rpms/selinux-policy/F-9 policy-20071130.patch, 1.216, 1.217 selinux-policy.spec, 1.711, 1.712
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Sep 26 14:04:18 UTC 2008
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv1904
Modified Files:
policy-20071130.patch selinux-policy.spec
Log Message:
* Tue Sep 25 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-95
- Allow kismet to bind to port 2501
policy-20071130.patch:
Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.216
retrieving revision 1.217
diff -u -r1.216 -r1.217
--- policy-20071130.patch 23 Sep 2008 20:48:11 -0000 1.216
+++ policy-20071130.patch 26 Sep 2008 14:04:16 -0000 1.217
@@ -2083,8 +2083,8 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.3.1/policy/modules/admin/kismet.te
--- nsaserefpolicy/policy/modules/admin/kismet.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/admin/kismet.te 2008-09-08 11:45:12.000000000 -0400
-@@ -0,0 +1,57 @@
++++ serefpolicy-3.3.1/policy/modules/admin/kismet.te 2008-09-25 15:06:31.000000000 -0400
+@@ -0,0 +1,66 @@
+
+policy_module(kismet, 1.0.2)
+
@@ -2115,8 +2115,9 @@
+allow kismet_t self:capability { net_admin net_raw setuid setgid };
+allow kismet_t self:fifo_file rw_file_perms;
+allow kismet_t self:packet_socket create_socket_perms;
-+allow kismet_t self:unix_dgram_socket create_socket_perms;
++allow kismet_t self:unix_dgram_socket { create_socket_perms sendto };
+allow kismet_t self:unix_stream_socket create_stream_socket_perms;
++allow kismet_t self:tcp_socket create_stream_socket_perms;
+
+manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t)
+allow kismet_t kismet_log_t:dir setattr;
@@ -2132,6 +2133,14 @@
+
+corecmd_exec_bin(kismet_t)
+
++corenet_all_recvfrom_unlabeled(kismet_t)
++corenet_all_recvfrom_netlabel(kismet_t)
++corenet_tcp_sendrecv_all_if(kismet_t)
++corenet_tcp_sendrecv_all_nodes(kismet_t)
++corenet_tcp_sendrecv_all_ports(kismet_t)
++corenet_tcp_bind_all_nodes(kismet_t)
++corenet_tcp_bind_all_kismet_port(kismet_t)
++
+kernel_search_debugfs(kismet_t)
+
+auth_use_nsswitch(kismet_t)
@@ -7581,7 +7590,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in 2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in 2008-09-25 15:05:52.000000000 -0400
@@ -1,5 +1,5 @@
-policy_module(corenetwork,1.2.15)
@@ -7615,7 +7624,7 @@
network_port(ftp_data, tcp,20,s0)
network_port(ftp, tcp,21,s0)
network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
-@@ -109,11 +113,13 @@
+@@ -109,11 +113,14 @@
network_port(ircd, tcp,6667,s0)
network_port(isakmp, udp,500,s0)
network_port(iscsi, tcp,3260,s0)
@@ -7625,11 +7634,12 @@
network_port(kerberos_admin, tcp,464,s0, udp,464,s0, tcp,749,s0)
network_port(kerberos_master, tcp,4444,s0, udp,4444,s0)
network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0)
++network_port(kismet, tcp,2501,s0)
+network_port(kprop, tcp,754,s0)
network_port(ktalkd, udp,517,s0, udp,518,s0)
network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
-@@ -122,6 +128,8 @@
+@@ -122,6 +129,8 @@
network_port(mmcc, tcp,5050,s0, udp,5050,s0)
network_port(monopd, tcp,1234,s0)
network_port(msnp, tcp,1863,s0, udp,1863,s0)
@@ -7638,7 +7648,7 @@
network_port(mysqld, tcp,1186,s0, tcp,3306,s0)
portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
network_port(nessus, tcp,1241,s0)
-@@ -133,10 +141,13 @@
+@@ -133,10 +142,13 @@
network_port(pegasus_http, tcp,5988,s0)
network_port(pegasus_https, tcp,5989,s0)
network_port(postfix_policyd, tcp,10031,s0)
@@ -7652,7 +7662,7 @@
network_port(printer, tcp,515,s0)
network_port(ptal, tcp,5703,s0)
network_port(pxe, udp,4011,s0)
-@@ -148,11 +159,11 @@
+@@ -148,11 +160,11 @@
network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
network_port(rlogind, tcp,513,s0)
network_port(rndc, tcp,953,s0)
@@ -7666,7 +7676,7 @@
network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0)
network_port(spamd, tcp,783,s0)
-@@ -165,12 +176,18 @@
+@@ -165,12 +177,18 @@
network_port(syslogd, udp,514,s0)
network_port(telnetd, tcp,23,s0)
network_port(tftp, udp,69,s0)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.711
retrieving revision 1.712
diff -u -r1.711 -r1.712
--- selinux-policy.spec 23 Sep 2008 20:09:58 -0000 1.711
+++ selinux-policy.spec 26 Sep 2008 14:04:17 -0000 1.712
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 94%{?dist}
+Release: 95%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -386,6 +386,9 @@
%endif
%changelog
+* Tue Sep 25 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-95
+- Allow kismet to bind to port 2501
+
* Tue Sep 23 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-94
- Update to latest policy for NetworkManager
More information about the fedora-extras-commits
mailing list