packets
This commit is contained in:
Chris PeBenito
parent
3152d15fa7
commit
3d03a4f40f
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(automount,1.2.4)
|
||||
policy_module(automount,1.2.5)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -81,6 +81,7 @@ corenet_udp_bind_all_nodes(automount_t)
|
||||
corenet_tcp_connect_portmap_port(automount_t)
|
||||
corenet_tcp_connect_all_ports(automount_t)
|
||||
corenet_dontaudit_tcp_connect_all_reserved_ports(automount_t)
|
||||
corenet_sendrecv_all_client_packets(automount_t)
|
||||
# Automount execs showmount when you browse /net. This is required until
|
||||
# Someone writes a showmount policy
|
||||
corenet_tcp_bind_reserved_port(automount_t)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(bluetooth,1.2.6)
|
||||
policy_module(bluetooth,1.2.7)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -49,7 +49,7 @@ allow bluetooth_t self:shm create_shm_perms;
|
||||
allow bluetooth_t self:socket create_stream_socket_perms;
|
||||
allow bluetooth_t self:unix_dgram_socket create_socket_perms;
|
||||
allow bluetooth_t self:unix_stream_socket create_stream_socket_perms;
|
||||
allow bluetooth_t self:tcp_socket { create_stream_socket_perms connect };
|
||||
allow bluetooth_t self:tcp_socket create_stream_socket_perms;
|
||||
allow bluetooth_t self:udp_socket create_socket_perms;
|
||||
|
||||
allow bluetooth_t bluetooth_conf_t:dir rw_dir_perms;
|
||||
|
||||
@ -44,6 +44,8 @@ template(`djbdns_daemontools_domain_template',`
|
||||
corenet_tcp_bind_dns_port(djbdns_$1_t)
|
||||
corenet_udp_bind_dns_port(djbdns_$1_t)
|
||||
corenet_udp_bind_generic_port(djbdns_$1_t)
|
||||
corenet_sendrecv_dns_server_packets(djbdns_$1_t)
|
||||
corenet_sendrecv_generic_server_packets(djbdns_$1_t)
|
||||
|
||||
files_search_var(djbdns_$1_t)
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(djbdns,1.0.0)
|
||||
policy_module(djbdns,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(dovecot,1.2.2)
|
||||
policy_module(dovecot,1.2.3)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -78,6 +78,8 @@ corenet_tcp_bind_all_nodes(dovecot_t)
|
||||
corenet_tcp_bind_pop_port(dovecot_t)
|
||||
corenet_tcp_connect_all_ports(dovecot_t)
|
||||
corenet_tcp_connect_postgresql_port(dovecot_t)
|
||||
corenet_sendrecv_pop_server_packets(dovecot_t)
|
||||
corenet_sendrecv_all_client_packets(dovecot_t)
|
||||
|
||||
dev_read_sysfs(dovecot_t)
|
||||
dev_read_urand(dovecot_t)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(fetchmail,1.1.1)
|
||||
policy_module(fetchmail,1.1.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -57,6 +57,7 @@ corenet_udp_sendrecv_dns_port(fetchmail_t)
|
||||
corenet_tcp_sendrecv_pop_port(fetchmail_t)
|
||||
corenet_tcp_sendrecv_smtp_port(fetchmail_t)
|
||||
corenet_tcp_connect_all_ports(fetchmail_t)
|
||||
corenet_sendrecv_all_client_packets(fetchmail_t)
|
||||
|
||||
dev_read_sysfs(fetchmail_t)
|
||||
dev_read_rand(fetchmail_t)
|
||||
|
||||
@ -62,6 +62,7 @@ template(`mailman_domain_template', `
|
||||
corenet_tcp_bind_all_nodes(mailman_$1_t)
|
||||
corenet_udp_bind_all_nodes(mailman_$1_t)
