- Allow rshd to connect to ports > 1023

2007-10-18 22:33:41 +00:00 · 2007-10-18 22:33:41 +00:00 · 6455c9d6b5
commit 6455c9d6b5
parent 953fd14b2e
2 changed files with 7 additions and 5 deletions
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@ -7559,7 +7559,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
 ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.0.8/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/ftp.te	2007-10-04 10:58:28.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/ftp.te	2007-10-18 18:32:54.000000000 -0400
@@ -88,6 +88,7 @@
 allow ftpd_t self:unix_stream_socket create_stream_socket_perms;
 allow ftpd_t self:tcp_socket create_stream_socket_perms;
@ -9999,7 +9999,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
 	userdom_read_unpriv_users_tmp_files(gssd_t) 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.0.8/policy/modules/services/rshd.te
 --- nsaserefpolicy/policy/modules/services/rshd.te	2007-09-12 10:34:50.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/rshd.te	2007-10-18 14:07:32.000000000 -0400
+++ serefpolicy-3.0.8/policy/modules/services/rshd.te	2007-10-18 18:33:05.000000000 -0400
@@ -16,10 +16,11 @@
 #
 # Local policy
@ -10018,7 +10018,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd
 corenet_tcp_bind_all_nodes(rshd_t)
 corenet_tcp_bind_rsh_port(rshd_t)
 +corenet_tcp_bind_all_rpc_ports(rshd_t)
-+corenet_tcp_bind_all_unreserved_ports(rshd_t)
+corenet_tcp_connect_all_ports(rshd_t)
 +corenet_tcp_connect_all_rpc_ports(rshd_t)
 corenet_sendrecv_rsh_server_packets(rshd_t)
 
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 25%{?dist}
+Release: 26%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -373,10 +373,12 @@ exit 0
 %endif

 %changelog
+* Thu Oct 16 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-26
+- Allow rshd to connect to ports > 1023
+
 * Thu Oct 16 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-25
 - Fix vpn to bind to port 4500
 - Allow ssh to create shm
- Allow rshd to bind to ports > 1023
 - Add Kismet policy

 * Tue Oct 16 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-24