Changeset 191 for branch/RHEL5.1-networklockdown
- Timestamp:
- 04/28/08 12:19:08 (9 months ago)
- Files:
-
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/booleans.conf (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules.conf (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/admin/amanda.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/admin/apt.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/admin/dpkg.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/admin/firstboot.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/admin/netutils.te (modified) (3 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/admin/rpm.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/admin/vpn.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/apps/gpg.if (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/apps/webalizer.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/kernel/corenetwork.if (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/kernel/corenetwork.if.in (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/amavis.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/apache.if (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/apache.te (modified) (3 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/apcupsd.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/arpwatch.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/avahi.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/bind.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/bluetooth.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/canna.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/ccs.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/clamav.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/comsat.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/cron.if (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/cron.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/cups.te (modified) (5 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/cvs.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/cyrus.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/dbskk.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/dbus.if (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/dhcp.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/dictd.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/distcc.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/djbdns.if (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/dovecot.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/exim.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/finger.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/ftp.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/hal.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/howl.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/inetd.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/inn.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/kerberos.if (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/kerberos.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/ktalk.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/ldap.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/lpd.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/mailman.if (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/mta.if (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/mysql.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/networkmanager.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/nis.if (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/nis.te (modified) (5 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/nscd.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/ntp.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/openvpn.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/pcscd.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/pegasus.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/portmap.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/postfix.if (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/postfix.te (modified) (3 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/postgresql.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/ppp.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/privoxy.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/procmail.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/pyzor.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/radius.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/radvd.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/ricci.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/rlogin.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/rpc.if (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/rpcbind.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/rsync.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/rwho.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/samba.te (modified) (6 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/sasl.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/sendmail.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/snmp.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/spamassassin.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/squid.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/ssh.if (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/stunnel.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/tcpd.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/telnet.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/tftp.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/tor.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/ucspitcp.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/uucp.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/zebra.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/system/hotplug.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/system/init.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/system/ipsec.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/system/iscsi.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/system/logging.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/system/lvm.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/system/mount.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/system/sysnetwork.te (modified) (1 diff)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/system/userdomain.if (modified) (3 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/system/xen.te (modified) (2 diffs)
- branch/RHEL5.1-networklockdown/src/selinux-policy-clip/support/pyplate.pyc (modified) (previous)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/booleans.conf
r176 r191 459 459 write_untrusted_content = false 460 460 461 #462 # Allow applications to write untrusted content463 #464 spamd_enable_home_dirs = true465 466 #467 # Allow applications to write untrusted content468 #469 spamassassin_can_network = false470 471 #472 # Allow applications to write untrusted content473 #474 samba_enable_home_dirs = false475 476 #477 # Allow applications to write untrusted content478 #479 pppd_for_user = false480 481 #482 # Allow applications to write untrusted content483 #484 allow_kerberos = false485 branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules.conf
