add unlabeled association rules
This commit is contained in:
Chris PeBenito
parent
439aaa2446
commit
bd70373de4
|
|
@ -1,3 +1,5 @@
|
|||
- Add unlabeled IPSEC association to domains with
|
||||
networking permsiisions.
|
||||
- Merge systemuser back in to users, as these files
|
||||
do not need to be split.
|
||||
- Add check for duplicate interface/template definitions.
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(amanda,1.0)
|
||||
policy_module(amanda,1.0.1)
|
||||
|
||||
#######################################
|
||||
#
|
||||
|
|
@ -132,10 +132,11 @@ corenet_raw_sendrecv_all_if(amanda_t)
|
|||
corenet_tcp_sendrecv_all_nodes(amanda_t)
|
||||
corenet_udp_sendrecv_all_nodes(amanda_t)
|
||||
corenet_raw_sendrecv_all_nodes(amanda_t)
|
||||
corenet_tcp_bind_all_nodes(amanda_t)
|
||||
corenet_udp_bind_all_nodes(amanda_t)
|
||||
corenet_tcp_sendrecv_all_ports(amanda_t)
|
||||
corenet_udp_sendrecv_all_ports(amanda_t)
|
||||
corenet_non_ipsec_sendrecv(amanda_t)
|
||||
corenet_tcp_bind_all_nodes(amanda_t)
|
||||
corenet_udp_bind_all_nodes(amanda_t)
|
||||
|
||||
dev_getattr_all_blk_files(amanda_t)
|
||||
dev_getattr_all_chr_files(amanda_t)
|
||||
|
|
@ -221,6 +222,7 @@ corenet_udp_sendrecv_all_nodes(amanda_recover_t)
|
|||
corenet_raw_sendrecv_all_nodes(amanda_recover_t)
|
||||
corenet_tcp_sendrecv_all_ports(amanda_recover_t)
|
||||
corenet_udp_sendrecv_all_ports(amanda_recover_t)
|
||||
corenet_non_ipsec_sendrecv(amanda_recover_t)
|
||||
corenet_tcp_bind_all_nodes(amanda_recover_t)
|
||||
corenet_udp_bind_all_nodes(amanda_recover_t)
|
||||
corenet_tcp_connect_amanda_port(amanda_recover_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(firstboot,1.0)
|
||||
policy_module(firstboot,1.0.1)
|
||||
|
||||
gen_require(`
|
||||
class passwd rootok;
|
||||
|
|
@ -53,6 +53,7 @@ corenet_raw_sendrecv_all_if(firstboot_t)
|
|||
corenet_tcp_sendrecv_all_nodes(firstboot_t)
|
||||
corenet_raw_sendrecv_all_nodes(firstboot_t)
|
||||
corenet_tcp_sendrecv_all_ports(firstboot_t)
|
||||
corenet_non_ipsec_sendrecv(firstboot_t)
|
||||
corenet_tcp_bind_all_nodes(firstboot_t)
|
||||
|
||||
dev_read_urand(firstboot_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(netutils,1.0)
|
||||
policy_module(netutils,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -51,6 +51,7 @@ corenet_raw_sendrecv_all_nodes(netutils_t)
|
|||
corenet_udp_sendrecv_all_nodes(netutils_t)
|
||||
corenet_tcp_sendrecv_all_ports(netutils_t)
|
||||
corenet_udp_sendrecv_all_ports(netutils_t)
|
||||
corenet_non_ipsec_sendrecv(netutils_t)
|
||||
corenet_tcp_bind_all_nodes(netutils_t)
|
||||
corenet_udp_bind_all_nodes(netutils_t)
|
||||
corenet_tcp_connect_all_ports(netutils_t)
|
||||
|
|
@ -110,6 +111,7 @@ corenet_tcp_sendrecv_all_nodes(ping_t)
|
|||
corenet_udp_sendrecv_all_nodes(ping_t)
|
||||
corenet_tcp_sendrecv_all_ports(ping_t)
|
||||
corenet_udp_sendrecv_all_ports(ping_t)
|
||||
corenet_non_ipsec_sendrecv(ping_t)
|
||||
corenet_udp_bind_all_nodes(ping_t)
|
||||
corenet_tcp_bind_all_nodes(ping_t)
|
||||
|
||||
|
|
@ -188,6 +190,7 @@ corenet_tcp_sendrecv_all_nodes(traceroute_t)
|
|||
corenet_udp_sendrecv_all_nodes(traceroute_t)
|
||||
corenet_tcp_sendrecv_all_ports(traceroute_t)
|
||||
corenet_udp_sendrecv_all_ports(traceroute_t)
|
||||
corenet_non_ipsec_sendrecv(traceroute_t)
|
||||
corenet_udp_bind_all_nodes(traceroute_t)
|
||||
corenet_tcp_bind_all_nodes(traceroute_t)
|
||||
# traceroute needs this but not tracepath
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(rpm,1.0.2)
|
||||
policy_module(rpm,1.0.3)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -104,6 +104,7 @@ corenet_raw_sendrecv_all_nodes(rpm_t)
|
|||
corenet_udp_sendrecv_all_nodes(rpm_t)
|
||||
corenet_tcp_sendrecv_all_ports(rpm_t)
|
||||
corenet_udp_sendrecv_all_ports(rpm_t)
|
||||
corenet_non_ipsec_sendrecv(rpm_t)
|
||||
corenet_tcp_bind_all_nodes(rpm_t)
|
||||
corenet_udp_bind_all_nodes(rpm_t)
|
||||
corenet_tcp_connect_all_ports(rpm_t)
|
||||
|
|
|
|||
|
|
@ -55,6 +55,7 @@ corenet_udp_sendrecv_all_nodes(vpnc_t)
|
|||
corenet_raw_sendrecv_all_nodes(vpnc_t)
|
||||
corenet_tcp_sendrecv_all_ports(vpnc_t)
|
||||
corenet_udp_sendrecv_all_ports(vpnc_t)
|
||||
corenet_non_ipsec_sendrecv(vpnc_t)
|
||||
corenet_tcp_bind_all_nodes(vpnc_t)
|
||||
corenet_udp_bind_all_nodes(vpnc_t)
|
||||
corenet_udp_bind_generic_port(vpnc_t)
|
||||
|
|
|
|||
|
|
@ -99,6 +99,7 @@ template(`gpg_per_userdomain_template',`
|
|||
corenet_udp_sendrecv_all_nodes($1_gpg_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_gpg_t)
|
||||
corenet_udp_sendrecv_all_ports($1_gpg_t)
|
||||
corenet_non_ipsec_sendrecv($1_gpg_t)
|
||||
corenet_tcp_bind_all_nodes($1_gpg_t)
|
||||
corenet_udp_bind_all_nodes($1_gpg_t)
|
||||
corenet_tcp_connect_all_ports($1_gpg_t)
|
||||
|
|
@ -179,6 +180,7 @@ template(`gpg_per_userdomain_template',`
|
|||
corenet_raw_sendrecv_all_nodes($1_gpg_helper_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_gpg_helper_t)
|
||||
corenet_udp_sendrecv_all_ports($1_gpg_helper_t)
|
||||
corenet_non_ipsec_sendrecv($1_gpg_helper_t)
|
||||
corenet_tcp_bind_all_nodes($1_gpg_helper_t)
|
||||
corenet_udp_bind_all_nodes($1_gpg_helper_t)
|
||||
corenet_tcp_connect_all_ports($1_gpg_helper_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(webalizer,1.0.1)
|
||||
policy_module(webalizer,1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -67,6 +67,7 @@ corenet_tcp_sendrecv_all_nodes(webalizer_t)
|
|||
corenet_raw_sendrecv_all_nodes(webalizer_t)
|
||||
corenet_tcp_sendrecv_all_ports(webalizer_t)
|
||||
corenet_udp_sendrecv_all_ports(webalizer_t)
|
||||
corenet_non_ipsec_sendrecv(webalizer_t)
|
||||
corenet_tcp_bind_all_nodes(webalizer_t)
|
||||
corenet_udp_bind_all_nodes(webalizer_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1039,6 +1039,20 @@ interface(`corenet_use_ppp_device',`
|
|||
allow $1 ppp_device_t:chr_file rw_file_perms;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Send and receive messages on a
|
||||
## non-encrypted (no IPSEC) network
|
||||
## session.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## Domain allowed access.
|
||||
## </param>
|
||||
#
|
||||
interface(`corenet_non_ipsec_sendrecv',`
|
||||
kernel_sendrecv_unlabeled_association($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Unconfined access to network objects.
|
||||
|
|
@ -1061,4 +1075,6 @@ interface(`corenet_unconfined',`
|
|||
# cjp: rawip_socket doesnt make any sense
|
||||
allow $1 port_type:{ tcp_socket udp_socket rawip_socket } name_bind;
|
||||
allow $1 node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
|
||||
|
||||
corenet_non_ipsec_sendrecv($1)
|
||||
')
|
||||
|
|
|
|||
|
|
@ -1683,6 +1683,37 @@ interface(`kernel_relabel_unlabeled',`
|
|||
allow $1 unlabeled_t:dir_file_class_set { getattr relabelfrom };
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Send and receive messages from an
|
||||
## unlabeled IPSEC association.
|
||||
## </summary>
|
||||
## <desc>
|
||||
## <p>
|
||||
## Send and receive messages from an
|
||||
## unlabeled IPSEC association. Network
|
||||
## connections that are not protected
|
||||
## by IPSEC have use an unlabeled
|
||||
## assocation.
|
||||
## </p>
|
||||
## <p>
|
||||
## The corenetwork interface
|
||||
## corenet_sendrecv_no_ipsec() should
|
||||
## be used instead of this one.
|
||||
## </p>
|
||||
## </desc>
|
||||
## <param name="domain">
|
||||
## Domain allowed access.
|
||||
## </param>
|
||||
#
|
||||
interface(`kernel_sendrecv_unlabeled_association',`
|
||||
gen_require(`
|
||||
type unlabeled_t;
|
||||
')
|
||||
|
||||
allow $1 unlabeled_t:association { sendto recvfrom };
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Unconfined access to the kernel.
