trunk: change network interface access from all to generic network interfaces.
This commit is contained in:
Chris PeBenito
parent
59d599642e
commit
668b3093ff
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(amanda, 1.11.0)
|
||||
policy_module(amanda, 1.11.1)
|
||||
|
||||
#######################################
|
||||
#
|
||||
|
|
@ -118,9 +118,9 @@ corecmd_exec_bin(amanda_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(amanda_t)
|
||||
corenet_all_recvfrom_netlabel(amanda_t)
|
||||
corenet_tcp_sendrecv_all_if(amanda_t)
|
||||
corenet_udp_sendrecv_all_if(amanda_t)
|
||||
corenet_raw_sendrecv_all_if(amanda_t)
|
||||
corenet_tcp_sendrecv_generic_if(amanda_t)
|
||||
corenet_udp_sendrecv_generic_if(amanda_t)
|
||||
corenet_raw_sendrecv_generic_if(amanda_t)
|
||||
corenet_tcp_sendrecv_all_nodes(amanda_t)
|
||||
corenet_udp_sendrecv_all_nodes(amanda_t)
|
||||
corenet_raw_sendrecv_all_nodes(amanda_t)
|
||||
|
|
@ -199,8 +199,8 @@ corecmd_exec_bin(amanda_recover_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(amanda_recover_t)
|
||||
corenet_all_recvfrom_netlabel(amanda_recover_t)
|
||||
corenet_tcp_sendrecv_all_if(amanda_recover_t)
|
||||
corenet_udp_sendrecv_all_if(amanda_recover_t)
|
||||
corenet_tcp_sendrecv_generic_if(amanda_recover_t)
|
||||
corenet_udp_sendrecv_generic_if(amanda_recover_t)
|
||||
corenet_tcp_sendrecv_all_nodes(amanda_recover_t)
|
||||
corenet_udp_sendrecv_all_nodes(amanda_recover_t)
|
||||
corenet_tcp_sendrecv_all_ports(amanda_recover_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(apt, 1.5.0)
|
||||
policy_module(apt, 1.5.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -81,8 +81,8 @@ corecmd_exec_shell(apt_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(apt_t)
|
||||
corenet_all_recvfrom_netlabel(apt_t)
|
||||
corenet_tcp_sendrecv_all_if(apt_t)
|
||||
corenet_udp_sendrecv_all_if(apt_t)
|
||||
corenet_tcp_sendrecv_generic_if(apt_t)
|
||||
corenet_udp_sendrecv_generic_if(apt_t)
|
||||
corenet_tcp_sendrecv_all_nodes(apt_t)
|
||||
corenet_udp_sendrecv_all_nodes(apt_t)
|
||||
corenet_tcp_sendrecv_all_ports(apt_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(dpkg, 1.6.0)
|
||||
policy_module(dpkg, 1.6.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -92,9 +92,9 @@ corecmd_exec_all_executables(dpkg_t)
|
|||
# TODO: do we really need all networking?
|
||||
corenet_all_recvfrom_unlabeled(dpkg_t)
|
||||
corenet_all_recvfrom_netlabel(dpkg_t)
|
||||
corenet_tcp_sendrecv_all_if(dpkg_t)
|
||||
corenet_raw_sendrecv_all_if(dpkg_t)
|
||||
corenet_udp_sendrecv_all_if(dpkg_t)
|
||||
corenet_tcp_sendrecv_generic_if(dpkg_t)
|
||||
corenet_raw_sendrecv_generic_if(dpkg_t)
|
||||
corenet_udp_sendrecv_generic_if(dpkg_t)
|
||||
corenet_tcp_sendrecv_all_nodes(dpkg_t)
|
||||
corenet_raw_sendrecv_all_nodes(dpkg_t)
|
||||
corenet_udp_sendrecv_all_nodes(dpkg_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(firstboot, 1.9.0)
|
||||
policy_module(firstboot, 1.9.1)
|
||||
|
||||
gen_require(`
|
||||
class passwd rootok;
|
||||
|
|
@ -39,7 +39,7 @@ kernel_read_kernel_sysctls(firstboot_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(firstboot_t)
|
||||
corenet_all_recvfrom_netlabel(firstboot_t)
|
||||
corenet_tcp_sendrecv_all_if(firstboot_t)
|
||||
corenet_tcp_sendrecv_generic_if(firstboot_t)
|
||||
corenet_tcp_sendrecv_all_nodes(firstboot_t)
|
||||
corenet_tcp_sendrecv_all_ports(firstboot_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(netutils, 1.8.0)
|
||||
policy_module(netutils, 1.8.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -54,9 +54,9 @@ kernel_read_sysctl(netutils_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(netutils_t)
|
||||
corenet_all_recvfrom_netlabel(netutils_t)
|
||||
corenet_tcp_sendrecv_all_if(netutils_t)
|
||||
corenet_raw_sendrecv_all_if(netutils_t)
|
||||
corenet_udp_sendrecv_all_if(netutils_t)
|
||||
corenet_tcp_sendrecv_generic_if(netutils_t)
|
||||
corenet_raw_sendrecv_generic_if(netutils_t)
|
||||
corenet_udp_sendrecv_generic_if(netutils_t)
|
||||
corenet_tcp_sendrecv_all_nodes(netutils_t)
|
||||
corenet_raw_sendrecv_all_nodes(netutils_t)
|
||||
corenet_udp_sendrecv_all_nodes(netutils_t)
|
||||
|
|
@ -114,8 +114,8 @@ allow ping_t self:netlink_route_socket create_netlink_socket_perms;
|
|||
|
||||
corenet_all_recvfrom_unlabeled(ping_t)
|
||||
corenet_all_recvfrom_netlabel(ping_t)
|
||||
corenet_tcp_sendrecv_all_if(ping_t)
|
||||
corenet_raw_sendrecv_all_if(ping_t)
|
||||
corenet_tcp_sendrecv_generic_if(ping_t)
|
||||
corenet_raw_sendrecv_generic_if(ping_t)
|
||||
corenet_raw_sendrecv_all_nodes(ping_t)
|
||||
corenet_raw_bind_all_nodes(ping_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ping_t)
|
||||
|
|
@ -168,9 +168,9 @@ kernel_read_network_state(traceroute_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(traceroute_t)
|
||||
corenet_all_recvfrom_netlabel(traceroute_t)
|
||||
corenet_tcp_sendrecv_all_if(traceroute_t)
|
||||
corenet_udp_sendrecv_all_if(traceroute_t)
|
||||
corenet_raw_sendrecv_all_if(traceroute_t)
|
||||
corenet_tcp_sendrecv_generic_if(traceroute_t)
|
||||
corenet_udp_sendrecv_generic_if(traceroute_t)
|
||||
corenet_raw_sendrecv_generic_if(traceroute_t)
|
||||
corenet_tcp_sendrecv_all_nodes(traceroute_t)
|
||||
corenet_udp_sendrecv_all_nodes(traceroute_t)
|
||||
corenet_raw_sendrecv_all_nodes(traceroute_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(rpm, 1.9.0)
|
||||
policy_module(rpm, 1.9.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -94,9 +94,9 @@ corecmd_exec_all_executables(rpm_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(rpm_t)
|
||||
corenet_all_recvfrom_netlabel(rpm_t)
|
||||
corenet_tcp_sendrecv_all_if(rpm_t)
|
||||
corenet_raw_sendrecv_all_if(rpm_t)
|
||||
corenet_udp_sendrecv_all_if(rpm_t)
|
||||
corenet_tcp_sendrecv_generic_if(rpm_t)
|
||||
corenet_raw_sendrecv_generic_if(rpm_t)
|
||||
corenet_udp_sendrecv_generic_if(rpm_t)
|
||||
corenet_tcp_sendrecv_all_nodes(rpm_t)
|
||||
corenet_raw_sendrecv_all_nodes(rpm_t)
|
||||
corenet_udp_sendrecv_all_nodes(rpm_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(vpn, 1.10.0)
|
||||
policy_module(vpn, 1.10.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -49,9 +49,9 @@ kernel_rw_net_sysctls(vpnc_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(vpnc_t)
|
||||
corenet_all_recvfrom_netlabel(vpnc_t)
|
||||
corenet_tcp_sendrecv_all_if(vpnc_t)
|
||||
corenet_udp_sendrecv_all_if(vpnc_t)
|
||||
corenet_raw_sendrecv_all_if(vpnc_t)
|
||||
corenet_tcp_sendrecv_generic_if(vpnc_t)
|
||||
corenet_udp_sendrecv_generic_if(vpnc_t)
|
||||
corenet_raw_sendrecv_generic_if(vpnc_t)
|
||||
corenet_tcp_sendrecv_all_nodes(vpnc_t)
|
||||
corenet_udp_sendrecv_all_nodes(vpnc_t)
|
||||
corenet_raw_sendrecv_all_nodes(vpnc_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(gpg, 2.0.0)
|
||||
policy_module(gpg, 2.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -75,8 +75,8 @@ userdom_user_home_dir_filetrans(gpg_t, gpg_secret_t, dir)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(gpg_t)
|
||||
corenet_all_recvfrom_netlabel(gpg_t)
|
||||
corenet_tcp_sendrecv_all_if(gpg_t)
|
||||
corenet_udp_sendrecv_all_if(gpg_t)
|
||||
corenet_tcp_sendrecv_generic_if(gpg_t)
|
||||
corenet_udp_sendrecv_generic_if(gpg_t)
|
||||
corenet_tcp_sendrecv_all_nodes(gpg_t)
|
||||
corenet_udp_sendrecv_all_nodes(gpg_t)
|
||||
corenet_tcp_sendrecv_all_ports(gpg_t)
|
||||
|
|
@ -124,9 +124,9 @@ dontaudit gpg_helper_t gpg_secret_t:file read;
|
|||
|
||||
corenet_all_recvfrom_unlabeled(gpg_helper_t)
|
||||
corenet_all_recvfrom_netlabel(gpg_helper_t)
|
||||
corenet_tcp_sendrecv_all_if(gpg_helper_t)
|
||||
corenet_raw_sendrecv_all_if(gpg_helper_t)
|
||||
corenet_udp_sendrecv_all_if(gpg_helper_t)
|
||||
corenet_tcp_sendrecv_generic_if(gpg_helper_t)
|
||||
corenet_raw_sendrecv_generic_if(gpg_helper_t)
|
||||
corenet_udp_sendrecv_generic_if(gpg_helper_t)
|
||||
corenet_tcp_sendrecv_all_nodes(gpg_helper_t)
|
||||
corenet_udp_sendrecv_all_nodes(gpg_helper_t)
|
||||
corenet_raw_sendrecv_all_nodes(gpg_helper_t)
|
||||
|
|
|
|||
|
|
@ -158,7 +158,7 @@ template(`qemu_domain_template',`
|
|||
|
||||
corenet_all_recvfrom_unlabeled($1_t)
|
||||
corenet_all_recvfrom_netlabel($1_t)
|
||||
corenet_tcp_sendrecv_all_if($1_t)
|
||||
corenet_tcp_sendrecv_generic_if($1_t)
|
||||
corenet_tcp_sendrecv_all_nodes($1_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_t)
|
||||
corenet_tcp_bind_all_nodes($1_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(qemu, 1.1.0)
|
||||
policy_module(qemu, 1.1.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(webalizer, 1.8.0)
|
||||
policy_module(webalizer, 1.8.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -62,7 +62,7 @@ kernel_read_system_state(webalizer_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(webalizer_t)
|
||||
corenet_all_recvfrom_netlabel(webalizer_t)
|
||||
corenet_tcp_sendrecv_all_if(webalizer_t)
|
||||
corenet_tcp_sendrecv_generic_if(webalizer_t)
|
||||
corenet_tcp_sendrecv_all_nodes(webalizer_t)
|
||||
corenet_tcp_sendrecv_all_ports(webalizer_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(kernel, 1.10.0)
|
||||
policy_module(kernel, 1.10.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -311,7 +311,7 @@ optional_policy(`