|
||||
corenet_tcp_connect_smtp_port(mailman_$1_t)
|
||||
corenet_sendrecv_smtp_client_packets(mailman_$1_t)
|
||||
|
||||
fs_getattr_xattr_fs(mailman_$1_t)
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(mailman,1.1.3)
|
||||
policy_module(mailman,1.1.4)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(nis,1.1.3)
|
||||
policy_module(nis,1.1.4)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -72,15 +72,13 @@ kernel_list_proc(ypbind_t)
|
||||
kernel_read_proc_symlinks(ypbind_t)
|
||||
kernel_tcp_recvfrom(ypbind_t)
|
||||
|
||||
corenet_non_ipsec_sendrecv(ypbind_t)
|
||||
corenet_tcp_sendrecv_all_if(ypbind_t)
|
||||
corenet_udp_sendrecv_all_if(ypbind_t)
|
||||
corenet_raw_sendrecv_all_if(ypbind_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ypbind_t)
|
||||
corenet_udp_sendrecv_all_nodes(ypbind_t)
|
||||
corenet_raw_sendrecv_all_nodes(ypbind_t)
|
||||
corenet_tcp_sendrecv_all_ports(ypbind_t)
|
||||
corenet_udp_sendrecv_all_ports(ypbind_t)
|
||||
corenet_non_ipsec_sendrecv(ypbind_t)
|
||||
corenet_tcp_bind_all_nodes(ypbind_t)
|
||||
corenet_udp_bind_all_nodes(ypbind_t)
|
||||
corenet_tcp_bind_generic_port(ypbind_t)
|
||||
@ -91,6 +89,8 @@ corenet_tcp_bind_all_rpc_ports(ypbind_t)
|
||||
corenet_tcp_connect_all_ports(ypbind_t)
|
||||
corenet_dontaudit_tcp_bind_all_reserved_ports(ypbind_t)
|
||||
corenet_dontaudit_udp_bind_all_reserved_ports(ypbind_t)
|
||||
corenet_sendrecv_all_client_packets(ypbind_t)
|
||||
corenet_sendrecv_generic_server_packets(ypbind_t)
|
||||
|
||||
dev_read_sysfs(ypbind_t)
|
||||
|
||||
@ -167,21 +167,20 @@ kernel_read_proc_symlinks(yppasswdd_t)
|
||||
kernel_getattr_proc_files(yppasswdd_t)
|
||||
kernel_read_kernel_sysctls(yppasswdd_t)
|
||||
|
||||
corenet_non_ipsec_sendrecv(yppasswdd_t)
|
||||
corenet_tcp_sendrecv_generic_if(yppasswdd_t)
|
||||
corenet_udp_sendrecv_generic_if(yppasswdd_t)
|
||||
corenet_raw_sendrecv_generic_if(yppasswdd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(yppasswdd_t)
|
||||
corenet_udp_sendrecv_all_nodes(yppasswdd_t)
|
||||
corenet_raw_sendrecv_all_nodes(yppasswdd_t)
|
||||
corenet_tcp_sendrecv_all_ports(yppasswdd_t)
|
||||
corenet_udp_sendrecv_all_ports(yppasswdd_t)
|
||||
corenet_non_ipsec_sendrecv(yppasswdd_t)
|
||||
corenet_tcp_bind_all_nodes(yppasswdd_t)
|
||||
corenet_udp_bind_all_nodes(yppasswdd_t)
|
||||
corenet_tcp_bind_reserved_port(yppasswdd_t)
|
||||
corenet_udp_bind_reserved_port(yppasswdd_t)
|
||||
corenet_dontaudit_tcp_bind_all_reserved_ports(yppasswdd_t)
|
||||
corenet_dontaudit_udp_bind_all_reserved_ports(yppasswdd_t)
|
||||
corenet_sendrecv_generic_server_packets(yppasswdd_t)
|
||||
|
||||
dev_read_sysfs(yppasswdd_t)
|
||||
|
||||
@ -273,21 +272,20 @@ kernel_read_kernel_sysctls(ypserv_t)
|
||||
kernel_list_proc(ypserv_t)
|
||||
kernel_read_proc_symlinks(ypserv_t)
|
||||
|
||||
corenet_non_ipsec_sendrecv(ypserv_t)
|
||||
corenet_tcp_sendrecv_all_if(ypserv_t)
|
||||
corenet_udp_sendrecv_all_if(ypserv_t)
|
||||
corenet_raw_sendrecv_all_if(ypserv_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ypserv_t)
|
||||
