Gentoo Archives: gentoo-commits

From:	Sven Vermeulen <sven.vermeulen@××××××.be>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
Date:	Tue, 27 Nov 2012 19:16:59
Message-Id:	`1354042867.83d40e0392c0e146ffac223c53e7ff2de3523853.SwifT@gentoo`

1	commit: 83d40e0392c0e146ffac223c53e7ff2de3523853
2	Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
3	AuthorDate: Sat Nov 10 16:52:04 2012 +0000
4	Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5	CommitDate: Tue Nov 27 19:01:07 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=83d40e03
7
8	Run ipset in iptables domain
9
10	The ipset command is used to manage ip sets, used by iptables for a more
11	flexible management of firewall rules. It has very similar requirements as
12	iptables for accessing and working with the Linux kernel, so marking ipset as
13	iptables_exec_t to have it run in the iptables domain.
14
15	Signed-off-by: Sven Vermeulen <sven.vermeulen <AT> siphos.be>
16
17	---
18	policy/modules/system/iptables.fc \| 1 +
19	1 files changed, 1 insertions(+), 0 deletions(-)
20
21	diff --git a/policy/modules/system/iptables.fc b/policy/modules/system/iptables.fc
22	index ac6ce32..b57740f 100644
23	--- a/policy/modules/system/iptables.fc
24	+++ b/policy/modules/system/iptables.fc
25	@@ -15,6 +15,7 @@
26	/sbin/xtables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0)
27
28	/usr/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0)
29	+/usr/sbin/ipset -- gen_context(system_u:object_r:iptables_exec_t,s0)
30	/usr/sbin/iptables -- gen_context(system_u:object_r:iptables_exec_t,s0)
31	/usr/sbin/iptables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0)
32	/usr/sbin/iptables-restore -- gen_context(system_u:object_r:iptables_exec_t,s0)

Report Message

Find on MARC Find on Google Groups