[redhat-lspp] [PATCH 2/3]: labeled ipsec policy
Joy Latten
latten at austin.ibm.com
Tue Jan 9 00:22:30 UTC 2007
diff -urpN serefpolicy-2.4.6.patch/policy/modules/apps/evolution.if serefpolicy-2.4.6.patch2/policy/modules/apps/evolution.if
--- serefpolicy-2.4.6.patch/policy/modules/apps/evolution.if 2007-01-04 15:33:14.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/apps/evolution.if 2007-01-08 17:59:29.000000000 -0600
@@ -816,3 +816,57 @@ template(`evolution_stream_connect',`
allow $2 $1_evolution_t:unix_stream_socket connectto;
allow $2 $1_evolution_home_t:dir search;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`evolution_recv_labeledipsec_role',`
+ gen_require(`
+ type $1_evolution_t;
+ ')
+ allow $2 $1_evolution_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`evolution_recv_labeledipsec_server_role',`
+ gen_require(`
+ type $1_evolution_server_t;
+ ')
+ allow $2 $1_evolution_server_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`evolution_recv_labeledipsec_webcal_role',`
+ gen_require(`
+ type $1_evolution_webcal_t;
+ ')
+ allow $2 $1_evolution_webcal_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/apps/games.if serefpolicy-2.4.6.patch2/policy/modules/apps/games.if
--- serefpolicy-2.4.6.patch/policy/modules/apps/games.if 2007-01-04 15:33:14.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/apps/games.if 2007-01-05 10:47:48.000000000 -0600
@@ -169,3 +169,21 @@ template(`games_per_role_template',`
')
')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`games_recv_labeledipsec_role',`
+ gen_require(`
+ type $1_games_t;
+ ')
+ allow $2 $1_games_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/apps/gift.if serefpolicy-2.4.6.patch2/policy/modules/apps/gift.if
--- serefpolicy-2.4.6.patch/policy/modules/apps/gift.if 2007-01-04 15:33:14.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/apps/gift.if 2007-01-05 10:47:48.000000000 -0600
@@ -205,3 +205,39 @@ template(`gift_per_role_template',`
fs_manage_cifs_symlinks($1_giftd_t)
')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gift_recv_labeledipsec_client_role',`
+ gen_require(`
+ type $1_gift_t;
+ ')
+ allow $2 $1_gift_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gift_recv_labeledipsec_server_role',`
+ gen_require(`
+ type $1_giftd_t;
+ ')
+ allow $2 $1_giftd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/apps/gpg.if serefpolicy-2.4.6.patch2/policy/modules/apps/gpg.if
--- serefpolicy-2.4.6.patch/policy/modules/apps/gpg.if 2007-01-04 15:33:14.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/apps/gpg.if 2007-01-05 10:47:48.000000000 -0600
@@ -405,3 +405,39 @@ template(`gpg_signal_user_gpg',`
allow $2 $1_gpg_t:process signal;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gpg_recv_labeledipsec_role',`
+ gen_require(`
+ type $1_gpg_t;
+ ')
+ allow $2 $1_gpg_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gpg_recv_labeledipsec_helper_role',`
+ gen_require(`
+ type $1_gpg_helper_t;
+ ')
+ allow $2 $1_gpg_helper_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/apps/irc.if serefpolicy-2.4.6.patch2/policy/modules/apps/irc.if
--- serefpolicy-2.4.6.patch/policy/modules/apps/irc.if 2007-01-04 15:33:14.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/apps/irc.if 2007-01-05 10:47:48.000000000 -0600
@@ -158,3 +158,21 @@ template(`irc_per_role_template',`
nis_use_ypbind($1_irc_t)
')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`irc_recv_labeledipsec_role',`
+ gen_require(`
+ type $1_irc_t;
+ ')
+ allow $2 $1_irc_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/apps/java.if serefpolicy-2.4.6.patch2/policy/modules/apps/java.if
--- serefpolicy-2.4.6.patch/policy/modules/apps/java.if 2007-01-04 15:33:14.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/apps/java.if 2007-01-05 10:47:48.000000000 -0600
@@ -200,3 +200,21 @@ interface(`java_domtrans',`
refpolicywarn(`$0($1) has no effect in strict policy.')
')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`java_recv_labeledipsec_role',`
+ gen_require(`
+ type $1_javaplugin_t;
+ ')
+ allow $2 $1_javaplugin_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/apps/mozilla.if serefpolicy-2.4.6.patch2/policy/modules/apps/mozilla.if
--- serefpolicy-2.4.6.patch/policy/modules/apps/mozilla.if 2007-01-04 15:33:14.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/apps/mozilla.if 2007-01-05 10:47:48.000000000 -0600
@@ -411,3 +411,21 @@ template(`mozilla_per_role_template',`
')
')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mozilla_recv_labeledipsec_role',`
+ gen_require(`
+ type $1_mozilla_t;
+ ')
+ allow $2 $1_mozilla_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/apps/screen.if serefpolicy-2.4.6.patch2/policy/modules/apps/screen.if
--- serefpolicy-2.4.6.patch/policy/modules/apps/screen.if 2007-01-04 15:33:14.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/apps/screen.if 2007-01-05 10:47:48.000000000 -0600
@@ -199,3 +199,21 @@ template(`screen_per_role_template',`
')
') dnl TODO
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`screen_recv_labeledipsec_role',`
+ gen_require(`
+ type $1_screen_t;
+ ')
+ allow $2 $1_screen_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/apps/thunderbird.if serefpolicy-2.4.6.patch2/policy/modules/apps/thunderbird.if
--- serefpolicy-2.4.6.patch/policy/modules/apps/thunderbird.if 2007-01-04 15:33:14.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/apps/thunderbird.if 2007-01-05 10:47:48.000000000 -0600
@@ -348,3 +348,21 @@ template(`thunderbird_per_role_template'
')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`thunderbird_recv_labeledipsec_role',`
+ gen_require(`
+ type $1_thunderbird_t;
+ ')
+ allow $2 $1_thunderbird_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/apps/uml.if serefpolicy-2.4.6.patch2/policy/modules/apps/uml.if
--- serefpolicy-2.4.6.patch/policy/modules/apps/uml.if 2007-01-04 15:33:14.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/apps/uml.if 2007-01-05 10:47:48.000000000 -0600
@@ -250,3 +250,21 @@ interface(`uml_manage_util_files',`
allow $1 uml_switch_var_run_t:file create_file_perms;
allow $1 uml_switch_var_run_t:lnk_file create_lnk_perms;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`uml_recv_labeledipsec_role',`
+ gen_require(`
+ type $1_uml_t;
+ ')
+ allow $2 $1_uml_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/apps/vmware.if serefpolicy-2.4.6.patch2/policy/modules/apps/vmware.if
--- serefpolicy-2.4.6.patch/policy/modules/apps/vmware.if 2007-01-04 15:33:14.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/apps/vmware.if 2007-01-05 10:47:48.000000000 -0600
@@ -203,3 +203,21 @@ interface(`vmware_append_system_config',
allow $1 vmware_sys_conf_t:file append;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`vmware_recv_labeledipsec',`
+ gen_require(`
+ type vmware_host_t;
+ ')
+ allow $1 vmware_host_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/afs.if serefpolicy-2.4.6.patch2/policy/modules/services/afs.if
--- serefpolicy-2.4.6.patch/policy/modules/services/afs.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/afs.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,91 @@
## <summary>Andrew Filesystem server</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`afs_recv_labeledipsec_bosserver',`
+ gen_require(`
+ type afs_bosserver_t;
+ ')
+ allow $1 afs_bosserver_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`afs_recv_labeledipsec_fsserver',`
+ gen_require(`
+ type afs_fsserver_t;
+ ')
+ allow $1 afs_fsserver_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`afs_recv_labeledipsec_kaserver',`
+ gen_require(`
+ type afs_kaserver_t;
+ ')
+ allow $1 afs_kaserver_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`afs_recv_labeledipsec_ptserver',`
+ gen_require(`
+ type afs_ptserver_t;
+ ')
+ allow $1 afs_ptserver_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`afs_recv_labeledipsec_vlserver',`
+ gen_require(`
+ type afs_vlserver_t;
+ ')
+ allow $1 afs_vlserver_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/amavis.if serefpolicy-2.4.6.patch2/policy/modules/services/amavis.if
--- serefpolicy-2.4.6.patch/policy/modules/services/amavis.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/amavis.if 2007-01-05 10:47:48.000000000 -0600
@@ -174,3 +174,21 @@ interface(`amavis_setattr_pid_files',`
allow $1 amavis_var_run_t:file setattr;
files_search_pids($1)
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`amavis_recv_labeledipsec',`
+ gen_require(`
+ type amavis_t;
+ ')
+ allow $1 amavis_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/apache.if serefpolicy-2.4.6.patch2/policy/modules/services/apache.if
--- serefpolicy-2.4.6.patch/policy/modules/services/apache.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/apache.if 2007-01-05 10:47:48.000000000 -0600
@@ -1032,3 +1032,57 @@ interface(`apache_search_sys_script_stat
allow $1 httpd_sys_script_t:dir search;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`apache_recv_labeledipsec',`
+ gen_require(`
+ type httpd_t;
+ ')
+ allow $1 httpd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`apache_recv_labeledipsec_script_sys',`
+ gen_require(`
+ type httpd_sys_script_t;
+ ')
+ allow $1 httpd_sys_script_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`apache_recv_labeledipsec_script_role',`
+ gen_require(`
+ type httpd_$1_script_t;
+ ')
+ allow $2 httpd_$1_script_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/asterisk.if serefpolicy-2.4.6.patch2/policy/modules/services/asterisk.if
--- serefpolicy-2.4.6.patch/policy/modules/services/asterisk.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/asterisk.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>Asterisk IP telephony server</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`asterisk_recv_labeledipsec',`