corenet_udp_sendrecv_all_nodes(ypserv_t)
|
||||
corenet_raw_sendrecv_all_nodes(ypserv_t)
|
||||
corenet_tcp_sendrecv_all_ports(ypserv_t)
|
||||
corenet_udp_sendrecv_all_ports(ypserv_t)
|
||||
corenet_non_ipsec_sendrecv(ypserv_t)
|
||||
corenet_tcp_bind_all_nodes(ypserv_t)
|
||||
corenet_udp_bind_all_nodes(ypserv_t)
|
||||
corenet_tcp_bind_reserved_port(ypserv_t)
|
||||
corenet_udp_bind_reserved_port(ypserv_t)
|
||||
corenet_dontaudit_tcp_bind_all_reserved_ports(ypserv_t)
|
||||
corenet_dontaudit_udp_bind_all_reserved_ports(ypserv_t)
|
||||
corenet_sendrecv_generic_server_packets(ypserv_t)
|
||||
|
||||
dev_read_sysfs(ypserv_t)
|
||||
|
||||
@ -343,15 +341,13 @@ optional_policy(`
|
||||
|
||||
allow ypxfr_t self:unix_stream_socket create_stream_socket_perms;
|
||||
|
||||
corenet_non_ipsec_sendrecv(ypxfr_t)
|
||||
corenet_tcp_sendrecv_all_if(ypxfr_t)
|
||||
corenet_udp_sendrecv_all_if(ypxfr_t)
|
||||
corenet_raw_sendrecv_all_if(ypxfr_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ypxfr_t)
|
||||
corenet_udp_sendrecv_all_nodes(ypxfr_t)
|
||||
corenet_raw_sendrecv_all_nodes(ypxfr_t)
|
||||
corenet_tcp_sendrecv_all_ports(ypxfr_t)
|
||||
corenet_udp_sendrecv_all_ports(ypxfr_t)
|
||||
corenet_non_ipsec_sendrecv(ypxfr_t)
|
||||
corenet_tcp_bind_all_nodes(ypxfr_t)
|
||||
corenet_udp_bind_all_nodes(ypxfr_t)
|
||||
corenet_tcp_bind_reserved_port(ypxfr_t)
|
||||
@ -359,5 +355,7 @@ corenet_udp_bind_reserved_port(ypxfr_t)
|
||||
corenet_dontaudit_tcp_bind_all_reserved_ports(ypxfr_t)
|
||||
corenet_dontaudit_udp_bind_all_reserved_ports(ypxfr_t)
|
||||
corenet_tcp_connect_all_ports(ypxfr_t)
|
||||
corenet_sendrecv_generic_server_packets(ypxfr_t)
|
||||
corenet_sendrecv_all_client_packets(ypxfr_t)
|
||||
|
||||
files_read_etc_files(ypxfr_t)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(postfix,1.2.5)
|
||||
policy_module(postfix,1.2.6)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -131,20 +131,20 @@ allow postfix_master_t postfix_spool_maildrop_t:file { unlink rename getattr };
|
||||
|
||||
kernel_read_all_sysctls(postfix_master_t)
|
||||
|
||||
corenet_non_ipsec_sendrecv(postfix_master_t)
|
||||
corenet_tcp_sendrecv_all_if(postfix_master_t)
|
||||
corenet_udp_sendrecv_all_if(postfix_master_t)
|
||||
corenet_raw_sendrecv_all_if(postfix_master_t)
|
||||
corenet_tcp_sendrecv_all_nodes(postfix_master_t)
|
||||
corenet_udp_sendrecv_all_nodes(postfix_master_t)
|
||||
corenet_raw_sendrecv_all_nodes(postfix_master_t)
|
||||
corenet_tcp_sendrecv_all_ports(postfix_master_t)
|
||||
corenet_udp_sendrecv_all_ports(postfix_master_t)
|
||||
corenet_non_ipsec_sendrecv(postfix_master_t)
|
||||
corenet_tcp_bind_all_nodes(postfix_master_t)
|
||||
corenet_udp_bind_all_nodes(postfix_master_t)
|
||||
corenet_tcp_bind_amavisd_send_port(postfix_master_t)
|
||||
corenet_tcp_bind_smtp_port(postfix_master_t)
|
||||
corenet_tcp_connect_all_ports(postfix_master_t)
|
||||
corenet_sendrecv_amavisd_send_server_packets(postfix_master_t)
|
||||
corenet_sendrecv_smtp_server_packets(postfix_master_t)
|
||||
corenet_sendrecv_all_client_packets(postfix_master_t)
|
