[selinux-policy: 2605/3172] Portreserve patch from Dan Walsh.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:51:39 UTC 2010
commit b577852a9813f70e3d468cdea676104c91109ae1
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Mon Apr 5 14:50:23 2010 -0400
Portreserve patch from Dan Walsh.
policy/modules/services/portreserve.te | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/services/portreserve.te b/policy/modules/services/portreserve.te
index 200b5fd..3addef5 100644
--- a/policy/modules/services/portreserve.te
+++ b/policy/modules/services/portreserve.te
@@ -1,5 +1,5 @@
-policy_module(portreserve, 1.1.0)
+policy_module(portreserve, 1.1.1)
########################################
#
@@ -21,6 +21,7 @@ files_pid_file(portreserve_var_run_t)
# Portreserve local policy
#
+allow portreserve_t self:capability { dac_read_search dac_override };
allow portreserve_t self:fifo_file rw_fifo_file_perms;
allow portreserve_t self:unix_stream_socket create_stream_socket_perms;
allow portreserve_t self:unix_dgram_socket { create_socket_perms sendto };
@@ -37,6 +38,8 @@ manage_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t
manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
files_pid_filetrans(portreserve_t, portreserve_var_run_t, { file sock_file })
+corecmd_getattr_bin_files(portreserve_t)
+
corenet_all_recvfrom_unlabeled(portreserve_t)
corenet_all_recvfrom_netlabel(portreserve_t)
corenet_tcp_bind_generic_node(portreserve_t)
More information about the scm-commits
mailing list