* Mon May 09 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-188
- Label tcp port 8181 as intermapper_port_t. - Label /usr/libexec/storaged/storaged as lvm_exec_t to run storaged daemon in lvm_t SELinux domain. BZ(1333588) - Label tcp/udp port 2024 as xinuexpansion4_port_t - Label tcp port 7002 as afs_pt_port_t Label tcp/udp port 2023 as xinuexpansion3_port_t
This commit is contained in:
Lukas Vrabec
parent
b87a437807
commit
70515f6ee4
Binary file not shown.
|
|
@ -5808,7 +5808,7 @@ index 8e0f9cd..b9f45b9 100644
|
|||
|
||||
define(`create_packet_interfaces',``
|
||||
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
|
||||
index b191055..58a4018 100644
|
||||
index b191055..90ffe79 100644
|
||||
--- a/policy/modules/kernel/corenetwork.te.in
|
||||
+++ b/policy/modules/kernel/corenetwork.te.in
|
||||
@@ -5,6 +5,7 @@ policy_module(corenetwork, 1.19.2)
|
||||
|
|
@ -5882,7 +5882,15 @@ index b191055..58a4018 100644
|
|||
# reserved_port_t is the type of INET port numbers below 1024.
|
||||
#
|
||||
type reserved_port_t, port_type, reserved_port_type;
|
||||
@@ -83,56 +106,72 @@ network_port(agentx, udp,705,s0, tcp,705,s0)
|
||||
@@ -76,63 +99,79 @@ type server_packet_t, packet_type, server_packet_type;
|
||||
network_port(afs_bos, udp,7007,s0)
|
||||
network_port(afs_fs, tcp,2040,s0, udp,7000,s0, udp,7005,s0)
|
||||
network_port(afs_ka, udp,7004,s0)
|
||||
-network_port(afs_pt, udp,7002,s0)
|
||||
+network_port(afs_pt, tcp,7002,s0, udp,7002,s0)
|
||||
network_port(afs_vl, udp,7003,s0)
|
||||
network_port(afs3_callback, tcp,7001,s0, udp,7001,s0)
|
||||
network_port(agentx, udp,705,s0, tcp,705,s0)
|
||||
network_port(amanda, udp,10080-10082,s0, tcp,10080-10083,s0)
|
||||
network_port(amavisd_recv, tcp,10024,s0)
|
||||
network_port(amavisd_send, tcp,10025,s0)
|
||||
|
|
@ -5964,7 +5972,7 @@ index b191055..58a4018 100644
|
|||
network_port(gopher, tcp,70,s0, udp,70,s0)
|
||||
network_port(gpsd, tcp,2947,s0)
|
||||
network_port(hadoop_datanode, tcp,50010,s0)
|
||||
@@ -140,45 +179,58 @@ network_port(hadoop_namenode, tcp,8020,s0)
|
||||
@@ -140,45 +179,60 @@ network_port(hadoop_namenode, tcp,8020,s0)
|
||||
network_port(hddtemp, tcp,7634,s0)
|
||||
network_port(howl, tcp,5335,s0, udp,5353,s0)
|
||||
network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0)
|
||||
|
|
@ -5972,6 +5980,7 @@ index b191055..58a4018 100644
|
|||
-network_port(http_cache, tcp,3128,s0, udp,3130,s0, tcp,8080,s0, tcp,8118,s0, tcp,10001-10010,s0) # 8118 is for privoxy
|
||||
+network_port(http, tcp,80,s0, tcp,81,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0,tcp,9000, s0) #8443 is mod_nss default port
|
||||
+network_port(http_cache, udp,3130,s0, tcp,8080,s0, tcp,8118,s0, tcp,8123,s0, tcp,10001-10010,s0) # 8118 is for privoxy
|
||||
+network_port(intermapper, tcp,8181,s0)
|
||||
network_port(i18n_input, tcp,9010,s0)
|
||||
network_port(imaze, tcp,5323,s0, udp,5323,s0)
|
||||
-network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
|
||||
|
|
@ -6024,6 +6033,7 @@ index b191055..58a4018 100644
|
|||
+network_port(lsm_plugin, tcp,18700,s0)
|
||||
