[refpolicy] [PATCH 1/1] Make inetd_tcp_service

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] [PATCH 1/1] Make inetd_tcp_service_domain optional
@ 2011-11-15  9:49 Sven Vermeulen
  2012-02-08 20:37 ` Christopher J. PeBenito
  0 siblings, 1 reply; 2+ messages in thread
From: Sven Vermeulen @ 2011-11-15  9:49 UTC (permalink / raw)
  To: refpolicy

The uwimap application does not require inetd to be running or even available on
the system. Since inetd is not mandatory, it is not considered part of the base
policy, so its call should be optional.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 uwimap.te |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/uwimap.te b/uwimap.te
index 41fa663..5f5d61f 100644
--- a/uwimap.te
+++ b/uwimap.te
@@ -8,7 +8,6 @@ policy_module(uwimap, 1.8.0)
 type imapd_t;
 type imapd_exec_t;
 init_daemon_domain(imapd_t, imapd_exec_t)
-inetd_tcp_service_domain(imapd_t, imapd_exec_t)
 
 type imapd_tmp_t;
 files_tmp_file(imapd_tmp_t)
@@ -83,6 +82,10 @@ userdom_user_home_dir_filetrans_user_home_content(imapd_t, { dir file lnk_file f
 mta_rw_spool(imapd_t)
 
 optional_policy(`
+	inetd_tcp_service_domain(imapd_t, imapd_exec_t)
+')
+
+optional_policy(`
 	seutil_sigchld_newrole(imapd_t)
 ')
 
-- 
1.7.3.4

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [refpolicy] [PATCH 1/1] Make inetd_tcp_service_domain optional
  2011-11-15  9:49 [refpolicy] [PATCH 1/1] Make inetd_tcp_service_domain optional Sven Vermeulen
@ 2012-02-08 20:37 ` Christopher J. PeBenito
  0 siblings, 0 replies; 2+ messages in thread
From: Christopher J. PeBenito @ 2012-02-08 20:37 UTC (permalink / raw)
  To: refpolicy

On 11/15/11 04:49, Sven Vermeulen wrote:
> The uwimap application does not require inetd to be running or even available on
> the system. Since inetd is not mandatory, it is not considered part of the base
> policy, so its call should be optional.

Merged.

> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  uwimap.te |    5 ++++-
>  1 files changed, 4 insertions(+), 1 deletions(-)
> 
> diff --git a/uwimap.te b/uwimap.te
> index 41fa663..5f5d61f 100644
> --- a/uwimap.te
> +++ b/uwimap.te
> @@ -8,7 +8,6 @@ policy_module(uwimap, 1.8.0)
>  type imapd_t;
>  type imapd_exec_t;
>  init_daemon_domain(imapd_t, imapd_exec_t)
> -inetd_tcp_service_domain(imapd_t, imapd_exec_t)
>  
>  type imapd_tmp_t;
>  files_tmp_file(imapd_tmp_t)
> @@ -83,6 +82,10 @@ userdom_user_home_dir_filetrans_user_home_content(imapd_t, { dir file lnk_file f
>  mta_rw_spool(imapd_t)
>  
>  optional_policy(`
> +	inetd_tcp_service_domain(imapd_t, imapd_exec_t)
> +')
> +
> +optional_policy(`
>  	seutil_sigchld_newrole(imapd_t)
>  ')
>  


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2012-02-08 20:37 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-11-15  9:49 [refpolicy] [PATCH 1/1] Make inetd_tcp_service_domain optional Sven Vermeulen
2012-02-08 20:37 ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.