Changeset 21fdee9dd56a33723c27045a7bd2eaf6607de7d7
- Timestamp:
- 07/19/10 13:22:44
(2 months ago)
- Author:
- Chris PeBenito <cpebenito@tresys.com>
- Committer:
- Chris PeBenito <cpebenito@tresys.com> 1279563764 -0400
- Parent:
[29f3bfa464fee4f777758e7860b4a773236cbc36]
- Message:
Increase bindreservport range to 512-1024 in corenetwork, from Dan Walsh.
We went back and reread the bindreservport code in glibc.
Turns out the range or ports that this will reserve are 512-1024 rather
then 600-1024.
The code actually first tries to reserve a port from 600-1024 and if
they are ALL reserved will try 512-599.
So we need to change corenetwork to reflect this.
-
Files:
-
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
| r29f3bfa |
r21fdee9 |
|
| | 1 | - Increase bindreservport range to 512-1024 in corenetwork, from Dan Walsh. |
|---|
| 1 | 2 | - Add JIT usage for freshclam. |
|---|
| 2 | 3 | - Remove ethereal module since the application was renamed to wireshark. |
|---|
| r48f99a8 |
r21fdee9 |
|
| 1 | | policy_module(corenetwork, 1.14.0) |
|---|
| | 1 | policy_module(corenetwork, 1.14.1) |
|---|
| 2 | 2 | |
|---|
| 3 | 3 | ######################################## |
|---|
| … | … | |
| 55 | 55 | |
|---|
| 56 | 56 | # |
|---|
| 57 | | # hi_reserved_port_t is the type of INET port numbers between 600-1023. |
|---|
| | 57 | # hi_reserved_port_t is the type of INET port numbers between 512-1023. |
|---|
| 58 | 58 | # |
|---|
| 59 | 59 | type hi_reserved_port_t, port_type, reserved_port_type, rpc_port_type; |
|---|
| … | … | |
| 218 | 218 | # these entries just cover any remaining reserved ports not otherwise declared. |
|---|
| 219 | 219 | |
|---|
| 220 | | portcon tcp 600-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0) |
|---|
| 221 | | portcon udp 600-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0) |
|---|
| 222 | | portcon tcp 1-599 gen_context(system_u:object_r:reserved_port_t, s0) |
|---|
| 223 | | portcon udp 1-599 gen_context(system_u:object_r:reserved_port_t, s0) |
|---|
| | 220 | portcon tcp 512-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0) |
|---|
| | 221 | portcon udp 512-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0) |
|---|
| | 222 | portcon tcp 1-511 gen_context(system_u:object_r:reserved_port_t, s0) |
|---|
| | 223 | portcon udp 1-511 gen_context(system_u:object_r:reserved_port_t, s0) |
|---|
| 224 | 224 | |
|---|
| 225 | 225 | ######################################## |
|---|
| r3829eec |
r21fdee9 |
|
| 78 | 78 | ') |
|---|
| 79 | 79 | |
|---|
| 80 | | # bindresvport in glibc starts searching for reserved ports at 600 |
|---|
| | 80 | # bindresvport in glibc starts searching for reserved ports at 512 |
|---|
| 81 | 81 | define(`declare_ports',`dnl |
|---|
| 82 | 82 | ifelse(eval(range_start($3) < 1024),1,`typeattribute $1 reserved_port_type; |
|---|
| 83 | | ifelse(eval(range_start($3) >= 600),1,`typeattribute $1 rpc_port_type;',`dnl') |
|---|
| | 83 | ifelse(eval(range_start($3) >= 512),1,`typeattribute $1 rpc_port_type;',`dnl') |
|---|
| 84 | 84 | ',`dnl') |
|---|
| 85 | 85 | portcon $2 $3 gen_context(system_u:object_r:$1,$4) |
|---|
