* Samba guys reviewed samba policy and fixed some of the ports used by samba @ 2007-03-23 19:15 Daniel J Walsh 2007-03-28 18:17 ` Christopher J. PeBenito 0 siblings, 1 reply; 4+ messages in thread From: Daniel J Walsh @ 2007-03-23 19:15 UTC (permalink / raw) To: Christopher J. PeBenito, SE Linux [-- Attachment #1: Type: text/plain, Size: 32 bytes --] Also added new ports for squid. [-- Attachment #2: corenet_port_type.patch --] [-- Type: text/x-patch, Size: 1361 bytes --] --- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in 2007-02-19 11:32:51.000000000 -0500 +++ serefpolicy-2.5.10/policy/modules/kernel/corenetwork.if.in 2007-03-22 15:06:58.000000000 -0400 @@ -1977,3 +1977,57 @@ typeattribute $1 corenet_unconfined_type; ') + +######################################## +## <summary> +## Define type to be a network port type +## </summary> +## <param name="domain"> +## <summary> +## Type to be used for network ports. +## </summary> +## </param> +# +interface(`corenet_port_type',` + gen_require(` + attribute port_type; + ') + + typeattribute $1 port_type; +') + +######################################## +## <summary> +## Define network type to be a reserved port (lt 1024) +## </summary> +## <param name="domain"> +## <summary> +## Type to be used for network ports. +## </summary> +## </param> +# +interface(`corenet_reserved_port_type',` + gen_require(` + attribute reserved_port_type; + ') + + typeattribute $1 reserved_port_type; +') + +######################################## +## <summary> +## Define network type to be a rpc port ( 512 lt PORT lt 1024) +## </summary> +## <param name="domain"> +## <summary> +## Type to be used for network ports. +## </summary> +## </param> +# +interface(`corenet_rpc_port_type',` + gen_require(` + attribute rpc_port_type; + ') + + typeattribute $1 rpc_port_type; +') ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Samba guys reviewed samba policy and fixed some of the ports used by samba 2007-03-23 19:15 Samba guys reviewed samba policy and fixed some of the ports used by samba Daniel J Walsh @ 2007-03-28 18:17 ` Christopher J. PeBenito 2007-03-28 18:32 ` Daniel J Walsh 0 siblings, 1 reply; 4+ messages in thread From: Christopher J. PeBenito @ 2007-03-28 18:17 UTC (permalink / raw) To: Daniel J Walsh; +Cc: SE Linux On Fri, 2007-03-23 at 15:15 -0400, Daniel J Walsh wrote: > Also added new ports for squid. Looks like the wrong patch. > > > > > > > differences > between files > attachment > (corenet_port_type.patch), "corenet_port_type.patch" > > --- > nsaserefpolicy/policy/modules/kernel/corenetwork.if.in 2007-02-19 > 11:32:51.000000000 -0500 > +++ > serefpolicy-2.5.10/policy/modules/kernel/corenetwork.if.in 2007-03-22 > 15:06:58.000000000 -0400 > @@ -1977,3 +1977,57 @@ > > typeattribute $1 corenet_unconfined_type; > ') > + > +######################################## > +## <summary> > +## Define type to be a network port type > +## </summary> > +## <param name="domain"> > +## <summary> > +## Type to be used for network ports. > +## </summary> > +## </param> > +# > +interface(`corenet_port_type',` > + gen_require(` > + attribute port_type; > + ') > + > + typeattribute $1 port_type; > +') > + > +######################################## > +## <summary> > +## Define network type to be a reserved port (lt 1024) > +## </summary> > +## <param name="domain"> > +## <summary> > +## Type to be used for network ports. > +## </summary> > +## </param> > +# > +interface(`corenet_reserved_port_type',` > + gen_require(` > + attribute reserved_port_type; > + ') > + > + typeattribute $1 reserved_port_type; > +') > + > +######################################## > +## <summary> > +## Define network type to be a rpc port ( 512 lt PORT lt 1024) > +## </summary> > +## <param name="domain"> > +## <summary> > +## Type to be used for network ports. > +## </summary> > +## </param> > +# > +interface(`corenet_rpc_port_type',` > + gen_require(` > + attribute rpc_port_type; > + ') > + > + typeattribute $1 rpc_port_type; > +') > -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Samba guys reviewed samba policy and fixed some of the ports used by samba 2007-03-28 18:17 ` Christopher J. PeBenito @ 2007-03-28 18:32 ` Daniel J Walsh 2007-04-11 17:51 ` Christopher J. PeBenito 0 siblings, 1 reply; 4+ messages in thread From: Daniel J Walsh @ 2007-03-28 18:32 UTC (permalink / raw) To: Christopher J. PeBenito; +Cc: SE Linux [-- Attachment #1: Type: text/plain, Size: 198 bytes --] Christopher J. PeBenito wrote: > On Fri, 2007-03-23 at 15:15 -0400, Daniel J Walsh wrote: > >> Also added new ports for squid. >> > > Looks like the wrong patch. > > Sorry try this one. [-- Attachment #2: corenetwork.te.in.patch --] [-- Type: text/x-patch, Size: 1831 bytes --] --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-02-19 11:32:51.000000000 -0500 +++ serefpolicy-2.5.11/policy/modules/kernel/corenetwork.te.in 2007-03-27 15:45:12.000000000 -0400 @@ -100,7 +105,7 @@ network_port(kerberos_master, tcp,4444,s0, udp,4444,s0) network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0) network_port(ktalkd, udp,517,s0, udp,518,s0) -network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0) +network_port(ldap, tcp,3268,s0, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0) type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon network_port(lmtp, tcp,24,s0, udp,24,s0) network_port(mail, tcp,2000,s0) @@ -108,7 +113,7 @@ network_port(mysqld, tcp,3306,s0) network_port(nessus, tcp,1241,s0) network_port(netsupport, tcp,5405,s0, udp,5405,s0) -network_port(nmbd, udp,137,s0, udp,138,s0, udp,139,s0) +network_port(nmbd, udp,137,s0, udp,138,s0) network_port(ntp, udp,123,s0) network_port(ocsp, tcp,9080,s0) network_port(openvpn, tcp,1194,s0, udp,1194,s0) @@ -132,7 +137,7 @@ network_port(router, udp,520,s0) network_port(rsh, tcp,514,s0) network_port(rsync, tcp,873,s0, udp,873,s0) -network_port(smbd, tcp,137-139,s0, tcp,445,s0) +network_port(smbd, tcp,139,s0, tcp,445,s0) network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0) network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0) network_port(spamd, tcp,783,s0) @@ -140,6 +145,7 @@ network_port(soundd, tcp,8000,s0, tcp,9433,s0) type socks_port_t, port_type; dnl network_port(socks) # no defined portcon type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict +network_port(squid, udp,3401,s0, tcp,3401,s0, udp,4827,s0, tcp,4827,s0, ) network_port(swat, tcp,901,s0) network_port(syslogd, udp,514,s0) network_port(telnetd, tcp,23,s0) ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Samba guys reviewed samba policy and fixed some of the ports used by samba 2007-03-28 18:32 ` Daniel J Walsh @ 2007-04-11 17:51 ` Christopher J. PeBenito 0 siblings, 0 replies; 4+ messages in thread From: Christopher J. PeBenito @ 2007-04-11 17:51 UTC (permalink / raw) To: Daniel J Walsh; +Cc: SE Linux On Wed, 2007-03-28 at 14:32 -0400, Daniel J Walsh wrote: > Christopher J. PeBenito wrote: > > On Fri, 2007-03-23 at 15:15 -0400, Daniel J Walsh wrote: > > > >> Also added new ports for squid. > >> > > > > Looks like the wrong patch. > > > > > Sorry try this one. Merged smbd and nmbd parts. > > > > > > > differences > between files > attachment > (corenetwork.te.in.patch) > > --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-02-19 11:32:51.000000000 -0500 > +++ serefpolicy-2.5.11/policy/modules/kernel/corenetwork.te.in 2007-03-27 15:45:12.000000000 -0400 > @@ -100,7 +105,7 @@ > network_port(kerberos_master, tcp,4444,s0, udp,4444,s0) > network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0) > network_port(ktalkd, udp,517,s0, udp,518,s0) > -network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0) > +network_port(ldap, tcp,3268,s0, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0) > type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon > network_port(lmtp, tcp,24,s0, udp,24,s0) > network_port(mail, tcp,2000,s0) > @@ -108,7 +113,7 @@ > network_port(mysqld, tcp,3306,s0) > network_port(nessus, tcp,1241,s0) > network_port(netsupport, tcp,5405,s0, udp,5405,s0) > -network_port(nmbd, udp,137,s0, udp,138,s0, udp,139,s0) > +network_port(nmbd, udp,137,s0, udp,138,s0) > network_port(ntp, udp,123,s0) > network_port(ocsp, tcp,9080,s0) > network_port(openvpn, tcp,1194,s0, udp,1194,s0) > @@ -132,7 +137,7 @@ > network_port(router, udp,520,s0) > network_port(rsh, tcp,514,s0) > network_port(rsync, tcp,873,s0, udp,873,s0) > -network_port(smbd, tcp,137-139,s0, tcp,445,s0) > +network_port(smbd, tcp,139,s0, tcp,445,s0) > network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0) > network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0) > network_port(spamd, tcp,783,s0) > @@ -140,6 +145,7 @@ > network_port(soundd, tcp,8000,s0, tcp,9433,s0) > type socks_port_t, port_type; dnl network_port(socks) # no defined portcon > type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict > +network_port(squid, udp,3401,s0, tcp,3401,s0, udp,4827,s0, tcp,4827,s0, ) > network_port(swat, tcp,901,s0) > network_port(syslogd, udp,514,s0) > network_port(telnetd, tcp,23,s0) > -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-04-11 17:51 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2007-03-23 19:15 Samba guys reviewed samba policy and fixed some of the ports used by samba Daniel J Walsh 2007-03-28 18:17 ` Christopher J. PeBenito 2007-03-28 18:32 ` Daniel J Walsh 2007-04-11 17:51 ` Christopher J. PeBenito
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.