selinux-policy/strict/net_contexts

250 lines
11 KiB
Plaintext
Raw Normal View History

2005-04-29 17:45:15 +00:00
# FLASK
#
# Security contexts for network entities
# If no context is specified, then a default initial SID is used.
#
# Modified by Reino Wallin <reino@oribium.com>
# Multi NIC, and IPSEC features
# Modified by Russell Coker
# ifdefs to encapsulate domains, and many additional port contexts
#
# Port numbers (default = initial SID "port")
#
# protocol number context
# protocol low-high context
#
portcon tcp 7 system_u:object_r:inetd_child_port_t
portcon udp 7 system_u:object_r:inetd_child_port_t
portcon tcp 9 system_u:object_r:inetd_child_port_t
portcon udp 9 system_u:object_r:inetd_child_port_t
portcon tcp 13 system_u:object_r:inetd_child_port_t
portcon udp 13 system_u:object_r:inetd_child_port_t
portcon tcp 19 system_u:object_r:inetd_child_port_t
portcon udp 19 system_u:object_r:inetd_child_port_t
portcon tcp 37 system_u:object_r:inetd_child_port_t
portcon udp 37 system_u:object_r:inetd_child_port_t
portcon tcp 113 system_u:object_r:auth_port_t
2005-04-29 17:45:15 +00:00
portcon tcp 512 system_u:object_r:inetd_child_port_t
portcon tcp 543 system_u:object_r:inetd_child_port_t
portcon tcp 544 system_u:object_r:inetd_child_port_t
portcon tcp 891 system_u:object_r:inetd_child_port_t
portcon udp 891 system_u:object_r:inetd_child_port_t
portcon tcp 892 system_u:object_r:inetd_child_port_t
portcon udp 892 system_u:object_r:inetd_child_port_t
portcon tcp 2105 system_u:object_r:inetd_child_port_t
portcon tcp 20 system_u:object_r:ftp_data_port_t
portcon tcp 21 system_u:object_r:ftp_port_t
2005-09-13 13:06:07 +00:00
portcon tcp 22 system_u:object_r:ssh_port_t
portcon tcp 23 system_u:object_r:telnetd_port_t
2005-04-29 17:45:15 +00:00
portcon tcp 25 system_u:object_r:smtp_port_t
portcon tcp 465 system_u:object_r:smtp_port_t
portcon tcp 587 system_u:object_r:smtp_port_t
2005-09-13 13:06:07 +00:00
portcon udp 500 system_u:object_r:isakmp_port_t
2005-04-29 17:45:15 +00:00
portcon udp 53 system_u:object_r:dns_port_t
portcon tcp 53 system_u:object_r:dns_port_t
2005-09-13 13:06:07 +00:00
portcon udp 67 system_u:object_r:dhcpd_port_t
portcon udp 68 system_u:object_r:dhcpc_port_t
portcon udp 70 system_u:object_r:gopher_port_t
portcon tcp 70 system_u:object_r:gopher_port_t
portcon udp 69 system_u:object_r:tftp_port_t
portcon tcp 79 system_u:object_r:fingerd_port_t
2005-04-29 17:45:15 +00:00
portcon tcp 80 system_u:object_r:http_port_t
portcon tcp 443 system_u:object_r:http_port_t
2005-09-13 13:06:07 +00:00
portcon tcp 488 system_u:object_r:http_port_t
portcon tcp 8008 system_u:object_r:http_port_t
2005-04-29 17:45:15 +00:00
portcon tcp 106 system_u:object_r:pop_port_t
portcon tcp 109 system_u:object_r:pop_port_t
portcon tcp 110 system_u:object_r:pop_port_t
2005-09-13 13:06:07 +00:00
portcon tcp 143 system_u:object_r:pop_port_t
portcon tcp 220 system_u:object_r:pop_port_t
portcon tcp 993 system_u:object_r:pop_port_t
portcon tcp 995 system_u:object_r:pop_port_t
