PERFORCE change 113428 for review
Todd Miller
millert at FreeBSD.org
Mon Jan 22 20:20:56 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=113428
Change 113428 by millert at millert_macbook on 2007/01/22 20:20:40
Add TCP/UDP netif permissions as needed.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/DirectoryService.te#9 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.te#19 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/lookupd.te#8 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/mDNSResponder.te#9 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/DirectoryService.te#9 (text+ko) ====
@@ -134,4 +134,7 @@
# Search /var/vm
files_search_vm(DirectoryService_t)
+# Networking
corenet_tcp_connect_smbd_port(DirectoryService_t)
+corenet_tcp_sendrecv_all_if(DirectoryService_t)
+corenet_udp_sendrecv_all_if(DirectoryService_t)
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.te#19 (text+ko) ====
@@ -47,6 +47,7 @@
## Networking basics (adjust to your needs!)
sysnet_dns_name_resolve(configd_t)
+corenet_raw_send_all_if(configd_t)
corenet_tcp_sendrecv_all_if(configd_t)
corenet_tcp_sendrecv_all_nodes(configd_t)
corenet_tcp_sendrecv_all_ports(configd_t)
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/lookupd.te#8 (text+ko) ====
@@ -107,3 +107,7 @@
# Read /var
files_list_var(lookupd_t)
files_read_var_files(lookupd_t)
+
+# TCP/UDP send/receive
+corenet_tcp_sendrecv_all_if(lookupd_t)
+corenet_udp_send_all_if(lookupd_t)
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/mDNSResponder.te#9 (text+ko) ====
@@ -94,3 +94,6 @@
# Read /sbin
allow mDNSResponder_t sbin_t:dir { getattr read search };
+
+# UDP send/receive
+corenet_udp_sendrecv_all_if(mDNSResponder_t)
More information about the trustedbsd-cvs
mailing list