add sysnetwork
This commit is contained in:
Chris PeBenito
parent
b303042477
commit
91a7ab6cb3
|
|
@ -186,6 +186,9 @@ allow initrc_t initrc_state_t:dir { create read getattr lock setattr ioctl unlin
|
||||||
allow initrc_t initrc_state_t:file { create ioctl read getattr lock write setattr append link unlink rename };
|
allow initrc_t initrc_state_t:file { create ioctl read getattr lock write setattr append link unlink rename };
|
||||||
allow initrc_t initrc_state_t:lnk_file { create read getattr setattr unlink rename };
|
allow initrc_t initrc_state_t:lnk_file { create read getattr setattr unlink rename };
|
||||||
|
|
||||||
|
allow initrc_t self:tcp_socket { connect listen accept create ioctl read getattr write setattr append bind getopt setopt shutdown };
|
||||||
|
allow initrc_t self:udp_socket { connect create ioctl read getattr write setattr append bind getopt setopt shutdown };
|
||||||
|
|
||||||
kernel_read_system_state(initrc_t)
|
kernel_read_system_state(initrc_t)
|
||||||
kernel_read_software_raid_state(initrc_t)
|
kernel_read_software_raid_state(initrc_t)
|
||||||
kernel_read_network_state(initrc_t)
|
kernel_read_network_state(initrc_t)
|
||||||
|
|
@ -207,9 +210,6 @@ filesystem_unmount_all_filesystems(initrc_t)
|
||||||
filesystem_remount_all_filesystems(initrc_t)
|
filesystem_remount_all_filesystems(initrc_t)
|
||||||
filesystem_get_all_filesystems_attributes(initrc_t)
|
filesystem_get_all_filesystems_attributes(initrc_t)
|
||||||
|
|
||||||
# can_network(initrc_t):
|
|
||||||
allow initrc_t self:tcp_socket { connect listen accept create ioctl read getattr write setattr append bind getopt setopt shutdown };
|
|
||||||
allow initrc_t self:udp_socket { connect create ioctl read getattr write setattr append bind getopt setopt shutdown };
|
|
||||||
corenetwork_network_tcp_on_all_interfaces(initrc_t)
|
corenetwork_network_tcp_on_all_interfaces(initrc_t)
|
||||||
corenetwork_network_raw_on_all_interfaces(initrc_t)
|
corenetwork_network_raw_on_all_interfaces(initrc_t)
|
||||||
corenetwork_network_udp_on_all_interfaces(initrc_t)
|
corenetwork_network_udp_on_all_interfaces(initrc_t)
|
||||||
|
|
@ -220,8 +220,6 @@ corenetwork_network_tcp_on_all_ports(initrc_t)
|
||||||
corenetwork_network_udp_on_all_ports(initrc_t)
|
corenetwork_network_udp_on_all_ports(initrc_t)
|
||||||
corenetwork_bind_tcp_on_all_nodes(initrc_t)
|
corenetwork_bind_tcp_on_all_nodes(initrc_t)
|
||||||
corenetwork_bind_udp_on_all_nodes(initrc_t)
|
corenetwork_bind_udp_on_all_nodes(initrc_t)
|
||||||
#allow initrc_t net_conf_t:file r_file_perms;
|
|
||||||
#sysnetwork_read_network_config(initrc_t)
|
|
||||||
|
|
||||||
domain_kill_all_domains(initrc_t)
|
domain_kill_all_domains(initrc_t)
|
||||||
domain_read_all_domains_process_state(initrc_t)
|
domain_read_all_domains_process_state(initrc_t)
|
||||||
|
|
@ -270,6 +268,8 @@ logging_send_system_log_message(initrc_t)
|
||||||
selinux_read_config(initrc_t)
|
selinux_read_config(initrc_t)
|
||||||
selinux_read_default_contexts(run_init_t)
|
selinux_read_default_contexts(run_init_t)
|
||||||
|
|
||||||
|
sysnetwork_read_network_config(initrc_t)
|
||||||
|
|
||||||
modutils_read_kernel_module_loading_config(initrc_t)
|
modutils_read_kernel_module_loading_config(initrc_t)
|
||||||
|
|
||||||
authlogin_modify_login_records(initrc_t)
|
authlogin_modify_login_records(initrc_t)
|
||||||
|
|
|
||||||
|
|
@ -116,6 +116,8 @@ file_type_auto_trans(syslogd_t, var_lib_t, devlog_t, sock_file)
|
||||||
libraries_use_dynamic_loader(syslogd_t)
|
libraries_use_dynamic_loader(syslogd_t)
|
||||||
libraries_read_shared_libraries(syslogd_t)
|
libraries_read_shared_libraries(syslogd_t)
|
||||||
|
|
||||||
|
sysnetwork_read_network_config(syslogd_t)
|
||||||
|
|
||||||
miscfiles_read_localization(syslogd_t)
|
miscfiles_read_localization(syslogd_t)
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue