From: petre rodan <kaiowas@gentoo.org>
To: selinux@tycho.nsa.gov
Subject: gentoo policy for stunnel
Date: Mon, 15 Nov 2004 18:09:46 +0200 [thread overview]
Message-ID: <4198D4CA.3020708@gentoo.org> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 499 bytes --]
Hi,
attached you'll find the policy we use for stunnel [1]
[1] http://www.stunnel.org
Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no
changes to the daemon's code.
bye,
peter
--
petre rodan
<kaiowas@gentoo.org>
Developer,
Hardened Gentoo Linux
[-- Attachment #1.2: stunnel.fc --]
[-- Type: text/plain, Size: 175 bytes --]
/usr/sbin/stunnel -- system_u:object_r:stunnel_exec_t
/etc/stunnel(/.*)? system_u:object_r:stunnel_etc_t
/var/run/stunnel(/.*)? system_u:object_r:stunnel_var_run_t
[-- Attachment #1.3: stunnel.te --]
[-- Type: text/plain, Size: 565 bytes --]
# DESC: selinux policy for stunnel
#
# Author: petre rodan <kaiowas@gentoo.org>
#
type stunnel_port_t, port_type;
daemon_domain(stunnel, `, privlog')
can_network(stunnel_t)
type stunnel_etc_t, file_type, sysadmfile;
allow stunnel_t self:capability { setgid setuid sys_chroot };
allow stunnel_t self:fifo_file { read write };
allow stunnel_t self:tcp_socket { read write };
allow stunnel_t self:unix_stream_socket { connect create };
allow stunnel_t stunnel_port_t:tcp_socket { name_bind };
r_dir_file(stunnel_t, stunnel_etc_t)
r_dir_file(stunnel_t, etc_t)
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]
next reply other threads:[~2004-11-15 15:52 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-15 16:09 petre rodan [this message]
2004-11-16 8:28 ` gentoo policy for stunnel Thomas Bleher
2004-11-16 9:34 ` petre rodan
2004-11-18 20:05 ` James Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4198D4CA.3020708@gentoo.org \
--to=kaiowas@gentoo.org \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.