Add port def for gear port

This commit is contained in:
Miroslav Grepl 2014-03-28 08:57:07 +01:00
parent f8f75f94a2
commit 2a72be0928

View File

@ -5411,7 +5411,7 @@ index 8e0f9cd..b9f45b9 100644
define(`create_packet_interfaces',`` define(`create_packet_interfaces',``
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index b191055..11bfc30 100644 index b191055..dd4a176 100644
--- a/policy/modules/kernel/corenetwork.te.in --- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in +++ b/policy/modules/kernel/corenetwork.te.in
@@ -5,6 +5,7 @@ policy_module(corenetwork, 1.19.2) @@ -5,6 +5,7 @@ policy_module(corenetwork, 1.19.2)
@ -5485,7 +5485,7 @@ index b191055..11bfc30 100644
# reserved_port_t is the type of INET port numbers below 1024. # reserved_port_t is the type of INET port numbers below 1024.
# #
type reserved_port_t, port_type, reserved_port_type; type reserved_port_t, port_type, reserved_port_type;
@@ -84,55 +107,67 @@ network_port(amanda, udp,10080-10082,s0, tcp,10080-10083,s0) @@ -84,55 +107,68 @@ network_port(amanda, udp,10080-10082,s0, tcp,10080-10083,s0)
network_port(amavisd_recv, tcp,10024,s0) network_port(amavisd_recv, tcp,10024,s0)
network_port(amavisd_send, tcp,10025,s0) network_port(amavisd_send, tcp,10025,s0)
network_port(amqp, udp,5671-5672,s0, tcp,5671-5672,s0) network_port(amqp, udp,5671-5672,s0, tcp,5671-5672,s0)
@ -5551,6 +5551,7 @@ index b191055..11bfc30 100644
+network_port(ftp, tcp,21,s0, tcp,989,s0, udp,989,s0, tcp,990,s0, udp,990,s0) +network_port(ftp, tcp,21,s0, tcp,989,s0, udp,989,s0, tcp,990,s0, udp,990,s0)
network_port(ftp_data, tcp,20,s0) network_port(ftp_data, tcp,20,s0)
network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0) network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
+network_port(gear, tcp,43273,s0, udp,43273,s0)
network_port(gdomap, tcp,538,s0, udp,538,s0) network_port(gdomap, tcp,538,s0, udp,538,s0)
network_port(gds_db, tcp,3050,s0, udp,3050,s0) network_port(gds_db, tcp,3050,s0, udp,3050,s0)
network_port(giftd, tcp,1213,s0) network_port(giftd, tcp,1213,s0)
@ -5561,7 +5562,7 @@ index b191055..11bfc30 100644
network_port(gopher, tcp,70,s0, udp,70,s0) network_port(gopher, tcp,70,s0, udp,70,s0)
network_port(gpsd, tcp,2947,s0) network_port(gpsd, tcp,2947,s0)
network_port(hadoop_datanode, tcp,50010,s0) network_port(hadoop_datanode, tcp,50010,s0)
@@ -140,45 +175,52 @@ network_port(hadoop_namenode, tcp,8020,s0) @@ -140,45 +176,52 @@ network_port(hadoop_namenode, tcp,8020,s0)
network_port(hddtemp, tcp,7634,s0) network_port(hddtemp, tcp,7634,s0)
network_port(howl, tcp,5335,s0, udp,5353,s0) network_port(howl, tcp,5335,s0, udp,5353,s0)
network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0) network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0)
@ -5628,7 +5629,7 @@ index b191055..11bfc30 100644
network_port(msnp, tcp,1863,s0, udp,1863,s0) network_port(msnp, tcp,1863,s0, udp,1863,s0)
network_port(mssql, tcp,1433-1434,s0, udp,1433-1434,s0) network_port(mssql, tcp,1433-1434,s0, udp,1433-1434,s0)
network_port(ms_streaming, tcp,1755,s0, udp,1755,s0) network_port(ms_streaming, tcp,1755,s0, udp,1755,s0)
@@ -186,26 +228,36 @@ network_port(munin, tcp,4949,s0, udp,4949,s0) @@ -186,26 +229,36 @@ network_port(munin, tcp,4949,s0, udp,4949,s0)
network_port(mxi, tcp,8005,s0, udp,8005,s0) network_port(mxi, tcp,8005,s0, udp,8005,s0)
network_port(mysqld, tcp,1186,s0, tcp,3306,s0, tcp,63132-63164,s0) network_port(mysqld, tcp,1186,s0, tcp,3306,s0, tcp,63132-63164,s0)
