fail2ban_stream_connect and fail2ban_rw_stream_sockets from Dan Walsh
Did not include dontaudit_leaks interface Modified fail2ban_rw_stream_sockets to use rw_stream_socket_perms set
This commit is contained in:
parent
74b51e6db2
commit
f7d413af27
|
@ -98,6 +98,26 @@ interface(`fail2ban_read_pid_files',`
|
|||
allow $1 fail2ban_var_run_t:file read_file_perms;
|
||||
')
|
||||
|
||||
#####################################
|
||||
## <summary>
|
||||
## Connect to fail2ban over a unix domain
|
||||
## stream socket.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fail2ban_stream_connect',`
|
||||
gen_require(`
|
||||
type fail2ban_t, fail2ban_var_run_t;
|
||||
')
|
||||
|
||||
files_search_pids($1)
|
||||
stream_connect_pattern($1, fail2ban_var_run_t, fail2ban_var_run_t, fail2ban_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
|
@ -135,3 +155,21 @@ interface(`fail2ban_admin',`
|
|||
files_list_pids($1)
|
||||
admin_pattern($1, fail2ban_var_run_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Read and write to an fail2ban unix stream socket.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`fail2ban_rw_stream_sockets',`
|
||||
gen_require(`
|
||||
type fail2ban_t;
|
||||
')
|
||||
|
||||
allow $1 fail2ban_t:unix_stream_socket rw_stream_socket_perms;
|
||||
')
|
||||
|
|
Loading…
Reference in New Issue