+ gen_require(`
+ type asterisk_t;
+ ')
+ allow $1 asterisk_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/automount.if serefpolicy-2.4.6.patch2/policy/modules/services/automount.if
--- serefpolicy-2.4.6.patch/policy/modules/services/automount.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/automount.if 2007-01-05 10:47:48.000000000 -0600
@@ -81,3 +81,21 @@ interface(`automount_dontaudit_getattr_t
dontaudit $1 automount_tmp_t:dir getattr;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`autotmount_recv_labeledipsec',`
+ gen_require(`
+ type automount_t;
+ ')
+ allow $1 automoun_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/avahi.if serefpolicy-2.4.6.patch2/policy/modules/services/avahi.if
--- serefpolicy-2.4.6.patch/policy/modules/services/avahi.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/avahi.if 2007-01-05 10:47:48.000000000 -0600
@@ -41,3 +41,21 @@ interface(`avahi_stream_connect',`
allow $1 avahi_var_run_t:sock_file rw_file_perms;
allow $1 avahi_t:unix_stream_socket connectto;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`avahi_recv_labeledipsec',`
+ gen_require(`
+ type avahi_t;
+ ')
+ allow $1 avahi_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/bind.if serefpolicy-2.4.6.patch2/policy/modules/services/bind.if
--- serefpolicy-2.4.6.patch/policy/modules/services/bind.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/bind.if 2007-01-05 10:47:48.000000000 -0600
@@ -268,3 +268,39 @@ interface(`bind_read_zone',`
interface(`bind_udp_chat_named',`
refpolicywarn(`$0($*) has been deprecated.')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`bind_recv_labeledipsec_named',`
+ gen_require(`
+ type named_t;
+ ')
+ allow $1 named_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`bind_recv_labeledipsec_ndc',`
+ gen_require(`
+ type ndc_t;
+ ')
+ allow $1 ndc_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/bluetooth.if serefpolicy-2.4.6.patch2/policy/modules/services/bluetooth.if
--- serefpolicy-2.4.6.patch/policy/modules/services/bluetooth.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/bluetooth.if 2007-01-05 10:47:48.000000000 -0600
@@ -133,3 +133,21 @@ interface(`bluetooth_dontaudit_read_help
dontaudit $1 bluetooth_helper_t:dir search;
dontaudit $1 bluetooth_helper_t:file { read getattr };
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`bluetooth_recv_labeledipsec',`
+ gen_require(`
+ type bluetooth_t;
+ ')
+ allow $1 bluetooth_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/canna.if serefpolicy-2.4.6.patch2/policy/modules/services/canna.if
--- serefpolicy-2.4.6.patch/policy/modules/services/canna.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/canna.if 2007-01-05 10:47:48.000000000 -0600
@@ -20,3 +20,21 @@ interface(`canna_stream_connect',`
allow $1 canna_var_run_t:sock_file write;
allow $1 canna_t:unix_stream_socket connectto;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`canna_recv_labeledipsec',`
+ gen_require(`
+ type canna_t;
+ ')
+ allow $1 canna_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/ccs.if serefpolicy-2.4.6.patch2/policy/modules/services/ccs.if
--- serefpolicy-2.4.6.patch/policy/modules/services/ccs.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/ccs.if 2007-01-05 10:47:48.000000000 -0600
@@ -79,3 +79,21 @@ interface(`ccs_manage_config',`
allow $1 cluster_conf_t:dir manage_dir_perms;
allow $1 cluster_conf_t:file manage_file_perms;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ccs_recv_labeledipsec',`
+ gen_require(`
+ type ccs_t;
+ ')
+ allow $1 ccs_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/cipe.if serefpolicy-2.4.6.patch2/policy/modules/services/cipe.if
--- serefpolicy-2.4.6.patch/policy/modules/services/cipe.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/cipe.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>Encrypted tunnel daemon</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`cipe_recv_labeledipsec',`
+ gen_require(`
+ type ciped_t;
+ ')
+ allow $1 ciped_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/clamav.if serefpolicy-2.4.6.patch2/policy/modules/services/clamav.if
--- serefpolicy-2.4.6.patch/policy/modules/services/clamav.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/clamav.if 2007-01-05 10:47:48.000000000 -0600
@@ -102,3 +102,39 @@ interface(`clamav_domtrans_clamscan',`
allow clamscan_t $1:fifo_file rw_file_perms;
allow clamscan_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`clamav_recv_labeledipsec',`
+ gen_require(`
+ type clamd_t;
+ ')
+ allow $1 clamd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`clamav_recv_labeledipsec_freshclam',`
+ gen_require(`
+ type freshclam_t;
+ ')
+ allow $1 freshclam_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/clockspeed.if serefpolicy-2.4.6.patch2/policy/modules/services/clockspeed.if
--- serefpolicy-2.4.6.patch/policy/modules/services/clockspeed.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/clockspeed.if 2007-01-05 10:47:48.000000000 -0600
@@ -52,3 +52,39 @@ template(`clockspeed_run_cli',`
allow clockspeed_cli_t $3:chr_file { getattr read write ioctl };
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`clockspeed_recv_labeledipsec_cli',`
+ gen_require(`
+ type clockpeed_cli_t;
+ ')
+ allow $1 clockspeed_cli_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`clockspeed_recv_labeledipsec_srv',`
+ gen_require(`
+ type clockspeed_srv_t;
+ ')
+ allow $1 clockspeed_srv_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/comsat.if serefpolicy-2.4.6.patch2/policy/modules/services/comsat.if
--- serefpolicy-2.4.6.patch/policy/modules/services/comsat.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/comsat.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>Comsat, a biff server.</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`comsat_recv_labeledipsec',`
+ gen_require(`
+ type comsat_t;
+ ')
+ allow $1 comsat_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/courier.if serefpolicy-2.4.6.patch2/policy/modules/services/courier.if
--- serefpolicy-2.4.6.patch/policy/modules/services/courier.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/courier.if 2007-01-05 10:47:48.000000000 -0600
@@ -141,3 +141,112 @@ interface(`courier_domtrans_pop',`
allow courier_pop_t $1:fifo_file rw_file_perms;
allow courier_pop_t $1:process sigchld;
')
+
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`courier_recv_labeledipsec_auth',`
+ gen_require(`
+ type courier_authdaemon_t;
+ ')
+ allow $1 courier_authdaemon_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`courier_recv_labeledipsec_pcp',`
+ gen_require(`
+ type courier_pcp_t;
+ ')
+ allow $1 courier_pcp_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`courier_recv_labeledipsec_pop',`
+ gen_require(`
+ type courier_pop_t;
+ ')
+ allow $1 courier_pop_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`courier_recv_labeledipsec_tcpd',`
+ gen_require(`
+ type courier_tcpd_t;
+ ')
+ allow $1 courier_tcpd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`courier_recv_labeledipsec_sqwebmail',`
+ gen_require(`
+ type courier_sqwebmail_t;
+ ')
+ allow $1 courier_sqwebmail_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`courier_recv_labeledipsec_tmpl',`
+ gen_require(`
+ type courier_$1_t;
+ ')
+ allow $2 courier_$1_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/cups.if serefpolicy-2.4.6.patch2/policy/modules/services/cups.if
--- serefpolicy-2.4.6.patch/policy/modules/services/cups.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/cups.if 2007-01-05 10:47:48.000000000 -0600
@@ -263,3 +263,59 @@ interface(`cups_stream_connect_ptal',`
allow $1 ptal_var_run_t:sock_file write;
allow $1 ptal_t:unix_stream_socket connectto;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`cups_recv_labeledipsec',`
+ gen_require(`
+ type cupsd_t;
+ ')
+ allow $1 cupsd_t:association recvfrom;
+ allow $1 cupsd_config_t:association recvfrom;
+ allow $1 cupsd_lpd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`cups_recv_labeledipsec_ptal',`
+ gen_require(`
+ type ptal_t;
+ ')
+ allow $1 ptal_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`cups_recv_labeledipsec_hplip',`
+ gen_require(`
+ type hplip_t;
+ ')
+ allow $1 hplip_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/cvs.if serefpolicy-2.4.6.patch2/policy/modules/services/cvs.if
--- serefpolicy-2.4.6.patch/policy/modules/services/cvs.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/cvs.if 2007-01-05 10:47:48.000000000 -0600
@@ -37,3 +37,20 @@ interface(`cvs_exec',`
can_exec($1,cvs_exec_t)
')
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`cvs_recv_labeledipsec',`
+ gen_require(`
+ type cvs_t;
+ ')
+ allow $1 cvs_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/cyrus.if serefpolicy-2.4.6.patch2/policy/modules/services/cyrus.if
--- serefpolicy-2.4.6.patch/policy/modules/services/cyrus.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/cyrus.if 2007-01-05 10:47:48.000000000 -0600
@@ -42,3 +42,21 @@ interface(`cyrus_stream_connect',`
allow $1 cyrus_var_lib_t:sock_file write;
allow $1 cyrus_t:unix_stream_socket connectto;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`cyrus_recv_labeledipsec',`
+ gen_require(`
+ type cyrus_t;
+ ')
+ allow $1 cyrus_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/dante.if serefpolicy-2.4.6.patch2/policy/modules/services/dante.if
--- serefpolicy-2.4.6.patch/policy/modules/services/dante.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/dante.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>Dante msproxy and socks4/5 proxy server</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dante_recv_labeledipsec',`
