a/refpolicy/policy/modules/services/rpc.if b/refpolicy/policy/modules/services/rpc.if
index bd069ad..e68cc84 100644
--- a/refpolicy/policy/modules/services/rpc.if
+++ b/refpolicy/policy/modules/services/rpc.if
@@ -52,20 +52,19 @@ template(`rpc_domain_template', `
dev_read_sysfs($1_t)
+ corenet_non_ipsec_sendrecv($1_t)
corenet_tcp_sendrecv_all_if($1_t)
corenet_udp_sendrecv_all_if($1_t)
- corenet_raw_sendrecv_all_if($1_t)
corenet_tcp_sendrecv_all_nodes($1_t)
corenet_udp_sendrecv_all_nodes($1_t)
- corenet_raw_sendrecv_all_nodes($1_t)
corenet_tcp_sendrecv_all_ports($1_t)
corenet_udp_sendrecv_all_ports($1_t)
- corenet_non_ipsec_sendrecv($1_t)
corenet_tcp_bind_all_nodes($1_t)
corenet_udp_bind_all_nodes($1_t)
corenet_tcp_bind_reserved_port($1_t)
corenet_tcp_bind_reserved_port($1_t)
corenet_tcp_connect_all_ports($1_t)
+ corenet_sendrecv_portmap_client_packets($1_t)
# do not log when it tries to bind to a port belonging to another domain
corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
corenet_dontaudit_udp_bind_all_reserved_ports($1_t)
diff --git a/refpolicy/policy/modules/services/rpc.te b/refpolicy/policy/modules/services/rpc.te
index f8403b7..efb242f 100644
--- a/refpolicy/policy/modules/services/rpc.te
+++ b/refpolicy/policy/modules/services/rpc.te
@@ -1,5 +1,5 @@
-policy_module(rpc,1.2.4)
+policy_module(rpc,1.2.5)
########################################
#
More information about the scm-commits
mailing list