1 |
commit: 2b2254a8e419069b7cea19b37433f7657f0be9ea |
2 |
Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com> |
3 |
AuthorDate: Sat Oct 27 12:30:27 2012 +0000 |
4 |
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
5 |
CommitDate: Sun Oct 28 17:58:34 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=2b2254a8 |
7 |
|
8 |
Re-add missing network rule in screen policy module |
9 |
|
10 |
Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com> |
11 |
|
12 |
--- |
13 |
policy/modules/contrib/screen.te | 5 +++-- |
14 |
1 files changed, 3 insertions(+), 2 deletions(-) |
15 |
|
16 |
diff --git a/policy/modules/contrib/screen.te b/policy/modules/contrib/screen.te |
17 |
index 2af1220..94b67d7 100644 |
18 |
--- a/policy/modules/contrib/screen.te |
19 |
+++ b/policy/modules/contrib/screen.te |
20 |
@@ -1,4 +1,4 @@ |
21 |
-policy_module(screen, 2.5.1) |
22 |
+policy_module(screen, 2.5.2) |
23 |
|
24 |
######################################## |
25 |
# |
26 |
@@ -37,7 +37,7 @@ allow screen_domain self:capability { setuid setgid fsetid }; |
27 |
allow screen_domain self:process signal_perms; |
28 |
allow screen_domain self:fd use; |
29 |
allow screen_domain self:fifo_file rw_fifo_file_perms; |
30 |
-allow screen_domain self:tcp_socket {accept listen }; |
31 |
+allow screen_domain self:tcp_socket { accept listen }; |
32 |
allow screen_domain self:unix_stream_socket connectto; |
33 |
|
34 |
manage_dirs_pattern(screen_domain, screen_tmp_t, screen_tmp_t) |
35 |
@@ -65,6 +65,7 @@ corecmd_read_bin_symlinks(screen_domain) |
36 |
corecmd_read_bin_pipes(screen_domain) |
37 |
corecmd_read_bin_sockets(screen_domain) |
38 |
|
39 |
+corenet_all_recvfrom_unlabeled(screen_domain) |
40 |
corenet_all_recvfrom_netlabel(screen_domain) |
41 |
corenet_tcp_sendrecv_generic_if(screen_domain) |
42 |
corenet_tcp_sendrecv_generic_node(screen_domain) |