Merge pull request #265 from topimiettinen/allow-unlabeled-packets
This commit is contained in:
Chris PeBenito
commit
fe1ed5ef74
|
|
@ -100,7 +100,6 @@ kernel_dontaudit_read_proc_symlinks(amanda_t)
|
|||
corecmd_exec_shell(amanda_t)
|
||||
corecmd_exec_bin(amanda_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(amanda_t)
|
||||
corenet_all_recvfrom_netlabel(amanda_t)
|
||||
corenet_tcp_sendrecv_generic_if(amanda_t)
|
||||
corenet_tcp_sendrecv_generic_node(amanda_t)
|
||||
|
|
@ -169,7 +168,6 @@ kernel_read_system_state(amanda_recover_t)
|
|||
corecmd_exec_shell(amanda_recover_t)
|
||||
corecmd_exec_bin(amanda_recover_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(amanda_recover_t)
|
||||
corenet_all_recvfrom_netlabel(amanda_recover_t)
|
||||
corenet_tcp_sendrecv_generic_if(amanda_recover_t)
|
||||
corenet_udp_sendrecv_generic_if(amanda_recover_t)
|
||||
|
|
|
|||
|
|
@ -87,7 +87,6 @@ kernel_read_kernel_sysctls(apt_t)
|
|||
corecmd_exec_bin(apt_t)
|
||||
corecmd_exec_shell(apt_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(apt_t)
|
||||
corenet_all_recvfrom_netlabel(apt_t)
|
||||
corenet_tcp_sendrecv_generic_if(apt_t)
|
||||
corenet_tcp_sendrecv_generic_node(apt_t)
|
||||
|
|
|
|||
|
|
@ -38,7 +38,6 @@ kernel_read_kernel_sysctls(backup_t)
|
|||
corecmd_exec_bin(backup_t)
|
||||
corecmd_exec_shell(backup_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(backup_t)
|
||||
corenet_all_recvfrom_netlabel(backup_t)
|
||||
corenet_tcp_sendrecv_generic_if(backup_t)
|
||||
corenet_tcp_sendrecv_generic_node(backup_t)
|
||||
|
|
|
|||
|
|
@ -74,7 +74,6 @@ kernel_read_system_state(bacula_t)
|
|||
corecmd_exec_bin(bacula_t)
|
||||
corecmd_exec_shell(bacula_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(bacula_t)
|
||||
corenet_all_recvfrom_netlabel(bacula_t)
|
||||
corenet_tcp_sendrecv_generic_if(bacula_t)
|
||||
corenet_udp_sendrecv_generic_if(bacula_t)
|
||||
|
|
@ -134,7 +133,6 @@ allow bacula_admin_t self:dgram_socket_class_set create_socket_perms;
|
|||
|
||||
read_files_pattern(bacula_admin_t, bacula_etc_t, bacula_etc_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(bacula_admin_t)
|
||||
corenet_all_recvfrom_netlabel(bacula_admin_t)
|
||||
corenet_tcp_sendrecv_generic_if(bacula_admin_t)
|
||||
corenet_tcp_sendrecv_generic_node(bacula_admin_t)
|
||||
|
|
|
|||
|
|
@ -36,7 +36,6 @@ files_pid_filetrans(bcfg2_t, bcfg2_runtime_t, file)
|
|||
|
||||
kernel_read_system_state(bcfg2_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(bcfg2_t)
|
||||
corenet_all_recvfrom_netlabel(bcfg2_t)
|
||||
corenet_tcp_sendrecv_generic_if(bcfg2_t)
|
||||
corenet_tcp_sendrecv_generic_node(bcfg2_t)
|
||||
|
|
|
|||
|
|
@ -93,7 +93,6 @@ kernel_read_kernel_sysctls(dpkg_t)
|
|||
|
||||
corecmd_bin_domtrans(dpkg_t, dpkg_script_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(dpkg_t)
|
||||
corenet_all_recvfrom_netlabel(dpkg_t)
|
||||
corenet_tcp_sendrecv_generic_if(dpkg_t)
|
||||
corenet_tcp_sendrecv_generic_node(dpkg_t)
|
||||
|
|
|
|||
|
|
@ -81,7 +81,6 @@ kernel_read_network_state(kismet_t)
|
|||
|
||||
corecmd_exec_bin(kismet_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(kismet_t)
|
||||
corenet_all_recvfrom_netlabel(kismet_t)
|
||||
corenet_tcp_sendrecv_generic_if(kismet_t)
|
||||
corenet_tcp_sendrecv_generic_node(kismet_t)
|
||||
|
|
|
|||
|
|
@ -112,7 +112,6 @@ mta_sendmail_domtrans(logwatch_t, logwatch_mail_t)
|
|||
mta_getattr_spool(logwatch_t)
|
||||
|
||||
tunable_policy(`logwatch_can_network_connect_mail',`
|
||||
corenet_all_recvfrom_unlabeled(logwatch_t)
|
||||
corenet_all_recvfrom_netlabel(logwatch_t)
|
||||
corenet_tcp_sendrecv_generic_if(logwatch_t)
|
||||
corenet_tcp_sendrecv_generic_node(logwatch_t)
|
||||
|
|
|
|||
|
|
@ -65,7 +65,6 @@ kernel_read_kernel_sysctls(mrtg_t)
|
|||
corecmd_exec_bin(mrtg_t)
|
||||
corecmd_exec_shell(mrtg_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(mrtg_t)
|
||||
corenet_all_recvfrom_netlabel(mrtg_t)
|
||||
corenet_tcp_sendrecv_generic_if(mrtg_t)
|
||||
corenet_tcp_sendrecv_generic_node(mrtg_t)
|
||||
|
|
|
|||
|
|
@ -52,7 +52,6 @@ files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
|
|||
kernel_read_network_state(netutils_t)
|
||||
kernel_read_all_sysctls(netutils_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(netutils_t)
|
||||
corenet_all_recvfrom_netlabel(netutils_t)
|
||||
corenet_tcp_sendrecv_generic_if(netutils_t)
|
||||
corenet_raw_sendrecv_generic_if(netutils_t)
|
||||
|
|
@ -111,7 +110,6 @@ allow ping_t self:rawip_socket { create ioctl read write bind getopt setopt geta
|
|||
allow ping_t self:packet_socket { create ioctl read write bind getopt setopt };
|
||||
allow ping_t self:netlink_route_socket create_netlink_socket_perms;
|
||||
|
||||
corenet_all_recvfrom_unlabeled(ping_t)
|
||||
corenet_all_recvfrom_netlabel(ping_t)
|
||||
corenet_sendrecv_icmp_packets(ping_t)
|
||||
corenet_tcp_sendrecv_generic_if(ping_t)
|
||||
|
|
@ -176,7 +174,6 @@ kernel_read_network_state(traceroute_t)
|
|||
|
||||
corecmd_search_bin(traceroute_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(traceroute_t)
|
||||
corenet_all_recvfrom_netlabel(traceroute_t)
|
||||
corenet_tcp_sendrecv_generic_if(traceroute_t)
|
||||
corenet_udp_sendrecv_generic_if(traceroute_t)
|
||||
|
|
|
|||
|
|
@ -53,7 +53,6 @@ kernel_read_network_state(passenger_t)
|
|||
kernel_read_net_sysctls(passenger_t)
|
||||
|
||||
corenet_all_recvfrom_netlabel(passenger_t)
|
||||
corenet_all_recvfrom_unlabeled(passenger_t)
|
||||
corenet_tcp_sendrecv_generic_if(passenger_t)
|
||||
corenet_tcp_sendrecv_generic_node(passenger_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -134,7 +134,6 @@ interface(`portage_compile_domain',`
|
|||
# really shouldnt need this but some packages test
|
||||
# network access, such as during configure
|
||||
# also distcc--need to reinvestigate confining distcc client
|
||||
corenet_all_recvfrom_unlabeled($1)
|
||||
corenet_all_recvfrom_netlabel($1)
|
||||
corenet_tcp_sendrecv_generic_if($1)
|
||||
corenet_udp_sendrecv_generic_if($1)
|
||||
|
|
|
|||
|
|
@ -272,7 +272,6 @@ kernel_read_kernel_sysctls(portage_fetch_t)
|
|||
corecmd_exec_bin(portage_fetch_t)
|
||||
corecmd_exec_shell(portage_fetch_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(portage_fetch_t)
|
||||
corenet_all_recvfrom_netlabel(portage_fetch_t)
|
||||
corenet_tcp_sendrecv_generic_if(portage_fetch_t)
|
||||
corenet_tcp_sendrecv_generic_node(portage_fetch_t)
|
||||
|
|
|
|||
|
|
