From: Russell Coker <russell@coker.com.au>
To: SELinux <SELinux@tycho.nsa.gov>
Subject: policy patch
Date: Wed, 13 Oct 2004 15:55:15 +1000 [thread overview]
Message-ID: <200410131555.15726.russell@coker.com.au> (raw)
[-- Attachment #1: Type: text/plain, Size: 1477 bytes --]
Allow checkpolicy to access /dev/tty.
Change var_lib_rpm_t to rpm_var_lib_t.
Allow load_policy to access /dev/tty.
Removed a dontaudit from login.te that was only needed if you had both a buggy
init and booted in permissive mode.
Allow setfiles to access /dev/tty, create unix datagram sockets, and read
locale data.
syslogd should not be running before /dev is labelled so it has no need to
access tmpfs_t.
Make useradd and groupadd run in the correct domain when run from firstboot to
give the files the right context.
Allow fsdaemon_t to access etc_runtime_t for /etc/smartd.conf.
Make kmodule run in kudzu_t (it's from the same code base).
Some minor improvements to mailman policy.
Fix a Red Hat Postfix problem and the postconf problem.
Removed some typealias rules that aren't needed any more.
tftpdir_t generally is not the root of a file system and should not have
attribute root_dir_type.
Added support for the new master socket support in ssh.
xdm_t should not even get access to most types that are labeled as
homedirfile, so changed the rule to use the attribute home_dir_type.
Fixed howl_t port assignments. Either howl code has changed recently or the
current policy was merged wrong.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
[-- Attachment #2: diff --]
[-- Type: text/x-diff, Size: 18484 bytes --]
diff -ru /usr/src/se/policy/domains/program/checkpolicy.te ./domains/program/checkpolicy.te
--- /usr/src/se/policy/domains/program/checkpolicy.te 2004-09-16 18:06:45.000000000 +1000
+++ ./domains/program/checkpolicy.te 2004-10-04 05:46:14.000000000 +1000
@@ -46,7 +46,7 @@
`allow checkpolicy_t sshd_devpts_t:dir r_dir_perms;')
# Other access
-allow checkpolicy_t { initrc_devpts_t admin_tty_type }:chr_file { read write ioctl getattr };
+allow checkpolicy_t { initrc_devpts_t admin_tty_type devtty_t }:chr_file { read write ioctl getattr };
uses_shlib(checkpolicy_t)
allow checkpolicy_t self:capability dac_override;
diff -ru /usr/src/se/policy/domains/program/initrc.te ./domains/program/initrc.te
--- /usr/src/se/policy/domains/program/initrc.te 2004-10-02 03:36:10.000000000 +1000
