Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Sven Vermeulen <sven.vermeulen@××××××.be>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
Date: Tue, 30 Oct 2012 18:37:44
Message-Id: 1351621982.3b68d867d79b680bd6edf52f998f7a6497cb990b.SwifT@gentoo
1 commit: 3b68d867d79b680bd6edf52f998f7a6497cb990b
2 Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com>
3 AuthorDate: Tue Oct 30 10:14:15 2012 +0000
4 Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
5 CommitDate: Tue Oct 30 18:33:02 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=3b68d867
7
8 Changes to the ucspitcp policy module
9
10 Module clean up
11
12 Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com>
13
14 ---
15 policy/modules/contrib/ucspitcp.te | 24 +++++++++++++-----------
16 1 files changed, 13 insertions(+), 11 deletions(-)
17
18 diff --git a/policy/modules/contrib/ucspitcp.te b/policy/modules/contrib/ucspitcp.te
19 index b0b3a49..5e365c2 100644
20 --- a/policy/modules/contrib/ucspitcp.te
21 +++ b/policy/modules/contrib/ucspitcp.te
22 @@ -15,7 +15,7 @@ init_system_domain(ucspitcp_t, ucspitcp_exec_t)
23
24 ########################################
25 #
26 -# Local policy for rblsmtpd
27 +# Smtpd local policy
28 #
29
30 ucspitcp_service_domain(rblsmtpd_t, rblsmtpd_exec_t)
31 @@ -42,7 +42,7 @@ optional_policy(`
32
33 ########################################
34 #
35 -# Local policy for tcpserver
36 +# Tcp local policy
37 #
38
39 allow ucspitcp_t self:capability { setgid setuid };
40 @@ -52,7 +52,6 @@ allow ucspitcp_t self:udp_socket create_socket_perms;
41
42 corecmd_search_bin(ucspitcp_t)
43
44 -# base networking:
45 corenet_all_recvfrom_unlabeled(ucspitcp_t)
46 corenet_all_recvfrom_netlabel(ucspitcp_t)
47 corenet_tcp_sendrecv_generic_if(ucspitcp_t)
48 @@ -64,24 +63,27 @@ corenet_udp_sendrecv_all_ports(ucspitcp_t)
49 corenet_tcp_bind_generic_node(ucspitcp_t)
50 corenet_udp_bind_generic_node(ucspitcp_t)
51
52 -# server ports:
53 +corenet_sendrecv_ftp_server_packets(ucspitcp_t)
54 corenet_tcp_bind_ftp_port(ucspitcp_t)
55 +
56 +corenet_sendrecv_ftp_data_server_packets(ucspitcp_t)
57 corenet_tcp_bind_ftp_data_port(ucspitcp_t)
58 +
59 +corenet_sendrecv_http_server_packets(ucspitcp_t)
60 corenet_tcp_bind_http_port(ucspitcp_t)
61 +
62 +corenet_sendrecv_smtp_server_packets(ucspitcp_t)
63 corenet_tcp_bind_smtp_port(ucspitcp_t)
64 +
65 +corenet_sendrecv_dns_server_packets(ucspitcp_t)
66 corenet_tcp_bind_dns_port(ucspitcp_t)
67 corenet_udp_bind_dns_port(ucspitcp_t)
68 -corenet_udp_bind_generic_port(ucspitcp_t)
69
70 -# server packets:
71 -corenet_sendrecv_ftp_server_packets(ucspitcp_t)
72 -corenet_sendrecv_http_server_packets(ucspitcp_t)
73 -corenet_sendrecv_smtp_server_packets(ucspitcp_t)
74 -corenet_sendrecv_dns_server_packets(ucspitcp_t)
75 corenet_sendrecv_generic_server_packets(ucspitcp_t)
76 +corenet_udp_bind_generic_port(ucspitcp_t)
77
78 -files_search_var(ucspitcp_t)
79 files_read_etc_files(ucspitcp_t)
80 +files_search_var(ucspitcp_t)
81
82 sysnet_read_config(ucspitcp_t)
Report Message
Find on MARC Find on Google Groups