rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

trunk: inetd update from dan.

Browse Source
This commit is contained in:
Chris PeBenito 2008-08-29 13:21:53 +00:00
parent e4171e8048
commit 24af9b1d34
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
policy/modules/services/inetd.if
View File

@ -115,6 +115,11 @@ interface(`inetd_service_domain',`
allow $1 inetd_t:tcp_socket rw_stream_socket_perms; allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
allow $1 inetd_t:udp_socket rw_socket_perms; allow $1 inetd_t:udp_socket rw_socket_perms;
# encrypt the service through stunnel
optional_policy(`
stunnel_service_domain($1, $2)
')
') ')
######################################## ########################################

17
policy/modules/services/inetd.te
View File

@ -1,5 +1,5 @@
policy_module(inetd, 1.7.0) policy_module(inetd, 1.7.1)
######################################## ########################################
# #
@ -30,6 +30,10 @@ files_tmp_file(inetd_child_tmp_t)
type inetd_child_var_run_t; type inetd_child_var_run_t;
files_pid_file(inetd_child_var_run_t) files_pid_file(inetd_child_var_run_t)
ifdef(`enable_mcs',`
init_ranged_daemon_domain(inetd_t, inetd_exec_t,s0 - mcs_systemhigh)
')
######################################## ########################################
# #
# Local policy # Local policy
@ -59,6 +63,8 @@ kernel_read_proc_symlinks(inetd_t)
kernel_read_system_state(inetd_t) kernel_read_system_state(inetd_t)
kernel_tcp_recvfrom_unlabeled(inetd_t) kernel_tcp_recvfrom_unlabeled(inetd_t)
corecmd_bin_domtrans(inetd_t, inetd_child_t)
# base networking: # base networking:
corenet_all_recvfrom_unlabeled(inetd_t) corenet_all_recvfrom_unlabeled(inetd_t)
corenet_all_recvfrom_netlabel(inetd_t) corenet_all_recvfrom_netlabel(inetd_t)
@ -84,6 +90,7 @@ corenet_tcp_bind_ftp_port(inetd_t)
corenet_udp_bind_ftp_port(inetd_t) corenet_udp_bind_ftp_port(inetd_t)
corenet_tcp_bind_inetd_child_port(inetd_t) corenet_tcp_bind_inetd_child_port(inetd_t)
corenet_udp_bind_inetd_child_port(inetd_t) corenet_udp_bind_inetd_child_port(inetd_t)
corenet_tcp_bind_ircd_port(inetd_t)
corenet_udp_bind_ktalkd_port(inetd_t) corenet_udp_bind_ktalkd_port(inetd_t)
corenet_tcp_bind_printer_port(inetd_t) corenet_tcp_bind_printer_port(inetd_t)
corenet_udp_bind_rlogind_port(inetd_t) corenet_udp_bind_rlogind_port(inetd_t)
@ -105,6 +112,7 @@ corenet_sendrecv_comsat_server_packets(inetd_t)
corenet_sendrecv_dbskkd_server_packets(inetd_t) corenet_sendrecv_dbskkd_server_packets(inetd_t)
corenet_sendrecv_ftp_server_packets(inetd_t) corenet_sendrecv_ftp_server_packets(inetd_t)
corenet_sendrecv_inetd_child_server_packets(inetd_t) corenet_sendrecv_inetd_child_server_packets(inetd_t)
corenet_sendrecv_ircd_server_packets(inetd_t)
corenet_sendrecv_ktalkd_server_packets(inetd_t) corenet_sendrecv_ktalkd_server_packets(inetd_t)
corenet_sendrecv_printer_server_packets(inetd_t) corenet_sendrecv_printer_server_packets(inetd_t)
corenet_sendrecv_rsh_server_packets(inetd_t) corenet_sendrecv_rsh_server_packets(inetd_t)
@ -148,10 +156,17 @@ userdom_dontaudit_use_unpriv_user_fds(inetd_t)
sysadm_dontaudit_search_home_dirs(inetd_t) sysadm_dontaudit_search_home_dirs(inetd_t)
ifdef(`distro_redhat',`
optional_policy(`
unconfined_domain(inetd_t)
')
')
ifdef(`enable_mls',` ifdef(`enable_mls',`
corenet_tcp_recvfrom_netlabel(inetd_t) corenet_tcp_recvfrom_netlabel(inetd_t)
corenet_udp_recvfrom_netlabel(inetd_t) corenet_udp_recvfrom_netlabel(inetd_t)
') ')
optional_policy(` optional_policy(`
amanda_search_lib(inetd_t) amanda_search_lib(inetd_t)
') ')