* pppd Patch for PPTPClient
@ 2005-01-11 16:40 Alex Ackerman
2005-04-22 2:02 ` Russell Coker
0 siblings, 1 reply; 2+ messages in thread
From: Alex Ackerman @ 2005-01-11 16:40 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 537 bytes --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is a patch to enable PPTPClient to run, create PPTP tunnels and
connect to the remote VPN networks.
I am running Fedora Core Rawhide with selinux-policy-strict-1.19.17-2
installed.
Comments?
Alex Ackerman
http://www.darkhonor.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFB5AGAPhyWKHn+SnQRAm2VAJ4heVs9nsY0Ppbv6rFB4BrJkPkZoACghZ98
jGjWZMKNn4Zrz1DKtEOuYzk=
=2UcX
-----END PGP SIGNATURE-----
[-- Attachment #2: pppd.patch --]
[-- Type: text/x-patch, Size: 518 bytes --]
--- nsa/pppd.te 2005-01-11 11:35:28.933974056 -0500
+++ pptp/pppd.te 2005-01-11 11:30:52.627978952 -0500
@@ -97,3 +97,10 @@
file_type_auto_trans(pppd_t, etc_t, net_conf_t, file)
tmp_domain(pppd)
+
+# Added for pptpclient
+allow pppd_t initrc_var_run_t:file { lock read write };
+allow pppd_t self:rawip_socket { connect create read write };
+allow pppd_t self:tcp_socket connect;
+allow pppd_t self:unix_stream_socket { accept connectto listen };
+allow pppd_t var_run_t:sock_file { create setattr unlink write };
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: pppd Patch for PPTPClient
2005-01-11 16:40 pppd Patch for PPTPClient Alex Ackerman
@ 2005-04-22 2:02 ` Russell Coker
0 siblings, 0 replies; 2+ messages in thread
From: Russell Coker @ 2005-04-22 2:02 UTC (permalink / raw)
To: Alex Ackerman; +Cc: selinux
On Wednesday 12 January 2005 03:40, Alex Ackerman <alex@darkhonor.com> wrote:
> Comments?
+allow pppd_t self:unix_stream_socket { accept connectto listen };
Better to change the previous line to create_stream_socket_perms.
+allow pppd_t var_run_t:sock_file { create setattr unlink write };
Need a better type for this, var_run_t:sock_file should not exist in strict
policy.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-04-22 2:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-01-11 16:40 pppd Patch for PPTPClient Alex Ackerman
2005-04-22 2:02 ` Russell Coker
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.