|
|||
|
||||
# nfs kernel server needs kernel UDP access. It is less risky and painful
|
||||
# to just give it everything.
|
||||
corenet_udp_sendrecv_all_if(kernel_t)
|
||||
corenet_udp_sendrecv_generic_if(kernel_t)
|
||||
corenet_udp_sendrecv_all_nodes(kernel_t)
|
||||
corenet_udp_sendrecv_all_ports(kernel_t)
|
||||
corenet_udp_bind_all_nodes(kernel_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(amavis, 1.9.0)
|
||||
policy_module(amavis, 1.9.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -108,7 +108,7 @@ corecmd_exec_bin(amavis_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(amavis_t)
|
||||
corenet_all_recvfrom_netlabel(amavis_t)
|
||||
corenet_tcp_sendrecv_all_if(amavis_t)
|
||||
corenet_tcp_sendrecv_generic_if(amavis_t)
|
||||
corenet_tcp_sendrecv_all_nodes(amavis_t)
|
||||
corenet_tcp_bind_all_nodes(amavis_t)
|
||||
corenet_udp_bind_all_nodes(amavis_t)
|
||||
|
|
|
|||
|
|
@ -181,8 +181,8 @@ template(`apache_content_template',`
|
|||
|
||||
corenet_all_recvfrom_unlabeled(httpd_$1_script_t)
|
||||
corenet_all_recvfrom_netlabel(httpd_$1_script_t)
|
||||
corenet_tcp_sendrecv_all_if(httpd_$1_script_t)
|
||||
corenet_udp_sendrecv_all_if(httpd_$1_script_t)
|
||||
corenet_tcp_sendrecv_generic_if(httpd_$1_script_t)
|
||||
corenet_udp_sendrecv_generic_if(httpd_$1_script_t)
|
||||
corenet_tcp_sendrecv_all_nodes(httpd_$1_script_t)
|
||||
corenet_udp_sendrecv_all_nodes(httpd_$1_script_t)
|
||||
corenet_tcp_sendrecv_all_ports(httpd_$1_script_t)
|
||||
|
|
@ -197,8 +197,8 @@ template(`apache_content_template',`
|
|||
|
||||
corenet_all_recvfrom_unlabeled(httpd_$1_script_t)
|
||||
corenet_all_recvfrom_netlabel(httpd_$1_script_t)
|
||||
corenet_tcp_sendrecv_all_if(httpd_$1_script_t)
|
||||
corenet_udp_sendrecv_all_if(httpd_$1_script_t)
|
||||
corenet_tcp_sendrecv_generic_if(httpd_$1_script_t)
|
||||
corenet_udp_sendrecv_generic_if(httpd_$1_script_t)
|
||||
corenet_tcp_sendrecv_all_nodes(httpd_$1_script_t)
|
||||
corenet_udp_sendrecv_all_nodes(httpd_$1_script_t)
|
||||
corenet_tcp_sendrecv_all_ports(httpd_$1_script_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(apache, 2.0.0)
|
||||
policy_module(apache, 2.0.1)
|
||||
|
||||
#
|
||||
# NOTES:
|
||||
|
|
@ -315,8 +315,8 @@ kernel_read_system_state(httpd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(httpd_t)
|
||||
corenet_all_recvfrom_netlabel(httpd_t)
|
||||
corenet_tcp_sendrecv_all_if(httpd_t)
|
||||
corenet_udp_sendrecv_all_if(httpd_t)
|
||||
corenet_tcp_sendrecv_generic_if(httpd_t)
|
||||
corenet_udp_sendrecv_generic_if(httpd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(httpd_t)
|
||||
corenet_udp_sendrecv_all_nodes(httpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(httpd_t)
|
||||
|
|
@ -631,8 +631,8 @@ tunable_policy(`httpd_can_network_connect',`
|
|||
|
||||
corenet_all_recvfrom_unlabeled(httpd_suexec_t)
|
||||
corenet_all_recvfrom_netlabel(httpd_suexec_t)
|
||||
corenet_tcp_sendrecv_all_if(httpd_suexec_t)
|
||||
corenet_udp_sendrecv_all_if(httpd_suexec_t)
|
||||
corenet_tcp_sendrecv_generic_if(httpd_suexec_t)
|
||||
corenet_udp_sendrecv_generic_if(httpd_suexec_t)
|
||||
corenet_tcp_sendrecv_all_nodes(httpd_suexec_t)
|
||||
corenet_udp_sendrecv_all_nodes(httpd_suexec_t)
|
||||
corenet_tcp_sendrecv_all_ports(httpd_suexec_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(apcupsd, 1.5.0)
|
||||
policy_module(apcupsd, 1.5.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -112,11 +112,11 @@ optional_policy(`
|
|||
|
||||
corenet_all_recvfrom_unlabeled(httpd_apcupsd_cgi_script_t)
|
||||
corenet_all_recvfrom_netlabel(httpd_apcupsd_cgi_script_t)
|
||||
corenet_tcp_sendrecv_all_if(httpd_apcupsd_cgi_script_t)
|
||||
corenet_tcp_sendrecv_generic_if(httpd_apcupsd_cgi_script_t)
|
||||
corenet_tcp_sendrecv_all_nodes(httpd_apcupsd_cgi_script_t)
|
||||
corenet_tcp_sendrecv_all_ports(httpd_apcupsd_cgi_script_t)
|
||||
corenet_tcp_connect_apcupsd_port(httpd_apcupsd_cgi_script_t)
|
||||
corenet_udp_sendrecv_all_if(httpd_apcupsd_cgi_script_t)
|
||||
corenet_udp_sendrecv_generic_if(httpd_apcupsd_cgi_script_t)
|
||||
corenet_udp_sendrecv_all_nodes(httpd_apcupsd_cgi_script_t)
|
||||
corenet_udp_sendrecv_all_ports(httpd_apcupsd_cgi_script_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(arpwatch, 1.7.0)
|
||||
policy_module(arpwatch, 1.7.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -52,9 +52,9 @@ kernel_read_proc_symlinks(arpwatch_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(arpwatch_t)
|
||||
corenet_all_recvfrom_netlabel(arpwatch_t)
|
||||
corenet_tcp_sendrecv_all_if(arpwatch_t)
|
||||
corenet_udp_sendrecv_all_if(arpwatch_t)
|
||||
corenet_raw_sendrecv_all_if(arpwatch_t)
|
||||
corenet_tcp_sendrecv_generic_if(arpwatch_t)
|
||||
corenet_udp_sendrecv_generic_if(arpwatch_t)
|
||||
corenet_raw_sendrecv_generic_if(arpwatch_t)
|
||||
corenet_tcp_sendrecv_all_nodes(arpwatch_t)
|
||||
corenet_udp_sendrecv_all_nodes(arpwatch_t)
|
||||
corenet_raw_sendrecv_all_nodes(arpwatch_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(avahi, 1.10.0)
|
||||
policy_module(avahi, 1.10.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -49,8 +49,8 @@ kernel_read_network_state(avahi_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(avahi_t)
|
||||
corenet_all_recvfrom_netlabel(avahi_t)
|
||||
corenet_tcp_sendrecv_all_if(avahi_t)
|
||||
corenet_udp_sendrecv_all_if(avahi_t)
|
||||
corenet_tcp_sendrecv_generic_if(avahi_t)
|
||||
corenet_udp_sendrecv_generic_if(avahi_t)
|
||||
corenet_tcp_sendrecv_all_nodes(avahi_t)
|
||||
corenet_udp_sendrecv_all_nodes(avahi_t)
|
||||
corenet_tcp_sendrecv_all_ports(avahi_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(bind, 1.9.0)
|
||||
policy_module(bind, 1.9.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -107,8 +107,8 @@ corecmd_search_bin(named_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(named_t)
|
||||
corenet_all_recvfrom_netlabel(named_t)
|
||||
corenet_tcp_sendrecv_all_if(named_t)
|
||||
corenet_udp_sendrecv_all_if(named_t)
|
||||
corenet_tcp_sendrecv_generic_if(named_t)
|
||||
corenet_udp_sendrecv_generic_if(named_t)
|
||||
corenet_tcp_sendrecv_all_nodes(named_t)
|
||||
corenet_udp_sendrecv_all_nodes(named_t)
|
||||
corenet_tcp_sendrecv_all_ports(named_t)
|
||||
|
|
@ -216,7 +216,7 @@ kernel_read_kernel_sysctls(ndc_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(ndc_t)
|
||||
corenet_all_recvfrom_netlabel(ndc_t)
|
||||
corenet_tcp_sendrecv_all_if(ndc_t)
|
||||
corenet_tcp_sendrecv_generic_if(ndc_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ndc_t)
|
||||
corenet_tcp_sendrecv_all_ports(ndc_t)
|
||||
corenet_tcp_bind_all_nodes(ndc_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(bluetooth, 3.1.0)
|
||||
policy_module(bluetooth, 3.1.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -96,9 +96,9 @@ kernel_read_system_state(bluetooth_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(bluetooth_t)
|
||||
corenet_all_recvfrom_netlabel(bluetooth_t)
|
||||
corenet_tcp_sendrecv_all_if(bluetooth_t)
|
||||
corenet_udp_sendrecv_all_if(bluetooth_t)
|
||||
corenet_raw_sendrecv_all_if(bluetooth_t)
|
||||
corenet_tcp_sendrecv_generic_if(bluetooth_t)
|
||||
corenet_udp_sendrecv_generic_if(bluetooth_t)
|
||||
corenet_raw_sendrecv_generic_if(bluetooth_t)
|
||||
corenet_tcp_sendrecv_all_nodes(bluetooth_t)
|
||||
corenet_udp_sendrecv_all_nodes(bluetooth_t)
|
||||
corenet_raw_sendrecv_all_nodes(bluetooth_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(canna, 1.9.0)
|
||||
policy_module(canna, 1.9.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -52,7 +52,7 @@ kernel_read_system_state(canna_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(canna_t)
|
||||
corenet_all_recvfrom_netlabel(canna_t)
|
||||
corenet_tcp_sendrecv_all_if(canna_t)
|
||||
corenet_tcp_sendrecv_generic_if(canna_t)
|
||||
corenet_tcp_sendrecv_all_nodes(canna_t)
|
||||
corenet_tcp_sendrecv_all_ports(canna_t)
|
||||
corenet_tcp_connect_all_ports(canna_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(ccs, 1.3.0)
|
||||
policy_module(ccs, 1.3.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -79,8 +79,8 @@ corecmd_exec_bin(ccs_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(ccs_t)
|
||||
corenet_all_recvfrom_netlabel(ccs_t)
|
||||
corenet_tcp_sendrecv_all_if(ccs_t)
|
||||
corenet_udp_sendrecv_all_if(ccs_t)
|
||||
corenet_tcp_sendrecv_generic_if(ccs_t)
|
||||
corenet_udp_sendrecv_generic_if(ccs_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ccs_t)
|
||||
corenet_udp_sendrecv_all_nodes(ccs_t)
|
||||
corenet_tcp_sendrecv_all_ports(ccs_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(clamav, 1.6.0)
|
||||
policy_module(clamav, 1.6.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -90,7 +90,7 @@ kernel_read_kernel_sysctls(clamd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(clamd_t)
|
||||
corenet_all_recvfrom_netlabel(clamd_t)
|
||||
corenet_tcp_sendrecv_all_if(clamd_t)
|
||||
corenet_tcp_sendrecv_generic_if(clamd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(clamd_t)
|
||||
corenet_tcp_sendrecv_all_ports(clamd_t)
|
||||
corenet_tcp_sendrecv_clamd_port(clamd_t)
|
||||
|
|
@ -157,7 +157,7 @@ logging_log_filetrans(freshclam_t, freshclam_var_log_t, file)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(freshclam_t)
|
||||
corenet_all_recvfrom_netlabel(freshclam_t)
|
||||
corenet_tcp_sendrecv_all_if(freshclam_t)
|
||||
corenet_tcp_sendrecv_generic_if(freshclam_t)
|
||||
corenet_tcp_sendrecv_all_nodes(freshclam_t)
|
||||
corenet_tcp_sendrecv_all_ports(freshclam_t)
|
||||
corenet_tcp_sendrecv_clamd_port(freshclam_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(comsat, 1.6.0)
|
||||