|
||||
|
|
@ -1709,6 +1740,7 @@ interface(`kernel_unconfined',`
|
|||
|
||||
allow $1 unlabeled_t:dir_file_class_set *;
|
||||
allow $1 unlabeled_t:filesystem *;
|
||||
allow $1 unlabeled_t:association *;
|
||||
|
||||
typeattribute $1 can_load_kernmodule, can_receive_kernel_messages;
|
||||
typeattribute $1 kern_unconfined;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(kernel,1.0)
|
||||
policy_module(kernel,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -193,6 +193,7 @@ allow kernel_t sysctl_kernel_t:file r_file_perms;
|
|||
# cjp: this seems questionable
|
||||
allow kernel_t unlabeled_t:fifo_file rw_file_perms;
|
||||
|
||||
corenet_non_ipsec_sendrecv(kernel_t)
|
||||
# Kernel-generated traffic e.g., ICMP replies:
|
||||
corenet_raw_sendrecv_all_if(kernel_t)
|
||||
corenet_raw_sendrecv_all_nodes(kernel_t)
|
||||
|
|
|
|||
|
|
@ -191,6 +191,7 @@ template(`apache_content_template',`
|
|||
tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
|
||||
allow httpd_$1_script_t self:tcp_socket create_stream_socket_perms;
|
||||
allow httpd_$1_script_t self:udp_socket create_socket_perms;
|
||||
|
||||
corenet_tcp_sendrecv_all_if(httpd_$1_script_t)
|
||||
corenet_udp_sendrecv_all_if(httpd_$1_script_t)
|
||||
corenet_raw_sendrecv_all_if(httpd_$1_script_t)
|
||||
|
|
@ -199,6 +200,7 @@ template(`apache_content_template',`
|
|||
corenet_raw_sendrecv_all_nodes(httpd_$1_script_t)
|
||||
corenet_tcp_sendrecv_all_ports(httpd_$1_script_t)
|
||||
corenet_udp_sendrecv_all_ports(httpd_$1_script_t)
|
||||
corenet_non_ipsec_sendrecv(httpd_$1_script_t)
|
||||
corenet_tcp_bind_all_nodes(httpd_$1_script_t)
|
||||
corenet_udp_bind_all_nodes(httpd_$1_script_t)
|
||||
corenet_tcp_connect_all_ports(httpd_$1_script_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(apache,1.0.1)
|
||||
policy_module(apache,1.0.2)
|
||||
|
||||
#
|
||||
# NOTES:
|
||||
|
|
@ -221,6 +221,7 @@ corenet_udp_sendrecv_all_nodes(httpd_t)
|
|||
corenet_raw_sendrecv_all_nodes(httpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(httpd_t)
|
||||
corenet_udp_sendrecv_all_ports(httpd_t)
|
||||
corenet_non_ipsec_sendrecv(httpd_t)
|
||||
corenet_tcp_bind_all_nodes(httpd_t)
|
||||
corenet_udp_bind_all_nodes(httpd_t)
|
||||
corenet_tcp_bind_http_port(httpd_t)
|
||||
|
|
@ -315,6 +316,7 @@ tunable_policy(`httpd_can_network_connect',`
|
|||
corenet_raw_sendrecv_all_nodes(httpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(httpd_t)
|
||||
corenet_udp_sendrecv_all_ports(httpd_t)
|
||||
corenet_non_ipsec_sendrecv(httpd_t)
|
||||
corenet_tcp_bind_all_nodes(httpd_t)
|
||||
corenet_udp_bind_all_nodes(httpd_t)
|
||||
corenet_tcp_connect_all_ports(httpd_t)
|
||||
|
|
@ -568,6 +570,7 @@ tunable_policy(`httpd_can_network_connect',`
|
|||
corenet_raw_sendrecv_all_nodes(httpd_suexec_t)
|
||||
corenet_tcp_sendrecv_all_ports(httpd_suexec_t)
|
||||
corenet_udp_sendrecv_all_ports(httpd_suexec_t)
|
||||
corenet_non_ipsec_sendrecv(httpd_suexec_t)
|
||||
corenet_tcp_bind_all_nodes(httpd_suexec_t)
|
||||
corenet_udp_bind_all_nodes(httpd_suexec_t)
|
||||
corenet_tcp_connect_all_ports(httpd_suexec_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(arpwatch,1.0)
|
||||
policy_module(arpwatch,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -57,6 +57,7 @@ corenet_udp_sendrecv_all_nodes(arpwatch_t)
|
|||
corenet_raw_sendrecv_all_nodes(arpwatch_t)
|
||||
corenet_tcp_sendrecv_all_ports(arpwatch_t)
|
||||
corenet_udp_sendrecv_all_ports(arpwatch_t)
|
||||
corenet_non_ipsec_sendrecv(arpwatch_t)
|
||||
corenet_tcp_bind_all_nodes(arpwatch_t)
|
||||
corenet_udp_bind_all_nodes(arpwatch_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(avahi,1.0.2)
|
||||
policy_module(avahi,1.0.3)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -46,6 +46,7 @@ corenet_raw_sendrecv_all_nodes(avahi_t)
|
|||
corenet_udp_sendrecv_all_nodes(avahi_t)
|
||||
corenet_tcp_sendrecv_all_ports(avahi_t)
|
||||
corenet_udp_sendrecv_all_ports(avahi_t)
|
||||
corenet_non_ipsec_sendrecv(avahi_t)
|
||||
corenet_tcp_bind_all_nodes(avahi_t)
|
||||
corenet_udp_bind_all_nodes(avahi_t)
|
||||
corenet_tcp_bind_howl_port(avahi_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(bind,1.0.1)
|
||||
policy_module(bind,1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -107,6 +107,7 @@ corenet_udp_sendrecv_all_nodes(named_t)
|
|||
corenet_raw_sendrecv_all_nodes(named_t)
|
||||
corenet_tcp_sendrecv_all_ports(named_t)
|
||||
corenet_udp_sendrecv_all_ports(named_t)
|
||||
corenet_non_ipsec_sendrecv(named_t)
|
||||
corenet_tcp_bind_all_nodes(named_t)
|
||||
corenet_udp_bind_all_nodes(named_t)
|
||||
corenet_tcp_bind_dns_port(named_t)
|
||||
|
|
@ -243,6 +244,7 @@ corenet_raw_sendrecv_all_if(ndc_t)
|
|||
corenet_tcp_sendrecv_all_nodes(ndc_t)
|
||||
corenet_raw_sendrecv_all_nodes(ndc_t)
|
||||
corenet_tcp_sendrecv_all_ports(ndc_t)
|
||||
corenet_non_ipsec_sendrecv(ndc_t)
|
||||
corenet_tcp_bind_all_nodes(ndc_t)
|
||||
corenet_tcp_connect_rndc_port(ndc_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(bluetooth,1.0.1)
|
||||
policy_module(bluetooth,1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -93,10 +93,11 @@ corenet_raw_sendrecv_all_if(bluetooth_t)
|
|||
corenet_tcp_sendrecv_all_nodes(bluetooth_t)
|
||||
corenet_udp_sendrecv_all_nodes(bluetooth_t)
|
||||
corenet_raw_sendrecv_all_nodes(bluetooth_t)
|
||||
corenet_tcp_bind_all_nodes(bluetooth_t)
|
||||
corenet_udp_bind_all_nodes(bluetooth_t)
|
||||
corenet_tcp_sendrecv_all_ports(bluetooth_t)
|
||||
corenet_udp_sendrecv_all_ports(bluetooth_t)
|
||||
corenet_non_ipsec_sendrecv(bluetooth_t)
|
||||
corenet_tcp_bind_all_nodes(bluetooth_t)
|
||||
corenet_udp_bind_all_nodes(bluetooth_t)
|
||||
|
||||
dev_read_sysfs(bluetooth_t)
|
||||
dev_rw_usbfs(bluetooth_t)
|
||||
|
|
|
|||
|
|
@ -54,6 +54,7 @@ corenet_raw_sendrecv_all_if(canna_t)
|
|||
corenet_tcp_sendrecv_all_nodes(canna_t)
|
||||
corenet_raw_sendrecv_all_nodes(canna_t)
|
||||
corenet_tcp_sendrecv_all_ports(canna_t)
|
||||
corenet_non_ipsec_sendrecv(canna_t)
|
||||
corenet_tcp_bind_all_nodes(canna_t)
|
||||
corenet_tcp_connect_all_ports(canna_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(comsat,1.0)
|
||||
policy_module(comsat,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -51,6 +51,7 @@ corenet_udp_sendrecv_all_nodes(comsat_t)
|
|||
corenet_raw_sendrecv_all_nodes(comsat_t)
|
||||
corenet_tcp_sendrecv_all_ports(comsat_t)
|
||||
corenet_udp_sendrecv_all_ports(comsat_t)
|
||||
corenet_non_ipsec_sendrecv(comsat_t)
|
||||
corenet_tcp_bind_all_nodes(comsat_t)
|
||||
corenet_udp_bind_all_nodes(comsat_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -93,6 +93,7 @@ template(`cron_per_userdomain_template',`
|
|||
corenet_udp_sendrecv_all_nodes($1_crond_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_crond_t)
|
||||
corenet_udp_sendrecv_all_ports($1_crond_t)
|
||||
corenet_non_ipsec_sendrecv($1_crond_t)
|
||||
corenet_tcp_bind_all_nodes($1_crond_t)
|
||||
corenet_udp_bind_all_nodes($1_crond_t)
|
||||
corenet_tcp_connect_all_ports($1_crond_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(cron, 1.0.2)
|
||||
policy_module(cron, 1.0.3)
|
||||
|
||||
gen_require(`
|
||||
class passwd rootok;
|
||||
|
|
@ -285,6 +285,7 @@ ifdef(`targeted_policy',`
|
|||
corenet_udp_sendrecv_all_nodes(system_crond_t)
|
||||
corenet_tcp_sendrecv_all_ports(system_crond_t)
|
||||
corenet_udp_sendrecv_all_ports(system_crond_t)
|
||||
corenet_non_ipsec_sendrecv(system_crond_t)
|
||||
corenet_tcp_bind_all_nodes(system_crond_t)
|
||||
corenet_udp_bind_all_nodes(system_crond_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(cups,1.0.2)
|
||||
policy_module(cups,1.0.3)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -130,6 +130,7 @@ corenet_udp_sendrecv_all_nodes(cupsd_t)
|
|||
