[selinux-policy: 1483/3172] packet updates for kernel, nscd, bind, ntp, spamassassin, and dhcpc
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:13:32 UTC 2010
commit 006e998287b23cd36a37814a47799168ca43468a
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri May 26 18:04:46 2006 +0000
packet updates for kernel, nscd, bind, ntp, spamassassin, and dhcpc
refpolicy/policy/modules/kernel/kernel.te | 4 ++--
refpolicy/policy/modules/services/bind.te | 7 ++++++-
refpolicy/policy/modules/services/nscd.te | 9 +++------
refpolicy/policy/modules/services/ntp.te | 8 ++++----
refpolicy/policy/modules/services/spamassassin.te | 9 ++++-----
refpolicy/policy/modules/system/sysnetwork.te | 5 +++--
6 files changed, 22 insertions(+), 20 deletions(-)
---
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index 41bbc8d..04de822 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -1,5 +1,5 @@
-policy_module(kernel,1.3.7)
+policy_module(kernel,1.3.8)
########################################
#
@@ -201,12 +201,12 @@ corenet_non_ipsec_sendrecv(kernel_t)
corenet_raw_sendrecv_all_if(kernel_t)
corenet_raw_sendrecv_all_nodes(kernel_t)
corenet_raw_send_generic_if(kernel_t)
-
# Kernel-generated traffic e.g., TCP resets:
corenet_tcp_sendrecv_all_if(kernel_t)
corenet_tcp_sendrecv_all_nodes(kernel_t)
corenet_raw_send_generic_node(kernel_t)
corenet_raw_send_multicast_node(kernel_t)
+corenet_send_all_packets(kernel_t)
dev_read_sysfs(kernel_t)
dev_search_usbfs(kernel_t)
diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index 15cd2e7..a31e956 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -1,5 +1,5 @@
-policy_module(bind,1.1.4)
+policy_module(bind,1.1.5)
########################################
#
@@ -112,6 +112,10 @@ corenet_tcp_bind_dns_port(named_t)
corenet_udp_bind_dns_port(named_t)
corenet_tcp_bind_rndc_port(named_t)
corenet_tcp_connect_all_ports(named_t)
+corenet_sendrecv_dns_server_packets(named_t)
+corenet_sendrecv_dns_client_packets(named_t)
+corenet_sendrecv_rndc_server_packets(named_t)
+corenet_sendrecv_rndc_client_packets(named_t)
dev_read_sysfs(named_t)
dev_read_rand(named_t)
@@ -244,6 +248,7 @@ corenet_tcp_sendrecv_all_if(ndc_t)
corenet_tcp_sendrecv_all_nodes(ndc_t)
corenet_tcp_sendrecv_all_ports(ndc_t)
corenet_tcp_connect_rndc_port(ndc_t)
+corenet_sendrecv_rndc_client_packets(ndc_t)
fs_getattr_xattr_fs(ndc_t)
diff --git a/refpolicy/policy/modules/services/nscd.te b/refpolicy/policy/modules/services/nscd.te
index 451302d..06663c4 100644
--- a/refpolicy/policy/modules/services/nscd.te
+++ b/refpolicy/policy/modules/services/nscd.te
@@ -1,5 +1,5 @@
-policy_module(nscd,1.2.2)
+policy_module(nscd,1.2.3)
gen_require(`
class nscd all_nscd_perms;
@@ -68,17 +68,13 @@ term_dontaudit_use_console(nscd_t)
# for when /etc/passwd has just been updated and has the wrong type
auth_getattr_shadow(nscd_t)
+corenet_non_ipsec_sendrecv(nscd_t)
corenet_tcp_sendrecv_all_if(nscd_t)
corenet_udp_sendrecv_all_if(nscd_t)
-corenet_raw_sendrecv_all_if(nscd_t)
corenet_tcp_sendrecv_all_nodes(nscd_t)
corenet_udp_sendrecv_all_nodes(nscd_t)
-corenet_raw_sendrecv_all_nodes(nscd_t)
corenet_tcp_sendrecv_all_ports(nscd_t)
corenet_udp_sendrecv_all_ports(nscd_t)
-corenet_non_ipsec_sendrecv(nscd_t)
-corenet_tcp_bind_all_nodes(nscd_t)
-corenet_udp_bind_all_nodes(nscd_t)
corenet_tcp_connect_all_ports(nscd_t)
corenet_rw_tun_tap_dev(nscd_t)
@@ -108,6 +104,7 @@ seutil_read_config(nscd_t)
seutil_read_default_contexts(nscd_t)
seutil_sigchld_newrole(nscd_t)
+sysnet_dns_name_resolve(nscd_t)
sysnet_read_config(nscd_t)
userdom_dontaudit_use_unpriv_user_fds(nscd_t)
