Rpcbind patch from Dan Walsh.

This commit is contained in:
Chris PeBenito 2009-12-18 10:45:39 -05:00
parent 733f494802
commit ff785b93df
2 changed files with 23 additions and 2 deletions

View File

@ -18,6 +18,26 @@ interface(`rpcbind_domtrans',`
domtrans_pattern($1, rpcbind_exec_t, rpcbind_t)
')
########################################
## <summary>
## Connect to rpcbindd over an unix stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`rpcbind_stream_connect',`
gen_require(`
type rpcbind_t, rpcbind_var_run_t;
')
files_search_pids($1)
allow $1 rpcbind_var_run_t:sock_file write;
allow $1 rpcbind_t:unix_stream_socket connectto;
')
########################################
## <summary>
## Read rpcbind PID files.
@ -97,7 +117,7 @@ interface(`rpcbind_manage_lib_files',`
########################################
## <summary>
## All of the rules required to administrate
## All of the rules required to administrate
## an rpcbind environment
## </summary>
## <param name="domain">

View File

@ -1,5 +1,5 @@
policy_module(rpcbind, 1.4.0)
policy_module(rpcbind, 1.4.1)
########################################
#
@ -42,6 +42,7 @@ files_var_lib_filetrans(rpcbind_t, rpcbind_var_lib_t, { file dir sock_file })
kernel_read_system_state(rpcbind_t)
kernel_read_network_state(rpcbind_t)
kernel_request_load_module(rpcbind_t)
corenet_all_recvfrom_unlabeled(rpcbind_t)
corenet_all_recvfrom_netlabel(rpcbind_t)