r176 r191 1763 1763 userdomain = base 1764 1764 1765 # Layer: admin1766 # Module: xar1767 #1768 # Xar security backup1769 #1770 xar = module1771 1772 1765 # Layer: system 1773 1766 # Module: xen branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/admin/amanda.te
r167 r191 118 118 corenet_all_recvfrom_unlabeled(amanda_t) 119 119 corenet_all_recvfrom_netlabel(amanda_t) 120 corenet_tcp_sendrecv_ all_if(amanda_t)121 corenet_udp_sendrecv_ all_if(amanda_t)122 corenet_raw_sendrecv_ all_if(amanda_t)123 corenet_tcp_sendrecv_ all_nodes(amanda_t)124 corenet_udp_sendrecv_ all_nodes(amanda_t)125 corenet_raw_sendrecv_ all_nodes(amanda_t)126 corenet_tcp_sendrecv_ all_ports(amanda_t)127 corenet_udp_sendrecv_ all_ports(amanda_t)128 corenet_tcp_bind_ all_nodes(amanda_t)129 corenet_udp_bind_ all_nodes(amanda_t)120 corenet_tcp_sendrecv_generic_if(amanda_t) 121 corenet_udp_sendrecv_generic_if(amanda_t) 122 corenet_raw_sendrecv_generic_if(amanda_t) 123 corenet_tcp_sendrecv_generic_node(amanda_t) 124 corenet_udp_sendrecv_generic_node(amanda_t) 125 corenet_raw_sendrecv_generic_node(amanda_t) 126 corenet_tcp_sendrecv_generic_port(amanda_t) 127 corenet_udp_sendrecv_generic_port(amanda_t) 128 corenet_tcp_bind_generic_node(amanda_t) 129 corenet_udp_bind_generic_node(amanda_t) 130 130 corenet_tcp_bind_all_rpc_ports(amanda_t) 131 131 … … 199 199 corenet_all_recvfrom_unlabeled(amanda_recover_t) 200 200 corenet_all_recvfrom_netlabel(amanda_recover_t) 201 corenet_tcp_sendrecv_ all_if(amanda_recover_t)202 corenet_udp_sendrecv_ all_if(amanda_recover_t)203 corenet_tcp_sendrecv_ all_nodes(amanda_recover_t)204 corenet_udp_sendrecv_ all_nodes(amanda_recover_t)205 corenet_tcp_sendrecv_ all_ports(amanda_recover_t)206 corenet_udp_sendrecv_ all_ports(amanda_recover_t)207 corenet_tcp_bind_ all_nodes(amanda_recover_t)208 corenet_udp_bind_ all_nodes(amanda_recover_t)201 corenet_tcp_sendrecv_generic_if(amanda_recover_t) 202 corenet_udp_sendrecv_generic_if(amanda_recover_t) 203 corenet_tcp_sendrecv_generic_node(amanda_recover_t) 204 corenet_udp_sendrecv_generic_node(amanda_recover_t) 205 corenet_tcp_sendrecv_generic_port(amanda_recover_t) 206 corenet_udp_sendrecv_generic_port(amanda_recover_t) 207 corenet_tcp_bind_generic_node(amanda_recover_t) 208 corenet_udp_bind_generic_node(amanda_recover_t) 209 209 corenet_tcp_bind_reserved_port(amanda_recover_t) 210 210 corenet_tcp_connect_amanda_port(amanda_recover_t) branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/admin/apt.te
r167 r191 75 75 corenet_all_recvfrom_unlabeled(apt_t) 76 76 corenet_all_recvfrom_netlabel(apt_t) 77 corenet_tcp_sendrecv_ all_if(apt_t)78 corenet_udp_sendrecv_ all_if(apt_t)79 corenet_tcp_sendrecv_ all_nodes(apt_t)80 corenet_udp_sendrecv_ all_nodes(apt_t)81 corenet_tcp_sendrecv_ all_ports(apt_t)82 corenet_udp_sendrecv_ all_ports(apt_t)77 corenet_tcp_sendrecv_generic_if(apt_t) 78 corenet_udp_sendrecv_generic_if(apt_t) 79 corenet_tcp_sendrecv_generic_node(apt_t) 80 corenet_udp_sendrecv_generic_node(apt_t) 81 corenet_tcp_sendrecv_generic_port(apt_t) 82 corenet_udp_sendrecv_generic_port(apt_t) 83 83 # TODO: reall allow all these? 84 corenet_tcp_bind_ all_nodes(apt_t)85 corenet_udp_bind_ all_nodes(apt_t)86 corenet_tcp_connect_ all_ports(apt_t)87 corenet_sendrecv_ all_client_packets(apt_t)84 corenet_tcp_bind_generic_node(apt_t) 85 corenet_udp_bind_generic_node(apt_t) 86 corenet_tcp_connect_generic_port(apt_t) 87 corenet_sendrecv_generic_client_packets(apt_t) 88 88 89 89 dev_read_urand(apt_t) branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/admin/dpkg.te