||||
|
||||
# for a find command
|
||||
selinux_dontaudit_search_fs(postfix_master_t)
|
||||
@ -320,18 +320,15 @@ kernel_read_kernel_sysctls(postfix_map_t)
|
||||
kernel_dontaudit_list_proc(postfix_map_t)
|
||||
kernel_dontaudit_read_system_state(postfix_map_t)
|
||||
|
||||
corenet_non_ipsec_sendrecv(postfix_map_t)
|
||||
corenet_tcp_sendrecv_all_if(postfix_map_t)
|
||||
corenet_udp_sendrecv_all_if(postfix_map_t)
|
||||
corenet_raw_sendrecv_all_if(postfix_map_t)
|
||||
corenet_tcp_sendrecv_all_nodes(postfix_map_t)
|
||||
corenet_udp_sendrecv_all_nodes(postfix_map_t)
|
||||
corenet_raw_sendrecv_all_nodes(postfix_map_t)
|
||||
corenet_tcp_sendrecv_all_ports(postfix_map_t)
|
||||
corenet_udp_sendrecv_all_ports(postfix_map_t)
|
||||
corenet_non_ipsec_sendrecv(postfix_map_t)
|
||||
corenet_tcp_bind_all_nodes(postfix_map_t)
|
||||
corenet_udp_bind_all_nodes(postfix_map_t)
|
||||
corenet_tcp_connect_all_ports(postfix_map_t)
|
||||
corenet_sendrecv_all_client_packets(postfix_map_t)
|
||||
|
||||
corecmd_list_bin(postfix_map_t)
|
||||
corecmd_read_bin_symlinks(postfix_map_t)
|
||||
|
||||
@ -64,13 +64,12 @@ template(`razor_common_domain_template',`
|
||||
|
||||
corecmd_exec_bin($1_t)
|
||||
|
||||
corenet_non_ipsec_sendrecv($1_t)
|
||||
corenet_tcp_sendrecv_generic_if($1_t)
|
||||
corenet_raw_sendrecv_generic_if($1_t)
|
||||
corenet_tcp_sendrecv_all_nodes($1_t)
|
||||
corenet_raw_sendrecv_all_nodes($1_t)
|
||||
corenet_tcp_sendrecv_razor_port($1_t)
|
||||
corenet_non_ipsec_sendrecv($1_t)
|
||||
corenet_tcp_bind_all_nodes($1_t)
|
||||
|
||||
# mktemp and other randoms
|
||||
dev_read_rand($1_t)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(razor,1.0.0)
|
||||
policy_module(razor,1.0.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -47,8 +47,8 @@ corenet_raw_sendrecv_generic_if(razor_t)
|
||||
corenet_tcp_sendrecv_all_nodes(razor_t)
|
||||
corenet_raw_sendrecv_all_nodes(razor_t)
|
||||
corenet_tcp_sendrecv_razor_port(razor_t)
|
||||
corenet_tcp_bind_all_nodes(razor_t)
|
||||
corenet_tcp_connect_razor_port(razor_t)
|
||||
corenet_sendrecv_razor_client_packets(razor_t)
|
||||
|
||||
sysnet_read_config(razor_t)
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(stunnel,1.1.0)
|
||||
policy_module(stunnel,1.1.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -55,17 +55,14 @@ kernel_read_kernel_sysctls(stunnel_t)
|
||||
kernel_read_system_state(stunnel_t)
|
||||
kernel_read_network_state(stunnel_t)
|
||||
|
||||
corenet_non_ipsec_sendrecv(stunnel_t)
|
||||
corenet_tcp_sendrecv_all_if(stunnel_t)
|
||||
corenet_udp_sendrecv_all_if(stunnel_t)
|
||||
corenet_raw_sendrecv_all_if(stunnel_t)
|
||||
corenet_tcp_sendrecv_all_nodes(stunnel_t)
|
||||
corenet_udp_sendrecv_all_nodes(stunnel_t)
|
||||
corenet_raw_sendrecv_all_nodes(stunnel_t)
|
||||
corenet_tcp_sendrecv_all_ports(stunnel_t)
|
||||
corenet_udp_sendrecv_all_ports(stunnel_t)
|
||||
corenet_non_ipsec_sendrecv(stunnel_t)
|
||||
corenet_tcp_bind_all_nodes(stunnel_t)
|
||||
corenet_udp_bind_all_nodes(stunnel_t)
|
||||
#corenet_tcp_bind_stunnel_port(stunnel_t)
|
||||
|
||||
