privoxy patch from Dan Walsh

"split out squid port from http_cache.  Need to allow all places that
connect to httpc_cache to connect to squid_port"

Edits:
 - Removed tunable tabbing
This commit is contained in:
Jeremy Solt 2010-11-18 15:57:02 -05:00 committed by Chris PeBenito
parent aa28f9239a
commit 4eef036424
2 changed files with 5 additions and 4 deletions

View File

@ -2,7 +2,7 @@
########################################
## <summary>
## All of the rules required to administrate
## All of the rules required to administrate
## an privoxy environment
## </summary>
## <param name="domain">
@ -19,12 +19,11 @@
#
interface(`privoxy_admin',`
gen_require(`
type privoxy_t, privoxy_log_t;
type privoxy_t, privoxy_log_t, privoxy_initrc_exec_t;
type privoxy_etc_rw_t, privoxy_var_run_t;
type privoxy_initrc_exec_t;
')
allow $1 privoxy_t:process { ptrace signal_perms getattr };
allow $1 privoxy_t:process { ptrace signal_perms };
ps_process_pattern($1, privoxy_t)
init_labeled_script_domtrans($1, privoxy_initrc_exec_t)

View File

@ -58,10 +58,12 @@ corenet_tcp_bind_generic_node(privoxy_t)
corenet_tcp_bind_http_cache_port(privoxy_t)
corenet_tcp_connect_http_port(privoxy_t)
corenet_tcp_connect_http_cache_port(privoxy_t)
corenet_tcp_connect_squid_port(privoxy_t)
corenet_tcp_connect_ftp_port(privoxy_t)
corenet_tcp_connect_pgpkeyserver_port(privoxy_t)
corenet_tcp_connect_tor_port(privoxy_t)
corenet_sendrecv_http_cache_client_packets(privoxy_t)
corenet_sendrecv_squid_client_packets(privoxy_t)
corenet_sendrecv_http_cache_server_packets(privoxy_t)
corenet_sendrecv_http_client_packets(privoxy_t)
corenet_sendrecv_ftp_client_packets(privoxy_t)