From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id E7EA01387FD for ; Sat, 7 Jun 2014 18:20:21 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BE3ABE09CE; Sat, 7 Jun 2014 18:20:18 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 36469E09CE for ; Sat, 7 Jun 2014 18:20:18 +0000 (UTC) Received: from spoonbill.gentoo.org (spoonbill.gentoo.org [81.93.255.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id EEAE233F65A for ; Sat, 7 Jun 2014 18:20:16 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by spoonbill.gentoo.org (Postfix) with ESMTP id 9D653181A9 for ; Sat, 7 Jun 2014 18:20:15 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1402165171.b08d56f2b2db5a8683a68cda6af4d723c2824b7c.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/kernel/corenetwork.if X-VCS-Directories: policy/modules/kernel/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: b08d56f2b2db5a8683a68cda6af4d723c2824b7c X-VCS-Branch: master Date: Sat, 7 Jun 2014 18:20:15 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 17671928-310b-4b8f-940a-4f3e0b7a2a63 X-Archives-Hash: 43b9f6c9bbf55ac45668be100268117a commit: b08d56f2b2db5a8683a68cda6af4d723c2824b7c Author: Sven Vermeulen siphos be> AuthorDate: Sat Jun 7 18:19:31 2014 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Sat Jun 7 18:19:31 2014 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=b08d56f2 Update corenetwork.if after regeneration --- policy/modules/kernel/corenetwork.if | 1348 ++++++++++++++++++++++++++++++++++ 1 file changed, 1348 insertions(+) diff --git a/policy/modules/kernel/corenetwork.if b/policy/modules/kernel/corenetwork.if index 5b6fef3..22e8137 100644 --- a/policy/modules/kernel/corenetwork.if +++ b/policy/modules/kernel/corenetwork.if @@ -1904,6 +1904,25 @@ interface(`corenet_tcp_connect_all_reserved_ports',` ######################################## ## +## Do not audit connect attempts to TCP sockets on +## ports greater than 1024. +## +## +## +## Domain not to audit access to. +## +## +# +interface(`corenet_dontaudit_tcp_connect_all_unreserved_ports',` + gen_require(` + attribute unreserved_port_type; + ') + + dontaudit $1 unreserved_port_type:tcp_socket name_connect; +') + +######################################## +## ## Connect TCP sockets to all ports > 1024. ## ## @@ -23963,6 +23982,449 @@ interface(`corenet_relabelto_dns_server_packets',` ######################################## ## +## Send and receive TCP traffic on the dropbox port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_tcp_sendrecv_dropbox_port',` + gen_require(` + type dropbox_port_t; + ') + + allow $1 dropbox_port_t:tcp_socket { send_msg recv_msg }; +') + +######################################## +## +## Send UDP traffic on the dropbox port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_udp_send_dropbox_port',` + gen_require(` + type dropbox_port_t; + ') + + allow $1 dropbox_port_t:udp_socket send_msg; +') + +######################################## +## +## Do not audit attempts to send UDP traffic on the dropbox port. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_udp_send_dropbox_port',` + gen_require(` + type dropbox_port_t; + ') + + dontaudit $1 dropbox_port_t:udp_socket send_msg; +') + +######################################## +## +## Receive UDP traffic on the dropbox port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_udp_receive_dropbox_port',` + gen_require(` + type dropbox_port_t; + ') + + allow $1 dropbox_port_t:udp_socket recv_msg; +') + +######################################## +## +## Do not audit attempts to receive UDP traffic on the dropbox port. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_udp_receive_dropbox_port',` + gen_require(` + type dropbox_port_t; + ') + + dontaudit $1 dropbox_port_t:udp_socket recv_msg; +') + +######################################## +## +## Send and receive UDP traffic on the dropbox port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_udp_sendrecv_dropbox_port',` + corenet_udp_send_dropbox_port($1) + corenet_udp_receive_dropbox_port($1) +') + +######################################## +## +## Do not audit attempts to send and receive +## UDP traffic on the dropbox port. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_udp_sendrecv_dropbox_port',` + corenet_dontaudit_udp_send_dropbox_port($1) + corenet_dontaudit_udp_receive_dropbox_port($1) +') + +######################################## +## +## Bind TCP sockets to the dropbox port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_tcp_bind_dropbox_port',` + gen_require(` + type dropbox_port_t; + ') + + allow $1 dropbox_port_t:tcp_socket name_bind; + +') + +######################################## +## +## Bind UDP sockets to the dropbox port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_udp_bind_dropbox_port',` + gen_require(` + type dropbox_port_t; + ') + + allow $1 dropbox_port_t:udp_socket name_bind; + +') + +######################################## +## +## Make a TCP connection to the dropbox port. +## +## +## +## Domain allowed access. +## +## +# +interface(`corenet_tcp_connect_dropbox_port',` + gen_require(` + type dropbox_port_t; + ') + + allow $1 dropbox_port_t:tcp_socket name_connect; +') + + +######################################## +## +## Send dropbox_client packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_send_dropbox_client_packets',` + gen_require(` + type dropbox_client_packet_t; + ') + + allow $1 dropbox_client_packet_t:packet send; +') + +######################################## +## +## Do not audit attempts to send dropbox_client packets. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_send_dropbox_client_packets',` + gen_require(` + type dropbox_client_packet_t; + ') + + dontaudit $1 dropbox_client_packet_t:packet send; +') + +######################################## +## +## Receive dropbox_client packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_receive_dropbox_client_packets',` + gen_require(` + type dropbox_client_packet_t; + ') + + allow $1 dropbox_client_packet_t:packet recv; +') + +######################################## +## +## Do not audit attempts to receive dropbox_client packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_dontaudit_receive_dropbox_client_packets',` + gen_require(` + type dropbox_client_packet_t; + ') + + dontaudit $1 dropbox_client_packet_t:packet recv; +') + +######################################## +## +## Send and receive dropbox_client packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_sendrecv_dropbox_client_packets',` + corenet_send_dropbox_client_packets($1) + corenet_receive_dropbox_client_packets($1) +') + +######################################## +## +## Do not audit attempts to send and receive dropbox_client packets. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_sendrecv_dropbox_client_packets',` + corenet_dontaudit_send_dropbox_client_packets($1) + corenet_dontaudit_receive_dropbox_client_packets($1) +') + +######################################## +## +## Relabel packets to dropbox_client the packet type. +## +## +## +## Domain allowed access. +## +## +# +interface(`corenet_relabelto_dropbox_client_packets',` + gen_require(` + type dropbox_client_packet_t; + ') + + allow $1 dropbox_client_packet_t:packet relabelto; +') + + +######################################## +## +## Send dropbox_server packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_send_dropbox_server_packets',` + gen_require(` + type dropbox_server_packet_t; + ') + + allow $1 dropbox_server_packet_t:packet send; +') + +######################################## +## +## Do not audit attempts to send dropbox_server packets. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_send_dropbox_server_packets',` + gen_require(` + type dropbox_server_packet_t; + ') + + dontaudit $1 dropbox_server_packet_t:packet send; +') + +######################################## +## +## Receive dropbox_server packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_receive_dropbox_server_packets',` + gen_require(` + type dropbox_server_packet_t; + ') + + allow $1 dropbox_server_packet_t:packet recv; +') + +######################################## +## +## Do not audit attempts to receive dropbox_server packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_dontaudit_receive_dropbox_server_packets',` + gen_require(` + type dropbox_server_packet_t; + ') + + dontaudit $1 dropbox_server_packet_t:packet recv; +') + +######################################## +## +## Send and receive dropbox_server packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_sendrecv_dropbox_server_packets',` + corenet_send_dropbox_server_packets($1) + corenet_receive_dropbox_server_packets($1) +') + +######################################## +## +## Do not audit attempts to send and receive dropbox_server packets. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_sendrecv_dropbox_server_packets',` + corenet_dontaudit_send_dropbox_server_packets($1) + corenet_dontaudit_receive_dropbox_server_packets($1) +') + +######################################## +## +## Relabel packets to dropbox_server the packet type. +## +## +## +## Domain allowed access. +## +## +# +interface(`corenet_relabelto_dropbox_server_packets',` + gen_require(` + type dropbox_server_packet_t; + ') + + allow $1 dropbox_server_packet_t:packet relabelto; +') + + + + +######################################## +## ## Send and receive TCP traffic on the efs port. ## ## @@ -27507,6 +27969,449 @@ interface(`corenet_relabelto_gatekeeper_server_packets',` ######################################## ## +## Send and receive TCP traffic on the gdomap port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_tcp_sendrecv_gdomap_port',` + gen_require(` + type gdomap_port_t; + ') + + allow $1 gdomap_port_t:tcp_socket { send_msg recv_msg }; +') + +######################################## +## +## Send UDP traffic on the gdomap port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_udp_send_gdomap_port',` + gen_require(` + type gdomap_port_t; + ') + + allow $1 gdomap_port_t:udp_socket send_msg; +') + +######################################## +## +## Do not audit attempts to send UDP traffic on the gdomap port. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_udp_send_gdomap_port',` + gen_require(` + type gdomap_port_t; + ') + + dontaudit $1 gdomap_port_t:udp_socket send_msg; +') + +######################################## +## +## Receive UDP traffic on the gdomap port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_udp_receive_gdomap_port',` + gen_require(` + type gdomap_port_t; + ') + + allow $1 gdomap_port_t:udp_socket recv_msg; +') + +######################################## +## +## Do not audit attempts to receive UDP traffic on the gdomap port. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_udp_receive_gdomap_port',` + gen_require(` + type gdomap_port_t; + ') + + dontaudit $1 gdomap_port_t:udp_socket recv_msg; +') + +######################################## +## +## Send and receive UDP traffic on the gdomap port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_udp_sendrecv_gdomap_port',` + corenet_udp_send_gdomap_port($1) + corenet_udp_receive_gdomap_port($1) +') + +######################################## +## +## Do not audit attempts to send and receive +## UDP traffic on the gdomap port. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_udp_sendrecv_gdomap_port',` + corenet_dontaudit_udp_send_gdomap_port($1) + corenet_dontaudit_udp_receive_gdomap_port($1) +') + +######################################## +## +## Bind TCP sockets to the gdomap port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_tcp_bind_gdomap_port',` + gen_require(` + type gdomap_port_t; + ') + + allow $1 gdomap_port_t:tcp_socket name_bind; + allow $1 self:capability net_bind_service; +') + +######################################## +## +## Bind UDP sockets to the gdomap port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_udp_bind_gdomap_port',` + gen_require(` + type gdomap_port_t; + ') + + allow $1 gdomap_port_t:udp_socket name_bind; + allow $1 self:capability net_bind_service; +') + +######################################## +## +## Make a TCP connection to the gdomap port. +## +## +## +## Domain allowed access. +## +## +# +interface(`corenet_tcp_connect_gdomap_port',` + gen_require(` + type gdomap_port_t; + ') + + allow $1 gdomap_port_t:tcp_socket name_connect; +') + + +######################################## +## +## Send gdomap_client packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_send_gdomap_client_packets',` + gen_require(` + type gdomap_client_packet_t; + ') + + allow $1 gdomap_client_packet_t:packet send; +') + +######################################## +## +## Do not audit attempts to send gdomap_client packets. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_send_gdomap_client_packets',` + gen_require(` + type gdomap_client_packet_t; + ') + + dontaudit $1 gdomap_client_packet_t:packet send; +') + +######################################## +## +## Receive gdomap_client packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_receive_gdomap_client_packets',` + gen_require(` + type gdomap_client_packet_t; + ') + + allow $1 gdomap_client_packet_t:packet recv; +') + +######################################## +## +## Do not audit attempts to receive gdomap_client packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_dontaudit_receive_gdomap_client_packets',` + gen_require(` + type gdomap_client_packet_t; + ') + + dontaudit $1 gdomap_client_packet_t:packet recv; +') + +######################################## +## +## Send and receive gdomap_client packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_sendrecv_gdomap_client_packets',` + corenet_send_gdomap_client_packets($1) + corenet_receive_gdomap_client_packets($1) +') + +######################################## +## +## Do not audit attempts to send and receive gdomap_client packets. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_sendrecv_gdomap_client_packets',` + corenet_dontaudit_send_gdomap_client_packets($1) + corenet_dontaudit_receive_gdomap_client_packets($1) +') + +######################################## +## +## Relabel packets to gdomap_client the packet type. +## +## +## +## Domain allowed access. +## +## +# +interface(`corenet_relabelto_gdomap_client_packets',` + gen_require(` + type gdomap_client_packet_t; + ') + + allow $1 gdomap_client_packet_t:packet relabelto; +') + + +######################################## +## +## Send gdomap_server packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_send_gdomap_server_packets',` + gen_require(` + type gdomap_server_packet_t; + ') + + allow $1 gdomap_server_packet_t:packet send; +') + +######################################## +## +## Do not audit attempts to send gdomap_server packets. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_send_gdomap_server_packets',` + gen_require(` + type gdomap_server_packet_t; + ') + + dontaudit $1 gdomap_server_packet_t:packet send; +') + +######################################## +## +## Receive gdomap_server packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_receive_gdomap_server_packets',` + gen_require(` + type gdomap_server_packet_t; + ') + + allow $1 gdomap_server_packet_t:packet recv; +') + +######################################## +## +## Do not audit attempts to receive gdomap_server packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_dontaudit_receive_gdomap_server_packets',` + gen_require(` + type gdomap_server_packet_t; + ') + + dontaudit $1 gdomap_server_packet_t:packet recv; +') + +######################################## +## +## Send and receive gdomap_server packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_sendrecv_gdomap_server_packets',` + corenet_send_gdomap_server_packets($1) + corenet_receive_gdomap_server_packets($1) +') + +######################################## +## +## Do not audit attempts to send and receive gdomap_server packets. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_sendrecv_gdomap_server_packets',` + corenet_dontaudit_send_gdomap_server_packets($1) + corenet_dontaudit_receive_gdomap_server_packets($1) +') + +######################################## +## +## Relabel packets to gdomap_server the packet type. +## +## +## +## Domain allowed access. +## +## +# +interface(`corenet_relabelto_gdomap_server_packets',` + gen_require(` + type gdomap_server_packet_t; + ') + + allow $1 gdomap_server_packet_t:packet relabelto; +') + + + + +######################################## +## ## Send and receive TCP traffic on the gds_db port. ## ## @@ -69592,6 +70497,449 @@ interface(`corenet_relabelto_razor_server_packets',` ######################################## ## +## Send and receive TCP traffic on the redis port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_tcp_sendrecv_redis_port',` + gen_require(` + type redis_port_t; + ') + + allow $1 redis_port_t:tcp_socket { send_msg recv_msg }; +') + +######################################## +## +## Send UDP traffic on the redis port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_udp_send_redis_port',` + gen_require(` + type redis_port_t; + ') + + allow $1 redis_port_t:udp_socket send_msg; +') + +######################################## +## +## Do not audit attempts to send UDP traffic on the redis port. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_udp_send_redis_port',` + gen_require(` + type redis_port_t; + ') + + dontaudit $1 redis_port_t:udp_socket send_msg; +') + +######################################## +## +## Receive UDP traffic on the redis port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_udp_receive_redis_port',` + gen_require(` + type redis_port_t; + ') + + allow $1 redis_port_t:udp_socket recv_msg; +') + +######################################## +## +## Do not audit attempts to receive UDP traffic on the redis port. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_udp_receive_redis_port',` + gen_require(` + type redis_port_t; + ') + + dontaudit $1 redis_port_t:udp_socket recv_msg; +') + +######################################## +## +## Send and receive UDP traffic on the redis port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_udp_sendrecv_redis_port',` + corenet_udp_send_redis_port($1) + corenet_udp_receive_redis_port($1) +') + +######################################## +## +## Do not audit attempts to send and receive +## UDP traffic on the redis port. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_udp_sendrecv_redis_port',` + corenet_dontaudit_udp_send_redis_port($1) + corenet_dontaudit_udp_receive_redis_port($1) +') + +######################################## +## +## Bind TCP sockets to the redis port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_tcp_bind_redis_port',` + gen_require(` + type redis_port_t; + ') + + allow $1 redis_port_t:tcp_socket name_bind; + +') + +######################################## +## +## Bind UDP sockets to the redis port. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_udp_bind_redis_port',` + gen_require(` + type redis_port_t; + ') + + allow $1 redis_port_t:udp_socket name_bind; + +') + +######################################## +## +## Make a TCP connection to the redis port. +## +## +## +## Domain allowed access. +## +## +# +interface(`corenet_tcp_connect_redis_port',` + gen_require(` + type redis_port_t; + ') + + allow $1 redis_port_t:tcp_socket name_connect; +') + + +######################################## +## +## Send redis_client packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_send_redis_client_packets',` + gen_require(` + type redis_client_packet_t; + ') + + allow $1 redis_client_packet_t:packet send; +') + +######################################## +## +## Do not audit attempts to send redis_client packets. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_send_redis_client_packets',` + gen_require(` + type redis_client_packet_t; + ') + + dontaudit $1 redis_client_packet_t:packet send; +') + +######################################## +## +## Receive redis_client packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_receive_redis_client_packets',` + gen_require(` + type redis_client_packet_t; + ') + + allow $1 redis_client_packet_t:packet recv; +') + +######################################## +## +## Do not audit attempts to receive redis_client packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_dontaudit_receive_redis_client_packets',` + gen_require(` + type redis_client_packet_t; + ') + + dontaudit $1 redis_client_packet_t:packet recv; +') + +######################################## +## +## Send and receive redis_client packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_sendrecv_redis_client_packets',` + corenet_send_redis_client_packets($1) + corenet_receive_redis_client_packets($1) +') + +######################################## +## +## Do not audit attempts to send and receive redis_client packets. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_sendrecv_redis_client_packets',` + corenet_dontaudit_send_redis_client_packets($1) + corenet_dontaudit_receive_redis_client_packets($1) +') + +######################################## +## +## Relabel packets to redis_client the packet type. +## +## +## +## Domain allowed access. +## +## +# +interface(`corenet_relabelto_redis_client_packets',` + gen_require(` + type redis_client_packet_t; + ') + + allow $1 redis_client_packet_t:packet relabelto; +') + + +######################################## +## +## Send redis_server packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_send_redis_server_packets',` + gen_require(` + type redis_server_packet_t; + ') + + allow $1 redis_server_packet_t:packet send; +') + +######################################## +## +## Do not audit attempts to send redis_server packets. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_send_redis_server_packets',` + gen_require(` + type redis_server_packet_t; + ') + + dontaudit $1 redis_server_packet_t:packet send; +') + +######################################## +## +## Receive redis_server packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_receive_redis_server_packets',` + gen_require(` + type redis_server_packet_t; + ') + + allow $1 redis_server_packet_t:packet recv; +') + +######################################## +## +## Do not audit attempts to receive redis_server packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_dontaudit_receive_redis_server_packets',` + gen_require(` + type redis_server_packet_t; + ') + + dontaudit $1 redis_server_packet_t:packet recv; +') + +######################################## +## +## Send and receive redis_server packets. +## +## +## +## Domain allowed access. +## +## +## +# +interface(`corenet_sendrecv_redis_server_packets',` + corenet_send_redis_server_packets($1) + corenet_receive_redis_server_packets($1) +') + +######################################## +## +## Do not audit attempts to send and receive redis_server packets. +## +## +## +## Domain to not audit. +## +## +## +# +interface(`corenet_dontaudit_sendrecv_redis_server_packets',` + corenet_dontaudit_send_redis_server_packets($1) + corenet_dontaudit_receive_redis_server_packets($1) +') + +######################################## +## +## Relabel packets to redis_server the packet type. +## +## +## +## Domain allowed access. +## +## +# +interface(`corenet_relabelto_redis_server_packets',` + gen_require(` + type redis_server_packet_t; + ') + + allow $1 redis_server_packet_t:packet relabelto; +') + + + + +######################################## +## ## Send and receive TCP traffic on the repository port. ## ##