[selinux-policy: 2615/3172] Use port range notation in corenetwork where it makes sense.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:52:30 UTC 2010
commit 46e16a2d2a2b2ead53ef959795c6cb5cac227978
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Tue Apr 13 11:55:04 2010 -0400
Use port range notation in corenetwork where it makes sense.
policy/modules/kernel/corenetwork.te.in | 15 +++++++--------
1 files changed, 7 insertions(+), 8 deletions(-)
---
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 04f3dc7..48baaa1 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -70,10 +70,10 @@ network_port(afs_ka, udp,7004,s0)
network_port(afs_pt, udp,7002,s0)
network_port(afs_vl, udp,7003,s0)
network_port(agentx, udp,705,s0, tcp,705,s0)
-network_port(amanda, udp,10080,s0, tcp,10080,s0, udp,10081,s0, tcp,10081,s0, tcp,10082,s0, tcp,10083,s0)
+network_port(amanda, udp,10080-10082,s0, tcp,10080-10083,s0)
network_port(amavisd_recv, tcp,10024,s0)
network_port(amavisd_send, tcp,10025,s0)
-network_port(aol, udp,5190,s0, tcp,5190,s0, udp,5191,s0, tcp,5191,s0, udp,5192,s0, tcp,5192,s0, udp,5193,s0, tcp,5193,s0)
+network_port(aol, udp,5190-5193,s0, tcp,5190-5193,s0)
network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0)
network_port(audit, tcp,60,s0)
@@ -84,7 +84,7 @@ network_port(certmaster, tcp,51235,s0)
network_port(chronyd, udp,323,s0)
network_port(clamd, tcp,3310,s0)
network_port(clockspeed, udp,4041,s0)
-network_port(cluster, tcp,5149,s0, udp,5149,s0, tcp,40040,s0, tcp,50006,s0, udp,50006,s0, tcp,50007,s0, udp,50007,s0, tcp,50008,s0, udp,50008,s0)
+network_port(cluster, tcp,5149,s0, udp,5149,s0, tcp,40040,s0, tcp,50006-50008,s0, udp,50006-50008,s0)
network_port(cobbler, tcp,25151,s0)
network_port(comsat, udp,512,s0)
network_port(cvs, tcp,2401,s0, udp,2401,s0)
@@ -140,8 +140,7 @@ network_port(monopd, tcp,1234,s0)
network_port(msnp, tcp,1863,s0, udp,1863,s0)
network_port(mssql, tcp,1433,s0, tcp,1434,s0, udp,1433,s0, udp,1434,s0)
network_port(munin, tcp,4949,s0, udp,4949,s0)
-network_port(mysqld, tcp,1186,s0, tcp,3306,s0)
-portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
+network_port(mysqld, tcp,1186,s0, tcp,3306,s0, tcp,63132-63163,s0)
network_port(mysqlmanagerd, tcp,2273,s0)
network_port(nessus, tcp,1241,s0)
network_port(netsupport, tcp,5404,s0, udp,5404,s0, tcp,5405,s0, udp,5405,s0)
@@ -194,7 +193,7 @@ network_port(syslogd, udp,514,s0)
network_port(telnetd, tcp,23,s0)
network_port(tftp, udp,69,s0)
network_port(tor, tcp, 6969, s0, tcp,9001,s0, tcp,9030,s0, tcp,9050,s0, tcp,9051,s0)
-network_port(traceroute, udp,64000,s0, udp,64001,s0, udp,64002,s0, udp,64003,s0, udp,64004,s0, udp,64005,s0, udp,64006,s0, udp,64007,s0, udp,64008,s0, udp,64009,s0, udp,64010,s0)
+network_port(traceroute, udp,64000-64010,s0)
network_port(transproxy, tcp,8081,s0)
network_port(ups, tcp,3493,s0)
type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
@@ -208,8 +207,8 @@ network_port(whois, tcp,43,s0, udp,43,s0, tcp, 4321, s0 , udp, 4321, s0 )
network_port(xdmcp, udp,177,s0, tcp,177,s0)
network_port(xen, tcp,8002,s0)
network_port(xfs, tcp,7100,s0)
-network_port(xserver, tcp, 6000, s0, tcp,6001,s0, tcp,6002,s0, tcp,6003,s0, tcp,6004,s0, tcp,6005,s0, tcp,6006,s0, tcp,6007,s0, tcp,6008,s0, tcp,6009,s0, tcp,6010,s0, tcp,6011,s0, tcp,6012,s0, tcp,6013,s0, tcp,6014,s0, tcp,6015,s0, tcp,6016,s0, tcp,6017,s0, tcp,6018,s0, tcp,6019,s0, tcp,6020,s0)
-network_port(zebra, tcp,2600,s0, tcp,2601,s0, tcp,2602,s0, tcp,2603,s0, tcp,2604,s0, tcp,2606,s0, udp,2600,s0, udp,2601,s0, udp,2602,s0, udp,2603,s0, udp,2604,s0, udp,2606,s0)
+network_port(xserver, tcp,6000-6020,s0)
+network_port(zebra, tcp,2600-2604,s0, tcp,2606,s0, udp,2600-2604,s0, udp,2606,s0)
network_port(zope, tcp,8021,s0)
# Defaults for reserved ports. Earlier portcon entries take precedence;
More information about the scm-commits
mailing list