+++ ./domains/program/initrc.te 2004-10-11 03:45:20.000000000 +1000
@@ -216,8 +216,8 @@
ifdef(`rpm.te', `
# Access /var/lib/rpm.
-allow initrc_t var_lib_rpm_t:dir rw_dir_perms;
-allow initrc_t var_lib_rpm_t:file create_file_perms;
+allow initrc_t rpm_var_lib_t:dir rw_dir_perms;
+allow initrc_t rpm_var_lib_t:file create_file_perms;
')
')dnl end distro_redhat
diff -ru /usr/src/se/policy/domains/program/load_policy.te ./domains/program/load_policy.te
--- /usr/src/se/policy/domains/program/load_policy.te 2004-08-08 22:16:26.000000000 +1000
+++ ./domains/program/load_policy.te 2004-10-04 05:45:00.000000000 +1000
@@ -48,7 +48,7 @@
allow load_policy_t devpts_t:dir r_dir_perms;
# Other access
-allow load_policy_t { admin_tty_type initrc_devpts_t }:chr_file { read write ioctl getattr };
+allow load_policy_t { admin_tty_type initrc_devpts_t devtty_t }:chr_file { read write ioctl getattr };
uses_shlib(load_policy_t)
allow load_policy_t self:capability dac_override;
diff -ru /usr/src/se/policy/domains/program/login.te ./domains/program/login.te
--- /usr/src/se/policy/domains/program/login.te 2004-09-11 16:21:43.000000000 +1000
+++ ./domains/program/login.te 2004-09-07 22:37:55.000000000 +1000
@@ -130,7 +130,6 @@
can_ypbind($1_login_t)
allow $1_login_t mouse_device_t:chr_file { getattr setattr };
-dontaudit $1_login_t init_t:fd { use };
')dnl end login_domain macro
#################################
#
diff -ru /usr/src/se/policy/domains/program/setfiles.te ./domains/program/setfiles.te
--- /usr/src/se/policy/domains/program/setfiles.te 2004-09-03 14:10:30.000000000 +1000
+++ ./domains/program/setfiles.te 2004-10-04 06:11:39.000000000 +1000
@@ -19,7 +19,9 @@
role sysadm_r types setfiles_t;
allow setfiles_t initrc_devpts_t:chr_file { read write ioctl };
-allow setfiles_t { ttyfile ptyfile tty_device_t admin_tty_type }:chr_file { read write ioctl };
+allow setfiles_t { ttyfile ptyfile tty_device_t admin_tty_type devtty_t }:chr_file { read write ioctl };
+
+allow setfiles_t self:unix_dgram_socket create_socket_perms;
domain_auto_trans(sysadm_t, setfiles_exec_t, setfiles_t)
allow setfiles_t { userdomain privfd initrc_t init_t }:fd use;
@@ -46,6 +48,8 @@
allow setfiles_t fs_t:filesystem getattr;
allow setfiles_t fs_type:dir r_dir_perms;
+read_locale(setfiles_t)
+
allow setfiles_t etc_runtime_t:file read;
allow setfiles_t etc_t:file read;
allow setfiles_t proc_t:file { getattr read };
diff -ru /usr/src/se/policy/domains/program/sulogin.te ./domains/program/sulogin.te
--- /usr/src/se/policy/domains/program/sulogin.te 2004-10-02 03:36:11.000000000 +1000
+++ ./domains/program/sulogin.te 2004-10-11 04:37:17.000000000 +1000
@@ -38,6 +38,10 @@
allow sulogin_t sysadm_devpts_t:chr_file { getattr ioctl read write };
allow sulogin_t { staff_home_dir_t sysadm_home_dir_t }:dir { search };
+allow sulogin_t default_context_t:dir search;
allow sulogin_t default_context_t:file { getattr read };
r_dir_file(sulogin_t, selinux_config_t)
+
+# because file systems are not mounted
+dontaudit sulogin_t file_t:dir search;
diff -ru /usr/src/se/policy/domains/program/syslogd.te ./domains/program/syslogd.te
--- /usr/src/se/policy/domains/program/syslogd.te 2004-10-11 03:50:36.000000000 +1000
+++ ./domains/program/syslogd.te 2004-10-11 04:37:44.000000000 +1000
@@ -94,5 +94,4 @@
# /initrd is not umounted before minilog starts
#
dontaudit syslogd_t file_t:dir search;
-allow syslogd_t { tmpfs_t devpts_t }:dir { search };
-dontaudit syslogd_t unlabeled_t:file read;
+allow syslogd_t devpts_t:dir { search };
diff -ru /usr/src/se/policy/domains/program/unused/anaconda.te ./domains/program/unused/anaconda.te
--- /usr/src/se/policy/domains/program/unused/anaconda.te 2004-09-11 16:21:44.000000000 +1000
+++ ./domains/program/unused/anaconda.te 2004-10-11 03:44:38.000000000 +1000
@@ -187,8 +187,8 @@
ifdef(`distro_redhat', `
ifdef(`rpm.te', `
# Access /var/lib/rpm.
-allow anaconda_t var_lib_rpm_t:dir rw_dir_perms;
-allow anaconda_t var_lib_rpm_t:file create_file_perms;
+allow anaconda_t rpm_var_lib_t:dir rw_dir_perms;
+allow anaconda_t rpm_var_lib_t:file create_file_perms;
domain_auto_trans(anaconda_t, rpm_exec_t, rpm_t)
')
')
Only in ./domains/program/unused: bindgraph.te
diff -ru /usr/src/se/policy/domains/program/unused/bootloader.te ./domains/program/unused/bootloader.te
--- /usr/src/se/policy/domains/program/unused/bootloader.te 2004-10-11 03:50:36.000000000 +1000
+++ ./domains/program/unused/bootloader.te 2004-10-11 04:38:52.000000000 +1000
@@ -121,7 +121,7 @@
allow bootloader_t proc_t:dir { getattr search };
allow bootloader_t proc_t:file r_file_perms;
allow bootloader_t proc_t:lnk_file { getattr read };
-allow bootloader_t proc_mdstat_t:file r_file_perms;
+allow bootloader_t proc_mdstat_t:file { getattr read };
allow bootloader_t self:dir { getattr search read };
allow bootloader_t sysctl_kernel_t:dir search;
allow bootloader_t sysctl_kernel_t:file { getattr read };
diff -ru /usr/src/se/policy/domains/program/unused/firstboot.te ./domains/program/unused/firstboot.te
--- /usr/src/se/policy/domains/program/unused/firstboot.te 2004-09-24 06:31:21.000000000 +1000
+++ ./domains/program/unused/firstboot.te 2004-10-01 06:19:47.000000000 +1000
@@ -19,7 +19,6 @@
')
etc_domain(firstboot)
-typealias firstboot_etc_t alias etc_firstboot_t;
allow firstboot_t proc_t:file r_file_perms;
@@ -30,6 +29,8 @@
file_type_auto_trans(firstboot_t, etc_t, firstboot_rw_t, file)
can_exec_any(firstboot_t)
+domain_auto_trans(firstboot_t, useradd_exec_t, useradd_t)
+domain_auto_trans(firstboot_t, groupadd_exec_t, groupadd_t)
allow firstboot_t etc_runtime_t:file { getattr read };
r_dir_file(firstboot_t, etc_t)
diff -ru /usr/src/se/policy/domains/program/unused/fs_daemon.te ./domains/program/unused/fs_daemon.te
--- /usr/src/se/policy/domains/program/unused/fs_daemon.te 2004-02-03 02:17:22.000000000 +1100
+++ ./domains/program/unused/fs_daemon.te 2004-10-04 06:05:27.000000000 +1000
@@ -12,3 +12,4 @@
allow fsdaemon_t device_t:dir read;
allow fsdaemon_t fixed_disk_device_t:blk_file rw_file_perms;
allow fsdaemon_t self:capability { sys_rawio sys_admin };
+allow fsdaemon_t etc_runtime_t:file { getattr read };
diff -ru /usr/src/se/policy/domains/program/unused/i18n_input.te ./domains/program/unused/i18n_input.te
--- /usr/src/se/policy/domains/program/unused/i18n_input.te 2004-10-11 03:50:37.000000000 +1000
+++ ./domains/program/unused/i18n_input.te 2004-10-11 04:42:15.000000000 +1000
@@ -12,13 +12,6 @@
can_network(i18n_input_t)
can_ypbind(i18n_input_t)
-## No Unix Socket Connection at the moment
-##
-# can_unix_send( { i18n_input_t sysadm_t }, { i18n_input_t sysadm_t } )
-# allow i18n_input_t self:unix_dgram_socket create_socket_perms;
-# allow i18n_input_t self:unix_stream_socket create_stream_socket_perms;
-# can_unix_connect(i18n_input_t, self)
-
can_tcp_connect(userdomain, i18n_input_t)
allow i18n_input_t self:fifo_file rw_file_perms;
diff -ru /usr/src/se/policy/domains/program/unused/kudzu.te ./domains/program/unused/kudzu.te
--- /usr/src/se/policy/domains/program/unused/kudzu.te 2004-10-07 16:14:46.000000000 +1000
+++ ./domains/program/unused/kudzu.te 2004-10-04 05:54:24.000000000 +1000
@@ -15,8 +15,8 @@
allow kudzu_t etc_t:file { getattr read };
allow kudzu_t self:capability { dac_override sys_admin sys_rawio net_admin sys_tty_config };
allow kudzu_t modules_conf_t:file { getattr read };
-allow kudzu_t modules_object_t:dir { getattr search };
-allow kudzu_t modules_dep_t:file { getattr read };
+allow kudzu_t modules_object_t:dir r_dir_perms;
+allow kudzu_t { modules_object_t modules_dep_t }:file { getattr read };
allow kudzu_t mouse_device_t:chr_file { read write };
allow kudzu_t proc_t:file { getattr read };
allow kudzu_t { fixed_disk_device_t removable_device_t }:blk_file rw_file_perms;
diff -ru /usr/src/se/policy/domains/program/unused/mailman.te ./domains/program/unused/mailman.te
--- /usr/src/se/policy/domains/program/unused/mailman.te 2004-08-28 12:05:03.000000000 +1000
+++ ./domains/program/unused/mailman.te 2004-10-08 06:06:06.000000000 +1000
@@ -87,7 +87,10 @@
allow mta_delivery_agent mailman_data_t:dir search;
allow mta_delivery_agent mailman_data_t:lnk_file read;
-domain_auto_trans(mta_delivery_agent, mailman_mail_exec_t, mailman_mail_t)
+domain_auto_trans({ mta_delivery_agent initrc_t }, mailman_mail_exec_t, mailman_mail_t)
+ifdef(`direct_sysadm_daemon', `
+domain_auto_trans(sysadm_t, mailman_mail_exec_t, mailman_mail_t)
+')
allow mailman_mail_t self:unix_dgram_socket create_socket_perms;
system_crond_entry(mailman_queue_exec_t, mailman_queue_t)
diff -ru /usr/src/se/policy/domains/program/unused/mdadm.te ./domains/program/unused/mdadm.te
--- /usr/src/se/policy/domains/program/unused/mdadm.te 2004-09-11 16:21:44.000000000 +1000
+++ ./domains/program/unused/mdadm.te 2004-10-04 02:53:30.000000000 +1000
@@ -6,6 +6,8 @@
daemon_base_domain(mdadm, `, fs_domain')
role sysadm_r types mdadm_t;
+allow initrc_t mdadm_var_run_t:file create_file_perms;
+
# Kernel filesystem permissions
r_dir_file(mdadm_t, proc_t)
allow mdadm_t proc_mdstat_t:file rw_file_perms;
diff -ru /usr/src/se/policy/domains/program/unused/postfix.te ./domains/program/unused/postfix.te
--- /usr/src/se/policy/domains/program/unused/postfix.te 2004-10-02 03:36:11.000000000 +1000
+++ ./domains/program/unused/postfix.te 2004-10-11 15:36:41.000000000 +1000
@@ -94,7 +94,7 @@
dontaudit postfix_master_t selinux_config_t:dir search;
can_exec({ sysadm_mail_t system_mail_t }, postfix_master_exec_t)
ifdef(`distro_redhat', `