corenet_raw_sendrecv_all_nodes(cupsd_t)
|
||||
corenet_tcp_sendrecv_all_ports(cupsd_t)
|
||||
corenet_udp_sendrecv_all_ports(cupsd_t)
|
||||
corenet_non_ipsec_sendrecv(cupsd_t)
|
||||
corenet_tcp_bind_all_nodes(cupsd_t)
|
||||
corenet_udp_bind_all_nodes(cupsd_t)
|
||||
corenet_tcp_bind_ipp_port(cupsd_t)
|
||||
|
|
@ -312,8 +313,9 @@ corenet_tcp_sendrecv_all_if(ptal_t)
|
|||
corenet_raw_sendrecv_all_if(ptal_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ptal_t)
|
||||
corenet_raw_sendrecv_all_nodes(ptal_t)
|
||||
corenet_tcp_bind_all_nodes(ptal_t)
|
||||
corenet_tcp_sendrecv_all_ports(ptal_t)
|
||||
corenet_non_ipsec_sendrecv(ptal_t)
|
||||
corenet_tcp_bind_all_nodes(ptal_t)
|
||||
corenet_tcp_bind_ptal_port(ptal_t)
|
||||
|
||||
dev_read_sysfs(ptal_t)
|
||||
|
|
@ -400,6 +402,7 @@ corenet_udp_sendrecv_all_nodes(hplip_t)
|
|||
corenet_raw_sendrecv_all_nodes(hplip_t)
|
||||
corenet_tcp_sendrecv_all_ports(hplip_t)
|
||||
corenet_udp_sendrecv_all_ports(hplip_t)
|
||||
corenet_non_ipsec_sendrecv(hplip_t)
|
||||
corenet_tcp_bind_all_nodes(hplip_t)
|
||||
corenet_udp_bind_all_nodes(hplip_t)
|
||||
corenet_tcp_bind_hplip_port(hplip_t)
|
||||
|
|
@ -518,6 +521,7 @@ corenet_raw_sendrecv_all_if(cupsd_config_t)
|
|||
corenet_tcp_sendrecv_all_nodes(cupsd_config_t)
|
||||
corenet_raw_sendrecv_all_nodes(cupsd_config_t)
|
||||
corenet_tcp_sendrecv_all_ports(cupsd_config_t)
|
||||
corenet_non_ipsec_sendrecv(cupsd_config_t)
|
||||
corenet_tcp_bind_all_nodes(cupsd_config_t)
|
||||
corenet_tcp_connect_all_ports(cupsd_config_t)
|
||||
|
||||
|
|
@ -694,6 +698,7 @@ corenet_udp_sendrecv_all_nodes(cupsd_lpd_t)
|
|||
corenet_raw_sendrecv_all_nodes(cupsd_lpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(cupsd_lpd_t)
|
||||
corenet_udp_sendrecv_all_ports(cupsd_lpd_t)
|
||||
corenet_non_ipsec_sendrecv(cupsd_lpd_t)
|
||||
corenet_tcp_bind_all_nodes(cupsd_lpd_t)
|
||||
corenet_udp_bind_all_nodes(cupsd_lpd_t)
|
||||
corenet_tcp_connect_ipp_port(cupsd_lpd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(cvs,1.0)
|
||||
policy_module(cvs,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -56,6 +56,7 @@ corenet_udp_sendrecv_all_nodes(cvs_t)
|
|||
corenet_raw_sendrecv_all_nodes(cvs_t)
|
||||
corenet_tcp_sendrecv_all_ports(cvs_t)
|
||||
corenet_udp_sendrecv_all_ports(cvs_t)
|
||||
corenet_non_ipsec_sendrecv(cvs_t)
|
||||
corenet_tcp_bind_all_nodes(cvs_t)
|
||||
corenet_udp_bind_all_nodes(cvs_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(cyrus,1.0)
|
||||
policy_module(cyrus,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -67,6 +67,7 @@ corenet_udp_sendrecv_all_nodes(cyrus_t)
|
|||
corenet_raw_sendrecv_all_nodes(cyrus_t)
|
||||
corenet_tcp_sendrecv_all_ports(cyrus_t)
|
||||
corenet_udp_sendrecv_all_ports(cyrus_t)
|
||||
corenet_non_ipsec_sendrecv(cyrus_t)
|
||||
corenet_tcp_bind_all_nodes(cyrus_t)
|
||||
corenet_udp_bind_all_nodes(cyrus_t)
|
||||
corenet_tcp_bind_mail_port(cyrus_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(dbskk,1.0)
|
||||
policy_module(dbskk,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -57,6 +57,7 @@ corenet_udp_sendrecv_all_nodes(dbskkd_t)
|
|||
corenet_raw_sendrecv_all_nodes(dbskkd_t)
|
||||
corenet_tcp_sendrecv_all_ports(dbskkd_t)
|
||||
corenet_udp_sendrecv_all_ports(dbskkd_t)
|
||||
corenet_non_ipsec_sendrecv(dbskkd_t)
|
||||
corenet_tcp_bind_all_nodes(dbskkd_t)
|
||||
corenet_udp_bind_all_nodes(dbskkd_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -107,6 +107,7 @@ template(`dbus_per_userdomain_template',`
|
|||
corenet_tcp_sendrecv_all_nodes($1_dbusd_t)
|
||||
corenet_raw_sendrecv_all_nodes($1_dbusd_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_dbusd_t)
|
||||
corenet_non_ipsec_sendrecv($1_dbusd_t)
|
||||
corenet_tcp_bind_all_nodes($1_dbusd_t)
|
||||
corenet_tcp_bind_reserved_port($1_dbusd_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(dbus,1.0.1)
|
||||
policy_module(dbus,1.0.2)
|
||||
|
||||
gen_require(`
|
||||
class dbus { send_msg acquire_svc };
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(dhcp,1.0)
|
||||
policy_module(dhcp,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -62,6 +62,7 @@ corenet_udp_sendrecv_all_nodes(dhcpd_t)
|
|||
corenet_raw_sendrecv_all_nodes(dhcpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(dhcpd_t)
|
||||
corenet_udp_sendrecv_all_ports(dhcpd_t)
|
||||
corenet_non_ipsec_sendrecv(dhcpd_t)
|
||||
corenet_tcp_bind_all_nodes(dhcpd_t)
|
||||
corenet_udp_bind_all_nodes(dhcpd_t)
|
||||
corenet_tcp_bind_dhcpd_port(dhcpd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(dictd,1.0)
|
||||
policy_module(dictd,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -46,6 +46,7 @@ corenet_udp_sendrecv_all_nodes(dictd_t)
|
|||
corenet_raw_sendrecv_all_nodes(dictd_t)
|
||||
corenet_tcp_sendrecv_all_ports(dictd_t)
|
||||
corenet_udp_sendrecv_all_ports(dictd_t)
|
||||
corenet_non_ipsec_sendrecv(dictd_t)
|
||||
corenet_tcp_bind_all_nodes(dictd_t)
|
||||
corenet_udp_bind_all_nodes(dictd_t)
|
||||
corenet_tcp_bind_dict_port(dictd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(distcc,1.0)
|
||||
policy_module(distcc,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -45,8 +45,6 @@ files_create_pid(distccd_t,distccd_var_run_t)
|
|||
kernel_read_system_state(distccd_t)
|
||||
kernel_read_kernel_sysctl(distccd_t)
|
||||
|
||||
allow distccd_t self:tcp_socket create_stream_socket_perms;
|
||||
allow distccd_t self:udp_socket create_socket_perms;
|
||||
corenet_tcp_sendrecv_all_if(distccd_t)
|
||||
corenet_udp_sendrecv_all_if(distccd_t)
|
||||
corenet_raw_sendrecv_all_if(distccd_t)
|
||||
|
|
@ -55,6 +53,7 @@ corenet_udp_sendrecv_all_nodes(distccd_t)
|
|||
corenet_raw_sendrecv_all_nodes(distccd_t)
|
||||
corenet_tcp_sendrecv_all_ports(distccd_t)
|
||||
corenet_udp_sendrecv_all_ports(distccd_t)
|
||||
corenet_non_ipsec_sendrecv(distccd_t)
|
||||
corenet_tcp_bind_all_nodes(distccd_t)
|
||||
corenet_udp_bind_all_nodes(distccd_t)
|
||||
corenet_tcp_bind_distccd_port(distccd_t)
|
||||
|
|
|
|||
|
|
@ -75,6 +75,7 @@ corenet_raw_sendrecv_all_if(dovecot_t)
|
|||
corenet_tcp_sendrecv_all_nodes(dovecot_t)
|
||||
corenet_raw_sendrecv_all_nodes(dovecot_t)
|
||||
corenet_tcp_sendrecv_all_ports(dovecot_t)
|
||||
corenet_non_ipsec_sendrecv(dovecot_t)
|
||||
corenet_tcp_bind_all_nodes(dovecot_t)
|
||||
corenet_tcp_bind_pop_port(dovecot_t)
|
||||
corenet_tcp_connect_all_ports(dovecot_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(finger,1.0)
|
||||
policy_module(finger,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -55,6 +55,7 @@ corenet_udp_sendrecv_all_nodes(fingerd_t)
|
|||
corenet_raw_sendrecv_all_nodes(fingerd_t)
|
||||
corenet_tcp_sendrecv_all_ports(fingerd_t)
|
||||
corenet_udp_sendrecv_all_ports(fingerd_t)
|
||||
corenet_non_ipsec_sendrecv(fingerd_t)
|
||||
corenet_tcp_bind_all_nodes(fingerd_t)
|
||||
corenet_udp_bind_all_nodes(fingerd_t)
|
||||
corenet_tcp_bind_fingerd_port(fingerd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(ftp,1.0.1)
|
||||
policy_module(ftp,1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -82,6 +82,7 @@ corenet_udp_sendrecv_all_nodes(ftpd_t)
|
|||
corenet_raw_sendrecv_all_nodes(ftpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(ftpd_t)
|
||||
corenet_udp_sendrecv_all_ports(ftpd_t)
|
||||
corenet_non_ipsec_sendrecv(ftpd_t)
|
||||
corenet_tcp_bind_all_nodes(ftpd_t)
|
||||
corenet_udp_bind_all_nodes(ftpd_t)
|
||||
corenet_tcp_bind_ftp_data_port(ftpd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(hal,1.0.3)
|
||||
policy_module(hal,1.0.4)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -55,6 +55,7 @@ corenet_udp_sendrecv_all_nodes(hald_t)
|
|||
corenet_raw_sendrecv_all_nodes(hald_t)
|
||||
corenet_tcp_sendrecv_all_ports(hald_t)
|
||||
corenet_udp_sendrecv_all_ports(hald_t)
|
||||
