RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

tor patch from Dan Walsh 

Added additional access for dns server (bind on the port shouldn't be enough)
This commit is contained in:
Jeremy Solt 2010-09-17 11:36:57 -04:00 committed by Chris PeBenito
parent 98f8408519
commit 2925b799f6
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
policy/modules/services/tor.te
View File

@ -67,9 +67,10 @@ manage_sock_files_pattern(tor_t, tor_var_log_t, tor_var_log_t)
logging_log_filetrans(tor_t, tor_var_log_t, { sock_file file dir })
# pid file
manage_dirs_pattern(tor_t, tor_var_run_t, tor_var_run_t)
manage_files_pattern(tor_t, tor_var_run_t, tor_var_run_t)
manage_sock_files_pattern(tor_t, tor_var_run_t, tor_var_run_t)
files_pid_filetrans(tor_t, tor_var_run_t, { file sock_file })
files_pid_filetrans(tor_t, tor_var_run_t, { dir file sock_file })
kernel_read_system_state(tor_t)
@ -89,6 +90,13 @@ corenet_sendrecv_all_client_packets(tor_t)
# ... especially including port 80 and other privileged ports
corenet_tcp_connect_all_reserved_ports(tor_t)
corenet_udp_bind_dns_port(tor_t)
corenet_udp_bind_generic_node(tor_t)
corenet_udp_sendrecv_generic_node(tor_t)
corenet_udp_sendrecv_generic_if(tor_t)
corenet_udp_sendrecv_dns_port(tor_t)
corenet_sendrecv_dns_server_packets(tor_t)
# tor uses crypto and needs random
dev_read_urand(tor_t)
@ -100,6 +108,8 @@ files_read_usr_files(tor_t)
auth_use_nsswitch(tor_t)
logging_send_syslog_msg(tor_t)
miscfiles_read_localization(tor_t)
tunable_policy(`tor_bind_all_unreserved_ports', `