LinuxLists.cc - [refpolicy] [PATCH] netutils: Label iptstate as netutils

2016-12-09 23:54:39

Subject: [refpolicy] [PATCH] netutils: Label iptstate as netutils_t

>From the package description: "IP Tables State displays states being kept
by iptables in a top-like format". The netutils_t permission set fits it
snugly.
---
policy/modules/admin/netutils.fc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/policy/modules/admin/netutils.fc b/policy/modules/admin/netutils.fc
index a4672cae..f5be3f95 100644
--- a/policy/modules/admin/netutils.fc
+++ b/policy/modules/admin/netutils.fc
@@ -11,7 +11,8 @@

/usr/sbin/arping -- gen_context(system_u:object_r:netutils_exec_t,s0)
/usr/sbin/fping -- gen_context(system_u:object_r:ping_exec_t,s0)
-/usr/sbin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0)
/usr/sbin/hping2 -- gen_context(system_u:object_r:ping_exec_t,s0)
+/usr/sbin/iptstate -- gen_context(system_u:object_r:netutils_exec_t,s0)
/usr/sbin/send_arp -- gen_context(system_u:object_r:ping_exec_t,s0)
/usr/sbin/tcpdump -- gen_context(system_u:object_r:netutils_exec_t,s0)
+/usr/sbin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0)
--
2.11.0

2016-12-11 19:54:58

by Chris PeBenito

[permalink] [raw]

Subject: [refpolicy] [PATCH] netutils: Label iptstate as netutils_t

On 12/09/16 18:54, Luis Ressel via refpolicy wrote:
>>From the package description: "IP Tables State displays states being kept
> by iptables in a top-like format". The netutils_t permission set fits it
> snugly.
> ---
> policy/modules/admin/netutils.fc | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/policy/modules/admin/netutils.fc b/policy/modules/admin/netutils.fc
> index a4672cae..f5be3f95 100644
> --- a/policy/modules/admin/netutils.fc
> +++ b/policy/modules/admin/netutils.fc
> @@ -11,7 +11,8 @@
>
> /usr/sbin/arping -- gen_context(system_u:object_r:netutils_exec_t,s0)
> /usr/sbin/fping -- gen_context(system_u:object_r:ping_exec_t,s0)
> -/usr/sbin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0)
> /usr/sbin/hping2 -- gen_context(system_u:object_r:ping_exec_t,s0)
> +/usr/sbin/iptstate -- gen_context(system_u:object_r:netutils_exec_t,s0)
> /usr/sbin/send_arp -- gen_context(system_u:object_r:ping_exec_t,s0)
> /usr/sbin/tcpdump -- gen_context(system_u:object_r:netutils_exec_t,s0)
> +/usr/sbin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0)

Merged.

--
Chris PeBenito