[COMMIT]refpolicy branch, master, updated. contrib-8-ga108d9d

Reference Policy commits mail list refpolicy-commits at oss.tresys.com
Wed Sep 14 11:56:03 CDT 2011 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "refpolicy".

The branch, master has been updated
       via  a108d9db60747a887f626b99cce37738462dd3cd (commit)
      from  eb6591ff84c0be2471abd33280af418677a23c71 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a108d9db60747a887f626b99cce37738462dd3cd
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Sep 14 12:17:22 2011 -0400

    Enhance corenetwork network_port() macro to support ports that do not have a well defined port number, such as stunnel.

-----------------------------------------------------------------------

Summary of changes:
 Changelog                               |    2 ++
 policy/modules/contrib                  |    2 +-
 policy/modules/kernel/corenetwork.te.in |   12 ++++++------
 policy/modules/kernel/corenetwork.te.m4 |    2 +-
 4 files changed, 10 insertions(+), 8 deletions(-)

Detailed diffset:
:100644 100644 2d6eff0... 338191c... M	Changelog
:160000 160000 260b883... e6f073a... M	policy/modules/contrib
:100644 100644 d36527d... 1ece1a9... M	policy/modules/kernel/corenetwork.te.in
:100644 100644 49f27ca... 7bf25ed... M	policy/modules/kernel/corenetwork.te.m4

diff --git a/Changelog b/Changelog
index 2d6eff0..338191c 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,5 @@
+- Enhance corenetwork network_port() macro to support ports that do not have
+  a well defined port number, such as stunnel.
 - Opendkim support in dkim module from Paul Howarth.
 - Wireshark updates from Sven Vermeulen.
 - Change secure_mode_insmod to control sys_module capability rather than
diff --git a/policy/modules/contrib b/policy/modules/contrib
index 260b883..e6f073a 160000
--- a/policy/modules/contrib
+++ b/policy/modules/contrib
@@ -1 +1 @@
-Subproject commit 260b88365e2958ffc33a1c33f3dcf8da4c567db3
+Subproject commit e6f073a7740ab4a4f322ed984f972282c401916e
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index d36527d..1ece1a9 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,4 +1,4 @@
-policy_module(corenetwork, 1.16.1)
+policy_module(corenetwork, 1.16.2)
 
 ########################################
 #
@@ -90,7 +90,7 @@ network_port(audit, tcp,60,s0)
 network_port(auth, tcp,113,s0)
 network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0)
 network_port(boinc, tcp,31416,s0)
-type biff_port_t, port_type, reserved_port_type; dnl network_port(biff) # no defined portcon in current strict
+network_port(biff) # no defined portcon
 network_port(certmaster, tcp,51235,s0)
 network_port(chronyd, udp,323,s0)
 network_port(clamd, tcp,3310,s0)
@@ -147,7 +147,7 @@ network_port(ktalkd, udp,517,s0, udp,518,s0)
 network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
 network_port(lirc, tcp,8765,s0)
 network_port(lmtp, tcp,24,s0, udp,24,s0)
-type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
+network_port(lrrd) # no defined portcon
 network_port(mail, tcp,2000,s0, tcp,3905,s0)
 network_port(memcache, tcp,11211,s0, udp,11211,s0)
 network_port(mmcc, tcp,5050,s0, udp,5050,s0)
@@ -203,13 +203,13 @@ network_port(sixxsconfig, tcp,3874,s0, udp,3874,s0)
 network_port(smbd, tcp,137-139,s0, tcp,445,s0)
 network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
 network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0, tcp, 1161, s0)
-type socks_port_t, port_type; dnl network_port(socks) # no defined portcon
+network_port(socks) # no defined portcon
 network_port(soundd, tcp,8000,s0, tcp,9433,s0, tcp, 16001, s0)
 network_port(spamd, tcp,783,s0)
 network_port(speech, tcp,8036,s0)
 network_port(squid, udp,3401,s0, tcp,3401,s0, udp,4827,s0, tcp,4827,s0) # snmp and htcp
 network_port(ssh, tcp,22,s0)
-type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict
+network_port(stunnel) # no defined portcon
 network_port(swat, tcp,901,s0)
 network_port(syslogd, udp,514,s0)
 network_port(tcs, tcp, 30003, s0)
@@ -219,7 +219,7 @@ network_port(tor, tcp, 6969, s0, tcp,9001,s0, tcp,9030,s0, tcp,9050,s0, tcp,9051
 network_port(traceroute, udp,64000-64010,s0)
 network_port(transproxy, tcp,8081,s0)
 network_port(ups, tcp,3493,s0)
-type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
+network_port(utcpserver) # no defined portcon
 network_port(uucpd, tcp,540,s0)
 network_port(varnishd, tcp,6081-6082,s0)
 network_port(virt, tcp,16509,s0, udp,16509,s0, tcp,16514,s0, udp,16514,s0)
diff --git a/policy/modules/kernel/corenetwork.te.m4 b/policy/modules/kernel/corenetwork.te.m4
index 49f27ca..7bf25ed 100644
--- a/policy/modules/kernel/corenetwork.te.m4
+++ b/policy/modules/kernel/corenetwork.te.m4
@@ -93,7 +93,7 @@ define(`network_port',`
 type $1_port_t, port_type, defined_port_type;
 type $1_client_packet_t, packet_type, client_packet_type;
 type $1_server_packet_t, packet_type, server_packet_type;
-declare_ports($1_port_t,shift($*))dnl
+ifelse(`$2',`',`',`declare_ports($1_port_t,shift($*))')dnl
 ')
 
 #


hooks/post-receive
--
refpolicy

More information about the Refpolicy-commits mailing list