[refpolicy] [PATCH] Label port 5546 as dhcpc_port_t and allow dhcpc

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] [PATCH] Label port 5546 as dhcpc_port_t and allow dhcpc_t to bind to TCP for client control
@ 2012-10-15 20:55 Mika Pflüger
  2012-10-19 13:20 ` Christopher J. PeBenito
  0 siblings, 1 reply; 2+ messages in thread
From: Mika Pflüger @ 2012-10-15 20:55 UTC (permalink / raw)
  To: refpolicy

From: Russell Coker <russell@coker.com.au>

Client control is used by the wide dhcp6 client, which can be controlled
via dhcp6ctl. This works by communicating over port 5546.
---
 policy/modules/kernel/corenetwork.te.in |    2 +-
 policy/modules/system/sysnetwork.te     |    1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index c054304..fbdcbce 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -115,7 +115,7 @@ network_port(daap, tcp,3689,s0, udp,3689,s0)
 network_port(dbskkd, tcp,1178,s0)
 network_port(dcc, udp,6276,s0, udp,6277,s0)
 network_port(dccm, tcp,5679,s0, udp,5679,s0)
-network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0)
+network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0, udp,5546,s0, tcp,5546,s0)
 network_port(dhcpd, udp,67,s0, udp,547,s0, tcp, 547,s0, udp,548,s0, tcp, 548,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0, tcp,7911,s0)
 network_port(dict, tcp,2628,s0)
 network_port(distccd, tcp,3632,s0)
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index 8f9d08d..4e255b4 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -103,6 +103,7 @@ corenet_tcp_sendrecv_all_ports(dhcpc_t)
 corenet_udp_sendrecv_all_ports(dhcpc_t)
 corenet_tcp_bind_all_nodes(dhcpc_t)
 corenet_udp_bind_all_nodes(dhcpc_t)
+corenet_tcp_bind_dhcpc_port(dhcpc_t)
 corenet_udp_bind_dhcpc_port(dhcpc_t)
 corenet_tcp_connect_all_ports(dhcpc_t)
 corenet_sendrecv_dhcpd_client_packets(dhcpc_t)
-- 
1.7.10.4

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [refpolicy] [PATCH] Label port 5546 as dhcpc_port_t and allow dhcpc_t to bind to TCP for client control
  2012-10-15 20:55 [refpolicy] [PATCH] Label port 5546 as dhcpc_port_t and allow dhcpc_t to bind to TCP for client control Mika Pflüger
@ 2012-10-19 13:20 ` Christopher J. PeBenito
  0 siblings, 0 replies; 2+ messages in thread
From: Christopher J. PeBenito @ 2012-10-19 13:20 UTC (permalink / raw)
  To: refpolicy

On 10/15/12 16:55, Mika Pfl?ger wrote:
> From: Russell Coker <russell@coker.com.au>
> 
> Client control is used by the wide dhcp6 client, which can be controlled
> via dhcp6ctl. This works by communicating over port 5546.
> ---
>  policy/modules/kernel/corenetwork.te.in |    2 +-
>  policy/modules/system/sysnetwork.te     |    1 +
>  2 files changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
> index c054304..fbdcbce 100644
> --- a/policy/modules/kernel/corenetwork.te.in
> +++ b/policy/modules/kernel/corenetwork.te.in
> @@ -115,7 +115,7 @@ network_port(daap, tcp,3689,s0, udp,3689,s0)
>  network_port(dbskkd, tcp,1178,s0)
>  network_port(dcc, udp,6276,s0, udp,6277,s0)
>  network_port(dccm, tcp,5679,s0, udp,5679,s0)
> -network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0)
> +network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0, udp,5546,s0, tcp,5546,s0)
>  network_port(dhcpd, udp,67,s0, udp,547,s0, tcp, 547,s0, udp,548,s0, tcp, 548,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0, tcp,7911,s0)
>  network_port(dict, tcp,2628,s0)
>  network_port(distccd, tcp,3632,s0)
> diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
> index 8f9d08d..4e255b4 100644
> --- a/policy/modules/system/sysnetwork.te
> +++ b/policy/modules/system/sysnetwork.te
> @@ -103,6 +103,7 @@ corenet_tcp_sendrecv_all_ports(dhcpc_t)
>  corenet_udp_sendrecv_all_ports(dhcpc_t)
>  corenet_tcp_bind_all_nodes(dhcpc_t)
>  corenet_udp_bind_all_nodes(dhcpc_t)
> +corenet_tcp_bind_dhcpc_port(dhcpc_t)
>  corenet_udp_bind_dhcpc_port(dhcpc_t)
>  corenet_tcp_connect_all_ports(dhcpc_t)
>  corenet_sendrecv_dhcpd_client_packets(dhcpc_t)
 
Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2012-10-19 13:20 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-10-15 20:55 [refpolicy] [PATCH] Label port 5546 as dhcpc_port_t and allow dhcpc_t to bind to TCP for client control Mika Pflüger
2012-10-19 13:20 ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.