From 62841791a588c3a0bf80983608e0198544d596c1 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mon, 31 Oct 2005 14:55:34 +0000 Subject: [PATCH] fixes uncovered by sediff --- refpolicy/policy/modules/services/mta.te | 1 + refpolicy/policy/modules/services/telnet.te | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te index 1752cddc..5334c090 100644 --- a/refpolicy/policy/modules/services/mta.te +++ b/refpolicy/policy/modules/services/mta.te @@ -75,6 +75,7 @@ corenet_raw_sendrecv_all_nodes(system_mail_t) corenet_tcp_sendrecv_all_ports(system_mail_t) corenet_tcp_bind_all_nodes(system_mail_t) corenet_tcp_connect_smtp_port(system_mail_t) +corenet_tcp_connect_all_ports(system_mail_t) dev_read_rand(system_mail_t) dev_read_urand(system_mail_t) diff --git a/refpolicy/policy/modules/services/telnet.te b/refpolicy/policy/modules/services/telnet.te index 007787f7..23b1d729 100644 --- a/refpolicy/policy/modules/services/telnet.te +++ b/refpolicy/policy/modules/services/telnet.te @@ -34,12 +34,14 @@ allow telnetd_t self:netlink_tcpdiag_socket r_netlink_socket_perms; allow telnetd_t self:capability { setuid setgid }; allow telnetd_t telnetd_devpts_t:chr_file { rw_file_perms setattr }; +term_create_pty(telnetd_t,telnetd_devpts_t) allow telnetd_t telnetd_tmp_t:dir create_dir_perms; allow telnetd_t telnetd_tmp_t:file create_file_perms; files_create_tmp_files(telnetd_t, telnetd_tmp_t, { file dir }) allow telnetd_t telnetd_var_run_t:file create_file_perms; +allow telnetd_t telnetd_var_run_t:dir rw_file_perms; files_create_pid(telnetd_t,telnetd_var_run_t) kernel_read_kernel_sysctl(telnetd_t) @@ -63,6 +65,8 @@ fs_getattr_xattr_fs(telnetd_t) auth_rw_login_records(telnetd_t) +corecmd_search_sbin(telnetd_t) + files_read_etc_files(telnetd_t) files_read_etc_runtime_files(telnetd_t) # for identd; cjp: this should probably only be inetd_child rules?