[selinux-policy: 1993/3172] trunk: inetd update from dan.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:57:07 UTC 2010
commit 24af9b1d3454711287963b1e1cb809ee1095bf5e
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Aug 29 13:21:53 2008 +0000
trunk: inetd update from dan.
policy/modules/services/inetd.if | 5 +++++
policy/modules/services/inetd.te | 17 ++++++++++++++++-
2 files changed, 21 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/services/inetd.if b/policy/modules/services/inetd.if
index 7719a5a..614e0e4 100644
--- a/policy/modules/services/inetd.if
+++ b/policy/modules/services/inetd.if
@@ -115,6 +115,11 @@ interface(`inetd_service_domain',`
allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
allow $1 inetd_t:udp_socket rw_socket_perms;
+
+ # encrypt the service through stunnel
+ optional_policy(`
+ stunnel_service_domain($1, $2)
+ ')
')
########################################
diff --git a/policy/modules/services/inetd.te b/policy/modules/services/inetd.te
index 32d8d07..65a4b81 100644
--- a/policy/modules/services/inetd.te
+++ b/policy/modules/services/inetd.te
@@ -1,5 +1,5 @@
-policy_module(inetd, 1.7.0)
+policy_module(inetd, 1.7.1)
########################################
#
@@ -30,6 +30,10 @@ files_tmp_file(inetd_child_tmp_t)
type inetd_child_var_run_t;
files_pid_file(inetd_child_var_run_t)
+ifdef(`enable_mcs',`
+ init_ranged_daemon_domain(inetd_t, inetd_exec_t,s0 - mcs_systemhigh)
+')
+
########################################
#
# Local policy
@@ -59,6 +63,8 @@ kernel_read_proc_symlinks(inetd_t)
kernel_read_system_state(inetd_t)
kernel_tcp_recvfrom_unlabeled(inetd_t)
+corecmd_bin_domtrans(inetd_t, inetd_child_t)
+
# base networking:
corenet_all_recvfrom_unlabeled(inetd_t)
corenet_all_recvfrom_netlabel(inetd_t)
@@ -84,6 +90,7 @@ corenet_tcp_bind_ftp_port(inetd_t)
corenet_udp_bind_ftp_port(inetd_t)
corenet_tcp_bind_inetd_child_port(inetd_t)
corenet_udp_bind_inetd_child_port(inetd_t)
+corenet_tcp_bind_ircd_port(inetd_t)
corenet_udp_bind_ktalkd_port(inetd_t)
corenet_tcp_bind_printer_port(inetd_t)
corenet_udp_bind_rlogind_port(inetd_t)
@@ -105,6 +112,7 @@ corenet_sendrecv_comsat_server_packets(inetd_t)
corenet_sendrecv_dbskkd_server_packets(inetd_t)
corenet_sendrecv_ftp_server_packets(inetd_t)
corenet_sendrecv_inetd_child_server_packets(inetd_t)
+corenet_sendrecv_ircd_server_packets(inetd_t)
corenet_sendrecv_ktalkd_server_packets(inetd_t)
corenet_sendrecv_printer_server_packets(inetd_t)
corenet_sendrecv_rsh_server_packets(inetd_t)
@@ -148,10 +156,17 @@ userdom_dontaudit_use_unpriv_user_fds(inetd_t)
sysadm_dontaudit_search_home_dirs(inetd_t)
+ifdef(`distro_redhat',`
+ optional_policy(`
+ unconfined_domain(inetd_t)
+ ')
+')
+
ifdef(`enable_mls',`
corenet_tcp_recvfrom_netlabel(inetd_t)
corenet_udp_recvfrom_netlabel(inetd_t)
')
+
optional_policy(`
amanda_search_lib(inetd_t)
')
More information about the scm-commits
mailing list