+ gen_require(`
+ type dante_t;
+ ')
+ allow $1 dante_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/dbskk.if serefpolicy-2.4.6.patch2/policy/modules/services/dbskk.if
--- serefpolicy-2.4.6.patch/policy/modules/services/dbskk.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/dbskk.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>Dictionary server for the SKK Japanese input method system.</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dbskk_recv_labeledipsec',`
+ gen_require(`
+ type dbskkd_t;
+ ')
+ allow $1 dbskkd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/dbus.if serefpolicy-2.4.6.patch2/policy/modules/services/dbus.if
--- serefpolicy-2.4.6.patch/policy/modules/services/dbus.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/dbus.if 2007-01-05 10:47:48.000000000 -0600
@@ -354,3 +354,21 @@ interface(`dbus_system_bus_unconfined',`
allow $1 system_dbusd_t:dbus *;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dbus_recv_labeledipsec_role',`
+ gen_require(`
+ type $1_dbusd_t;
+ ')
+ allow $2 $1_dbusd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/dcc.if serefpolicy-2.4.6.patch2/policy/modules/services/dcc.if
--- serefpolicy-2.4.6.patch/policy/modules/services/dcc.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/dcc.if 2007-01-05 10:47:48.000000000 -0600
@@ -182,3 +182,111 @@ interface(`dcc_stream_connect_dccifd',`
allow $1 dccifd_var_run_t:sock_file { getattr write };
allow $1 dccifd_t:unix_stream_socket connectto;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dcc_recv_labeledipsec_cdcc',`
+ gen_require(`
+ type cdcc_t;
+ ')
+ allow $1 cdcc_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dcc_recv_labeledipsec_client',`
+ gen_require(`
+ type dcc_client_t;
+ ')
+ allow $1 dcc_client_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dcc_recv_labeledipsec_dbclean',`
+ gen_require(`
+ type dcc_dbclean_t;
+ ')
+ allow $1 dcc_dbclean_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dcc_recv_labeledipsec_dccd',`
+ gen_require(`
+ type dccd_t;
+ ')
+ allow $1 dccd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dcc_recv_labeledipsec_dccifd',`
+ gen_require(`
+ type dccifd_t;
+ ')
+ allow $1 dccifd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dcc_recv_labeledipsec_dccm',`
+ gen_require(`
+ type dccm_t;
+ ')
+ allow $1 dccm_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/ddclient.if serefpolicy-2.4.6.patch2/policy/modules/services/ddclient.if
--- serefpolicy-2.4.6.patch/policy/modules/services/ddclient.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/ddclient.if 2007-01-05 10:47:48.000000000 -0600
@@ -23,3 +23,21 @@ interface(`ddclient_domtrans',`
allow ddclient_t $1:fifo_file rw_file_perms;
allow ddclient_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ddclient_recv_labeledipsec',`
+ gen_require(`
+ type ddclient_t;
+ ')
+ allow $1 ddclient_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/dhcp.if serefpolicy-2.4.6.patch2/policy/modules/services/dhcp.if
--- serefpolicy-2.4.6.patch/policy/modules/services/dhcp.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/dhcp.if 2007-01-05 10:47:48.000000000 -0600
@@ -19,3 +19,21 @@ interface(`dhcpd_setattr_state_files',`
sysnet_search_dhcp_state($1)
allow $1 dhcpd_state_t:file setattr;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dhcpd_recv_labeledipsec',`
+ gen_require(`
+ type dhcpd_t;
+ ')
+ allow $1 dhcpd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/dictd.if serefpolicy-2.4.6.patch2/policy/modules/services/dictd.if
--- serefpolicy-2.4.6.patch/policy/modules/services/dictd.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/dictd.if 2007-01-05 10:47:48.000000000 -0600
@@ -14,3 +14,21 @@
interface(`dictd_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dictd_recv_labeledipsec',`
+ gen_require(`
+ type dictd_t;
+ ')
+ allow $1 dictd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/distcc.if serefpolicy-2.4.6.patch2/policy/modules/services/distcc.if
--- serefpolicy-2.4.6.patch/policy/modules/services/distcc.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/distcc.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>Distributed compiler daemon</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`distcc_recv_labeledipsec',`
+ gen_require(`
+ type distccd_t;
+ ')
+ allow $1 distccd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/djbdns.if serefpolicy-2.4.6.patch2/policy/modules/services/djbdns.if
--- serefpolicy-2.4.6.patch/policy/modules/services/djbdns.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/djbdns.if 2007-01-05 10:47:48.000000000 -0600
@@ -53,3 +53,57 @@ template(`djbdns_daemontools_domain_temp
libs_use_ld_so(djbdns_$1_t)
libs_use_shared_libs(djbdns_$1_t)
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`djbdns_recv_labeledipsec_dnscache',`
+ gen_require(`
+ type djbdns_dnscache_t;
+ ')
+ allow $1 djbdns_dnscache_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`djbdns_recv_labeledipsec_tinydns',`
+ gen_require(`
+ type djbdns_tinydns_t;
+ ')
+ allow $1 djbdns_tinydns_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`djbdns_recv_labeledipsec_domain',`
+ gen_require(`
+ type djbdns_$1_t;
+ ')
+ allow $2 djbdns_$1_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/dnsmasq.if serefpolicy-2.4.6.patch2/policy/modules/services/dnsmasq.if
--- serefpolicy-2.4.6.patch/policy/modules/services/dnsmasq.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/dnsmasq.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>dnsmasq DNS forwarder and DHCP server</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dnsmasq_recv_labeledipsec',`
+ gen_require(`
+ type dnsmasq_t;
+ ')
+ allow $1 dnsmasq_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/dovecot.if serefpolicy-2.4.6.patch2/policy/modules/services/dovecot.if
--- serefpolicy-2.4.6.patch/policy/modules/services/dovecot.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/dovecot.if 2007-01-05 10:47:48.000000000 -0600
@@ -19,3 +19,21 @@ interface(`dovecot_manage_spool',`
allow $1 dovecot_spool_t:file create_file_perms;
allow $1 dovecot_spool_t:lnk_file create_lnk_perms;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`dovecot_recv_labeledipsec',`
+ gen_require(`
+ type dovecot_t;
+ ')
+ allow $1 dovecot_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/fetchmail.if serefpolicy-2.4.6.patch2/policy/modules/services/fetchmail.if
--- serefpolicy-2.4.6.patch/policy/modules/services/fetchmail.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/fetchmail.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>Remote-mail retrieval and forwarding utility</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`fetchmail_recv_labeledipsec',`
+ gen_require(`
+ type mrtg_t;
+ ')
+ allow $1 fetchmail_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/finger.if serefpolicy-2.4.6.patch2/policy/modules/services/finger.if
--- serefpolicy-2.4.6.patch/policy/modules/services/finger.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/finger.if 2007-01-05 10:47:48.000000000 -0600
@@ -36,3 +36,21 @@ interface(`finger_domtrans',`
interface(`finger_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`finger_recv_labeledipsec',`
+ gen_require(`
+ type fingerd_t;
+ ')
+ allow $1 fingerd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/ftp.if serefpolicy-2.4.6.patch2/policy/modules/services/ftp.if
--- serefpolicy-2.4.6.patch/policy/modules/services/ftp.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/ftp.if 2007-01-05 10:47:48.000000000 -0600
@@ -126,3 +126,21 @@ interface(`ftp_domtrans_ftpdctl',`
allow ftpdctl_t $1:fifo_file rw_file_perms;
allow ftpdctl_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ftp_recv_labeledipsec',`
+ gen_require(`
+ type ftpd_t;
+ ')
+ allow $1 ftpd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/gatekeeper.if serefpolicy-2.4.6.patch2/policy/modules/services/gatekeeper.if
--- serefpolicy-2.4.6.patch/policy/modules/services/gatekeeper.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/gatekeeper.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>OpenH.323 Voice-Over-IP Gatekeeper</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`gatekeeper_recv_labeledipsec',`
+ gen_require(`
+ type gatekeeper_t;
+ ')
+ allow $1 gatekeeper_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/hal.if serefpolicy-2.4.6.patch2/policy/modules/services/hal.if
--- serefpolicy-2.4.6.patch/policy/modules/services/hal.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/hal.if 2007-01-05 10:47:48.000000000 -0600
@@ -177,3 +177,21 @@ interface(`hal_dontaudit_append_var_lib_
files_search_pids($1)
dontaudit $1 hald_var_lib_t:file ra_file_perms;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`hal_recv_labeledipsec',`
+ gen_require(`
+ type hald_t;
+ ')
+ allow $1 hald_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/howl.if serefpolicy-2.4.6.patch2/policy/modules/services/howl.if
--- serefpolicy-2.4.6.patch/policy/modules/services/howl.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/howl.if 2007-01-05 10:47:48.000000000 -0600
@@ -17,3 +17,21 @@ interface(`howl_signal',`
allow $1 howl_t:process signal;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`howl_recv_labeledipsec',`
+ gen_require(`
+ type howl_t;
+ ')
+ allow $1 howl_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/i18n_input.if serefpolicy-2.4.6.patch2/policy/modules/services/i18n_input.if
--- serefpolicy-2.4.6.patch/policy/modules/services/i18n_input.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/i18n_input.if 2007-01-05 10:47:48.000000000 -0600