portcon tcp 1109 system_u:object_r:pop_port_t
2005-04-29 17:45:15 +00:00
portcon udp 111 system_u:object_r:portmap_port_t
portcon tcp 111 system_u:object_r:portmap_port_t
2005-09-13 13:06:07 +00:00
portcon tcp 119 system_u:object_r:innd_port_t
portcon udp 123 system_u:object_r:ntp_port_t
2005-04-29 17:45:15 +00:00
portcon tcp 137 system_u:object_r:smbd_port_t
portcon udp 137 system_u:object_r:nmbd_port_t
portcon tcp 138 system_u:object_r:smbd_port_t
portcon udp 138 system_u:object_r:nmbd_port_t
portcon tcp 139 system_u:object_r:smbd_port_t
portcon udp 139 system_u:object_r:nmbd_port_t
portcon tcp 445 system_u:object_r:smbd_port_t
2005-09-13 13:06:07 +00:00
2005-04-29 17:45:15 +00:00
portcon udp 161 system_u:object_r:snmp_port_t
portcon udp 162 system_u:object_r:snmp_port_t
portcon tcp 199 system_u:object_r:snmp_port_t
portcon udp 512 system_u:object_r:comsat_port_t
2005-09-13 13:06:07 +00:00
2005-04-29 17:45:15 +00:00
portcon tcp 389 system_u:object_r:ldap_port_t
portcon udp 389 system_u:object_r:ldap_port_t
portcon tcp 636 system_u:object_r:ldap_port_t
portcon udp 636 system_u:object_r:ldap_port_t
2005-09-13 13:06:07 +00:00
portcon tcp 513 system_u:object_r:rlogind_port_t
portcon tcp 514 system_u:object_r:rsh_port_t
portcon tcp 515 system_u:object_r:printer_port_t
2005-04-29 17:45:15 +00:00
portcon udp 514 system_u:object_r:syslogd_port_t
portcon udp 517 system_u:object_r:ktalkd_port_t
portcon udp 518 system_u:object_r:ktalkd_port_t
portcon tcp 631 system_u:object_r:ipp_port_t
portcon udp 631 system_u:object_r:ipp_port_t
portcon tcp 88 system_u:object_r:kerberos_port_t
portcon udp 88 system_u:object_r:kerberos_port_t
portcon tcp 464 system_u:object_r:kerberos_admin_port_t
portcon udp 464 system_u:object_r:kerberos_admin_port_t
portcon tcp 749 system_u:object_r:kerberos_admin_port_t
portcon tcp 750 system_u:object_r:kerberos_port_t
portcon udp 750 system_u:object_r:kerberos_port_t
portcon tcp 4444 system_u:object_r:kerberos_master_port_t
portcon udp 4444 system_u:object_r:kerberos_master_port_t
2005-09-13 13:06:07 +00:00
portcon tcp 783 system_u:object_r:spamd_port_t
portcon tcp 540 system_u:object_r:uucpd_port_t
portcon tcp 2401 system_u:object_r:cvs_port_t
portcon udp 2401 system_u:object_r:cvs_port_t
2005-04-29 17:45:15 +00:00
portcon tcp 873 system_u:object_r:rsync_port_t
portcon udp 873 system_u:object_r:rsync_port_t
2005-09-13 13:06:07 +00:00
portcon tcp 901 system_u:object_r:swat_port_t
portcon tcp 953 system_u:object_r:rndc_port_t
portcon tcp 1213 system_u:object_r:giftd_port_t
portcon tcp 1241 system_u:object_r:nessus_port_t
portcon tcp 1234 system_u:object_r:monopd_port_t
2005-04-29 17:45:15 +00:00
portcon udp 1645 system_u:object_r:radius_port_t
portcon udp 1646 system_u:object_r:radacct_port_t
portcon udp 1812 system_u:object_r:radius_port_t
portcon udp 1813 system_u:object_r:radacct_port_t
portcon udp 1718 system_u:object_r:gatekeeper_port_t
portcon udp 1719 system_u:object_r:gatekeeper_port_t
portcon tcp 1721 system_u:object_r:gatekeeper_port_t