diff --git a/refpolicy/policy/modules/services/ntp.te b/refpolicy/policy/modules/services/ntp.te
index b29010e..8f8ab87 100644
--- a/refpolicy/policy/modules/services/ntp.te
+++ b/refpolicy/policy/modules/services/ntp.te
@@ -1,5 +1,5 @@
-policy_module(ntp,1.1.0)
+policy_module(ntp,1.1.1)
########################################
#
@@ -63,19 +63,19 @@ files_pid_filetrans(ntpd_t,ntpd_var_run_t,file)
kernel_read_kernel_sysctls(ntpd_t)
kernel_read_system_state(ntpd_t)
+corenet_non_ipsec_sendrecv(ntpd_t)
corenet_tcp_sendrecv_all_if(ntpd_t)
corenet_udp_sendrecv_all_if(ntpd_t)
-corenet_raw_sendrecv_all_if(ntpd_t)
corenet_tcp_sendrecv_all_nodes(ntpd_t)
corenet_udp_sendrecv_all_nodes(ntpd_t)
-corenet_raw_sendrecv_all_nodes(ntpd_t)
corenet_tcp_sendrecv_all_ports(ntpd_t)
corenet_udp_sendrecv_all_ports(ntpd_t)
-corenet_non_ipsec_sendrecv(ntpd_t)
corenet_tcp_bind_all_nodes(ntpd_t)
corenet_udp_bind_all_nodes(ntpd_t)
corenet_udp_bind_ntp_port(ntpd_t)
corenet_tcp_connect_ntp_port(ntpd_t)
+corenet_sendrecv_ntp_server_packets(ntpd_t)
+corenet_sendrecv_ntp_client_packets(ntpd_t)
dev_read_sysfs(ntpd_t)
# for SSP
diff --git a/refpolicy/policy/modules/services/spamassassin.te b/refpolicy/policy/modules/services/spamassassin.te
index 0da5225..7f396ee 100644
--- a/refpolicy/policy/modules/services/spamassassin.te
+++ b/refpolicy/policy/modules/services/spamassassin.te
@@ -1,5 +1,5 @@
-policy_module(spamassassin,1.3.6)
+policy_module(spamassassin,1.3.7)
########################################
#
@@ -61,24 +61,22 @@ kernel_read_all_sysctls(spamd_t)
kernel_read_system_state(spamd_t)
kernel_tcp_recvfrom(spamd_t)
+corenet_non_ipsec_sendrecv(spamd_t)
corenet_tcp_sendrecv_all_if(spamd_t)
corenet_udp_sendrecv_all_if(spamd_t)
-corenet_raw_sendrecv_all_if(spamd_t)
corenet_tcp_sendrecv_all_nodes(spamd_t)
corenet_udp_sendrecv_all_nodes(spamd_t)
-corenet_raw_sendrecv_all_nodes(spamd_t)
corenet_tcp_sendrecv_all_ports(spamd_t)
corenet_udp_sendrecv_all_ports(spamd_t)
-corenet_non_ipsec_sendrecv(spamd_t)
corenet_tcp_bind_all_nodes(spamd_t)
corenet_udp_bind_all_nodes(spamd_t)
corenet_tcp_bind_spamd_port(spamd_t)
+corenet_tcp_connect_razor_port(spamd_t)
# spamassassin 3.1 needs this for its
# DnsResolver.pm module which binds to
# random ports >= 1024.
corenet_udp_bind_generic_port(spamd_t)
corenet_udp_bind_imaze_port(spamd_t)
-corenet_tcp_connect_razor_port(spamd_t)
dev_read_sysfs(spamd_t)
dev_read_urand(spamd_t)
@@ -114,6 +112,7 @@ miscfiles_read_localization(spamd_t)
sysnet_read_config(spamd_t)
sysnet_use_ldap(spamd_t)
+sysnet_dns_name_resolve(spamd_t)
userdom_use_unpriv_users_fds(spamd_t)
userdom_search_unpriv_users_home_dirs(spamd_t)
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index 5a0ba14..42411bb 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -1,5 +1,5 @@
-policy_module(sysnetwork,1.1.5)
+policy_module(sysnetwork,1.1.6)
########################################
#
@@ -91,6 +91,7 @@ kernel_read_network_state(dhcpc_t)
kernel_read_kernel_sysctls(dhcpc_t)
kernel_use_fds(dhcpc_t)
+corenet_non_ipsec_sendrecv(dhcpc_t)
corenet_tcp_sendrecv_all_if(dhcpc_t)
corenet_raw_sendrecv_all_if(dhcpc_t)
corenet_udp_sendrecv_all_if(dhcpc_t)
@@ -99,11 +100,11 @@ corenet_raw_sendrecv_all_nodes(dhcpc_t)
corenet_udp_sendrecv_all_nodes(dhcpc_t)
corenet_tcp_sendrecv_all_ports(dhcpc_t)
corenet_udp_sendrecv_all_ports(dhcpc_t)
-corenet_non_ipsec_sendrecv(dhcpc_t)
corenet_tcp_bind_all_nodes(dhcpc_t)
corenet_udp_bind_all_nodes(dhcpc_t)
corenet_udp_bind_dhcpc_port(dhcpc_t)
corenet_tcp_connect_all_ports(dhcpc_t)
+corenet_sendrecv_dhcpd_client_packets(dhcpc_t)
dev_read_sysfs(dhcpc_t)
# for SSP:
More information about the scm-commits
mailing list