policy_module(comsat, 1.6.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -42,8 +42,8 @@ kernel_read_system_state(comsat_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(comsat_t)
|
||||
corenet_all_recvfrom_netlabel(comsat_t)
|
||||
corenet_tcp_sendrecv_all_if(comsat_t)
|
||||
corenet_udp_sendrecv_all_if(comsat_t)
|
||||
corenet_tcp_sendrecv_generic_if(comsat_t)
|
||||
corenet_udp_sendrecv_generic_if(comsat_t)
|
||||
corenet_tcp_sendrecv_all_nodes(comsat_t)
|
||||
corenet_udp_sendrecv_all_nodes(comsat_t)
|
||||
corenet_udp_sendrecv_all_ports(comsat_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(cron, 2.0.0)
|
||||
policy_module(cron, 2.0.1)
|
||||
|
||||
gen_require(`
|
||||
class passwd rootok;
|
||||
|
|
@ -329,8 +329,8 @@ corecmd_exec_all_executables(system_cronjob_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(system_cronjob_t)
|
||||
corenet_all_recvfrom_netlabel(system_cronjob_t)
|
||||
corenet_tcp_sendrecv_all_if(system_cronjob_t)
|
||||
corenet_udp_sendrecv_all_if(system_cronjob_t)
|
||||
corenet_tcp_sendrecv_generic_if(system_cronjob_t)
|
||||
corenet_udp_sendrecv_generic_if(system_cronjob_t)
|
||||
corenet_tcp_sendrecv_all_nodes(system_cronjob_t)
|
||||
corenet_udp_sendrecv_all_nodes(system_cronjob_t)
|
||||
corenet_tcp_sendrecv_all_ports(system_cronjob_t)
|
||||
|
|
@ -520,8 +520,8 @@ files_dontaudit_search_boot(cronjob_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(cronjob_t)
|
||||
corenet_all_recvfrom_netlabel(cronjob_t)
|
||||
corenet_tcp_sendrecv_all_if(cronjob_t)
|
||||
corenet_udp_sendrecv_all_if(cronjob_t)
|
||||
corenet_tcp_sendrecv_generic_if(cronjob_t)
|
||||
corenet_udp_sendrecv_generic_if(cronjob_t)
|
||||
corenet_tcp_sendrecv_all_nodes(cronjob_t)
|
||||
corenet_udp_sendrecv_all_nodes(cronjob_t)
|
||||
corenet_tcp_sendrecv_all_ports(cronjob_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(cups, 1.12.0)
|
||||
policy_module(cups, 1.12.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -134,9 +134,9 @@ kernel_read_all_sysctls(cupsd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(cupsd_t)
|
||||
corenet_all_recvfrom_netlabel(cupsd_t)
|
||||
corenet_tcp_sendrecv_all_if(cupsd_t)
|
||||
corenet_udp_sendrecv_all_if(cupsd_t)
|
||||
corenet_raw_sendrecv_all_if(cupsd_t)
|
||||
corenet_tcp_sendrecv_generic_if(cupsd_t)
|
||||
corenet_udp_sendrecv_generic_if(cupsd_t)
|
||||
corenet_raw_sendrecv_generic_if(cupsd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(cupsd_t)
|
||||
corenet_udp_sendrecv_all_nodes(cupsd_t)
|
||||
corenet_raw_sendrecv_all_nodes(cupsd_t)
|
||||
|
|
@ -315,7 +315,7 @@ kernel_read_kernel_sysctls(cupsd_config_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(cupsd_config_t)
|
||||
corenet_all_recvfrom_netlabel(cupsd_config_t)
|
||||
corenet_tcp_sendrecv_all_if(cupsd_config_t)
|
||||
corenet_tcp_sendrecv_generic_if(cupsd_config_t)
|
||||
corenet_tcp_sendrecv_all_nodes(cupsd_config_t)
|
||||
corenet_tcp_sendrecv_all_ports(cupsd_config_t)
|
||||
corenet_tcp_connect_all_ports(cupsd_config_t)
|
||||
|
|
@ -445,8 +445,8 @@ kernel_read_network_state(cupsd_lpd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(cupsd_lpd_t)
|
||||
corenet_all_recvfrom_netlabel(cupsd_lpd_t)
|
||||
corenet_tcp_sendrecv_all_if(cupsd_lpd_t)
|
||||
corenet_udp_sendrecv_all_if(cupsd_lpd_t)
|
||||
corenet_tcp_sendrecv_generic_if(cupsd_lpd_t)
|
||||
corenet_udp_sendrecv_generic_if(cupsd_lpd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(cupsd_lpd_t)
|
||||
corenet_udp_sendrecv_all_nodes(cupsd_lpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(cupsd_lpd_t)
|
||||
|
|
@ -508,9 +508,9 @@ kernel_read_kernel_sysctls(hplip_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(hplip_t)
|
||||
corenet_all_recvfrom_netlabel(hplip_t)
|
||||
corenet_tcp_sendrecv_all_if(hplip_t)
|
||||
corenet_udp_sendrecv_all_if(hplip_t)
|
||||
corenet_raw_sendrecv_all_if(hplip_t)
|
||||
corenet_tcp_sendrecv_generic_if(hplip_t)
|
||||
corenet_udp_sendrecv_generic_if(hplip_t)
|
||||
corenet_raw_sendrecv_generic_if(hplip_t)
|
||||
corenet_tcp_sendrecv_all_nodes(hplip_t)
|
||||
corenet_udp_sendrecv_all_nodes(hplip_t)
|
||||
corenet_raw_sendrecv_all_nodes(hplip_t)
|
||||
|
|
@ -601,7 +601,7 @@ kernel_read_proc_symlinks(ptal_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(ptal_t)
|
||||
corenet_all_recvfrom_netlabel(ptal_t)
|
||||
corenet_tcp_sendrecv_all_if(ptal_t)
|
||||
corenet_tcp_sendrecv_generic_if(ptal_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ptal_t)
|
||||
corenet_tcp_sendrecv_all_ports(ptal_t)
|
||||
corenet_tcp_bind_all_nodes(ptal_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(cvs, 1.7.0)
|
||||
policy_module(cvs, 1.7.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -60,8 +60,8 @@ kernel_read_network_state(cvs_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(cvs_t)
|
||||
corenet_all_recvfrom_netlabel(cvs_t)
|
||||
corenet_tcp_sendrecv_all_if(cvs_t)
|
||||
corenet_udp_sendrecv_all_if(cvs_t)
|
||||
corenet_tcp_sendrecv_generic_if(cvs_t)
|
||||
corenet_udp_sendrecv_generic_if(cvs_t)
|
||||
corenet_tcp_sendrecv_all_nodes(cvs_t)
|
||||
corenet_udp_sendrecv_all_nodes(cvs_t)
|
||||
corenet_tcp_sendrecv_all_ports(cvs_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(cyrus, 1.8.0)
|
||||
policy_module(cyrus, 1.8.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -65,8 +65,8 @@ kernel_read_all_sysctls(cyrus_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(cyrus_t)
|
||||
corenet_all_recvfrom_netlabel(cyrus_t)
|
||||
corenet_tcp_sendrecv_all_if(cyrus_t)
|
||||
corenet_udp_sendrecv_all_if(cyrus_t)
|
||||
corenet_tcp_sendrecv_generic_if(cyrus_t)
|
||||
corenet_udp_sendrecv_generic_if(cyrus_t)
|
||||
corenet_tcp_sendrecv_all_nodes(cyrus_t)
|
||||
corenet_udp_sendrecv_all_nodes(cyrus_t)
|
||||
corenet_tcp_sendrecv_all_ports(cyrus_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(dbskk, 1.4.0)
|
||||
policy_module(dbskk, 1.4.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -50,8 +50,8 @@ kernel_read_network_state(dbskkd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(dbskkd_t)
|
||||
corenet_all_recvfrom_netlabel(dbskkd_t)
|
||||
corenet_tcp_sendrecv_all_if(dbskkd_t)
|
||||
corenet_udp_sendrecv_all_if(dbskkd_t)
|
||||
corenet_tcp_sendrecv_generic_if(dbskkd_t)
|
||||
corenet_udp_sendrecv_generic_if(dbskkd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(dbskkd_t)
|
||||
corenet_udp_sendrecv_all_nodes(dbskkd_t)
|
||||
corenet_tcp_sendrecv_all_ports(dbskkd_t)
|
||||
|
|
|
|||
|
|
@ -108,7 +108,7 @@ template(`dbus_role_template',`
|
|||
|
||||
corenet_all_recvfrom_unlabeled($1_dbusd_t)
|
||||
corenet_all_recvfrom_netlabel($1_dbusd_t)
|
||||
corenet_tcp_sendrecv_all_if($1_dbusd_t)
|
||||
corenet_tcp_sendrecv_generic_if($1_dbusd_t)
|
||||
corenet_tcp_sendrecv_all_nodes($1_dbusd_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_dbusd_t)
|
||||
corenet_tcp_bind_all_nodes($1_dbusd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(dbus, 1.10.0)
|
||||
policy_module(dbus, 1.10.1)
|
||||
|
||||
gen_require(`
|
||||
class dbus all_dbus_perms;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(dhcp, 1.7.0)
|
||||
policy_module(dhcp, 1.7.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -57,9 +57,9 @@ kernel_read_network_state(dhcpd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(dhcpd_t)
|
||||
corenet_all_recvfrom_netlabel(dhcpd_t)
|
||||
corenet_tcp_sendrecv_all_if(dhcpd_t)
|
||||
corenet_udp_sendrecv_all_if(dhcpd_t)
|
||||
corenet_raw_sendrecv_all_if(dhcpd_t)
|
||||
corenet_tcp_sendrecv_generic_if(dhcpd_t)
|
||||
corenet_udp_sendrecv_generic_if(dhcpd_t)
|
||||
corenet_raw_sendrecv_generic_if(dhcpd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(dhcpd_t)
|
||||
corenet_udp_sendrecv_all_nodes(dhcpd_t)
|
||||
corenet_raw_sendrecv_all_nodes(dhcpd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(dictd, 1.6.0)
|
||||
policy_module(dictd, 1.6.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -48,9 +48,9 @@ kernel_read_kernel_sysctls(dictd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(dictd_t)
|
||||
corenet_all_recvfrom_netlabel(dictd_t)
|
||||
corenet_tcp_sendrecv_all_if(dictd_t)
|
||||
corenet_raw_sendrecv_all_if(dictd_t)
|
||||
corenet_udp_sendrecv_all_if(dictd_t)
|
||||
corenet_tcp_sendrecv_generic_if(dictd_t)
|
||||
corenet_raw_sendrecv_generic_if(dictd_t)
|
||||
corenet_udp_sendrecv_generic_if(dictd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(dictd_t)
|
||||
corenet_udp_sendrecv_all_nodes(dictd_t)
|
||||
corenet_raw_sendrecv_all_nodes(dictd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(distcc, 1.7.0)
|
||||
policy_module(distcc, 1.7.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -47,8 +47,8 @@ kernel_read_kernel_sysctls(distccd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(distccd_t)
|
||||
corenet_all_recvfrom_netlabel(distccd_t)
|
||||
corenet_tcp_sendrecv_all_if(distccd_t)
|
||||
corenet_udp_sendrecv_all_if(distccd_t)
|
||||
corenet_tcp_sendrecv_generic_if(distccd_t)
|
||||
corenet_udp_sendrecv_generic_if(distccd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(distccd_t)
|
||||
corenet_udp_sendrecv_all_nodes(distccd_t)
|
||||
corenet_tcp_sendrecv_all_ports(distccd_t)
|
||||
|
|
|
|||
|
|
@ -34,8 +34,8 @@ template(`djbdns_daemontools_domain_template',`
|
|||
|
||||
corenet_all_recvfrom_unlabeled(djbdns_$1_t)
|
||||
corenet_all_recvfrom_netlabel(djbdns_$1_t)
|
||||
corenet_tcp_sendrecv_all_if(djbdns_$1_t)
|
||||
corenet_udp_sendrecv_all_if(djbdns_$1_t)
|
||||
corenet_tcp_sendrecv_generic_if(djbdns_$1_t)
|
||||
corenet_udp_sendrecv_generic_if(djbdns_$1_t)
|
||||
corenet_tcp_sendrecv_all_nodes(djbdns_$1_t)
|