+network_port(l2tp, tcp,1701,s0, udp,1701,s0)
|
||||
network_port(mail, tcp,2000,s0, tcp,3905,s0)
|
||||
+network_port(mailbox, tcp,2004,s0)
|
||||
network_port(matahari, tcp,49000,s0, udp,49000,s0)
|
||||
network_port(memcache, tcp,11211,s0, udp,11211,s0)
|
||||
-network_port(milter) # no defined portcon
|
||||
|
|
@ -6038,7 +6048,7 @@ index b191055..58a4018 100644
|
|||
network_port(msnp, tcp,1863,s0, udp,1863,s0)
|
||||
network_port(mssql, tcp,1433-1434,s0, udp,1433-1434,s0)
|
||||
network_port(ms_streaming, tcp,1755,s0, udp,1755,s0)
|
||||
@@ -186,101 +238,127 @@ network_port(munin, tcp,4949,s0, udp,4949,s0)
|
||||
@@ -186,101 +240,129 @@ network_port(munin, tcp,4949,s0, udp,4949,s0)
|
||||
network_port(mxi, tcp,8005,s0, udp,8005,s0)
|
||||
network_port(mysqld, tcp,1186,s0, tcp,3306,s0, tcp,63132-63164,s0)
|
||||
network_port(mysqlmanagerd, tcp,2273,s0)
|
||||
|
|
@ -6179,12 +6189,14 @@ index b191055..58a4018 100644
|
|||
network_port(wsicopy, tcp,3378,s0, udp,3378,s0)
|
||||
network_port(xdmcp, udp,177,s0, tcp,177,s0)
|
||||
network_port(xen, tcp,8002,s0)
|
||||
+network_port(xinuexpansion3, tcp,2023,s0, udp,2023,s0)
|
||||
+network_port(xinuexpansion4, tcp,2024,s0, udp,2024,s0)
|
||||
network_port(xfs, tcp,7100,s0)
|
||||
+network_port(xodbc_connect, tcp,6632,s0)
|
||||
network_port(xserver, tcp,6000-6020,s0)
|
||||
network_port(zarafa, tcp,236,s0, tcp,237,s0)
|
||||
network_port(zabbix, tcp,10051,s0)
|
||||
@@ -288,19 +366,23 @@ network_port(zabbix_agent, tcp,10050,s0)
|
||||
@@ -288,19 +370,23 @@ network_port(zabbix_agent, tcp,10050,s0)
|
||||
network_port(zookeeper_client, tcp,2181,s0)
|
||||
network_port(zookeeper_election, tcp,3888,s0)
|
||||
network_port(zookeeper_leader, tcp,2888,s0)
|
||||
|
|
@ -6211,7 +6223,7 @@ index b191055..58a4018 100644
|
|||
|
||||
########################################
|
||||
#
|
||||
@@ -333,6 +415,8 @@ sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
|
||||
@@ -333,6 +419,8 @@ sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
|
||||
|
||||
build_option(`enable_mls',`
|
||||
network_interface(lo, lo, s0 - mls_systemhigh)
|
||||
|
|
@ -6220,7 +6232,7 @@ index b191055..58a4018 100644
|
|||
',`
|
||||
typealias netif_t alias { lo_netif_t netif_lo_t };
|
||||
')
|
||||
@@ -345,9 +429,28 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
|
||||
@@ -345,9 +433,28 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
|
||||
allow corenet_unconfined_type node_type:node *;
|
||||
allow corenet_unconfined_type netif_type:netif *;
|
||||
allow corenet_unconfined_type packet_type:packet *;
|
||||
|
|
@ -41111,7 +41123,7 @@ index 59b04c1..6810e0b 100644
|
|||
+
|
||||
+logging_stream_connect_syslog(syslog_client_type)
|
||||
diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc
|
||||
index 6b91740..3af8a10 100644
|
||||
index 6b91740..7c98978 100644
|
||||
--- a/policy/modules/system/lvm.fc
|
||||
+++ b/policy/modules/system/lvm.fc
|
||||
@@ -23,6 +23,8 @@ ifdef(`distro_gentoo',`
|
||||
|
|
@ -41152,7 +41164,7 @@ index 6b91740..3af8a10 100644
|
|||
/sbin/lvreduce -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvremove -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
/sbin/lvrename -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
@@ -89,8 +96,76 @@ ifdef(`distro_gentoo',`
|
||||
@@ -89,8 +96,77 @@ ifdef(`distro_gentoo',`
|
||||
#
|
||||
# /usr
|
||||
#
|
||||
|
|
@ -41226,12 +41238,13 @@ index 6b91740..3af8a10 100644
|
|||
+/usr/lib/systemd/systemd-cryptsetup -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
+/usr/lib/systemd/system-generators/lvm2.* -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
+/usr/lib/storaged/storaged -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
+/usr/libexec/storaged/storaged -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
+/usr/lib/storaged/storaged-lvm-helper -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
+/usr/lib/udev/udisks-lvm-pv-export -- gen_context(system_u:object_r:lvm_exec_t,s0)
|
||||
|
||||
#
|
||||
# /var
|
||||
@@ -98,5 +173,9 @@ ifdef(`distro_gentoo',`
|
||||
@@ -98,5 +174,9 @@ ifdef(`distro_gentoo',`
|
||||
/var/cache/multipathd(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
|
||||
/var/lib/multipath(/.*)? gen_context(system_u:object_r:lvm_var_lib_t,s0)
|
||||
/var/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
|
||||
|
|
|
|||
|
|
@ -31915,10 +31915,10 @@ index 0000000..fc9bf19
|
|||
+
|
||||
diff --git a/glusterd.te b/glusterd.te
|
||||
new file mode 100644
|
||||
index 0000000..8e0f5a7
|
||||
index 0000000..afabf8c
|
||||
--- /dev/null
|
||||
+++ b/glusterd.te
|
||||
@@ -0,0 +1,296 @@
|
||||
@@ -0,0 +1,297 @@
|
||||
+policy_module(glusterd, 1.1.3)
|
||||
+
|
||||
+## <desc>
|
||||
|
|
@ -32024,6 +32024,7 @@ index 0000000..8e0f5a7
|
|||
+manage_lnk_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
|
||||
+manage_blk_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
|
||||
+manage_chr_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
|
||||
+manage_sock_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
|
||||
+relabel_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
|
||||
+relabel_lnk_files_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
|
||||
+relabel_dirs_pattern(glusterd_t, glusterd_brick_t, glusterd_brick_t)
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 3.13.1
|
||||
Release: 187%{?dist}
|
||||
Release: 188%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
|
|
@ -653,6 +653,12 @@ exit 0
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon May 09 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-188
|
||||
- Label tcp port 8181 as intermapper_port_t.
|
||||
- Label /usr/libexec/storaged/storaged as lvm_exec_t to run storaged daemon in lvm_t SELinux domain. BZ(1333588)
|
||||
- Label tcp/udp port 2024 as xinuexpansion4_port_t
|
||||
- Label tcp port 7002 as afs_pt_port_t Label tcp/udp port 2023 as xinuexpansion3_port_t
|
||||
|
||||
* Thu May 05 2016 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-187
|
||||
- Allow stunnel create log files. BZ(1333033)
|
||||
- Label dev/shm/squid-cf__metadata.shm as squid_tmpfs_t. BZ(1331574)
|
||||
|
|
|
|||
Loading…
Reference in New Issue