diff options
author | Jason Zaman <jason@perfinion.com> | 2015-05-30 16:42:54 +0400 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2015-05-30 16:42:54 +0400 |
commit | 23a0cb85e78deca55835b7e4964a8c19d6aa508e (patch) | |
tree | a75f141090a7715fdd972e735f3c962ee254fed4 | |
parent | salt: use init_startstop_service interface in _admin (diff) | |
download | hardened-refpolicy-23a0cb85.tar.gz hardened-refpolicy-23a0cb85.tar.bz2 hardened-refpolicy-23a0cb85.zip |
portage: connect all unreserved for FTP PASV mode.
FTP PASV mode does not use specific ports, so the only way is to allow
all unreserved.
avc: denied { name_connect } for pid=5274 comm="wget" dest=26213
scontext=root:sysadm_r:portage_fetch_t
tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket
permissive=0
Gentoo bug 540056
-rw-r--r-- | policy/modules/contrib/portage.te | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/policy/modules/contrib/portage.te b/policy/modules/contrib/portage.te index 83d6ab4a9..2e8ab9e53 100644 --- a/policy/modules/contrib/portage.te +++ b/policy/modules/contrib/portage.te @@ -295,6 +295,8 @@ corenet_sendrecv_rsync_client_packets(portage_fetch_t) # it occasionally comes up corenet_tcp_connect_all_reserved_ports(portage_fetch_t) corenet_tcp_connect_generic_port(portage_fetch_t) +# bug 540056 +corenet_tcp_connect_all_unreserved_ports(portage_fetch_t) dev_dontaudit_read_rand(portage_fetch_t) |