netutils patch from Dan Walsh

Edits:
 - Dropping term_use_all_terms and user_ping tunables for ping and traceroute
 - Whitespace fixes
This commit is contained in:
Jeremy Solt 2010-05-24 09:54:02 -04:00 committed by Chris PeBenito
parent 4ac0cd30fa
commit 44dc1b9c21
2 changed files with 8 additions and 2 deletions

View File

@ -1,4 +1,3 @@
/bin/ping.* -- gen_context(system_u:object_r:ping_exec_t,s0) /bin/ping.* -- gen_context(system_u:object_r:ping_exec_t,s0)
/bin/tracepath.* -- gen_context(system_u:object_r:traceroute_exec_t,s0) /bin/tracepath.* -- gen_context(system_u:object_r:traceroute_exec_t,s0)
/bin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0) /bin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0)
@ -9,6 +8,7 @@
/usr/bin/nmap -- gen_context(system_u:object_r:traceroute_exec_t,s0) /usr/bin/nmap -- gen_context(system_u:object_r:traceroute_exec_t,s0)
/usr/bin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0) /usr/bin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0)
/usr/sbin/fping -- gen_context(system_u:object_r:ping_exec_t,s0)
/usr/sbin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0) /usr/sbin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0)
/usr/sbin/hping2 -- gen_context(system_u:object_r:ping_exec_t,s0) /usr/sbin/hping2 -- gen_context(system_u:object_r:ping_exec_t,s0)
/usr/sbin/tcpdump -- gen_context(system_u:object_r:netutils_exec_t,s0) /usr/sbin/tcpdump -- gen_context(system_u:object_r:netutils_exec_t,s0)

View File

@ -44,6 +44,7 @@ allow netutils_t self:netlink_route_socket { bind create getattr nlmsg_read nlms
allow netutils_t self:packet_socket create_socket_perms; allow netutils_t self:packet_socket create_socket_perms;
allow netutils_t self:udp_socket create_socket_perms; allow netutils_t self:udp_socket create_socket_perms;
allow netutils_t self:tcp_socket create_stream_socket_perms; allow netutils_t self:tcp_socket create_stream_socket_perms;
allow netutils_t self:socket create_socket_perms;
manage_dirs_pattern(netutils_t, netutils_tmp_t, netutils_tmp_t) manage_dirs_pattern(netutils_t, netutils_tmp_t, netutils_tmp_t)
manage_files_pattern(netutils_t, netutils_tmp_t, netutils_tmp_t) manage_files_pattern(netutils_t, netutils_tmp_t, netutils_tmp_t)
@ -85,6 +86,7 @@ logging_send_syslog_msg(netutils_t)
miscfiles_read_localization(netutils_t) miscfiles_read_localization(netutils_t)
term_dontaudit_use_console(netutils_t)
userdom_use_user_terminals(netutils_t) userdom_use_user_terminals(netutils_t)
userdom_use_all_users_fds(netutils_t) userdom_use_all_users_fds(netutils_t)
@ -150,6 +152,10 @@ optional_policy(`
munin_append_log(ping_t) munin_append_log(ping_t)
') ')
optional_policy(`
nagios_rw_inherited_tmp_files(ping_t)
')
optional_policy(` optional_policy(`
pcmcia_use_cardmgr_fds(ping_t) pcmcia_use_cardmgr_fds(ping_t)
') ')