trunk: inetd update from dan.

2008-08-29 13:21:53 +00:00 · 2008-08-29 13:21:53 +00:00 · 24af9b1d34
commit 24af9b1d34
parent e4171e8048
2 changed files with 21 additions and 1 deletions
--- a/policy/modules/services/inetd.if
+++ b/policy/modules/services/inetd.if
@ -115,6 +115,11 @@ interface(`inetd_service_domain',`

 	allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
 	allow $1 inetd_t:udp_socket rw_socket_perms;
+
+	# encrypt the service through stunnel
+	optional_policy(`
+		stunnel_service_domain($1, $2)
+	')
 ')

 ########################################
--- a/policy/modules/services/inetd.te
+++ b/policy/modules/services/inetd.te
@ -1,5 +1,5 @@

-policy_module(inetd, 1.7.0)
+policy_module(inetd, 1.7.1)

 ########################################
 #
@ -30,6 +30,10 @@ files_tmp_file(inetd_child_tmp_t)
 type inetd_child_var_run_t;
 files_pid_file(inetd_child_var_run_t)

+ifdef(`enable_mcs',`
+	init_ranged_daemon_domain(inetd_t, inetd_exec_t,s0 - mcs_systemhigh)
+')
+
 ########################################
 #
 # Local policy
@ -59,6 +63,8 @@ kernel_read_proc_symlinks(inetd_t)
 kernel_read_system_state(inetd_t)
 kernel_tcp_recvfrom_unlabeled(inetd_t)

+corecmd_bin_domtrans(inetd_t, inetd_child_t)
+
 # base networking:
 corenet_all_recvfrom_unlabeled(inetd_t)
 corenet_all_recvfrom_netlabel(inetd_t)
@ -84,6 +90,7 @@ corenet_tcp_bind_ftp_port(inetd_t)
 corenet_udp_bind_ftp_port(inetd_t)
 corenet_tcp_bind_inetd_child_port(inetd_t)
 corenet_udp_bind_inetd_child_port(inetd_t)
+corenet_tcp_bind_ircd_port(inetd_t)
 corenet_udp_bind_ktalkd_port(inetd_t)
 corenet_tcp_bind_printer_port(inetd_t)
 corenet_udp_bind_rlogind_port(inetd_t)
@ -105,6 +112,7 @@ corenet_sendrecv_comsat_server_packets(inetd_t)
 corenet_sendrecv_dbskkd_server_packets(inetd_t)
 corenet_sendrecv_ftp_server_packets(inetd_t)
 corenet_sendrecv_inetd_child_server_packets(inetd_t)
+corenet_sendrecv_ircd_server_packets(inetd_t)
 corenet_sendrecv_ktalkd_server_packets(inetd_t)
 corenet_sendrecv_printer_server_packets(inetd_t)
 corenet_sendrecv_rsh_server_packets(inetd_t)
@ -148,10 +156,17 @@ userdom_dontaudit_use_unpriv_user_fds(inetd_t)

 sysadm_dontaudit_search_home_dirs(inetd_t)

+ifdef(`distro_redhat',`
+	optional_policy(`
+		unconfined_domain(inetd_t)
+	')
+')
+
 ifdef(`enable_mls',`
 	corenet_tcp_recvfrom_netlabel(inetd_t)
 	corenet_udp_recvfrom_netlabel(inetd_t)
 ')
+
 optional_policy(`
 	amanda_search_lib(inetd_t)
 ')