@ -101,7 +101,6 @@ corecmd_exec_shell(puppet_t)
|
|||
corecmd_read_all_executables(puppet_t)
|
||||
|
||||
corenet_all_recvfrom_netlabel(puppet_t)
|
||||
corenet_all_recvfrom_unlabeled(puppet_t)
|
||||
corenet_tcp_sendrecv_generic_if(puppet_t)
|
||||
corenet_tcp_sendrecv_generic_node(puppet_t)
|
||||
|
||||
|
|
@ -292,7 +291,6 @@ corecmd_exec_bin(puppetmaster_t)
|
|||
corecmd_exec_shell(puppetmaster_t)
|
||||
|
||||
corenet_all_recvfrom_netlabel(puppetmaster_t)
|
||||
corenet_all_recvfrom_unlabeled(puppetmaster_t)
|
||||
corenet_tcp_sendrecv_generic_if(puppetmaster_t)
|
||||
corenet_tcp_sendrecv_generic_node(puppetmaster_t)
|
||||
corenet_tcp_bind_generic_node(puppetmaster_t)
|
||||
|
|
|
|||
|
|
@ -128,7 +128,6 @@ kernel_rw_irq_sysctls(rpm_t)
|
|||
|
||||
corecmd_exec_all_executables(rpm_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(rpm_t)
|
||||
corenet_all_recvfrom_netlabel(rpm_t)
|
||||
corenet_tcp_sendrecv_generic_if(rpm_t)
|
||||
corenet_tcp_sendrecv_generic_node(rpm_t)
|
||||
|
|
@ -283,7 +282,6 @@ kernel_read_network_state(rpm_script_t)
|
|||
kernel_list_all_proc(rpm_script_t)
|
||||
kernel_read_software_raid_state(rpm_script_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(rpm_script_t)
|
||||
corenet_all_recvfrom_netlabel(rpm_script_t)
|
||||
corenet_tcp_sendrecv_generic_if(rpm_script_t)
|
||||
corenet_tcp_sendrecv_generic_node(rpm_script_t)
|
||||
|
|
|
|||
|
|
@ -35,7 +35,6 @@ manage_sock_files_pattern(sblim_domain, sblim_runtime_t, sblim_runtime_t)
|
|||
kernel_read_network_state(sblim_domain)
|
||||
kernel_read_system_state(sblim_domain)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(sblim_domain)
|
||||
corenet_all_recvfrom_netlabel(sblim_domain)
|
||||
corenet_tcp_sendrecv_generic_if(sblim_domain)
|
||||
corenet_tcp_sendrecv_generic_node(sblim_domain)
|
||||
|
|
|
|||
|
|
@ -33,7 +33,6 @@ kernel_read_kernel_sysctls(smoltclient_t)
|
|||
corecmd_exec_bin(smoltclient_t)
|
||||
corecmd_exec_shell(smoltclient_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(smoltclient_t)
|
||||
corenet_all_recvfrom_netlabel(smoltclient_t)
|
||||
corenet_tcp_sendrecv_generic_if(smoltclient_t)
|
||||
corenet_tcp_sendrecv_generic_node(smoltclient_t)
|
||||
|
|
|
|||
|
|
@ -40,7 +40,6 @@ kernel_read_kernel_sysctls(sxid_t)
|
|||
corecmd_exec_bin(sxid_t)
|
||||
corecmd_exec_shell(sxid_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(sxid_t)
|
||||
corenet_all_recvfrom_netlabel(sxid_t)
|
||||
corenet_tcp_sendrecv_generic_if(sxid_t)
|
||||
corenet_udp_sendrecv_generic_if(sxid_t)
|
||||
|
|
|
|||
|
|
@ -47,7 +47,6 @@ kernel_read_all_sysctls(vpnc_t)
|
|||
kernel_request_load_module(vpnc_t)
|
||||
kernel_rw_net_sysctls(vpnc_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(vpnc_t)
|
||||
corenet_all_recvfrom_netlabel(vpnc_t)
|
||||
corenet_tcp_sendrecv_generic_if(vpnc_t)
|
||||
corenet_udp_sendrecv_generic_if(vpnc_t)
|
||||
|
|
|
|||
|
|
@ -143,7 +143,6 @@ kernel_read_net_sysctls(evolution_t)
|
|||
corecmd_exec_bin(evolution_t)
|
||||
corecmd_exec_shell(evolution_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(evolution_t)
|
||||
corenet_all_recvfrom_netlabel(evolution_t)
|
||||
corenet_tcp_sendrecv_generic_if(evolution_t)
|
||||
corenet_udp_sendrecv_generic_if(evolution_t)
|
||||
|
|
@ -434,7 +433,6 @@ kernel_read_system_state(evolution_server_t)
|
|||
|
||||
corecmd_exec_shell(evolution_server_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(evolution_server_t)
|
||||
corenet_all_recvfrom_netlabel(evolution_server_t)
|
||||
corenet_tcp_sendrecv_generic_if(evolution_server_t)
|
||||
corenet_tcp_sendrecv_generic_node(evolution_server_t)
|
||||
|
|
@ -493,7 +491,6 @@ allow evolution_webcal_t evolution_webcal_tmpfs_t:sock_file manage_sock_file_per
|
|||
allow evolution_webcal_t evolution_webcal_tmpfs_t:fifo_file manage_fifo_file_perms;
|
||||
fs_tmpfs_filetrans(evolution_webcal_t, evolution_webcal_tmpfs_t, { dir file lnk_file sock_file fifo_file })
|
||||
|
||||
corenet_all_recvfrom_unlabeled(evolution_webcal_t)
|
||||
corenet_all_recvfrom_netlabel(evolution_webcal_t)
|
||||
corenet_tcp_sendrecv_generic_if(evolution_webcal_t)
|
||||
corenet_tcp_sendrecv_generic_node(evolution_webcal_t)
|
||||
|
|
|
|||
|
|
@ -119,7 +119,6 @@ kernel_read_system_state(games_t)
|
|||
|
||||
corecmd_exec_bin(games_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(games_t)
|
||||
corenet_all_recvfrom_netlabel(games_t)
|
||||
corenet_tcp_sendrecv_generic_if(games_t)
|
||||
corenet_tcp_sendrecv_generic_node(games_t)
|
||||
|
|
|
|||
|
|
@ -48,7 +48,6 @@ domtrans_pattern(gift_t, giftd_exec_t, giftd_t)
|
|||
|
||||
kernel_read_system_state(gift_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(gift_t)
|
||||
corenet_all_recvfrom_netlabel(gift_t)
|
||||
corenet_tcp_sendrecv_generic_if(gift_t)
|
||||
corenet_tcp_sendrecv_generic_node(gift_t)
|
||||
|
|
@ -95,7 +94,6 @@ userdom_user_home_dir_filetrans(giftd_t, gift_home_t, dir)
|
|||
kernel_read_system_state(giftd_t)
|
||||
kernel_read_kernel_sysctls(giftd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(giftd_t)
|
||||
corenet_all_recvfrom_netlabel(giftd_t)
|
||||
corenet_tcp_sendrecv_generic_if(giftd_t)
|
||||
corenet_udp_sendrecv_generic_if(giftd_t)
|
||||
|
|
|
|||
|
|
@ -37,7 +37,6 @@ manage_dirs_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
|
|||
|
||||
kernel_read_system_state(gitosis_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(gitosis_t)
|
||||
corenet_all_recvfrom_netlabel(gitosis_t)
|
||||
corenet_tcp_sendrecv_generic_if(gitosis_t)
|
||||
corenet_tcp_sendrecv_generic_node(gitosis_t)
|
||||
|
|
|
|||
|
|
@ -111,7 +111,6 @@ kernel_read_system_state(gpg_t)
|
|||
corecmd_exec_shell(gpg_t)
|
||||
corecmd_exec_bin(gpg_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(gpg_t)
|
||||
corenet_all_recvfrom_netlabel(gpg_t)
|
||||
corenet_tcp_sendrecv_generic_if(gpg_t)
|
||||
corenet_tcp_sendrecv_generic_node(gpg_t)
|
||||
|
|
@ -196,7 +195,6 @@ allow gpg_helper_t self:unix_stream_socket create_stream_socket_perms;
|
|||
|
||||
dontaudit gpg_helper_t gpg_secret_t:file read_file_perms;
|
||||
|
||||
corenet_all_recvfrom_unlabeled(gpg_helper_t)
|
||||
corenet_all_recvfrom_netlabel(gpg_helper_t)
|
||||
corenet_tcp_sendrecv_generic_if(gpg_helper_t)
|
||||
corenet_tcp_sendrecv_generic_node(gpg_helper_t)
|
||||
|
|
@ -339,7 +337,6 @@ corecmd_exec_shell(gpg_pinentry_t)
|
|||
corecmd_exec_bin(gpg_pinentry_t)
|
||||
|
||||
corenet_all_recvfrom_netlabel(gpg_pinentry_t)