||||
corenet_udp_sendrecv_all_nodes(djbdns_$1_t)
|
||||
corenet_tcp_sendrecv_all_ports(djbdns_$1_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(djbdns, 1.2.0)
|
||||
policy_module(djbdns, 1.2.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(dovecot, 1.10.0)
|
||||
policy_module(dovecot, 1.10.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -71,7 +71,7 @@ kernel_read_system_state(dovecot_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(dovecot_t)
|
||||
corenet_all_recvfrom_netlabel(dovecot_t)
|
||||
corenet_tcp_sendrecv_all_if(dovecot_t)
|
||||
corenet_tcp_sendrecv_generic_if(dovecot_t)
|
||||
corenet_tcp_sendrecv_all_nodes(dovecot_t)
|
||||
corenet_tcp_sendrecv_all_ports(dovecot_t)
|
||||
corenet_tcp_bind_all_nodes(dovecot_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(exim, 1.3.0)
|
||||
policy_module(exim, 1.3.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -72,7 +72,7 @@ kernel_dontaudit_read_system_state(exim_t)
|
|||
corecmd_search_bin(exim_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(exim_t)
|
||||
corenet_tcp_sendrecv_all_if(exim_t)
|
||||
corenet_tcp_sendrecv_generic_if(exim_t)
|
||||
corenet_tcp_sendrecv_all_nodes(exim_t)
|
||||
corenet_tcp_sendrecv_all_ports(exim_t)
|
||||
corenet_tcp_bind_all_nodes(exim_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(finger, 1.8.0)
|
||||
policy_module(finger, 1.8.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -49,8 +49,8 @@ kernel_read_system_state(fingerd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(fingerd_t)
|
||||
corenet_all_recvfrom_netlabel(fingerd_t)
|
||||
corenet_tcp_sendrecv_all_if(fingerd_t)
|
||||
corenet_udp_sendrecv_all_if(fingerd_t)
|
||||
corenet_tcp_sendrecv_generic_if(fingerd_t)
|
||||
corenet_udp_sendrecv_generic_if(fingerd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(fingerd_t)
|
||||
corenet_udp_sendrecv_all_nodes(fingerd_t)
|
||||
corenet_tcp_sendrecv_all_ports(fingerd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(ftp, 1.10.0)
|
||||
policy_module(ftp, 1.10.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -136,8 +136,8 @@ corecmd_exec_bin(ftpd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(ftpd_t)
|
||||
corenet_all_recvfrom_netlabel(ftpd_t)
|
||||
corenet_tcp_sendrecv_all_if(ftpd_t)
|
||||
corenet_udp_sendrecv_all_if(ftpd_t)
|
||||
corenet_tcp_sendrecv_generic_if(ftpd_t)
|
||||
corenet_udp_sendrecv_generic_if(ftpd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ftpd_t)
|
||||
corenet_udp_sendrecv_all_nodes(ftpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(ftpd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(hal, 1.11.0)
|
||||
policy_module(hal, 1.11.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -102,8 +102,8 @@ corecmd_exec_all_executables(hald_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(hald_t)
|
||||
corenet_all_recvfrom_netlabel(hald_t)
|
||||
corenet_tcp_sendrecv_all_if(hald_t)
|
||||
corenet_udp_sendrecv_all_if(hald_t)
|
||||
corenet_tcp_sendrecv_generic_if(hald_t)
|
||||
corenet_udp_sendrecv_generic_if(hald_t)
|
||||
corenet_tcp_sendrecv_all_nodes(hald_t)
|
||||
corenet_udp_sendrecv_all_nodes(hald_t)
|
||||
corenet_tcp_sendrecv_all_ports(hald_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(howl, 1.7.0)
|
||||
policy_module(howl, 1.7.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -36,8 +36,8 @@ kernel_read_proc_symlinks(howl_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(howl_t)
|
||||
corenet_all_recvfrom_netlabel(howl_t)
|
||||
corenet_tcp_sendrecv_all_if(howl_t)
|
||||
corenet_udp_sendrecv_all_if(howl_t)
|
||||
corenet_tcp_sendrecv_generic_if(howl_t)
|
||||
corenet_udp_sendrecv_generic_if(howl_t)
|
||||
corenet_tcp_sendrecv_all_nodes(howl_t)
|
||||
corenet_udp_sendrecv_all_nodes(howl_t)
|
||||
corenet_tcp_sendrecv_all_ports(howl_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(inetd, 1.9.0)
|
||||
policy_module(inetd, 1.9.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -68,8 +68,8 @@ corecmd_bin_domtrans(inetd_t, inetd_child_t)
|
|||
# base networking:
|
||||
corenet_all_recvfrom_unlabeled(inetd_t)
|
||||
corenet_all_recvfrom_netlabel(inetd_t)
|
||||
corenet_tcp_sendrecv_all_if(inetd_t)
|
||||
corenet_udp_sendrecv_all_if(inetd_t)
|
||||
corenet_tcp_sendrecv_generic_if(inetd_t)
|
||||
corenet_udp_sendrecv_generic_if(inetd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(inetd_t)
|
||||
corenet_udp_sendrecv_all_nodes(inetd_t)
|
||||
corenet_tcp_sendrecv_all_ports(inetd_t)
|
||||
|
|
@ -208,8 +208,8 @@ kernel_read_network_state(inetd_child_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(inetd_child_t)
|
||||
corenet_all_recvfrom_netlabel(inetd_child_t)
|
||||
corenet_tcp_sendrecv_all_if(inetd_child_t)
|
||||
corenet_udp_sendrecv_all_if(inetd_child_t)
|
||||
corenet_tcp_sendrecv_generic_if(inetd_child_t)
|
||||
corenet_udp_sendrecv_generic_if(inetd_child_t)
|
||||
corenet_tcp_sendrecv_all_nodes(inetd_child_t)
|
||||
corenet_udp_sendrecv_all_nodes(inetd_child_t)
|
||||
corenet_tcp_sendrecv_all_ports(inetd_child_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(inn, 1.8.0)
|
||||
policy_module(inn, 1.8.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -68,8 +68,8 @@ kernel_read_system_state(innd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(innd_t)
|
||||
corenet_all_recvfrom_netlabel(innd_t)
|
||||
corenet_tcp_sendrecv_all_if(innd_t)
|
||||
corenet_udp_sendrecv_all_if(innd_t)
|
||||
corenet_tcp_sendrecv_generic_if(innd_t)
|
||||
corenet_udp_sendrecv_generic_if(innd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(innd_t)
|
||||
corenet_udp_sendrecv_all_nodes(innd_t)
|
||||
corenet_tcp_sendrecv_all_ports(innd_t)
|
||||
|
|
|
|||
|
|
@ -89,8 +89,8 @@ interface(`kerberos_use',`
|
|||
|
||||
corenet_all_recvfrom_unlabeled($1)
|
||||
corenet_all_recvfrom_netlabel($1)
|
||||
corenet_tcp_sendrecv_all_if($1)
|
||||
corenet_udp_sendrecv_all_if($1)
|
||||
corenet_tcp_sendrecv_generic_if($1)
|
||||
corenet_udp_sendrecv_generic_if($1)
|
||||
corenet_tcp_sendrecv_all_nodes($1)
|
||||
corenet_udp_sendrecv_all_nodes($1)
|
||||
corenet_tcp_sendrecv_kerberos_port($1)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(kerberos, 1.9.0)
|
||||
policy_module(kerberos, 1.9.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -113,8 +113,8 @@ kernel_read_system_state(kadmind_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(kadmind_t)
|
||||
corenet_all_recvfrom_netlabel(kadmind_t)
|
||||
corenet_tcp_sendrecv_all_if(kadmind_t)
|
||||
corenet_udp_sendrecv_all_if(kadmind_t)
|
||||
corenet_tcp_sendrecv_generic_if(kadmind_t)
|
||||
corenet_udp_sendrecv_generic_if(kadmind_t)
|
||||
corenet_tcp_sendrecv_all_nodes(kadmind_t)
|
||||
corenet_udp_sendrecv_all_nodes(kadmind_t)
|
||||
corenet_tcp_sendrecv_all_ports(kadmind_t)
|
||||
|
|
@ -215,8 +215,8 @@ corecmd_exec_bin(krb5kdc_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(krb5kdc_t)
|
||||
corenet_all_recvfrom_netlabel(krb5kdc_t)
|
||||
corenet_tcp_sendrecv_all_if(krb5kdc_t)
|
||||
corenet_udp_sendrecv_all_if(krb5kdc_t)
|
||||
corenet_tcp_sendrecv_generic_if(krb5kdc_t)
|
||||
corenet_udp_sendrecv_generic_if(krb5kdc_t)
|
||||
corenet_tcp_sendrecv_all_nodes(krb5kdc_t)
|
||||
corenet_udp_sendrecv_all_nodes(krb5kdc_t)
|
||||
corenet_tcp_sendrecv_all_ports(krb5kdc_t)
|
||||
|
|
@ -286,7 +286,7 @@ manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_principal_t)
|
|||
corecmd_exec_bin(kpropd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(kpropd_t)
|
||||
corenet_tcp_sendrecv_all_if(kpropd_t)
|
||||
corenet_tcp_sendrecv_generic_if(kpropd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(kpropd_t)
|
||||
corenet_tcp_sendrecv_all_ports(kpropd_t)
|
||||
corenet_tcp_bind_all_nodes(kpropd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(kerneloops, 1.2.0)
|
||||
policy_module(kerneloops, 1.2.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -30,7 +30,7 @@ domain_use_interactive_fds(kerneloops_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(kerneloops_t)
|
||||
corenet_all_recvfrom_netlabel(kerneloops_t)
|
||||
corenet_tcp_sendrecv_all_if(kerneloops_t)
|
||||
corenet_tcp_sendrecv_generic_if(kerneloops_t)
|
||||
corenet_tcp_sendrecv_all_nodes(kerneloops_t)
|
||||
corenet_tcp_sendrecv_all_ports(kerneloops_t)
|
||||
corenet_tcp_bind_http_port(kerneloops_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(ktalk, 1.6.0)
|
||||
policy_module(ktalk, 1.6.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -55,8 +55,8 @@ kernel_read_network_state(ktalkd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(ktalkd_t)
|
||||
corenet_all_recvfrom_netlabel(ktalkd_t)
|
||||
corenet_tcp_sendrecv_all_if(ktalkd_t)
|
||||
corenet_udp_sendrecv_all_if(ktalkd_t)
|
||||
corenet_tcp_sendrecv_generic_if(ktalkd_t)
|
||||
corenet_udp_sendrecv_generic_if(ktalkd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ktalkd_t)
|
||||
corenet_udp_sendrecv_all_nodes(ktalkd_t)
|
||||
corenet_tcp_sendrecv_all_ports(ktalkd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(ldap, 1.9.0)
|
||||
policy_module(ldap, 1.9.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -81,8 +81,8 @@ kernel_read_kernel_sysctls(slapd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(slapd_t)
|
||||
corenet_all_recvfrom_netlabel(slapd_t)
|
||||
corenet_tcp_sendrecv_all_if(slapd_t)
|
||||
corenet_udp_sendrecv_all_if(slapd_t)
|
||||
corenet_tcp_sendrecv_generic_if(slapd_t)
|
||||
corenet_udp_sendrecv_generic_if(slapd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(slapd_t)
|
||||
corenet_udp_sendrecv_all_nodes(slapd_t)
|
||||
corenet_tcp_sendrecv_all_ports(slapd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(lpd, 1.11.0)
