setools-4.1.1-8
- Add support for SCTP protocol
This commit is contained in:
parent
2dcce95b10
commit
efa4712a7b
131
0004-Add-support-for-SCTP-protocol.patch
Normal file
131
0004-Add-support-for-SCTP-protocol.patch
Normal file
@ -0,0 +1,131 @@
|
|||||||
|
From 3ef6369a22691e8e11cbf63f37b114941b3577a1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Vit Mojzis <vmojzis@redhat.com>
|
||||||
|
Date: Mon, 16 Apr 2018 20:46:20 +0200
|
||||||
|
Subject: [PATCH] Add support for SCTP protocol
|
||||||
|
|
||||||
|
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1568333
|
||||||
|
|
||||||
|
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
||||||
|
---
|
||||||
|
libqpol/include/qpol/linux_types.h | 1 +
|
||||||
|
libqpol/policy_define.c | 5 +++++
|
||||||
|
setools/perm_map | 30 ++++++++++++++++++++++++++++++
|
||||||
|
setools/policyrep/netcontext.py | 5 +++++
|
||||||
|
4 files changed, 41 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/libqpol/include/qpol/linux_types.h b/libqpol/include/qpol/linux_types.h
|
||||||
|
index c3c056b..0985162 100644
|
||||||
|
--- a/libqpol/include/qpol/linux_types.h
|
||||||
|
+++ b/libqpol/include/qpol/linux_types.h
|
||||||
|
@@ -12,6 +12,7 @@ typedef uint16_t __u16;
|
||||||
|
#define s6_addr32 __u6_addr32
|
||||||
|
|
||||||
|
#define IPPROTO_DCCP 33
|
||||||
|
+#define IPPROTO_SCTP 132
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#endif
|
||||||
|
diff --git a/libqpol/policy_define.c b/libqpol/policy_define.c
|
||||||
|
index dcc69fc..1e623a3 100644
|
||||||
|
--- a/libqpol/policy_define.c
|
||||||
|
+++ b/libqpol/policy_define.c
|
||||||
|
@@ -44,6 +44,9 @@
|
||||||
|
#ifndef IPPROTO_DCCP
|
||||||
|
#define IPPROTO_DCCP 33
|
||||||
|
#endif
|
||||||
|
+#ifndef IPPROTO_SCTP
|
||||||
|
+#define IPPROTO_SCTP 132
|
||||||
|
+#endif
|
||||||
|
#include <arpa/inet.h>
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <limits.h>
|
||||||
|
@@ -4933,6 +4936,8 @@ int define_port_context(unsigned int low, unsigned int high)
|
||||||
|
protocol = IPPROTO_UDP;
|
||||||
|
} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
|
||||||
|
protocol = IPPROTO_DCCP;
|
||||||
|
+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
|
||||||
|
+ protocol = IPPROTO_SCTP;
|
||||||
|
} else {
|
||||||
|
yyerror2("unrecognized protocol %s", id);
|
||||||
|
goto bad;
|
||||||
|
diff --git a/setools/perm_map b/setools/perm_map
|
||||||
|
index 0a9f91c..25fae09 100644
|
||||||
|
--- a/setools/perm_map
|
||||||
|
+++ b/setools/perm_map
|
||||||
|
@@ -385,6 +385,8 @@ class node 11
|
||||||
|
udp_send w 10
|
||||||
|
dccp_recv r 10
|
||||||
|
dccp_send w 10
|
||||||
|
+ sctp_recv r 10
|
||||||
|
+ sctp_send w 10
|
||||||
|
enforce_dest n 1
|
||||||
|
sendto w 10
|
||||||
|
recvfrom r 10
|
||||||
|
@@ -699,6 +701,32 @@ class dccp_socket 24
|
||||||
|
relabelto w 10
|
||||||
|
listen r 1
|
||||||
|
|
||||||
|
+class sctp_socket 24
|
||||||
|
+ node_bind n 1
|
||||||
|
+ name_connect w 10
|
||||||
|
+ append w 10
|
||||||
|
+ bind w 1
|
||||||
|
+ connect w 1
|
||||||
|
+ create w 1
|
||||||
|
+ write w 10
|
||||||
|
+ relabelfrom r 10
|
||||||
|
+ ioctl n 1
|
||||||
|
+ name_bind n 1
|
||||||
|
+ sendto w 10
|
||||||
|
+ recv_msg r 10
|
||||||
|
+ send_msg w 10
|
||||||
|
+ getattr r 7
|
||||||
