selinux-policy/strict/macros/program/ypbind_macros.te

21 lines
563 B
Plaintext
Raw Normal View History

2005-04-29 17:45:15 +00:00
define(`uncond_can_ypbind', `
can_network($1)
r_dir_file($1,var_yp_t)
allow $1 { reserved_port_t port_t }:{ tcp_socket udp_socket } name_bind;
2005-09-15 21:03:45 +00:00
allow $1 { portmap_port_t reserved_port_t port_t }:tcp_socket name_connect;
2005-04-29 17:45:15 +00:00
dontaudit $1 self:capability net_bind_service;
2005-09-15 21:03:45 +00:00
dontaudit $1 reserved_port_type:tcp_socket name_connect;
dontaudit $1 reserved_port_type:{ tcp_socket udp_socket } name_bind;
2005-04-29 17:45:15 +00:00
')
define(`can_ypbind', `
ifdef(`ypbind.te', `
if (allow_ypbind) {
uncond_can_ypbind($1)
} else {
dontaudit $1 var_yp_t:dir search;
}
') dnl ypbind.te
') dnl can_ypbind