fs_getattr_all_fs(stunnel_t)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(telnet,1.1.0)
|
||||
policy_module(telnet,1.1.1)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -49,17 +49,13 @@ kernel_read_kernel_sysctls(telnetd_t)
|
||||
kernel_read_system_state(telnetd_t)
|
||||
kernel_read_network_state(telnetd_t)
|
||||
|
||||
corenet_non_ipsec_sendrecv(telnetd_t)
|
||||
corenet_tcp_sendrecv_all_if(telnetd_t)
|
||||
corenet_udp_sendrecv_all_if(telnetd_t)
|
||||
corenet_raw_sendrecv_all_if(telnetd_t)
|
||||
corenet_tcp_sendrecv_all_nodes(telnetd_t)
|
||||
corenet_udp_sendrecv_all_nodes(telnetd_t)
|
||||
corenet_raw_sendrecv_all_nodes(telnetd_t)
|
||||
corenet_tcp_sendrecv_all_ports(telnetd_t)
|
||||
corenet_udp_sendrecv_all_ports(telnetd_t)
|
||||
corenet_non_ipsec_sendrecv(telnetd_t)
|
||||
corenet_tcp_bind_all_nodes(telnetd_t)
|
||||
corenet_udp_bind_all_nodes(telnetd_t)
|
||||
|
||||
dev_read_urand(telnetd_t)
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(ucspitcp,1.0.1)
|
||||
policy_module(ucspitcp,1.0.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -60,15 +60,18 @@ allow ucspitcp_t self:udp_socket create_socket_perms;
|
||||
corecmd_search_bin(ucspitcp_t)
|
||||
corecmd_search_sbin(ucspitcp_t)
|
||||
|
||||
# base networking:
|
||||
corenet_non_ipsec_sendrecv(ucspitcp_t)
|
||||
corenet_tcp_sendrecv_all_if(ucspitcp_t)
|
||||
corenet_udp_sendrecv_all_if(ucspitcp_t)
|
||||
corenet_tcp_sendrecv_all_nodes(ucspitcp_t)
|
||||
corenet_udp_sendrecv_all_nodes(ucspitcp_t)
|
||||
corenet_tcp_sendrecv_all_ports(ucspitcp_t)
|
||||
corenet_udp_sendrecv_all_ports(ucspitcp_t)
|
||||
corenet_non_ipsec_sendrecv(ucspitcp_t)
|
||||
corenet_tcp_bind_all_nodes(ucspitcp_t)
|
||||
corenet_udp_bind_all_nodes(ucspitcp_t)
|
||||
|
||||
# server ports:
|
||||
corenet_tcp_bind_ftp_port(ucspitcp_t)
|
||||
corenet_tcp_bind_ftp_data_port(ucspitcp_t)
|
||||
corenet_tcp_bind_http_port(ucspitcp_t)
|
||||
@ -77,6 +80,13 @@ corenet_tcp_bind_dns_port(ucspitcp_t)
|
||||
corenet_udp_bind_dns_port(ucspitcp_t)
|
||||
corenet_udp_bind_generic_port(ucspitcp_t)
|
||||
|
||||
# server packets:
|
||||
corenet_sendrecv_ftp_server_packets(ucspitcp_t)
|
||||
corenet_sendrecv_http_server_packets(ucspitcp_t)
|
||||
corenet_sendrecv_smtp_server_packets(ucspitcp_t)
|
||||
corenet_sendrecv_dns_server_packets(ucspitcp_t)
|
||||
corenet_sendrecv_generic_server_packets(ucspitcp_t)
|
||||
|
||||
files_search_var(ucspitcp_t)
|
||||
files_read_etc_files(ucspitcp_t)
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(zebra,1.2.1)
|
||||
policy_module(zebra,1.2.2)
|
||||
|
||||
########################################
|
||||
#
|
||||
@ -74,6 +74,8 @@ corenet_tcp_bind_all_nodes(zebra_t)
|
||||
corenet_udp_bind_all_nodes(zebra_t)
|
||||
corenet_tcp_bind_zebra_port(zebra_t)
|
||||
corenet_udp_bind_router_port(zebra_t)
|
||||
corenet_sendrecv_zebra_server_packets(zebra_t)
|
||||
corenet_sendrecv_router_server_packets(zebra_t)
|
||||
|
||||
dev_associate_usbfs(zebra_var_run_t)
|
||||
dev_list_all_dev_nodes(zebra_t)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user