More fixes for ephemeral.patch

This commit is contained in:
Miroslav 2011-09-27 19:22:20 +02:00
parent 988daeb615
commit 60e1106a6a

View File

@ -6,7 +6,7 @@ index 68929b9..3370160 100644
corenet_tcp_sendrecv_squid_port(mozilla_t)
corenet_tcp_connect_flash_port(mozilla_t)
corenet_tcp_sendrecv_ftp_port(mozilla_t)
+corenet_tcp_connect_ephemeral_ports(mozilla_t)
+corenet_tcp_connect_ephemeral_port(mozilla_t)
corenet_tcp_sendrecv_ipp_port(mozilla_t)
corenet_tcp_connect_http_port(mozilla_t)
corenet_tcp_connect_http_cache_port(mozilla_t)
@ -18,7 +18,7 @@ index 31c02d2..f61ee10 100644
corenet_tcp_connect_squid_port(sandbox_web_type)
corenet_tcp_connect_flash_port(sandbox_web_type)
corenet_tcp_connect_ftp_port(sandbox_web_type)
+corenet_tcp_connect_ephemeral_ports(sandbox_web_type)
+corenet_tcp_connect_ephemeral_port(sandbox_web_type)
corenet_tcp_connect_ipp_port(sandbox_web_type)
corenet_tcp_connect_streaming_port(sandbox_web_type)
corenet_tcp_connect_pulseaudio_port(sandbox_web_type)
@ -198,7 +198,7 @@ index 8596b90..9f37c11 100644
+
tunable_policy(`httpd_enable_ftp_server',`
corenet_tcp_bind_ftp_port(httpd_t)
+ corenet_tcp_bind_ephemeral_ports(httpd_t)
+ corenet_tcp_bind_ephemeral_port(httpd_t)
')
tunable_policy(`httpd_tmp_exec && httpd_builtin_scripting',`
@ -210,7 +210,7 @@ index 2607914..cb33e76 100644
corenet_tcp_sendrecv_cobbler_port(cobblerd_t)
# sync and rsync to ftp and http are permitted by default, for any other media use cobbler_can_network_connect.
corenet_tcp_connect_ftp_port(cobblerd_t)
+corenet_tcp_connect_ephemeral_ports(ftpd_t)
+corenet_tcp_connect_ephemeral_port(ftpd_t)
corenet_tcp_sendrecv_ftp_port(cobblerd_t)
corenet_sendrecv_ftp_client_packets(cobblerd_t)
corenet_tcp_connect_http_port(cobblerd_t)
@ -239,7 +239,7 @@ index 1b9893a..a8eaa4d 100644
corenet_tcp_connect_http_port(mock_t)
corenet_tcp_connect_ftp_port(mock_t)
-corenet_tcp_connect_all_unreserved_ports(mock_t)
+corenet_tcp_connect_ephemeral_ports(mock_t)
+corenet_tcp_connect_ephemeral_port(mock_t)
dev_read_urand(mock_t)
dev_read_sysfs(mock_t)