|
||||
policy_module(lpd, 1.11.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -88,8 +88,8 @@ kernel_read_system_state(checkpc_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(checkpc_t)
|
||||
corenet_all_recvfrom_netlabel(checkpc_t)
|
||||
corenet_tcp_sendrecv_all_if(checkpc_t)
|
||||
corenet_udp_sendrecv_all_if(checkpc_t)
|
||||
corenet_tcp_sendrecv_generic_if(checkpc_t)
|
||||
corenet_udp_sendrecv_generic_if(checkpc_t)
|
||||
corenet_tcp_sendrecv_all_nodes(checkpc_t)
|
||||
corenet_udp_sendrecv_all_nodes(checkpc_t)
|
||||
corenet_tcp_sendrecv_all_ports(checkpc_t)
|
||||
|
|
@ -168,8 +168,8 @@ kernel_read_system_state(lpd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(lpd_t)
|
||||
corenet_all_recvfrom_netlabel(lpd_t)
|
||||
corenet_tcp_sendrecv_all_if(lpd_t)
|
||||
corenet_udp_sendrecv_all_if(lpd_t)
|
||||
corenet_tcp_sendrecv_generic_if(lpd_t)
|
||||
corenet_udp_sendrecv_generic_if(lpd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(lpd_t)
|
||||
corenet_udp_sendrecv_all_nodes(lpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(lpd_t)
|
||||
|
|
|
|||
|
|
@ -50,9 +50,9 @@ template(`mailman_domain_template', `
|
|||
|
||||
corenet_all_recvfrom_unlabeled(mailman_$1_t)
|
||||
corenet_all_recvfrom_netlabel(mailman_$1_t)
|
||||
corenet_tcp_sendrecv_all_if(mailman_$1_t)
|
||||
corenet_udp_sendrecv_all_if(mailman_$1_t)
|
||||
corenet_raw_sendrecv_all_if(mailman_$1_t)
|
||||
corenet_tcp_sendrecv_generic_if(mailman_$1_t)
|
||||
corenet_udp_sendrecv_generic_if(mailman_$1_t)
|
||||
corenet_raw_sendrecv_generic_if(mailman_$1_t)
|
||||
corenet_tcp_sendrecv_all_nodes(mailman_$1_t)
|
||||
corenet_udp_sendrecv_all_nodes(mailman_$1_t)
|
||||
corenet_raw_sendrecv_all_nodes(mailman_$1_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(mailman, 1.6.0)
|
||||
policy_module(mailman, 1.6.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(memcached, 1.0.0)
|
||||
policy_module(memcached, 1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -27,11 +27,11 @@ allow memcached_t self:udp_socket { create_socket_perms listen };
|
|||
allow memcached_t self:fifo_file rw_fifo_file_perms;
|
||||
|
||||
corenet_all_recvfrom_unlabeled(memcached_t)
|
||||
corenet_udp_sendrecv_all_if(memcached_t)
|
||||
corenet_udp_sendrecv_generic_if(memcached_t)
|
||||
corenet_udp_sendrecv_all_nodes(memcached_t)
|
||||
corenet_udp_sendrecv_all_ports(memcached_t)
|
||||
corenet_udp_bind_all_nodes(memcached_t)
|
||||
corenet_tcp_sendrecv_all_if(memcached_t)
|
||||
corenet_tcp_sendrecv_generic_if(memcached_t)
|
||||
corenet_tcp_sendrecv_all_nodes(memcached_t)
|
||||
corenet_tcp_sendrecv_all_ports(memcached_t)
|
||||
corenet_tcp_bind_all_nodes(memcached_t)
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ template(`mta_base_mail_template',`
|
|||
|
||||
corenet_all_recvfrom_unlabeled($1_mail_t)
|
||||
corenet_all_recvfrom_netlabel($1_mail_t)
|
||||
corenet_tcp_sendrecv_all_if($1_mail_t)
|
||||
corenet_tcp_sendrecv_generic_if($1_mail_t)
|
||||
corenet_tcp_sendrecv_all_nodes($1_mail_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_mail_t)
|
||||
corenet_tcp_connect_all_ports($1_mail_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(mta, 2.1.0)
|
||||
policy_module(mta, 2.1.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(mysql, 1.10.0)
|
||||
policy_module(mysql, 1.10.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -67,8 +67,8 @@ kernel_read_kernel_sysctls(mysqld_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(mysqld_t)
|
||||
corenet_all_recvfrom_netlabel(mysqld_t)
|
||||
corenet_tcp_sendrecv_all_if(mysqld_t)
|
||||
corenet_udp_sendrecv_all_if(mysqld_t)
|
||||
corenet_tcp_sendrecv_generic_if(mysqld_t)
|
||||
corenet_udp_sendrecv_generic_if(mysqld_t)
|
||||
corenet_tcp_sendrecv_all_nodes(mysqld_t)
|
||||
corenet_udp_sendrecv_all_nodes(mysqld_t)
|
||||
corenet_tcp_sendrecv_all_ports(mysqld_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(networkmanager, 1.12.0)
|
||||
policy_module(networkmanager, 1.12.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -66,9 +66,9 @@ kernel_load_module(NetworkManager_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(NetworkManager_t)
|
||||
corenet_all_recvfrom_netlabel(NetworkManager_t)
|
||||
corenet_tcp_sendrecv_all_if(NetworkManager_t)
|
||||
corenet_udp_sendrecv_all_if(NetworkManager_t)
|
||||
corenet_raw_sendrecv_all_if(NetworkManager_t)
|
||||
corenet_tcp_sendrecv_generic_if(NetworkManager_t)
|
||||
corenet_udp_sendrecv_generic_if(NetworkManager_t)
|
||||
corenet_raw_sendrecv_generic_if(NetworkManager_t)
|
||||
corenet_tcp_sendrecv_all_nodes(NetworkManager_t)
|
||||
corenet_udp_sendrecv_all_nodes(NetworkManager_t)
|
||||
corenet_raw_sendrecv_all_nodes(NetworkManager_t)
|
||||
|
|
|
|||
|
|
@ -39,8 +39,8 @@ interface(`nis_use_ypbind_uncond',`
|
|||
|
||||
corenet_all_recvfrom_unlabeled($1)
|
||||
corenet_all_recvfrom_netlabel($1)
|
||||
corenet_tcp_sendrecv_all_if($1)
|
||||
corenet_udp_sendrecv_all_if($1)
|
||||
corenet_tcp_sendrecv_generic_if($1)
|
||||
corenet_udp_sendrecv_generic_if($1)
|
||||
corenet_tcp_sendrecv_all_nodes($1)
|
||||
corenet_udp_sendrecv_all_nodes($1)
|
||||
corenet_tcp_sendrecv_all_ports($1)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(nis, 1.8.0)
|
||||
policy_module(nis, 1.8.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -71,8 +71,8 @@ kernel_read_proc_symlinks(ypbind_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(ypbind_t)
|
||||
corenet_all_recvfrom_netlabel(ypbind_t)
|
||||
corenet_tcp_sendrecv_all_if(ypbind_t)
|
||||
corenet_udp_sendrecv_all_if(ypbind_t)
|
||||
corenet_tcp_sendrecv_generic_if(ypbind_t)
|
||||
corenet_udp_sendrecv_generic_if(ypbind_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ypbind_t)
|
||||
corenet_udp_sendrecv_all_nodes(ypbind_t)
|
||||
corenet_tcp_sendrecv_all_ports(ypbind_t)
|
||||
|
|
@ -231,8 +231,8 @@ kernel_read_proc_symlinks(ypserv_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(ypserv_t)
|
||||
corenet_all_recvfrom_netlabel(ypserv_t)
|
||||
corenet_tcp_sendrecv_all_if(ypserv_t)
|
||||
corenet_udp_sendrecv_all_if(ypserv_t)
|
||||
corenet_tcp_sendrecv_generic_if(ypserv_t)
|
||||
corenet_udp_sendrecv_generic_if(ypserv_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ypserv_t)
|
||||
corenet_udp_sendrecv_all_nodes(ypserv_t)
|
||||
corenet_tcp_sendrecv_all_ports(ypserv_t)
|
||||
|
|
@ -296,8 +296,8 @@ allow ypxfr_t ypserv_conf_t:file read_file_perms;
|
|||
|
||||
corenet_all_recvfrom_unlabeled(ypxfr_t)
|
||||
corenet_all_recvfrom_netlabel(ypxfr_t)
|
||||
corenet_tcp_sendrecv_all_if(ypxfr_t)
|
||||
corenet_udp_sendrecv_all_if(ypxfr_t)
|
||||
corenet_tcp_sendrecv_generic_if(ypxfr_t)
|
||||
corenet_udp_sendrecv_generic_if(ypxfr_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ypxfr_t)
|
||||
corenet_udp_sendrecv_all_nodes(ypxfr_t)
|
||||
corenet_tcp_sendrecv_all_ports(ypxfr_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(nscd, 1.8.0)
|
||||
policy_module(nscd, 1.8.1)
|
||||
|
||||
gen_require(`
|
||||
class nscd all_nscd_perms;
|
||||
|
|
@ -67,8 +67,8 @@ auth_use_nsswitch(nscd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(nscd_t)
|
||||
corenet_all_recvfrom_netlabel(nscd_t)
|
||||
corenet_tcp_sendrecv_all_if(nscd_t)
|
||||
corenet_udp_sendrecv_all_if(nscd_t)
|
||||
corenet_tcp_sendrecv_generic_if(nscd_t)
|
||||
corenet_udp_sendrecv_generic_if(nscd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(nscd_t)
|
||||
corenet_udp_sendrecv_all_nodes(nscd_t)
|
||||
corenet_tcp_sendrecv_all_ports(nscd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(ntp, 1.8.0)
|
||||
policy_module(ntp, 1.8.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -71,8 +71,8 @@ kernel_read_network_state(ntpd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(ntpd_t)
|
||||
corenet_all_recvfrom_netlabel(ntpd_t)
|
||||
corenet_tcp_sendrecv_all_if(ntpd_t)
|
||||
corenet_udp_sendrecv_all_if(ntpd_t)
|
||||
corenet_tcp_sendrecv_generic_if(ntpd_t)
|
||||
corenet_udp_sendrecv_generic_if(ntpd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ntpd_t)
|
||||
corenet_udp_sendrecv_all_nodes(ntpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(ntpd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(oident, 2.0.0)
|
||||
policy_module(oident, 2.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -37,7 +37,7 @@ allow oidentd_t oidentd_config_t:file read_file_perms;
|
|||
|
||||
corenet_all_recvfrom_unlabeled(oidentd_t)
|
||||
corenet_all_recvfrom_netlabel(oidentd_t)
|
||||
corenet_tcp_sendrecv_all_if(oidentd_t)
|
||||
corenet_tcp_sendrecv_generic_if(oidentd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(oidentd_t)
|
||||
corenet_tcp_bind_all_nodes(oidentd_t)
|
||||
corenet_tcp_bind_auth_port(oidentd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(openvpn, 1.7.0)
|
||||
policy_module(openvpn, 1.7.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -68,8 +68,8 @@ corecmd_exec_shell(openvpn_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(openvpn_t)
|
||||
corenet_all_recvfrom_netlabel(openvpn_t)
|
||||
corenet_tcp_sendrecv_all_if(openvpn_t)
|
||||
corenet_udp_sendrecv_all_if(openvpn_t)
|
||||
corenet_tcp_sendrecv_generic_if(openvpn_t)
|
||||
corenet_udp_sendrecv_generic_if(openvpn_t)
|
||||
corenet_tcp_sendrecv_generic_node(openvpn_t)
|
||||
corenet_udp_sendrecv_generic_node(openvpn_t)
|
||||
corenet_tcp_sendrecv_all_ports(openvpn_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(pcscd, 1.4.0)
|
||||
policy_module(pcscd, 1.4.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -33,7 +33,7 @@ files_pid_filetrans(pcscd_t, pcscd_var_run_t, { file sock_file })
|
|||
|
||||
