Add back missing s0 on network_port().
This commit is contained in:
parent
09b92dcc3c
commit
4af2b3fb98
13
policy/mls
13
policy/mls
@ -203,6 +203,19 @@ mlsconstrain { tcp_socket udp_socket rawip_socket } recvfrom
|
|||||||
(( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
|
(( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
|
||||||
( t1 == mlsnetread ));
|
( t1 == mlsnetread ));
|
||||||
|
|
||||||
|
# UNIX domain socket ops
|
||||||
|
mlsconstrain unix_stream_socket connectto
|
||||||
|
(( l1 eq l2 ) or
|
||||||
|
(( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
|
||||||
|
(( t1 == mlsnetwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
|
||||||
|
( t1 == mlsnetwrite ));
|
||||||
|
|
||||||
|
mlsconstrain unix_dgram_socket sendto
|
||||||
|
(( l1 eq l2 ) or
|
||||||
|
(( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
|
||||||
|
(( t1 == mlsnetwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
|
||||||
|
( t1 == mlsnetwrite ));
|
||||||
|
|
||||||
# these access vectors have no MLS restrictions
|
# these access vectors have no MLS restrictions
|
||||||
# { socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket } { ioctl create lock append bind sendto send_msg name_bind }
|
# { socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket } { ioctl create lock append bind sendto send_msg name_bind }
|
||||||
#
|
#
|
||||||
|
@ -109,7 +109,7 @@ network_port(hddtemp, tcp,7634,s0)
|
|||||||
network_port(howl, tcp,5335,s0, udp,5353,s0)
|
network_port(howl, tcp,5335,s0, udp,5353,s0)
|
||||||
network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
|
network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
|
||||||
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
|
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
|
||||||
network_port(http_cache, tcp,3128,s0, udp,3130,s0, tcp,8080,s0, tcp,8118,s0, tcp,10001-10010) # 8118 is for privoxy
|
network_port(http_cache, tcp,3128,s0, udp,3130,s0, tcp,8080,s0, tcp,8118,s0, tcp,10001-10010,s0) # 8118 is for privoxy
|
||||||
network_port(i18n_input, tcp,9010,s0)
|
network_port(i18n_input, tcp,9010,s0)
|
||||||
network_port(imaze, tcp,5323,s0, udp,5323,s0)
|
network_port(imaze, tcp,5323,s0, udp,5323,s0)
|
||||||
network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
|
network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
|
||||||
|
Loading…
Reference in New Issue
Block a user