network_port(mysqlmanagerd, tcp,2273,s0) network_port(mysqlmanagerd, tcp,2273,s0)
@ -5669,7 +5670,7 @@ index b191055..11bfc30 100644
network_port(portmap, udp,111,s0, tcp,111,s0) network_port(portmap, udp,111,s0, tcp,111,s0)
network_port(postfix_policyd, tcp,10031,s0) network_port(postfix_policyd, tcp,10031,s0)
network_port(postgresql, tcp,5432,s0) network_port(postgresql, tcp,5432,s0)
@@ -215,52 +267,59 @@ network_port(prelude, tcp,4690,s0, udp,4690,s0) @@ -215,52 +268,59 @@ network_port(prelude, tcp,4690,s0, udp,4690,s0)
network_port(presence, tcp,5298-5299,s0, udp,5298-5299,s0) network_port(presence, tcp,5298-5299,s0, udp,5298-5299,s0)
network_port(printer, tcp,515,s0) network_port(printer, tcp,515,s0)
network_port(ptal, tcp,5703,s0) network_port(ptal, tcp,5703,s0)
@ -5738,7 +5739,7 @@ index b191055..11bfc30 100644
network_port(transproxy, tcp,8081,s0) network_port(transproxy, tcp,8081,s0)
network_port(trisoap, tcp,10200,s0, udp,10200,s0) network_port(trisoap, tcp,10200,s0, udp,10200,s0)
network_port(trivnet1, tcp, 8200, s0, udp, 8200, s0) network_port(trivnet1, tcp, 8200, s0, udp, 8200, s0)
@@ -271,10 +330,10 @@ network_port(varnishd, tcp,6081-6082,s0) @@ -271,10 +331,10 @@ network_port(varnishd, tcp,6081-6082,s0)
network_port(virt, tcp,16509,s0, udp,16509,s0, tcp,16514,s0, udp,16514,s0) network_port(virt, tcp,16509,s0, udp,16509,s0, tcp,16514,s0, udp,16514,s0)
network_port(virtual_places, tcp,1533,s0, udp,1533,s0) network_port(virtual_places, tcp,1533,s0, udp,1533,s0)
network_port(virt_migration, tcp,49152-49216,s0) network_port(virt_migration, tcp,49152-49216,s0)
@ -5751,7 +5752,7 @@ index b191055..11bfc30 100644
network_port(winshadow, tcp,3161,s0, udp,3261,s0) network_port(winshadow, tcp,3161,s0, udp,3261,s0)
network_port(wsdapi, tcp,5357,s0, udp,5357,s0) network_port(wsdapi, tcp,5357,s0, udp,5357,s0)
network_port(wsicopy, tcp,3378,s0, udp,3378,s0) network_port(wsicopy, tcp,3378,s0, udp,3378,s0)
@@ -288,19 +347,23 @@ network_port(zabbix_agent, tcp,10050,s0) @@ -288,19 +348,23 @@ network_port(zabbix_agent, tcp,10050,s0)
network_port(zookeeper_client, tcp,2181,s0) network_port(zookeeper_client, tcp,2181,s0)
network_port(zookeeper_election, tcp,3888,s0) network_port(zookeeper_election, tcp,3888,s0)
network_port(zookeeper_leader, tcp,2888,s0) network_port(zookeeper_leader, tcp,2888,s0)
@ -5778,7 +5779,7 @@ index b191055..11bfc30 100644
######################################## ########################################
# #
@@ -333,6 +396,8 @@ sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh) @@ -333,6 +397,8 @@ sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
build_option(`enable_mls',` build_option(`enable_mls',`
network_interface(lo, lo, s0 - mls_systemhigh) network_interface(lo, lo, s0 - mls_systemhigh)
@ -5787,7 +5788,7 @@ index b191055..11bfc30 100644
',` ',`
typealias netif_t alias { lo_netif_t netif_lo_t }; typealias netif_t alias { lo_netif_t netif_lo_t };
') ')
@@ -345,9 +410,28 @@ typealias netif_t alias { lo_netif_t netif_lo_t }; @@ -345,9 +411,28 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
allow corenet_unconfined_type node_type:node *; allow corenet_unconfined_type node_type:node *;
allow corenet_unconfined_type netif_type:netif *; allow corenet_unconfined_type netif_type:netif *;
allow corenet_unconfined_type packet_type:packet *; allow corenet_unconfined_type packet_type:packet *;