r167 r191 93 93 corenet_all_recvfrom_unlabeled(dpkg_t) 94 94 corenet_all_recvfrom_netlabel(dpkg_t) 95 corenet_tcp_sendrecv_ all_if(dpkg_t)96 corenet_raw_sendrecv_ all_if(dpkg_t)97 corenet_udp_sendrecv_ all_if(dpkg_t)98 corenet_tcp_sendrecv_ all_nodes(dpkg_t)99 corenet_raw_sendrecv_ all_nodes(dpkg_t)100 corenet_udp_sendrecv_ all_nodes(dpkg_t)101 corenet_tcp_sendrecv_ all_ports(dpkg_t)102 corenet_udp_sendrecv_ all_ports(dpkg_t)103 corenet_tcp_connect_ all_ports(dpkg_t)104 corenet_sendrecv_ all_client_packets(dpkg_t)95 corenet_tcp_sendrecv_generic_if(dpkg_t) 96 corenet_raw_sendrecv_generic_if(dpkg_t) 97 corenet_udp_sendrecv_generic_if(dpkg_t) 98 corenet_tcp_sendrecv_generic_node(dpkg_t) 99 corenet_raw_sendrecv_generic_node(dpkg_t) 100 corenet_udp_sendrecv_generic_node(dpkg_t) 101 corenet_tcp_sendrecv_generic_port(dpkg_t) 102 corenet_udp_sendrecv_generic_port(dpkg_t) 103 corenet_tcp_connect_generic_port(dpkg_t) 104 corenet_sendrecv_generic_client_packets(dpkg_t) 105 105 106 106 dev_list_sysfs(dpkg_t) branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/admin/firstboot.te
r176 r191 46 46 corenet_all_recvfrom_unlabeled(firstboot_t) 47 47 corenet_all_recvfrom_netlabel(firstboot_t) 48 corenet_tcp_sendrecv_ all_if(firstboot_t)49 corenet_tcp_sendrecv_ all_nodes(firstboot_t)50 corenet_tcp_sendrecv_ all_ports(firstboot_t)48 corenet_tcp_sendrecv_generic_if(firstboot_t) 49 corenet_tcp_sendrecv_generic_node(firstboot_t) 50 corenet_tcp_sendrecv_generic_port(firstboot_t) 51 51 52 52 dev_read_urand(firstboot_t) branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/admin/netutils.te
r167 r191 54 54 corenet_all_recvfrom_unlabeled(netutils_t) 55 55 corenet_all_recvfrom_netlabel(netutils_t) 56 corenet_tcp_sendrecv_ all_if(netutils_t)57 corenet_raw_sendrecv_ all_if(netutils_t)58 corenet_udp_sendrecv_ all_if(netutils_t)59 corenet_tcp_sendrecv_ all_nodes(netutils_t)60 corenet_raw_sendrecv_ all_nodes(netutils_t)61 corenet_udp_sendrecv_ all_nodes(netutils_t)62 corenet_tcp_sendrecv_ all_ports(netutils_t)63 corenet_udp_sendrecv_ all_ports(netutils_t)64 corenet_tcp_connect_ all_ports(netutils_t)65 corenet_sendrecv_ all_client_packets(netutils_t)56 corenet_tcp_sendrecv_generic_if(netutils_t) 57 corenet_raw_sendrecv_generic_if(netutils_t) 58 corenet_udp_sendrecv_generic_if(netutils_t) 59 corenet_tcp_sendrecv_generic_node(netutils_t) 60 corenet_raw_sendrecv_generic_node(netutils_t) 61 corenet_udp_sendrecv_generic_node(netutils_t) 62 corenet_tcp_sendrecv_generic_port(netutils_t) 63 corenet_udp_sendrecv_generic_port(netutils_t) 64 corenet_tcp_connect_generic_port(netutils_t) 65 corenet_sendrecv_generic_client_packets(netutils_t) 66 66 corenet_udp_bind_generic_node(netutils_t) 67 67 … … 111 111 corenet_all_recvfrom_unlabeled(ping_t) 112 112 corenet_all_recvfrom_netlabel(ping_t) 113 corenet_tcp_sendrecv_ all_if(ping_t)114 corenet_raw_sendrecv_ all_if(ping_t)115 corenet_raw_sendrecv_ all_nodes(ping_t)116 corenet_tcp_sendrecv_ all_nodes(ping_t)117 corenet_tcp_sendrecv_ all_ports(ping_t)113 corenet_tcp_sendrecv_generic_if(ping_t) 114 corenet_raw_sendrecv_generic_if(ping_t) 115 corenet_raw_sendrecv_generic_node(ping_t) 116 corenet_tcp_sendrecv_generic_node(ping_t) 117 corenet_tcp_sendrecv_generic_port(ping_t) 118 118 119 119 fs_dontaudit_getattr_xattr_fs(ping_t) … … 175 175 corenet_all_recvfrom_unlabeled(traceroute_t) 176 176 corenet_all_recvfrom_netlabel(traceroute_t) 177 corenet_tcp_sendrecv_ all_if(traceroute_t)178 corenet_udp_sendrecv_ all_if(traceroute_t)179 corenet_raw_sendrecv_ all_if(traceroute_t)180 corenet_tcp_sendrecv_ all_nodes(traceroute_t)181 corenet_udp_sendrecv_ all_nodes(traceroute_t)182 corenet_raw_sendrecv_ all_nodes(traceroute_t)183 corenet_tcp_sendrecv_ all_ports(traceroute_t)184 corenet_udp_sendrecv_ all_ports(traceroute_t)185 corenet_udp_bind_ all_nodes(traceroute_t)186 corenet_tcp_bind_ all_nodes(traceroute_t)177 