|
||||
corenet_all_recvfrom_unlabeled(gpg_pinentry_t)
|
||||
corenet_tcp_sendrecv_generic_if(gpg_pinentry_t)
|
||||
corenet_tcp_sendrecv_generic_node(gpg_pinentry_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -72,7 +72,6 @@ files_tmp_filetrans(irc_t, irc_tmp_t, { file dir lnk_file sock_file fifo_file })
|
|||
kernel_read_crypto_sysctls(irc_t)
|
||||
kernel_read_system_state(irc_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(irc_t)
|
||||
corenet_all_recvfrom_netlabel(irc_t)
|
||||
corenet_tcp_sendrecv_generic_if(irc_t)
|
||||
corenet_tcp_sendrecv_generic_node(irc_t)
|
||||
|
|
|
|||
|
|
@ -73,7 +73,6 @@ kernel_read_system_state(java_domain)
|
|||
|
||||
corecmd_search_bin(java_domain)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(java_domain)
|
||||
corenet_all_recvfrom_netlabel(java_domain)
|
||||
corenet_tcp_sendrecv_generic_if(java_domain)
|
||||
corenet_tcp_sendrecv_generic_node(java_domain)
|
||||
|
|
|
|||
|
|
@ -129,7 +129,6 @@ corecmd_list_bin(mozilla_t)
|
|||
corecmd_exec_shell(mozilla_t)
|
||||
corecmd_exec_bin(mozilla_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(mozilla_t)
|
||||
corenet_all_recvfrom_netlabel(mozilla_t)
|
||||
corenet_tcp_sendrecv_generic_if(mozilla_t)
|
||||
corenet_tcp_sendrecv_generic_node(mozilla_t)
|
||||
|
|
@ -401,7 +400,6 @@ corecmd_exec_bin(mozilla_plugin_t)
|
|||
corecmd_exec_shell(mozilla_plugin_t)
|
||||
|
||||
corenet_all_recvfrom_netlabel(mozilla_plugin_t)
|
||||
corenet_all_recvfrom_unlabeled(mozilla_plugin_t)
|
||||
corenet_tcp_sendrecv_generic_if(mozilla_plugin_t)
|
||||
corenet_tcp_sendrecv_generic_node(mozilla_plugin_t)
|
||||
|
||||
|
|
|
|||
|
|
@ -153,7 +153,6 @@ kernel_read_kernel_sysctls(mplayer_t)
|
|||
corecmd_exec_bin(mplayer_t)
|
||||
corecmd_exec_shell(mplayer_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(mplayer_t)
|
||||
corenet_all_recvfrom_netlabel(mplayer_t)
|
||||
corenet_tcp_sendrecv_generic_if(mplayer_t)
|
||||
corenet_tcp_sendrecv_generic_node(mplayer_t)
|
||||
|
|
|
|||
|
|
@ -54,7 +54,6 @@ kernel_request_load_module(podsleuth_t)
|
|||
|
||||
corecmd_exec_bin(podsleuth_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(podsleuth_t)
|
||||
corenet_all_recvfrom_netlabel(podsleuth_t)
|
||||
corenet_tcp_sendrecv_generic_if(podsleuth_t)
|
||||
corenet_tcp_sendrecv_generic_node(podsleuth_t)
|
||||
|
|
|
|||
|
|
@ -107,7 +107,6 @@ kernel_read_kernel_sysctls(pulseaudio_t)
|
|||
|
||||
corecmd_exec_bin(pulseaudio_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(pulseaudio_t)
|
||||
corenet_all_recvfrom_netlabel(pulseaudio_t)
|
||||
corenet_tcp_sendrecv_generic_if(pulseaudio_t)
|
||||
corenet_udp_sendrecv_generic_if(pulseaudio_t)
|
||||
|
|
@ -268,7 +267,6 @@ xdg_config_filetrans(pulseaudio_client, pulseaudio_xdg_config_t, dir, "pulse")
|
|||
|
||||
fs_getattr_tmpfs(pulseaudio_client)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(pulseaudio_client)
|
||||
corenet_all_recvfrom_netlabel(pulseaudio_client)
|
||||
corenet_tcp_sendrecv_generic_if(pulseaudio_client)
|
||||
corenet_tcp_sendrecv_generic_node(pulseaudio_client)
|
||||
|
|
|
|||
|
|
@ -41,7 +41,6 @@ template(`qemu_domain_template',`
|
|||
|
||||
kernel_read_system_state($1_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled($1_t)
|
||||
corenet_all_recvfrom_netlabel($1_t)
|
||||
corenet_tcp_sendrecv_generic_if($1_t)
|
||||
corenet_tcp_sendrecv_generic_node($1_t)
|
||||
|
|
|
|||
|
|
@ -60,7 +60,6 @@ corecmd_read_bin_files(screen_domain)
|
|||
corecmd_read_bin_pipes(screen_domain)
|
||||
corecmd_read_bin_sockets(screen_domain)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(screen_domain)
|
||||
corenet_all_recvfrom_netlabel(screen_domain)
|
||||
corenet_tcp_sendrecv_generic_if(screen_domain)
|
||||
corenet_tcp_sendrecv_generic_node(screen_domain)
|
||||
|
|
|
|||
|
|
@ -83,7 +83,6 @@ manage_dirs_pattern(telepathy_gabble_t, telepathy_gabble_tmp_t, telepathy_gabble
|
|||
manage_sock_files_pattern(telepathy_gabble_t, telepathy_gabble_tmp_t, telepathy_gabble_tmp_t)
|
||||
files_tmp_filetrans(telepathy_gabble_t, telepathy_gabble_tmp_t, { dir sock_file })
|
||||
|
||||
corenet_all_recvfrom_unlabeled(telepathy_gabble_t)
|
||||
corenet_all_recvfrom_netlabel(telepathy_gabble_t)
|
||||
corenet_tcp_sendrecv_generic_if(telepathy_gabble_t)
|
||||
corenet_tcp_sendrecv_generic_node(telepathy_gabble_t)
|
||||
|
|
@ -139,7 +138,6 @@ optional_policy(`
|
|||
#
|
||||
|
||||
corenet_all_recvfrom_netlabel(telepathy_idle_t)
|
||||
corenet_all_recvfrom_unlabeled(telepathy_idle_t)
|
||||
corenet_tcp_sendrecv_generic_if(telepathy_idle_t)
|
||||
corenet_tcp_sendrecv_generic_node(telepathy_idle_t)
|
||||
|
||||
|
|
@ -268,7 +266,6 @@ userdom_user_tmp_filetrans(telepathy_msn_t, telepathy_msn_tmp_t, { dir file sock
|
|||
can_exec(telepathy_msn_t, telepathy_msn_tmp_t)
|
||||
|
||||
corenet_all_recvfrom_netlabel(telepathy_msn_t)
|
||||
corenet_all_recvfrom_unlabeled(telepathy_msn_t)
|
||||
corenet_tcp_sendrecv_generic_if(telepathy_msn_t)
|
||||
corenet_tcp_sendrecv_generic_node(telepathy_msn_t)
|
||||
|
||||
|
|
@ -333,7 +330,6 @@ manage_sock_files_pattern(telepathy_salut_t, telepathy_salut_tmp_t, telepathy_sa
|
|||
files_tmp_filetrans(telepathy_salut_t, telepathy_salut_tmp_t, sock_file)
|
||||
|
||||
corenet_all_recvfrom_netlabel(telepathy_salut_t)
|
||||
corenet_all_recvfrom_unlabeled(telepathy_salut_t)
|
||||
corenet_tcp_sendrecv_generic_if(telepathy_salut_t)
|
||||
corenet_tcp_sendrecv_generic_node(telepathy_salut_t)
|
||||
corenet_tcp_bind_generic_node(telepathy_salut_t)
|
||||
|
|
@ -370,7 +366,6 @@ allow telepathy_sofiasip_t self:rawip_socket create_stream_socket_perms;
|
|||
allow telepathy_sofiasip_t self:tcp_socket { accept listen };
|
||||
|
||||
corenet_all_recvfrom_netlabel(telepathy_sofiasip_t)
|
||||
corenet_all_recvfrom_unlabeled(telepathy_sofiasip_t)
|
||||
corenet_tcp_sendrecv_generic_if(telepathy_sofiasip_t)
|
||||
corenet_raw_sendrecv_generic_if(telepathy_sofiasip_t)
|
||||
corenet_raw_sendrecv_generic_node(telepathy_sofiasip_t)
|
||||
|
|
|
|||
|
|
@ -58,7 +58,6 @@ kernel_read_system_state(thunderbird_t)
|
|||
|
||||
corecmd_exec_shell(thunderbird_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(thunderbird_t)
|
||||
corenet_all_recvfrom_netlabel(thunderbird_t)
|
||||
corenet_tcp_sendrecv_generic_if(thunderbird_t)
|
||||
corenet_tcp_sendrecv_generic_node(thunderbird_t)
|
||||
|
|
|
|||
|
|
@ -78,7 +78,6 @@ kernel_write_proc_files(uml_t)
|
|||
