From 05a9fdfe6eeddc8faf81cdfa20dddca589e400f7 Mon Sep 17 00:00:00 2001 From: cgzones Date: Fri, 6 Jan 2017 15:06:37 +0100 Subject: [PATCH] update corenetwork module * remove deprecated interfaces * label tcp port 2812 for monit --- policy/modules/kernel/corenetwork.fc | 17 ++++++++--------- policy/modules/kernel/corenetwork.te.in | 1 + 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/policy/modules/kernel/corenetwork.fc b/policy/modules/kernel/corenetwork.fc index 9af1f7a61..a71787635 100644 --- a/policy/modules/kernel/corenetwork.fc +++ b/policy/modules/kernel/corenetwork.fc @@ -1,13 +1,12 @@ +/dev/ippp.* -c gen_context(system_u:object_r:ppp_device_t,s0) +/dev/ppp -c gen_context(system_u:object_r:ppp_device_t,s0) +/dev/pppox.* -c gen_context(system_u:object_r:ppp_device_t,s0) +/dev/tap.* -c gen_context(system_u:object_r:tun_tap_device_t,s0) -/dev/ippp.* -c gen_context(system_u:object_r:ppp_device_t,s0) -/dev/ppp -c gen_context(system_u:object_r:ppp_device_t,s0) -/dev/pppox.* -c gen_context(system_u:object_r:ppp_device_t,s0) -/dev/tap.* -c gen_context(system_u:object_r:tun_tap_device_t,s0) +/dev/net/.* -c gen_context(system_u:object_r:tun_tap_device_t,s0) -/dev/net/.* -c gen_context(system_u:object_r:tun_tap_device_t,s0) +/lib/udev/devices/ppp -c gen_context(system_u:object_r:ppp_device_t,s0) +/lib/udev/devices/net/.* -c gen_context(system_u:object_r:tun_tap_device_t,s0) -/lib/udev/devices/ppp -c gen_context(system_u:object_r:ppp_device_t,s0) -/lib/udev/devices/net/.* -c gen_context(system_u:object_r:tun_tap_device_t,s0) - -/usr/lib/udev/devices/ppp -c gen_context(system_u:object_r:ppp_device_t,s0) +/usr/lib/udev/devices/ppp -c gen_context(system_u:object_r:ppp_device_t,s0) /usr/lib/udev/devices/net/.* -c gen_context(system_u:object_r:tun_tap_device_t,s0) diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in index ee86d939d..07ffbbf11 100644 --- a/policy/modules/kernel/corenetwork.te.in +++ b/policy/modules/kernel/corenetwork.te.in @@ -176,6 +176,7 @@ network_port(matahari, tcp,49000,s0, udp,49000,s0) network_port(memcache, tcp,11211,s0, udp,11211,s0) network_port(milter) # no defined portcon network_port(mmcc, tcp,5050,s0, udp,5050,s0) +network_port(monit, tcp,2812,s0) network_port(monopd, tcp,1234,s0) network_port(mountd, tcp,20048,s0, udp,20048,s0) network_port(movaz_ssc, tcp,5252,s0, udp,5252,s0)