-file_type_auto_trans({ sysadm_mail_t system_mail_t }, postfix_etc_t, etc_aliases_t)
+file_type_auto_trans({ sysadm_mail_t system_mail_t postfix_master_t }, postfix_etc_t, etc_aliases_t)
', `
file_type_auto_trans({ sysadm_mail_t system_mail_t }, etc_t, etc_aliases_t)
')
@@ -103,7 +103,7 @@
ifdef(`pppd.te', `
domain_auto_trans(pppd_t, postfix_master_exec_t, postfix_master_t)
')
-can_exec(postfix_master_t, ls_exec_t)
+can_exec(postfix_master_t, { ls_exec_t sbin_t })
allow postfix_master_t sysctl_kernel_t:dir r_dir_perms;
allow postfix_master_t sysctl_kernel_t:file r_file_perms;
allow postfix_master_t self:fifo_file rw_file_perms;
diff -ru /usr/src/se/policy/domains/program/unused/procmail.te ./domains/program/unused/procmail.te
--- /usr/src/se/policy/domains/program/unused/procmail.te 2004-08-28 12:05:04.000000000 +1000
+++ ./domains/program/unused/procmail.te 2004-10-10 17:32:31.000000000 +1000
@@ -70,4 +70,7 @@
ifdef(`sendmail.te', `
r_dir_file(procmail_t, etc_mail_t)
+ifdef(`hide_broken_symptoms', `
+dontaudit procmail_t mqueue_spool_t:file { getattr read };
+')
')
diff -ru /usr/src/se/policy/domains/program/unused/radvd.te ./domains/program/unused/radvd.te
--- /usr/src/se/policy/domains/program/unused/radvd.te 2004-03-18 15:36:09.000000000 +1100
+++ ./domains/program/unused/radvd.te 2004-10-07 14:26:35.000000000 +1000
@@ -11,7 +11,7 @@
daemon_domain(radvd)
etc_domain(radvd)
-typealias radvd_etc_t alias etc_radvd_t;
+allow radvd_t etc_t:file { getattr read };
allow radvd_t self:{ rawip_socket unix_dgram_socket } rw_socket_perms;
diff -ru /usr/src/se/policy/domains/program/unused/rpm.te ./domains/program/unused/rpm.te
--- /usr/src/se/policy/domains/program/unused/rpm.te 2004-10-07 16:14:46.000000000 +1000
+++ ./domains/program/unused/rpm.te 2004-10-11 04:51:43.000000000 +1000
@@ -172,7 +172,7 @@
allow crond_t rpm_t:fifo_file r_file_perms;
')
-allow rpm_script_t proc_t:dir { search getattr read };
+allow rpm_script_t proc_t:dir r_dir_perms;
allow rpm_script_t proc_t:{ file lnk_file } r_file_perms;
allow rpm_script_t devtty_t:chr_file rw_file_perms;
diff -ru /usr/src/se/policy/domains/program/unused/squid.te ./domains/program/unused/squid.te
--- /usr/src/se/policy/domains/program/unused/squid.te 2004-09-16 18:06:56.000000000 +1000
+++ ./domains/program/unused/squid.te 2004-09-29 21:57:20.000000000 +1000
@@ -66,4 +66,6 @@
allow squid_t { bin_t sbin_t }:dir search;
dontaudit squid_t { home_root_t security_t devpts_t }:dir getattr;
+ifdef(`targeted_policy', `
dontaudit squid_t tty_device_t:chr_file { read write };
+')
diff -ru /usr/src/se/policy/domains/program/unused/tftpd.te ./domains/program/unused/tftpd.te
--- /usr/src/se/policy/domains/program/unused/tftpd.te 2004-10-11 03:50:38.000000000 +1000
+++ ./domains/program/unused/tftpd.te 2004-10-11 04:54:30.000000000 +1000
@@ -16,7 +16,7 @@
type tftp_port_t, port_type, reserved_port_type;