@@ -13,3 +13,21 @@
interface(`i18n_use',`
refpolicywarn(`$0($*) has been deprecated.')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`i18n_recv_labeledipsec',`
+ gen_require(`
+ type i18n_input_t;
+ ')
+ allow $1 i18n_input_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/imaze.if serefpolicy-2.4.6.patch2/policy/modules/services/imaze.if
--- serefpolicy-2.4.6.patch/policy/modules/services/imaze.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/imaze.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>iMaze game server</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`imaze_recv_labeledipsec',`
+ gen_require(`
+ type imazesrv_t;
+ ')
+ allow $1 imazesrv_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/inetd.if serefpolicy-2.4.6.patch2/policy/modules/services/inetd.if
--- serefpolicy-2.4.6.patch/policy/modules/services/inetd.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/inetd.if 2007-01-05 10:47:48.000000000 -0600
@@ -236,3 +236,39 @@ interface(`inetd_rw_tcp_sockets',`
allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`inetd_recv_labeledipsec',`
+ gen_require(`
+ type inetd_t;
+ ')
+ allow $1 inetd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`inetd_recv_labeledipsec_child',`
+ gen_require(`
+ type inetd_child_t;
+ ')
+ allow $1 inetd_child_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/inn.if serefpolicy-2.4.6.patch2/policy/modules/services/inn.if
--- serefpolicy-2.4.6.patch/policy/modules/services/inn.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/inn.if 2007-01-05 10:47:48.000000000 -0600
@@ -182,3 +182,20 @@ interface(`inn_domtrans',`
allow innd_t $1:process sigchld;
')
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`inn_recv_labeledipsec',`
+ gen_require(`
+ type innd_t;
+ ')
+ allow $1 innd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/ircd.if serefpolicy-2.4.6.patch2/policy/modules/services/ircd.if
--- serefpolicy-2.4.6.patch/policy/modules/services/ircd.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/ircd.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>IRC server</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ircd_recv_labeledipsec',`
+ gen_require(`
+ type ircd_t;
+ ')
+ allow $1 ircd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/jabber.if serefpolicy-2.4.6.patch2/policy/modules/services/jabber.if
--- serefpolicy-2.4.6.patch/policy/modules/services/jabber.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/jabber.if 2007-01-05 10:47:48.000000000 -0600
@@ -13,3 +13,21 @@
interface(`jabber_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`jabber_recv_labeledipsec',`
+ gen_require(`
+ type jabberd_t;
+ ')
+ allow $1 jabberd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/kerberos.if serefpolicy-2.4.6.patch2/policy/modules/services/kerberos.if
--- serefpolicy-2.4.6.patch/policy/modules/services/kerberos.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/kerberos.if 2007-01-05 10:47:48.000000000 -0600
@@ -142,3 +142,39 @@ interface(`kerberos_read_keytab',`
files_search_etc($1)
allow $1 krb5_keytab_t:file r_file_perms;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`kerberos_recv_labeledipsec_kadmind',`
+ gen_require(`
+ type kadmind_t;
+ ')
+ allow $1 kadmind_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`kerberos_recv_labeledipsec_krb5kdc',`
+ gen_require(`
+ type krb5kdc_t;
+ ')
+ allow $1 krb5kdc_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/ktalk.if serefpolicy-2.4.6.patch2/policy/modules/services/ktalk.if
--- serefpolicy-2.4.6.patch/policy/modules/services/ktalk.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/ktalk.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>KDE Talk daemon</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ktalk_recv_labeledipsec',`
+ gen_require(`
+ type ktalkd_t;
+ ')
+ allow $1 ktalkd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/ldap.if serefpolicy-2.4.6.patch2/policy/modules/services/ldap.if
--- serefpolicy-2.4.6.patch/policy/modules/services/ldap.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/ldap.if 2007-01-05 10:47:48.000000000 -0600
@@ -73,3 +73,21 @@ interface(`ldap_stream_connect',`
allow $1 slapd_var_run_t:sock_file write;
allow $1 slapd_t:unix_stream_socket connectto;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ldap_recv_labeledipsec',`
+ gen_require(`
+ type slapd_t;
+ ')
+ allow $1 slapd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/lpd.if serefpolicy-2.4.6.patch2/policy/modules/services/lpd.if
--- serefpolicy-2.4.6.patch/policy/modules/services/lpd.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/lpd.if 2007-01-05 10:47:48.000000000 -0600
@@ -406,3 +406,56 @@ template(`lpd_domtrans_user_lpr',`
allow $1_lpr_t $2:process sigchld;
')
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`lpd_recv_labeledipsec',`
+ gen_require(`
+ type lpd_t;
+ ')
+ allow $1 lpd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`lpd_recv_labeledipsec_checkpc',`
+ gen_require(`
+ type checkpc_t;
+ ')
+ allow $1 checkpc_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`lpd_recv_labeledipsec_role',`
+ gen_require(`
+ type $1_lpr_t;
+ ')
+ allow $2 $1_lpr_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/mailman.if serefpolicy-2.4.6.patch2/policy/modules/services/mailman.if
--- serefpolicy-2.4.6.patch/policy/modules/services/mailman.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/mailman.if 2007-01-05 10:47:48.000000000 -0600
@@ -334,3 +334,74 @@ interface(`mailman_domtrans_queue',`
allow mailman_queue_t $1:process sigchld;
')
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mailman_recv_labeledipsec_cgi',`
+ gen_require(`
+ type mailman_cgi_t;
+ ')
+ allow $1 mailman_cgi_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mailman_recv_labeledipsec_mail',`
+ gen_require(`
+ type mailman_mail_t;
+ ')
+ allow $1 mailman_mail_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mailman_recv_labeledipsec_queue',`
+ gen_require(`
+ type mailman_queue_t;
+ ')
+ allow $1 mailman_queue_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mailman_recv_labeledipsec_tmpl',`
+ gen_require(`
+ type mailman_$1_t;
+ ')
+ allow $2 mailman_$1_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/monop.if serefpolicy-2.4.6.patch2/policy/modules/services/monop.if
--- serefpolicy-2.4.6.patch/policy/modules/services/monop.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/monop.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>Monopoly daemon</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`monop_recv_labeledipsec',`
+ gen_require(`
+ type monopd_t;
+ ')
+ allow $1 monopd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/mta.if serefpolicy-2.4.6.patch2/policy/modules/services/mta.if
--- serefpolicy-2.4.6.patch/policy/modules/services/mta.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/mta.if 2007-01-05 10:47:48.000000000 -0600
@@ -883,3 +883,21 @@ interface(`mta_rw_user_mail_stream_socke
allow $1 user_mail_domain:unix_stream_socket rw_socket_perms;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mta_recv_labeledipsec_role',`
+ gen_require(`
+ type $1_mail_t;
+ ')
+ allow $2 $_mail_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/munin.if serefpolicy-2.4.6.patch2/policy/modules/services/munin.if
--- serefpolicy-2.4.6.patch/policy/modules/services/munin.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/munin.if 2007-01-05 10:47:48.000000000 -0600
@@ -61,3 +61,21 @@ interface(`munin_search_lib',`
allow $1 munin_var_lib_t:dir search_dir_perms;
files_search_var_lib($1)
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`munin_recv_labeledipsec',`
+ gen_require(`
+ type munin_t;
+ ')
+ allow $1 munin_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/mysql.if serefpolicy-2.4.6.patch2/policy/modules/services/mysql.if
--- serefpolicy-2.4.6.patch/policy/modules/services/mysql.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/mysql.if 2007-01-05 10:47:48.000000000 -0600
@@ -159,3 +159,21 @@ interface(`mysql_write_log',`
logging_search_logs($1)
allow $1 mysqld_log_t:file { write append setattr ioctl };
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mysql_recv_labeledipsec',`
+ gen_require(`
+ type mysqld_t;
+ ')
+ allow $1 mysqld_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/nagios.if serefpolicy-2.4.6.patch2/policy/modules/services/nagios.if
--- serefpolicy-2.4.6.patch/policy/modules/services/nagios.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/nagios.if 2007-01-05 10:47:48.000000000 -0600
@@ -85,3 +85,21 @@ interface(`nagios_domtrans_nrpe',`
allow nrpe_t $1:fifo_file rw_file_perms;
allow nrpe_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`nagios_recv_labeledipsec',`
+ gen_require(`
+ type nagios_t;
+ ')
+ allow $1 nagios_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/nessus.if serefpolicy-2.4.6.patch2/policy/modules/services/nessus.if
--- serefpolicy-2.4.6.patch/policy/modules/services/nessus.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/nessus.if 2007-01-05 10:47:48.000000000 -0600
@@ -13,3 +13,21 @@
interface(`nessus_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`nessus_recv_labeledipsec',`
+ gen_require(`
+ type nessus_t;
+ ')
+ allow $1 nessus_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/networkmanager.if serefpolicy-2.4.6.patch2/policy/modules/services/networkmanager.if
--- serefpolicy-2.4.6.patch/policy/modules/services/networkmanager.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/networkmanager.if 2007-01-05 10:47:48.000000000 -0600
@@ -78,3 +78,21 @@ interface(`networkmanager_dbus_chat',`
