rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

trivial fix for netutils from dan

Browse Source
This commit is contained in:
Chris PeBenito 2007-04-30 14:44:04 +00:00
parent 7487a66705
commit 27c570f755
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
policy/modules/admin/netutils.te
View File

@ -1,5 +1,5 @@
policy_module(netutils,1.4.0) policy_module(netutils,1.4.1)
######################################## ########################################
# #
@ -40,6 +40,7 @@ role system_r types traceroute_t;
# Perform network administration operations and have raw access to the network. # Perform network administration operations and have raw access to the network.
allow netutils_t self:capability { net_admin net_raw setuid setgid }; allow netutils_t self:capability { net_admin net_raw setuid setgid };
dontaudit netutils_t self:capability sys_tty_config;
allow netutils_t self:process { sigkill sigstop signull signal }; allow netutils_t self:process { sigkill sigstop signull signal };
allow netutils_t self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_write read write }; allow netutils_t self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_write read write };
allow netutils_t self:packet_socket create_socket_perms; allow netutils_t self:packet_socket create_socket_perms;
@ -132,6 +133,8 @@ libs_use_shared_libs(ping_t)
logging_send_syslog_msg(ping_t) logging_send_syslog_msg(ping_t)
miscfiles_read_localization(ping_t)
sysnet_read_config(ping_t) sysnet_read_config(ping_t)
sysnet_dns_name_resolve(ping_t) sysnet_dns_name_resolve(ping_t)