corenet_non_ipsec_sendrecv(hald_t)
|
||||
corenet_tcp_bind_all_nodes(hald_t)
|
||||
corenet_udp_bind_all_nodes(hald_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(howl,1.0)
|
||||
policy_module(howl,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -43,6 +43,7 @@ corenet_udp_sendrecv_all_nodes(howl_t)
|
|||
corenet_raw_sendrecv_all_nodes(howl_t)
|
||||
corenet_tcp_sendrecv_all_ports(howl_t)
|
||||
corenet_udp_sendrecv_all_ports(howl_t)
|
||||
corenet_non_ipsec_sendrecv(howl_t)
|
||||
corenet_tcp_bind_all_nodes(howl_t)
|
||||
corenet_udp_bind_all_nodes(howl_t)
|
||||
corenet_tcp_bind_howl_port(howl_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(i18n_input,1.0.0)
|
||||
policy_module(i18n_input,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -46,6 +46,7 @@ corenet_udp_sendrecv_all_nodes(i18n_input_t)
|
|||
corenet_raw_sendrecv_all_nodes(i18n_input_t)
|
||||
corenet_tcp_sendrecv_all_ports(i18n_input_t)
|
||||
corenet_udp_sendrecv_all_ports(i18n_input_t)
|
||||
corenet_non_ipsec_sendrecv(i18n_input_t)
|
||||
corenet_tcp_bind_all_nodes(i18n_input_t)
|
||||
corenet_udp_bind_all_nodes(i18n_input_t)
|
||||
corenet_tcp_bind_i18n_input_port(i18n_input_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(inetd,1.0.1)
|
||||
policy_module(inetd,1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -66,6 +66,7 @@ corenet_udp_sendrecv_all_nodes(inetd_t)
|
|||
corenet_raw_sendrecv_all_nodes(inetd_t)
|
||||
corenet_tcp_sendrecv_all_ports(inetd_t)
|
||||
corenet_udp_sendrecv_all_ports(inetd_t)
|
||||
corenet_non_ipsec_sendrecv(inetd_t)
|
||||
corenet_tcp_bind_all_nodes(inetd_t)
|
||||
corenet_udp_bind_all_nodes(inetd_t)
|
||||
corenet_tcp_connect_all_ports(inetd_t)
|
||||
|
|
@ -192,6 +193,7 @@ corenet_udp_sendrecv_all_nodes(inetd_child_t)
|
|||
corenet_raw_sendrecv_all_nodes(inetd_child_t)
|
||||
corenet_tcp_sendrecv_all_ports(inetd_child_t)
|
||||
corenet_udp_sendrecv_all_ports(inetd_child_t)
|
||||
corenet_non_ipsec_sendrecv(inetd_child_t)
|
||||
corenet_tcp_bind_all_nodes(inetd_child_t)
|
||||
corenet_udp_bind_all_nodes(inetd_child_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(inn,1.0)
|
||||
policy_module(inn,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -71,6 +71,7 @@ corenet_tcp_sendrecv_all_nodes(innd_t)
|
|||
corenet_udp_sendrecv_all_nodes(innd_t)
|
||||
corenet_tcp_sendrecv_all_ports(innd_t)
|
||||
corenet_udp_sendrecv_all_ports(innd_t)
|
||||
corenet_non_ipsec_sendrecv(innd_t)
|
||||
corenet_tcp_bind_all_nodes(innd_t)
|
||||
corenet_udp_bind_all_nodes(innd_t)
|
||||
corenet_tcp_bind_innd_port(innd_t)
|
||||
|
|
|
|||
|
|
@ -49,6 +49,7 @@ interface(`kerberos_use',`
|
|||
corenet_raw_sendrecv_all_nodes($1)
|
||||
corenet_tcp_sendrecv_kerberos_port($1)
|
||||
corenet_udp_sendrecv_kerberos_port($1)
|
||||
corenet_non_ipsec_sendrecv($1)
|
||||
corenet_tcp_bind_all_nodes($1)
|
||||
corenet_udp_bind_all_nodes($1)
|
||||
corenet_tcp_connect_kerberos_port($1)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(kerberos,1.0)
|
||||
policy_module(kerberos,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -95,6 +95,7 @@ corenet_udp_sendrecv_all_nodes(kadmind_t)
|
|||
corenet_raw_sendrecv_all_nodes(kadmind_t)
|
||||
corenet_tcp_sendrecv_all_ports(kadmind_t)
|
||||
corenet_udp_sendrecv_all_ports(kadmind_t)
|
||||
corenet_non_ipsec_sendrecv(kadmind_t)
|
||||
corenet_tcp_bind_all_nodes(kadmind_t)
|
||||
corenet_udp_bind_all_nodes(kadmind_t)
|
||||
corenet_tcp_bind_kerberos_admin_port(kadmind_t)
|
||||
|
|
@ -197,6 +198,7 @@ corenet_udp_sendrecv_all_nodes(krb5kdc_t)
|
|||
corenet_raw_sendrecv_all_nodes(krb5kdc_t)
|
||||
corenet_tcp_sendrecv_all_ports(krb5kdc_t)
|
||||
corenet_udp_sendrecv_all_ports(krb5kdc_t)
|
||||
corenet_non_ipsec_sendrecv(krb5kdc_t)
|
||||
corenet_tcp_bind_all_nodes(krb5kdc_t)
|
||||
corenet_udp_bind_all_nodes(krb5kdc_t)
|
||||
corenet_tcp_bind_kerberos_port(krb5kdc_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(ktalk,1.0)
|
||||
policy_module(ktalk,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -58,6 +58,7 @@ corenet_udp_sendrecv_all_nodes(ktalkd_t)
|
|||
corenet_raw_sendrecv_all_nodes(ktalkd_t)
|
||||
corenet_tcp_sendrecv_all_ports(ktalkd_t)
|
||||
corenet_udp_sendrecv_all_ports(ktalkd_t)
|
||||
corenet_non_ipsec_sendrecv(ktalkd_t)
|
||||
corenet_tcp_bind_all_nodes(ktalkd_t)
|
||||
corenet_udp_bind_all_nodes(ktalkd_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(ldap,1.0.1)
|
||||
policy_module(ldap,1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -86,6 +86,7 @@ corenet_udp_sendrecv_all_nodes(slapd_t)
|
|||
corenet_raw_sendrecv_all_nodes(slapd_t)
|
||||
corenet_tcp_sendrecv_all_ports(slapd_t)
|
||||
corenet_udp_sendrecv_all_ports(slapd_t)
|
||||
corenet_non_ipsec_sendrecv(slapd_t)
|
||||
corenet_tcp_bind_all_nodes(slapd_t)
|
||||
corenet_udp_bind_all_nodes(slapd_t)
|
||||
corenet_tcp_bind_ldap_port(slapd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(lpd,1.0)
|
||||
policy_module(lpd,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -70,6 +70,7 @@ corenet_udp_sendrecv_all_nodes(checkpc_t)
|
|||
corenet_raw_sendrecv_all_nodes(checkpc_t)
|
||||
corenet_tcp_sendrecv_all_ports(checkpc_t)
|
||||
corenet_udp_sendrecv_all_ports(checkpc_t)
|
||||
corenet_non_ipsec_sendrecv(checkpc_t)
|
||||
corenet_tcp_bind_all_nodes(checkpc_t)
|
||||
corenet_udp_bind_all_nodes(checkpc_t)
|
||||
corenet_tcp_connect_all_ports(checkpc_t)
|
||||
|
|
@ -164,6 +165,7 @@ corenet_udp_sendrecv_all_nodes(lpd_t)
|
|||
corenet_raw_sendrecv_all_nodes(lpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(lpd_t)
|
||||
corenet_udp_sendrecv_all_ports(lpd_t)
|
||||
corenet_non_ipsec_sendrecv(lpd_t)
|
||||
corenet_tcp_bind_all_nodes(lpd_t)
|
||||
corenet_udp_bind_all_nodes(lpd_t)
|
||||
corenet_tcp_bind_printer_port(lpd_t)
|
||||
|
|
|
|||
|
|
@ -56,6 +56,7 @@ template(`mailman_domain_template', `
|
|||
corenet_raw_sendrecv_all_nodes(mailman_$1_t)
|
||||
corenet_tcp_sendrecv_all_ports(mailman_$1_t)
|
||||
corenet_udp_sendrecv_all_ports(mailman_$1_t)
|
||||
corenet_non_ipsec_sendrecv(mailman_$1_t)
|
||||
corenet_tcp_bind_all_nodes(mailman_$1_t)
|
||||
corenet_udp_bind_all_nodes(mailman_$1_t)
|
||||
corenet_tcp_connect_smtp_port(mailman_$1_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(mailman,1.0)
|
||||
policy_module(mailman,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
|
|||
|
|
@ -73,6 +73,7 @@ template(`mta_base_mail_template',`
|
|||
corenet_tcp_sendrecv_all_nodes($1_mail_t)
|
||||
corenet_raw_sendrecv_all_nodes($1_mail_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_mail_t)
|
||||
corenet_non_ipsec_sendrecv($1_mail_t)
|
||||
corenet_tcp_bind_all_nodes($1_mail_t)
|
||||
corenet_tcp_connect_all_ports($1_mail_t)
|
||||
corenet_tcp_connect_smtp_port($1_mail_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(mta,1.0.3)
|
||||
policy_module(mta,1.0.4)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(mysql,1.0)
|
||||
policy_module(mysql,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -73,6 +73,7 @@ corenet_udp_sendrecv_all_nodes(mysqld_t)
|
|||
corenet_raw_sendrecv_all_nodes(mysqld_t)
|
||||
corenet_tcp_sendrecv_all_ports(mysqld_t)
|
||||
corenet_udp_sendrecv_all_ports(mysqld_t)
|
||||
corenet_non_ipsec_sendrecv(mysqld_t)
|
||||
corenet_tcp_bind_all_nodes(mysqld_t)
|
||||
corenet_udp_bind_all_nodes(mysqld_t)
|
||||
corenet_tcp_bind_mysqld_port(mysqld_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(networkmanager,1.0.1)
|
||||
policy_module(networkmanager,1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -48,6 +48,7 @@ corenet_udp_sendrecv_all_nodes(NetworkManager_t)
|
|||
corenet_raw_sendrecv_all_nodes(NetworkManager_t)
|
||||
corenet_tcp_sendrecv_all_ports(NetworkManager_t)
|
||||
corenet_udp_sendrecv_all_ports(NetworkManager_t)
