RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

snort patch from Dan Walsh

This commit is contained in:
Jeremy Solt 2010-09-02 15:42:51 -04:00 committed by Chris PeBenito
parent c20842caf8
commit dc7cc4d5c1
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/services/snort.te
View File

@ -61,6 +61,7 @@ kernel_list_proc(snort_t)
kernel_read_proc_symlinks(snort_t) kernel_read_proc_symlinks(snort_t)
kernel_request_load_module(snort_t) kernel_request_load_module(snort_t)
kernel_dontaudit_read_system_state(snort_t) kernel_dontaudit_read_system_state(snort_t)
kernel_read_network_state(snort_t)
corenet_all_recvfrom_unlabeled(snort_t) corenet_all_recvfrom_unlabeled(snort_t)
corenet_all_recvfrom_netlabel(snort_t) corenet_all_recvfrom_netlabel(snort_t)
@ -77,6 +78,7 @@ corenet_tcp_connect_prelude_port(snort_t)
dev_read_sysfs(snort_t) dev_read_sysfs(snort_t)
dev_read_rand(snort_t) dev_read_rand(snort_t)
dev_read_urand(snort_t) dev_read_urand(snort_t)
dev_read_usbmon_dev(snort_t)
# Red Hat bug 559861: Snort wants read, write, and ioctl on /dev/usbmon # Red Hat bug 559861: Snort wants read, write, and ioctl on /dev/usbmon
# Snort uses libpcap, which can also monitor USB traffic. Maybe this is a side effect? # Snort uses libpcap, which can also monitor USB traffic. Maybe this is a side effect?
dev_rw_generic_usb_dev(snort_t) dev_rw_generic_usb_dev(snort_t)