corenet_tcp_sendrecv_generic_if(traceroute_t) 178 corenet_udp_sendrecv_generic_if(traceroute_t) 179 corenet_raw_sendrecv_generic_if(traceroute_t) 180 corenet_tcp_sendrecv_generic_node(traceroute_t) 181 corenet_udp_sendrecv_generic_node(traceroute_t) 182 corenet_raw_sendrecv_generic_node(traceroute_t) 183 corenet_tcp_sendrecv_generic_port(traceroute_t) 184 corenet_udp_sendrecv_generic_port(traceroute_t) 185 corenet_udp_bind_generic_node(traceroute_t) 186 corenet_tcp_bind_generic_node(traceroute_t) 187 187 # traceroute needs this but not tracepath 188 corenet_raw_bind_ all_nodes(traceroute_t)188 corenet_raw_bind_generic_nodes(traceroute_t) 189 189 corenet_udp_bind_traceroute_port(traceroute_t) 190 corenet_tcp_connect_ all_ports(traceroute_t)191 corenet_sendrecv_ all_client_packets(traceroute_t)190 corenet_tcp_connect_generic_port(traceroute_t) 191 corenet_sendrecv_generic_client_packets(traceroute_t) 192 192 corenet_sendrecv_traceroute_server_packets(traceroute_t) 193 193 branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/admin/rpm.te
r167 r191 97 97 corenet_all_recvfrom_unlabeled(rpm_t) 98 98 corenet_all_recvfrom_netlabel(rpm_t) 99 corenet_tcp_sendrecv_ all_if(rpm_t)100 corenet_raw_sendrecv_ all_if(rpm_t)101 corenet_udp_sendrecv_ all_if(rpm_t)102 corenet_tcp_sendrecv_ all_nodes(rpm_t)103 corenet_raw_sendrecv_ all_nodes(rpm_t)104 corenet_udp_sendrecv_ all_nodes(rpm_t)105 corenet_tcp_sendrecv_ all_ports(rpm_t)106 corenet_udp_sendrecv_ all_ports(rpm_t)107 corenet_tcp_connect_ all_ports(rpm_t)108 corenet_sendrecv_ all_client_packets(rpm_t)99 corenet_tcp_sendrecv_generic_if(rpm_t) 100 corenet_raw_sendrecv_generic_if(rpm_t) 101 corenet_udp_sendrecv_generic_if(rpm_t) 102 corenet_tcp_sendrecv_generic_node(rpm_t) 103 corenet_raw_sendrecv_generic_node(rpm_t) 104 corenet_udp_sendrecv_generic_node(rpm_t) 105 corenet_tcp_sendrecv_generic_port(rpm_t) 106 corenet_udp_sendrecv_generic_port(rpm_t) 107 corenet_tcp_connect_generic_port(rpm_t) 108 corenet_sendrecv_generic_client_packets(rpm_t) 109 109 110 110 dev_list_sysfs(rpm_t) branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/admin/vpn.te
r167 r191 49 49 corenet_all_recvfrom_unlabeled(vpnc_t) 50 50 corenet_all_recvfrom_netlabel(vpnc_t) 51 corenet_tcp_sendrecv_ all_if(vpnc_t)52 corenet_udp_sendrecv_ all_if(vpnc_t)53 corenet_raw_sendrecv_ all_if(vpnc_t)54 corenet_tcp_sendrecv_ all_nodes(vpnc_t)55 corenet_udp_sendrecv_ all_nodes(vpnc_t)56 corenet_raw_sendrecv_ all_nodes(vpnc_t)57 corenet_tcp_sendrecv_ all_ports(vpnc_t)58 corenet_udp_sendrecv_ all_ports(vpnc_t)59 corenet_udp_bind_ all_nodes(vpnc_t)51 corenet_tcp_sendrecv_generic_if(vpnc_t) 52 corenet_udp_sendrecv_generic_if(vpnc_t) 53 corenet_raw_sendrecv_generic_if(vpnc_t) 54 corenet_tcp_sendrecv_generic_node(vpnc_t) 55 corenet_udp_sendrecv_generic_node(vpnc_t) 56 corenet_raw_sendrecv_generic_node(vpnc_t) 57 corenet_tcp_sendrecv_generic_port(vpnc_t) 58 corenet_udp_sendrecv_generic_port(vpnc_t) 59 corenet_udp_bind_generic_node(vpnc_t) 60 60 corenet_udp_bind_generic_port(vpnc_t) 61 61 corenet_udp_bind_isakmp_port(vpnc_t) 62 corenet_tcp_connect_ all_ports(vpnc_t)63 corenet_sendrecv_ all_client_packets(vpnc_t)62 corenet_tcp_connect_generic_port(vpnc_t) 63 corenet_sendrecv_generic_client_packets(vpnc_t) 64 64 corenet_sendrecv_isakmp_server_packets(vpnc_t) 65 65 corenet_sendrecv_generic_server_packets(vpnc_t) branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/apps/gpg.if
