initial packet rules
This commit is contained in:
Chris PeBenito
parent
c5657a262b
commit
378d5cda05
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(avahi,1.2.2)
|
||||
policy_module(avahi,1.2.3)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -49,6 +49,8 @@ corenet_tcp_bind_all_nodes(avahi_t)
|
||||
corenet_udp_bind_all_nodes(avahi_t)
|
||||
corenet_tcp_bind_howl_port(avahi_t)
|
||||
corenet_udp_bind_howl_port(avahi_t)
|
||||
corenet_send_howl_client_packets(avahi_t)
|
||||
corenet_receive_howl_server_packets(avahi_t)
|
||||
|
||||
dev_read_sysfs(avahi_t)
|
||||
dev_read_urand(avahi_t)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(cups,1.3.4)
|
||||
policy_module(cups,1.3.5)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -144,6 +144,7 @@ corenet_udp_bind_ipp_port(cupsd_t)
|
||||
corenet_tcp_bind_reserved_port(cupsd_t)
|
||||
corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
|
||||
corenet_tcp_connect_all_ports(cupsd_t)
|
||||
corenet_sendrecv_hplip_client_packets(cupsd_t)
|
||||
|
||||
dev_rw_printer(cupsd_t)
|
||||
dev_read_urand(cupsd_t)
|
||||
@ -419,6 +420,8 @@ corenet_udp_bind_all_nodes(hplip_t)
|
||||
corenet_tcp_bind_hplip_port(hplip_t)
|
||||
corenet_tcp_connect_hplip_port(hplip_t)
|
||||
corenet_tcp_connect_ipp_port(hplip_t)
|
||||
corenet_sendrecv_hplip_client_packets(hplip_t)
|
||||
corenet_receive_hplip_client_packets(hplip_t)
|
||||
|
||||
dev_read_sysfs(hplip_t)
|
||||
dev_rw_printer(hplip_t)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(portmap,1.2.1)
|
||||
policy_module(portmap,1.2.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -47,20 +47,20 @@ kernel_list_proc(portmap_t)
|
||||
kernel_read_proc_symlinks(portmap_t)
|
||||
kernel_tcp_recvfrom(portmap_t)
|
||||
|
||||
corenet_non_ipsec_sendrecv(portmap_t)
|
||||
corenet_tcp_sendrecv_all_if(portmap_t)
|
||||
corenet_udp_sendrecv_all_if(portmap_t)
|
||||
corenet_raw_sendrecv_all_if(portmap_t)
|
||||
corenet_tcp_sendrecv_all_nodes(portmap_t)
|
||||
corenet_udp_sendrecv_all_nodes(portmap_t)
|
||||
corenet_raw_sendrecv_all_nodes(portmap_t)
|
||||
corenet_tcp_sendrecv_all_ports(portmap_t)
|
||||
corenet_udp_sendrecv_all_ports(portmap_t)
|
||||
corenet_non_ipsec_sendrecv(portmap_t)
|
||||
corenet_tcp_bind_all_nodes(portmap_t)
|
||||
corenet_udp_bind_all_nodes(portmap_t)
|
||||
corenet_tcp_bind_portmap_port(portmap_t)
|
||||
corenet_udp_bind_portmap_port(portmap_t)
|
||||
corenet_tcp_connect_all_ports(portmap_t)
|
||||
corenet_sendrecv_portmap_client_packets(portmap_t)
|
||||
corenet_receive_portmap_server_packets(portmap_t)
|
||||
# portmap binds to arbitary ports
|
||||
corenet_tcp_bind_generic_port(portmap_t)
|
||||
corenet_udp_bind_generic_port(portmap_t)
|
||||
|
||||
@ -52,20 +52,19 @@ template(`rpc_domain_template', `
|
||||
|
||||
dev_read_sysfs($1_t)
|
||||
|
||||
corenet_non_ipsec_sendrecv($1_t)
|
||||
corenet_tcp_sendrecv_all_if($1_t)
|
||||
corenet_udp_sendrecv_all_if($1_t)
|
||||
corenet_raw_sendrecv_all_if($1_t)
|
||||
corenet_tcp_sendrecv_all_nodes($1_t)
|
||||
corenet_udp_sendrecv_all_nodes($1_t)
|
||||
corenet_raw_sendrecv_all_nodes($1_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_t)
|
||||
corenet_udp_sendrecv_all_ports($1_t)
|
||||
corenet_non_ipsec_sendrecv($1_t)
|
||||
corenet_tcp_bind_all_nodes($1_t)
|
||||
corenet_udp_bind_all_nodes($1_t)
|
||||
corenet_tcp_bind_reserved_port($1_t)
|
||||
corenet_tcp_bind_reserved_port($1_t)
|
||||
corenet_tcp_connect_all_ports($1_t)
|
||||
corenet_sendrecv_portmap_client_packets($1_t)
|
||||
# do not log when it tries to bind to a port belonging to another domain
|
||||
corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
|
||||
corenet_dontaudit_udp_bind_all_reserved_ports($1_t)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(rpc,1.2.4)
|
||||
policy_module(rpc,1.2.5)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
Loading…
Reference in New Issue
Block a user