|
||||
corecmd_exec_bin(uml_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(uml_t)
|
||||
corenet_all_recvfrom_netlabel(uml_t)
|
||||
corenet_tcp_sendrecv_generic_if(uml_t)
|
||||
corenet_tcp_sendrecv_generic_node(uml_t)
|
||||
|
|
|
|||
|
|
@ -85,7 +85,6 @@ kernel_read_kernel_sysctls(vmware_host_t)
|
|||
kernel_read_system_state(vmware_host_t)
|
||||
kernel_read_network_state(vmware_host_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(vmware_host_t)
|
||||
corenet_all_recvfrom_netlabel(vmware_host_t)
|
||||
corenet_tcp_sendrecv_generic_if(vmware_host_t)
|
||||
corenet_udp_sendrecv_generic_if(vmware_host_t)
|
||||
|
|
|
|||
|
|
@ -60,7 +60,6 @@ kernel_read_sysctl(wireshark_t)
|
|||
|
||||
corecmd_exec_bin(wireshark_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(wireshark_t)
|
||||
corenet_all_recvfrom_netlabel(wireshark_t)
|
||||
corenet_tcp_sendrecv_generic_if(wireshark_t)
|
||||
corenet_udp_sendrecv_generic_if(wireshark_t)
|
||||
|
|
|
|||
|
|
@ -48,7 +48,6 @@ kernel_read_system_state(yam_t)
|
|||
corecmd_exec_bin(yam_t)
|
||||
corecmd_exec_shell(yam_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(yam_t)
|
||||
corenet_all_recvfrom_netlabel(yam_t)
|
||||
corenet_tcp_sendrecv_generic_if(yam_t)
|
||||
corenet_tcp_sendrecv_generic_node(yam_t)
|
||||
|
|
|
|||
|
|
@ -113,7 +113,6 @@ optional_policy(`
|
|||
networkmanager_dbus_chat(xguest_t)
|
||||
networkmanager_read_lib_files(xguest_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(xguest_t)
|
||||
corenet_all_recvfrom_netlabel(xguest_t)
|
||||
corenet_tcp_sendrecv_generic_if(xguest_t)
|
||||
corenet_raw_sendrecv_generic_if(xguest_t)
|
||||
|
|
|
|||
|
|
@ -150,7 +150,6 @@ corecmd_exec_shell(abrt_t)
|
|||
corecmd_read_all_executables(abrt_t)
|
||||
|
||||
corenet_all_recvfrom_netlabel(abrt_t)
|
||||
corenet_all_recvfrom_unlabeled(abrt_t)
|
||||
corenet_tcp_sendrecv_generic_if(abrt_t)
|
||||
corenet_tcp_sendrecv_generic_node(abrt_t)
|
||||
corenet_tcp_bind_generic_node(abrt_t)
|
||||
|
|
|
|||
|
|
@ -125,7 +125,6 @@ domtrans_pattern(afs_bosserver_t, afs_vlserver_exec_t, afs_vlserver_t)
|
|||
|
||||
kernel_read_kernel_sysctls(afs_bosserver_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(afs_bosserver_t)
|
||||
corenet_all_recvfrom_netlabel(afs_bosserver_t)
|
||||
corenet_udp_sendrecv_generic_if(afs_bosserver_t)
|
||||
corenet_udp_sendrecv_generic_node(afs_bosserver_t)
|
||||
|
|
@ -170,7 +169,6 @@ manage_files_pattern(afs_fsserver_t, afs_logfile_t, afs_logfile_t)
|
|||
kernel_read_system_state(afs_fsserver_t)
|
||||
kernel_read_kernel_sysctls(afs_fsserver_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(afs_fsserver_t)
|
||||
corenet_all_recvfrom_netlabel(afs_fsserver_t)
|
||||
corenet_tcp_sendrecv_generic_if(afs_fsserver_t)
|
||||
corenet_udp_sendrecv_generic_if(afs_fsserver_t)
|
||||
|
|
@ -221,7 +219,6 @@ manage_files_pattern(afs_kaserver_t, afs_logfile_t, afs_logfile_t)
|
|||
|
||||
kernel_read_kernel_sysctls(afs_kaserver_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(afs_kaserver_t)
|
||||
corenet_all_recvfrom_netlabel(afs_kaserver_t)
|
||||
corenet_udp_sendrecv_generic_if(afs_kaserver_t)
|
||||
corenet_udp_sendrecv_generic_node(afs_kaserver_t)
|
||||
|
|
@ -257,7 +254,6 @@ manage_files_pattern(afs_ptserver_t, afs_logfile_t, afs_logfile_t)
|
|||
manage_files_pattern(afs_ptserver_t, afs_dbdir_t, afs_pt_db_t)
|
||||
filetrans_pattern(afs_ptserver_t, afs_dbdir_t, afs_pt_db_t, file)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(afs_ptserver_t)
|
||||
corenet_all_recvfrom_netlabel(afs_ptserver_t)
|
||||
corenet_tcp_sendrecv_generic_if(afs_ptserver_t)
|
||||
corenet_udp_sendrecv_generic_if(afs_ptserver_t)
|
||||
|
|
@ -288,7 +284,6 @@ manage_files_pattern(afs_vlserver_t, afs_logfile_t, afs_logfile_t)
|
|||
manage_files_pattern(afs_vlserver_t, afs_dbdir_t, afs_vl_db_t)
|
||||
filetrans_pattern(afs_vlserver_t, afs_dbdir_t, afs_vl_db_t, file)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(afs_vlserver_t)
|
||||
corenet_all_recvfrom_netlabel(afs_vlserver_t)
|
||||
corenet_tcp_sendrecv_generic_if(afs_vlserver_t)
|
||||
corenet_udp_sendrecv_generic_if(afs_vlserver_t)
|
||||
|
|
|
|||
|
|
@ -44,7 +44,6 @@ kernel_read_system_state(aiccu_t)
|
|||
corecmd_exec_shell(aiccu_t)
|
||||
|
||||
corenet_all_recvfrom_netlabel(aiccu_t)
|
||||
corenet_all_recvfrom_unlabeled(aiccu_t)
|
||||
corenet_tcp_bind_generic_node(aiccu_t)
|
||||
corenet_tcp_sendrecv_generic_if(aiccu_t)
|
||||
corenet_tcp_sendrecv_generic_node(aiccu_t)
|
||||
|
|
|
|||
|
|
@ -64,7 +64,6 @@ kernel_read_system_state(aisexec_t)
|
|||
|
||||
corecmd_exec_bin(aisexec_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(aisexec_t)
|
||||
corenet_all_recvfrom_netlabel(aisexec_t)
|
||||
corenet_tcp_sendrecv_generic_if(aisexec_t)
|
||||
corenet_udp_sendrecv_generic_if(aisexec_t)
|
||||
|
|
|
|||
|
|
@ -95,7 +95,6 @@ kernel_dontaudit_read_proc_symlinks(amavis_t)
|
|||
corecmd_exec_bin(amavis_t)
|
||||
corecmd_exec_shell(amavis_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(amavis_t)
|
||||
corenet_all_recvfrom_netlabel(amavis_t)
|
||||
corenet_tcp_sendrecv_generic_if(amavis_t)
|
||||
corenet_udp_sendrecv_generic_if(amavis_t)
|
||||
|
|
|
|||
|
|
@ -466,7 +466,6 @@ kernel_read_network_state(httpd_t)
|
|||
kernel_read_system_state(httpd_t)
|
||||
kernel_search_network_sysctl(httpd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(httpd_t)
|
||||
corenet_all_recvfrom_netlabel(httpd_t)
|
||||
corenet_tcp_sendrecv_generic_if(httpd_t)
|
||||
corenet_tcp_sendrecv_generic_node(httpd_t)
|
||||
|
|
@ -955,7 +954,6 @@ kernel_read_kernel_sysctls(httpd_suexec_t)
|
|||
kernel_list_proc(httpd_suexec_t)
|
||||
kernel_read_proc_symlinks(httpd_suexec_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(httpd_suexec_t)
|
||||
corenet_all_recvfrom_netlabel(httpd_suexec_t)
|
||||
corenet_tcp_sendrecv_generic_if(httpd_suexec_t)
|
||||
corenet_tcp_sendrecv_generic_node(httpd_suexec_t)
|
||||
|
|
@ -1131,7 +1129,6 @@ read_lnk_files_pattern(httpd_script_domains, httpd_log_t, httpd_log_t)
|
|||
kernel_dontaudit_search_sysctl(httpd_script_domains)
|
||||
kernel_dontaudit_search_kernel_sysctl(httpd_script_domains)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(httpd_script_domains)
|
||||
corenet_all_recvfrom_netlabel(httpd_script_domains)
|
||||
corenet_tcp_sendrecv_generic_if(httpd_script_domains)
|
||||
corenet_tcp_sendrecv_generic_node(httpd_script_domains)
|
||||
|
|
|
|||
|
|
@ -57,7 +57,6 @@ kernel_read_system_state(apcupsd_t)
|
|||
corecmd_exec_bin(apcupsd_t)
|
||||
corecmd_exec_shell(apcupsd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(apcupsd_t)
|
||||
corenet_all_recvfrom_netlabel(apcupsd_t)
|
||||
corenet_tcp_sendrecv_generic_if(apcupsd_t)
|
||||
corenet_tcp_sendrecv_generic_node(apcupsd_t)
|
||||
|
|
@ -113,7 +112,6 @@ optional_policy(`
|
|||
allow httpd_apcupsd_cgi_script_t self:tcp_socket create_stream_socket_perms;
|
||||
allow httpd_apcupsd_cgi_script_t self:udp_socket create_socket_perms;
|
||||
|
||||
corenet_all_recvfrom_unlabeled(httpd_apcupsd_cgi_script_t)
|
||||
corenet_all_recvfrom_netlabel(httpd_apcupsd_cgi_script_t)
|
||||
corenet_tcp_sendrecv_generic_if(httpd_apcupsd_cgi_script_t)
|
||||
corenet_tcp_sendrecv_generic_node(httpd_apcupsd_cgi_script_t)
|
||||
|
|
|
|||
|
|
@ -88,7 +88,6 @@ kernel_request_load_module(asterisk_t)
|
|||
corecmd_exec_bin(asterisk_t)
|
||||
corecmd_exec_shell(asterisk_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(asterisk_t)
|
||||
corenet_all_recvfrom_netlabel(asterisk_t)
|
||||
corenet_tcp_sendrecv_generic_if(asterisk_t)
|
||||
corenet_udp_sendrecv_generic_if(asterisk_t)
|
||||
|
|
|
|||
|
|
@ -71,7 +71,6 @@ kernel_dontaudit_search_xen_state(automount_t)
|
|||
corecmd_exec_bin(automount_t)
|
||||
corecmd_exec_shell(automount_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(automount_t)
|
||||
corenet_all_recvfrom_netlabel(automount_t)
|
||||
corenet_tcp_sendrecv_generic_if(automount_t)
|
||||
corenet_udp_sendrecv_generic_if(automount_t)
|
||||
|
|
|
|||
|
|
@ -53,7 +53,6 @@ kernel_request_load_module(avahi_t)
|
|||
corecmd_exec_bin(avahi_t)
|
||||
corecmd_exec_shell(avahi_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(avahi_t)
|
||||
corenet_all_recvfrom_netlabel(avahi_t)
|
||||
corenet_tcp_sendrecv_generic_if(avahi_t)
|
||||
corenet_udp_sendrecv_generic_if(avahi_t)
|
||||
|
|
|
|||
|
|
@ -121,7 +121,6 @@ kernel_read_network_state(named_t)
|
|||
|
||||
corecmd_search_bin(named_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(named_t)
|
||||
corenet_all_recvfrom_netlabel(named_t)
|
||||
corenet_tcp_sendrecv_generic_if(named_t)
|
||||
corenet_udp_sendrecv_generic_if(named_t)
|
||||
|
|
@ -235,7 +234,6 @@ allow ndc_t named_zone_t:dir search_dir_perms;
|
|||
kernel_read_kernel_sysctls(ndc_t)
|
||||
kernel_read_system_state(ndc_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(ndc_t)
|
||||
corenet_all_recvfrom_netlabel(ndc_t)
|
||||
corenet_tcp_sendrecv_generic_if(ndc_t)
|
||||
corenet_tcp_sendrecv_generic_node(ndc_t)
|
||||
|
|
|
|||
|
|
@ -44,7 +44,6 @@ files_pid_filetrans(bird_t, bird_runtime_t, { sock_file dir })
|
|||
|
||||
kernel_read_crypto_sysctls(bird_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(bird_t)
|
||||
corenet_all_recvfrom_netlabel(bird_t)
|
||||
corenet_tcp_sendrecv_generic_if(bird_t)
|
||||
corenet_tcp_bind_generic_node(bird_t)
|
||||
|
|
|
|||
|
|
@ -63,7 +63,6 @@ kernel_read_kernel_sysctls(bitlbee_t)
|
|||
kernel_read_system_state(bitlbee_t)
|
||||
kernel_read_crypto_sysctls(bitlbee_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(bitlbee_t)
|
||||
corenet_all_recvfrom_netlabel(bitlbee_t)
|
||||
corenet_tcp_sendrecv_generic_if(bitlbee_t)
|
||||
corenet_tcp_sendrecv_generic_node(bitlbee_t)
|
||||
|
|
|
|||
|
|
@ -90,7 +90,6 @@ kernel_search_vm_sysctl(boinc_t)
|
|||
kernel_read_crypto_sysctls(boinc_t)
|
||||
kernel_read_kernel_sysctls(boinc_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(boinc_t)
|
||||
corenet_all_recvfrom_netlabel(boinc_t)
|
||||
corenet_tcp_sendrecv_generic_if(boinc_t)
|
||||
corenet_tcp_sendrecv_generic_node(boinc_t)
|
||||
|
|
@ -188,7 +187,6 @@ kernel_read_kernel_sysctls(boinc_project_t)
|
|||
kernel_read_network_state(boinc_project_t)
|
||||
kernel_search_vm_sysctl(boinc_project_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(boinc_project_t)
|
||||
corenet_all_recvfrom_netlabel(boinc_project_t)
|
||||
corenet_tcp_sendrecv_generic_if(boinc_project_t)
|
||||
corenet_tcp_sendrecv_generic_node(boinc_project_t)
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ apache_content_template(bugzilla)
|
|||
|
||||
allow httpd_bugzilla_script_t self:tcp_socket { accept listen };
|
||||
|
||||
corenet_all_recvfrom_unlabeled(httpd_bugzilla_script_t)
|
||||
corenet_all_recvfrom_netlabel(httpd_bugzilla_script_t)
|
||||
corenet_tcp_sendrecv_generic_if(httpd_bugzilla_script_t)
|
||||
corenet_tcp_sendrecv_generic_node(httpd_bugzilla_script_t)
|
||||
|
|
|
|||
|
|
@ -58,7 +58,6 @@ files_spool_filetrans(callweaver_t, callweaver_spool_t, { dir file })
|
|||
kernel_read_kernel_sysctls(callweaver_t)
|
||||
kernel_read_sysctl(callweaver_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(callweaver_t)
|
||||
corenet_all_recvfrom_netlabel(callweaver_t)
|
||||
corenet_udp_sendrecv_generic_if(callweaver_t)
|
||||
corenet_udp_sendrecv_generic_node(callweaver_t)
|
||||
|
|
|
|||
|
|
@ -52,7 +52,6 @@ files_pid_filetrans(canna_t, canna_runtime_t, { dir sock_file })
|
|||
kernel_read_kernel_sysctls(canna_t)
|
||||
kernel_read_system_state(canna_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(canna_t)
|
||||
corenet_all_recvfrom_netlabel(canna_t)
|
||||
corenet_tcp_sendrecv_generic_if(canna_t)
|
||||
corenet_tcp_sendrecv_generic_node(canna_t)
|
||||
|
|
|
|||
|
|
@ -75,7 +75,6 @@ kernel_read_kernel_sysctls(ccs_t)
|
|||
corecmd_list_bin(ccs_t)
|
||||
corecmd_exec_bin(ccs_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(ccs_t)
|
||||
corenet_all_recvfrom_netlabel(ccs_t)
|
||||
corenet_tcp_sendrecv_generic_if(ccs_t)
|
||||
corenet_udp_sendrecv_generic_if(ccs_t)
|
||||
|
|
|
|||
|
|
@ -52,7 +52,6 @@ kernel_read_system_state(certmaster_t)
|
|||
|
||||
corecmd_exec_bin(certmaster_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(certmaster_t)
|
||||
corenet_all_recvfrom_netlabel(certmaster_t)
|
||||
corenet_tcp_sendrecv_generic_if(certmaster_t)
|
||||
corenet_tcp_sendrecv_generic_node(certmaster_t)
|
||||
|
|
|
|||
|
|
@ -42,7 +42,6 @@ files_pid_filetrans(certmonger_t, certmonger_runtime_t, { dir file })
|
|||
kernel_read_kernel_sysctls(certmonger_t)
|
||||
kernel_read_system_state(certmonger_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(certmonger_t)
|
||||
corenet_all_recvfrom_netlabel(certmonger_t)
|
||||
corenet_tcp_sendrecv_generic_if(certmonger_t)
|
||||
corenet_tcp_sendrecv_generic_node(certmonger_t)
|
||||
|
|
|
|||
|
|
@ -76,7 +76,6 @@ files_pid_filetrans(chronyd_t, chronyd_runtime_t, { dir file sock_file })
|
|||
kernel_read_system_state(chronyd_t)
|
||||
kernel_read_network_state(chronyd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(chronyd_t)
|
||||
corenet_all_recvfrom_netlabel(chronyd_t)
|
||||
corenet_udp_sendrecv_generic_if(chronyd_t)
|
||||
corenet_udp_sendrecv_generic_node(chronyd_t)
|
||||
|
|
@ -123,7 +122,6 @@ manage_files_pattern(chronyc_t, chronyd_runtime_t, chronyd_runtime_t)
|
|||
manage_sock_files_pattern(chronyc_t, chronyd_runtime_t, chronyd_runtime_t)
|
||||
files_pid_filetrans(chronyc_t, chronyd_runtime_t, { dir file sock_file })
|
||||
|
||||
corenet_all_recvfrom_unlabeled(chronyc_t)
|
||||
corenet_all_recvfrom_netlabel(chronyc_t)
|
||||
corenet_udp_sendrecv_generic_if(chronyc_t)
|
||||
corenet_udp_sendrecv_generic_node(chronyc_t)
|
||||
|
|
|
|||
|
|
@ -29,7 +29,6 @@ kernel_read_system_state(ciped_t)
|
|||
corecmd_exec_shell(ciped_t)
|
||||
corecmd_exec_bin(ciped_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(ciped_t)
|
||||
corenet_all_recvfrom_netlabel(ciped_t)
|
||||
corenet_udp_sendrecv_generic_if(ciped_t)
|
||||
corenet_udp_sendrecv_generic_node(ciped_t)
|
||||
|
|
|
|||
|
|
@ -118,7 +118,6 @@ kernel_read_vm_overcommit_sysctl(clamd_t)
|
|||
|
||||
corecmd_exec_shell(clamd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(clamd_t)
|
||||
corenet_all_recvfrom_netlabel(clamd_t)
|
||||
corenet_tcp_sendrecv_generic_if(clamd_t)
|
||||
corenet_tcp_sendrecv_generic_node(clamd_t)
|
||||
|
|
@ -207,7 +206,6 @@ kernel_read_kernel_sysctls(freshclam_t)
|
|||
kernel_read_network_state(freshclam_t)
|
||||
kernel_read_system_state(freshclam_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(freshclam_t)
|
||||
corenet_all_recvfrom_netlabel(freshclam_t)
|
||||
corenet_tcp_sendrecv_generic_if(freshclam_t)
|
||||
corenet_tcp_sendrecv_generic_node(freshclam_t)
|
||||
|
|
@ -288,7 +286,6 @@ kernel_dontaudit_list_proc(clamscan_t)
|
|||
kernel_read_kernel_sysctls(clamscan_t)
|
||||
kernel_read_system_state(clamscan_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(clamscan_t)
|
||||
corenet_all_recvfrom_netlabel(clamscan_t)
|
||||
corenet_tcp_sendrecv_generic_if(clamscan_t)
|
||||
corenet_tcp_sendrecv_generic_node(clamscan_t)
|
||||
|
|
|
|||
|
|
@ -29,7 +29,6 @@ allow clockspeed_cli_t self:udp_socket create_socket_perms;
|
|||
|
||||
read_files_pattern(clockspeed_cli_t, clockspeed_var_lib_t, clockspeed_var_lib_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(clockspeed_cli_t)
|
||||
corenet_all_recvfrom_netlabel(clockspeed_cli_t)
|
||||
corenet_udp_sendrecv_generic_if(clockspeed_cli_t)
|
||||
corenet_udp_sendrecv_generic_node(clockspeed_cli_t)
|
||||
|
|
@ -56,7 +55,6 @@ allow clockspeed_srv_t self:unix_stream_socket create_socket_perms;
|
|||
manage_files_pattern(clockspeed_srv_t, clockspeed_var_lib_t, clockspeed_var_lib_t)
|
||||
manage_fifo_files_pattern(clockspeed_srv_t, clockspeed_var_lib_t, clockspeed_var_lib_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(clockspeed_srv_t)
|
||||
corenet_all_recvfrom_netlabel(clockspeed_srv_t)
|
||||
corenet_udp_sendrecv_generic_if(clockspeed_srv_t)
|
||||
corenet_udp_sendrecv_generic_node(clockspeed_srv_t)
|
||||
|
|
|
|||
|
|
@ -95,7 +95,6 @@ corecmd_exec_bin(cobblerd_t)
|
|||
corecmd_exec_shell(cobblerd_t)
|
||||
|
||||
corenet_all_recvfrom_netlabel(cobblerd_t)
|
||||
corenet_all_recvfrom_unlabeled(cobblerd_t)
|
||||
corenet_tcp_sendrecv_generic_if(cobblerd_t)
|
||||
corenet_tcp_sendrecv_generic_node(cobblerd_t)
|
||||
corenet_tcp_bind_generic_node(cobblerd_t)
|
||||
|
|
|
|||
|
|
@ -51,7 +51,6 @@ kernel_read_system_state(colord_t)
|
|||
kernel_request_load_module(colord_t)
|
||||
|
||||
corenet_all_recvfrom_netlabel(colord_t)
|
||||
corenet_all_recvfrom_unlabeled(colord_t)
|
||||
corenet_tcp_sendrecv_generic_if(colord_t)
|
||||
corenet_udp_sendrecv_generic_if(colord_t)
|
||||
corenet_tcp_sendrecv_generic_node(colord_t)
|
||||
|
|
|
|||
|
|
@ -95,7 +95,6 @@ corecmd_exec_bin(condor_domain)
|
|||
corecmd_exec_shell(condor_domain)
|
||||
|
||||
corenet_all_recvfrom_netlabel(condor_domain)
|
||||
corenet_all_recvfrom_unlabeled(condor_domain)
|
||||
corenet_tcp_sendrecv_generic_if(condor_domain)
|
||||
corenet_tcp_sendrecv_generic_node(condor_domain)
|
||||
|
||||
|
|
|
|||
|
|
@ -45,7 +45,6 @@ files_pid_filetrans(consolekit_t, consolekit_runtime_t, { dir file })
|
|||
|
||||
kernel_read_system_state(consolekit_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(consolekit_t)
|
||||
corenet_all_recvfrom_netlabel(consolekit_t)
|
||||
corenet_tcp_sendrecv_generic_if(consolekit_t)
|
||||
corenet_tcp_sendrecv_generic_node(consolekit_t)
|
||||
|
|
|
|||
|
|
@ -77,7 +77,6 @@ kernel_read_system_state(corosync_t)
|
|||
corecmd_exec_bin(corosync_t)
|
||||
corecmd_exec_shell(corosync_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(corosync_t)
|
||||
corenet_all_recvfrom_netlabel(corosync_t)
|
||||
corenet_udp_sendrecv_generic_if(corosync_t)
|
||||
corenet_udp_sendrecv_generic_node(corosync_t)
|
||||
|
|
|
|||
|
|
@ -72,7 +72,6 @@ kernel_read_system_state(couchdb_t)
|
|||
corecmd_exec_bin(couchdb_t)
|
||||
corecmd_exec_shell(couchdb_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(couchdb_t)
|
||||
corenet_all_recvfrom_netlabel(couchdb_t)
|
||||
corenet_tcp_sendrecv_generic_if(couchdb_t)
|
||||
corenet_tcp_sendrecv_generic_node(couchdb_t)
|
||||
|
|
|
|||
|
|
@ -166,7 +166,6 @@ can_exec(courier_tcpd_t, courier_exec_t)
|
|||
|
||||
domtrans_pattern(courier_tcpd_t, courier_pop_exec_t, courier_pop_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(courier_tcpd_t)
|
||||
corenet_all_recvfrom_netlabel(courier_tcpd_t)
|
||||
corenet_tcp_sendrecv_generic_if(courier_tcpd_t)
|
||||
corenet_tcp_sendrecv_generic_node(courier_tcpd_t)
|
||||
|
|
|
|||
|
|
@ -503,7 +503,6 @@ files_dontaudit_search_boot(system_cronjob_t)
|
|||
|
||||
corecmd_exec_all_executables(system_cronjob_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(system_cronjob_t)
|
||||
corenet_all_recvfrom_netlabel(system_cronjob_t)
|
||||
corenet_tcp_sendrecv_generic_if(system_cronjob_t)
|
||||
corenet_udp_sendrecv_generic_if(system_cronjob_t)
|
||||
|
|
@ -691,7 +690,6 @@ kernel_read_kernel_sysctls(cronjob_t)
|
|||
|
||||
files_dontaudit_search_boot(cronjob_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(cronjob_t)
|
||||
corenet_all_recvfrom_netlabel(cronjob_t)
|
||||
corenet_tcp_sendrecv_generic_if(cronjob_t)
|
||||
corenet_udp_sendrecv_generic_if(cronjob_t)
|
||||
|
|
|
|||
|
|
@ -67,7 +67,6 @@ kernel_read_network_state(ctdbd_t)
|
|||
kernel_read_system_state(ctdbd_t)
|
||||
kernel_rw_net_sysctls(ctdbd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(ctdbd_t)
|
||||
corenet_all_recvfrom_netlabel(ctdbd_t)
|
||||
corenet_tcp_sendrecv_generic_if(ctdbd_t)
|
||||
corenet_tcp_sendrecv_generic_node(ctdbd_t)
|
||||
|
|
|
|||
|
|
@ -174,7 +174,6 @@ kernel_read_network_state(cupsd_t)
|
|||
kernel_read_all_sysctls(cupsd_t)
|
||||
kernel_request_load_module(cupsd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(cupsd_t)
|
||||
corenet_all_recvfrom_netlabel(cupsd_t)
|
||||
corenet_tcp_sendrecv_generic_if(cupsd_t)
|
||||
corenet_udp_sendrecv_generic_if(cupsd_t)
|
||||
|
|
@ -396,7 +395,6 @@ domtrans_pattern(cupsd_config_t, hplip_exec_t, hplip_t)
|
|||
kernel_read_system_state(cupsd_config_t)
|
||||
kernel_read_all_sysctls(cupsd_config_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(cupsd_config_t)
|
||||
corenet_all_recvfrom_netlabel(cupsd_config_t)
|
||||
corenet_tcp_sendrecv_generic_if(cupsd_config_t)
|
||||
corenet_tcp_sendrecv_generic_node(cupsd_config_t)
|
||||
|
|
@ -520,7 +518,6 @@ kernel_read_kernel_sysctls(cupsd_lpd_t)
|
|||
kernel_read_system_state(cupsd_lpd_t)
|
||||
kernel_read_network_state(cupsd_lpd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(cupsd_lpd_t)
|
||||
corenet_all_recvfrom_netlabel(cupsd_lpd_t)
|
||||
corenet_tcp_sendrecv_generic_if(cupsd_lpd_t)
|
||||
corenet_tcp_sendrecv_generic_node(cupsd_lpd_t)
|
||||
|
|
@ -645,7 +642,6 @@ stream_connect_pattern(hplip_t, cupsd_runtime_t, cupsd_runtime_t, cupsd_t)
|
|||
kernel_read_system_state(hplip_t)
|
||||
kernel_read_kernel_sysctls(hplip_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(hplip_t)
|
||||
corenet_all_recvfrom_netlabel(hplip_t)
|
||||
corenet_tcp_sendrecv_generic_if(hplip_t)
|
||||
corenet_udp_sendrecv_generic_if(hplip_t)
|
||||
|
|
@ -752,7 +748,6 @@ kernel_read_kernel_sysctls(ptal_t)
|
|||
kernel_list_proc(ptal_t)
|
||||
kernel_read_proc_symlinks(ptal_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(ptal_t)
|
||||
corenet_all_recvfrom_netlabel(ptal_t)
|
||||
corenet_tcp_sendrecv_generic_if(ptal_t)
|
||||
corenet_tcp_sendrecv_generic_node(ptal_t)
|
||||
|
|
|
|||
|
|
@ -62,7 +62,6 @@ kernel_read_kernel_sysctls(cvs_t)
|
|||
kernel_read_system_state(cvs_t)
|
||||
kernel_read_network_state(cvs_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(cvs_t)
|
||||
corenet_all_recvfrom_netlabel(cvs_t)
|
||||
corenet_tcp_sendrecv_generic_if(cvs_t)
|
||||
corenet_tcp_sendrecv_generic_node(cvs_t)
|
||||
|
|
|
|||
|
|
@ -48,7 +48,6 @@ kernel_read_kernel_sysctls(cyphesis_t)
|
|||
corecmd_search_bin(cyphesis_t)
|
||||
corecmd_getattr_bin_files(cyphesis_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(cyphesis_t)
|
||||
corenet_tcp_sendrecv_generic_if(cyphesis_t)
|
||||
corenet_tcp_sendrecv_generic_node(cyphesis_t)
|
||||
corenet_tcp_bind_generic_node(cyphesis_t)
|
||||
|
|
|
|||
|
|
@ -63,7 +63,6 @@ kernel_read_kernel_sysctls(cyrus_t)
|
|||
kernel_read_system_state(cyrus_t)
|
||||
kernel_read_all_sysctls(cyrus_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(cyrus_t)
|
||||
corenet_all_recvfrom_netlabel(cyrus_t)
|
||||
corenet_tcp_sendrecv_generic_if(cyrus_t)
|
||||
corenet_tcp_sendrecv_generic_node(cyrus_t)
|
||||
|
|
|
|||
|
|
@ -39,7 +39,6 @@ kernel_read_kernel_sysctls(dante_t)
|
|||
kernel_list_proc(dante_t)
|
||||
kernel_read_proc_symlinks(dante_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(dante_t)
|
||||
corenet_all_recvfrom_netlabel(dante_t)
|
||||
corenet_tcp_sendrecv_generic_if(dante_t)
|
||||
corenet_tcp_sendrecv_generic_node(dante_t)
|
||||
|
|
|
|||
|
|
@ -36,7 +36,6 @@ kernel_read_kernel_sysctls(dbskkd_t)
|
|||
kernel_read_system_state(dbskkd_t)
|
||||
kernel_read_network_state(dbskkd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(dbskkd_t)
|
||||
corenet_all_recvfrom_netlabel(dbskkd_t)
|
||||
corenet_tcp_sendrecv_generic_if(dbskkd_t)
|
||||
corenet_udp_sendrecv_generic_if(dbskkd_t)
|
||||
|
|
|
|||
|
|
@ -260,7 +260,6 @@ corecmd_read_bin_files(session_bus_type)
|
|||
corecmd_read_bin_pipes(session_bus_type)
|
||||
corecmd_read_bin_sockets(session_bus_type)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(session_bus_type)
|
||||
corenet_all_recvfrom_netlabel(session_bus_type)
|
||||
corenet_tcp_sendrecv_generic_if(session_bus_type)
|
||||
corenet_tcp_sendrecv_generic_node(session_bus_type)
|
||||
|
|
|
|||
|
|
@ -202,7 +202,6 @@ files_pid_filetrans(dccd_t, dccd_runtime_t, { dir file })
|
|||
kernel_read_system_state(dccd_t)
|
||||
kernel_read_kernel_sysctls(dccd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(dccd_t)
|
||||
corenet_all_recvfrom_netlabel(dccd_t)
|
||||
corenet_udp_sendrecv_generic_if(dccd_t)
|
||||
corenet_udp_sendrecv_generic_node(dccd_t)
|
||||
|
|
|
|||
|
|
@ -75,7 +75,6 @@ kernel_search_network_sysctl(ddclient_t)
|
|||
corecmd_exec_shell(ddclient_t)
|
||||
corecmd_exec_bin(ddclient_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(ddclient_t)
|
||||
corenet_all_recvfrom_netlabel(ddclient_t)
|
||||
corenet_tcp_sendrecv_generic_if(ddclient_t)
|
||||
corenet_udp_sendrecv_generic_if(ddclient_t)
|
||||
|
|
|
|||
|
|
@ -48,7 +48,6 @@ kernel_read_system_state(denyhosts_t)
|
|||
corecmd_exec_bin(denyhosts_t)
|
||||
corecmd_exec_shell(denyhosts_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(denyhosts_t)
|
||||
corenet_all_recvfrom_netlabel(denyhosts_t)
|
||||
corenet_tcp_sendrecv_generic_if(denyhosts_t)
|
||||
corenet_tcp_sendrecv_generic_node(denyhosts_t)
|
||||
|
|
|
|||
|
|
@ -61,7 +61,6 @@ kernel_read_system_state(dhcpd_t)
|
|||
kernel_read_kernel_sysctls(dhcpd_t)
|
||||
kernel_read_network_state(dhcpd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(dhcpd_t)
|
||||
corenet_all_recvfrom_netlabel(dhcpd_t)
|
||||
corenet_tcp_sendrecv_generic_if(dhcpd_t)
|
||||
corenet_udp_sendrecv_generic_if(dhcpd_t)
|
||||
|
|
|
|||
|
|
@ -43,7 +43,6 @@ files_pid_filetrans(dictd_t, dictd_runtime_t, file)
|
|||
kernel_read_system_state(dictd_t)
|
||||
kernel_read_kernel_sysctls(dictd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(dictd_t)
|
||||
corenet_all_recvfrom_netlabel(dictd_t)
|
||||
corenet_tcp_sendrecv_generic_if(dictd_t)
|
||||
corenet_tcp_sendrecv_generic_node(dictd_t)
|
||||
|
|
|
|||
|
|
@ -47,7 +47,6 @@ files_pid_filetrans(distccd_t, distccd_runtime_t, file)
|
|||
