- Fix sandbox policy creation with udp connect ports
This commit is contained in:
parent
433953b033
commit
a710a4e711
@ -6664,8 +6664,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
|||||||
+ app.stand_alone()
|
+ app.stand_alone()
|
||||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.85/gui/polgen.py
|
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.85/gui/polgen.py
|
||||||
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
|
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
|
||||||
+++ policycoreutils-2.0.85/gui/polgen.py 2011-02-03 16:12:28.000000000 -0500
|
+++ policycoreutils-2.0.85/gui/polgen.py 2011-02-03 17:03:56.000000000 -0500
|
||||||
@@ -0,0 +1,1349 @@
|
@@ -0,0 +1,1343 @@
|
||||||
+#!/usr/bin/python -Es
|
+#!/usr/bin/python -Es
|
||||||
+#
|
+#
|
||||||
+# Copyright (C) 2007-2010 Red Hat
|
+# Copyright (C) 2007-2010 Red Hat
|
||||||
@ -7734,7 +7734,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports)
|
+ t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports)
|
||||||
+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
|
+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
|
||||||
+
|
+
|
||||||
+ for i in self.in_udp[PORTS] + self.out_udp[PORTS]:
|
+ for i in self.in_udp[PORTS]:
|
||||||
+ if self.find_port(i,"udp") == None:
|
+ if self.find_port(i,"udp") == None:
|
||||||
+ t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports)
|
+ t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports)
|
||||||
+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
|
+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
|
||||||
@ -7874,16 +7874,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ mypolicy.set_out_tcp(0,"8000")
|
+ mypolicy.set_out_tcp(0,"8000")
|
||||||
+ print mypolicy.generate(tmpdir)
|
+ print mypolicy.generate(tmpdir)
|
||||||
+
|
+
|
||||||
+ mypolicy = policy("mycgi", SANDBOX)
|
|
||||||
+ mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000")
|
|
||||||
+ mypolicy.set_in_udp(1, 0, 0, "1513")
|
|
||||||
+ mypolicy.set_use_uid(True)
|
|
||||||
+ mypolicy.set_use_tmp(False)
|
|
||||||
+ mypolicy.set_use_syslog(True)
|
|
||||||
+ mypolicy.set_use_pam(True)
|
|
||||||
+ mypolicy.set_out_tcp(0,"8000")
|
|
||||||
+ print mypolicy.generate(tmpdir)
|
|
||||||
+
|
|
||||||
+ mypolicy = policy("myinetd", INETD)
|
+ mypolicy = policy("myinetd", INETD)
|
||||||
+ mypolicy.set_program("/usr/bin/mytest")
|
+ mypolicy.set_program("/usr/bin/mytest")
|
||||||
+ mypolicy.set_in_tcp(1, 0, 0, "513")
|
+ mypolicy.set_in_tcp(1, 0, 0, "513")
|
||||||
@ -7939,6 +7929,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||||||
+ mypolicy.set_transition_users(["unconfined_u", "staff_u"])
|
+ mypolicy.set_transition_users(["unconfined_u", "staff_u"])
|
||||||
+ print mypolicy.generate(tmpdir)
|
+ print mypolicy.generate(tmpdir)
|
||||||
+
|
+
|
||||||
|
+ mypolicy = policy("mysandbox", SANDBOX)
|
||||||
|
+ mypolicy.set_out_udp(0, "993")
|
||||||
|
+ print mypolicy.generate("/tmp")
|
||||||
|
+
|
||||||
+ mypolicy = policy("mydbadm", RUSER)
|
+ mypolicy = policy("mydbadm", RUSER)
|
||||||
+ mypolicy.set_admin_domains(["postgresql", "mysql"])
|
+ mypolicy.set_admin_domains(["postgresql", "mysql"])
|
||||||
+ print mypolicy.generate(tmpdir)
|
+ print mypolicy.generate(tmpdir)
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
Summary: SELinux policy core utilities
|
Summary: SELinux policy core utilities
|
||||||
Name: policycoreutils
|
Name: policycoreutils
|
||||||
Version: 2.0.85
|
Version: 2.0.85
|
||||||
Release: 10%{?dist}
|
Release: 11%{?dist}
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
# Based on git repository with tag 20101221
|
# Based on git repository with tag 20101221
|
||||||
@ -329,7 +329,10 @@ fi
|
|||||||
exit 0
|
exit 0
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-10
|
* Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-11
|
||||||
|
- Fix sandbox policy creation with udp connect ports
|
||||||
|
|
||||||
|
* Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-10
|
||||||
- Cleaup selinux-polgengui to be a little more modern, fix comments and use selected name
|
- Cleaup selinux-polgengui to be a little more modern, fix comments and use selected name
|
||||||
- Cleanup chcat man page
|
- Cleanup chcat man page
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user