Index: policy/genfs_contexts =================================================================== RCS file: /cvsroot/selinux/nsa/selinux-usr/policy/genfs_contexts,v retrieving revision 1.16 diff -u -B -r1.16 genfs_contexts --- policy/genfs_contexts 8 Oct 2004 17:56:47 -0000 1.16 +++ policy/genfs_contexts 19 Nov 2004 13:31:04 -0000 @@ -36,6 +36,7 @@ genfscon proc /kcore system_u:object_r:proc_kcore_t genfscon proc /mdstat system_u:object_r:proc_mdstat_t genfscon proc /mtrr system_u:object_r:mtrr_device_t +genfscon proc /net system_u:object_r:proc_net_t genfscon proc /sysvipc system_u:object_r:proc_t genfscon proc /sys system_u:object_r:sysctl_t genfscon proc /sys/kernel system_u:object_r:sysctl_kernel_t Index: policy/domains/program/ifconfig.te =================================================================== RCS file: /cvsroot/selinux/nsa/selinux-usr/policy/domains/program/ifconfig.te,v retrieving revision 1.9 diff -u -B -r1.9 ifconfig.te --- policy/domains/program/ifconfig.te 10 Sep 2004 14:45:48 -0000 1.9 +++ policy/domains/program/ifconfig.te 19 Nov 2004 13:31:04 -0000 @@ -38,8 +38,8 @@ allow ifconfig_t { kernel_t init_t }:fd use; # Access /proc -allow ifconfig_t proc_t:dir r_dir_perms; -allow ifconfig_t proc_t:file r_file_perms; +allow ifconfig_t { proc_t proc_net_t }:dir r_dir_perms; +allow ifconfig_t { proc_t proc_net_t }:file r_file_perms; allow ifconfig_t privfd:fd use; allow ifconfig_t run_init_t:fd use; Index: policy/domains/program/unused/iptables.te =================================================================== RCS file: /cvsroot/selinux/nsa/selinux-usr/policy/domains/program/unused/iptables.te,v retrieving revision 1.13 diff -u -B -r1.13 iptables.te --- policy/domains/program/unused/iptables.te 8 Nov 2004 20:57:04 -0000 1.13 +++ policy/domains/program/unused/iptables.te 19 Nov 2004 13:31:04 -0000 @@ -54,6 +54,8 @@ ifdef(`gnome-pty-helper.te', `allow iptables_t sysadm_gph_t:fd use;') allow iptables_t proc_t:file { getattr read }; +allow iptables_t proc_net_t:dir { search }; +allow iptables_t proc_net_t:file { read getattr }; # system-config-network appends to /var/log allow iptables_t var_log_t:file append; Index: policy/domains/program/unused/rpcd.te =================================================================== RCS file: /cvsroot/selinux/nsa/selinux-usr/policy/domains/program/unused/rpcd.te,v retrieving revision 1.26 diff -u -B -r1.26 rpcd.te --- policy/domains/program/unused/rpcd.te 8 Nov 2004 20:57:04 -0000 1.26 +++ policy/domains/program/unused/rpcd.te 19 Nov 2004 13:31:04 -0000 @@ -71,6 +71,7 @@ # for /proc/fs/nfs/exports - should we have a new type? allow nfsd_t proc_t:file r_file_perms; +allow nfsd_t proc_net_t:dir search; allow nfsd_t exports_t:file { getattr read }; allow nfsd_t nfsd_fs_t:filesystem mount; Index: policy/macros/global_macros.te =================================================================== RCS file: /cvsroot/selinux/nsa/selinux-usr/policy/macros/global_macros.te,v retrieving revision 1.46 diff -u -B -r1.46 global_macros.te --- policy/macros/global_macros.te 17 Nov 2004 19:51:54 -0000 1.46 +++ policy/macros/global_macros.te 19 Nov 2004 13:31:05 -0000 @@ -214,6 +214,8 @@ # Read system information files in /proc. allow $1 proc_t:dir r_dir_perms; allow $1 proc_t:notdevfile_class_set r_file_perms; +allow $1 proc_net_t:dir r_dir_perms; +allow $1 proc_net_t:file r_file_perms; allow $1 proc_mdstat_t:file r_file_perms; # Stat /proc/kmsg and /proc/kcore. Index: policy/macros/program/vmware_macros.te =================================================================== RCS file: /cvsroot/selinux/nsa/selinux-usr/policy/macros/program/vmware_macros.te,v retrieving revision 1.3 diff -u -B -r1.3 vmware_macros.te --- policy/macros/program/vmware_macros.te 17 Nov 2004 19:51:55 -0000 1.3 +++ policy/macros/program/vmware_macros.te 19 Nov 2004 13:31:05 -0000 @@ -55,6 +55,8 @@ # Access /proc r_dir_file($1_vmware_t, proc_t) +allow $1_vmware_t proc_net_t:dir search; +allow $1_vmware_t proc_net_t:file { getattr read }; # Access to some files in the user home directory r_dir_file($1_vmware_t, $1_home_t) Index: policy/types/procfs.te =================================================================== RCS file: /cvsroot/selinux/nsa/selinux-usr/policy/types/procfs.te,v retrieving revision 1.7 diff -u -B -r1.7 procfs.te --- policy/types/procfs.te 22 Sep 2004 20:19:14 -0000 1.7 +++ policy/types/procfs.te 19 Nov 2004 13:31:05 -0000 @@ -17,6 +17,7 @@ type proc_kmsg_t, proc_fs; type proc_kcore_t, proc_fs; type proc_mdstat_t, proc_fs; +type proc_net_t, proc_fs; # # sysctl_t is the type of /proc/sys.