1 |
commit: 0796015df7c69a5177f020340e0b05417e52ef9c |
2 |
Author: Dominick Grift <dominick.grift <AT> gmail <DOT> com> |
3 |
AuthorDate: Wed Oct 31 09:29:15 2012 +0000 |
4 |
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
5 |
CommitDate: Wed Oct 31 18:04:30 2012 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=0796015d |
7 |
|
8 |
Changes to the w3c policy module |
9 |
|
10 |
Add missing network rules |
11 |
|
12 |
Signed-off-by: Dominick Grift <dominick.grift <AT> gmail.com> |
13 |
|
14 |
--- |
15 |
policy/modules/contrib/w3c.if | 2 +- |
16 |
policy/modules/contrib/w3c.te | 12 +++++++++++- |
17 |
2 files changed, 12 insertions(+), 2 deletions(-) |
18 |
|
19 |
diff --git a/policy/modules/contrib/w3c.if b/policy/modules/contrib/w3c.if |
20 |
index 8f678a9..6a4204b 100644 |
21 |
--- a/policy/modules/contrib/w3c.if |
22 |
+++ b/policy/modules/contrib/w3c.if |
23 |
@@ -1 +1 @@ |
24 |
-## <summary>W3C Markup Validator</summary> |
25 |
+## <summary>W3C Markup Validator.</summary> |
26 |
|
27 |
diff --git a/policy/modules/contrib/w3c.te b/policy/modules/contrib/w3c.te |
28 |
index 1174ad8..bcb76b6 100644 |
29 |
--- a/policy/modules/contrib/w3c.te |
30 |
+++ b/policy/modules/contrib/w3c.te |
31 |
@@ -1,4 +1,4 @@ |
32 |
-policy_module(w3c, 1.0.0) |
33 |
+policy_module(w3c, 1.0.1) |
34 |
|
35 |
######################################## |
36 |
# |
37 |
@@ -12,10 +12,20 @@ apache_content_template(w3c_validator) |
38 |
# Local policy |
39 |
# |
40 |
|
41 |
+corenet_all_recvfrom_unlabeled(httpd_w3c_validator_script_t) |
42 |
+corenet_all_recvfrom_netlabel(httpd_w3c_validator_script_t) |
43 |
+corenet_tcp_sendrecv_generic_if(httpd_w3c_validator_script_t) |
44 |
+corenet_tcp_sendrecv_generic_node(httpd_w3c_validator_script_t) |
45 |
+ |
46 |
+corenet_sendrecv_ftp_client_packets(httpd_w3c_validator_script_t) |
47 |
corenet_tcp_connect_ftp_port(httpd_w3c_validator_script_t) |
48 |
corenet_tcp_sendrecv_ftp_port(httpd_w3c_validator_script_t) |
49 |
+ |
50 |
+corenet_sendrecv_http_client_packets(httpd_w3c_validator_script_t) |
51 |
corenet_tcp_connect_http_port(httpd_w3c_validator_script_t) |
52 |
corenet_tcp_sendrecv_http_port(httpd_w3c_validator_script_t) |
53 |
+ |
54 |
+corenet_sendrecv_http_cache_client_packets(httpd_w3c_validator_script_t) |
55 |
corenet_tcp_connect_http_cache_port(httpd_w3c_validator_script_t) |
56 |
corenet_tcp_sendrecv_http_cache_port(httpd_w3c_validator_script_t) |