allow $1 NetworkManager_t:dbus send_msg;
allow NetworkManager_t $1:dbus send_msg;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`networkmanager_recv_labeledipsec',`
+ gen_require(`
+ type mrtg_t;
+ ')
+ allow $1 NetworkManager_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/nis.if serefpolicy-2.4.6.patch2/policy/modules/services/nis.if
--- serefpolicy-2.4.6.patch/policy/modules/services/nis.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/nis.if 2007-01-05 10:47:48.000000000 -0600
@@ -255,3 +255,75 @@ interface(`nis_domtrans_ypxfr',`
allow ypxfr_t $1:fifo_file rw_file_perms;
allow ypxfr_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`nis_recv_labeledipsec_ypbind',`
+ gen_require(`
+ type ypbind_t;
+ ')
+ allow $1 ypbind_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`nis_recv_labeledipsec_yppasswdd',`
+ gen_require(`
+ type yppasswdd_t;
+ ')
+ allow $1 yppasswd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`nis_recv_labeledipsec_ypserv',`
+ gen_require(`
+ type ypserv_t;
+ ')
+ allow $1 ypserv_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`nis_recv_labeledipsec_ypxfr',`
+ gen_require(`
+ type ypxfr_t;
+ ')
+ allow $1 ypxfr_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/nscd.if serefpolicy-2.4.6.patch2/policy/modules/services/nscd.if
--- serefpolicy-2.4.6.patch/policy/modules/services/nscd.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/nscd.if 2007-01-05 10:47:48.000000000 -0600
@@ -201,3 +201,20 @@ interface(`nscd_role',`
role $1 types nscd_t;
')
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`nscd_recv_labeledipsec',`
+ gen_require(`
+ type nscd_t;
+ ')
+ allow $1 nscd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/nsd.if serefpolicy-2.4.6.patch2/policy/modules/services/nsd.if
--- serefpolicy-2.4.6.patch/policy/modules/services/nsd.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/nsd.if 2007-01-05 10:47:48.000000000 -0600
@@ -27,3 +27,39 @@ interface(`nsd_udp_chat',`
interface(`nsd_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`nsd_recv_labeledipsec',`
+ gen_require(`
+ type nsd_t;
+ ')
+ allow $1 nsd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`nsd_recv_labeledipsec_cron',`
+ gen_require(`
+ type nsd_crond_t;
+ ')
+ allow $1 nsd_crond_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/ntp.if serefpolicy-2.4.6.patch2/policy/modules/services/ntp.if
--- serefpolicy-2.4.6.patch/policy/modules/services/ntp.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/ntp.if 2007-01-05 10:47:48.000000000 -0600
@@ -63,3 +63,21 @@ interface(`ntp_domtrans_ntpdate',`
allow ntpd_t $1:fifo_file rw_file_perms;
allow ntpd_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ntp_recv_labeledipsec',`
+ gen_require(`
+ type ntpd_t;
+ ')
+ allow $1 ntpd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/nx.if serefpolicy-2.4.6.patch2/policy/modules/services/nx.if
--- serefpolicy-2.4.6.patch/policy/modules/services/nx.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/nx.if 2007-01-05 10:47:48.000000000 -0600
@@ -20,3 +20,21 @@ interface(`nx_spec_domtrans_server',`
allow nx_server_t $1:fifo_file rw_file_perms;
allow nx_server_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`nx_spec_recv_labeledipsec',`
+ gen_require(`
+ type nx_server_t;
+ ')
+ allow $1 nx_server_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/oav.if serefpolicy-2.4.6.patch2/policy/modules/services/oav.if
--- serefpolicy-2.4.6.patch/policy/modules/services/oav.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/oav.if 2007-01-05 10:47:48.000000000 -0600
@@ -55,3 +55,39 @@ interface(`oav_run_update',`
role $2 types oav_update_t;
allow oav_update_t $3:chr_file rw_term_perms;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`oav_recv_labeledipsec_update',`
+ gen_require(`
+ type oav_update_t;
+ ')
+ allow $1 oav_update_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`oav_recv_labeledipsec_scannerdaemon',`
+ gen_require(`
+ type scannerdaemon_t;
+ ')
+ allow $1 scannerdaemon_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/openvpn.if serefpolicy-2.4.6.patch2/policy/modules/services/openvpn.if
--- serefpolicy-2.4.6.patch/policy/modules/services/openvpn.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/openvpn.if 2007-01-05 10:47:48.000000000 -0600
@@ -22,3 +22,21 @@ interface(`openvpn_read_config',`
allow $1 openvpn_etc_t:file r_file_perms;
allow $1 openvpn_etc_t:lnk_file { getattr read };
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`openvpn_recv_labeledipsec',`
+ gen_require(`
+ type openvpn_t;
+ ')
+ allow $1 openvpn_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/pcscd.if serefpolicy-2.4.6.patch2/policy/modules/services/pcscd.if
--- serefpolicy-2.4.6.patch/policy/modules/services/pcscd.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/pcscd.if 2007-01-05 10:47:48.000000000 -0600
@@ -21,3 +21,21 @@ interface(`pcscd_domtrans',`
allow pcscd_t $1:fifo_file rw_file_perms;
allow pcscd_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`pcscd_recv_labeledipsec',`
+ gen_require(`
+ type pcscd_t;
+ ')
+ allow $1 pcscd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/pegasus.if serefpolicy-2.4.6.patch2/policy/modules/services/pegasus.if
--- serefpolicy-2.4.6.patch/policy/modules/services/pegasus.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/pegasus.if 2007-01-05 10:47:48.000000000 -0600
@@ -30,3 +30,21 @@ interface(`pegasus_domtrans',`
allow pegasus_t $1:fifo_file rw_file_perms;
allow pegasus_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`pegasus_recv_labeledipsec',`
+ gen_require(`
+ type pegasus_t;
+ ')
+ allow $1 pegasus_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/perdition.if serefpolicy-2.4.6.patch2/policy/modules/services/perdition.if
--- serefpolicy-2.4.6.patch/policy/modules/services/perdition.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/perdition.if 2007-01-05 10:47:48.000000000 -0600
@@ -13,3 +13,21 @@
interface(`perdition_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`perdition_recv_labeledipsec',`
+ gen_require(`
+ type perdition_t;
+ ')
+ allow $1 perdition_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/portmap.if serefpolicy-2.4.6.patch2/policy/modules/services/portmap.if
--- serefpolicy-2.4.6.patch/policy/modules/services/portmap.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/portmap.if 2007-01-05 10:47:48.000000000 -0600
@@ -98,3 +98,39 @@ interface(`portmap_udp_chat',`
interface(`portmap_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`portmap_recv_labeledipsec',`
+ gen_require(`
+ type portmap_t;
+ ')
+ allow $1 portmap_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`portmap_recv_labeledipsec_helper',`
+ gen_require(`
+ type portmap_helper_t;
+ ')
+ allow $1 portmap_helper_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/portslave.if serefpolicy-2.4.6.patch2/policy/modules/services/portslave.if
--- serefpolicy-2.4.6.patch/policy/modules/services/portslave.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/portslave.if 2007-01-05 10:47:48.000000000 -0600
@@ -22,3 +22,21 @@ interface(`portslave_domtrans',`
allow portslave_t $1:fifo_file rw_file_perms;
allow portslave_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`portslave_recv_labeledipsec',`
+ gen_require(`
+ type portslave_t;
+ ')
+ allow $1 portslave_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/postfix.if serefpolicy-2.4.6.patch2/policy/modules/services/postfix.if
--- serefpolicy-2.4.6.patch/policy/modules/services/postfix.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/postfix.if 2007-01-05 10:47:48.000000000 -0600
@@ -485,3 +485,256 @@ interface(`postfix_domtrans_user_mail_ha
typeattribute $1 postfix_user_domtrans;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postfix_recv_labeledipsec_master',`
+ gen_require(`
+ type postfix_master_t;
+ ')
+ allow $1 postfix_master_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postfix_recv_labeledipsec_map',`
+ gen_require(`
+ type postfix_map_t;
+ ')
+ allow $1 postfix_map_t:association recvfrom;
+')
+
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postfix_recv_labeledipsec_postdrop',`
+ gen_require(`
+ type postfix_postdrop_t;
+ ')
+ allow $1 postfix_postdrop_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postfix_recv_labeledipsec_postqueue',`
+ gen_require(`
+ type postfix_postqueue_t;
+ ')
+ allow $1 postfix_postqueue_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postfix_recv_labeledipsec_showq',`
+ gen_require(`
+ type postfix_showq_t;
+ ')
+ allow $1 postfix_showq_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postfix_recv_labeledipsec_bounce',`
+ gen_require(`
+ type postfix_bounce_t;
+ ')
+ allow $1 postfix_bounce_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postfix_recv_labeledipsec_cleanup',`
+ gen_require(`
+ type postfix_cleanup_t;
+ ')
+ allow $1 postfix_cleanup_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postfix_recv_labeledipsec_local',`
+ gen_require(`
+ type postfix_local_t;
+ ')
+ allow $1 postfix_local_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postfix_recv_labeledipsec_pickup',`
+ gen_require(`
+ type postfix_pickup_t;
+ ')
+ allow $1 postfix_pickup_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postfix_recv_labeledipsec_pipe',`
+ gen_require(`
+ type postfix_pipe_t;
+ ')
+ allow $1 postfix_pipe_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postfix_recv_labeledipsec_qmgr',`
+ gen_require(`
+ type postfix_qmgr_t;
+ ')
+ allow $1 postfix_qmgr_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postfix_recv_labeledipsec_smtp',`
+ gen_require(`
+ type postfix_smtp_t;
+ ')