corenet_all_recvfrom_unlabeled(pcscd_t)
|
||||
corenet_all_recvfrom_netlabel(pcscd_t)
|
||||
corenet_tcp_sendrecv_all_if(pcscd_t)
|
||||
corenet_tcp_sendrecv_generic_if(pcscd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(pcscd_t)
|
||||
corenet_tcp_sendrecv_all_ports(pcscd_t)
|
||||
corenet_tcp_connect_http_port(pcscd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(pegasus, 1.7.0)
|
||||
policy_module(pegasus, 1.7.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -69,7 +69,7 @@ kernel_read_net_sysctls(pegasus_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(pegasus_t)
|
||||
corenet_all_recvfrom_netlabel(pegasus_t)
|
||||
corenet_tcp_sendrecv_all_if(pegasus_t)
|
||||
corenet_tcp_sendrecv_generic_if(pegasus_t)
|
||||
corenet_tcp_sendrecv_all_nodes(pegasus_t)
|
||||
corenet_tcp_sendrecv_all_ports(pegasus_t)
|
||||
corenet_tcp_bind_all_nodes(pegasus_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(portmap, 1.8.0)
|
||||
policy_module(portmap, 1.8.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -46,8 +46,8 @@ kernel_read_kernel_sysctls(portmap_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(portmap_t)
|
||||
corenet_all_recvfrom_netlabel(portmap_t)
|
||||
corenet_tcp_sendrecv_all_if(portmap_t)
|
||||
corenet_udp_sendrecv_all_if(portmap_t)
|
||||
corenet_tcp_sendrecv_generic_if(portmap_t)
|
||||
corenet_udp_sendrecv_generic_if(portmap_t)
|
||||
corenet_tcp_sendrecv_all_nodes(portmap_t)
|
||||
corenet_udp_sendrecv_all_nodes(portmap_t)
|
||||
corenet_tcp_sendrecv_all_ports(portmap_t)
|
||||
|
|
@ -116,9 +116,9 @@ files_pid_filetrans(portmap_helper_t, portmap_var_run_t, file)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(portmap_helper_t)
|
||||
corenet_all_recvfrom_netlabel(portmap_helper_t)
|
||||
corenet_tcp_sendrecv_all_if(portmap_helper_t)
|
||||
corenet_udp_sendrecv_all_if(portmap_helper_t)
|
||||
corenet_raw_sendrecv_all_if(portmap_helper_t)
|
||||
corenet_tcp_sendrecv_generic_if(portmap_helper_t)
|
||||
corenet_udp_sendrecv_generic_if(portmap_helper_t)
|
||||
corenet_raw_sendrecv_generic_if(portmap_helper_t)
|
||||
corenet_tcp_sendrecv_all_nodes(portmap_helper_t)
|
||||
corenet_udp_sendrecv_all_nodes(portmap_helper_t)
|
||||
corenet_raw_sendrecv_all_nodes(portmap_helper_t)
|
||||
|
|
|
|||
|
|
@ -119,8 +119,8 @@ template(`postfix_server_domain_template',`
|
|||
|
||||
corenet_all_recvfrom_unlabeled(postfix_$1_t)
|
||||
corenet_all_recvfrom_netlabel(postfix_$1_t)
|
||||
corenet_tcp_sendrecv_all_if(postfix_$1_t)
|
||||
corenet_udp_sendrecv_all_if(postfix_$1_t)
|
||||
corenet_tcp_sendrecv_generic_if(postfix_$1_t)
|
||||
corenet_udp_sendrecv_generic_if(postfix_$1_t)
|
||||
corenet_tcp_sendrecv_all_nodes(postfix_$1_t)
|
||||
corenet_udp_sendrecv_all_nodes(postfix_$1_t)
|
||||
corenet_tcp_sendrecv_all_ports(postfix_$1_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(postfix, 1.10.0)
|
||||
policy_module(postfix, 1.10.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -147,8 +147,8 @@ kernel_read_all_sysctls(postfix_master_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(postfix_master_t)
|
||||
corenet_all_recvfrom_netlabel(postfix_master_t)
|
||||
corenet_tcp_sendrecv_all_if(postfix_master_t)
|
||||
corenet_udp_sendrecv_all_if(postfix_master_t)
|
||||
corenet_tcp_sendrecv_generic_if(postfix_master_t)
|
||||
corenet_udp_sendrecv_generic_if(postfix_master_t)
|
||||
corenet_tcp_sendrecv_all_nodes(postfix_master_t)
|
||||
corenet_udp_sendrecv_all_nodes(postfix_master_t)
|
||||
corenet_tcp_sendrecv_all_ports(postfix_master_t)
|
||||
|
|
@ -313,8 +313,8 @@ kernel_dontaudit_read_system_state(postfix_map_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(postfix_map_t)
|
||||
corenet_all_recvfrom_netlabel(postfix_map_t)
|
||||
corenet_tcp_sendrecv_all_if(postfix_map_t)
|
||||
corenet_udp_sendrecv_all_if(postfix_map_t)
|
||||
corenet_tcp_sendrecv_generic_if(postfix_map_t)
|
||||
corenet_udp_sendrecv_generic_if(postfix_map_t)
|
||||
corenet_tcp_sendrecv_all_nodes(postfix_map_t)
|
||||
corenet_udp_sendrecv_all_nodes(postfix_map_t)
|
||||
corenet_tcp_sendrecv_all_ports(postfix_map_t)
|
||||
|
|
@ -414,7 +414,7 @@ rw_fifo_files_pattern(postfix_postdrop_t, postfix_public_t, postfix_public_t)
|
|||
postfix_list_spool(postfix_postdrop_t)
|
||||
manage_files_pattern(postfix_postdrop_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t)
|
||||
|
||||
corenet_udp_sendrecv_all_if(postfix_postdrop_t)
|
||||
corenet_udp_sendrecv_generic_if(postfix_postdrop_t)
|
||||
corenet_udp_sendrecv_all_nodes(postfix_postdrop_t)
|
||||
|
||||
term_dontaudit_use_all_user_ptys(postfix_postdrop_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(postgresql, 1.8.0)
|
||||
policy_module(postgresql, 1.8.1)
|
||||
|
||||
gen_require(`
|
||||
class db_database all_db_database_perms;
|
||||
|
|
@ -188,8 +188,8 @@ kernel_read_proc_symlinks(postgresql_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(postgresql_t)
|
||||
corenet_all_recvfrom_netlabel(postgresql_t)
|
||||
corenet_tcp_sendrecv_all_if(postgresql_t)
|
||||
corenet_udp_sendrecv_all_if(postgresql_t)
|
||||
corenet_tcp_sendrecv_generic_if(postgresql_t)
|
||||
corenet_udp_sendrecv_generic_if(postgresql_t)
|
||||
corenet_tcp_sendrecv_all_nodes(postgresql_t)
|
||||
corenet_udp_sendrecv_all_nodes(postgresql_t)
|
||||
corenet_tcp_sendrecv_all_ports(postgresql_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(ppp, 1.10.0)
|
||||
policy_module(ppp, 1.10.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -126,9 +126,9 @@ dev_read_sysfs(pppd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(pppd_t)
|
||||
corenet_all_recvfrom_netlabel(pppd_t)
|
||||
corenet_tcp_sendrecv_all_if(pppd_t)
|
||||
corenet_raw_sendrecv_all_if(pppd_t)
|
||||
corenet_udp_sendrecv_all_if(pppd_t)
|
||||
corenet_tcp_sendrecv_generic_if(pppd_t)
|
||||
corenet_raw_sendrecv_generic_if(pppd_t)
|
||||
corenet_udp_sendrecv_generic_if(pppd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(pppd_t)
|
||||
corenet_raw_sendrecv_all_nodes(pppd_t)
|
||||
corenet_udp_sendrecv_all_nodes(pppd_t)
|
||||
|
|
@ -250,8 +250,8 @@ dev_read_sysfs(pptp_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(pptp_t)
|
||||
corenet_all_recvfrom_netlabel(pptp_t)
|
||||
corenet_tcp_sendrecv_all_if(pptp_t)
|
||||
corenet_raw_sendrecv_all_if(pptp_t)
|
||||
corenet_tcp_sendrecv_generic_if(pptp_t)
|
||||
corenet_raw_sendrecv_generic_if(pptp_t)
|
||||
corenet_tcp_sendrecv_all_nodes(pptp_t)
|
||||
corenet_raw_sendrecv_all_nodes(pptp_t)
|
||||
corenet_tcp_sendrecv_all_ports(pptp_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(prelude, 1.0.0)
|
||||
policy_module(prelude, 1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -53,7 +53,7 @@ corecmd_search_bin(prelude_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(prelude_t)
|
||||
corenet_all_recvfrom_netlabel(prelude_t)
|
||||
corenet_tcp_sendrecv_all_if(prelude_t)
|
||||
corenet_tcp_sendrecv_generic_if(prelude_t)
|
||||
corenet_tcp_sendrecv_all_nodes(prelude_t)
|
||||
corenet_tcp_bind_all_nodes(prelude_t)
|
||||
|
||||
|
|
@ -104,7 +104,7 @@ corecmd_search_bin(prelude_audisp_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(prelude_audisp_t)
|
||||
corenet_all_recvfrom_netlabel(prelude_audisp_t)
|
||||
corenet_tcp_sendrecv_all_if(prelude_audisp_t)
|
||||
corenet_tcp_sendrecv_generic_if(prelude_audisp_t)
|
||||
corenet_tcp_sendrecv_all_nodes(prelude_audisp_t)
|
||||
corenet_tcp_bind_all_nodes(prelude_audisp_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(privoxy, 1.8.0)
|
||||
policy_module(privoxy, 1.8.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -45,7 +45,7 @@ kernel_read_proc_symlinks(privoxy_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(privoxy_t)
|
||||
corenet_all_recvfrom_netlabel(privoxy_t)
|
||||
corenet_tcp_sendrecv_all_if(privoxy_t)
|
||||
corenet_tcp_sendrecv_generic_if(privoxy_t)
|
||||
corenet_tcp_sendrecv_all_nodes(privoxy_t)
|
||||
corenet_tcp_sendrecv_all_ports(privoxy_t)
|
||||
corenet_tcp_bind_all_nodes(privoxy_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(procmail, 1.10.0)
|
||||
policy_module(procmail, 1.10.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -47,8 +47,8 @@ kernel_read_kernel_sysctls(procmail_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(procmail_t)
|
||||
corenet_all_recvfrom_netlabel(procmail_t)
|
||||
corenet_tcp_sendrecv_all_if(procmail_t)
|
||||
corenet_udp_sendrecv_all_if(procmail_t)
|
||||
corenet_tcp_sendrecv_generic_if(procmail_t)
|
||||
corenet_udp_sendrecv_generic_if(procmail_t)
|
||||
corenet_tcp_sendrecv_all_nodes(procmail_t)
|
||||
corenet_udp_sendrecv_all_nodes(procmail_t)
|
||||
corenet_tcp_sendrecv_all_ports(procmail_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(pyzor, 2.0.0)
|
||||
policy_module(pyzor, 2.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -67,8 +67,8 @@ kernel_read_system_state(pyzor_t)
|
|||
corecmd_list_bin(pyzor_t)
|
||||
corecmd_getattr_bin_files(pyzor_t)
|
||||
|
||||
corenet_tcp_sendrecv_all_if(pyzor_t)
|
||||
corenet_udp_sendrecv_all_if(pyzor_t)
|
||||
corenet_tcp_sendrecv_generic_if(pyzor_t)
|
||||
corenet_udp_sendrecv_generic_if(pyzor_t)
|
||||
corenet_tcp_sendrecv_all_nodes(pyzor_t)
|
||||
corenet_udp_sendrecv_all_nodes(pyzor_t)
|
||||
corenet_tcp_sendrecv_all_ports(pyzor_t)
|
||||
|
|
@ -124,7 +124,7 @@ corecmd_exec_bin(pyzord_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(pyzord_t)
|
||||
corenet_all_recvfrom_netlabel(pyzord_t)
|
||||
corenet_udp_sendrecv_all_if(pyzord_t)
|
||||
corenet_udp_sendrecv_generic_if(pyzord_t)
|
||||
corenet_udp_sendrecv_all_nodes(pyzord_t)
|
||||
corenet_udp_sendrecv_all_ports(pyzord_t)
|
||||
