Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 Jan 2007 20:20:47 GMT
From:      Todd Miller <millert@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 113428 for review
Message-ID:  <200701222020.l0MKKlgH094246@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 
http://perforce.freebsd.org/chv.cgi?CH=113428

Change 113428 by millert@millert_macbook on 2007/01/22 20:20:40

	Add TCP/UDP netif permissions as needed.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/DirectoryService.te#9 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.te#19 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/lookupd.te#8 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/mDNSResponder.te#9 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/DirectoryService.te#9 (text+ko) ====

@@ -134,4 +134,7 @@
 # Search /var/vm
 files_search_vm(DirectoryService_t)
 
+# Networking
 corenet_tcp_connect_smbd_port(DirectoryService_t)
+corenet_tcp_sendrecv_all_if(DirectoryService_t)
+corenet_udp_sendrecv_all_if(DirectoryService_t)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.te#19 (text+ko) ====

@@ -47,6 +47,7 @@
 
 ## Networking basics (adjust to your needs!)
 sysnet_dns_name_resolve(configd_t)
+corenet_raw_send_all_if(configd_t)
 corenet_tcp_sendrecv_all_if(configd_t)
 corenet_tcp_sendrecv_all_nodes(configd_t)
 corenet_tcp_sendrecv_all_ports(configd_t)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/lookupd.te#8 (text+ko) ====

@@ -107,3 +107,7 @@
 # Read /var
 files_list_var(lookupd_t)
 files_read_var_files(lookupd_t)
+
+# TCP/UDP send/receive
+corenet_tcp_sendrecv_all_if(lookupd_t)
+corenet_udp_send_all_if(lookupd_t)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/mDNSResponder.te#9 (text+ko) ====

@@ -94,3 +94,6 @@
 
 # Read /sbin
 allow mDNSResponder_t sbin_t:dir { getattr read search };
+
+# UDP send/receive
+corenet_udp_sendrecv_all_if(mDNSResponder_t)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701222020.l0MKKlgH094246>