Rpcbind patch from Dan Walsh.
This commit is contained in:
parent
733f494802
commit
ff785b93df
|
@ -18,6 +18,26 @@ interface(`rpcbind_domtrans',`
|
||||||
domtrans_pattern($1, rpcbind_exec_t, rpcbind_t)
|
domtrans_pattern($1, rpcbind_exec_t, rpcbind_t)
|
||||||
')
|
')
|
||||||
|
|
||||||
|
########################################
|
||||||
|
## <summary>
|
||||||
|
## Connect to rpcbindd over an unix stream socket.
|
||||||
|
## </summary>
|
||||||
|
## <param name="domain">
|
||||||
|
## <summary>
|
||||||
|
## Domain allowed access.
|
||||||
|
## </summary>
|
||||||
|
## </param>
|
||||||
|
#
|
||||||
|
interface(`rpcbind_stream_connect',`
|
||||||
|
gen_require(`
|
||||||
|
type rpcbind_t, rpcbind_var_run_t;
|
||||||
|
')
|
||||||
|
|
||||||
|
files_search_pids($1)
|
||||||
|
allow $1 rpcbind_var_run_t:sock_file write;
|
||||||
|
allow $1 rpcbind_t:unix_stream_socket connectto;
|
||||||
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## Read rpcbind PID files.
|
## Read rpcbind PID files.
|
||||||
|
@ -97,7 +117,7 @@ interface(`rpcbind_manage_lib_files',`
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <summary>
|
## <summary>
|
||||||
## All of the rules required to administrate
|
## All of the rules required to administrate
|
||||||
## an rpcbind environment
|
## an rpcbind environment
|
||||||
## </summary>
|
## </summary>
|
||||||
## <param name="domain">
|
## <param name="domain">
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
policy_module(rpcbind, 1.4.0)
|
policy_module(rpcbind, 1.4.1)
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
@ -42,6 +42,7 @@ files_var_lib_filetrans(rpcbind_t, rpcbind_var_lib_t, { file dir sock_file })
|
||||||
|
|
||||||
kernel_read_system_state(rpcbind_t)
|
kernel_read_system_state(rpcbind_t)
|
||||||
kernel_read_network_state(rpcbind_t)
|
kernel_read_network_state(rpcbind_t)
|
||||||
|
kernel_request_load_module(rpcbind_t)
|
||||||
|
|
||||||
corenet_all_recvfrom_unlabeled(rpcbind_t)
|
corenet_all_recvfrom_unlabeled(rpcbind_t)
|
||||||
corenet_all_recvfrom_netlabel(rpcbind_t)
|
corenet_all_recvfrom_netlabel(rpcbind_t)
|
||||||
|
|
Loading…
Reference in New Issue