r153 r191 97 97 corenet_all_recvfrom_unlabeled($1_gpg_t) 98 98 corenet_all_recvfrom_netlabel($1_gpg_t) 99 corenet_tcp_sendrecv_ all_if($1_gpg_t)100 corenet_udp_sendrecv_ all_if($1_gpg_t)101 corenet_tcp_sendrecv_ all_nodes($1_gpg_t)102 corenet_udp_sendrecv_ all_nodes($1_gpg_t)103 corenet_tcp_sendrecv_ all_ports($1_gpg_t)104 corenet_udp_sendrecv_ all_ports($1_gpg_t)105 corenet_tcp_connect_ all_ports($1_gpg_t)106 corenet_sendrecv_ all_client_packets($1_gpg_t)99 corenet_tcp_sendrecv_generic_if($1_gpg_t) 100 corenet_udp_sendrecv_generic_if($1_gpg_t) 101 corenet_tcp_sendrecv_generic_node($1_gpg_t) 102 corenet_udp_sendrecv_generic_node($1_gpg_t) 103 corenet_tcp_sendrecv_generic_port($1_gpg_t) 104 corenet_udp_sendrecv_generic_port($1_gpg_t) 105 corenet_tcp_connect_generic_port($1_gpg_t) 106 corenet_sendrecv_generic_client_packets($1_gpg_t) 107 107 108 108 dev_read_rand($1_gpg_t) … … 161 161 corenet_all_recvfrom_unlabeled($1_gpg_helper_t) 162 162 corenet_all_recvfrom_netlabel($1_gpg_helper_t) 163 corenet_tcp_sendrecv_ all_if($1_gpg_helper_t)164 corenet_raw_sendrecv_ all_if($1_gpg_helper_t)165 corenet_udp_sendrecv_ all_if($1_gpg_helper_t)166 corenet_tcp_sendrecv_ all_nodes($1_gpg_helper_t)167 corenet_udp_sendrecv_ all_nodes($1_gpg_helper_t)168 corenet_raw_sendrecv_ all_nodes($1_gpg_helper_t)169 corenet_tcp_sendrecv_ all_ports($1_gpg_helper_t)170 corenet_udp_sendrecv_ all_ports($1_gpg_helper_t)171 corenet_tcp_bind_ all_nodes($1_gpg_helper_t)172 corenet_udp_bind_ all_nodes($1_gpg_helper_t)173 corenet_tcp_connect_ all_ports($1_gpg_helper_t)163 corenet_tcp_sendrecv_generic_if($1_gpg_helper_t) 164 corenet_raw_sendrecv_generic_if($1_gpg_helper_t) 165 corenet_udp_sendrecv_generic_if($1_gpg_helper_t) 166 corenet_tcp_sendrecv_generic_node($1_gpg_helper_t) 167 corenet_udp_sendrecv_generic_node($1_gpg_helper_t) 168 corenet_raw_sendrecv_generic_node($1_gpg_helper_t) 169 corenet_tcp_sendrecv_generic_port($1_gpg_helper_t) 170 corenet_udp_sendrecv_generic_port($1_gpg_helper_t) 171 corenet_tcp_bind_generic_node($1_gpg_helper_t) 172 corenet_udp_bind_generic_node($1_gpg_helper_t) 173 corenet_tcp_connect_generic_port($1_gpg_helper_t) 174 174 175 175 dev_read_urand($1_gpg_helper_t) branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/apps/webalizer.te
r167 r191 63 63 corenet_all_recvfrom_unlabeled(webalizer_t) 64 64 corenet_all_recvfrom_netlabel(webalizer_t) 65 corenet_tcp_sendrecv_ all_if(webalizer_t)66 corenet_tcp_sendrecv_ all_nodes(webalizer_t)67 corenet_tcp_sendrecv_ all_ports(webalizer_t)65 corenet_tcp_sendrecv_generic_if(webalizer_t) 66 corenet_tcp_sendrecv_generic_node(webalizer_t) 67 corenet_tcp_sendrecv_generic_port(webalizer_t) 68 68 69 69 fs_search_auto_mountpoints(webalizer_t) branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/kernel/corenetwork.if
r176 r191 770 770 771 771 allow $1 node_type:rawip_socket node_bind; 772 ') 773 774 ######################################## 775 ## <summary> 776 ## Bind raw sockets to generic nodes. 777 ## </summary> 778 ## <param name="domain"> 779 ## <summary> 780 ## The type of the process performing this action. 781 ## </summary> 782 ## </param> 783 # rawip_socket node_bind does not make much sense. 784 # cjp: vmware hits this too 785 interface(`corenet_raw_bind_generic_nodes',` 786 gen_require(` 787 type node_t; 788 ') 789 790 allow $1 node_t:rawip_socket node_bind; 772 791 ') 773 792 branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/kernel/corenetwork.if.in
r167 r191 766 766 767 767 allow $1 node_type:rawip_socket node_bind; 768 ') 769 770 ######################################## 771 ## <summary> 772 ## Bind raw sockets to generic nodes. 773 ## </summary> 774 ## <param name="domain"> 775 ## <summary> 776 ## The type of the process performing this action. 777 ## </summary> 778 ## </param> 779 # rawip_socket node_bind does not make much sense. 780 # cjp: vmware hits this too 781 interface(`corenet_raw_bind_generic_nodes',` 782 gen_require(` 783 type node_t; 784 ') 785 786 allow $1 node_t:rawip_socket node_bind; 768 787 ') 769 788 branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/amavis.te
