netutils: Add some permissions required by nmap to traceroute_t
nmap currently also needs "self:socket create", but I've submitted a kernel patch to ameliorate this.
This commit is contained in:
parent
afe26f2e2f
commit
261e2772d1
@ -165,6 +165,7 @@ optional_policy(`
|
||||
#
|
||||
|
||||
allow traceroute_t self:capability { net_admin net_raw setgid setuid };
|
||||
allow traceroute_t self:process signal;
|
||||
allow traceroute_t self:rawip_socket create_socket_perms;
|
||||
allow traceroute_t self:packet_socket create_socket_perms;
|
||||
allow traceroute_t self:udp_socket create_socket_perms;
|
||||
@ -172,6 +173,8 @@ allow traceroute_t self:udp_socket create_socket_perms;
|
||||
kernel_read_system_state(traceroute_t)
|
||||
kernel_read_network_state(traceroute_t)
|
||||
|
||||
corecmd_search_bin(traceroute_t)
|
||||
|
||||
corenet_all_recvfrom_unlabeled(traceroute_t)
|
||||
corenet_all_recvfrom_netlabel(traceroute_t)
|
||||
corenet_tcp_sendrecv_generic_if(traceroute_t)
|
||||
@ -193,6 +196,7 @@ corenet_sendrecv_traceroute_server_packets(traceroute_t)
|
||||
|
||||
dev_read_rand(traceroute_t)
|
||||
dev_read_urand(traceroute_t)
|
||||
dev_read_sysfs(traceroute_t)
|
||||
|
||||
domain_use_interactive_fds(traceroute_t)
|
||||
|
||||
@ -208,3 +212,7 @@ logging_send_syslog_msg(traceroute_t)
|
||||
miscfiles_read_localization(traceroute_t)
|
||||
|
||||
userdom_use_inherited_user_terminals(traceroute_t)
|
||||
|
||||
# nmap searches .
|
||||
userdom_dontaudit_search_user_home_dirs(traceroute_t)
|
||||
userdom_dontaudit_search_user_home_content(traceroute_t)
|
||||
|
Loading…
Reference in New Issue
Block a user