Gentoo Archives: gentoo-commits

From:	Sven Vermeulen <swift@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
Date:	Mon, 30 Sep 2013 19:03:43
Message-Id:	`1380567614.9b73dcf3ceca29f92b25b1f4832ab21a5b99e315.swift@gentoo`

1	commit: 9b73dcf3ceca29f92b25b1f4832ab21a5b99e315
2	Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3	AuthorDate: Fri Sep 27 09:35:41 2013 +0000
4	Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
5	CommitDate: Mon Sep 30 19:00:14 2013 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=9b73dcf3
7
8	sysnetwork: dhcpc binds socket to random high udp ports sysnetwork: do not audit attempts by ifconfig to read, and write dhcpc udp sockets (looks like a leaked fd)
9
10	Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
11
12	---
13	policy/modules/system/sysnetwork.te \| 6 +++++-
14	1 file changed, 5 insertions(+), 1 deletion(-)
15
16	diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
17	index 0ec0b30..7028bd2 100644
18	--- a/policy/modules/system/sysnetwork.te
19	+++ b/policy/modules/system/sysnetwork.te
20	@@ -113,7 +113,9 @@ corenet_tcp_bind_dhcpc_port(dhcpc_t)
21	corenet_udp_bind_dhcpc_port(dhcpc_t)
22	corenet_tcp_connect_all_ports(dhcpc_t)
23	corenet_sendrecv_dhcpd_client_packets(dhcpc_t)
24	-corenet_sendrecv_dhcpc_server_packets(dhcpc_t)
25	+
26	+corenet_sendrecv_all_server_packets(dhcpc_t)
27	+corenet_udp_bind_all_unreserved_ports(dhcpc_t)
28
29	dev_read_sysfs(dhcpc_t)
30	# for SSP:
31	@@ -315,6 +317,8 @@ modutils_domtrans_insmod(ifconfig_t)
32
33	seutil_use_runinit_fds(ifconfig_t)
34
35	+sysnet_dontaudit_rw_dhcpc_udp_sockets(ifconfig_t)
36	+
37	userdom_use_user_terminals(ifconfig_t)
38	userdom_use_all_users_fds(ifconfig_t)