+ allow $1 postfix_smtp_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postfix_recv_labeledipsec_smtpd',`
+ gen_require(`
+ type postfix_smtpd_t;
+ ')
+ allow $1 postfix_smtpd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postfix_recv_labeledipsec_tmpl',`
+ gen_require(`
+ type postfix_$1_t;
+ ')
+ allow $2 postfix_$1_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/postgresql.if serefpolicy-2.4.6.patch2/policy/modules/services/postgresql.if
--- serefpolicy-2.4.6.patch/policy/modules/services/postgresql.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/postgresql.if 2007-01-05 10:47:48.000000000 -0600
@@ -118,3 +118,21 @@ interface(`postgresql_stream_connect',`
# Some versions of postgresql put the sock file in /tmp
allow $1 postgresql_tmp_t:sock_file write;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postgresql_recv_labeledipsec',`
+ gen_require(`
+ type postgresql_t;
+ ')
+ allow $1 postgresql_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/postgrey.if serefpolicy-2.4.6.patch2/policy/modules/services/postgrey.if
--- serefpolicy-2.4.6.patch/policy/modules/services/postgrey.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/postgrey.if 2007-01-05 10:47:48.000000000 -0600
@@ -19,3 +19,21 @@ interface(`postgrey_stream_connect',`
allow $1 postgrey_var_run_t:sock_file write;
files_search_pids($1)
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`postgrey_recv_labeledipsec',`
+ gen_require(`
+ type postgrey_t;
+ ')
+ allow $1 postgrey_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/ppp.if serefpolicy-2.4.6.patch2/policy/modules/services/ppp.if
--- serefpolicy-2.4.6.patch/policy/modules/services/ppp.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/ppp.if 2007-01-05 10:47:48.000000000 -0600
@@ -255,3 +255,39 @@ interface(`ppp_pid_filetrans',`
files_pid_filetrans($1,pppd_var_run_t,file)
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ppp_recv_labeledipsec',`
+ gen_require(`
+ type pppd_t;
+ ')
+ allow $1 pppd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ppp_recv_labeledipsec_pptp',`
+ gen_require(`
+ type pptp_t;
+ ')
+ allow $1 pptp_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/privoxy.if serefpolicy-2.4.6.patch2/policy/modules/services/privoxy.if
--- serefpolicy-2.4.6.patch/policy/modules/services/privoxy.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/privoxy.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>Privacy enhancing web proxy.</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`privoxy_recv_labeledipsec',`
+ gen_require(`
+ type privoxy_t;
+ ')
+ allow $1 privoxy_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/procmail.if serefpolicy-2.4.6.patch2/policy/modules/services/procmail.if
--- serefpolicy-2.4.6.patch/policy/modules/services/procmail.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/procmail.if 2007-01-05 10:47:48.000000000 -0600
@@ -44,3 +44,21 @@ interface(`procmail_exec',`
corecmd_search_bin($1)
can_exec($1,procmail_exec_t)
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`procmail_recv_labeledipsec',`
+ gen_require(`
+ type procmail_t;
+ ')
+ allow $1 procmail_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/pyzor.if serefpolicy-2.4.6.patch2/policy/modules/services/pyzor.if
--- serefpolicy-2.4.6.patch/policy/modules/services/pyzor.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/pyzor.if 2007-01-05 10:47:48.000000000 -0600
@@ -78,3 +78,21 @@ template(`pyzor_per_role_template',`
userdom_search_user_home_dirs($1,pyzord_t)
userdom_user_home_dir_filetrans($1,pyzord_t,$1_pyzor_home_t,{ dir file lnk_file })
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`pyzor_recv_labeledipsec',`
+ gen_require(`
+ type pyzord_t;
+ ')
+ allow $1 pyzord_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/qmail.if serefpolicy-2.4.6.patch2/policy/modules/services/qmail.if
--- serefpolicy-2.4.6.patch/policy/modules/services/qmail.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/qmail.if 2007-01-05 10:47:48.000000000 -0600
@@ -208,3 +208,21 @@ interface(`qmail_smtpd_service_domain',`
allow $1 qmail_smtpd_t:fifo_file { read write };
allow $1 qmail_smtpd_t:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`qmail_recv_labeledipsec',`
+ gen_require(`
+ type qmail_remote_t;
+ ')
+ allow $1 qmail_remote_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/radius.if serefpolicy-2.4.6.patch2/policy/modules/services/radius.if
--- serefpolicy-2.4.6.patch/policy/modules/services/radius.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/radius.if 2007-01-05 10:47:48.000000000 -0600
@@ -13,3 +13,21 @@
interface(`radius_use',`
refpolicywarn(`$0($*) has been deprecated.')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`radius_recv_labeledipsec',`
+ gen_require(`
+ type radiusd_t;
+ ')
+ allow $1 radiusd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/radvd.if serefpolicy-2.4.6.patch2/policy/modules/services/radvd.if
--- serefpolicy-2.4.6.patch/policy/modules/services/radvd.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/radvd.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>IPv6 router advertisement daemon</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`radvd_recv_labeledipsec',`
+ gen_require(`
+ type radvd_t;
+ ')
+ allow $1 radvd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/razor.if serefpolicy-2.4.6.patch2/policy/modules/services/razor.if
--- serefpolicy-2.4.6.patch/policy/modules/services/razor.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/razor.if 2007-01-05 10:47:48.000000000 -0600
@@ -215,3 +215,39 @@ interface(`razor_domtrans',`
allow razor_t $1:fifo_file rw_file_perms;
allow razor_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`razor_recv_labeledipsec',`
+ gen_require(`
+ type razor_t;
+ ')
+ allow $1 razor_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`razor_recv_labeledipsec_role',`
+ gen_require(`
+ type $1_t;
+ ')
+ allow $2 $1_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/rdisc.if serefpolicy-2.4.6.patch2/policy/modules/services/rdisc.if
--- serefpolicy-2.4.6.patch/policy/modules/services/rdisc.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/rdisc.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>Network router discovery daemon</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`rdisc_recv_labeledipsec',`
+ gen_require(`
+ type rdisc_t;
+ ')
+ allow $1 rdisc_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/ricci.if serefpolicy-2.4.6.patch2/policy/modules/services/ricci.if
--- serefpolicy-2.4.6.patch/policy/modules/services/ricci.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/ricci.if 2007-01-05 10:47:48.000000000 -0600
@@ -183,3 +183,21 @@ interface(`ricci_domtrans_modstorage',`
allow ricci_modstorage_t $1:fifo_file rw_file_perms;
allow ricci_modstorage_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ricci_recv_labeledipsec',`
+ gen_require(`
+ type ricci_t;
+ ')
+ allow $1 ricci_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/rlogin.if serefpolicy-2.4.6.patch2/policy/modules/services/rlogin.if
--- serefpolicy-2.4.6.patch/policy/modules/services/rlogin.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/rlogin.if 2007-01-05 10:47:48.000000000 -0600
@@ -23,3 +23,21 @@ interface(`rlogin_domtrans',`
allow rlogind_t $1:fifo_file rw_file_perms;
allow rlogind_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`rlogin_recv_labeledipsec',`
+ gen_require(`
+ type rlogind_t;
+ ')
+ allow $1 rlogind_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/roundup.if serefpolicy-2.4.6.patch2/policy/modules/services/roundup.if
--- serefpolicy-2.4.6.patch/policy/modules/services/roundup.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/roundup.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>Roundup Issue Tracking System policy</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`roundup_recv_labeledipsec',`
+ gen_require(`
+ type roundup_t;
+ ')
+ allow $1 roundup_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/rpc.if serefpolicy-2.4.6.patch2/policy/modules/services/rpc.if
--- serefpolicy-2.4.6.patch/policy/modules/services/rpc.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/rpc.if 2007-01-05 10:47:48.000000000 -0600
@@ -362,3 +362,57 @@ interface(`rpc_read_nfs_state_data',`
allow $1 var_lib_nfs_t:dir search_dir_perms;
allow $1 var_lib_nfs_t:file read_file_perms;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`rpc_recv_labeledipsec_gssd',`
+ gen_require(`
+ type gssd_t;
+ ')
+ allow $1 gssd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`rpc_recv_labeledipsec_rpcd',`
+ gen_require(`
+ type rpcd_t;
+ ')
+ allow $1 rpcd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`rpc_recv_labeledipsec_nfsd',`
+ gen_require(`
+ type nsfd_t;
+ ')
+ allow $1 nfsd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/rshd.if serefpolicy-2.4.6.patch2/policy/modules/services/rshd.if
--- serefpolicy-2.4.6.patch/policy/modules/services/rshd.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/rshd.if 2007-01-05 10:47:48.000000000 -0600
@@ -24,3 +24,21 @@ interface(`rshd_domtrans',`
allow rshd_t $1:fifo_file rw_file_perms;
allow rshd_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`rshd_recv_labeledipsec',`
+ gen_require(`
+ type rshd_t;
+ ')
+ allow $1 rshd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/rsync.if serefpolicy-2.4.6.patch2/policy/modules/services/rsync.if
--- serefpolicy-2.4.6.patch/policy/modules/services/rsync.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/rsync.if 2007-01-05 10:47:48.000000000 -0600
@@ -103,3 +103,21 @@ interface(`rsync_exec',`
can_exec($1,rsync_exec_t)
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`rsync_recv_labeledipsec',`