|
+ setattr w 7
|
||||||
|
+ accept r 1
|
||||||
|
+ getopt r 1
|
||||||
|
+ read r 10
|
||||||
|
+ setopt w 1
|
||||||
|
+ shutdown w 1
|
||||||
|
+ recvfrom r 10
|
||||||
|
+ lock n 1
|
||||||
|
+ relabelto w 10
|
||||||
|
+ listen r 1
|
||||||
|
+
|
||||||
|
class netlink_firewall_socket 24
|
||||||
|
nlmsg_write w 10
|
||||||
|
nlmsg_read r 10
|
||||||
|
@@ -984,6 +1012,8 @@ class netif 10
|
||||||
|
udp_send w 10
|
||||||
|
dccp_recv r 10
|
||||||
|
dccp_send w 10
|
||||||
|
+ sctp_recv r 10
|
||||||
|
+ sctp_send w 10
|
||||||
|
|
||||||
|
class packet_socket 22
|
||||||
|
append w 10
|
||||||
|
diff --git a/setools/policyrep/netcontext.py b/setools/policyrep/netcontext.py
|
||||||
|
index c7076d2..2d890f3 100644
|
||||||
|
--- a/setools/policyrep/netcontext.py
|
||||||
|
+++ b/setools/policyrep/netcontext.py
|
||||||
|
@@ -38,6 +38,10 @@ try:
|
||||||
|
IPPROTO_DCCP = getprotobyname("dccp")
|
||||||
|
except socket.error:
|
||||||
|
IPPROTO_DCCP = 33
|
||||||
|
+try:
|
||||||
|
+ IPPROTO_SCTP = getprotobyname("sctp")
|
||||||
|
+except socket.error:
|
||||||
|
+ IPPROTO_SCTP = 132
|
||||||
|
|
||||||
|
|
||||||
|
def netifcon_factory(policy, name):
|
||||||
|
@@ -196,6 +200,7 @@ class PortconProtocol(int, PolicyEnum):
|
||||||
|
tcp = IPPROTO_TCP
|
||||||
|
udp = IPPROTO_UDP
|
||||||
|
dccp = IPPROTO_DCCP
|
||||||
|
+ sctp = IPPROTO_SCTP
|
||||||
|
|
||||||
|
|
||||||
|
class Portcon(NetContext):
|
||||||
|
--
|
||||||
|
2.14.3
|
||||||
|
|
@ -11,7 +11,7 @@
|
|||||||
|
|
||||||
Name: setools
|
Name: setools
|
||||||
Version: 4.1.1
|
Version: 4.1.1
|
||||||
Release: 7%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
|
Release: 8%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
|
||||||
Summary: Policy analysis tools for SELinux
|
Summary: Policy analysis tools for SELinux
|
||||||
|
|
||||||
License: GPLv2
|
License: GPLv2
|
||||||
@ -22,6 +22,7 @@ Source2: apol.desktop
|
|||||||
Patch1: 0001-Do-not-use-Werror-during-build.patch
|
Patch1: 0001-Do-not-use-Werror-during-build.patch
|
||||||
Patch2: 0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
|
Patch2: 0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
|
||||||
Patch3: 0003-bswap_-macros-are-defined-in-byteswap.h.patch
|
Patch3: 0003-bswap_-macros-are-defined-in-byteswap.h.patch
|
||||||
|
Patch4: 0004-Add-support-for-SCTP-protocol.patch
|
||||||
|
|
||||||
Obsoletes: setools < 4.0.0, setools-devel < 4.0.0
|
Obsoletes: setools < 4.0.0, setools-devel < 4.0.0
|
||||||
BuildRequires: flex, bison
|
BuildRequires: flex, bison
|
||||||
@ -186,6 +187,9 @@ popd
|
|||||||
%{_mandir}/man1/apol*
|
%{_mandir}/man1/apol*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Apr 26 2018 Vit Mojzis <vmojzis@redhat.com> - 4.1.1-8
|
||||||
|
- Add support for SCTP protocol (#1568333)
|
||||||
|
|
||||||
* Thu Apr 19 2018 Iryna Shcherbina <shcherbina.iryna@gmail.com> - 4.1.1-7
|
* Thu Apr 19 2018 Iryna Shcherbina <shcherbina.iryna@gmail.com> - 4.1.1-7
|
||||||
- Update Python 2 dependency declarations to new packaging standards
|
- Update Python 2 dependency declarations to new packaging standards
|
||||||
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
|
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
|
||||||
|
Loading…
Reference in New Issue
Block a user