From 6942484b6fd6b72777923813e4249bc80e9a873a Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Wed, 28 Sep 2005 18:10:48 +0000 Subject: [PATCH] add in a couple missing rules --- refpolicy/policy/modules/services/nis.te | 4 ++++ refpolicy/policy/modules/services/zebra.te | 4 ++++ refpolicy/policy/modules/system/libraries.if | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/refpolicy/policy/modules/services/nis.te b/refpolicy/policy/modules/services/nis.te index 237bf3029..1c1d9e5de 100644 --- a/refpolicy/policy/modules/services/nis.te +++ b/refpolicy/policy/modules/services/nis.te @@ -161,11 +161,15 @@ kernel_list_proc(ypserv_t) kernel_read_proc_symlinks(ypserv_t) corenet_tcp_sendrecv_all_if(ypserv_t) +corenet_udp_sendrecv_all_if(ypserv_t) corenet_raw_sendrecv_all_if(ypserv_t) corenet_tcp_sendrecv_all_nodes(ypserv_t) +corenet_udp_sendrecv_all_nodes(ypserv_t) corenet_raw_sendrecv_all_nodes(ypserv_t) corenet_tcp_sendrecv_all_ports(ypserv_t) +corenet_udp_sendrecv_all_ports(ypserv_t) corenet_tcp_bind_all_nodes(ypserv_t) +corenet_udp_bind_all_nodes(ypserv_t) corenet_tcp_bind_reserved_port(ypserv_t) corenet_udp_bind_reserved_port(ypserv_t) corenet_dontaudit_tcp_bind_all_reserved_ports(ypserv_t) diff --git a/refpolicy/policy/modules/services/zebra.te b/refpolicy/policy/modules/services/zebra.te index 0cc03e34f..2fd74d007 100644 --- a/refpolicy/policy/modules/services/zebra.te +++ b/refpolicy/policy/modules/services/zebra.te @@ -57,11 +57,15 @@ kernel_read_kernel_sysctl(zebra_t) kernel_rw_net_sysctl(zebra_t) corenet_tcp_sendrecv_all_if(zebra_t) +corenet_udp_sendrecv_all_if(zebra_t) corenet_raw_sendrecv_all_if(zebra_t) corenet_tcp_sendrecv_all_nodes(zebra_t) +corenet_udp_sendrecv_all_nodes(zebra_t) corenet_raw_sendrecv_all_nodes(zebra_t) corenet_tcp_sendrecv_all_ports(zebra_t) +corenet_udp_sendrecv_all_ports(zebra_t) corenet_tcp_bind_all_nodes(zebra_t) +corenet_udp_bind_all_nodes(zebra_t) corenet_tcp_bind_zebra_port(zebra_t) dev_read_sysfs(zebra_t) diff --git a/refpolicy/policy/modules/system/libraries.if b/refpolicy/policy/modules/system/libraries.if index 9a09e423a..a511e26e5 100644 --- a/refpolicy/policy/modules/system/libraries.if +++ b/refpolicy/policy/modules/system/libraries.if @@ -228,7 +228,7 @@ interface(`libs_use_shared_libs',` class file { rx_file_perms execmod }; ') - files_search_usr($1) + files_list_usr($1) allow $1 lib_t:dir r_dir_perms; allow $1 lib_t:lnk_file r_file_perms; allow $1 { shlib_t texrel_shlib_t }:lnk_file r_file_perms;