Changeset 2792

Timestamp:

08/29/08 08:21:53 (3 months ago)

Author:

cpebenito

Message:

trunk: inetd update from dan.

Files:

• trunk/policy/modules/services/inetd.if (modified) (1 diff)
• trunk/policy/modules/services/inetd.te (modified) (6 diffs)

trunk/policy/modules/services/inetd.if

@@ -116 +116 @@
-        allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
-        allow $1 inetd_t:udp_socket rw_socket_perms;
+
+        # encrypt the service through stunnel
+        optional_policy(`
+                stunnel_service_domain($1, $2)
+        ')
-')
-

trunk/policy/modules/services/inetd.te

@@ -1 +1 @@
-
-0
+1
-
-########################################
@@ -30 +30 @@
-type inetd_child_var_run_t;
-files_pid_file(inetd_child_var_run_t)
+
+ifdef(`enable_mcs',`
+        init_ranged_daemon_domain(inetd_t, inetd_exec_t,s0 - mcs_systemhigh)
+')
-
-########################################
@@ -59 +63 @@
-kernel_read_system_state(inetd_t)
-kernel_tcp_recvfrom_unlabeled(inetd_t)
+
+corecmd_bin_domtrans(inetd_t, inetd_child_t)
-
-# base networking:
@@ -85 +91 @@
-corenet_tcp_bind_inetd_child_port(inetd_t)
-corenet_udp_bind_inetd_child_port(inetd_t)
+corenet_tcp_bind_ircd_port(inetd_t)
-corenet_udp_bind_ktalkd_port(inetd_t)
-corenet_tcp_bind_printer_port(inetd_t)
@@ -106 +113 @@
-corenet_sendrecv_ftp_server_packets(inetd_t)
-corenet_sendrecv_inetd_child_server_packets(inetd_t)
+corenet_sendrecv_ircd_server_packets(inetd_t)
-corenet_sendrecv_ktalkd_server_packets(inetd_t)
-corenet_sendrecv_printer_server_packets(inetd_t)
@@ -149 +157 @@
-sysadm_dontaudit_search_home_dirs(inetd_t)
-
+ifdef(`distro_redhat',`
+        optional_policy(`
+                unconfined_domain(inetd_t)
+        ')
+')
+
-ifdef(`enable_mls',`
-        corenet_tcp_recvfrom_netlabel(inetd_t)
-        corenet_udp_recvfrom_netlabel(inetd_t)
-')
+
-optional_policy(`
-        amanda_search_lib(inetd_t)