|
||||
corenet_non_ipsec_sendrecv(NetworkManager_t)
|
||||
corenet_tcp_bind_all_nodes(NetworkManager_t)
|
||||
corenet_udp_bind_all_nodes(NetworkManager_t)
|
||||
corenet_tcp_connect_all_ports(NetworkManager_t)
|
||||
|
|
|
|||
|
|
@ -43,6 +43,7 @@ interface(`nis_use_ypbind_uncond',`
|
|||
corenet_raw_sendrecv_all_nodes($1)
|
||||
corenet_tcp_sendrecv_all_ports($1)
|
||||
corenet_udp_sendrecv_all_ports($1)
|
||||
corenet_non_ipsec_sendrecv($1)
|
||||
corenet_tcp_bind_all_nodes($1)
|
||||
corenet_udp_bind_all_nodes($1)
|
||||
corenet_tcp_bind_generic_port($1)
|
||||
|
|
@ -90,6 +91,7 @@ interface(`nis_use_ypbind',`
|
|||
corenet_raw_sendrecv_all_nodes($1)
|
||||
corenet_tcp_sendrecv_all_ports($1)
|
||||
corenet_udp_sendrecv_all_ports($1)
|
||||
corenet_non_ipsec_sendrecv($1)
|
||||
corenet_tcp_bind_all_nodes($1)
|
||||
corenet_udp_bind_all_nodes($1)
|
||||
corenet_tcp_bind_generic_port($1)
|
||||
|
|
|
|||
|
|
@ -74,10 +74,11 @@ corenet_raw_sendrecv_all_if(ypbind_t)
|
|||
corenet_tcp_sendrecv_all_nodes(ypbind_t)
|
||||
corenet_udp_sendrecv_all_nodes(ypbind_t)
|
||||
corenet_raw_sendrecv_all_nodes(ypbind_t)
|
||||
corenet_tcp_bind_all_nodes(ypbind_t)
|
||||
corenet_udp_bind_all_nodes(ypbind_t)
|
||||
corenet_tcp_sendrecv_all_ports(ypbind_t)
|
||||
corenet_udp_sendrecv_all_ports(ypbind_t)
|
||||
corenet_non_ipsec_sendrecv(ypbind_t)
|
||||
corenet_tcp_bind_all_nodes(ypbind_t)
|
||||
corenet_udp_bind_all_nodes(ypbind_t)
|
||||
corenet_tcp_bind_generic_port(ypbind_t)
|
||||
corenet_udp_bind_generic_port(ypbind_t)
|
||||
corenet_tcp_bind_reserved_port(ypbind_t)
|
||||
|
|
@ -169,6 +170,7 @@ corenet_udp_sendrecv_all_nodes(yppasswdd_t)
|
|||
corenet_raw_sendrecv_all_nodes(yppasswdd_t)
|
||||
corenet_tcp_sendrecv_all_ports(yppasswdd_t)
|
||||
corenet_udp_sendrecv_all_ports(yppasswdd_t)
|
||||
corenet_non_ipsec_sendrecv(yppasswdd_t)
|
||||
corenet_tcp_bind_all_nodes(yppasswdd_t)
|
||||
corenet_udp_bind_all_nodes(yppasswdd_t)
|
||||
corenet_tcp_bind_reserved_port(yppasswdd_t)
|
||||
|
|
@ -272,6 +274,7 @@ corenet_udp_sendrecv_all_nodes(ypserv_t)
|
|||
corenet_raw_sendrecv_all_nodes(ypserv_t)
|
||||
corenet_tcp_sendrecv_all_ports(ypserv_t)
|
||||
corenet_udp_sendrecv_all_ports(ypserv_t)
|
||||
corenet_non_ipsec_sendrecv(ypserv_t)
|
||||
corenet_tcp_bind_all_nodes(ypserv_t)
|
||||
corenet_udp_bind_all_nodes(ypserv_t)
|
||||
corenet_tcp_bind_reserved_port(ypserv_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(nscd,1.0)
|
||||
policy_module(nscd,1.0.1)
|
||||
|
||||
gen_require(`
|
||||
class nscd all_nscd_perms;
|
||||
|
|
@ -76,6 +76,7 @@ corenet_udp_sendrecv_all_nodes(nscd_t)
|
|||
corenet_raw_sendrecv_all_nodes(nscd_t)
|
||||
corenet_tcp_sendrecv_all_ports(nscd_t)
|
||||
corenet_udp_sendrecv_all_ports(nscd_t)
|
||||
corenet_non_ipsec_sendrecv(nscd_t)
|
||||
corenet_tcp_bind_all_nodes(nscd_t)
|
||||
corenet_udp_bind_all_nodes(nscd_t)
|
||||
corenet_tcp_connect_all_ports(nscd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(ntp,1.0)
|
||||
policy_module(ntp,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -71,6 +71,7 @@ corenet_udp_sendrecv_all_nodes(ntpd_t)
|
|||
corenet_raw_sendrecv_all_nodes(ntpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(ntpd_t)
|
||||
corenet_udp_sendrecv_all_ports(ntpd_t)
|
||||
corenet_non_ipsec_sendrecv(ntpd_t)
|
||||
corenet_tcp_bind_all_nodes(ntpd_t)
|
||||
corenet_udp_bind_all_nodes(ntpd_t)
|
||||
corenet_udp_bind_ntp_port(ntpd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(pegasus,1.0.2)
|
||||
policy_module(pegasus,1.0.3)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -71,6 +71,7 @@ corenet_raw_sendrecv_all_if(pegasus_t)
|
|||
corenet_tcp_sendrecv_all_nodes(pegasus_t)
|
||||
corenet_raw_sendrecv_all_nodes(pegasus_t)
|
||||
corenet_tcp_sendrecv_all_ports(pegasus_t)
|
||||
corenet_non_ipsec_sendrecv(pegasus_t)
|
||||
corenet_tcp_bind_all_nodes(pegasus_t)
|
||||
corenet_tcp_bind_pegasus_http_port(pegasus_t)
|
||||
corenet_tcp_bind_pegasus_https_port(pegasus_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(portmap,1.0)
|
||||
policy_module(portmap,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -56,6 +56,7 @@ corenet_udp_sendrecv_all_nodes(portmap_t)
|
|||
corenet_raw_sendrecv_all_nodes(portmap_t)
|
||||
corenet_tcp_sendrecv_all_ports(portmap_t)
|
||||
corenet_udp_sendrecv_all_ports(portmap_t)
|
||||
corenet_non_ipsec_sendrecv(portmap_t)
|
||||
corenet_tcp_bind_all_nodes(portmap_t)
|
||||
corenet_udp_bind_all_nodes(portmap_t)
|
||||
corenet_tcp_bind_portmap_port(portmap_t)
|
||||
|
|
@ -172,6 +173,7 @@ corenet_udp_sendrecv_all_nodes(portmap_helper_t)
|
|||
corenet_raw_sendrecv_all_nodes(portmap_helper_t)
|
||||
corenet_tcp_sendrecv_all_ports(portmap_helper_t)
|
||||
corenet_udp_sendrecv_all_ports(portmap_helper_t)
|
||||
corenet_non_ipsec_sendrecv(portmap_helper_t)
|
||||
corenet_tcp_bind_all_nodes(portmap_helper_t)
|
||||
corenet_udp_bind_all_nodes(portmap_helper_t)
|
||||
corenet_tcp_bind_reserved_port(portmap_helper_t)
|
||||
|
|
|
|||
|
|
@ -120,6 +120,7 @@ template(`postfix_server_domain_template',`
|
|||
corenet_raw_sendrecv_all_nodes(postfix_$1_t)
|
||||
corenet_tcp_sendrecv_all_ports(postfix_$1_t)
|
||||
corenet_udp_sendrecv_all_ports(postfix_$1_t)
|
||||
corenet_non_ipsec_sendrecv(postfix_$1_t)
|
||||
corenet_tcp_bind_all_nodes(postfix_$1_t)
|
||||
corenet_udp_bind_all_nodes(postfix_$1_t)
|
||||
corenet_tcp_connect_all_ports(postfix_$1_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(postfix,1.0.3)
|
||||
policy_module(postfix,1.0.4)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -142,6 +142,7 @@ corenet_udp_sendrecv_all_nodes(postfix_master_t)
|
|||
corenet_raw_sendrecv_all_nodes(postfix_master_t)
|
||||
corenet_tcp_sendrecv_all_ports(postfix_master_t)
|
||||
corenet_udp_sendrecv_all_ports(postfix_master_t)
|
||||
corenet_non_ipsec_sendrecv(postfix_master_t)
|
||||
corenet_tcp_bind_all_nodes(postfix_master_t)
|
||||
corenet_udp_bind_all_nodes(postfix_master_t)
|
||||
corenet_tcp_bind_amavisd_send_port(postfix_master_t)
|
||||
|
|
@ -309,10 +310,11 @@ corenet_raw_sendrecv_all_if(postfix_map_t)
|
|||
corenet_tcp_sendrecv_all_nodes(postfix_map_t)
|
||||
corenet_udp_sendrecv_all_nodes(postfix_map_t)
|
||||
corenet_raw_sendrecv_all_nodes(postfix_map_t)
|
||||
corenet_tcp_bind_all_nodes(postfix_map_t)
|
||||
corenet_udp_bind_all_nodes(postfix_map_t)
|
||||
corenet_tcp_sendrecv_all_ports(postfix_map_t)
|
||||
corenet_udp_sendrecv_all_ports(postfix_map_t)
|
||||
corenet_non_ipsec_sendrecv(postfix_map_t)
|
||||
corenet_tcp_bind_all_nodes(postfix_map_t)
|
||||
corenet_udp_bind_all_nodes(postfix_map_t)
|
||||
corenet_tcp_connect_all_ports(postfix_map_t)
|
||||
|
||||
corecmd_list_bin(postfix_map_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(postgresql,1.0)
|
||||
policy_module(postgresql,1.0.1)
|
||||
|
||||
#################################
|
||||
#
|
||||
|
|
@ -92,6 +92,7 @@ corenet_udp_sendrecv_all_nodes(postgresql_t)
|
|||
corenet_raw_sendrecv_all_nodes(postgresql_t)
|
||||
corenet_tcp_sendrecv_all_ports(postgresql_t)
|
||||
corenet_udp_sendrecv_all_ports(postgresql_t)
|
||||
corenet_non_ipsec_sendrecv(postgresql_t)
|
||||
corenet_tcp_bind_all_nodes(postgresql_t)
|
||||
corenet_udp_bind_all_nodes(postgresql_t)
|
||||
corenet_tcp_bind_postgresql_port(postgresql_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(ppp,1.0)
|
||||
policy_module(ppp,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -125,6 +125,7 @@ corenet_raw_sendrecv_all_nodes(pppd_t)
|
|||
corenet_udp_sendrecv_all_nodes(pppd_t)
|
||||
corenet_tcp_sendrecv_all_ports(pppd_t)
|
||||
corenet_udp_sendrecv_all_ports(pppd_t)
|
||||
corenet_non_ipsec_sendrecv(pppd_t)
|
||||
corenet_tcp_bind_all_nodes(pppd_t)
|
||||
corenet_udp_bind_all_nodes(pppd_t)
