rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

name_connect only on tcp_sockets

Browse Source
This commit is contained in:
Chris PeBenito 2005-07-20 17:10:07 +00:00
parent 9496fd5119
commit ef424c14d4
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
refpolicy/policy/modules/kernel/corenetwork.if.in
View File

@ -984,13 +984,14 @@ interface(`corenet_unconfined',`
gen_require(` gen_require(`
attribute node_type, netif_type, port_type; attribute node_type, netif_type, port_type;
class tcp_socket { send_msg recv_msg node_bind name_bind name_connect }; class tcp_socket { send_msg recv_msg node_bind name_bind name_connect };
class udp_socket { send_msg recv_msg node_bind name_bind name_connect }; class udp_socket { send_msg recv_msg node_bind name_bind };
class rawip_socket node_bind; class rawip_socket node_bind;
') ')
allow $1 node_type:node *; allow $1 node_type:node *;
allow $1 netif_type:netif *; allow $1 netif_type:netif *;
allow $1 port_type:{ tcp_socket udp_socket } { send_msg recv_msg name_connect }; allow $1 port_type:tcp_socket { send_msg recv_msg name_connect };
allow $1 port_type:udp_socket { send_msg recv_msg };
# Bind to any network address. # Bind to any network address.
# cjp: rawip_socket doesnt make any sense # cjp: rawip_socket doesnt make any sense