RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

netutils: update 

v2:
 - keep files_read_etc_files interfaces
This commit is contained in:
cgzones 2017-06-09 15:30:24 +02:00 committed by Chris PeBenito
parent c6f76058dc
commit ea74a35ba7
2 changed files with 4 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
policy/modules/admin/netutils.fc
View File

@ -3,6 +3,7 @@
/usr/bin/hping2 -- gen_context(system_u:object_r:ping_exec_t,s0) /usr/bin/hping2 -- gen_context(system_u:object_r:ping_exec_t,s0)
/usr/bin/iptstate -- gen_context(system_u:object_r:netutils_exec_t,s0) /usr/bin/iptstate -- gen_context(system_u:object_r:netutils_exec_t,s0)
/usr/bin/lft -- gen_context(system_u:object_r:traceroute_exec_t,s0) /usr/bin/lft -- gen_context(system_u:object_r:traceroute_exec_t,s0)
/usr/bin/mtr -- gen_context(system_u:object_r:traceroute_exec_t,s0)
/usr/bin/nmap -- gen_context(system_u:object_r:traceroute_exec_t,s0) /usr/bin/nmap -- gen_context(system_u:object_r:traceroute_exec_t,s0)
/usr/bin/ping.* -- gen_context(system_u:object_r:ping_exec_t,s0) /usr/bin/ping.* -- gen_context(system_u:object_r:ping_exec_t,s0)
/usr/bin/send_arp -- gen_context(system_u:object_r:ping_exec_t,s0) /usr/bin/send_arp -- gen_context(system_u:object_r:ping_exec_t,s0)

15
policy/modules/admin/netutils.te
View File

@ -49,7 +49,6 @@ manage_dirs_pattern(netutils_t, netutils_tmp_t, netutils_tmp_t)
manage_files_pattern(netutils_t, netutils_tmp_t, netutils_tmp_t) manage_files_pattern(netutils_t, netutils_tmp_t, netutils_tmp_t)
files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir }) files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
kernel_search_proc(netutils_t)
kernel_read_network_state(netutils_t) kernel_read_network_state(netutils_t)
kernel_read_all_sysctls(netutils_t) kernel_read_all_sysctls(netutils_t)
@ -86,9 +85,7 @@ logging_send_syslog_msg(netutils_t)
miscfiles_read_localization(netutils_t) miscfiles_read_localization(netutils_t)
term_dontaudit_use_console(netutils_t) userdom_use_inherited_user_terminals(netutils_t)
userdom_use_user_terminals(netutils_t)
userdom_use_all_users_fds(netutils_t)
optional_policy(` optional_policy(`
nis_use_ypbind(netutils_t) nis_use_ypbind(netutils_t)
@ -127,12 +124,9 @@ corenet_tcp_sendrecv_all_ports(ping_t)
dev_read_urand(ping_t) dev_read_urand(ping_t)
fs_dontaudit_getattr_xattr_fs(ping_t)
domain_use_interactive_fds(ping_t) domain_use_interactive_fds(ping_t)
files_read_etc_files(ping_t) files_read_etc_files(ping_t)
files_dontaudit_search_var(ping_t)
kernel_read_system_state(ping_t) kernel_read_system_state(ping_t)
@ -142,7 +136,7 @@ logging_send_syslog_msg(ping_t)
miscfiles_read_localization(ping_t) miscfiles_read_localization(ping_t)
userdom_use_user_terminals(ping_t) userdom_use_inherited_user_terminals(ping_t)
ifdef(`hide_broken_symptoms',` ifdef(`hide_broken_symptoms',`
init_dontaudit_use_fds(ping_t) init_dontaudit_use_fds(ping_t)
@ -197,12 +191,9 @@ corenet_tcp_connect_all_ports(traceroute_t)
corenet_sendrecv_all_client_packets(traceroute_t) corenet_sendrecv_all_client_packets(traceroute_t)
corenet_sendrecv_traceroute_server_packets(traceroute_t) corenet_sendrecv_traceroute_server_packets(traceroute_t)
fs_dontaudit_getattr_xattr_fs(traceroute_t)
domain_use_interactive_fds(traceroute_t) domain_use_interactive_fds(traceroute_t)
files_read_etc_files(traceroute_t) files_read_etc_files(traceroute_t)
files_dontaudit_search_var(traceroute_t)
init_use_fds(traceroute_t) init_use_fds(traceroute_t)
@ -212,7 +203,7 @@ logging_send_syslog_msg(traceroute_t)
miscfiles_read_localization(traceroute_t) miscfiles_read_localization(traceroute_t)
userdom_use_user_terminals(traceroute_t) userdom_use_inherited_user_terminals(traceroute_t)
#rules needed for nmap #rules needed for nmap
dev_read_rand(traceroute_t) dev_read_rand(traceroute_t)