|
||||
# Access /dev/ppp.
|
||||
|
|
@ -265,6 +266,7 @@ corenet_raw_sendrecv_all_if(pptp_t)
|
|||
corenet_tcp_sendrecv_all_nodes(pptp_t)
|
||||
corenet_raw_sendrecv_all_nodes(pptp_t)
|
||||
corenet_tcp_sendrecv_all_ports(pptp_t)
|
||||
corenet_non_ipsec_sendrecv(pptp_t)
|
||||
corenet_tcp_bind_all_nodes(pptp_t)
|
||||
corenet_tcp_connect_generic_port(pptp_t)
|
||||
corenet_tcp_connect_all_reserved_ports(pptp_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(privoxy,1.0.1)
|
||||
policy_module(privoxy,1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -47,6 +47,7 @@ corenet_raw_sendrecv_all_if(privoxy_t)
|
|||
corenet_tcp_sendrecv_all_nodes(privoxy_t)
|
||||
corenet_raw_sendrecv_all_nodes(privoxy_t)
|
||||
corenet_tcp_sendrecv_all_ports(privoxy_t)
|
||||
corenet_non_ipsec_sendrecv(privoxy_t)
|
||||
corenet_tcp_bind_http_cache_port(privoxy_t)
|
||||
corenet_tcp_connect_http_port(privoxy_t)
|
||||
corenet_tcp_connect_ftp_port(privoxy_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(procmail,1.0.1)
|
||||
policy_module(procmail,1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -36,6 +36,7 @@ corenet_udp_sendrecv_all_nodes(procmail_t)
|
|||
corenet_raw_sendrecv_all_nodes(procmail_t)
|
||||
corenet_tcp_sendrecv_all_ports(procmail_t)
|
||||
corenet_udp_sendrecv_all_ports(procmail_t)
|
||||
corenet_non_ipsec_sendrecv(procmail_t)
|
||||
corenet_tcp_bind_all_nodes(procmail_t)
|
||||
corenet_udp_bind_all_nodes(procmail_t)
|
||||
corenet_tcp_connect_spamd_port(procmail_t)
|
||||
|
|
|
|||
|
|
@ -56,10 +56,11 @@ corenet_raw_sendrecv_all_if(radiusd_t)
|
|||
corenet_tcp_sendrecv_all_nodes(radiusd_t)
|
||||
corenet_udp_sendrecv_all_nodes(radiusd_t)
|
||||
corenet_raw_sendrecv_all_nodes(radiusd_t)
|
||||
corenet_tcp_bind_all_nodes(radiusd_t)
|
||||
corenet_udp_bind_all_nodes(radiusd_t)
|
||||
corenet_tcp_sendrecv_all_ports(radiusd_t)
|
||||
corenet_udp_sendrecv_all_ports(radiusd_t)
|
||||
corenet_non_ipsec_sendrecv(radiusd_t)
|
||||
corenet_tcp_bind_all_nodes(radiusd_t)
|
||||
corenet_udp_bind_all_nodes(radiusd_t)
|
||||
corenet_udp_bind_radacct_port(radiusd_t)
|
||||
corenet_udp_bind_radius_port(radiusd_t)
|
||||
# for RADIUS proxy port
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(radvd,1.0)
|
||||
policy_module(radvd,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -47,6 +47,7 @@ corenet_udp_sendrecv_all_nodes(radvd_t)
|
|||
corenet_raw_sendrecv_all_nodes(radvd_t)
|
||||
corenet_tcp_sendrecv_all_ports(radvd_t)
|
||||
corenet_udp_sendrecv_all_ports(radvd_t)
|
||||
corenet_non_ipsec_sendrecv(radvd_t)
|
||||
corenet_tcp_bind_all_nodes(radvd_t)
|
||||
corenet_udp_bind_all_nodes(radvd_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(rdisc,1.0.0)
|
||||
policy_module(rdisc,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -31,6 +31,7 @@ corenet_raw_sendrecv_generic_if(rdisc_t)
|
|||
corenet_udp_sendrecv_all_nodes(rdisc_t)
|
||||
corenet_raw_sendrecv_all_nodes(rdisc_t)
|
||||
corenet_udp_sendrecv_all_ports(rdisc_t)
|
||||
corenet_non_ipsec_sendrecv(rdisc_t)
|
||||
corenet_udp_bind_all_nodes(rdisc_t)
|
||||
|
||||
dev_read_sysfs(rdisc_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(rlogin,1.0)
|
||||
policy_module(rlogin,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -59,6 +59,7 @@ corenet_udp_sendrecv_all_nodes(rlogind_t)
|
|||
corenet_raw_sendrecv_all_nodes(rlogind_t)
|
||||
corenet_tcp_sendrecv_all_ports(rlogind_t)
|
||||
corenet_udp_sendrecv_all_ports(rlogind_t)
|
||||
corenet_non_ipsec_sendrecv(rlogind_t)
|
||||
corenet_tcp_bind_all_nodes(rlogind_t)
|
||||
corenet_udp_bind_all_nodes(rlogind_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -58,6 +58,7 @@ template(`rpc_domain_template', `
|
|||
corenet_raw_sendrecv_all_nodes($1_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_t)
|
||||
corenet_udp_sendrecv_all_ports($1_t)
|
||||
corenet_non_ipsec_sendrecv($1_t)
|
||||
corenet_tcp_bind_all_nodes($1_t)
|
||||
corenet_udp_bind_all_nodes($1_t)
|
||||
corenet_tcp_bind_reserved_port($1_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(rpc,1.0.2)
|
||||
policy_module(rpc,1.0.3)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(rshd,1.0)
|
||||
policy_module(rshd,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -31,6 +31,7 @@ corenet_udp_sendrecv_all_nodes(rshd_t)
|
|||
corenet_raw_sendrecv_all_nodes(rshd_t)
|
||||
corenet_tcp_sendrecv_all_ports(rshd_t)
|
||||
corenet_udp_sendrecv_all_ports(rshd_t)
|
||||
corenet_non_ipsec_sendrecv(rshd_t)
|
||||
corenet_tcp_bind_all_nodes(rshd_t)
|
||||
corenet_tcp_bind_rsh_port(rshd_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(rsync,1.0)
|
||||
policy_module(rsync,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -63,6 +63,7 @@ corenet_udp_sendrecv_all_nodes(rsync_t)
|
|||
corenet_raw_sendrecv_all_nodes(rsync_t)
|
||||
corenet_tcp_sendrecv_all_ports(rsync_t)
|
||||
corenet_udp_sendrecv_all_ports(rsync_t)
|
||||
corenet_non_ipsec_sendrecv(rsync_t)
|
||||
corenet_tcp_bind_all_nodes(rsync_t)
|
||||
corenet_udp_bind_all_nodes(rsync_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(samba,1.0)
|
||||
policy_module(samba,1.0.1)
|
||||
|
||||
#################################
|
||||
#
|
||||
|
|
@ -108,6 +108,7 @@ corenet_udp_sendrecv_all_nodes(samba_net_t)
|
|||
corenet_raw_sendrecv_all_nodes(samba_net_t)
|
||||
corenet_tcp_sendrecv_all_ports(samba_net_t)
|
||||
corenet_udp_sendrecv_all_ports(samba_net_t)
|
||||
corenet_non_ipsec_sendrecv(samba_net_t)
|
||||
corenet_tcp_bind_all_nodes(samba_net_t)
|
||||
corenet_udp_bind_all_nodes(samba_net_t)
|
||||
corenet_tcp_connect_smbd_port(samba_net_t)
|
||||
|
|
@ -145,6 +146,7 @@ optional_policy(`ldap',`
|
|||
corenet_tcp_sendrecv_all_nodes(samba_net_t)
|
||||
corenet_raw_sendrecv_all_nodes(samba_net_t)
|
||||
corenet_tcp_sendrecv_ldap_port(samba_net_t)
|
||||
corenet_non_ipsec_sendrecv(samba_net_t)
|
||||
corenet_tcp_bind_all_nodes(samba_net_t)
|
||||
sysnet_read_config(samba_net_t)
|
||||
')
|
||||
|
|
@ -225,6 +227,7 @@ corenet_udp_sendrecv_all_nodes(smbd_t)
|
|||
corenet_raw_sendrecv_all_nodes(smbd_t)
|
||||
corenet_tcp_sendrecv_all_ports(smbd_t)
|
||||
corenet_udp_sendrecv_all_ports(smbd_t)
|
||||
corenet_non_ipsec_sendrecv(smbd_t)
|
||||
corenet_tcp_bind_all_nodes(smbd_t)
|
||||
corenet_udp_bind_all_nodes(smbd_t)
|
||||
corenet_tcp_bind_smbd_port(smbd_t)
|
||||
|
|
@ -370,6 +373,7 @@ corenet_udp_sendrecv_all_nodes(nmbd_t)
|
|||
corenet_raw_sendrecv_all_nodes(nmbd_t)
|
||||
corenet_tcp_sendrecv_all_ports(nmbd_t)
|
||||
corenet_udp_sendrecv_all_ports(nmbd_t)
|
||||
corenet_non_ipsec_sendrecv(nmbd_t)
|
||||
corenet_tcp_bind_all_nodes(nmbd_t)
|
||||
corenet_udp_bind_all_nodes(nmbd_t)
|
||||
corenet_udp_bind_nmbd_port(nmbd_t)
|
||||
|
|
@ -458,6 +462,7 @@ corenet_raw_sendrecv_all_nodes(smbmount_t)
|
|||
corenet_udp_sendrecv_all_nodes(smbmount_t)
|
||||
corenet_tcp_sendrecv_all_ports(smbmount_t)