portcon tcp 7000 system_u:object_r:gatekeeper_port_t
2005-09-13 13:06:07 +00:00
portcon tcp 2040 system_u:object_r:afs_fs_port_t
portcon udp 7000 system_u:object_r:afs_fs_port_t
portcon udp 7002 system_u:object_r:afs_pt_port_t
portcon udp 7003 system_u:object_r:afs_vl_port_t
portcon udp 7004 system_u:object_r:afs_ka_port_t
portcon udp 7005 system_u:object_r:afs_fs_port_t
portcon udp 7007 system_u:object_r:afs_bos_port_t
2005-04-29 17:45:15 +00:00
portcon tcp 1720 system_u:object_r:asterisk_port_t
portcon udp 2427 system_u:object_r:asterisk_port_t
portcon udp 2727 system_u:object_r:asterisk_port_t
portcon udp 4569 system_u:object_r:asterisk_port_t
portcon udp 5060 system_u:object_r:asterisk_port_t
portcon tcp 2000 system_u:object_r:mail_port_t
2005-09-13 13:06:07 +00:00
portcon tcp 2601 system_u:object_r:zebra_port_t
portcon tcp 2628 system_u:object_r:dict_port_t
portcon tcp 3306 system_u:object_r:mysqld_port_t
portcon tcp 3632 system_u:object_r:distccd_port_t
portcon udp 4011 system_u:object_r:pxe_port_t
portcon udp 5000 system_u:object_r:openvpn_port_t
2005-04-29 17:45:15 +00:00
portcon tcp 5323 system_u:object_r:imaze_port_t
portcon udp 5323 system_u:object_r:imaze_port_t
portcon tcp 5335 system_u:object_r:howl_port_t
portcon udp 5353 system_u:object_r:howl_port_t
portcon tcp 5222 system_u:object_r:jabber_client_port_t
portcon tcp 5223 system_u:object_r:jabber_client_port_t
portcon tcp 5269 system_u:object_r:jabber_interserver_port_t
2005-09-13 13:06:07 +00:00
portcon tcp 5432 system_u:object_r:postgresql_port_t
portcon tcp 5666 system_u:object_r:inetd_child_port_t
portcon tcp 5703 system_u:object_r:ptal_port_t
portcon tcp 50000 system_u:object_r:hplip_port_t
portcon tcp 50002 system_u:object_r:hplip_port_t
2005-04-29 17:45:15 +00:00
portcon tcp 5900 system_u:object_r:vnc_port_t
portcon tcp 6000 system_u:object_r:xserver_port_t
portcon tcp 6001 system_u:object_r:xserver_port_t
portcon tcp 6002 system_u:object_r:xserver_port_t
portcon tcp 6003 system_u:object_r:xserver_port_t
portcon tcp 6004 system_u:object_r:xserver_port_t
portcon tcp 6005 system_u:object_r:xserver_port_t
portcon tcp 6006 system_u:object_r:xserver_port_t
portcon tcp 6007 system_u:object_r:xserver_port_t
portcon tcp 6008 system_u:object_r:xserver_port_t
portcon tcp 6009 system_u:object_r:xserver_port_t
portcon tcp 6010 system_u:object_r:xserver_port_t
portcon tcp 6011 system_u:object_r:xserver_port_t
portcon tcp 6012 system_u:object_r:xserver_port_t
portcon tcp 6013 system_u:object_r:xserver_port_t
portcon tcp 6014 system_u:object_r:xserver_port_t
portcon tcp 6015 system_u:object_r:xserver_port_t
portcon tcp 6016 system_u:object_r:xserver_port_t
portcon tcp 6017 system_u:object_r:xserver_port_t
portcon tcp 6018 system_u:object_r:xserver_port_t
portcon tcp 6019 system_u:object_r:xserver_port_t
2005-09-13 13:06:07 +00:00
portcon tcp 6667 system_u:object_r:ircd_port_t
2005-04-29 17:45:15 +00:00
portcon tcp 8000 system_u:object_r:soundd_port_t
