djbdns patch

All of lore.kernel.org
 help / color / mirror / Atom feed

* djbdns patch
@ 2007-03-23 20:00 Daniel J Walsh
  2007-04-10 12:46 ` Christopher J. PeBenito
  0 siblings, 1 reply; 3+ messages in thread
From: Daniel J Walsh @ 2007-03-23 20:00 UTC (permalink / raw)
  To: Christopher J. PeBenito, SE Linux

[-- Attachment #1: Type: text/plain, Size: 42 bytes --]

Make     ucspitcp_service_domain optional

[-- Attachment #2: djbdns.patch --]
[-- Type: text/x-patch, Size: 434 bytes --]

--- nsaserefpolicy/policy/modules/services/djbdns.te	2007-01-02 12:57:43.000000000 -0500
+++ serefpolicy-2.5.10/policy/modules/services/djbdns.te	2007-03-22 15:06:59.000000000 -0400
@@ -44,4 +44,7 @@
 libs_use_ld_so(djbdns_axfrdns_t)
 libs_use_shared_libs(djbdns_axfrdns_t)
 
-ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
+optional_policy(`
+	ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
+')
+

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: djbdns patch
  2007-03-23 20:00 djbdns patch Daniel J Walsh
@ 2007-04-10 12:46 ` Christopher J. PeBenito
  2007-04-10 13:45   ` Petre Rodan
  0 siblings, 1 reply; 3+ messages in thread
From: Christopher J. PeBenito @ 2007-04-10 12:46 UTC (permalink / raw)
  To: Daniel J Walsh, kaiowas; +Cc: SE Linux

On Fri, 2007-03-23 at 16:00 -0400, Daniel J Walsh wrote:
> Make     ucspitcp_service_domain optional

Perhaps this should be made an init_daemon_domain() too?

> 
> 
> 
> 
> 
> differences
> between files
> attachment
> (djbdns.patch),
> "djbdns.patch"
> 
> --- nsaserefpolicy/policy/modules/services/djbdns.te    2007-01-02 12:57:43.000000000 -0500
> +++ serefpolicy-2.5.10/policy/modules/services/djbdns.te        2007-03-22 15:06:59.000000000 -0400
> @@ -44,4 +44,7 @@
>  libs_use_ld_so(djbdns_axfrdns_t)
>  libs_use_shared_libs(djbdns_axfrdns_t)
>  
> -ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
> +optional_policy(`
> +       ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
> +')
> +
> 
-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: djbdns patch
  2007-04-10 12:46 ` Christopher J. PeBenito
@ 2007-04-10 13:45   ` Petre Rodan
  0 siblings, 0 replies; 3+ messages in thread
From: Petre Rodan @ 2007-04-10 13:45 UTC (permalink / raw)
  To: Christopher J. PeBenito; +Cc: Daniel J Walsh, SE Linux

[-- Attachment #1: Type: text/plain, Size: 1536 bytes --]


Hi,

On Tue, Apr 10, 2007 at 08:46:39AM -0400, Christopher J. PeBenito wrote:
> On Fri, 2007-03-23 at 16:00 -0400, Daniel J Walsh wrote:
> > Make     ucspitcp_service_domain optional
> 
> Perhaps this should be made an init_daemon_domain() too?

axfrdns runs under tcpserver [1], it is not a stand-alone daemon, so I see no reason why it should be an init_daemon_domain().

also I wonder what use would it be to have the djbdns module loaded without also loading the ucspitcp one.

[1] http://cr.yp.to/djbdns/axfrdns.html

"Normally axfrdns runs under tcpserver to handle TCP connections on port 53 of a local IP address. tcpserver is responsible for rejecting connections from hosts not authorized to perform zone transfers. axfrdns can also run under secure connection tools offering an UCSPI-compliant interface."

> > differences
> > between files
> > attachment
> > (djbdns.patch),
> > "djbdns.patch"
> > 
> > --- nsaserefpolicy/policy/modules/services/djbdns.te    2007-01-02 12:57:43.000000000 -0500
> > +++ serefpolicy-2.5.10/policy/modules/services/djbdns.te        2007-03-22 15:06:59.000000000 -0400
> > @@ -44,4 +44,7 @@
> >  libs_use_ld_so(djbdns_axfrdns_t)
> >  libs_use_shared_libs(djbdns_axfrdns_t)
> >  
> > -ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
> > +optional_policy(`
> > +       ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t)
> > +')
> > +

cheers,
peter

-- 
petre rodan
<kaiowas@gentoo.org>
Developer,
Hardened Gentoo Linux 

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2007-04-10 13:47 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-03-23 20:00 djbdns patch Daniel J Walsh
2007-04-10 12:46 ` Christopher J. PeBenito
2007-04-10 13:45   ` Petre Rodan

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.