kernel_read_system_state(distccd_t)
|
||||
kernel_read_kernel_sysctls(distccd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(distccd_t)
|
||||
corenet_all_recvfrom_netlabel(distccd_t)
|
||||
corenet_tcp_sendrecv_generic_if(distccd_t)
|
||||
corenet_tcp_sendrecv_generic_node(distccd_t)
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ allow djbdns_domain self:fifo_file rw_fifo_file_perms;
|
|||
allow djbdns_domain self:tcp_socket create_stream_socket_perms;
|
||||
allow djbdns_domain self:udp_socket create_socket_perms;
|
||||
|
||||
corenet_all_recvfrom_unlabeled(djbdns_domain)
|
||||
corenet_all_recvfrom_netlabel(djbdns_domain)
|
||||
corenet_tcp_sendrecv_generic_if(djbdns_domain)
|
||||
corenet_udp_sendrecv_generic_if(djbdns_domain)
|
||||
|
|
|
|||
|
|
@ -63,7 +63,6 @@ kernel_request_load_module(dnsmasq_t)
|
|||
|
||||
corecmd_exec_shell(dnsmasq_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(dnsmasq_t)
|
||||
corenet_all_recvfrom_netlabel(dnsmasq_t)
|
||||
corenet_tcp_sendrecv_generic_if(dnsmasq_t)
|
||||
corenet_udp_sendrecv_generic_if(dnsmasq_t)
|
||||
|
|
|
|||
|
|
@ -47,7 +47,6 @@ kernel_read_system_state(dnssec_triggerd_t)
|
|||
corecmd_exec_bin(dnssec_triggerd_t)
|
||||
corecmd_exec_shell(dnssec_triggerd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(dnssec_triggerd_t)
|
||||
corenet_all_recvfrom_netlabel(dnssec_triggerd_t)
|
||||
corenet_tcp_sendrecv_generic_if(dnssec_triggerd_t)
|
||||
corenet_tcp_sendrecv_generic_node(dnssec_triggerd_t)
|
||||
|
|
|
|||
|
|
@ -141,7 +141,6 @@ allow dovecot_t dovecot_auth_t:process signal;
|
|||
|
||||
domtrans_pattern(dovecot_t, dovecot_auth_exec_t, dovecot_auth_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(dovecot_t)
|
||||
corenet_all_recvfrom_netlabel(dovecot_t)
|
||||
corenet_tcp_sendrecv_generic_if(dovecot_t)
|
||||
corenet_tcp_sendrecv_generic_node(dovecot_t)
|
||||
|
|
|
|||
|
|
@ -46,7 +46,6 @@ manage_files_pattern(dspam_t, dspam_runtime_t, dspam_runtime_t)
|
|||
manage_sock_files_pattern(dspam_t, dspam_runtime_t, dspam_runtime_t)
|
||||
files_pid_filetrans(dspam_t, dspam_runtime_t, dir)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(dspam_t)
|
||||
corenet_all_recvfrom_netlabel(dspam_t)
|
||||
corenet_tcp_sendrecv_generic_if(dspam_t)
|
||||
corenet_tcp_sendrecv_generic_node(dspam_t)
|
||||
|
|
|
|||
|
|
@ -110,7 +110,6 @@ kernel_dontaudit_read_system_state(exim_t)
|
|||
|
||||
corecmd_search_bin(exim_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(exim_t)
|
||||
corenet_all_recvfrom_netlabel(exim_t)
|
||||
corenet_tcp_sendrecv_generic_if(exim_t)
|
||||
corenet_udp_sendrecv_generic_if(exim_t)
|
||||
|
|
|
|||
|
|
@ -67,7 +67,6 @@ kernel_read_system_state(fail2ban_t)
|
|||
corecmd_exec_bin(fail2ban_t)
|
||||
corecmd_exec_shell(fail2ban_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(fail2ban_t)
|
||||
corenet_all_recvfrom_netlabel(fail2ban_t)
|
||||
corenet_tcp_sendrecv_generic_if(fail2ban_t)
|
||||
corenet_tcp_sendrecv_generic_node(fail2ban_t)
|
||||
|
|
|
|||
|
|
@ -64,7 +64,6 @@ kernel_dontaudit_read_system_state(fetchmail_t)
|
|||
corecmd_exec_bin(fetchmail_t)
|
||||
corecmd_exec_shell(fetchmail_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(fetchmail_t)
|
||||
corenet_all_recvfrom_netlabel(fetchmail_t)
|
||||
corenet_tcp_sendrecv_generic_if(fetchmail_t)
|
||||
corenet_tcp_sendrecv_generic_node(fetchmail_t)
|
||||
|
|
|
|||
|
|
@ -45,7 +45,6 @@ logging_log_filetrans(fingerd_t, fingerd_log_t, file)
|
|||
kernel_read_kernel_sysctls(fingerd_t)
|
||||
kernel_read_system_state(fingerd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(fingerd_t)
|
||||
corenet_all_recvfrom_netlabel(fingerd_t)
|
||||
corenet_tcp_sendrecv_generic_if(fingerd_t)
|
||||
corenet_tcp_sendrecv_generic_node(fingerd_t)
|
||||
|
|
|
|||
|
|
@ -216,7 +216,6 @@ dev_read_urand(ftpd_t)
|
|||
|
||||
corecmd_exec_bin(ftpd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(ftpd_t)
|
||||
corenet_all_recvfrom_netlabel(ftpd_t)
|
||||
corenet_tcp_sendrecv_generic_if(ftpd_t)
|
||||
corenet_udp_sendrecv_generic_if(ftpd_t)
|
||||
|
|
|
|||
|
|
@ -57,7 +57,6 @@ kernel_read_kernel_sysctls(gatekeeper_t)
|
|||
|
||||
corecmd_list_bin(gatekeeper_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(gatekeeper_t)
|
||||
corenet_all_recvfrom_netlabel(gatekeeper_t)
|
||||
corenet_tcp_sendrecv_generic_if(gatekeeper_t)
|
||||
corenet_udp_sendrecv_generic_if(gatekeeper_t)
|
||||
|
|
|
|||
|
|
@ -106,7 +106,6 @@ userdom_user_home_content(git_user_content_t)
|
|||
userdom_search_user_home_dirs(git_session_t)
|
||||
|
||||
corenet_all_recvfrom_netlabel(git_session_t)
|
||||
corenet_all_recvfrom_unlabeled(git_session_t)
|
||||
corenet_tcp_bind_generic_node(git_session_t)
|
||||
corenet_tcp_sendrecv_generic_if(git_session_t)
|
||||
corenet_tcp_sendrecv_generic_node(git_session_t)
|
||||
|
|
@ -155,7 +154,6 @@ tunable_policy(`use_samba_home_dirs',`
|
|||
list_dirs_pattern(git_system_t, git_sys_content_t, git_sys_content_t)
|
||||
read_files_pattern(git_system_t, git_sys_content_t, git_sys_content_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(git_system_t)
|
||||
corenet_all_recvfrom_netlabel(git_system_t)
|
||||
corenet_tcp_sendrecv_generic_if(git_system_t)
|
||||
corenet_tcp_sendrecv_generic_node(git_system_t)
|
||||
|
|
|
|||
|
|
@ -58,7 +58,6 @@ manage_files_pattern(glance_domain, glance_runtime_t, glance_runtime_t)
|
|||
|
||||
kernel_read_system_state(glance_domain)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(glance_domain)
|
||||
corenet_all_recvfrom_netlabel(glance_domain)
|
||||
corenet_tcp_sendrecv_generic_if(glance_domain)
|
||||
corenet_tcp_sendrecv_generic_node(glance_domain)
|
||||
|
|
|
|||
|
|
@ -69,7 +69,6 @@ kernel_read_system_state(glusterd_t)
|
|||
corecmd_exec_bin(glusterd_t)
|
||||
corecmd_exec_shell(glusterd_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(glusterd_t)
|
||||
corenet_all_recvfrom_netlabel(glusterd_t)
|
||||
corenet_tcp_sendrecv_generic_if(glusterd_t)
|
||||
corenet_udp_sendrecv_generic_if(glusterd_t)
|
||||
|
|
|
|||
|
|
@ -27,7 +27,6 @@ kernel_read_system_state(gnomeclock_t)
|
|||
corecmd_exec_bin(gnomeclock_t)
|
||||
corecmd_exec_shell(gnomeclock_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(gnomeclock_t)
|
||||
corenet_all_recvfrom_netlabel(gnomeclock_t)
|
||||
corenet_tcp_sendrecv_generic_if(gnomeclock_t)
|
||||
corenet_tcp_sendrecv_generic_node(gnomeclock_t)
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue