* Rename ipsec connect interface for consistency.
* Add missing parts of unix stream socket connect interface of ipsec. * Rename inetd connect interface for consistency.
This commit is contained in:
parent
80a63c7a98
commit
81343a6f90
@ -1,3 +1,8 @@
|
||||
* Rename ipsec connect interface for consistency.
|
||||
* Add missing parts of unix stream socket connect interface
|
||||
of ipsec.
|
||||
* Rename inetd connect interface for consistency.
|
||||
|
||||
20050802 (2 Aug 2005)
|
||||
* Fix comparison bug in fc_sort.
|
||||
* Fix handling of ordered and unordered HTML lists.
|
||||
|
@ -119,7 +119,7 @@ interface(`inetd_service_domain',`
|
||||
## Domain allowed access.
|
||||
## </param>
|
||||
#
|
||||
interface(`inetd_tcp_connectto',`
|
||||
interface(`inetd_tcp_connect',`
|
||||
gen_require(`
|
||||
type inetd_t;
|
||||
class tcp_socket { connectto acceptfrom recvfrom };
|
||||
|
@ -26,18 +26,23 @@ interface(`ipsec_domtrans',`
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Connect to an IPSEC unix domain stream socket.
|
||||
## Connect to IPSEC using a unix domain stream socket.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## The type of the process performing this action.
|
||||
## </param>
|
||||
#
|
||||
interface(`ipsec_connectto_unix_stream_socket',`
|
||||
interface(`ipsec_stream_connect',`
|
||||
gen_require(`
|
||||
type ipsec_t;
|
||||
type ipsec_t, ipsec_var_run_t;
|
||||
class dir search;
|
||||
class sock_file write;
|
||||
class unix_stream_socket connectto;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
allow $1 ipsec_var_run_t:dir search;
|
||||
allow $1 ipsec_var_run_t:sock_file write;
|
||||
allow $1 ipsec_t:unix_stream_socket connectto;
|
||||
')
|
||||
|
||||
|
@ -241,7 +241,7 @@ template(`base_user_template',`
|
||||
')
|
||||
|
||||
optional_policy(`inetd.te',`
|
||||
inetd_tcp_connectto($1_t)
|
||||
inetd_tcp_connect($1_t)
|
||||
')
|
||||
|
||||
optional_policy(`nis.te',`
|
||||
|
@ -130,7 +130,7 @@ ifdef(`targeted_policy',`
|
||||
# at things (e.g., ipsec auto --status)
|
||||
# probably should create an ipsec_admin role for this kind of thing
|
||||
ipsec_exec_mgmt(sysadm_t)
|
||||
ipsec_connectto_unix_stream_socket(sysadm_t)
|
||||
ipsec_stream_connect(sysadm_t)
|
||||
# for lsof
|
||||
ipsec_getattr_key_socket(sysadm_t)
|
||||
')
|
||||
|
Loading…
Reference in New Issue
Block a user