corenet_udp_bind_all_nodes(pyzord_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(radius, 1.10.0)
|
||||
policy_module(radius, 1.10.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -68,8 +68,8 @@ kernel_read_system_state(radiusd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(radiusd_t)
|
||||
corenet_all_recvfrom_netlabel(radiusd_t)
|
||||
corenet_tcp_sendrecv_all_if(radiusd_t)
|
||||
corenet_udp_sendrecv_all_if(radiusd_t)
|
||||
corenet_tcp_sendrecv_generic_if(radiusd_t)
|
||||
corenet_udp_sendrecv_generic_if(radiusd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(radiusd_t)
|
||||
corenet_udp_sendrecv_all_nodes(radiusd_t)
|
||||
corenet_tcp_sendrecv_all_ports(radiusd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(radvd, 1.10.0)
|
||||
policy_module(radvd, 1.10.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -44,9 +44,9 @@ kernel_read_system_state(radvd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(radvd_t)
|
||||
corenet_all_recvfrom_netlabel(radvd_t)
|
||||
corenet_tcp_sendrecv_all_if(radvd_t)
|
||||
corenet_udp_sendrecv_all_if(radvd_t)
|
||||
corenet_raw_sendrecv_all_if(radvd_t)
|
||||
corenet_tcp_sendrecv_generic_if(radvd_t)
|
||||
corenet_udp_sendrecv_generic_if(radvd_t)
|
||||
corenet_raw_sendrecv_generic_if(radvd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(radvd_t)
|
||||
corenet_udp_sendrecv_all_nodes(radvd_t)
|
||||
corenet_raw_sendrecv_all_nodes(radvd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(ricci, 1.5.0)
|
||||
policy_module(ricci, 1.5.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -122,7 +122,7 @@ corecmd_exec_bin(ricci_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(ricci_t)
|
||||
corenet_all_recvfrom_netlabel(ricci_t)
|
||||
corenet_tcp_sendrecv_all_if(ricci_t)
|
||||
corenet_tcp_sendrecv_generic_if(ricci_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ricci_t)
|
||||
corenet_tcp_sendrecv_all_ports(ricci_t)
|
||||
corenet_tcp_bind_all_nodes(ricci_t)
|
||||
|
|
@ -281,7 +281,7 @@ kernel_read_system_state(ricci_modclusterd_t)
|
|||
|
||||
corecmd_exec_bin(ricci_modclusterd_t)
|
||||
|
||||
corenet_tcp_sendrecv_all_if(ricci_modclusterd_t)
|
||||
corenet_tcp_sendrecv_generic_if(ricci_modclusterd_t)
|
||||
corenet_tcp_sendrecv_all_ports(ricci_modclusterd_t)
|
||||
corenet_tcp_bind_all_nodes(ricci_modclusterd_t)
|
||||
corenet_tcp_bind_ricci_modcluster_port(ricci_modclusterd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(rlogin, 1.8.0)
|
||||
policy_module(rlogin, 1.8.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -52,8 +52,8 @@ kernel_read_network_state(rlogind_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(rlogind_t)
|
||||
corenet_all_recvfrom_netlabel(rlogind_t)
|
||||
corenet_tcp_sendrecv_all_if(rlogind_t)
|
||||
corenet_udp_sendrecv_all_if(rlogind_t)
|
||||
corenet_tcp_sendrecv_generic_if(rlogind_t)
|
||||
corenet_udp_sendrecv_generic_if(rlogind_t)
|
||||
corenet_tcp_sendrecv_all_nodes(rlogind_t)
|
||||
corenet_udp_sendrecv_all_nodes(rlogind_t)
|
||||
corenet_tcp_sendrecv_all_ports(rlogind_t)
|
||||
|
|
|
|||
|
|
@ -71,8 +71,8 @@ template(`rpc_domain_template', `
|
|||
|
||||
corenet_all_recvfrom_unlabeled($1_t)
|
||||
corenet_all_recvfrom_netlabel($1_t)
|
||||
corenet_tcp_sendrecv_all_if($1_t)
|
||||
corenet_udp_sendrecv_all_if($1_t)
|
||||
corenet_tcp_sendrecv_generic_if($1_t)
|
||||
corenet_udp_sendrecv_generic_if($1_t)
|
||||
corenet_tcp_sendrecv_all_nodes($1_t)
|
||||
corenet_udp_sendrecv_all_nodes($1_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(rpc, 1.10.0)
|
||||
policy_module(rpc, 1.10.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(rpcbind, 1.3.0)
|
||||
policy_module(rpcbind, 1.3.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -45,8 +45,8 @@ kernel_read_network_state(rpcbind_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(rpcbind_t)
|
||||
corenet_all_recvfrom_netlabel(rpcbind_t)
|
||||
corenet_tcp_sendrecv_all_if(rpcbind_t)
|
||||
corenet_udp_sendrecv_all_if(rpcbind_t)
|
||||
corenet_tcp_sendrecv_generic_if(rpcbind_t)
|
||||
corenet_udp_sendrecv_generic_if(rpcbind_t)
|
||||
corenet_tcp_sendrecv_all_nodes(rpcbind_t)
|
||||
corenet_udp_sendrecv_all_nodes(rpcbind_t)
|
||||
corenet_tcp_sendrecv_all_ports(rpcbind_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(rsync, 1.8.0)
|
||||
policy_module(rsync, 1.8.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -77,8 +77,8 @@ kernel_read_network_state(rsync_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(rsync_t)
|
||||
corenet_all_recvfrom_netlabel(rsync_t)
|
||||
corenet_tcp_sendrecv_all_if(rsync_t)
|
||||
corenet_udp_sendrecv_all_if(rsync_t)
|
||||
corenet_tcp_sendrecv_generic_if(rsync_t)
|
||||
corenet_udp_sendrecv_generic_if(rsync_t)
|
||||
corenet_tcp_sendrecv_all_nodes(rsync_t)
|
||||
corenet_udp_sendrecv_all_nodes(rsync_t)
|
||||
corenet_tcp_sendrecv_all_ports(rsync_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(rwho, 1.5.0)
|
||||
policy_module(rwho, 1.5.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -42,7 +42,7 @@ kernel_read_system_state(rwho_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(rwho_t)
|
||||
corenet_all_recvfrom_netlabel(rwho_t)
|
||||
corenet_udp_sendrecv_all_if(rwho_t)
|
||||
corenet_udp_sendrecv_generic_if(rwho_t)
|
||||
corenet_udp_sendrecv_all_nodes(rwho_t)
|
||||
corenet_udp_sendrecv_all_ports(rwho_t)
|
||||
corenet_udp_bind_all_nodes(rwho_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(samba, 1.11.0)
|
||||
policy_module(samba, 1.11.1)
|
||||
|
||||
#################################
|
||||
#
|
||||
|
|
@ -173,9 +173,9 @@ kernel_read_proc_symlinks(samba_net_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(samba_net_t)
|
||||
corenet_all_recvfrom_netlabel(samba_net_t)
|
||||
corenet_tcp_sendrecv_all_if(samba_net_t)
|
||||
corenet_udp_sendrecv_all_if(samba_net_t)
|
||||
corenet_raw_sendrecv_all_if(samba_net_t)
|
||||
corenet_tcp_sendrecv_generic_if(samba_net_t)
|
||||
corenet_udp_sendrecv_generic_if(samba_net_t)
|
||||
corenet_raw_sendrecv_generic_if(samba_net_t)
|
||||
corenet_tcp_sendrecv_all_nodes(samba_net_t)
|
||||
corenet_udp_sendrecv_all_nodes(samba_net_t)
|
||||
corenet_raw_sendrecv_all_nodes(samba_net_t)
|
||||
|
|
@ -271,9 +271,9 @@ corecmd_exec_bin(smbd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(smbd_t)
|
||||
corenet_all_recvfrom_netlabel(smbd_t)
|
||||
corenet_tcp_sendrecv_all_if(smbd_t)
|
||||
corenet_udp_sendrecv_all_if(smbd_t)
|
||||
corenet_raw_sendrecv_all_if(smbd_t)
|
||||
corenet_tcp_sendrecv_generic_if(smbd_t)
|
||||
corenet_udp_sendrecv_generic_if(smbd_t)
|
||||
corenet_raw_sendrecv_generic_if(smbd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(smbd_t)
|
||||
corenet_udp_sendrecv_all_nodes(smbd_t)
|
||||
corenet_raw_sendrecv_all_nodes(smbd_t)
|
||||
|
|
@ -438,8 +438,8 @@ kernel_read_system_state(nmbd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(nmbd_t)
|
||||
corenet_all_recvfrom_netlabel(nmbd_t)
|
||||
corenet_tcp_sendrecv_all_if(nmbd_t)
|
||||
corenet_udp_sendrecv_all_if(nmbd_t)
|
||||
corenet_tcp_sendrecv_generic_if(nmbd_t)
|
||||
corenet_udp_sendrecv_generic_if(nmbd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(nmbd_t)
|
||||
corenet_udp_sendrecv_all_nodes(nmbd_t)
|
||||
corenet_tcp_sendrecv_all_ports(nmbd_t)
|
||||
|
|
@ -510,9 +510,9 @@ kernel_read_system_state(smbmount_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(smbmount_t)
|
||||
corenet_all_recvfrom_netlabel(smbmount_t)
|
||||
corenet_tcp_sendrecv_all_if(smbmount_t)
|
||||
corenet_raw_sendrecv_all_if(smbmount_t)
|
||||
corenet_udp_sendrecv_all_if(smbmount_t)
|
||||
corenet_tcp_sendrecv_generic_if(smbmount_t)
|
||||
corenet_raw_sendrecv_generic_if(smbmount_t)
|
||||
corenet_udp_sendrecv_generic_if(smbmount_t)
|
||||
corenet_tcp_sendrecv_all_nodes(smbmount_t)
|
||||
corenet_raw_sendrecv_all_nodes(smbmount_t)
|
||||
corenet_udp_sendrecv_all_nodes(smbmount_t)
|
||||
|
|
@ -689,9 +689,9 @@ kernel_read_proc_symlinks(winbind_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(winbind_t)
|
||||
corenet_all_recvfrom_netlabel(winbind_t)
|
||||
corenet_tcp_sendrecv_all_if(winbind_t)
|
||||
corenet_udp_sendrecv_all_if(winbind_t)
|
||||
corenet_raw_sendrecv_all_if(winbind_t)
|
||||
corenet_tcp_sendrecv_generic_if(winbind_t)
|
||||
corenet_udp_sendrecv_generic_if(winbind_t)
|
||||
corenet_raw_sendrecv_generic_if(winbind_t)
|
||||
corenet_tcp_sendrecv_all_nodes(winbind_t)
|
||||
corenet_udp_sendrecv_all_nodes(winbind_t)
|
||||
corenet_raw_sendrecv_all_nodes(winbind_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(sasl, 1.11.0)
|
||||
policy_module(sasl, 1.11.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -52,7 +52,7 @@ kernel_read_system_state(saslauthd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(saslauthd_t)
|
||||
corenet_all_recvfrom_netlabel(saslauthd_t)
|
||||
corenet_tcp_sendrecv_all_if(saslauthd_t)
|
||||
corenet_tcp_sendrecv_generic_if(saslauthd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(saslauthd_t)
|
||||
corenet_tcp_sendrecv_all_ports(saslauthd_t)
|
||||
corenet_tcp_connect_pop_port(saslauthd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(sendmail, 1.9.0)
|
||||
policy_module(sendmail, 1.9.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -50,7 +50,7 @@ kernel_read_system_state(sendmail_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(sendmail_t)
|
||||
corenet_all_recvfrom_netlabel(sendmail_t)
|
||||
corenet_tcp_sendrecv_all_if(sendmail_t)
|
||||
corenet_tcp_sendrecv_generic_if(sendmail_t)
|
||||
corenet_tcp_sendrecv_all_nodes(sendmail_t)
|
||||
corenet_tcp_sendrecv_all_ports(sendmail_t)
|
||||
corenet_tcp_bind_all_nodes(sendmail_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(snmp, 1.9.0)