+ gen_require(`
+ type rsync_t;
+ ')
+ allow $1 rsync_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/samba.if serefpolicy-2.4.6.patch2/policy/modules/services/samba.if
--- serefpolicy-2.4.6.patch/policy/modules/services/samba.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/samba.if 2007-01-05 10:47:48.000000000 -0600
@@ -397,3 +397,111 @@ interface(`samba_stream_connect_winbind'
allow $1 winbind_var_run_t:sock_file { getattr read write };
allow $1 winbind_t:unix_stream_socket connectto;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`samba_recv_labeledipsec_net',`
+ gen_require(`
+ type samba_net_t;
+ ')
+ allow $1 samba_net_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`samba_recv_labeledipsec_smbd',`
+ gen_require(`
+ type smbd_t;
+ ')
+ allow $1 smbd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`samba_recv_labeledipsec_nmbd',`
+ gen_require(`
+ type nmbd_t;
+ ')
+ allow $1 nmbd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`samba_recv_labeledipsec_smb',`
+ gen_require(`
+ type smbmount_t;
+ ')
+ allow $1 smbmount_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`samba_recv_labeledipsec_swat',`
+ gen_require(`
+ type swat_t;
+ ')
+ allow $1 swat_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`samba_recv_labeledipsec_win',`
+ gen_require(`
+ type winbind_t;
+ ')
+ allow $1 winbind_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/sasl.if serefpolicy-2.4.6.patch2/policy/modules/services/sasl.if
--- serefpolicy-2.4.6.patch/policy/modules/services/sasl.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/sasl.if 2007-01-05 10:47:48.000000000 -0600
@@ -20,3 +20,21 @@ interface(`sasl_connect',`
allow $1 saslauthd_var_run_t:sock_file { read write };
allow $1 saslauthd_t:unix_stream_socket connectto;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sasl_recv_labeledipsec',`
+ gen_require(`
+ type saslauthd_t;
+ ')
+ allow $1 saslauthd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/sendmail.if serefpolicy-2.4.6.patch2/policy/modules/services/sendmail.if
--- serefpolicy-2.4.6.patch/policy/modules/services/sendmail.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/sendmail.if 2007-01-05 10:47:48.000000000 -0600
@@ -111,3 +111,21 @@ interface(`sendmail_create_log',`
logging_log_filetrans($1,sendmail_log_t,file)
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sendmail_recv_labeledipsec',`
+ gen_require(`
+ type sendmail_t;
+ ')
+ allow $1 sendmail_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/setroubleshoot.if serefpolicy-2.4.6.patch2/policy/modules/services/setroubleshoot.if
--- serefpolicy-2.4.6.patch/policy/modules/services/setroubleshoot.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/setroubleshoot.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>SELinux troubleshooting service</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`setroubleshoot_recv_labeledipsec',`
+ gen_require(`
+ type setroubleshootd_t;
+ ')
+ allow $1 setroubleshootd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/smartmon.if serefpolicy-2.4.6.patch2/policy/modules/services/smartmon.if
--- serefpolicy-2.4.6.patch/policy/modules/services/smartmon.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/smartmon.if 2007-01-05 10:47:48.000000000 -0600
@@ -17,3 +17,21 @@ interface(`smartmon_read_tmp_files',`
allow $1 fsdaemon_tmp_t:file { getattr ioctl read };
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`smartmon_recv_labeledipsec',`
+ gen_require(`
+ type fsdaemon_t;
+ ')
+ allow $1 fsdaemon_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/snmp.if serefpolicy-2.4.6.patch2/policy/modules/services/snmp.if
--- serefpolicy-2.4.6.patch/policy/modules/services/snmp.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/snmp.if 2007-01-05 10:47:48.000000000 -0600
@@ -65,3 +65,21 @@ interface(`snmp_dontaudit_read_snmp_var_
dontaudit $1 snmpd_var_lib_t:file r_file_perms;
dontaudit $1 snmpd_var_lib_t:lnk_file { getattr read };
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`snmp_recv_labeledipsec',`
+ gen_require(`
+ type snmpd_t;
+ ')
+ allow $1 snmpd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/snort.if serefpolicy-2.4.6.patch2/policy/modules/services/snort.if
--- serefpolicy-2.4.6.patch/policy/modules/services/snort.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/snort.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>Snort network intrusion detection system</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`snort_recv_labeledipsec',`
+ gen_require(`
+ type snort_t;
+ ')
+ allow $1 snort_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/soundserver.if serefpolicy-2.4.6.patch2/policy/modules/services/soundserver.if
--- serefpolicy-2.4.6.patch/policy/modules/services/soundserver.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/soundserver.if 2007-01-05 10:47:48.000000000 -0600
@@ -13,3 +13,21 @@
interface(`soundserver_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`soundserver_recv_labeledipsec',`
+ gen_require(`
+ type soundd_t;
+ ')
+ allow $1 soundd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/spamassassin.if serefpolicy-2.4.6.patch2/policy/modules/services/spamassassin.if
--- serefpolicy-2.4.6.patch/policy/modules/services/spamassassin.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/spamassassin.if 2007-01-05 10:47:48.000000000 -0600
@@ -508,3 +508,40 @@ interface(`spamassassin_dontaudit_getatt
dontaudit $1 spamd_tmp_t:sock_file getattr;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`spamassassin_recv_labeledipsec_spamd',`
+ gen_require(`
+ type spamd_t;
+ ')
+ allow $1 spamd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`spamassassin_recv_labeledipsec_role',`
+ gen_require(`
+ type $1_spamassassin_t;
+ ')
+ allow $2 $1_spamassassin_t:association recvfrom;
+ allow $2 $1_spamc_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/squid.if serefpolicy-2.4.6.patch2/policy/modules/services/squid.if
--- serefpolicy-2.4.6.patch/policy/modules/services/squid.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/squid.if 2007-01-05 10:47:48.000000000 -0600
@@ -120,3 +120,21 @@ interface(`squid_manage_logs',`
interface(`squid_use',`
refpolicywarn(`$0($*) has been deprecated.')
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`squid_recv_labeledipsec',`
+ gen_require(`
+ type squid_t;
+ ')
+ allow $1 squid_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/ssh.if serefpolicy-2.4.6.patch2/policy/modules/services/ssh.if
--- serefpolicy-2.4.6.patch/policy/modules/services/ssh.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/ssh.if 2007-01-08 17:24:52.000000000 -0600
@@ -50,6 +50,7 @@ template(`ssh_basic_client_template',`
type $1_ssh_t;
domain_type($1_ssh_t)
domain_entry_file($1_ssh_t,ssh_exec_t)
+ corenet_type($1_ssh_t)
role $3 types $1_ssh_t;
type $1_home_ssh_t;
@@ -460,6 +461,7 @@ template(`ssh_per_role_template',`
template(`ssh_server_template', `
type $1_t, ssh_server;
auth_login_pgm_domain($1_t)
+ corenet_type($1_t)
type $1_devpts_t;
term_login_pty($1_devpts_t)
@@ -734,3 +736,39 @@ interface(`ssh_dontaudit_read_server_key
dontaudit $1 sshd_key_t:file { getattr read };
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ssh_recv_labeledipsec_role',`
+ gen_require(`
+ type $1_ssh_t;
+ ')
+ allow $2 $1_ssh_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ssh_recv_labeledipsec_server',`
+ gen_require(`
+ type $1_t;
+ ')
+ allow $1 sshd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/stunnel.if serefpolicy-2.4.6.patch2/policy/modules/services/stunnel.if
--- serefpolicy-2.4.6.patch/policy/modules/services/stunnel.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/stunnel.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>SSL Tunneling Proxy</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`stunnel_recv_labeledipsec',`
+ gen_require(`
+ type stunnel_t;
+ ')
+ allow $1 stunnel_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/tcpd.if serefpolicy-2.4.6.patch2/policy/modules/services/tcpd.if
--- serefpolicy-2.4.6.patch/policy/modules/services/tcpd.if 2007-01-04 15:33:10.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/tcpd.if 2007-01-05 10:47:48.000000000 -0600
@@ -22,3 +22,21 @@ interface(`tcpd_domtrans',`
allow tcpd_t $1:fifo_file rw_file_perms;
allow tcpd_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`tcpd_recv_labeledipsec',`
+ gen_require(`
+ type tcpd_t;
+ ')
+ allow $1 tcpd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/telnet.if serefpolicy-2.4.6.patch2/policy/modules/services/telnet.if
--- serefpolicy-2.4.6.patch/policy/modules/services/telnet.if 2007-01-04 15:33:07.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/telnet.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>Telnet daemon</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`telnet_recv_labeledipsec',`
+ gen_require(`
+ type telnetd_t;
+ ')
+ allow $1 telnetd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/tftp.if serefpolicy-2.4.6.patch2/policy/modules/services/tftp.if
--- serefpolicy-2.4.6.patch/policy/modules/services/tftp.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/tftp.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>Trivial file transfer protocol daemon</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`tftp_recv_labeledipsec',`
+ gen_require(`
+ type tftpd_t;
+ ')
+ allow $1 tftpd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/timidity.if serefpolicy-2.4.6.patch2/policy/modules/services/timidity.if
--- serefpolicy-2.4.6.patch/policy/modules/services/timidity.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/timidity.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>MIDI to WAV converter and player configured as a service</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`timidity_recv_labeledipsec',`
+ gen_require(`
+ type timidity_t;
+ ')
+ allow $1 timidity_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/tor.if serefpolicy-2.4.6.patch2/policy/modules/services/tor.if
--- serefpolicy-2.4.6.patch/policy/modules/services/tor.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/tor.if 2007-01-05 10:47:48.000000000 -0600
@@ -22,3 +22,21 @@ interface(`tor_domtrans',`
allow tor_t $1:fifo_file rw_file_perms;
allow tor_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`tor_recv_labeledipsec',`
+ gen_require(`
+ type tor_t;
+ ')
+ allow $1 tor_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/transproxy.if serefpolicy-2.4.6.patch2/policy/modules/services/transproxy.if
--- serefpolicy-2.4.6.patch/policy/modules/services/transproxy.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/transproxy.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>HTTP transperant proxy</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`transproxy_recv_labeledipsec',`
+ gen_require(`
+ type transproxy_t;
+ ')
+ allow $1 transproxy_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/ucspitcp.if serefpolicy-2.4.6.patch2/policy/modules/services/ucspitcp.if
--- serefpolicy-2.4.6.patch/policy/modules/services/ucspitcp.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/ucspitcp.if 2007-01-05 10:47:48.000000000 -0600
@@ -38,3 +38,39 @@ interface(`ucspitcp_service_domain', `
allow $1 ucspitcp_t:tcp_socket rw_stream_socket_perms;
')
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ucspitcp_recv_labeledipsec',`
+ gen_require(`
+ type ucspitcp_t, rblsmtpd_t;
+ ')
+ allow $1 ucspitcp_t:association recvfrom;
+ allow $1 rblsmtpd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`ucspitcp_recv_labeledipsec_rblsmtpd',`
+ gen_require(`
+ type rblsmtpd_t;
+ ')
+ allow $1 rblsmtpd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/uucp.if serefpolicy-2.4.6.patch2/policy/modules/services/uucp.if
--- serefpolicy-2.4.6.patch/policy/modules/services/uucp.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/uucp.if 2007-01-05 10:47:48.000000000 -0600
@@ -66,3 +66,39 @@ interface(`uucp_append_log',`
allow $1 uucpd_log_t:file { append getattr }
;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`uucp_recv_labeledipsec_uucpd',`
+ gen_require(`
+ type uucpd_t;
+ ')
+ allow $1 uucpd_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`uucp_recv_labeledipsec_uux',`
+ gen_require(`
+ type uux_t;
+ ')
+ allow $1 uux_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/uwimap.if serefpolicy-2.4.6.patch2/policy/modules/services/uwimap.if
--- serefpolicy-2.4.6.patch/policy/modules/services/uwimap.if 2007-01-04 15:33:11.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/uwimap.if 2007-01-05 10:47:48.000000000 -0600
@@ -23,3 +23,21 @@ interface(`uwimap_domtrans',`
allow imapd_t $1:fifo_file rw_file_perms;
allow imapd_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`uwimap_recv_labeledipsec',`
+ gen_require(`
+ type impad_t;
+ ')
+ allow $1 imapd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/watchdog.if serefpolicy-2.4.6.patch2/policy/modules/services/watchdog.if
--- serefpolicy-2.4.6.patch/policy/modules/services/watchdog.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/watchdog.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>Software watchdog</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`watchdog_recv_labeledipsec',`
+ gen_require(`
+ type watchdog_t;
+ ')
+ allow $1 watchdog_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/xprint.if serefpolicy-2.4.6.patch2/policy/modules/services/xprint.if
--- serefpolicy-2.4.6.patch/policy/modules/services/xprint.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/xprint.if 2007-01-05 10:47:48.000000000 -0600
@@ -1 +1,19 @@
## <summary>X print server</summary>
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xprint_recv_labeledipsec',`
+ gen_require(`
+ type mrtg_t;
+ ')
+ allow $1 xprint_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/xserver.if serefpolicy-2.4.6.patch2/policy/modules/services/xserver.if
--- serefpolicy-2.4.6.patch/policy/modules/services/xserver.if 2007-01-04 15:33:09.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/xserver.if 2007-01-05 10:47:48.000000000 -0600
@@ -1201,3 +1201,38 @@ interface(`xserver_dontaudit_rw_xdm_pipe
dontaudit $1 xdm_t:fifo_file { getattr read write };
')
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_recv_labeledipsec_xdm',`
+ gen_require(`
+ type xdm_t;
+ ')
+ allow $1 xdm_t:association recvfrom;
+')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xserver_recv_labeledipsec_role',`
+ gen_require(`
+ type $1_xserver_t;
+ ')
+ allow $2 $1_xserver_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/services/zebra.if serefpolicy-2.4.6.patch2/policy/modules/services/zebra.if
--- serefpolicy-2.4.6.patch/policy/modules/services/zebra.if 2007-01-04 15:33:08.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/services/zebra.if 2007-01-05 10:47:48.000000000 -0600
@@ -21,3 +21,21 @@ interface(`zebra_read_config',`
allow $1 zebra_conf_t:dir r_dir_perms;
allow $1 zebra_conf_t:lnk_file r_file_perms;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`zebra_recv_labeledipsec',`
+ gen_require(`
+ type zebra_t;
+ ')
+ allow $1 zebra_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/system/hotplug.if serefpolicy-2.4.6.patch2/policy/modules/system/hotplug.if
--- serefpolicy-2.4.6.patch/policy/modules/system/hotplug.if 2007-01-04 15:33:12.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/system/hotplug.if 2007-01-05 10:47:48.000000000 -0600
@@ -178,3 +178,21 @@ interface(`hotplug_search_pids',`
allow $1 hotplug_var_run_t:dir search_dir_perms;
files_search_pids($1)
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`hotplug_recv_labeledipsec',`
+ gen_require(`
+ type hotplug_t;
+ ')
+ allow $1 hotplug_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/system/init.if serefpolicy-2.4.6.patch2/policy/modules/system/init.if
--- serefpolicy-2.4.6.patch/policy/modules/system/init.if 2007-01-04 15:33:12.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/system/init.if 2007-01-05 10:47:48.000000000 -0600
@@ -1314,3 +1314,21 @@ interface(`init_manage_utmp',`
files_search_pids($1)
allow $1 initrc_var_run_t:file create_file_perms;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`init_recv_labeledipsec',`
+ gen_require(`
+ type initrc_t;
+ ')
+ allow $1 initrc_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/system/iscsi.if serefpolicy-2.4.6.patch2/policy/modules/system/iscsi.if
--- serefpolicy-2.4.6.patch/policy/modules/system/iscsi.if 2007-01-04 15:33:12.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/system/iscsi.if 2007-01-05 10:47:48.000000000 -0600
@@ -20,3 +20,21 @@ interface(`iscsid_domtrans',`
allow iscsid_t $1:fifo_file rw_file_perms;
allow iscsid_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`iscsid_recv_labeledipsec',`
+ gen_require(`
+ type iscsid_t;
+ ')
+ allow $1 iscsid_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/system/logging.if serefpolicy-2.4.6.patch2/policy/modules/system/logging.if
--- serefpolicy-2.4.6.patch/policy/modules/system/logging.if 2007-01-04 15:33:12.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/system/logging.if 2007-01-05 10:47:48.000000000 -0600
@@ -583,3 +583,21 @@ interface(`logging_manage_generic_logs',
allow $1 var_log_t:dir rw_dir_perms;
allow $1 var_log_t:file create_file_perms;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`logging_recv_labeledipsec',`
+ gen_require(`
+ type syslogd_t;
+ ')
+ allow $1 syslogd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/system/lvm.if serefpolicy-2.4.6.patch2/policy/modules/system/lvm.if
--- serefpolicy-2.4.6.patch/policy/modules/system/lvm.if 2007-01-04 15:33:12.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/system/lvm.if 2007-01-05 10:47:48.000000000 -0600
@@ -76,3 +76,20 @@ interface(`lvm_read_config',`
allow $1 lvm_etc_t:file r_file_perms;
')
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`lvm_recv_labeledipsec',`
+ gen_require(`
+ type clvmd_t;
+ ')
+ allow $1 clvmd_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/system/sysnetwork.if serefpolicy-2.4.6.patch2/policy/modules/system/sysnetwork.if
--- serefpolicy-2.4.6.patch/policy/modules/system/sysnetwork.if 2007-01-04 15:33:12.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/system/sysnetwork.if 2007-01-05 10:47:48.000000000 -0600
@@ -565,3 +565,21 @@ interface(`sysnet_use_portmap',`
files_search_etc($1)
allow $1 net_conf_t:file r_file_perms;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sysnet_recv_labeledipsec_dhcpc',`
+ gen_require(`
+ type dhcpc_t;
+ ')
+ allow $1 dhcpc_t:association recvfrom;
+')
diff -urpN serefpolicy-2.4.6.patch/policy/modules/system/xen.if serefpolicy-2.4.6.patch2/policy/modules/system/xen.if
--- serefpolicy-2.4.6.patch/policy/modules/system/xen.if 2007-01-04 15:33:12.000000000 -0600
+++ serefpolicy-2.4.6.patch2/policy/modules/system/xen.if 2007-01-05 10:47:48.000000000 -0600
@@ -163,3 +163,21 @@ interface(`xen_domtrans_xm',`
allow xm_t $1:fifo_file rw_file_perms;
allow xm_t $1:process sigchld;
')
+
+########################################
+## <summary>
+## Receive messages from a
+## labeled ipsec association.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`xen_recv_labeledipsec',`
+ gen_require(`
+ type xend_t;
+ ')
+ allow $1 xend_t:association recvfrom;
+')
More information about the redhat-lspp
mailing list