nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

user_udp_server tunable

Browse Source 
The following patch adds a tunable user_udp_server for the user domains to
run UDP services.
This commit is contained in:
Russell Coker 2016-07-31 19:16:36 +10:00 committed by Chris PeBenito
parent 461451d7a7
commit 6f7d03bd34
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
policy/global_tunables
View File

@ -111,3 +111,11 @@ gen_tunable(use_samba_home_dirs,false)
## </p>
## </desc>
gen_tunable(user_tcp_server,false)
## <desc>
## <p>
## Allow users to run UDP servers (bind to ports and accept connection from
## the same domain and outside users)
## </p>
## </desc>
gen_tunable(user_udp_server,false)

7
policy/modules/system/userdomain.if
View File

@ -1041,6 +1041,13 @@ template(`userdom_unpriv_user_template', `
corenet_tcp_bind_generic_port($1_t)
')
# Allow users to run UDP servers (bind to ports and accept connection from
# the same domain and outside users)
tunable_policy(`user_udp_server',`
corenet_udp_bind_generic_node($1_t)
corenet_udp_bind_generic_port($1_t)
')
optional_policy(`
netutils_run_ping_cond($1_t, $1_r)
netutils_run_traceroute_cond($1_t, $1_r)