From: domg472@gmail.com (Dominick Grift) Date: Mon, 4 Oct 2010 20:23:27 +0200 Subject: [refpolicy] [ patch 15/44] netutils: permission sets. In-Reply-To: <1286216636-28449-1-git-send-email-domg472@gmail.com> References: <1286216636-28449-1-git-send-email-domg472@gmail.com> Message-ID: <1286216636-28449-17-git-send-email-domg472@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Signed-off-by: Dominick Grift --- :100644 100644 aea8626... de06947... M policy/modules/admin/netutils.te policy/modules/admin/netutils.te | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te index aea8626..de06947 100644 --- a/policy/modules/admin/netutils.te +++ b/policy/modules/admin/netutils.te @@ -35,8 +35,8 @@ init_system_domain(traceroute_t, traceroute_exec_t) # Perform network administration operations and have raw access to the network. allow netutils_t self:capability { net_admin net_raw setuid setgid }; dontaudit netutils_t self:capability sys_tty_config; -allow netutils_t self:process { sigkill sigstop signull signal }; -allow netutils_t self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_write read write }; +allow netutils_t self:process signal_perms; +allow netutils_t self:netlink_route_socket create_netlink_socket_perms; allow netutils_t self:packet_socket create_socket_perms; allow netutils_t self:udp_socket create_socket_perms; allow netutils_t self:tcp_socket create_stream_socket_perms; -- 1.7.2.3