|
||||
corenet_udp_sendrecv_all_ports(smbmount_t)
|
||||
corenet_non_ipsec_sendrecv(smbmount_t)
|
||||
corenet_tcp_bind_all_nodes(smbmount_t)
|
||||
corenet_udp_bind_all_nodes(smbmount_t)
|
||||
corenet_tcp_connect_all_ports(smbmount_t)
|
||||
|
|
@ -567,6 +572,7 @@ corenet_udp_sendrecv_all_nodes(winbind_t)
|
|||
corenet_raw_sendrecv_all_nodes(winbind_t)
|
||||
corenet_tcp_sendrecv_all_ports(winbind_t)
|
||||
corenet_udp_sendrecv_all_ports(winbind_t)
|
||||
corenet_non_ipsec_sendrecv(winbind_t)
|
||||
corenet_tcp_bind_all_nodes(winbind_t)
|
||||
corenet_udp_bind_all_nodes(winbind_t)
|
||||
corenet_tcp_connect_smbd_port(winbind_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(sasl,1.0.1)
|
||||
policy_module(sasl,1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -38,6 +38,7 @@ corenet_raw_sendrecv_all_if(saslauthd_t)
|
|||
corenet_tcp_sendrecv_all_nodes(saslauthd_t)
|
||||
corenet_raw_sendrecv_all_nodes(saslauthd_t)
|
||||
corenet_tcp_sendrecv_all_ports(saslauthd_t)
|
||||
corenet_non_ipsec_sendrecv(saslauthd_t)
|
||||
corenet_tcp_bind_all_nodes(saslauthd_t)
|
||||
corenet_tcp_connect_pop_port(saslauthd_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(sendmail,1.0)
|
||||
policy_module(sendmail,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -51,6 +51,7 @@ corenet_raw_sendrecv_all_nodes(sendmail_t)
|
|||
corenet_udp_sendrecv_all_nodes(sendmail_t)
|
||||
corenet_tcp_sendrecv_all_ports(sendmail_t)
|
||||
corenet_udp_sendrecv_all_ports(sendmail_t)
|
||||
corenet_non_ipsec_sendrecv(sendmail_t)
|
||||
corenet_tcp_bind_all_nodes(sendmail_t)
|
||||
corenet_udp_bind_all_nodes(sendmail_t)
|
||||
corenet_tcp_bind_smtp_port(sendmail_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(snmp,1.0.2)
|
||||
policy_module(snmp,1.0.3)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -68,6 +68,7 @@ corenet_udp_sendrecv_all_nodes(snmpd_t)
|
|||
corenet_raw_sendrecv_all_nodes(snmpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(snmpd_t)
|
||||
corenet_udp_sendrecv_all_ports(snmpd_t)
|
||||
corenet_non_ipsec_sendrecv(snmpd_t)
|
||||
corenet_tcp_bind_all_nodes(snmpd_t)
|
||||
corenet_udp_bind_all_nodes(snmpd_t)
|
||||
corenet_tcp_bind_snmp_port(snmpd_t)
|
||||
|
|
|
|||
|
|
@ -100,6 +100,7 @@ template(`spamassassin_per_userdomain_template',`
|
|||
corenet_raw_sendrecv_all_nodes($1_spamc_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_spamc_t)
|
||||
corenet_udp_sendrecv_all_ports($1_spamc_t)
|
||||
corenet_non_ipsec_sendrecv($1_spamc_t)
|
||||
corenet_tcp_bind_all_nodes($1_spamc_t)
|
||||
corenet_udp_bind_all_nodes($1_spamc_t)
|
||||
corenet_tcp_connect_all_ports($1_spamc_t)
|
||||
|
|
@ -282,6 +283,7 @@ template(`spamassassin_per_userdomain_template',`
|
|||
corenet_raw_sendrecv_all_nodes($1_spamassassin_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_spamassassin_t)
|
||||
corenet_udp_sendrecv_all_ports($1_spamassassin_t)
|
||||
corenet_non_ipsec_sendrecv($1_spamassassin_t)
|
||||
corenet_tcp_bind_all_nodes($1_spamassassin_t)
|
||||
corenet_udp_bind_all_nodes($1_spamassassin_t)
|
||||
corenet_tcp_connect_all_ports($1_spamassassin_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(spamassassin,1.0.0)
|
||||
policy_module(spamassassin,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -69,6 +69,7 @@ corenet_udp_sendrecv_all_nodes(spamd_t)
|
|||
corenet_raw_sendrecv_all_nodes(spamd_t)
|
||||
corenet_tcp_sendrecv_all_ports(spamd_t)
|
||||
corenet_udp_sendrecv_all_ports(spamd_t)
|
||||
corenet_non_ipsec_sendrecv(spamd_t)
|
||||
corenet_tcp_bind_all_nodes(spamd_t)
|
||||
corenet_udp_bind_all_nodes(spamd_t)
|
||||
corenet_tcp_bind_spamd_port(spamd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(squid,1.0)
|
||||
policy_module(squid,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -78,6 +78,7 @@ corenet_udp_sendrecv_all_nodes(squid_t)
|
|||
corenet_raw_sendrecv_all_nodes(squid_t)
|
||||
corenet_tcp_sendrecv_all_ports(squid_t)
|
||||
corenet_udp_sendrecv_all_ports(squid_t)
|
||||
corenet_non_ipsec_sendrecv(squid_t)
|
||||
corenet_tcp_bind_all_nodes(squid_t)
|
||||
corenet_udp_bind_all_nodes(squid_t)
|
||||
corenet_tcp_bind_http_cache_port(squid_t)
|
||||
|
|
|
|||
|
|
@ -123,6 +123,7 @@ template(`ssh_per_userdomain_template',`
|
|||
corenet_tcp_sendrecv_all_nodes($1_ssh_t)
|
||||
corenet_raw_sendrecv_all_nodes($1_ssh_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_ssh_t)
|
||||
corenet_non_ipsec_sendrecv($1_ssh_t)
|
||||
corenet_tcp_bind_all_nodes($1_ssh_t)
|
||||
corenet_tcp_connect_ssh_port($1_ssh_t)
|
||||
|
||||
|
|
@ -437,6 +438,7 @@ template(`ssh_server_template', `
|
|||
corenet_raw_sendrecv_all_nodes($1_t)
|
||||
corenet_udp_sendrecv_all_ports($1_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_t)
|
||||
corenet_non_ipsec_sendrecv($1_t)
|
||||
corenet_tcp_bind_all_nodes($1_t)
|
||||
corenet_udp_bind_all_nodes($1_t)
|
||||
corenet_tcp_connect_all_ports($1_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(ssh,1.0)
|
||||
policy_module(ssh,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(stunnel,1.0)
|
||||
policy_module(stunnel,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -63,6 +63,7 @@ corenet_udp_sendrecv_all_nodes(stunnel_t)
|
|||
corenet_raw_sendrecv_all_nodes(stunnel_t)
|
||||
corenet_tcp_sendrecv_all_ports(stunnel_t)
|
||||
corenet_udp_sendrecv_all_ports(stunnel_t)
|
||||
corenet_non_ipsec_sendrecv(stunnel_t)
|
||||
corenet_tcp_bind_all_nodes(stunnel_t)
|
||||
corenet_udp_bind_all_nodes(stunnel_t)
|
||||
#corenet_tcp_bind_stunnel_port(stunnel_t)
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ corenet_tcp_sendrecv_all_if(tcpd_t)
|
|||
corenet_raw_sendrecv_all_nodes(tcpd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(tcpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(tcpd_t)
|
||||
corenet_non_ipsec_sendrecv(tcpd_t)
|
||||
corenet_tcp_bind_all_nodes(tcpd_t)
|
||||
|
||||
fs_getattr_xattr_fs(tcpd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(telnet,1.0)
|
||||
policy_module(telnet,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -57,6 +57,7 @@ corenet_udp_sendrecv_all_nodes(telnetd_t)
|
|||
corenet_raw_sendrecv_all_nodes(telnetd_t)
|
||||
corenet_tcp_sendrecv_all_ports(telnetd_t)
|
||||
corenet_udp_sendrecv_all_ports(telnetd_t)
|
||||
corenet_non_ipsec_sendrecv(telnetd_t)
|
||||
corenet_tcp_bind_all_nodes(telnetd_t)
|
||||
corenet_udp_bind_all_nodes(telnetd_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(tftp,1.0)
|
||||
policy_module(tftp,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -49,6 +49,7 @@ corenet_udp_sendrecv_all_nodes(tftpd_t)
|
|||
corenet_raw_sendrecv_all_nodes(tftpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(tftpd_t)
|
||||
corenet_udp_sendrecv_all_ports(tftpd_t)
|
||||
corenet_non_ipsec_sendrecv(tftpd_t)
|
||||
corenet_tcp_bind_all_nodes(tftpd_t)
|
||||