r167 r191 103 103 corenet_all_recvfrom_unlabeled(amavis_t) 104 104 corenet_all_recvfrom_netlabel(amavis_t) 105 corenet_tcp_sendrecv_ all_if(amavis_t)106 corenet_tcp_sendrecv_ all_nodes(amavis_t)107 corenet_tcp_bind_ all_nodes(amavis_t)108 corenet_udp_bind_ all_nodes(amavis_t)105 corenet_tcp_sendrecv_generic_if(amavis_t) 106 corenet_tcp_sendrecv_generic_node(amavis_t) 107 corenet_tcp_bind_generic_node(amavis_t) 108 corenet_udp_bind_generic_node(amavis_t) 109 109 # amavis uses well-defined ports 110 110 corenet_tcp_sendrecv_amavisd_recv_port(amavis_t) branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/apache.if
r153 r191 184 184 corenet_all_recvfrom_unlabeled(httpd_$1_script_t) 185 185 corenet_all_recvfrom_netlabel(httpd_$1_script_t) 186 corenet_tcp_sendrecv_ all_if(httpd_$1_script_t)187 corenet_udp_sendrecv_ all_if(httpd_$1_script_t)188 corenet_tcp_sendrecv_ all_nodes(httpd_$1_script_t)189 corenet_udp_sendrecv_ all_nodes(httpd_$1_script_t)190 corenet_tcp_sendrecv_ all_ports(httpd_$1_script_t)191 corenet_udp_sendrecv_ all_ports(httpd_$1_script_t)186 corenet_tcp_sendrecv_generic_if(httpd_$1_script_t) 187 corenet_udp_sendrecv_generic_if(httpd_$1_script_t) 188 corenet_tcp_sendrecv_generic_node(httpd_$1_script_t) 189 corenet_udp_sendrecv_generic_node(httpd_$1_script_t) 190 corenet_tcp_sendrecv_generic_port(httpd_$1_script_t) 191 corenet_udp_sendrecv_generic_port(httpd_$1_script_t) 192 192 corenet_tcp_connect_postgresql_port(httpd_$1_script_t) 193 193 corenet_tcp_connect_mysqld_port(httpd_$1_script_t) … … 204 204 corenet_all_recvfrom_unlabeled(httpd_$1_script_t) 205 205 corenet_all_recvfrom_netlabel(httpd_$1_script_t) 206 corenet_tcp_sendrecv_ all_if(httpd_$1_script_t)207 corenet_udp_sendrecv_ all_if(httpd_$1_script_t)208 corenet_tcp_sendrecv_ all_nodes(httpd_$1_script_t)209 corenet_udp_sendrecv_ all_nodes(httpd_$1_script_t)210 corenet_tcp_sendrecv_ all_ports(httpd_$1_script_t)211 corenet_udp_sendrecv_ all_ports(httpd_$1_script_t)212 corenet_tcp_connect_ all_ports(httpd_$1_script_t)213 corenet_sendrecv_ all_client_packets(httpd_$1_script_t)206 corenet_tcp_sendrecv_generic_if(httpd_$1_script_t) 207 corenet_udp_sendrecv_generic_if(httpd_$1_script_t) 208 corenet_tcp_sendrecv_generic_node(httpd_$1_script_t) 209 corenet_udp_sendrecv_generic_node(httpd_$1_script_t) 210 corenet_tcp_sendrecv_generic_port(httpd_$1_script_t) 211 corenet_udp_sendrecv_generic_port(httpd_$1_script_t) 212 corenet_tcp_connect_generic_port(httpd_$1_script_t) 213 corenet_sendrecv_generic_client_packets(httpd_$1_script_t) 214 214 215 215 sysnet_read_config(httpd_$1_script_t) branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/apache.te
r167 r191 293 293 corenet_all_recvfrom_unlabeled(httpd_t) 294 294 corenet_all_recvfrom_netlabel(httpd_t) 295 corenet_tcp_sendrecv_ all_if(httpd_t)296 corenet_udp_sendrecv_ all_if(httpd_t)297 corenet_tcp_sendrecv_ all_nodes(httpd_t)298 corenet_udp_sendrecv_ all_nodes(httpd_t)299 corenet_tcp_sendrecv_ all_ports(httpd_t)300 corenet_udp_sendrecv_ all_ports(httpd_t)301 corenet_tcp_bind_ all_nodes(httpd_t)295 corenet_tcp_sendrecv_generic_if(httpd_t) 296 corenet_udp_sendrecv_generic_if(httpd_t) 297 corenet_tcp_sendrecv_generic_node(httpd_t) 298 corenet_udp_sendrecv_generic_node(httpd_t) 299 corenet_tcp_sendrecv_generic_port(httpd_t) 300 corenet_udp_sendrecv_generic_port(httpd_t) 301 corenet_tcp_bind_generic_node(httpd_t) 302 302 corenet_tcp_bind_http_port(httpd_t) 303 303 corenet_tcp_bind_http_cache_port(httpd_t) … … 368 368 369 369 tunable_policy(`httpd_can_network_connect',` 370 corenet_tcp_connect_ all_ports(httpd_t)370 corenet_tcp_connect_generic_port(httpd_t) 371 371 ') 372 372 … … 619 619 corenet_all_recvfrom_unlabeled(httpd_suexec_t) 620 620 corenet_all_recvfrom_netlabel(httpd_suexec_t) 621 corenet_tcp_sendrecv_ all_if(httpd_suexec_t)622 corenet_udp_sendrecv_ all_if(httpd_suexec_t)623 corenet_tcp_sendrecv_ all_nodes(httpd_suexec_t)624 corenet_udp_sendrecv_ all_nodes(httpd_suexec_t)625 corenet_tcp_sendrecv_ all_ports(httpd_suexec_t)626 corenet_udp_sendrecv_ all_ports(httpd_suexec_t)627 corenet_tcp_connect_ all_ports(httpd_suexec_t)628 corenet_sendrecv_ all_client_packets(httpd_suexec_t)621 corenet_tcp_sendrecv_generic_if(httpd_suexec_t) 622 corenet_udp_sendrecv_generic_if(httpd_suexec_t) 623 corenet_tcp_sendrecv_generic_node(httpd_suexec_t) 624 corenet_udp_sendrecv_generic_node(httpd_suexec_t) 625 corenet_tcp_sendrecv_generic_port(httpd_suexec_t) 626 corenet_udp_sendrecv_generic_port(httpd_suexec_t) 627 corenet_tcp_connect_generic_port(httpd_suexec_t) 628 corenet_sendrecv_generic_client_packets(httpd_suexec_t) 629 629 ') 630 630 branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/apcupsd.te
r167 r191 55 55 corenet_all_recvfrom_netlabel(apcupsd_t) 56 56 corenet_tcp_sendrecv_generic_if(apcupsd_t) 57 corenet_tcp_sendrecv_ all_nodes(apcupsd_t)58 corenet_tcp_sendrecv_ all_ports(apcupsd_t)59 corenet_tcp_bind_ all_nodes(apcupsd_t)57 corenet_tcp_sendrecv_generic_node(apcupsd_t) 58 corenet_tcp_sendrecv_generic_port(apcupsd_t) 59 corenet_tcp_bind_generic_node(apcupsd_t) 60 60 corenet_tcp_bind_apcupsd_port(apcupsd_t) 61 61 corenet_sendrecv_apcupsd_server_packets(apcupsd_t) … … 108 108 corenet_all_recvfrom_unlabeled(httpd_apcupsd_cgi_script_t) 109 109 corenet_all_recvfrom_netlabel(httpd_apcupsd_cgi_script_t) 110 corenet_tcp_sendrecv_ all_if(httpd_apcupsd_cgi_script_t)111 corenet_tcp_sendrecv_ all_nodes(httpd_apcupsd_cgi_script_t)112 corenet_tcp_sendrecv_ all_ports(httpd_apcupsd_cgi_script_t)110 corenet_tcp_sendrecv_generic_if(httpd_apcupsd_cgi_script_t) 111 corenet_tcp_sendrecv_generic_node(httpd_apcupsd_cgi_script_t) 112 corenet_tcp_sendrecv_generic_port(httpd_apcupsd_cgi_script_t) 113 113 corenet_tcp_connect_apcupsd_port(httpd_apcupsd_cgi_script_t) 114 corenet_udp_sendrecv_ all_if(httpd_apcupsd_cgi_script_t)115 corenet_udp_sendrecv_ all_nodes(httpd_apcupsd_cgi_script_t)116 corenet_udp_sendrecv_ all_ports(httpd_apcupsd_cgi_script_t)114 corenet_udp_sendrecv_generic_if(httpd_apcupsd_cgi_script_t) 115 corenet_udp_sendrecv_generic_node(httpd_apcupsd_cgi_script_t) 116 corenet_udp_sendrecv_generic_port(httpd_apcupsd_cgi_script_t) 117 117 118 118 sysnet_dns_name_resolve(httpd_apcupsd_cgi_script_t) branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/arpwatch.te
r167 r191 50 50 corenet_all_recvfrom_unlabeled(arpwatch_t) 51 51 corenet_all_recvfrom_netlabel(arpwatch_t) 52 corenet_tcp_sendrecv_ all_if(arpwatch_t)53 corenet_udp_sendrecv_ all_if(arpwatch_t)54 corenet_raw_sendrecv_ all_if(arpwatch_t)55 corenet_tcp_sendrecv_ all_nodes(arpwatch_t)56 corenet_udp_sendrecv_ all_nodes(arpwatch_t)57 corenet_raw_sendrecv_ all_nodes(arpwatch_t)58 corenet_tcp_sendrecv_ all_ports(arpwatch_t)59 corenet_udp_sendrecv_ all_ports(arpwatch_t)52 corenet_tcp_sendrecv_generic_if(arpwatch_t) 53 corenet_udp_sendrecv_generic_if(arpwatch_t) 54 corenet_raw_sendrecv_generic_if(arpwatch_t) 55 corenet_tcp_sendrecv_generic_node(arpwatch_t) 56 corenet_udp_sendrecv_generic_node(arpwatch_t) 57 corenet_raw_sendrecv_generic_node(arpwatch_t) 58 corenet_tcp_sendrecv_generic_port(arpwatch_t) 59 corenet_udp_sendrecv_generic_port(arpwatch_t) 60 60 61 61 dev_read_sysfs(arpwatch_t) branch/RHEL5.1-networklockdown/src/selinux-policy-clip/policy/modules/services/avahi.te
r167 <