|
||||
policy_module(snmp, 1.9.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -60,8 +60,8 @@ corecmd_exec_shell(snmpd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(snmpd_t)
|
||||
corenet_all_recvfrom_netlabel(snmpd_t)
|
||||
corenet_tcp_sendrecv_all_if(snmpd_t)
|
||||
corenet_udp_sendrecv_all_if(snmpd_t)
|
||||
corenet_tcp_sendrecv_generic_if(snmpd_t)
|
||||
corenet_udp_sendrecv_generic_if(snmpd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(snmpd_t)
|
||||
corenet_udp_sendrecv_all_nodes(snmpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(snmpd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(spamassassin, 2.1.0)
|
||||
policy_module(spamassassin, 2.1.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -340,8 +340,8 @@ kernel_read_system_state(spamd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(spamd_t)
|
||||
corenet_all_recvfrom_netlabel(spamd_t)
|
||||
corenet_tcp_sendrecv_all_if(spamd_t)
|
||||
corenet_udp_sendrecv_all_if(spamd_t)
|
||||
corenet_tcp_sendrecv_generic_if(spamd_t)
|
||||
corenet_udp_sendrecv_generic_if(spamd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(spamd_t)
|
||||
corenet_udp_sendrecv_all_nodes(spamd_t)
|
||||
corenet_tcp_sendrecv_all_ports(spamd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(squid, 1.8.0)
|
||||
policy_module(squid, 1.8.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -80,8 +80,8 @@ files_dontaudit_getattr_boot_dirs(squid_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(squid_t)
|
||||
corenet_all_recvfrom_netlabel(squid_t)
|
||||
corenet_tcp_sendrecv_all_if(squid_t)
|
||||
corenet_udp_sendrecv_all_if(squid_t)
|
||||
corenet_tcp_sendrecv_generic_if(squid_t)
|
||||
corenet_udp_sendrecv_generic_if(squid_t)
|
||||
corenet_tcp_sendrecv_all_nodes(squid_t)
|
||||
corenet_udp_sendrecv_all_nodes(squid_t)
|
||||
corenet_tcp_sendrecv_all_ports(squid_t)
|
||||
|
|
|
|||
|
|
@ -110,7 +110,7 @@ template(`ssh_basic_client_template',`
|
|||
|
||||
corenet_all_recvfrom_unlabeled($1_ssh_t)
|
||||
corenet_all_recvfrom_netlabel($1_ssh_t)
|
||||
corenet_tcp_sendrecv_all_if($1_ssh_t)
|
||||
corenet_tcp_sendrecv_generic_if($1_ssh_t)
|
||||
corenet_tcp_sendrecv_all_nodes($1_ssh_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_ssh_t)
|
||||
corenet_tcp_connect_ssh_port($1_ssh_t)
|
||||
|
|
@ -217,9 +217,9 @@ template(`ssh_server_template', `
|
|||
|
||||
corenet_all_recvfrom_unlabeled($1_t)
|
||||
corenet_all_recvfrom_netlabel($1_t)
|
||||
corenet_tcp_sendrecv_all_if($1_t)
|
||||
corenet_udp_sendrecv_all_if($1_t)
|
||||
corenet_raw_sendrecv_all_if($1_t)
|
||||
corenet_tcp_sendrecv_generic_if($1_t)
|
||||
corenet_udp_sendrecv_generic_if($1_t)
|
||||
corenet_raw_sendrecv_generic_if($1_t)
|
||||
corenet_tcp_sendrecv_all_nodes($1_t)
|
||||
corenet_udp_sendrecv_all_nodes($1_t)
|
||||
corenet_raw_sendrecv_all_nodes($1_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(ssh, 2.0.0)
|
||||
policy_module(ssh, 2.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -134,7 +134,7 @@ kernel_read_kernel_sysctls(ssh_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(ssh_t)
|
||||
corenet_all_recvfrom_netlabel(ssh_t)
|
||||
corenet_tcp_sendrecv_all_if(ssh_t)
|
||||
corenet_tcp_sendrecv_generic_if(ssh_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ssh_t)
|
||||
corenet_tcp_sendrecv_all_ports(ssh_t)
|
||||
corenet_tcp_connect_ssh_port(ssh_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(stunnel, 1.8.0)
|
||||
policy_module(stunnel, 1.8.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -56,8 +56,8 @@ kernel_read_network_state(stunnel_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(stunnel_t)
|
||||
corenet_all_recvfrom_netlabel(stunnel_t)
|
||||
corenet_tcp_sendrecv_all_if(stunnel_t)
|
||||
corenet_udp_sendrecv_all_if(stunnel_t)
|
||||
corenet_tcp_sendrecv_generic_if(stunnel_t)
|
||||
corenet_udp_sendrecv_generic_if(stunnel_t)
|
||||
corenet_tcp_sendrecv_all_nodes(stunnel_t)
|
||||
corenet_udp_sendrecv_all_nodes(stunnel_t)
|
||||
corenet_tcp_sendrecv_all_ports(stunnel_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(tcpd, 1.3.0)
|
||||
policy_module(tcpd, 1.3.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -25,7 +25,7 @@ files_tmp_filetrans(tcpd_t, tcpd_tmp_t, { file dir })
|
|||
|
||||
corenet_all_recvfrom_unlabeled(tcpd_t)
|
||||
corenet_all_recvfrom_netlabel(tcpd_t)
|
||||
corenet_tcp_sendrecv_all_if(tcpd_t)
|
||||
corenet_tcp_sendrecv_generic_if(tcpd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(tcpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(tcpd_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(telnet, 1.8.0)
|
||||
policy_module(telnet, 1.8.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -50,8 +50,8 @@ kernel_read_network_state(telnetd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(telnetd_t)
|
||||
corenet_all_recvfrom_netlabel(telnetd_t)
|
||||
corenet_tcp_sendrecv_all_if(telnetd_t)
|
||||
corenet_udp_sendrecv_all_if(telnetd_t)
|
||||
corenet_tcp_sendrecv_generic_if(telnetd_t)
|
||||
corenet_udp_sendrecv_generic_if(telnetd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(telnetd_t)
|
||||
corenet_udp_sendrecv_all_nodes(telnetd_t)
|
||||
corenet_tcp_sendrecv_all_ports(telnetd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(tftp, 1.10.0)
|
||||
policy_module(tftp, 1.10.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -56,8 +56,8 @@ kernel_read_proc_symlinks(tftpd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(tftpd_t)
|
||||
corenet_all_recvfrom_netlabel(tftpd_t)
|
||||
corenet_tcp_sendrecv_all_if(tftpd_t)
|
||||
corenet_udp_sendrecv_all_if(tftpd_t)
|
||||
corenet_tcp_sendrecv_generic_if(tftpd_t)
|
||||
corenet_udp_sendrecv_generic_if(tftpd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(tftpd_t)
|
||||
corenet_udp_sendrecv_all_nodes(tftpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(tftpd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(tor, 1.5.0)
|
||||
policy_module(tor, 1.5.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -69,7 +69,7 @@ kernel_read_system_state(tor_t)
|
|||
# networking basics
|
||||
corenet_all_recvfrom_unlabeled(tor_t)
|
||||
corenet_all_recvfrom_netlabel(tor_t)
|
||||
corenet_tcp_sendrecv_all_if(tor_t)
|
||||
corenet_tcp_sendrecv_generic_if(tor_t)
|
||||
corenet_tcp_sendrecv_all_nodes(tor_t)
|
||||
corenet_tcp_sendrecv_all_ports(tor_t)
|
||||
corenet_tcp_sendrecv_all_reserved_ports(tor_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(ucspitcp, 1.2.0)
|
||||
policy_module(ucspitcp, 1.2.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -27,8 +27,8 @@ corecmd_search_bin(rblsmtpd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(rblsmtpd_t)
|
||||
corenet_all_recvfrom_netlabel(rblsmtpd_t)
|
||||
corenet_tcp_sendrecv_all_if(rblsmtpd_t)
|
||||
corenet_udp_sendrecv_all_if(rblsmtpd_t)
|
||||
corenet_tcp_sendrecv_generic_if(rblsmtpd_t)
|
||||
corenet_udp_sendrecv_generic_if(rblsmtpd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(rblsmtpd_t)
|
||||
corenet_udp_sendrecv_all_nodes(rblsmtpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(rblsmtpd_t)
|
||||
|
|
@ -58,8 +58,8 @@ corecmd_search_bin(ucspitcp_t)
|
|||
# base networking:
|
||||
corenet_all_recvfrom_unlabeled(ucspitcp_t)
|
||||
corenet_all_recvfrom_netlabel(ucspitcp_t)
|
||||
corenet_tcp_sendrecv_all_if(ucspitcp_t)
|
||||
corenet_udp_sendrecv_all_if(ucspitcp_t)
|
||||
corenet_tcp_sendrecv_generic_if(ucspitcp_t)
|
||||
corenet_udp_sendrecv_generic_if(ucspitcp_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ucspitcp_t)
|
||||
corenet_udp_sendrecv_all_nodes(ucspitcp_t)
|
||||
corenet_tcp_sendrecv_all_ports(ucspitcp_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(uucp, 1.9.0)
|
||||
policy_module(uucp, 1.9.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -71,8 +71,8 @@ kernel_read_network_state(uucpd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(uucpd_t)
|
||||
corenet_all_recvfrom_netlabel(uucpd_t)
|
||||
corenet_tcp_sendrecv_all_if(uucpd_t)
|
||||
corenet_udp_sendrecv_all_if(uucpd_t)
|
||||
corenet_tcp_sendrecv_generic_if(uucpd_t)
|
||||
corenet_udp_sendrecv_generic_if(uucpd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(uucpd_t)
|
||||
corenet_udp_sendrecv_all_nodes(uucpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(uucpd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(virt, 1.1.0)
|
||||
policy_module(virt, 1.1.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -92,7 +92,7 @@ corecmd_exec_shell(virtd_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(virtd_t)
|
||||
corenet_all_recvfrom_netlabel(virtd_t)
|
||||
corenet_tcp_sendrecv_all_if(virtd_t)
|
||||
corenet_tcp_sendrecv_generic_if(virtd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(virtd_t)
|
||||
corenet_tcp_sendrecv_all_ports(virtd_t)
|
||||
corenet_tcp_bind_all_nodes(virtd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(zebra, 1.9.0)
|
||||
policy_module(zebra, 1.9.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -73,9 +73,9 @@ kernel_rw_net_sysctls(zebra_t)
|
|||
|
||||
corenet_all_recvfrom_unlabeled(zebra_t)
|
||||
corenet_all_recvfrom_netlabel(zebra_t)
|
||||
corenet_tcp_sendrecv_all_if(zebra_t)
|
||||
corenet_udp_sendrecv_all_if(zebra_t)
|
||||
corenet_raw_sendrecv_all_if(zebra_t)
|
||||
corenet_tcp_sendrecv_generic_if(zebra_t)
|
||||
corenet_udp_sendrecv_generic_if(zebra_t)
|
||||
corenet_raw_sendrecv_generic_if(zebra_t)
|
||||
corenet_tcp_sendrecv_all_nodes(zebra_t)
|
||||
corenet_udp_sendrecv_all_nodes(zebra_t)
|
||||
corenet_raw_sendrecv_all_nodes(zebra_t)
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue