From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Fri, 19 Oct 2012 09:20:13 -0400 Subject: [refpolicy] [PATCH] Label port 5546 as dhcpc_port_t and allow dhcpc_t to bind to TCP for client control In-Reply-To: <1350334549-25166-1-git-send-email-debian@mikapflueger.de> References: <1350334549-25166-1-git-send-email-debian@mikapflueger.de> Message-ID: <5081538D.2000608@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 10/15/12 16:55, Mika Pfl?ger wrote: > From: Russell Coker > > Client control is used by the wide dhcp6 client, which can be controlled > via dhcp6ctl. This works by communicating over port 5546. > --- > policy/modules/kernel/corenetwork.te.in | 2 +- > policy/modules/system/sysnetwork.te | 1 + > 2 files changed, 2 insertions(+), 1 deletion(-) > > diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in > index c054304..fbdcbce 100644 > --- a/policy/modules/kernel/corenetwork.te.in > +++ b/policy/modules/kernel/corenetwork.te.in > @@ -115,7 +115,7 @@ network_port(daap, tcp,3689,s0, udp,3689,s0) > network_port(dbskkd, tcp,1178,s0) > network_port(dcc, udp,6276,s0, udp,6277,s0) > network_port(dccm, tcp,5679,s0, udp,5679,s0) > -network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0) > +network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0, udp,5546,s0, tcp,5546,s0) > network_port(dhcpd, udp,67,s0, udp,547,s0, tcp, 547,s0, udp,548,s0, tcp, 548,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0, tcp,7911,s0) > network_port(dict, tcp,2628,s0) > network_port(distccd, tcp,3632,s0) > diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te > index 8f9d08d..4e255b4 100644 > --- a/policy/modules/system/sysnetwork.te > +++ b/policy/modules/system/sysnetwork.te > @@ -103,6 +103,7 @@ corenet_tcp_sendrecv_all_ports(dhcpc_t) > corenet_udp_sendrecv_all_ports(dhcpc_t) > corenet_tcp_bind_all_nodes(dhcpc_t) > corenet_udp_bind_all_nodes(dhcpc_t) > +corenet_tcp_bind_dhcpc_port(dhcpc_t) > corenet_udp_bind_dhcpc_port(dhcpc_t) > corenet_tcp_connect_all_ports(dhcpc_t) > corenet_sendrecv_dhcpd_client_packets(dhcpc_t) Merged. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com