2018-06-20 09:38:12

by Laurent Bigonville

[permalink] [raw]
Subject: [refpolicy] [PATCH] Label /etc/hosts.allow as net_conf_t

From: Laurent Bigonville <[email protected]>

/etc/hosts.deny is labeled as net_conf_t so it makes sense to label
hosts.allow the same way

Signed-off-by: Laurent Bigonville <[email protected]>
---
policy/modules/system/sysnetwork.fc | 1 +
1 file changed, 1 insertion(+)

diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
index 91fb5160..cd528938 100644
--- a/policy/modules/system/sysnetwork.fc
+++ b/policy/modules/system/sysnetwork.fc
@@ -16,6 +16,7 @@ ifdef(`distro_debian',`
/etc/dhcp/dhcpd\.conf -- gen_context(system_u:object_r:dhcp_etc_t,s0)
/etc/ethers -- gen_context(system_u:object_r:net_conf_t,s0)
/etc/hosts -- gen_context(system_u:object_r:net_conf_t,s0)
+/etc/hosts\.allow.* -- gen_context(system_u:object_r:net_conf_t,s0)
/etc/hosts\.deny.* -- gen_context(system_u:object_r:net_conf_t,s0)
/etc/denyhosts.* -- gen_context(system_u:object_r:net_conf_t,s0)
/etc/resolv\.conf.* -- gen_context(system_u:object_r:net_conf_t,s0)
--
2.18.0.rc2


2018-06-23 15:39:15

by Chris PeBenito

[permalink] [raw]
Subject: [refpolicy] [PATCH] Label /etc/hosts.allow as net_conf_t

On 06/20/2018 05:38 AM, Laurent Bigonville via refpolicy wrote:
> From: Laurent Bigonville <[email protected]>
>
> /etc/hosts.deny is labeled as net_conf_t so it makes sense to label
> hosts.allow the same way
>
> Signed-off-by: Laurent Bigonville <[email protected]>
> ---
> policy/modules/system/sysnetwork.fc | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
> index 91fb5160..cd528938 100644
> --- a/policy/modules/system/sysnetwork.fc
> +++ b/policy/modules/system/sysnetwork.fc
> @@ -16,6 +16,7 @@ ifdef(`distro_debian',`
> /etc/dhcp/dhcpd\.conf -- gen_context(system_u:object_r:dhcp_etc_t,s0)
> /etc/ethers -- gen_context(system_u:object_r:net_conf_t,s0)
> /etc/hosts -- gen_context(system_u:object_r:net_conf_t,s0)
> +/etc/hosts\.allow.* -- gen_context(system_u:object_r:net_conf_t,s0)
> /etc/hosts\.deny.* -- gen_context(system_u:object_r:net_conf_t,s0)
> /etc/denyhosts.* -- gen_context(system_u:object_r:net_conf_t,s0)
> /etc/resolv\.conf.* -- gen_context(system_u:object_r:net_conf_t,s0)

Merged.

--
Chris PeBenito