Silence spurious udp_socket listen denials.
This commit is contained in:
parent
d3a85bbc0b
commit
ec280b3209
|
@ -1,3 +1,4 @@
|
||||||
|
- Silence spurious udp_socket listen denials.
|
||||||
- Fix unexpanded MLS/MCS fields in monolithic seusers file.
|
- Fix unexpanded MLS/MCS fields in monolithic seusers file.
|
||||||
- Type transition fix in Postgresql database objects from KaiGai Kohei.
|
- Type transition fix in Postgresql database objects from KaiGai Kohei.
|
||||||
- Support for file context path substitutions (file_contexts.subs).
|
- Support for file context path substitutions (file_contexts.subs).
|
||||||
|
|
|
@ -104,6 +104,14 @@ term_use_controlling_term(domain)
|
||||||
# list the root directory
|
# list the root directory
|
||||||
files_list_root(domain)
|
files_list_root(domain)
|
||||||
|
|
||||||
|
ifdef(`hide_broken_symptoms',`
|
||||||
|
# This check is in the general socket
|
||||||
|
# listen code, before protocol-specific
|
||||||
|
# listen function is called, so bad calls
|
||||||
|
# to listen on UDP sockets should be silenced
|
||||||
|
dontaudit domain self:udp_socket listen;
|
||||||
|
')
|
||||||
|
|
||||||
tunable_policy(`global_ssp',`
|
tunable_policy(`global_ssp',`
|
||||||
# enable reading of urandom for all domains:
|
# enable reading of urandom for all domains:
|
||||||
# this should be enabled when all programs
|
# this should be enabled when all programs
|
||||||
|
|
|
@ -67,7 +67,3 @@ logging_send_syslog_msg(rpcbind_t)
|
||||||
miscfiles_read_localization(rpcbind_t)
|
miscfiles_read_localization(rpcbind_t)
|
||||||
|
|
||||||
sysnet_dns_name_resolve(rpcbind_t)
|
sysnet_dns_name_resolve(rpcbind_t)
|
||||||
|
|
||||||
ifdef(`hide_broken_symptoms',`
|
|
||||||
dontaudit rpcbind_t self:udp_socket listen;
|
|
||||||
')
|
|
||||||
|
|
Loading…
Reference in New Issue