# 9433 is for YIFF
portcon tcp 9433 system_u:object_r:soundd_port_t
portcon tcp 3128 system_u:object_r:http_cache_port_t
portcon tcp 8080 system_u:object_r:http_cache_port_t
portcon udp 3130 system_u:object_r:http_cache_port_t
2005-09-13 13:06:07 +00:00
# 8118 is for privoxy
portcon tcp 8118 system_u:object_r:http_cache_port_t
portcon udp 4041 system_u:object_r:clockspeed_port_t
portcon tcp 8081 system_u:object_r:transproxy_port_t
2005-04-29 17:45:15 +00:00
portcon udp 10080 system_u:object_r:amanda_port_t
portcon tcp 10080 system_u:object_r:amanda_port_t
portcon udp 10081 system_u:object_r:amanda_port_t
portcon tcp 10081 system_u:object_r:amanda_port_t
portcon tcp 10082 system_u:object_r:amanda_port_t
portcon tcp 10083 system_u:object_r:amanda_port_t
2005-09-13 13:06:07 +00:00
portcon tcp 60000 system_u:object_r:postgrey_port_t
portcon tcp 10024 system_u:object_r:amavisd_recv_port_t
portcon tcp 10025 system_u:object_r:amavisd_send_port_t
portcon tcp 3310 system_u:object_r:clamd_port_t
portcon udp 6276 system_u:object_r:dcc_port_t
portcon udp 6277 system_u:object_r:dcc_port_t
portcon udp 24441 system_u:object_r:pyzor_port_t
portcon tcp 2703 system_u:object_r:razor_port_t
portcon tcp 8021 system_u:object_r:zope_port_t
2005-04-29 17:45:15 +00:00
# Defaults for reserved ports. Earlier portcon entries take precedence;
# these entries just cover any remaining reserved ports not otherwise
# declared or omitted due to removal of a domain.
portcon tcp 1-1023 system_u:object_r:reserved_port_t
portcon udp 1-1023 system_u:object_r:reserved_port_t
# Network interfaces (default = initial SID "netif" and "netmsg")
#
# interface netif_context default_msg_context
#
netifcon lo system_u:object_r:netif_lo_t system_u:object_r:unlabeled_t
netifcon eth0 system_u:object_r:netif_eth0_t system_u:object_r:unlabeled_t
netifcon eth1 system_u:object_r:netif_eth1_t system_u:object_r:unlabeled_t
netifcon eth2 system_u:object_r:netif_eth2_t system_u:object_r:unlabeled_t
netifcon ippp0 system_u:object_r:netif_ippp0_t system_u:object_r:unlabeled_t
netifcon ipsec0 system_u:object_r:netif_ipsec0_t system_u:object_r:unlabeled_t
netifcon ipsec1 system_u:object_r:netif_ipsec1_t system_u:object_r:unlabeled_t
netifcon ipsec2 system_u:object_r:netif_ipsec2_t system_u:object_r:unlabeled_t
# Nodes (default = initial SID "node")
#
# address mask context
#
nodecon 127.0.0.1 255.255.255.255 system_u:object_r:node_lo_t
nodecon 0.0.0.0 255.255.255.255 system_u:object_r:node_inaddr_any_t
nodecon :: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system_u:object_r:node_unspec_t
nodecon ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system_u:object_r:node_lo_t
nodecon ff00:: ff00:: system_u:object_r:node_multicast_t
nodecon fe80:: ffff:ffff:ffff:ffff:: system_u:object_r:node_link_local_t
nodecon fec0:: ffc0:: system_u:object_r:node_site_local_t
nodecon :: ffff:ffff:ffff:ffff:ffff:ffff:: system_u:object_r:node_compat_ipv4_t
nodecon ::ffff:0000:0000 ffff:ffff:ffff:ffff:ffff:ffff:: system_u:object_r:node_mapped_ipv4_t
# FLASK