corenet_udp_bind_all_nodes(tftpd_t)
|
||||
corenet_udp_bind_tftp_port(tftpd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(timidity,1.0.0)
|
||||
policy_module(timidity,1.0.1)
|
||||
|
||||
# Note: You only need this policy if you want to run timidity as a server
|
||||
|
||||
|
|
@ -47,6 +47,7 @@ corenet_udp_sendrecv_all_nodes(timidity_t)
|
|||
corenet_raw_sendrecv_all_nodes(timidity_t)
|
||||
corenet_tcp_sendrecv_all_ports(timidity_t)
|
||||
corenet_udp_sendrecv_all_ports(timidity_t)
|
||||
corenet_non_ipsec_sendrecv(timidity_t)
|
||||
corenet_tcp_bind_all_nodes(timidity_t)
|
||||
corenet_udp_bind_all_nodes(timidity_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(uucp,1.0)
|
||||
policy_module(uucp,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -75,6 +75,7 @@ corenet_udp_sendrecv_all_nodes(uucpd_t)
|
|||
corenet_raw_sendrecv_all_nodes(uucpd_t)
|
||||
corenet_tcp_sendrecv_all_ports(uucpd_t)
|
||||
corenet_udp_sendrecv_all_ports(uucpd_t)
|
||||
corenet_non_ipsec_sendrecv(uucpd_t)
|
||||
corenet_tcp_bind_all_nodes(uucpd_t)
|
||||
corenet_udp_bind_all_nodes(uucpd_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(zebra,1.0.1)
|
||||
policy_module(zebra,1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -69,6 +69,7 @@ corenet_udp_sendrecv_all_nodes(zebra_t)
|
|||
corenet_raw_sendrecv_all_nodes(zebra_t)
|
||||
corenet_tcp_sendrecv_all_ports(zebra_t)
|
||||
corenet_udp_sendrecv_all_ports(zebra_t)
|
||||
corenet_non_ipsec_sendrecv(zebra_t)
|
||||
corenet_tcp_bind_all_nodes(zebra_t)
|
||||
corenet_udp_bind_all_nodes(zebra_t)
|
||||
corenet_tcp_bind_zebra_port(zebra_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(hotplug,1.0.1)
|
||||
policy_module(hotplug,1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -61,6 +61,7 @@ corenet_udp_sendrecv_all_nodes(hotplug_t)
|
|||
corenet_raw_sendrecv_all_nodes(hotplug_t)
|
||||
corenet_tcp_sendrecv_all_ports(hotplug_t)
|
||||
corenet_udp_sendrecv_all_ports(hotplug_t)
|
||||
corenet_non_ipsec_sendrecv(hotplug_t)
|
||||
corenet_tcp_bind_all_nodes(hotplug_t)
|
||||
corenet_udp_bind_all_nodes(hotplug_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(init,1.0.3)
|
||||
policy_module(init,1.0.4)
|
||||
|
||||
gen_require(`
|
||||
class passwd rootok;
|
||||
|
|
@ -257,6 +257,7 @@ corenet_raw_sendrecv_all_nodes(initrc_t)
|
|||
corenet_udp_sendrecv_all_nodes(initrc_t)
|
||||
corenet_tcp_sendrecv_all_ports(initrc_t)
|
||||
corenet_udp_sendrecv_all_ports(initrc_t)
|
||||
corenet_non_ipsec_sendrecv(initrc_t)
|
||||
corenet_tcp_bind_all_nodes(initrc_t)
|
||||
corenet_udp_bind_all_nodes(initrc_t)
|
||||
corenet_tcp_connect_all_ports(initrc_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(ipsec,1.0)
|
||||
policy_module(ipsec,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -87,6 +87,7 @@ corenet_raw_sendrecv_all_if(ipsec_t)
|
|||
corenet_tcp_sendrecv_all_nodes(ipsec_t)
|
||||
corenet_raw_sendrecv_all_nodes(ipsec_t)
|
||||
corenet_tcp_sendrecv_all_ports(ipsec_t)
|
||||
corenet_non_ipsec_sendrecv(ipsec_t)
|
||||
corenet_tcp_bind_all_nodes(ipsec_t)
|
||||
corenet_udp_bind_reserved_port(ipsec_t)
|
||||
corenet_udp_bind_isakmp_port(ipsec_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(logging,1.0.2)
|
||||
policy_module(logging,1.0.3)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -313,6 +313,7 @@ corenet_udp_sendrecv_all_if(syslogd_t)
|
|||
corenet_raw_sendrecv_all_nodes(syslogd_t)
|
||||
corenet_udp_sendrecv_all_nodes(syslogd_t)
|
||||
corenet_udp_sendrecv_all_ports(syslogd_t)
|
||||
corenet_non_ipsec_sendrecv(syslogd_t)
|
||||
corenet_udp_bind_all_nodes(syslogd_t)
|
||||
corenet_tcp_bind_syslogd_port(syslogd_t)
|
||||
#cjp: why?
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(lvm,1.0)
|
||||
policy_module(lvm,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -65,6 +65,7 @@ corenet_udp_sendrecv_all_nodes(clvmd_t)
|
|||
corenet_raw_sendrecv_all_nodes(clvmd_t)
|
||||
corenet_tcp_sendrecv_all_ports(clvmd_t)
|
||||
corenet_udp_sendrecv_all_ports(clvmd_t)
|
||||
corenet_non_ipsec_sendrecv(clvmd_t)
|
||||
corenet_tcp_bind_all_nodes(clvmd_t)
|
||||
corenet_udp_bind_all_nodes(clvmd_t)
|
||||
corenet_tcp_bind_reserved_port(clvmd_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(mount,1.0)
|
||||
policy_module(mount,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -106,6 +106,7 @@ optional_policy(`portmap',`
|
|||
corenet_udp_sendrecv_all_nodes(mount_t)
|
||||
corenet_tcp_sendrecv_all_ports(mount_t)
|
||||
corenet_udp_sendrecv_all_ports(mount_t)
|
||||
corenet_non_ipsec_sendrecv(mount_t)
|
||||
corenet_tcp_bind_all_nodes(mount_t)
|
||||
corenet_udp_bind_all_nodes(mount_t)
|
||||
corenet_tcp_bind_generic_port(mount_t)
|
||||
|
|
|
|||
|
|
@ -440,6 +440,7 @@ interface(`sysnet_dns_name_resolve',`
|
|||
corenet_raw_sendrecv_all_nodes($1)
|
||||
corenet_tcp_sendrecv_dns_port($1)
|
||||
corenet_udp_sendrecv_dns_port($1)
|
||||
corenet_non_ipsec_sendrecv($1)
|
||||
corenet_tcp_bind_all_nodes($1)
|
||||
corenet_udp_bind_all_nodes($1)
|
||||
corenet_tcp_connect_dns_port($1)
|
||||
|
|
@ -468,6 +469,7 @@ interface(`sysnet_use_ldap',`
|
|||
corenet_tcp_sendrecv_all_nodes($1)
|
||||
corenet_raw_sendrecv_all_nodes($1)
|
||||
corenet_tcp_sendrecv_ldap_port($1)
|
||||
corenet_non_ipsec_sendrecv($1)
|
||||
corenet_tcp_bind_all_nodes($1)
|
||||
corenet_tcp_connect_ldap_port($1)
|
||||
|
||||
|
|
@ -499,6 +501,7 @@ interface(`sysnet_use_portmap',`
|
|||
corenet_raw_sendrecv_all_nodes($1)
|
||||
corenet_tcp_sendrecv_portmap_port($1)
|
||||
corenet_udp_sendrecv_portmap_port($1)
|
||||
corenet_non_ipsec_sendrecv($1)
|
||||
corenet_tcp_bind_all_nodes($1)
|
||||
corenet_udp_bind_all_nodes($1)
|
||||
corenet_tcp_connect_portmap_port($1)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(sysnetwork,1.0.3)
|
||||
policy_module(sysnetwork,1.0.4)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
|
@ -99,6 +99,7 @@ corenet_raw_sendrecv_all_nodes(dhcpc_t)
|
|||
corenet_udp_sendrecv_all_nodes(dhcpc_t)
|
||||
corenet_tcp_sendrecv_all_ports(dhcpc_t)
|
||||
corenet_udp_sendrecv_all_ports(dhcpc_t)
|
||||
corenet_non_ipsec_sendrecv(dhcpc_t)
|
||||
corenet_tcp_bind_all_nodes(dhcpc_t)
|
||||
corenet_udp_bind_all_nodes(dhcpc_t)
|
||||
corenet_udp_bind_dhcpc_port(dhcpc_t)
|
||||
|
|
|
|||
|
|
@ -173,6 +173,7 @@ template(`base_user_template',`
|
|||
corenet_udp_sendrecv_all_nodes($1_t)
|
||||
corenet_tcp_sendrecv_all_ports($1_t)
|
||||
corenet_udp_sendrecv_all_ports($1_t)
|
||||
corenet_non_ipsec_sendrecv($1_t)
|
||||
corenet_tcp_bind_all_nodes($1_t)
|
||||
corenet_udp_bind_all_nodes($1_t)
|
||||
corenet_udp_bind_generic_port($1_t)
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
|
||||
policy_module(userdomain,1.0.6)
|
||||
policy_module(userdomain,1.0.7)
|
||||
|
||||
gen_require(`
|
||||
role sysadm_r, staff_r, user_r;
|
||||
|
|
|
|||
Loading…
Reference in New Issue