- Fix sandbox policy creation with udp connect ports
This commit is contained in:
Dan Walsh
parent
433953b033
commit
a710a4e711
|
|
@ -6664,8 +6664,8 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgengui.py policyc
|
|||
+ app.stand_alone()
|
||||
diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycoreutils-2.0.85/gui/polgen.py
|
||||
--- nsapolicycoreutils/gui/polgen.py 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ policycoreutils-2.0.85/gui/polgen.py 2011-02-03 16:12:28.000000000 -0500
|
||||
@@ -0,0 +1,1349 @@
|
||||
+++ policycoreutils-2.0.85/gui/polgen.py 2011-02-03 17:03:56.000000000 -0500
|
||||
@@ -0,0 +1,1343 @@
|
||||
+#!/usr/bin/python -Es
|
||||
+#
|
||||
+# Copyright (C) 2007-2010 Red Hat
|
||||
|
|
@ -7734,7 +7734,7 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ t1 = re.sub("PORTNUM", "%d" % i, script.tcp_ports)
|
||||
+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
|
||||
+
|
||||
+ for i in self.in_udp[PORTS] + self.out_udp[PORTS]:
|
||||
+ for i in self.in_udp[PORTS]:
|
||||
+ if self.find_port(i,"udp") == None:
|
||||
+ t1 = re.sub("PORTNUM", "%d" % i, script.udp_ports)
|
||||
+ newsh += re.sub("TEMPLATETYPE", self.name, t1)
|
||||
|
|
@ -7874,16 +7874,6 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ mypolicy.set_out_tcp(0,"8000")
|
||||
+ print mypolicy.generate(tmpdir)
|
||||
+
|
||||
+ mypolicy = policy("mycgi", SANDBOX)
|
||||
+ mypolicy.set_in_tcp(1, 0, 0, "512, 55000-55000")
|
||||
+ mypolicy.set_in_udp(1, 0, 0, "1513")
|
||||
+ mypolicy.set_use_uid(True)
|
||||
+ mypolicy.set_use_tmp(False)
|
||||
+ mypolicy.set_use_syslog(True)
|
||||
+ mypolicy.set_use_pam(True)
|
||||
+ mypolicy.set_out_tcp(0,"8000")
|
||||
+ print mypolicy.generate(tmpdir)
|
||||
+
|
||||
+ mypolicy = policy("myinetd", INETD)
|
||||
+ mypolicy.set_program("/usr/bin/mytest")
|
||||
+ mypolicy.set_in_tcp(1, 0, 0, "513")
|
||||
|
|
@ -7939,6 +7929,10 @@ diff --exclude-from=exclude -N -u -r nsapolicycoreutils/gui/polgen.py policycore
|
|||
+ mypolicy.set_transition_users(["unconfined_u", "staff_u"])
|
||||
+ print mypolicy.generate(tmpdir)
|
||||
+
|
||||
+ mypolicy = policy("mysandbox", SANDBOX)
|
||||
+ mypolicy.set_out_udp(0, "993")
|
||||
+ print mypolicy.generate("/tmp")
|
||||
+
|
||||
+ mypolicy = policy("mydbadm", RUSER)
|
||||
+ mypolicy.set_admin_domains(["postgresql", "mysql"])
|
||||
+ print mypolicy.generate(tmpdir)
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
Summary: SELinux policy core utilities
|
||||
Name: policycoreutils
|
||||
Version: 2.0.85
|
||||
Release: 10%{?dist}
|
||||
Release: 11%{?dist}
|
||||
License: GPLv2
|
||||
Group: System Environment/Base
|
||||
# Based on git repository with tag 20101221
|
||||
|
|
@ -329,7 +329,10 @@ fi
|
|||
exit 0
|
||||
|
||||
%changelog
|
||||
* Wed Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-10
|
||||
* Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-11
|
||||
- Fix sandbox policy creation with udp connect ports
|
||||
|
||||
* Thu Feb 3 2011 Dan Walsh <dwalsh@redhat.com> 2.0.85-10
|
||||
- Cleaup selinux-polgengui to be a little more modern, fix comments and use selected name
|
||||
- Cleanup chcat man page
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue