RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow systemd_resolved_t to bind to port 53 and use net_raw 

resolved also binds against port 53 on lo interface
This commit is contained in:
Laurent Bigonville 2018-11-11 13:37:00 +01:00
parent 404dcf2af4
commit d5d6fe0046
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
policy/modules/system/systemd.te
View File

@ -864,7 +864,7 @@ optional_policy(`
# Resolved local policy
#
allow systemd_resolved_t self:capability { chown setgid setpcap setuid };
allow systemd_resolved_t self:capability { chown net_raw setgid setpcap setuid };
allow systemd_resolved_t self:process { getcap setcap setfscreate signal };
allow systemd_resolved_t self:tcp_socket { accept listen };
@ -881,8 +881,10 @@ kernel_read_kernel_sysctls(systemd_resolved_t)
kernel_read_net_sysctls(systemd_resolved_t)
corenet_tcp_bind_generic_node(systemd_resolved_t)
corenet_tcp_bind_dns_port(systemd_resolved_t)
corenet_tcp_bind_llmnr_port(systemd_resolved_t)
corenet_udp_bind_generic_node(systemd_resolved_t)
corenet_udp_bind_dns_port(systemd_resolved_t)
corenet_udp_bind_llmnr_port(systemd_resolved_t)
auth_use_nsswitch(systemd_resolved_t)