# tftpdir_t is the type of files in the /tftpboot directories.
-type tftpdir_t, file_type, root_dir_type, sysadmfile;
+type tftpdir_t, file_type, sysadmfile;
r_dir_file(tftpd_t, tftpdir_t)
domain_auto_trans(inetd_t, tftpd_exec_t, tftpd_t)
diff -ru /usr/src/se/policy/file_contexts/program/fs_daemon.fc ./file_contexts/program/fs_daemon.fc
--- /usr/src/se/policy/file_contexts/program/fs_daemon.fc 2004-02-03 02:17:23.000000000 +1100
+++ ./file_contexts/program/fs_daemon.fc 2004-10-04 06:04:44.000000000 +1000
@@ -1,3 +1,4 @@
# fs admin daemons
/usr/sbin/smartd -- system_u:object_r:fsdaemon_exec_t
/var/run/smartd.pid -- system_u:object_r:fsdaemon_var_run_t
+/etc/smartd.conf -- system_u:object_r:etc_runtime_t
diff -ru /usr/src/se/policy/file_contexts/program/kudzu.fc ./file_contexts/program/kudzu.fc
--- /usr/src/se/policy/file_contexts/program/kudzu.fc 2003-11-27 05:04:46.000000000 +1100
+++ ./file_contexts/program/kudzu.fc 2004-09-26 05:24:38.000000000 +1000
@@ -1,2 +1,3 @@
# kudzu
/usr/sbin/kudzu -- system_u:object_r:kudzu_exec_t
+/sbin/kmodule -- system_u:object_r:kudzu_exec_t
diff -ru /usr/src/se/policy/file_contexts/program/mailman.fc ./file_contexts/program/mailman.fc
--- /usr/src/se/policy/file_contexts/program/mailman.fc 2004-10-02 03:36:12.000000000 +1000
+++ ./file_contexts/program/mailman.fc 2004-10-12 17:32:59.000000000 +1000
@@ -14,10 +14,12 @@
')
ifdef(`distro_redhat', `
-/usr/lib/mailman/cgi-bin/.* -- system_u:object_r:mailman_cgi_exec_t
+/usr/lib/mailman/cgi-bin/.* -- system_u:object_r:mailman_cgi_exec_t
/var/mailman(/.*)? system_u:object_r:mailman_data_t
/var/mailman/locks(/.*)? system_u:object_r:mailman_lock_t
/var/mailman/archives(/.*)? system_u:object_r:mailman_archive_t
/usr/lib/mailman/scripts/mailman -- system_u:object_r:mailman_mail_exec_t
-/usr/lib/mailman/bin/qrunner -- system_u:object_r:mailman_queue_exec_t
+/usr/lib/mailman/bin/qrunner -- system_u:object_r:mailman_queue_exec_t
+/var/mailman/lists(/.*)? system_u:object_r:mailman_data_t
+/var/mailman/logs(/.*)? system_u:object_r:mailman_log_t
')
diff -ru /usr/src/se/policy/file_contexts/program/postfix.fc ./file_contexts/program/postfix.fc
--- /usr/src/se/policy/file_contexts/program/postfix.fc 2004-09-23 22:31:22.000000000 +1000
+++ ./file_contexts/program/postfix.fc 2004-10-11 15:35:56.000000000 +1000
@@ -18,7 +18,6 @@
/usr/lib(exec)?/postfix/pipe -- system_u:object_r:postfix_pipe_exec_t
/usr/sbin/postalias -- system_u:object_r:postfix_master_exec_t
/usr/sbin/postcat -- system_u:object_r:postfix_master_exec_t
-/usr/sbin/postconf -- system_u:object_r:postfix_master_exec_t
/usr/sbin/postdrop -- system_u:object_r:postfix_postdrop_exec_t
/usr/sbin/postfix -- system_u:object_r:postfix_master_exec_t
/usr/sbin/postkick -- system_u:object_r:postfix_master_exec_t
diff -ru /usr/src/se/policy/macros/global_macros.te ./macros/global_macros.te
--- /usr/src/se/policy/macros/global_macros.te 2004-10-07 16:14:50.000000000 +1000
+++ ./macros/global_macros.te 2004-09-29 01:13:57.000000000 +1000
@@ -373,7 +372,6 @@
# classes to use; default is file.
define(`var_run_domain', `
type $1_var_run_t, file_type, sysadmfile, pidfile;
-typealias $1_var_run_t alias var_run_$1_t;
ifelse(`$2', `', `
file_type_auto_trans($1_t, var_run_t, $1_var_run_t, file)
diff -ru /usr/src/se/policy/macros/program/ssh_macros.te ./macros/program/ssh_macros.te
--- /usr/src/se/policy/macros/program/ssh_macros.te 2004-10-11 03:50:41.000000000 +1000
+++ ./macros/program/ssh_macros.te 2004-09-30 07:08:07.000000000 +1000
@@ -104,6 +104,8 @@
# Access the users .ssh directory.
file_type_auto_trans({ sysadm_ssh_t $1_ssh_t }, $1_home_dir_t, $1_home_ssh_t, dir)
+file_type_auto_trans($1_ssh_t, $1_home_dir_t, $1_home_ssh_t, sock_file)
+allow $1_t $1_home_ssh_t:sock_file create_file_perms;
allow { sysadm_ssh_t $1_ssh_t } $1_home_ssh_t:file create_file_perms;
allow { sysadm_ssh_t $1_ssh_t } $1_home_ssh_t:lnk_file { getattr read };
dontaudit $1_ssh_t $1_home_t:dir { getattr search };
diff -ru /usr/src/se/policy/macros/program/xserver_macros.te ./macros/program/xserver_macros.te
--- /usr/src/se/policy/macros/program/xserver_macros.te 2004-10-11 03:50:41.000000000 +1000
+++ ./macros/program/xserver_macros.te 2004-10-11 14:34:17.000000000 +1000
@@ -64,7 +64,7 @@
allow xdm_xserver_t init_t:fd use;
-dontaudit xdm_xserver_t homedirfile:dir { read search };
+dontaudit xdm_xserver_t home_dir_type:dir { read search };
', `
# The user role is authorized for this domain.
role $1_r types $1_xserver_t;
diff -ru /usr/src/se/policy/net_contexts ./net_contexts
--- /usr/src/se/policy/net_contexts 2004-10-07 16:14:35.000000000 +1000
+++ ./net_contexts 2004-10-07 18:39:54.000000000 +1000
@@ -158,7 +158,10 @@
portcon tcp 5323 system_u:object_r:imaze_port_t
portcon udp 5323 system_u:object_r:imaze_port_t
')
-ifdef(`howl.te', `portcon tcp 5353 system_u:object_r:howl_port_t')
+ifdef(`howl.te', `
+portcon tcp 5335 system_u:object_r:howl_port_t
+portcon udp 5353 system_u:object_r:howl_port_t
+')
ifdef(`jabberd.te', `
portcon tcp 5222 system_u:object_r:jabber_client_port_t
portcon tcp 5223 system_u:object_r:jabber_client_port_t
next reply other threads:[~2004-10-13 5:55 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-13 5:55 Russell Coker [this message]
2004-10-13 20:17 ` policy patch James Carter
-- strict thread matches above, loose matches on Subject: below --
2005-08-18 7:31 Russell Coker
2005-01-12 18:46 [Fwd: New policy patch] Daniel J Walsh
2005-01-21 20:36 ` James Carter
2005-03-29 16:47 ` Policy Patch Daniel J Walsh
2005-04-01 20:28 ` James Carter
2004-11-25 13:27 policy patch Russell Coker
2004-11-25 16:32 ` Luke Kenneth Casson Leighton
2004-11-25 19:05 ` Russell Coker
2004-11-25 20:34 ` Luke Kenneth Casson Leighton
2004-11-29 19:23 ` James Carter
2004-11-29 21:47 ` Daniel J Walsh
2004-11-30 16:42 ` Daniel J Walsh
2004-08-24 8:18 Russell Coker
2004-08-24 12:23 ` Stephen Smalley
2004-08-24 16:54 ` Russell Coker
2004-08-27 20:58 ` James Carter
2004-08-28 13:46 ` Russell Coker
2004-08-30 20:24 ` James Carter
2004-07-12 14:12 Russell Coker
2004-07-12 19:46 ` Luke Kenneth Casson Leighton
2004-07-11 7:59 Russell Coker
2004-07-12 13:30 ` Stephen Smalley
2004-07-04 5:04 Russell Coker
2004-07-07 20:47 ` Stephen Smalley
2002-12-03 14:47 Stephen D. Smalley
2002-11-29 11:45 Russell Coker
2002-09-21 4:39 Russell Coker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200410131555.15726.russell@coker.com.au \
--to=russell@coker.com.au \
--cc=SELinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.