diff --git a/Changelog b/Changelog index 7b9c456..75e2c07 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,4 @@ +- Remove node definitions and change node usage to generic nodes. - Add kernel_service access vectors, from Stephen Smalley. * Wed Dec 10 2008 Chris PeBenito - 2.20081210 diff --git a/policy/modules/admin/amanda.te b/policy/modules/admin/amanda.te index b54c008..668cc49 100644 --- a/policy/modules/admin/amanda.te +++ b/policy/modules/admin/amanda.te @@ -1,5 +1,5 @@ -policy_module(amanda, 1.11.1) +policy_module(amanda, 1.11.2) ####################################### # @@ -121,13 +121,13 @@ corenet_all_recvfrom_netlabel(amanda_t) corenet_tcp_sendrecv_generic_if(amanda_t) corenet_udp_sendrecv_generic_if(amanda_t) corenet_raw_sendrecv_generic_if(amanda_t) -corenet_tcp_sendrecv_all_nodes(amanda_t) -corenet_udp_sendrecv_all_nodes(amanda_t) -corenet_raw_sendrecv_all_nodes(amanda_t) +corenet_tcp_sendrecv_generic_node(amanda_t) +corenet_udp_sendrecv_generic_node(amanda_t) +corenet_raw_sendrecv_generic_node(amanda_t) corenet_tcp_sendrecv_all_ports(amanda_t) corenet_udp_sendrecv_all_ports(amanda_t) -corenet_tcp_bind_all_nodes(amanda_t) -corenet_udp_bind_all_nodes(amanda_t) +corenet_tcp_bind_generic_node(amanda_t) +corenet_udp_bind_generic_node(amanda_t) corenet_tcp_bind_all_rpc_ports(amanda_t) corenet_tcp_bind_generic_port(amanda_t) corenet_dontaudit_tcp_bind_all_ports(amanda_t) @@ -201,12 +201,12 @@ corenet_all_recvfrom_unlabeled(amanda_recover_t) corenet_all_recvfrom_netlabel(amanda_recover_t) corenet_tcp_sendrecv_generic_if(amanda_recover_t) corenet_udp_sendrecv_generic_if(amanda_recover_t) -corenet_tcp_sendrecv_all_nodes(amanda_recover_t) -corenet_udp_sendrecv_all_nodes(amanda_recover_t) +corenet_tcp_sendrecv_generic_node(amanda_recover_t) +corenet_udp_sendrecv_generic_node(amanda_recover_t) corenet_tcp_sendrecv_all_ports(amanda_recover_t) corenet_udp_sendrecv_all_ports(amanda_recover_t) -corenet_tcp_bind_all_nodes(amanda_recover_t) -corenet_udp_bind_all_nodes(amanda_recover_t) +corenet_tcp_bind_generic_node(amanda_recover_t) +corenet_udp_bind_generic_node(amanda_recover_t) corenet_tcp_bind_reserved_port(amanda_recover_t) corenet_tcp_connect_amanda_port(amanda_recover_t) corenet_sendrecv_amanda_client_packets(amanda_recover_t) diff --git a/policy/modules/admin/apt.te b/policy/modules/admin/apt.te index 38134d6..c79157a 100644 --- a/policy/modules/admin/apt.te +++ b/policy/modules/admin/apt.te @@ -1,5 +1,5 @@ -policy_module(apt, 1.5.1) +policy_module(apt, 1.5.2) ######################################## # @@ -83,13 +83,13 @@ corenet_all_recvfrom_unlabeled(apt_t) corenet_all_recvfrom_netlabel(apt_t) corenet_tcp_sendrecv_generic_if(apt_t) corenet_udp_sendrecv_generic_if(apt_t) -corenet_tcp_sendrecv_all_nodes(apt_t) -corenet_udp_sendrecv_all_nodes(apt_t) +corenet_tcp_sendrecv_generic_node(apt_t) +corenet_udp_sendrecv_generic_node(apt_t) corenet_tcp_sendrecv_all_ports(apt_t) corenet_udp_sendrecv_all_ports(apt_t) # TODO: reall allow all these? -corenet_tcp_bind_all_nodes(apt_t) -corenet_udp_bind_all_nodes(apt_t) +corenet_tcp_bind_generic_node(apt_t) +corenet_udp_bind_generic_node(apt_t) corenet_tcp_connect_all_ports(apt_t) corenet_sendrecv_all_client_packets(apt_t) diff --git a/policy/modules/admin/backup.te b/policy/modules/admin/backup.te index 5bb657a..10d07a2 100644 --- a/policy/modules/admin/backup.te +++ b/policy/modules/admin/backup.te @@ -1,5 +1,5 @@ -policy_module(backup, 1.4.0) +policy_module(backup, 1.4.1) ######################################## # @@ -42,9 +42,9 @@ corenet_all_recvfrom_netlabel(backup_t) corenet_tcp_sendrecv_generic_if(backup_t) corenet_udp_sendrecv_generic_if(backup_t) corenet_raw_sendrecv_generic_if(backup_t) -corenet_tcp_sendrecv_all_nodes(backup_t) -corenet_udp_sendrecv_all_nodes(backup_t) -corenet_raw_sendrecv_all_nodes(backup_t) +corenet_tcp_sendrecv_generic_node(backup_t) +corenet_udp_sendrecv_generic_node(backup_t) +corenet_raw_sendrecv_generic_node(backup_t) corenet_tcp_sendrecv_all_ports(backup_t) corenet_udp_sendrecv_all_ports(backup_t) corenet_tcp_connect_all_ports(backup_t) diff --git a/policy/modules/admin/dpkg.te b/policy/modules/admin/dpkg.te index 9e7fa1d..264a0ce 100644 --- a/policy/modules/admin/dpkg.te +++ b/policy/modules/admin/dpkg.te @@ -1,5 +1,5 @@ -policy_module(dpkg, 1.6.1) +policy_module(dpkg, 1.6.2) ######################################## # @@ -95,9 +95,9 @@ corenet_all_recvfrom_netlabel(dpkg_t) corenet_tcp_sendrecv_generic_if(dpkg_t) corenet_raw_sendrecv_generic_if(dpkg_t) corenet_udp_sendrecv_generic_if(dpkg_t) -corenet_tcp_sendrecv_all_nodes(dpkg_t) -corenet_raw_sendrecv_all_nodes(dpkg_t) -corenet_udp_sendrecv_all_nodes(dpkg_t) +corenet_tcp_sendrecv_generic_node(dpkg_t) +corenet_raw_sendrecv_generic_node(dpkg_t) +corenet_udp_sendrecv_generic_node(dpkg_t) corenet_tcp_sendrecv_all_ports(dpkg_t) corenet_udp_sendrecv_all_ports(dpkg_t) corenet_tcp_connect_all_ports(dpkg_t) diff --git a/policy/modules/admin/firstboot.te b/policy/modules/admin/firstboot.te index 1c31747..7a9ca25 100644 --- a/policy/modules/admin/firstboot.te +++ b/policy/modules/admin/firstboot.te @@ -1,5 +1,5 @@ -policy_module(firstboot, 1.9.1) +policy_module(firstboot, 1.9.2) gen_require(` class passwd rootok; @@ -40,7 +40,7 @@ kernel_read_kernel_sysctls(firstboot_t) corenet_all_recvfrom_unlabeled(firstboot_t) corenet_all_recvfrom_netlabel(firstboot_t) corenet_tcp_sendrecv_generic_if(firstboot_t) -corenet_tcp_sendrecv_all_nodes(firstboot_t) +corenet_tcp_sendrecv_generic_node(firstboot_t) corenet_tcp_sendrecv_all_ports(firstboot_t) dev_read_urand(firstboot_t) diff --git a/policy/modules/admin/mrtg.te b/policy/modules/admin/mrtg.te index 8884952..bd7d518 100644 --- a/policy/modules/admin/mrtg.te +++ b/policy/modules/admin/mrtg.te @@ -1,5 +1,5 @@ -policy_module(mrtg, 1.6.0) +policy_module(mrtg, 1.6.1) ######################################## # @@ -67,8 +67,8 @@ corenet_all_recvfrom_unlabeled(mrtg_t) corenet_all_recvfrom_netlabel(mrtg_t) corenet_tcp_sendrecv_generic_if(mrtg_t) corenet_udp_sendrecv_generic_if(mrtg_t) -corenet_tcp_sendrecv_all_nodes(mrtg_t) -corenet_udp_sendrecv_all_nodes(mrtg_t) +corenet_tcp_sendrecv_generic_node(mrtg_t) +corenet_udp_sendrecv_generic_node(mrtg_t) corenet_tcp_sendrecv_all_ports(mrtg_t) corenet_udp_sendrecv_all_ports(mrtg_t) corenet_tcp_connect_all_ports(mrtg_t) diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te index 216af75..5d3068b 100644 --- a/policy/modules/admin/netutils.te +++ b/policy/modules/admin/netutils.te @@ -1,5 +1,5 @@ -policy_module(netutils, 1.8.1) +policy_module(netutils, 1.8.2) ######################################## # @@ -57,9 +57,9 @@ corenet_all_recvfrom_netlabel(netutils_t) corenet_tcp_sendrecv_generic_if(netutils_t) corenet_raw_sendrecv_generic_if(netutils_t) corenet_udp_sendrecv_generic_if(netutils_t) -corenet_tcp_sendrecv_all_nodes(netutils_t) -corenet_raw_sendrecv_all_nodes(netutils_t) -corenet_udp_sendrecv_all_nodes(netutils_t) +corenet_tcp_sendrecv_generic_node(netutils_t) +corenet_raw_sendrecv_generic_node(netutils_t) +corenet_udp_sendrecv_generic_node(netutils_t) corenet_tcp_sendrecv_all_ports(netutils_t) corenet_udp_sendrecv_all_ports(netutils_t) corenet_tcp_connect_all_ports(netutils_t) @@ -116,9 +116,9 @@ corenet_all_recvfrom_unlabeled(ping_t) corenet_all_recvfrom_netlabel(ping_t) corenet_tcp_sendrecv_generic_if(ping_t) corenet_raw_sendrecv_generic_if(ping_t) -corenet_raw_sendrecv_all_nodes(ping_t) -corenet_raw_bind_all_nodes(ping_t) -corenet_tcp_sendrecv_all_nodes(ping_t) +corenet_raw_sendrecv_generic_node(ping_t) +corenet_tcp_sendrecv_generic_node(ping_t) +corenet_raw_bind_generic_node(ping_t) corenet_tcp_sendrecv_all_ports(ping_t) fs_dontaudit_getattr_xattr_fs(ping_t) @@ -171,15 +171,15 @@ corenet_all_recvfrom_netlabel(traceroute_t) corenet_tcp_sendrecv_generic_if(traceroute_t) corenet_udp_sendrecv_generic_if(traceroute_t) corenet_raw_sendrecv_generic_if(traceroute_t) -corenet_tcp_sendrecv_all_nodes(traceroute_t) -corenet_udp_sendrecv_all_nodes(traceroute_t) -corenet_raw_sendrecv_all_nodes(traceroute_t) +corenet_tcp_sendrecv_generic_node(traceroute_t) +corenet_udp_sendrecv_generic_node(traceroute_t) +corenet_raw_sendrecv_generic_node(traceroute_t) corenet_tcp_sendrecv_all_ports(traceroute_t) corenet_udp_sendrecv_all_ports(traceroute_t) -corenet_udp_bind_all_nodes(traceroute_t) -corenet_tcp_bind_all_nodes(traceroute_t) +corenet_udp_bind_generic_node(traceroute_t) +corenet_tcp_bind_generic_node(traceroute_t) # traceroute needs this but not tracepath -corenet_raw_bind_all_nodes(traceroute_t) +corenet_raw_bind_generic_node(traceroute_t) corenet_udp_bind_traceroute_port(traceroute_t) corenet_tcp_connect_all_ports(traceroute_t) corenet_sendrecv_all_client_packets(traceroute_t) diff --git a/policy/modules/admin/portage.if b/policy/modules/admin/portage.if index f4043c3..b6547f3 100644 --- a/policy/modules/admin/portage.if +++ b/policy/modules/admin/portage.if @@ -138,9 +138,9 @@ interface(`portage_compile_domain',` corenet_tcp_sendrecv_generic_if($1) corenet_udp_sendrecv_generic_if($1) corenet_raw_sendrecv_generic_if($1) - corenet_tcp_sendrecv_all_nodes($1) - corenet_udp_sendrecv_all_nodes($1) - corenet_raw_sendrecv_all_nodes($1) + corenet_tcp_sendrecv_generic_node($1) + corenet_udp_sendrecv_generic_node($1) + corenet_raw_sendrecv_generic_node($1) corenet_tcp_sendrecv_all_ports($1) corenet_udp_sendrecv_all_ports($1) corenet_tcp_connect_all_reserved_ports($1) diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te index 6eecc6a..f13a33c 100644 --- a/policy/modules/admin/portage.te +++ b/policy/modules/admin/portage.te @@ -1,5 +1,5 @@ -policy_module(portage, 1.7.0) +policy_module(portage, 1.7.1) ######################################## # @@ -222,7 +222,7 @@ corecmd_exec_bin(portage_fetch_t) corenet_all_recvfrom_unlabeled(portage_fetch_t) corenet_all_recvfrom_netlabel(portage_fetch_t) corenet_tcp_sendrecv_generic_if(portage_fetch_t) -corenet_tcp_sendrecv_all_nodes(portage_fetch_t) +corenet_tcp_sendrecv_generic_node(portage_fetch_t) corenet_tcp_sendrecv_all_ports(portage_fetch_t) # would rather not connect to unspecified ports, but # it occasionally comes up diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te index 388b0d9..a63f20a 100644 --- a/policy/modules/admin/rpm.te +++ b/policy/modules/admin/rpm.te @@ -1,5 +1,5 @@ -policy_module(rpm, 1.9.1) +policy_module(rpm, 1.9.2) ######################################## # @@ -97,9 +97,9 @@ corenet_all_recvfrom_netlabel(rpm_t) corenet_tcp_sendrecv_generic_if(rpm_t) corenet_raw_sendrecv_generic_if(rpm_t) corenet_udp_sendrecv_generic_if(rpm_t) -corenet_tcp_sendrecv_all_nodes(rpm_t) -corenet_raw_sendrecv_all_nodes(rpm_t) -corenet_udp_sendrecv_all_nodes(rpm_t) +corenet_tcp_sendrecv_generic_node(rpm_t) +corenet_raw_sendrecv_generic_node(rpm_t) +corenet_udp_sendrecv_generic_node(rpm_t) corenet_tcp_sendrecv_all_ports(rpm_t) corenet_udp_sendrecv_all_ports(rpm_t) corenet_tcp_connect_all_ports(rpm_t) diff --git a/policy/modules/admin/sxid.te b/policy/modules/admin/sxid.te index e70d591..a253e91 100644 --- a/policy/modules/admin/sxid.te +++ b/policy/modules/admin/sxid.te @@ -1,5 +1,5 @@ -policy_module(sxid, 1.4.0) +policy_module(sxid, 1.4.1) ######################################## # @@ -45,8 +45,8 @@ corenet_all_recvfrom_unlabeled(sxid_t) corenet_all_recvfrom_netlabel(sxid_t) corenet_tcp_sendrecv_generic_if(sxid_t) corenet_udp_sendrecv_generic_if(sxid_t) -corenet_tcp_sendrecv_all_nodes(sxid_t) -corenet_udp_sendrecv_all_nodes(sxid_t) +corenet_tcp_sendrecv_generic_node(sxid_t) +corenet_udp_sendrecv_generic_node(sxid_t) corenet_tcp_sendrecv_all_ports(sxid_t) corenet_udp_sendrecv_all_ports(sxid_t) diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te index 8b40f88..d3029b3 100644 --- a/policy/modules/admin/vpn.te +++ b/policy/modules/admin/vpn.te @@ -1,5 +1,5 @@ -policy_module(vpn, 1.10.1) +policy_module(vpn, 1.10.2) ######################################## # @@ -52,12 +52,12 @@ corenet_all_recvfrom_netlabel(vpnc_t) corenet_tcp_sendrecv_generic_if(vpnc_t) corenet_udp_sendrecv_generic_if(vpnc_t) corenet_raw_sendrecv_generic_if(vpnc_t) -corenet_tcp_sendrecv_all_nodes(vpnc_t) -corenet_udp_sendrecv_all_nodes(vpnc_t) -corenet_raw_sendrecv_all_nodes(vpnc_t) +corenet_tcp_sendrecv_generic_node(vpnc_t) +corenet_udp_sendrecv_generic_node(vpnc_t) +corenet_raw_sendrecv_generic_node(vpnc_t) corenet_tcp_sendrecv_all_ports(vpnc_t) corenet_udp_sendrecv_all_ports(vpnc_t) -corenet_udp_bind_all_nodes(vpnc_t) +corenet_udp_bind_generic_node(vpnc_t) corenet_udp_bind_generic_port(vpnc_t) corenet_udp_bind_isakmp_port(vpnc_t) corenet_udp_bind_ipsecnat_port(vpnc_t) diff --git a/policy/modules/apps/calamaris.te b/policy/modules/apps/calamaris.te index b8160c3..7bf1e41 100644 --- a/policy/modules/apps/calamaris.te +++ b/policy/modules/apps/calamaris.te @@ -1,5 +1,5 @@ -policy_module(calamaris, 1.4.0) +policy_module(calamaris, 1.4.1) ######################################## # @@ -44,8 +44,8 @@ corenet_all_recvfrom_unlabeled(calamaris_t) corenet_all_recvfrom_netlabel(calamaris_t) corenet_tcp_sendrecv_generic_if(calamaris_t) corenet_udp_sendrecv_generic_if(calamaris_t) -corenet_tcp_sendrecv_all_nodes(calamaris_t) -corenet_udp_sendrecv_all_nodes(calamaris_t) +corenet_tcp_sendrecv_generic_node(calamaris_t) +corenet_udp_sendrecv_generic_node(calamaris_t) corenet_tcp_sendrecv_all_ports(calamaris_t) corenet_udp_sendrecv_all_ports(calamaris_t) diff --git a/policy/modules/apps/evolution.te b/policy/modules/apps/evolution.te index c126b9a..8e56d61 100644 --- a/policy/modules/apps/evolution.te +++ b/policy/modules/apps/evolution.te @@ -1,5 +1,5 @@ -policy_module(evolution, 2.0.0) +policy_module(evolution, 2.0.1) ######################################## # @@ -167,8 +167,8 @@ corenet_all_recvfrom_netlabel(evolution_t) corenet_tcp_sendrecv_generic_if(evolution_t) corenet_udp_sendrecv_generic_if(evolution_t) corenet_raw_sendrecv_generic_if(evolution_t) -corenet_tcp_sendrecv_all_nodes(evolution_t) -corenet_udp_sendrecv_all_nodes(evolution_t) +corenet_tcp_sendrecv_generic_node(evolution_t) +corenet_udp_sendrecv_generic_node(evolution_t) corenet_tcp_sendrecv_pop_port(evolution_t) corenet_udp_sendrecv_pop_port(evolution_t) corenet_tcp_sendrecv_smtp_port(evolution_t) @@ -190,7 +190,7 @@ corenet_sendrecv_innd_client_packets(evolution_t) corenet_sendrecv_ldap_client_packets(evolution_t) corenet_sendrecv_ipp_client_packets(evolution_t) # not sure about this bind -corenet_udp_bind_all_nodes(evolution_t) +corenet_udp_bind_generic_node(evolution_t) corenet_udp_bind_generic_port(evolution_t) dev_read_urand(evolution_t) @@ -534,7 +534,7 @@ corecmd_exec_shell(evolution_server_t) corenet_all_recvfrom_unlabeled(evolution_server_t) corenet_all_recvfrom_netlabel(evolution_server_t) corenet_tcp_sendrecv_generic_if(evolution_server_t) -corenet_tcp_sendrecv_all_nodes(evolution_server_t) +corenet_tcp_sendrecv_generic_node(evolution_server_t) corenet_tcp_sendrecv_http_port(evolution_server_t) corenet_tcp_sendrecv_http_cache_port(evolution_server_t) corenet_tcp_connect_http_cache_port(evolution_server_t) @@ -602,8 +602,8 @@ corenet_all_recvfrom_unlabeled(evolution_webcal_t) corenet_all_recvfrom_netlabel(evolution_webcal_t) corenet_tcp_sendrecv_generic_if(evolution_webcal_t) corenet_raw_sendrecv_generic_if(evolution_webcal_t) -corenet_tcp_sendrecv_all_nodes(evolution_webcal_t) -corenet_raw_sendrecv_all_nodes(evolution_webcal_t) +corenet_tcp_sendrecv_generic_node(evolution_webcal_t) +corenet_raw_sendrecv_generic_node(evolution_webcal_t) corenet_tcp_sendrecv_http_port(evolution_webcal_t) corenet_tcp_sendrecv_http_cache_port(evolution_webcal_t) corenet_tcp_connect_http_cache_port(evolution_webcal_t) diff --git a/policy/modules/apps/games.te b/policy/modules/apps/games.te index eedbc4b..b090917 100644 --- a/policy/modules/apps/games.te +++ b/policy/modules/apps/games.te @@ -1,5 +1,5 @@ -policy_module(games, 2.0.0) +policy_module(games, 2.0.1) ######################################## # @@ -128,11 +128,11 @@ corenet_all_recvfrom_unlabeled(games_t) corenet_all_recvfrom_netlabel(games_t) corenet_tcp_sendrecv_generic_if(games_t) corenet_udp_sendrecv_generic_if(games_t) -corenet_tcp_sendrecv_all_nodes(games_t) -corenet_udp_sendrecv_all_nodes(games_t) +corenet_tcp_sendrecv_generic_node(games_t) +corenet_udp_sendrecv_generic_node(games_t) corenet_tcp_sendrecv_all_ports(games_t) corenet_udp_sendrecv_all_ports(games_t) -corenet_tcp_bind_all_nodes(games_t) +corenet_tcp_bind_generic_node(games_t) corenet_tcp_bind_generic_port(games_t) corenet_tcp_connect_generic_port(games_t) corenet_sendrecv_generic_client_packets(games_t) diff --git a/policy/modules/apps/gift.te b/policy/modules/apps/gift.te index b7c1e18..d3888ac 100644 --- a/policy/modules/apps/gift.te +++ b/policy/modules/apps/gift.te @@ -1,5 +1,5 @@ -policy_module(gift, 2.0.0) +policy_module(gift, 2.0.1) ######################################## # @@ -60,7 +60,7 @@ kernel_read_system_state(giftd_t) corenet_all_recvfrom_unlabeled(gift_t) corenet_all_recvfrom_netlabel(gift_t) corenet_tcp_sendrecv_generic_if(gift_t) -corenet_tcp_sendrecv_all_nodes(gift_t) +corenet_tcp_sendrecv_generic_node(gift_t) corenet_tcp_sendrecv_giftd_port(gift_t) corenet_tcp_connect_giftd_port(gift_t) corenet_sendrecv_giftd_client_packets(gift_t) @@ -115,12 +115,12 @@ corenet_all_recvfrom_unlabeled(giftd_t) corenet_all_recvfrom_netlabel(giftd_t) corenet_tcp_sendrecv_generic_if(giftd_t) corenet_udp_sendrecv_generic_if(giftd_t) -corenet_tcp_sendrecv_all_nodes(giftd_t) -corenet_udp_sendrecv_all_nodes(giftd_t) +corenet_tcp_sendrecv_generic_node(giftd_t) +corenet_udp_sendrecv_generic_node(giftd_t) corenet_tcp_sendrecv_all_ports(giftd_t) corenet_udp_sendrecv_all_ports(giftd_t) -corenet_tcp_bind_all_nodes(giftd_t) -corenet_udp_bind_all_nodes(giftd_t) +corenet_tcp_bind_generic_node(giftd_t) +corenet_udp_bind_generic_node(giftd_t) corenet_tcp_bind_all_ports(giftd_t) corenet_udp_bind_all_ports(giftd_t) corenet_tcp_connect_all_ports(giftd_t) diff --git a/policy/modules/apps/gpg.te b/policy/modules/apps/gpg.te index 297f4c0..1c19eb6 100644 --- a/policy/modules/apps/gpg.te +++ b/policy/modules/apps/gpg.te @@ -1,5 +1,5 @@ -policy_module(gpg, 2.0.1) +policy_module(gpg, 2.0.2) ######################################## # @@ -77,8 +77,8 @@ corenet_all_recvfrom_unlabeled(gpg_t) corenet_all_recvfrom_netlabel(gpg_t) corenet_tcp_sendrecv_generic_if(gpg_t) corenet_udp_sendrecv_generic_if(gpg_t) -corenet_tcp_sendrecv_all_nodes(gpg_t) -corenet_udp_sendrecv_all_nodes(gpg_t) +corenet_tcp_sendrecv_generic_node(gpg_t) +corenet_udp_sendrecv_generic_node(gpg_t) corenet_tcp_sendrecv_all_ports(gpg_t) corenet_udp_sendrecv_all_ports(gpg_t) corenet_tcp_connect_all_ports(gpg_t) @@ -127,13 +127,13 @@ corenet_all_recvfrom_netlabel(gpg_helper_t) corenet_tcp_sendrecv_generic_if(gpg_helper_t) corenet_raw_sendrecv_generic_if(gpg_helper_t) corenet_udp_sendrecv_generic_if(gpg_helper_t) -corenet_tcp_sendrecv_all_nodes(gpg_helper_t) -corenet_udp_sendrecv_all_nodes(gpg_helper_t) -corenet_raw_sendrecv_all_nodes(gpg_helper_t) +corenet_tcp_sendrecv_generic_node(gpg_helper_t) +corenet_udp_sendrecv_generic_node(gpg_helper_t) +corenet_raw_sendrecv_generic_node(gpg_helper_t) corenet_tcp_sendrecv_all_ports(gpg_helper_t) corenet_udp_sendrecv_all_ports(gpg_helper_t) -corenet_tcp_bind_all_nodes(gpg_helper_t) -corenet_udp_bind_all_nodes(gpg_helper_t) +corenet_tcp_bind_generic_node(gpg_helper_t) +corenet_udp_bind_generic_node(gpg_helper_t) corenet_tcp_connect_all_ports(gpg_helper_t) dev_read_urand(gpg_helper_t) diff --git a/policy/modules/apps/irc.te b/policy/modules/apps/irc.te index c8b6405..12826f9 100644 --- a/policy/modules/apps/irc.te +++ b/policy/modules/apps/irc.te @@ -1,5 +1,5 @@ -policy_module(irc, 2.0.0) +policy_module(irc, 2.0.1) ######################################## # @@ -51,8 +51,8 @@ corenet_all_recvfrom_unlabeled(irc_t) corenet_all_recvfrom_netlabel(irc_t) corenet_tcp_sendrecv_generic_if(irc_t) corenet_udp_sendrecv_generic_if(irc_t) -corenet_tcp_sendrecv_all_nodes(irc_t) -corenet_udp_sendrecv_all_nodes(irc_t) +corenet_tcp_sendrecv_generic_node(irc_t) +corenet_udp_sendrecv_generic_node(irc_t) corenet_tcp_sendrecv_all_ports(irc_t) corenet_udp_sendrecv_all_ports(irc_t) corenet_sendrecv_ircd_client_packets(irc_t) diff --git a/policy/modules/apps/java.te b/policy/modules/apps/java.te index 1f866e7..1b197c0 100644 --- a/policy/modules/apps/java.te +++ b/policy/modules/apps/java.te @@ -1,5 +1,5 @@ -policy_module(java, 2.0.0) +policy_module(java, 2.0.1) ######################################## # @@ -69,8 +69,8 @@ corenet_all_recvfrom_unlabeled(java_t) corenet_all_recvfrom_netlabel(java_t) corenet_tcp_sendrecv_generic_if(java_t) corenet_udp_sendrecv_generic_if(java_t) -corenet_tcp_sendrecv_all_nodes(java_t) -corenet_udp_sendrecv_all_nodes(java_t) +corenet_tcp_sendrecv_generic_node(java_t) +corenet_udp_sendrecv_generic_node(java_t) corenet_tcp_sendrecv_all_ports(java_t) corenet_udp_sendrecv_all_ports(java_t) corenet_tcp_connect_all_ports(java_t) diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te index 55576bc..ec72341 100644 --- a/policy/modules/apps/mozilla.te +++ b/policy/modules/apps/mozilla.te @@ -1,5 +1,5 @@ -policy_module(mozilla, 2.0.0) +policy_module(mozilla, 2.0.1) ######################################## # @@ -86,8 +86,8 @@ corenet_all_recvfrom_unlabeled(mozilla_t) corenet_all_recvfrom_netlabel(mozilla_t) corenet_tcp_sendrecv_generic_if(mozilla_t) corenet_raw_sendrecv_generic_if(mozilla_t) -corenet_tcp_sendrecv_all_nodes(mozilla_t) -corenet_raw_sendrecv_all_nodes(mozilla_t) +corenet_tcp_sendrecv_generic_node(mozilla_t) +corenet_raw_sendrecv_generic_node(mozilla_t) corenet_tcp_sendrecv_http_port(mozilla_t) corenet_tcp_sendrecv_http_cache_port(mozilla_t) corenet_tcp_sendrecv_ftp_port(mozilla_t) diff --git a/policy/modules/apps/qemu.if b/policy/modules/apps/qemu.if index 58eda0b..83fde84 100644 --- a/policy/modules/apps/qemu.if +++ b/policy/modules/apps/qemu.if @@ -159,9 +159,9 @@ template(`qemu_domain_template',` corenet_all_recvfrom_unlabeled($1_t) corenet_all_recvfrom_netlabel($1_t) corenet_tcp_sendrecv_generic_if($1_t) - corenet_tcp_sendrecv_all_nodes($1_t) + corenet_tcp_sendrecv_generic_node($1_t) corenet_tcp_sendrecv_all_ports($1_t) - corenet_tcp_bind_all_nodes($1_t) + corenet_tcp_bind_generic_node($1_t) corenet_tcp_bind_vnc_port($1_t) corenet_rw_tun_tap_dev($1_t) diff --git a/policy/modules/apps/qemu.te b/policy/modules/apps/qemu.te index 3c0e268..4a6f5fc 100644 --- a/policy/modules/apps/qemu.te +++ b/policy/modules/apps/qemu.te @@ -1,5 +1,5 @@ -policy_module(qemu, 1.1.1) +policy_module(qemu, 1.1.2) ######################################## # diff --git a/policy/modules/apps/screen.if b/policy/modules/apps/screen.if index d2d314f..0802020 100644 --- a/policy/modules/apps/screen.if +++ b/policy/modules/apps/screen.if @@ -96,8 +96,8 @@ template(`screen_role_template',` corenet_all_recvfrom_netlabel($1_screen_t) corenet_tcp_sendrecv_generic_if($1_screen_t) corenet_udp_sendrecv_generic_if($1_screen_t) - corenet_tcp_sendrecv_all_nodes($1_screen_t) - corenet_udp_sendrecv_all_nodes($1_screen_t) + corenet_tcp_sendrecv_generic_node($1_screen_t) + corenet_udp_sendrecv_generic_node($1_screen_t) corenet_tcp_sendrecv_all_ports($1_screen_t) corenet_udp_sendrecv_all_ports($1_screen_t) corenet_tcp_connect_all_ports($1_screen_t) diff --git a/policy/modules/apps/screen.te b/policy/modules/apps/screen.te index 554eebe..a249b97 100644 --- a/policy/modules/apps/screen.te +++ b/policy/modules/apps/screen.te @@ -1,5 +1,5 @@ -policy_module(screen, 2.0.0) +policy_module(screen, 2.0.1) ######################################## # diff --git a/policy/modules/apps/thunderbird.te b/policy/modules/apps/thunderbird.te index 8c0faea..b0aeff3 100644 --- a/policy/modules/apps/thunderbird.te +++ b/policy/modules/apps/thunderbird.te @@ -1,5 +1,5 @@ -policy_module(thunderbird, 2.0.0) +policy_module(thunderbird, 2.0.1) ######################################## # @@ -61,7 +61,7 @@ corecmd_exec_shell(thunderbird_t) corenet_all_recvfrom_unlabeled(thunderbird_t) corenet_all_recvfrom_netlabel(thunderbird_t) corenet_tcp_sendrecv_generic_if(thunderbird_t) -corenet_tcp_sendrecv_all_nodes(thunderbird_t) +corenet_tcp_sendrecv_generic_node(thunderbird_t) corenet_tcp_sendrecv_ipp_port(thunderbird_t) corenet_tcp_sendrecv_ldap_port(thunderbird_t) corenet_tcp_sendrecv_innd_port(thunderbird_t) diff --git a/policy/modules/apps/uml.te b/policy/modules/apps/uml.te index 84b8efd..4d8f914 100644 --- a/policy/modules/apps/uml.te +++ b/policy/modules/apps/uml.te @@ -1,5 +1,5 @@ -policy_module(uml, 2.0.0) +policy_module(uml, 2.0.1) ######################################## # @@ -106,8 +106,8 @@ corenet_all_recvfrom_unlabeled(uml_t) corenet_all_recvfrom_netlabel(uml_t) corenet_tcp_sendrecv_generic_if(uml_t) corenet_udp_sendrecv_generic_if(uml_t) -corenet_tcp_sendrecv_all_nodes(uml_t) -corenet_udp_sendrecv_all_nodes(uml_t) +corenet_tcp_sendrecv_generic_node(uml_t) +corenet_udp_sendrecv_generic_node(uml_t) corenet_tcp_sendrecv_all_ports(uml_t) corenet_udp_sendrecv_all_ports(uml_t) corenet_tcp_connect_all_ports(uml_t) diff --git a/policy/modules/apps/vmware.te b/policy/modules/apps/vmware.te index 8cc3a31..02e5782 100644 --- a/policy/modules/apps/vmware.te +++ b/policy/modules/apps/vmware.te @@ -1,5 +1,5 @@ -policy_module(vmware, 2.0.0) +policy_module(vmware, 2.0.1) ######################################## # @@ -92,14 +92,14 @@ corenet_all_recvfrom_netlabel(vmware_host_t) corenet_tcp_sendrecv_generic_if(vmware_host_t) corenet_udp_sendrecv_generic_if(vmware_host_t) corenet_raw_sendrecv_generic_if(vmware_host_t) -corenet_tcp_sendrecv_all_nodes(vmware_host_t) -corenet_udp_sendrecv_all_nodes(vmware_host_t) -corenet_raw_sendrecv_all_nodes(vmware_host_t) +corenet_tcp_sendrecv_generic_node(vmware_host_t) +corenet_udp_sendrecv_generic_node(vmware_host_t) +corenet_raw_sendrecv_generic_node(vmware_host_t) corenet_tcp_sendrecv_all_ports(vmware_host_t) corenet_udp_sendrecv_all_ports(vmware_host_t) -corenet_raw_bind_all_nodes(vmware_host_t) -corenet_tcp_bind_all_nodes(vmware_host_t) -corenet_udp_bind_all_nodes(vmware_host_t) +corenet_raw_bind_generic_node(vmware_host_t) +corenet_tcp_bind_generic_node(vmware_host_t) +corenet_udp_bind_generic_node(vmware_host_t) corenet_tcp_connect_all_ports(vmware_host_t) corenet_sendrecv_all_client_packets(vmware_host_t) corenet_sendrecv_all_server_packets(vmware_host_t) diff --git a/policy/modules/apps/webalizer.te b/policy/modules/apps/webalizer.te index 059d956..2bee666 100644 --- a/policy/modules/apps/webalizer.te +++ b/policy/modules/apps/webalizer.te @@ -1,5 +1,5 @@ -policy_module(webalizer, 1.8.1) +policy_module(webalizer, 1.8.2) ######################################## # @@ -63,7 +63,7 @@ kernel_read_system_state(webalizer_t) corenet_all_recvfrom_unlabeled(webalizer_t) corenet_all_recvfrom_netlabel(webalizer_t) corenet_tcp_sendrecv_generic_if(webalizer_t) -corenet_tcp_sendrecv_all_nodes(webalizer_t) +corenet_tcp_sendrecv_generic_node(webalizer_t) corenet_tcp_sendrecv_all_ports(webalizer_t) fs_search_auto_mountpoints(webalizer_t) diff --git a/policy/modules/apps/yam.te b/policy/modules/apps/yam.te index 36f581f..49ac790 100644 --- a/policy/modules/apps/yam.te +++ b/policy/modules/apps/yam.te @@ -1,5 +1,5 @@ -policy_module(yam, 1.3.0) +policy_module(yam, 1.3.1) ######################################## # @@ -62,7 +62,7 @@ corecmd_exec_bin(yam_t) corenet_all_recvfrom_unlabeled(yam_t) corenet_all_recvfrom_netlabel(yam_t) corenet_tcp_sendrecv_generic_if(yam_t) -corenet_tcp_sendrecv_all_nodes(yam_t) +corenet_tcp_sendrecv_generic_node(yam_t) corenet_tcp_sendrecv_all_ports(yam_t) corenet_tcp_connect_http_port(yam_t) corenet_tcp_connect_rsync_port(yam_t) diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in index f57219f..b138740 100644 --- a/policy/modules/kernel/corenetwork.if.in +++ b/policy/modules/kernel/corenetwork.if.in @@ -591,6 +591,25 @@ interface(`corenet_udp_bind_generic_node',` ######################################## ## +## Bind raw sockets to genric nodes. +## +## +## +## The type of the process performing this action. +## +## +# rawip_socket node_bind does not make much sense. +# cjp: vmware hits this too +interface(`corenet_raw_bind_generic_node',` + gen_require(` + type node_t; + ') + + allow $1 node_t:rawip_socket node_bind; +') + +######################################## +## ## Send and receive TCP network traffic on all nodes. ## ## diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in index 1c74662..ab1a321 100644 --- a/policy/modules/kernel/corenetwork.te.in +++ b/policy/modules/kernel/corenetwork.te.in @@ -1,5 +1,5 @@ -policy_module(corenetwork, 1.11.0) +policy_module(corenetwork, 1.11.1) ######################################## # @@ -207,15 +207,9 @@ portcon udp 1-599 gen_context(system_u:object_r:reserved_port_t, s0) type node_t, node_type; sid node gen_context(system_u:object_r:node_t,s0 - mls_systemhigh) -network_node(compat_ipv4, s0, ::, ffff:ffff:ffff:ffff:ffff:ffff::) -network_node(inaddr_any, s0, 0.0.0.0, 255.255.255.255) -type node_internal_t, node_type; dnl network_node(internal, s0, , ) # no nodecon for this in current strict policy -network_node(link_local, s0, fe80::, ffff:ffff:ffff:ffff::, ) -network_node(lo, s0 - mls_systemhigh, 127.0.0.1, 255.255.255.255) -network_node(mapped_ipv4, s0, ::ffff:0000:0000, ffff:ffff:ffff:ffff:ffff:ffff::) -network_node(multicast, s0 - mls_systemhigh, ff00::, ff00::) -network_node(site_local, s0, fec0::, ffc0::) -network_node(unspec, s0, ::, ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) +# network_node examples: +#network_node(lo, s0 - mls_systemhigh, 127.0.0.1, 255.255.255.255) +#network_node(multicast, s0 - mls_systemhigh, ff00::, ff00::) ######################################## # diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te index df65cda..fce1402 100644 --- a/policy/modules/kernel/kernel.te +++ b/policy/modules/kernel/kernel.te @@ -1,5 +1,5 @@ -policy_module(kernel, 1.10.1) +policy_module(kernel, 1.10.2) ######################################## # @@ -234,7 +234,6 @@ corenet_raw_send_generic_if(kernel_t) corenet_tcp_sendrecv_all_if(kernel_t) corenet_tcp_sendrecv_all_nodes(kernel_t) corenet_raw_send_generic_node(kernel_t) -corenet_raw_send_multicast_node(kernel_t) corenet_send_all_packets(kernel_t) dev_read_sysfs(kernel_t) @@ -312,9 +311,9 @@ optional_policy(` # nfs kernel server needs kernel UDP access. It is less risky and painful # to just give it everything. corenet_udp_sendrecv_generic_if(kernel_t) - corenet_udp_sendrecv_all_nodes(kernel_t) + corenet_udp_sendrecv_generic_node(kernel_t) corenet_udp_sendrecv_all_ports(kernel_t) - corenet_udp_bind_all_nodes(kernel_t) + corenet_udp_bind_generic_node(kernel_t) corenet_sendrecv_portmap_client_packets(kernel_t) corenet_sendrecv_generic_server_packets(kernel_t) diff --git a/policy/modules/services/afs.te b/policy/modules/services/afs.te index b50cafb..2114d00 100644 --- a/policy/modules/services/afs.te +++ b/policy/modules/services/afs.te @@ -1,5 +1,5 @@ -policy_module(afs, 1.4.0) +policy_module(afs, 1.4.1) ######################################## # @@ -93,11 +93,11 @@ corenet_all_recvfrom_unlabeled(afs_bosserver_t) corenet_all_recvfrom_netlabel(afs_bosserver_t) corenet_tcp_sendrecv_generic_if(afs_bosserver_t) corenet_udp_sendrecv_generic_if(afs_bosserver_t) -corenet_tcp_sendrecv_all_nodes(afs_bosserver_t) -corenet_udp_sendrecv_all_nodes(afs_bosserver_t) +corenet_tcp_sendrecv_generic_node(afs_bosserver_t) +corenet_udp_sendrecv_generic_node(afs_bosserver_t) corenet_tcp_sendrecv_all_ports(afs_bosserver_t) corenet_udp_sendrecv_all_ports(afs_bosserver_t) -corenet_udp_bind_all_nodes(afs_bosserver_t) +corenet_udp_bind_generic_node(afs_bosserver_t) corenet_udp_bind_afs_bos_port(afs_bosserver_t) corenet_sendrecv_afs_bos_server_packets(afs_bosserver_t) @@ -147,14 +147,14 @@ kernel_read_kernel_sysctls(afs_fsserver_t) corenet_tcp_sendrecv_generic_if(afs_fsserver_t) corenet_udp_sendrecv_generic_if(afs_fsserver_t) -corenet_tcp_sendrecv_all_nodes(afs_fsserver_t) -corenet_udp_sendrecv_all_nodes(afs_fsserver_t) +corenet_tcp_sendrecv_generic_node(afs_fsserver_t) +corenet_udp_sendrecv_generic_node(afs_fsserver_t) corenet_tcp_sendrecv_all_ports(afs_fsserver_t) corenet_udp_sendrecv_all_ports(afs_fsserver_t) corenet_all_recvfrom_unlabeled(afs_fsserver_t) corenet_all_recvfrom_netlabel(afs_fsserver_t) -corenet_tcp_bind_all_nodes(afs_fsserver_t) -corenet_udp_bind_all_nodes(afs_fsserver_t) +corenet_tcp_bind_generic_node(afs_fsserver_t) +corenet_udp_bind_generic_node(afs_fsserver_t) corenet_tcp_bind_afs_fs_port(afs_fsserver_t) corenet_udp_bind_afs_fs_port(afs_fsserver_t) corenet_sendrecv_afs_fs_server_packets(afs_fsserver_t) @@ -205,11 +205,11 @@ corenet_all_recvfrom_unlabeled(afs_kaserver_t) corenet_all_recvfrom_netlabel(afs_kaserver_t) corenet_tcp_sendrecv_generic_if(afs_kaserver_t) corenet_udp_sendrecv_generic_if(afs_kaserver_t) -corenet_tcp_sendrecv_all_nodes(afs_kaserver_t) -corenet_udp_sendrecv_all_nodes(afs_kaserver_t) +corenet_tcp_sendrecv_generic_node(afs_kaserver_t) +corenet_udp_sendrecv_generic_node(afs_kaserver_t) corenet_tcp_sendrecv_all_ports(afs_kaserver_t) corenet_udp_sendrecv_all_ports(afs_kaserver_t) -corenet_udp_bind_all_nodes(afs_kaserver_t) +corenet_udp_bind_generic_node(afs_kaserver_t) corenet_udp_bind_afs_ka_port(afs_kaserver_t) corenet_udp_bind_kerberos_port(afs_kaserver_t) corenet_sendrecv_afs_ka_server_packets(afs_kaserver_t) @@ -249,11 +249,11 @@ corenet_all_recvfrom_unlabeled(afs_ptserver_t) corenet_all_recvfrom_netlabel(afs_ptserver_t) corenet_tcp_sendrecv_generic_if(afs_ptserver_t) corenet_udp_sendrecv_generic_if(afs_ptserver_t) -corenet_tcp_sendrecv_all_nodes(afs_ptserver_t) -corenet_udp_sendrecv_all_nodes(afs_ptserver_t) +corenet_tcp_sendrecv_generic_node(afs_ptserver_t) +corenet_udp_sendrecv_generic_node(afs_ptserver_t) corenet_tcp_sendrecv_all_ports(afs_ptserver_t) corenet_udp_sendrecv_all_ports(afs_ptserver_t) -corenet_udp_bind_all_nodes(afs_ptserver_t) +corenet_udp_bind_generic_node(afs_ptserver_t) corenet_udp_bind_afs_pt_port(afs_ptserver_t) corenet_sendrecv_afs_pt_server_packets(afs_ptserver_t) @@ -287,11 +287,11 @@ corenet_all_recvfrom_unlabeled(afs_vlserver_t) corenet_all_recvfrom_netlabel(afs_vlserver_t) corenet_tcp_sendrecv_generic_if(afs_vlserver_t) corenet_udp_sendrecv_generic_if(afs_vlserver_t) -corenet_tcp_sendrecv_all_nodes(afs_vlserver_t) -corenet_udp_sendrecv_all_nodes(afs_vlserver_t) +corenet_tcp_sendrecv_generic_node(afs_vlserver_t) +corenet_udp_sendrecv_generic_node(afs_vlserver_t) corenet_tcp_sendrecv_all_ports(afs_vlserver_t) corenet_udp_sendrecv_all_ports(afs_vlserver_t) -corenet_udp_bind_all_nodes(afs_vlserver_t) +corenet_udp_bind_generic_node(afs_vlserver_t) corenet_udp_bind_afs_vl_port(afs_vlserver_t) corenet_sendrecv_afs_vl_server_packets(afs_vlserver_t) diff --git a/policy/modules/services/amavis.te b/policy/modules/services/amavis.te index 11eb7cd..04d430a 100644 --- a/policy/modules/services/amavis.te +++ b/policy/modules/services/amavis.te @@ -1,5 +1,5 @@ -policy_module(amavis, 1.9.1) +policy_module(amavis, 1.9.2) ######################################## # @@ -109,9 +109,9 @@ corecmd_exec_bin(amavis_t) corenet_all_recvfrom_unlabeled(amavis_t) corenet_all_recvfrom_netlabel(amavis_t) corenet_tcp_sendrecv_generic_if(amavis_t) -corenet_tcp_sendrecv_all_nodes(amavis_t) -corenet_tcp_bind_all_nodes(amavis_t) -corenet_udp_bind_all_nodes(amavis_t) +corenet_tcp_sendrecv_generic_node(amavis_t) +corenet_tcp_bind_generic_node(amavis_t) +corenet_udp_bind_generic_node(amavis_t) # amavis uses well-defined ports corenet_tcp_sendrecv_amavisd_recv_port(amavis_t) corenet_tcp_sendrecv_amavisd_send_port(amavis_t) diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if index 24a788e..6e42924 100644 --- a/policy/modules/services/apache.if +++ b/policy/modules/services/apache.if @@ -183,8 +183,8 @@ template(`apache_content_template',` corenet_all_recvfrom_netlabel(httpd_$1_script_t) corenet_tcp_sendrecv_generic_if(httpd_$1_script_t) corenet_udp_sendrecv_generic_if(httpd_$1_script_t) - corenet_tcp_sendrecv_all_nodes(httpd_$1_script_t) - corenet_udp_sendrecv_all_nodes(httpd_$1_script_t) + corenet_tcp_sendrecv_generic_node(httpd_$1_script_t) + corenet_udp_sendrecv_generic_node(httpd_$1_script_t) corenet_tcp_sendrecv_all_ports(httpd_$1_script_t) corenet_udp_sendrecv_all_ports(httpd_$1_script_t) @@ -199,8 +199,8 @@ template(`apache_content_template',` corenet_all_recvfrom_netlabel(httpd_$1_script_t) corenet_tcp_sendrecv_generic_if(httpd_$1_script_t) corenet_udp_sendrecv_generic_if(httpd_$1_script_t) - corenet_tcp_sendrecv_all_nodes(httpd_$1_script_t) - corenet_udp_sendrecv_all_nodes(httpd_$1_script_t) + corenet_tcp_sendrecv_generic_node(httpd_$1_script_t) + corenet_udp_sendrecv_generic_node(httpd_$1_script_t) corenet_tcp_sendrecv_all_ports(httpd_$1_script_t) corenet_udp_sendrecv_all_ports(httpd_$1_script_t) corenet_tcp_connect_all_ports(httpd_$1_script_t) diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te index 9aaf134..cf86f52 100644 --- a/policy/modules/services/apache.te +++ b/policy/modules/services/apache.te @@ -1,5 +1,5 @@ -policy_module(apache, 2.0.1) +policy_module(apache, 2.0.2) # # NOTES: @@ -317,11 +317,11 @@ corenet_all_recvfrom_unlabeled(httpd_t) corenet_all_recvfrom_netlabel(httpd_t) corenet_tcp_sendrecv_generic_if(httpd_t) corenet_udp_sendrecv_generic_if(httpd_t) -corenet_tcp_sendrecv_all_nodes(httpd_t) -corenet_udp_sendrecv_all_nodes(httpd_t) +corenet_tcp_sendrecv_generic_node(httpd_t) +corenet_udp_sendrecv_generic_node(httpd_t) corenet_tcp_sendrecv_all_ports(httpd_t) corenet_udp_sendrecv_all_ports(httpd_t) -corenet_tcp_bind_all_nodes(httpd_t) +corenet_tcp_bind_generic_node(httpd_t) corenet_tcp_bind_http_port(httpd_t) corenet_tcp_bind_http_cache_port(httpd_t) corenet_sendrecv_http_server_packets(httpd_t) @@ -633,8 +633,8 @@ tunable_policy(`httpd_can_network_connect',` corenet_all_recvfrom_netlabel(httpd_suexec_t) corenet_tcp_sendrecv_generic_if(httpd_suexec_t) corenet_udp_sendrecv_generic_if(httpd_suexec_t) - corenet_tcp_sendrecv_all_nodes(httpd_suexec_t) - corenet_udp_sendrecv_all_nodes(httpd_suexec_t) + corenet_tcp_sendrecv_generic_node(httpd_suexec_t) + corenet_udp_sendrecv_generic_node(httpd_suexec_t) corenet_tcp_sendrecv_all_ports(httpd_suexec_t) corenet_udp_sendrecv_all_ports(httpd_suexec_t) corenet_tcp_connect_all_ports(httpd_suexec_t) diff --git a/policy/modules/services/apcupsd.te b/policy/modules/services/apcupsd.te index 4039c96..3cea8fb 100644 --- a/policy/modules/services/apcupsd.te +++ b/policy/modules/services/apcupsd.te @@ -1,5 +1,5 @@ -policy_module(apcupsd, 1.5.1) +policy_module(apcupsd, 1.5.2) ######################################## # @@ -57,9 +57,9 @@ corecmd_exec_shell(apcupsd_t) corenet_all_recvfrom_unlabeled(apcupsd_t) corenet_all_recvfrom_netlabel(apcupsd_t) corenet_tcp_sendrecv_generic_if(apcupsd_t) -corenet_tcp_sendrecv_all_nodes(apcupsd_t) +corenet_tcp_sendrecv_generic_node(apcupsd_t) corenet_tcp_sendrecv_all_ports(apcupsd_t) -corenet_tcp_bind_all_nodes(apcupsd_t) +corenet_tcp_bind_generic_node(apcupsd_t) corenet_tcp_bind_apcupsd_port(apcupsd_t) corenet_sendrecv_apcupsd_server_packets(apcupsd_t) corenet_tcp_connect_apcupsd_port(apcupsd_t) @@ -113,11 +113,11 @@ optional_policy(` corenet_all_recvfrom_unlabeled(httpd_apcupsd_cgi_script_t) corenet_all_recvfrom_netlabel(httpd_apcupsd_cgi_script_t) corenet_tcp_sendrecv_generic_if(httpd_apcupsd_cgi_script_t) - corenet_tcp_sendrecv_all_nodes(httpd_apcupsd_cgi_script_t) + corenet_tcp_sendrecv_generic_node(httpd_apcupsd_cgi_script_t) corenet_tcp_sendrecv_all_ports(httpd_apcupsd_cgi_script_t) corenet_tcp_connect_apcupsd_port(httpd_apcupsd_cgi_script_t) corenet_udp_sendrecv_generic_if(httpd_apcupsd_cgi_script_t) - corenet_udp_sendrecv_all_nodes(httpd_apcupsd_cgi_script_t) + corenet_udp_sendrecv_generic_node(httpd_apcupsd_cgi_script_t) corenet_udp_sendrecv_all_ports(httpd_apcupsd_cgi_script_t) sysnet_dns_name_resolve(httpd_apcupsd_cgi_script_t) diff --git a/policy/modules/services/arpwatch.te b/policy/modules/services/arpwatch.te index 2fbd52e..b563ca3 100644 --- a/policy/modules/services/arpwatch.te +++ b/policy/modules/services/arpwatch.te @@ -1,5 +1,5 @@ -policy_module(arpwatch, 1.7.1) +policy_module(arpwatch, 1.7.2) ######################################## # @@ -55,9 +55,9 @@ corenet_all_recvfrom_netlabel(arpwatch_t) corenet_tcp_sendrecv_generic_if(arpwatch_t) corenet_udp_sendrecv_generic_if(arpwatch_t) corenet_raw_sendrecv_generic_if(arpwatch_t) -corenet_tcp_sendrecv_all_nodes(arpwatch_t) -corenet_udp_sendrecv_all_nodes(arpwatch_t) -corenet_raw_sendrecv_all_nodes(arpwatch_t) +corenet_tcp_sendrecv_generic_node(arpwatch_t) +corenet_udp_sendrecv_generic_node(arpwatch_t) +corenet_raw_sendrecv_generic_node(arpwatch_t) corenet_tcp_sendrecv_all_ports(arpwatch_t) corenet_udp_sendrecv_all_ports(arpwatch_t) diff --git a/policy/modules/services/asterisk.te b/policy/modules/services/asterisk.te index 2bbbab6..bdb095f 100644 --- a/policy/modules/services/asterisk.te +++ b/policy/modules/services/asterisk.te @@ -1,5 +1,5 @@ -policy_module(asterisk, 1.6.0) +policy_module(asterisk, 1.6.1) ######################################## # @@ -89,12 +89,12 @@ corenet_all_recvfrom_unlabeled(asterisk_t) corenet_all_recvfrom_netlabel(asterisk_t) corenet_tcp_sendrecv_generic_if(asterisk_t) corenet_udp_sendrecv_generic_if(asterisk_t) -corenet_tcp_sendrecv_all_nodes(asterisk_t) -corenet_udp_sendrecv_all_nodes(asterisk_t) +corenet_tcp_sendrecv_generic_node(asterisk_t) +corenet_udp_sendrecv_generic_node(asterisk_t) corenet_tcp_sendrecv_all_ports(asterisk_t) corenet_udp_sendrecv_all_ports(asterisk_t) -corenet_tcp_bind_all_nodes(asterisk_t) -corenet_udp_bind_all_nodes(asterisk_t) +corenet_tcp_bind_generic_node(asterisk_t) +corenet_udp_bind_generic_node(asterisk_t) corenet_tcp_bind_asterisk_port(asterisk_t) corenet_udp_bind_asterisk_port(asterisk_t) corenet_sendrecv_asterisk_server_packets(asterisk_t) diff --git a/policy/modules/services/automount.te b/policy/modules/services/automount.te index abb9a67..c17c4db 100644 --- a/policy/modules/services/automount.te +++ b/policy/modules/services/automount.te @@ -1,5 +1,5 @@ -policy_module(automount, 1.11.0) +policy_module(automount, 1.11.1) ######################################## # @@ -82,12 +82,12 @@ corenet_all_recvfrom_unlabeled(automount_t) corenet_all_recvfrom_netlabel(automount_t) corenet_tcp_sendrecv_generic_if(automount_t) corenet_udp_sendrecv_generic_if(automount_t) -corenet_tcp_sendrecv_all_nodes(automount_t) -corenet_udp_sendrecv_all_nodes(automount_t) +corenet_tcp_sendrecv_generic_node(automount_t) +corenet_udp_sendrecv_generic_node(automount_t) corenet_tcp_sendrecv_all_ports(automount_t) corenet_udp_sendrecv_all_ports(automount_t) -corenet_tcp_bind_all_nodes(automount_t) -corenet_udp_bind_all_nodes(automount_t) +corenet_tcp_bind_generic_node(automount_t) +corenet_udp_bind_generic_node(automount_t) corenet_tcp_connect_portmap_port(automount_t) corenet_tcp_connect_all_ports(automount_t) corenet_dontaudit_tcp_connect_all_reserved_ports(automount_t) diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te index 3e339e4..12e4a8c 100644 --- a/policy/modules/services/avahi.te +++ b/policy/modules/services/avahi.te @@ -1,5 +1,5 @@ -policy_module(avahi, 1.10.1) +policy_module(avahi, 1.10.2) ######################################## # @@ -51,12 +51,12 @@ corenet_all_recvfrom_unlabeled(avahi_t) corenet_all_recvfrom_netlabel(avahi_t) corenet_tcp_sendrecv_generic_if(avahi_t) corenet_udp_sendrecv_generic_if(avahi_t) -corenet_tcp_sendrecv_all_nodes(avahi_t) -corenet_udp_sendrecv_all_nodes(avahi_t) +corenet_tcp_sendrecv_generic_node(avahi_t) +corenet_udp_sendrecv_generic_node(avahi_t) corenet_tcp_sendrecv_all_ports(avahi_t) corenet_udp_sendrecv_all_ports(avahi_t) -corenet_tcp_bind_all_nodes(avahi_t) -corenet_udp_bind_all_nodes(avahi_t) +corenet_tcp_bind_generic_node(avahi_t) +corenet_udp_bind_generic_node(avahi_t) corenet_tcp_bind_howl_port(avahi_t) corenet_udp_bind_howl_port(avahi_t) corenet_send_howl_client_packets(avahi_t) diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te index 28bf9de..2c43859 100644 --- a/policy/modules/services/bind.te +++ b/policy/modules/services/bind.te @@ -1,5 +1,5 @@ -policy_module(bind, 1.9.1) +policy_module(bind, 1.9.2) ######################################## # @@ -109,12 +109,12 @@ corenet_all_recvfrom_unlabeled(named_t) corenet_all_recvfrom_netlabel(named_t) corenet_tcp_sendrecv_generic_if(named_t) corenet_udp_sendrecv_generic_if(named_t) -corenet_tcp_sendrecv_all_nodes(named_t) -corenet_udp_sendrecv_all_nodes(named_t) +corenet_tcp_sendrecv_generic_node(named_t) +corenet_udp_sendrecv_generic_node(named_t) corenet_tcp_sendrecv_all_ports(named_t) corenet_udp_sendrecv_all_ports(named_t) -corenet_tcp_bind_all_nodes(named_t) -corenet_udp_bind_all_nodes(named_t) +corenet_tcp_bind_generic_node(named_t) +corenet_udp_bind_generic_node(named_t) corenet_tcp_bind_dns_port(named_t) corenet_udp_bind_dns_port(named_t) corenet_tcp_bind_rndc_port(named_t) @@ -217,9 +217,9 @@ kernel_read_kernel_sysctls(ndc_t) corenet_all_recvfrom_unlabeled(ndc_t) corenet_all_recvfrom_netlabel(ndc_t) corenet_tcp_sendrecv_generic_if(ndc_t) -corenet_tcp_sendrecv_all_nodes(ndc_t) +corenet_tcp_sendrecv_generic_node(ndc_t) corenet_tcp_sendrecv_all_ports(ndc_t) -corenet_tcp_bind_all_nodes(ndc_t) +corenet_tcp_bind_generic_node(ndc_t) corenet_tcp_connect_rndc_port(ndc_t) corenet_sendrecv_rndc_client_packets(ndc_t) diff --git a/policy/modules/services/bitlbee.te b/policy/modules/services/bitlbee.te index 259a911..95e1cd4 100644 --- a/policy/modules/services/bitlbee.te +++ b/policy/modules/services/bitlbee.te @@ -1,5 +1,5 @@ -policy_module(bitlbee, 1.1.0) +policy_module(bitlbee, 1.1.1) ######################################## # @@ -49,10 +49,8 @@ files_var_lib_filetrans(bitlbee_t, bitlbee_var_t, file) corenet_all_recvfrom_unlabeled(bitlbee_t) corenet_udp_sendrecv_generic_if(bitlbee_t) corenet_udp_sendrecv_generic_node(bitlbee_t) -corenet_udp_sendrecv_lo_node(bitlbee_t) corenet_tcp_sendrecv_generic_if(bitlbee_t) corenet_tcp_sendrecv_generic_node(bitlbee_t) -corenet_tcp_sendrecv_lo_node(bitlbee_t) # Allow bitlbee to connect to jabber servers corenet_tcp_connect_jabber_client_port(bitlbee_t) corenet_tcp_sendrecv_jabber_client_port(bitlbee_t) diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te index ce3ca2a..227540b 100644 --- a/policy/modules/services/bluetooth.te +++ b/policy/modules/services/bluetooth.te @@ -1,5 +1,5 @@ -policy_module(bluetooth, 3.1.1) +policy_module(bluetooth, 3.1.2) ######################################## # @@ -99,9 +99,9 @@ corenet_all_recvfrom_netlabel(bluetooth_t) corenet_tcp_sendrecv_generic_if(bluetooth_t) corenet_udp_sendrecv_generic_if(bluetooth_t) corenet_raw_sendrecv_generic_if(bluetooth_t) -corenet_tcp_sendrecv_all_nodes(bluetooth_t) -corenet_udp_sendrecv_all_nodes(bluetooth_t) -corenet_raw_sendrecv_all_nodes(bluetooth_t) +corenet_tcp_sendrecv_generic_node(bluetooth_t) +corenet_udp_sendrecv_generic_node(bluetooth_t) +corenet_raw_sendrecv_generic_node(bluetooth_t) corenet_tcp_sendrecv_all_ports(bluetooth_t) corenet_udp_sendrecv_all_ports(bluetooth_t) diff --git a/policy/modules/services/canna.te b/policy/modules/services/canna.te index 9349125..856320b 100644 --- a/policy/modules/services/canna.te +++ b/policy/modules/services/canna.te @@ -1,5 +1,5 @@ -policy_module(canna, 1.9.1) +policy_module(canna, 1.9.2) ######################################## # @@ -53,7 +53,7 @@ kernel_read_system_state(canna_t) corenet_all_recvfrom_unlabeled(canna_t) corenet_all_recvfrom_netlabel(canna_t) corenet_tcp_sendrecv_generic_if(canna_t) -corenet_tcp_sendrecv_all_nodes(canna_t) +corenet_tcp_sendrecv_generic_node(canna_t) corenet_tcp_sendrecv_all_ports(canna_t) corenet_tcp_connect_all_ports(canna_t) corenet_sendrecv_all_client_packets(canna_t) diff --git a/policy/modules/services/ccs.te b/policy/modules/services/ccs.te index 2809078..069b77c 100644 --- a/policy/modules/services/ccs.te +++ b/policy/modules/services/ccs.te @@ -1,5 +1,5 @@ -policy_module(ccs, 1.3.1) +policy_module(ccs, 1.3.2) ######################################## # @@ -81,12 +81,12 @@ corenet_all_recvfrom_unlabeled(ccs_t) corenet_all_recvfrom_netlabel(ccs_t) corenet_tcp_sendrecv_generic_if(ccs_t) corenet_udp_sendrecv_generic_if(ccs_t) -corenet_tcp_sendrecv_all_nodes(ccs_t) -corenet_udp_sendrecv_all_nodes(ccs_t) +corenet_tcp_sendrecv_generic_node(ccs_t) +corenet_udp_sendrecv_generic_node(ccs_t) corenet_tcp_sendrecv_all_ports(ccs_t) corenet_udp_sendrecv_all_ports(ccs_t) -corenet_tcp_bind_all_nodes(ccs_t) -corenet_udp_bind_all_nodes(ccs_t) +corenet_tcp_bind_generic_node(ccs_t) +corenet_udp_bind_generic_node(ccs_t) corenet_tcp_bind_cluster_port(ccs_t) corenet_udp_bind_cluster_port(ccs_t) corenet_udp_bind_netsupport_port(ccs_t) diff --git a/policy/modules/services/cipe.te b/policy/modules/services/cipe.te index 9fa0736..f52c563 100644 --- a/policy/modules/services/cipe.te +++ b/policy/modules/services/cipe.te @@ -1,5 +1,5 @@ -policy_module(cipe, 1.4.0) +policy_module(cipe, 1.4.1) ######################################## # @@ -32,9 +32,9 @@ corecmd_exec_bin(ciped_t) corenet_all_recvfrom_unlabeled(ciped_t) corenet_all_recvfrom_netlabel(ciped_t) corenet_udp_sendrecv_generic_if(ciped_t) -corenet_udp_sendrecv_all_nodes(ciped_t) +corenet_udp_sendrecv_generic_node(ciped_t) corenet_udp_sendrecv_all_ports(ciped_t) -corenet_udp_bind_all_nodes(ciped_t) +corenet_udp_bind_generic_node(ciped_t) # cipe uses the afs3-bos port (udp 7007) corenet_udp_bind_afs_bos_port(ciped_t) corenet_sendrecv_afs_bos_server_packets(ciped_t) diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te index 5557c40..904098a 100644 --- a/policy/modules/services/clamav.te +++ b/policy/modules/services/clamav.te @@ -1,5 +1,5 @@ -policy_module(clamav, 1.6.1) +policy_module(clamav, 1.6.2) ######################################## # @@ -91,10 +91,10 @@ kernel_read_kernel_sysctls(clamd_t) corenet_all_recvfrom_unlabeled(clamd_t) corenet_all_recvfrom_netlabel(clamd_t) corenet_tcp_sendrecv_generic_if(clamd_t) -corenet_tcp_sendrecv_all_nodes(clamd_t) +corenet_tcp_sendrecv_generic_node(clamd_t) corenet_tcp_sendrecv_all_ports(clamd_t) corenet_tcp_sendrecv_clamd_port(clamd_t) -corenet_tcp_bind_all_nodes(clamd_t) +corenet_tcp_bind_generic_node(clamd_t) corenet_tcp_bind_clamd_port(clamd_t) corenet_sendrecv_clamd_server_packets(clamd_t) @@ -158,7 +158,7 @@ logging_log_filetrans(freshclam_t, freshclam_var_log_t, file) corenet_all_recvfrom_unlabeled(freshclam_t) corenet_all_recvfrom_netlabel(freshclam_t) corenet_tcp_sendrecv_generic_if(freshclam_t) -corenet_tcp_sendrecv_all_nodes(freshclam_t) +corenet_tcp_sendrecv_generic_node(freshclam_t) corenet_tcp_sendrecv_all_ports(freshclam_t) corenet_tcp_sendrecv_clamd_port(freshclam_t) corenet_tcp_connect_http_port(freshclam_t) diff --git a/policy/modules/services/clockspeed.te b/policy/modules/services/clockspeed.te index 6ab46a5..31d124a 100644 --- a/policy/modules/services/clockspeed.te +++ b/policy/modules/services/clockspeed.te @@ -1,5 +1,5 @@ -policy_module(clockspeed, 1.4.0) +policy_module(clockspeed, 1.4.1) ######################################## # @@ -59,7 +59,7 @@ corenet_all_recvfrom_netlabel(clockspeed_srv_t) corenet_udp_sendrecv_generic_if(clockspeed_srv_t) corenet_udp_sendrecv_generic_node(clockspeed_srv_t) corenet_udp_sendrecv_ntp_port(clockspeed_srv_t) -corenet_udp_bind_all_nodes(clockspeed_srv_t) +corenet_udp_bind_generic_node(clockspeed_srv_t) corenet_udp_bind_clockspeed_port(clockspeed_srv_t) corenet_sendrecv_clockspeed_server_packets(clockspeed_srv_t) diff --git a/policy/modules/services/comsat.te b/policy/modules/services/comsat.te index fd1c037..7933a9b 100644 --- a/policy/modules/services/comsat.te +++ b/policy/modules/services/comsat.te @@ -1,5 +1,5 @@ -policy_module(comsat, 1.6.1) +policy_module(comsat, 1.6.2) ######################################## # @@ -44,8 +44,8 @@ corenet_all_recvfrom_unlabeled(comsat_t) corenet_all_recvfrom_netlabel(comsat_t) corenet_tcp_sendrecv_generic_if(comsat_t) corenet_udp_sendrecv_generic_if(comsat_t) -corenet_tcp_sendrecv_all_nodes(comsat_t) -corenet_udp_sendrecv_all_nodes(comsat_t) +corenet_tcp_sendrecv_generic_node(comsat_t) +corenet_udp_sendrecv_generic_node(comsat_t) corenet_udp_sendrecv_all_ports(comsat_t) dev_read_urand(comsat_t) diff --git a/policy/modules/services/courier.if b/policy/modules/services/courier.if index f78a09f..9354611 100644 --- a/policy/modules/services/courier.if +++ b/policy/modules/services/courier.if @@ -52,8 +52,8 @@ template(`courier_domain_template',` corenet_all_recvfrom_netlabel(courier_$1_t) corenet_tcp_sendrecv_generic_if(courier_$1_t) corenet_udp_sendrecv_generic_if(courier_$1_t) - corenet_tcp_sendrecv_all_nodes(courier_$1_t) - corenet_udp_sendrecv_all_nodes(courier_$1_t) + corenet_tcp_sendrecv_generic_node(courier_$1_t) + corenet_udp_sendrecv_generic_node(courier_$1_t) corenet_tcp_sendrecv_all_ports(courier_$1_t) corenet_udp_sendrecv_all_ports(courier_$1_t) diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te index f50b6f0..449459a 100644 --- a/policy/modules/services/courier.te +++ b/policy/modules/services/courier.te @@ -1,5 +1,5 @@ -policy_module(courier, 1.7.0) +policy_module(courier, 1.7.1) ######################################## # @@ -123,7 +123,7 @@ files_search_var_lib(courier_tcpd_t) corecmd_search_bin(courier_tcpd_t) -corenet_tcp_bind_all_nodes(courier_tcpd_t) +corenet_tcp_bind_generic_node(courier_tcpd_t) corenet_tcp_bind_pop_port(courier_tcpd_t) corenet_sendrecv_pop_server_packets(courier_tcpd_t) diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te index b48768c..9b0d6cc 100644 --- a/policy/modules/services/cron.te +++ b/policy/modules/services/cron.te @@ -1,5 +1,5 @@ -policy_module(cron, 2.0.1) +policy_module(cron, 2.0.2) gen_require(` class passwd rootok; @@ -331,8 +331,8 @@ corenet_all_recvfrom_unlabeled(system_cronjob_t) corenet_all_recvfrom_netlabel(system_cronjob_t) corenet_tcp_sendrecv_generic_if(system_cronjob_t) corenet_udp_sendrecv_generic_if(system_cronjob_t) -corenet_tcp_sendrecv_all_nodes(system_cronjob_t) -corenet_udp_sendrecv_all_nodes(system_cronjob_t) +corenet_tcp_sendrecv_generic_node(system_cronjob_t) +corenet_udp_sendrecv_generic_node(system_cronjob_t) corenet_tcp_sendrecv_all_ports(system_cronjob_t) corenet_udp_sendrecv_all_ports(system_cronjob_t) @@ -522,8 +522,8 @@ corenet_all_recvfrom_unlabeled(cronjob_t) corenet_all_recvfrom_netlabel(cronjob_t) corenet_tcp_sendrecv_generic_if(cronjob_t) corenet_udp_sendrecv_generic_if(cronjob_t) -corenet_tcp_sendrecv_all_nodes(cronjob_t) -corenet_udp_sendrecv_all_nodes(cronjob_t) +corenet_tcp_sendrecv_generic_node(cronjob_t) +corenet_udp_sendrecv_generic_node(cronjob_t) corenet_tcp_sendrecv_all_ports(cronjob_t) corenet_udp_sendrecv_all_ports(cronjob_t) corenet_tcp_connect_all_ports(cronjob_t) diff --git a/policy/modules/services/cups.te b/policy/modules/services/cups.te index e12d217..96a0f04 100644 --- a/policy/modules/services/cups.te +++ b/policy/modules/services/cups.te @@ -1,5 +1,5 @@ -policy_module(cups, 1.12.1) +policy_module(cups, 1.12.2) ######################################## # @@ -137,13 +137,13 @@ corenet_all_recvfrom_netlabel(cupsd_t) corenet_tcp_sendrecv_generic_if(cupsd_t) corenet_udp_sendrecv_generic_if(cupsd_t) corenet_raw_sendrecv_generic_if(cupsd_t) -corenet_tcp_sendrecv_all_nodes(cupsd_t) -corenet_udp_sendrecv_all_nodes(cupsd_t) -corenet_raw_sendrecv_all_nodes(cupsd_t) +corenet_tcp_sendrecv_generic_node(cupsd_t) +corenet_udp_sendrecv_generic_node(cupsd_t) +corenet_raw_sendrecv_generic_node(cupsd_t) corenet_tcp_sendrecv_all_ports(cupsd_t) corenet_udp_sendrecv_all_ports(cupsd_t) -corenet_tcp_bind_all_nodes(cupsd_t) -corenet_udp_bind_all_nodes(cupsd_t) +corenet_tcp_bind_generic_node(cupsd_t) +corenet_udp_bind_generic_node(cupsd_t) corenet_tcp_bind_ipp_port(cupsd_t) corenet_udp_bind_ipp_port(cupsd_t) corenet_tcp_bind_reserved_port(cupsd_t) @@ -316,7 +316,7 @@ kernel_read_kernel_sysctls(cupsd_config_t) corenet_all_recvfrom_unlabeled(cupsd_config_t) corenet_all_recvfrom_netlabel(cupsd_config_t) corenet_tcp_sendrecv_generic_if(cupsd_config_t) -corenet_tcp_sendrecv_all_nodes(cupsd_config_t) +corenet_tcp_sendrecv_generic_node(cupsd_config_t) corenet_tcp_sendrecv_all_ports(cupsd_config_t) corenet_tcp_connect_all_ports(cupsd_config_t) corenet_sendrecv_all_client_packets(cupsd_config_t) @@ -447,12 +447,12 @@ corenet_all_recvfrom_unlabeled(cupsd_lpd_t) corenet_all_recvfrom_netlabel(cupsd_lpd_t) corenet_tcp_sendrecv_generic_if(cupsd_lpd_t) corenet_udp_sendrecv_generic_if(cupsd_lpd_t) -corenet_tcp_sendrecv_all_nodes(cupsd_lpd_t) -corenet_udp_sendrecv_all_nodes(cupsd_lpd_t) +corenet_tcp_sendrecv_generic_node(cupsd_lpd_t) +corenet_udp_sendrecv_generic_node(cupsd_lpd_t) corenet_tcp_sendrecv_all_ports(cupsd_lpd_t) corenet_udp_sendrecv_all_ports(cupsd_lpd_t) -corenet_tcp_bind_all_nodes(cupsd_lpd_t) -corenet_udp_bind_all_nodes(cupsd_lpd_t) +corenet_tcp_bind_generic_node(cupsd_lpd_t) +corenet_udp_bind_generic_node(cupsd_lpd_t) corenet_tcp_connect_ipp_port(cupsd_lpd_t) dev_read_urand(cupsd_lpd_t) @@ -511,13 +511,13 @@ corenet_all_recvfrom_netlabel(hplip_t) corenet_tcp_sendrecv_generic_if(hplip_t) corenet_udp_sendrecv_generic_if(hplip_t) corenet_raw_sendrecv_generic_if(hplip_t) -corenet_tcp_sendrecv_all_nodes(hplip_t) -corenet_udp_sendrecv_all_nodes(hplip_t) -corenet_raw_sendrecv_all_nodes(hplip_t) +corenet_tcp_sendrecv_generic_node(hplip_t) +corenet_udp_sendrecv_generic_node(hplip_t) +corenet_raw_sendrecv_generic_node(hplip_t) corenet_tcp_sendrecv_all_ports(hplip_t) corenet_udp_sendrecv_all_ports(hplip_t) -corenet_tcp_bind_all_nodes(hplip_t) -corenet_udp_bind_all_nodes(hplip_t) +corenet_tcp_bind_generic_node(hplip_t) +corenet_udp_bind_generic_node(hplip_t) corenet_tcp_bind_hplip_port(hplip_t) corenet_tcp_connect_hplip_port(hplip_t) corenet_tcp_connect_ipp_port(hplip_t) @@ -602,9 +602,9 @@ kernel_read_proc_symlinks(ptal_t) corenet_all_recvfrom_unlabeled(ptal_t) corenet_all_recvfrom_netlabel(ptal_t) corenet_tcp_sendrecv_generic_if(ptal_t) -corenet_tcp_sendrecv_all_nodes(ptal_t) +corenet_tcp_sendrecv_generic_node(ptal_t) corenet_tcp_sendrecv_all_ports(ptal_t) -corenet_tcp_bind_all_nodes(ptal_t) +corenet_tcp_bind_generic_node(ptal_t) corenet_tcp_bind_ptal_port(ptal_t) dev_read_sysfs(ptal_t) diff --git a/policy/modules/services/cvs.te b/policy/modules/services/cvs.te index b45cb3a..09b9969 100644 --- a/policy/modules/services/cvs.te +++ b/policy/modules/services/cvs.te @@ -1,5 +1,5 @@ -policy_module(cvs, 1.7.1) +policy_module(cvs, 1.7.2) ######################################## # @@ -62,8 +62,8 @@ corenet_all_recvfrom_unlabeled(cvs_t) corenet_all_recvfrom_netlabel(cvs_t) corenet_tcp_sendrecv_generic_if(cvs_t) corenet_udp_sendrecv_generic_if(cvs_t) -corenet_tcp_sendrecv_all_nodes(cvs_t) -corenet_udp_sendrecv_all_nodes(cvs_t) +corenet_tcp_sendrecv_generic_node(cvs_t) +corenet_udp_sendrecv_generic_node(cvs_t) corenet_tcp_sendrecv_all_ports(cvs_t) corenet_udp_sendrecv_all_ports(cvs_t) diff --git a/policy/modules/services/cyphesis.te b/policy/modules/services/cyphesis.te index 3c5b018..8f02eb5 100644 --- a/policy/modules/services/cyphesis.te +++ b/policy/modules/services/cyphesis.te @@ -1,5 +1,5 @@ -policy_module(cyphesis, 1.1.0) +policy_module(cyphesis, 1.1.1) ######################################## # @@ -50,9 +50,9 @@ corecmd_getattr_bin_files(cyphesis_t) corenet_all_recvfrom_unlabeled(cyphesis_t) corenet_tcp_sendrecv_generic_if(cyphesis_t) -corenet_tcp_sendrecv_all_nodes(cyphesis_t) +corenet_tcp_sendrecv_generic_node(cyphesis_t) corenet_tcp_sendrecv_all_ports(cyphesis_t) -corenet_tcp_bind_all_nodes(cyphesis_t) +corenet_tcp_bind_generic_node(cyphesis_t) corenet_tcp_bind_cyphesis_port(cyphesis_t) corenet_sendrecv_cyphesis_server_packets(cyphesis_t) diff --git a/policy/modules/services/cyrus.te b/policy/modules/services/cyrus.te index b802fdf..278309d 100644 --- a/policy/modules/services/cyrus.te +++ b/policy/modules/services/cyrus.te @@ -1,5 +1,5 @@ -policy_module(cyrus, 1.8.1) +policy_module(cyrus, 1.8.2) ######################################## # @@ -67,11 +67,11 @@ corenet_all_recvfrom_unlabeled(cyrus_t) corenet_all_recvfrom_netlabel(cyrus_t) corenet_tcp_sendrecv_generic_if(cyrus_t) corenet_udp_sendrecv_generic_if(cyrus_t) -corenet_tcp_sendrecv_all_nodes(cyrus_t) -corenet_udp_sendrecv_all_nodes(cyrus_t) +corenet_tcp_sendrecv_generic_node(cyrus_t) +corenet_udp_sendrecv_generic_node(cyrus_t) corenet_tcp_sendrecv_all_ports(cyrus_t) corenet_udp_sendrecv_all_ports(cyrus_t) -corenet_tcp_bind_all_nodes(cyrus_t) +corenet_tcp_bind_generic_node(cyrus_t) corenet_tcp_bind_mail_port(cyrus_t) corenet_tcp_bind_lmtp_port(cyrus_t) corenet_tcp_bind_pop_port(cyrus_t) diff --git a/policy/modules/services/dante.te b/policy/modules/services/dante.te index b4aa7af..9b4d086 100644 --- a/policy/modules/services/dante.te +++ b/policy/modules/services/dante.te @@ -1,5 +1,5 @@ -policy_module(dante, 1.6.0) +policy_module(dante, 1.6.1) ######################################## # @@ -42,11 +42,11 @@ corenet_all_recvfrom_unlabeled(dante_t) corenet_all_recvfrom_netlabel(dante_t) corenet_tcp_sendrecv_generic_if(dante_t) corenet_udp_sendrecv_generic_if(dante_t) -corenet_tcp_sendrecv_all_nodes(dante_t) -corenet_udp_sendrecv_all_nodes(dante_t) +corenet_tcp_sendrecv_generic_node(dante_t) +corenet_udp_sendrecv_generic_node(dante_t) corenet_tcp_sendrecv_all_ports(dante_t) corenet_udp_sendrecv_all_ports(dante_t) -corenet_tcp_bind_all_nodes(dante_t) +corenet_tcp_bind_generic_node(dante_t) #TODO: no portcons for this type #allow dante_t socks_port_t:tcp_socket name_bind; diff --git a/policy/modules/services/dbskk.te b/policy/modules/services/dbskk.te index b6b1696..419f4bb 100644 --- a/policy/modules/services/dbskk.te +++ b/policy/modules/services/dbskk.te @@ -1,5 +1,5 @@ -policy_module(dbskk, 1.4.1) +policy_module(dbskk, 1.4.2) ######################################## # @@ -52,8 +52,8 @@ corenet_all_recvfrom_unlabeled(dbskkd_t) corenet_all_recvfrom_netlabel(dbskkd_t) corenet_tcp_sendrecv_generic_if(dbskkd_t) corenet_udp_sendrecv_generic_if(dbskkd_t) -corenet_tcp_sendrecv_all_nodes(dbskkd_t) -corenet_udp_sendrecv_all_nodes(dbskkd_t) +corenet_tcp_sendrecv_generic_node(dbskkd_t) +corenet_udp_sendrecv_generic_node(dbskkd_t) corenet_tcp_sendrecv_all_ports(dbskkd_t) corenet_udp_sendrecv_all_ports(dbskkd_t) diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if index 199f47c..729f32a 100644 --- a/policy/modules/services/dbus.if +++ b/policy/modules/services/dbus.if @@ -109,9 +109,9 @@ template(`dbus_role_template',` corenet_all_recvfrom_unlabeled($1_dbusd_t) corenet_all_recvfrom_netlabel($1_dbusd_t) corenet_tcp_sendrecv_generic_if($1_dbusd_t) - corenet_tcp_sendrecv_all_nodes($1_dbusd_t) + corenet_tcp_sendrecv_generic_node($1_dbusd_t) corenet_tcp_sendrecv_all_ports($1_dbusd_t) - corenet_tcp_bind_all_nodes($1_dbusd_t) + corenet_tcp_bind_generic_node($1_dbusd_t) corenet_tcp_bind_reserved_port($1_dbusd_t) dev_read_urand($1_dbusd_t) diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te index c073fd0..3e06c73 100644 --- a/policy/modules/services/dbus.te +++ b/policy/modules/services/dbus.te @@ -1,5 +1,5 @@ -policy_module(dbus, 1.10.1) +policy_module(dbus, 1.10.2) gen_require(` class dbus all_dbus_perms; diff --git a/policy/modules/services/dcc.te b/policy/modules/services/dcc.te index 8a1e4dd..73cbeb8 100644 --- a/policy/modules/services/dcc.te +++ b/policy/modules/services/dcc.te @@ -1,5 +1,5 @@ -policy_module(dcc, 1.7.0) +policy_module(dcc, 1.7.1) ######################################## # @@ -99,7 +99,7 @@ read_lnk_files_pattern(cdcc_t, dcc_var_t, dcc_var_t) corenet_all_recvfrom_unlabeled(cdcc_t) corenet_all_recvfrom_netlabel(cdcc_t) corenet_udp_sendrecv_generic_if(cdcc_t) -corenet_udp_sendrecv_all_nodes(cdcc_t) +corenet_udp_sendrecv_generic_node(cdcc_t) corenet_udp_sendrecv_all_ports(cdcc_t) files_read_etc_files(cdcc_t) @@ -138,7 +138,7 @@ kernel_read_system_state(dcc_client_t) corenet_all_recvfrom_unlabeled(dcc_client_t) corenet_all_recvfrom_netlabel(dcc_client_t) corenet_udp_sendrecv_generic_if(dcc_client_t) -corenet_udp_sendrecv_all_nodes(dcc_client_t) +corenet_udp_sendrecv_generic_node(dcc_client_t) corenet_udp_sendrecv_all_ports(dcc_client_t) files_read_etc_files(dcc_client_t) @@ -179,7 +179,7 @@ kernel_read_system_state(dcc_dbclean_t) corenet_all_recvfrom_unlabeled(dcc_dbclean_t) corenet_all_recvfrom_netlabel(dcc_dbclean_t) corenet_udp_sendrecv_generic_if(dcc_dbclean_t) -corenet_udp_sendrecv_all_nodes(dcc_dbclean_t) +corenet_udp_sendrecv_generic_node(dcc_dbclean_t) corenet_udp_sendrecv_all_ports(dcc_dbclean_t) files_read_etc_files(dcc_dbclean_t) @@ -234,9 +234,9 @@ kernel_read_kernel_sysctls(dccd_t) corenet_all_recvfrom_unlabeled(dccd_t) corenet_all_recvfrom_netlabel(dccd_t) corenet_udp_sendrecv_generic_if(dccd_t) -corenet_udp_sendrecv_all_nodes(dccd_t) +corenet_udp_sendrecv_generic_node(dccd_t) corenet_udp_sendrecv_all_ports(dccd_t) -corenet_udp_bind_all_nodes(dccd_t) +corenet_udp_bind_generic_node(dccd_t) corenet_udp_bind_dcc_port(dccd_t) corenet_sendrecv_dcc_server_packets(dccd_t) @@ -302,7 +302,7 @@ kernel_read_kernel_sysctls(dccifd_t) corenet_all_recvfrom_unlabeled(dccifd_t) corenet_all_recvfrom_netlabel(dccifd_t) corenet_udp_sendrecv_generic_if(dccifd_t) -corenet_udp_sendrecv_all_nodes(dccifd_t) +corenet_udp_sendrecv_generic_node(dccifd_t) corenet_udp_sendrecv_all_ports(dccifd_t) dev_read_sysfs(dccifd_t) @@ -366,7 +366,7 @@ kernel_read_kernel_sysctls(dccm_t) corenet_all_recvfrom_unlabeled(dccm_t) corenet_all_recvfrom_netlabel(dccm_t) corenet_udp_sendrecv_generic_if(dccm_t) -corenet_udp_sendrecv_all_nodes(dccm_t) +corenet_udp_sendrecv_generic_node(dccm_t) corenet_udp_sendrecv_all_ports(dccm_t) dev_read_sysfs(dccm_t) diff --git a/policy/modules/services/ddclient.te b/policy/modules/services/ddclient.te index ea95c1b..60430a4 100644 --- a/policy/modules/services/ddclient.te +++ b/policy/modules/services/ddclient.te @@ -1,5 +1,5 @@ -policy_module(ddclient, 1.7.0) +policy_module(ddclient, 1.7.1) ######################################## # @@ -71,8 +71,8 @@ corenet_all_recvfrom_unlabeled(ddclient_t) corenet_all_recvfrom_netlabel(ddclient_t) corenet_tcp_sendrecv_generic_if(ddclient_t) corenet_udp_sendrecv_generic_if(ddclient_t) -corenet_tcp_sendrecv_all_nodes(ddclient_t) -corenet_udp_sendrecv_all_nodes(ddclient_t) +corenet_tcp_sendrecv_generic_node(ddclient_t) +corenet_udp_sendrecv_generic_node(ddclient_t) corenet_tcp_sendrecv_all_ports(ddclient_t) corenet_udp_sendrecv_all_ports(ddclient_t) corenet_tcp_connect_all_ports(ddclient_t) diff --git a/policy/modules/services/dhcp.te b/policy/modules/services/dhcp.te index 0003244..2ea4bfb 100644 --- a/policy/modules/services/dhcp.te +++ b/policy/modules/services/dhcp.te @@ -1,5 +1,5 @@ -policy_module(dhcp, 1.7.1) +policy_module(dhcp, 1.7.2) ######################################## # @@ -60,13 +60,13 @@ corenet_all_recvfrom_netlabel(dhcpd_t) corenet_tcp_sendrecv_generic_if(dhcpd_t) corenet_udp_sendrecv_generic_if(dhcpd_t) corenet_raw_sendrecv_generic_if(dhcpd_t) -corenet_tcp_sendrecv_all_nodes(dhcpd_t) -corenet_udp_sendrecv_all_nodes(dhcpd_t) -corenet_raw_sendrecv_all_nodes(dhcpd_t) +corenet_tcp_sendrecv_generic_node(dhcpd_t) +corenet_udp_sendrecv_generic_node(dhcpd_t) +corenet_raw_sendrecv_generic_node(dhcpd_t) corenet_tcp_sendrecv_all_ports(dhcpd_t) corenet_udp_sendrecv_all_ports(dhcpd_t) -corenet_tcp_bind_all_nodes(dhcpd_t) -corenet_udp_bind_all_nodes(dhcpd_t) +corenet_tcp_bind_generic_node(dhcpd_t) +corenet_udp_bind_generic_node(dhcpd_t) corenet_tcp_bind_dhcpd_port(dhcpd_t) corenet_udp_bind_dhcpd_port(dhcpd_t) corenet_udp_bind_pxe_port(dhcpd_t) diff --git a/policy/modules/services/dictd.te b/policy/modules/services/dictd.te index e3d9994..daf6471 100644 --- a/policy/modules/services/dictd.te +++ b/policy/modules/services/dictd.te @@ -1,5 +1,5 @@ -policy_module(dictd, 1.6.1) +policy_module(dictd, 1.6.2) ######################################## # @@ -51,12 +51,12 @@ corenet_all_recvfrom_netlabel(dictd_t) corenet_tcp_sendrecv_generic_if(dictd_t) corenet_raw_sendrecv_generic_if(dictd_t) corenet_udp_sendrecv_generic_if(dictd_t) -corenet_tcp_sendrecv_all_nodes(dictd_t) -corenet_udp_sendrecv_all_nodes(dictd_t) -corenet_raw_sendrecv_all_nodes(dictd_t) +corenet_tcp_sendrecv_generic_node(dictd_t) +corenet_udp_sendrecv_generic_node(dictd_t) +corenet_raw_sendrecv_generic_node(dictd_t) corenet_tcp_sendrecv_all_ports(dictd_t) corenet_udp_sendrecv_all_ports(dictd_t) -corenet_tcp_bind_all_nodes(dictd_t) +corenet_tcp_bind_generic_node(dictd_t) corenet_tcp_bind_dict_port(dictd_t) corenet_sendrecv_dict_server_packets(dictd_t) diff --git a/policy/modules/services/distcc.te b/policy/modules/services/distcc.te index f47348b..c64ec27 100644 --- a/policy/modules/services/distcc.te +++ b/policy/modules/services/distcc.te @@ -1,5 +1,5 @@ -policy_module(distcc, 1.7.1) +policy_module(distcc, 1.7.2) ######################################## # @@ -49,11 +49,11 @@ corenet_all_recvfrom_unlabeled(distccd_t) corenet_all_recvfrom_netlabel(distccd_t) corenet_tcp_sendrecv_generic_if(distccd_t) corenet_udp_sendrecv_generic_if(distccd_t) -corenet_tcp_sendrecv_all_nodes(distccd_t) -corenet_udp_sendrecv_all_nodes(distccd_t) +corenet_tcp_sendrecv_generic_node(distccd_t) +corenet_udp_sendrecv_generic_node(distccd_t) corenet_tcp_sendrecv_all_ports(distccd_t) corenet_udp_sendrecv_all_ports(distccd_t) -corenet_tcp_bind_all_nodes(distccd_t) +corenet_tcp_bind_generic_node(distccd_t) corenet_tcp_bind_distccd_port(distccd_t) corenet_sendrecv_distccd_server_packets(distccd_t) diff --git a/policy/modules/services/djbdns.if b/policy/modules/services/djbdns.if index c4c8002..00f84bb 100644 --- a/policy/modules/services/djbdns.if +++ b/policy/modules/services/djbdns.if @@ -36,12 +36,12 @@ template(`djbdns_daemontools_domain_template',` corenet_all_recvfrom_netlabel(djbdns_$1_t) corenet_tcp_sendrecv_generic_if(djbdns_$1_t) corenet_udp_sendrecv_generic_if(djbdns_$1_t) - corenet_tcp_sendrecv_all_nodes(djbdns_$1_t) - corenet_udp_sendrecv_all_nodes(djbdns_$1_t) + corenet_tcp_sendrecv_generic_node(djbdns_$1_t) + corenet_udp_sendrecv_generic_node(djbdns_$1_t) corenet_tcp_sendrecv_all_ports(djbdns_$1_t) corenet_udp_sendrecv_all_ports(djbdns_$1_t) - corenet_tcp_bind_all_nodes(djbdns_$1_t) - corenet_udp_bind_all_nodes(djbdns_$1_t) + corenet_tcp_bind_generic_node(djbdns_$1_t) + corenet_udp_bind_generic_node(djbdns_$1_t) corenet_tcp_bind_dns_port(djbdns_$1_t) corenet_udp_bind_dns_port(djbdns_$1_t) corenet_udp_bind_generic_port(djbdns_$1_t) diff --git a/policy/modules/services/djbdns.te b/policy/modules/services/djbdns.te index ec4311e..3fbbf18 100644 --- a/policy/modules/services/djbdns.te +++ b/policy/modules/services/djbdns.te @@ -1,5 +1,5 @@ -policy_module(djbdns, 1.2.1) +policy_module(djbdns, 1.2.2) ######################################## # diff --git a/policy/modules/services/dnsmasq.te b/policy/modules/services/dnsmasq.te index a508107..26f8ba3 100644 --- a/policy/modules/services/dnsmasq.te +++ b/policy/modules/services/dnsmasq.te @@ -1,5 +1,5 @@ -policy_module(dnsmasq, 1.7.0) +policy_module(dnsmasq, 1.7.1) ######################################## # @@ -50,13 +50,13 @@ corenet_all_recvfrom_netlabel(dnsmasq_t) corenet_tcp_sendrecv_generic_if(dnsmasq_t) corenet_udp_sendrecv_generic_if(dnsmasq_t) corenet_raw_sendrecv_generic_if(dnsmasq_t) -corenet_tcp_sendrecv_all_nodes(dnsmasq_t) -corenet_udp_sendrecv_all_nodes(dnsmasq_t) -corenet_raw_sendrecv_all_nodes(dnsmasq_t) +corenet_tcp_sendrecv_generic_node(dnsmasq_t) +corenet_udp_sendrecv_generic_node(dnsmasq_t) +corenet_raw_sendrecv_generic_node(dnsmasq_t) corenet_tcp_sendrecv_all_ports(dnsmasq_t) corenet_udp_sendrecv_all_ports(dnsmasq_t) -corenet_tcp_bind_all_nodes(dnsmasq_t) -corenet_udp_bind_all_nodes(dnsmasq_t) +corenet_tcp_bind_generic_node(dnsmasq_t) +corenet_udp_bind_generic_node(dnsmasq_t) corenet_tcp_bind_dns_port(dnsmasq_t) corenet_udp_bind_all_ports(dnsmasq_t) corenet_sendrecv_dns_server_packets(dnsmasq_t) diff --git a/policy/modules/services/dovecot.te b/policy/modules/services/dovecot.te index 7eab6c1..fd1eaef 100644 --- a/policy/modules/services/dovecot.te +++ b/policy/modules/services/dovecot.te @@ -1,5 +1,5 @@ -policy_module(dovecot, 1.10.1) +policy_module(dovecot, 1.10.2) ######################################## # @@ -72,9 +72,9 @@ kernel_read_system_state(dovecot_t) corenet_all_recvfrom_unlabeled(dovecot_t) corenet_all_recvfrom_netlabel(dovecot_t) corenet_tcp_sendrecv_generic_if(dovecot_t) -corenet_tcp_sendrecv_all_nodes(dovecot_t) +corenet_tcp_sendrecv_generic_node(dovecot_t) corenet_tcp_sendrecv_all_ports(dovecot_t) -corenet_tcp_bind_all_nodes(dovecot_t) +corenet_tcp_bind_generic_node(dovecot_t) corenet_tcp_bind_pop_port(dovecot_t) corenet_tcp_connect_all_ports(dovecot_t) corenet_tcp_connect_postgresql_port(dovecot_t) diff --git a/policy/modules/services/exim.te b/policy/modules/services/exim.te index baaa887..0c03c52 100644 --- a/policy/modules/services/exim.te +++ b/policy/modules/services/exim.te @@ -1,5 +1,5 @@ -policy_module(exim, 1.3.1) +policy_module(exim, 1.3.2) ######################################## # @@ -73,9 +73,9 @@ corecmd_search_bin(exim_t) corenet_all_recvfrom_unlabeled(exim_t) corenet_tcp_sendrecv_generic_if(exim_t) -corenet_tcp_sendrecv_all_nodes(exim_t) +corenet_tcp_sendrecv_generic_node(exim_t) corenet_tcp_sendrecv_all_ports(exim_t) -corenet_tcp_bind_all_nodes(exim_t) +corenet_tcp_bind_generic_node(exim_t) corenet_tcp_bind_smtp_port(exim_t) corenet_tcp_bind_amavisd_send_port(exim_t) corenet_tcp_connect_auth_port(exim_t) diff --git a/policy/modules/services/fail2ban.te b/policy/modules/services/fail2ban.te index c6fef98..a9cde01 100644 --- a/policy/modules/services/fail2ban.te +++ b/policy/modules/services/fail2ban.te @@ -1,5 +1,5 @@ -policy_module(fail2ban, 1.2.0) +policy_module(fail2ban, 1.2.1) ######################################## # @@ -50,7 +50,7 @@ corecmd_exec_shell(fail2ban_t) corenet_all_recvfrom_unlabeled(fail2ban_t) corenet_all_recvfrom_netlabel(fail2ban_t) corenet_tcp_sendrecv_generic_if(fail2ban_t) -corenet_tcp_sendrecv_all_nodes(fail2ban_t) +corenet_tcp_sendrecv_generic_node(fail2ban_t) corenet_tcp_sendrecv_all_ports(fail2ban_t) corenet_tcp_connect_whois_port(fail2ban_t) corenet_sendrecv_whois_client_packets(fail2ban_t) diff --git a/policy/modules/services/fetchmail.te b/policy/modules/services/fetchmail.te index 68894f1..af3947a 100644 --- a/policy/modules/services/fetchmail.te +++ b/policy/modules/services/fetchmail.te @@ -1,5 +1,5 @@ -policy_module(fetchmail, 1.8.0) +policy_module(fetchmail, 1.8.1) ######################################## # @@ -50,8 +50,8 @@ corenet_all_recvfrom_unlabeled(fetchmail_t) corenet_all_recvfrom_netlabel(fetchmail_t) corenet_tcp_sendrecv_generic_if(fetchmail_t) corenet_udp_sendrecv_generic_if(fetchmail_t) -corenet_tcp_sendrecv_all_nodes(fetchmail_t) -corenet_udp_sendrecv_all_nodes(fetchmail_t) +corenet_tcp_sendrecv_generic_node(fetchmail_t) +corenet_udp_sendrecv_generic_node(fetchmail_t) corenet_tcp_sendrecv_dns_port(fetchmail_t) corenet_udp_sendrecv_dns_port(fetchmail_t) corenet_tcp_sendrecv_pop_port(fetchmail_t) diff --git a/policy/modules/services/finger.te b/policy/modules/services/finger.te index 558f74a..5387040 100644 --- a/policy/modules/services/finger.te +++ b/policy/modules/services/finger.te @@ -1,5 +1,5 @@ -policy_module(finger, 1.8.1) +policy_module(finger, 1.8.2) ######################################## # @@ -51,11 +51,11 @@ corenet_all_recvfrom_unlabeled(fingerd_t) corenet_all_recvfrom_netlabel(fingerd_t) corenet_tcp_sendrecv_generic_if(fingerd_t) corenet_udp_sendrecv_generic_if(fingerd_t) -corenet_tcp_sendrecv_all_nodes(fingerd_t) -corenet_udp_sendrecv_all_nodes(fingerd_t) +corenet_tcp_sendrecv_generic_node(fingerd_t) +corenet_udp_sendrecv_generic_node(fingerd_t) corenet_tcp_sendrecv_all_ports(fingerd_t) corenet_udp_sendrecv_all_ports(fingerd_t) -corenet_tcp_bind_all_nodes(fingerd_t) +corenet_tcp_bind_generic_node(fingerd_t) corenet_tcp_bind_fingerd_port(fingerd_t) dev_read_sysfs(fingerd_t) diff --git a/policy/modules/services/ftp.te b/policy/modules/services/ftp.te index bb63bda..a8b00fd 100644 --- a/policy/modules/services/ftp.te +++ b/policy/modules/services/ftp.te @@ -1,5 +1,5 @@ -policy_module(ftp, 1.10.1) +policy_module(ftp, 1.10.2) ######################################## # @@ -138,11 +138,11 @@ corenet_all_recvfrom_unlabeled(ftpd_t) corenet_all_recvfrom_netlabel(ftpd_t) corenet_tcp_sendrecv_generic_if(ftpd_t) corenet_udp_sendrecv_generic_if(ftpd_t) -corenet_tcp_sendrecv_all_nodes(ftpd_t) -corenet_udp_sendrecv_all_nodes(ftpd_t) +corenet_tcp_sendrecv_generic_node(ftpd_t) +corenet_udp_sendrecv_generic_node(ftpd_t) corenet_tcp_sendrecv_all_ports(ftpd_t) corenet_udp_sendrecv_all_ports(ftpd_t) -corenet_tcp_bind_all_nodes(ftpd_t) +corenet_tcp_bind_generic_node(ftpd_t) corenet_tcp_bind_ftp_port(ftpd_t) corenet_tcp_bind_ftp_data_port(ftpd_t) corenet_tcp_bind_generic_port(ftpd_t) diff --git a/policy/modules/services/gatekeeper.te b/policy/modules/services/gatekeeper.te index e248a03..b260099 100644 --- a/policy/modules/services/gatekeeper.te +++ b/policy/modules/services/gatekeeper.te @@ -1,5 +1,5 @@ -policy_module(gatekeeper, 1.6.0) +policy_module(gatekeeper, 1.6.1) ######################################## # @@ -57,12 +57,12 @@ corenet_all_recvfrom_unlabeled(gatekeeper_t) corenet_all_recvfrom_netlabel(gatekeeper_t) corenet_tcp_sendrecv_generic_if(gatekeeper_t) corenet_udp_sendrecv_generic_if(gatekeeper_t) -corenet_tcp_sendrecv_all_nodes(gatekeeper_t) -corenet_udp_sendrecv_all_nodes(gatekeeper_t) +corenet_tcp_sendrecv_generic_node(gatekeeper_t) +corenet_udp_sendrecv_generic_node(gatekeeper_t) corenet_tcp_sendrecv_all_ports(gatekeeper_t) corenet_udp_sendrecv_all_ports(gatekeeper_t) -corenet_tcp_bind_all_nodes(gatekeeper_t) -corenet_udp_bind_all_nodes(gatekeeper_t) +corenet_tcp_bind_generic_node(gatekeeper_t) +corenet_udp_bind_generic_node(gatekeeper_t) corenet_tcp_bind_gatekeeper_port(gatekeeper_t) corenet_udp_bind_gatekeeper_port(gatekeeper_t) corenet_sendrecv_gatekeeper_server_packets(gatekeeper_t) diff --git a/policy/modules/services/hal.te b/policy/modules/services/hal.te index e69f006..6d1c9cd 100644 --- a/policy/modules/services/hal.te +++ b/policy/modules/services/hal.te @@ -1,5 +1,5 @@ -policy_module(hal, 1.11.1) +policy_module(hal, 1.11.2) ######################################## # @@ -104,8 +104,8 @@ corenet_all_recvfrom_unlabeled(hald_t) corenet_all_recvfrom_netlabel(hald_t) corenet_tcp_sendrecv_generic_if(hald_t) corenet_udp_sendrecv_generic_if(hald_t) -corenet_tcp_sendrecv_all_nodes(hald_t) -corenet_udp_sendrecv_all_nodes(hald_t) +corenet_tcp_sendrecv_generic_node(hald_t) +corenet_udp_sendrecv_generic_node(hald_t) corenet_tcp_sendrecv_all_ports(hald_t) corenet_udp_sendrecv_all_ports(hald_t) diff --git a/policy/modules/services/howl.te b/policy/modules/services/howl.te index a710bdb..59ba695 100644 --- a/policy/modules/services/howl.te +++ b/policy/modules/services/howl.te @@ -1,5 +1,5 @@ -policy_module(howl, 1.7.1) +policy_module(howl, 1.7.2) ######################################## # @@ -38,12 +38,12 @@ corenet_all_recvfrom_unlabeled(howl_t) corenet_all_recvfrom_netlabel(howl_t) corenet_tcp_sendrecv_generic_if(howl_t) corenet_udp_sendrecv_generic_if(howl_t) -corenet_tcp_sendrecv_all_nodes(howl_t) -corenet_udp_sendrecv_all_nodes(howl_t) +corenet_tcp_sendrecv_generic_node(howl_t) +corenet_udp_sendrecv_generic_node(howl_t) corenet_tcp_sendrecv_all_ports(howl_t) corenet_udp_sendrecv_all_ports(howl_t) -corenet_tcp_bind_all_nodes(howl_t) -corenet_udp_bind_all_nodes(howl_t) +corenet_tcp_bind_generic_node(howl_t) +corenet_udp_bind_generic_node(howl_t) corenet_tcp_bind_howl_port(howl_t) corenet_udp_bind_howl_port(howl_t) corenet_sendrecv_howl_server_packets(howl_t) diff --git a/policy/modules/services/i18n_input.te b/policy/modules/services/i18n_input.te index ca6f6a4..d2b21a6 100644 --- a/policy/modules/services/i18n_input.te +++ b/policy/modules/services/i18n_input.te @@ -1,5 +1,5 @@ -policy_module(i18n_input, 1.7.0) +policy_module(i18n_input, 1.7.1) ######################################## # @@ -41,11 +41,11 @@ corenet_all_recvfrom_unlabeled(i18n_input_t) corenet_all_recvfrom_netlabel(i18n_input_t) corenet_tcp_sendrecv_generic_if(i18n_input_t) corenet_udp_sendrecv_generic_if(i18n_input_t) -corenet_tcp_sendrecv_all_nodes(i18n_input_t) -corenet_udp_sendrecv_all_nodes(i18n_input_t) +corenet_tcp_sendrecv_generic_node(i18n_input_t) +corenet_udp_sendrecv_generic_node(i18n_input_t) corenet_tcp_sendrecv_all_ports(i18n_input_t) corenet_udp_sendrecv_all_ports(i18n_input_t) -corenet_tcp_bind_all_nodes(i18n_input_t) +corenet_tcp_bind_generic_node(i18n_input_t) corenet_tcp_bind_i18n_input_port(i18n_input_t) corenet_tcp_connect_all_ports(i18n_input_t) corenet_sendrecv_i18n_input_server_packets(i18n_input_t) diff --git a/policy/modules/services/imaze.te b/policy/modules/services/imaze.te index fa4bee3..fbea933 100644 --- a/policy/modules/services/imaze.te +++ b/policy/modules/services/imaze.te @@ -1,5 +1,5 @@ -policy_module(imaze, 1.6.0) +policy_module(imaze, 1.6.1) ######################################## # @@ -59,12 +59,12 @@ corenet_all_recvfrom_unlabeled(imazesrv_t) corenet_all_recvfrom_netlabel(imazesrv_t) corenet_tcp_sendrecv_generic_if(imazesrv_t) corenet_udp_sendrecv_generic_if(imazesrv_t) -corenet_tcp_sendrecv_all_nodes(imazesrv_t) -corenet_udp_sendrecv_all_nodes(imazesrv_t) +corenet_tcp_sendrecv_generic_node(imazesrv_t) +corenet_udp_sendrecv_generic_node(imazesrv_t) corenet_tcp_sendrecv_all_ports(imazesrv_t) corenet_udp_sendrecv_all_ports(imazesrv_t) -corenet_tcp_bind_all_nodes(imazesrv_t) -corenet_udp_bind_all_nodes(imazesrv_t) +corenet_tcp_bind_generic_node(imazesrv_t) +corenet_udp_bind_generic_node(imazesrv_t) corenet_tcp_bind_imaze_port(imazesrv_t) corenet_udp_bind_imaze_port(imazesrv_t) corenet_sendrecv_imaze_server_packets(imazesrv_t) diff --git a/policy/modules/services/inetd.te b/policy/modules/services/inetd.te index b3c6ada..60a34f1 100644 --- a/policy/modules/services/inetd.te +++ b/policy/modules/services/inetd.te @@ -1,5 +1,5 @@ -policy_module(inetd, 1.9.1) +policy_module(inetd, 1.9.2) ######################################## # @@ -70,12 +70,12 @@ corenet_all_recvfrom_unlabeled(inetd_t) corenet_all_recvfrom_netlabel(inetd_t) corenet_tcp_sendrecv_generic_if(inetd_t) corenet_udp_sendrecv_generic_if(inetd_t) -corenet_tcp_sendrecv_all_nodes(inetd_t) -corenet_udp_sendrecv_all_nodes(inetd_t) +corenet_tcp_sendrecv_generic_node(inetd_t) +corenet_udp_sendrecv_generic_node(inetd_t) corenet_tcp_sendrecv_all_ports(inetd_t) corenet_udp_sendrecv_all_ports(inetd_t) -corenet_tcp_bind_all_nodes(inetd_t) -corenet_udp_bind_all_nodes(inetd_t) +corenet_tcp_bind_generic_node(inetd_t) +corenet_udp_bind_generic_node(inetd_t) corenet_tcp_connect_all_ports(inetd_t) corenet_sendrecv_all_client_packets(inetd_t) @@ -210,8 +210,8 @@ corenet_all_recvfrom_unlabeled(inetd_child_t) corenet_all_recvfrom_netlabel(inetd_child_t) corenet_tcp_sendrecv_generic_if(inetd_child_t) corenet_udp_sendrecv_generic_if(inetd_child_t) -corenet_tcp_sendrecv_all_nodes(inetd_child_t) -corenet_udp_sendrecv_all_nodes(inetd_child_t) +corenet_tcp_sendrecv_generic_node(inetd_child_t) +corenet_udp_sendrecv_generic_node(inetd_child_t) corenet_tcp_sendrecv_all_ports(inetd_child_t) corenet_udp_sendrecv_all_ports(inetd_child_t) diff --git a/policy/modules/services/inn.te b/policy/modules/services/inn.te index 5120332..038ce29 100644 --- a/policy/modules/services/inn.te +++ b/policy/modules/services/inn.te @@ -1,5 +1,5 @@ -policy_module(inn, 1.8.1) +policy_module(inn, 1.8.2) ######################################## # @@ -70,11 +70,11 @@ corenet_all_recvfrom_unlabeled(innd_t) corenet_all_recvfrom_netlabel(innd_t) corenet_tcp_sendrecv_generic_if(innd_t) corenet_udp_sendrecv_generic_if(innd_t) -corenet_tcp_sendrecv_all_nodes(innd_t) -corenet_udp_sendrecv_all_nodes(innd_t) +corenet_tcp_sendrecv_generic_node(innd_t) +corenet_udp_sendrecv_generic_node(innd_t) corenet_tcp_sendrecv_all_ports(innd_t) corenet_udp_sendrecv_all_ports(innd_t) -corenet_tcp_bind_all_nodes(innd_t) +corenet_tcp_bind_generic_node(innd_t) corenet_tcp_bind_innd_port(innd_t) corenet_tcp_connect_all_ports(innd_t) corenet_sendrecv_innd_server_packets(innd_t) diff --git a/policy/modules/services/ircd.te b/policy/modules/services/ircd.te index 8c7f02b..72bd91c 100644 --- a/policy/modules/services/ircd.te +++ b/policy/modules/services/ircd.te @@ -1,5 +1,5 @@ -policy_module(ircd, 1.6.0) +policy_module(ircd, 1.6.1) ######################################## # @@ -54,11 +54,11 @@ corenet_all_recvfrom_unlabeled(ircd_t) corenet_all_recvfrom_netlabel(ircd_t) corenet_tcp_sendrecv_generic_if(ircd_t) corenet_udp_sendrecv_generic_if(ircd_t) -corenet_tcp_sendrecv_all_nodes(ircd_t) -corenet_udp_sendrecv_all_nodes(ircd_t) +corenet_tcp_sendrecv_generic_node(ircd_t) +corenet_udp_sendrecv_generic_node(ircd_t) corenet_tcp_sendrecv_all_ports(ircd_t) corenet_udp_sendrecv_all_ports(ircd_t) -corenet_tcp_bind_all_nodes(ircd_t) +corenet_tcp_bind_generic_node(ircd_t) corenet_tcp_bind_ircd_port(ircd_t) corenet_sendrecv_ircd_server_packets(ircd_t) diff --git a/policy/modules/services/jabber.te b/policy/modules/services/jabber.te index c11cba8..cec9c76 100644 --- a/policy/modules/services/jabber.te +++ b/policy/modules/services/jabber.te @@ -1,5 +1,5 @@ -policy_module(jabber, 1.7.0) +policy_module(jabber, 1.7.1) ######################################## # @@ -51,11 +51,11 @@ corenet_all_recvfrom_unlabeled(jabberd_t) corenet_all_recvfrom_netlabel(jabberd_t) corenet_tcp_sendrecv_generic_if(jabberd_t) corenet_udp_sendrecv_generic_if(jabberd_t) -corenet_tcp_sendrecv_all_nodes(jabberd_t) -corenet_udp_sendrecv_all_nodes(jabberd_t) +corenet_tcp_sendrecv_generic_node(jabberd_t) +corenet_udp_sendrecv_generic_node(jabberd_t) corenet_tcp_sendrecv_all_ports(jabberd_t) corenet_udp_sendrecv_all_ports(jabberd_t) -corenet_tcp_bind_all_nodes(jabberd_t) +corenet_tcp_bind_generic_node(jabberd_t) corenet_tcp_bind_jabber_client_port(jabberd_t) corenet_tcp_bind_jabber_interserver_port(jabberd_t) corenet_sendrecv_jabber_client_server_packets(jabberd_t) diff --git a/policy/modules/services/kerberos.if b/policy/modules/services/kerberos.if index de9c607..1433ed7 100644 --- a/policy/modules/services/kerberos.if +++ b/policy/modules/services/kerberos.if @@ -91,12 +91,12 @@ interface(`kerberos_use',` corenet_all_recvfrom_netlabel($1) corenet_tcp_sendrecv_generic_if($1) corenet_udp_sendrecv_generic_if($1) - corenet_tcp_sendrecv_all_nodes($1) - corenet_udp_sendrecv_all_nodes($1) + corenet_tcp_sendrecv_generic_node($1) + corenet_udp_sendrecv_generic_node($1) corenet_tcp_sendrecv_kerberos_port($1) corenet_udp_sendrecv_kerberos_port($1) - corenet_tcp_bind_all_nodes($1) - corenet_udp_bind_all_nodes($1) + corenet_tcp_bind_generic_node($1) + corenet_udp_bind_generic_node($1) corenet_tcp_connect_kerberos_port($1) corenet_tcp_connect_ocsp_port($1) corenet_sendrecv_kerberos_client_packets($1) @@ -283,7 +283,7 @@ interface(`kerberos_connect_524',` corenet_all_recvfrom_unlabeled($1) corenet_udp_sendrecv_generic_if($1) - corenet_udp_sendrecv_all_nodes($1) + corenet_udp_sendrecv_generic_node($1) corenet_udp_sendrecv_kerberos_master_port($1) corenet_sendrecv_kerberos_master_client_packets($1) ') diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te index cc01836..f5f46e4 100644 --- a/policy/modules/services/kerberos.te +++ b/policy/modules/services/kerberos.te @@ -1,5 +1,5 @@ -policy_module(kerberos, 1.9.1) +policy_module(kerberos, 1.9.2) ######################################## # @@ -115,12 +115,12 @@ corenet_all_recvfrom_unlabeled(kadmind_t) corenet_all_recvfrom_netlabel(kadmind_t) corenet_tcp_sendrecv_generic_if(kadmind_t) corenet_udp_sendrecv_generic_if(kadmind_t) -corenet_tcp_sendrecv_all_nodes(kadmind_t) -corenet_udp_sendrecv_all_nodes(kadmind_t) +corenet_tcp_sendrecv_generic_node(kadmind_t) +corenet_udp_sendrecv_generic_node(kadmind_t) corenet_tcp_sendrecv_all_ports(kadmind_t) corenet_udp_sendrecv_all_ports(kadmind_t) -corenet_tcp_bind_all_nodes(kadmind_t) -corenet_udp_bind_all_nodes(kadmind_t) +corenet_tcp_bind_generic_node(kadmind_t) +corenet_udp_bind_generic_node(kadmind_t) corenet_tcp_bind_kerberos_admin_port(kadmind_t) corenet_udp_bind_kerberos_admin_port(kadmind_t) corenet_tcp_bind_reserved_port(kadmind_t) @@ -217,12 +217,12 @@ corenet_all_recvfrom_unlabeled(krb5kdc_t) corenet_all_recvfrom_netlabel(krb5kdc_t) corenet_tcp_sendrecv_generic_if(krb5kdc_t) corenet_udp_sendrecv_generic_if(krb5kdc_t) -corenet_tcp_sendrecv_all_nodes(krb5kdc_t) -corenet_udp_sendrecv_all_nodes(krb5kdc_t) +corenet_tcp_sendrecv_generic_node(krb5kdc_t) +corenet_udp_sendrecv_generic_node(krb5kdc_t) corenet_tcp_sendrecv_all_ports(krb5kdc_t) corenet_udp_sendrecv_all_ports(krb5kdc_t) -corenet_tcp_bind_all_nodes(krb5kdc_t) -corenet_udp_bind_all_nodes(krb5kdc_t) +corenet_tcp_bind_generic_node(krb5kdc_t) +corenet_udp_bind_generic_node(krb5kdc_t) corenet_tcp_bind_kerberos_port(krb5kdc_t) corenet_udp_bind_kerberos_port(krb5kdc_t) corenet_tcp_connect_ocsp_port(krb5kdc_t) @@ -287,9 +287,9 @@ corecmd_exec_bin(kpropd_t) corenet_all_recvfrom_unlabeled(kpropd_t) corenet_tcp_sendrecv_generic_if(kpropd_t) -corenet_tcp_sendrecv_all_nodes(kpropd_t) +corenet_tcp_sendrecv_generic_node(kpropd_t) corenet_tcp_sendrecv_all_ports(kpropd_t) -corenet_tcp_bind_all_nodes(kpropd_t) +corenet_tcp_bind_generic_node(kpropd_t) dev_read_urand(kpropd_t) diff --git a/policy/modules/services/kerneloops.te b/policy/modules/services/kerneloops.te index 17623fd..22edce7 100644 --- a/policy/modules/services/kerneloops.te +++ b/policy/modules/services/kerneloops.te @@ -1,5 +1,5 @@ -policy_module(kerneloops, 1.2.1) +policy_module(kerneloops, 1.2.2) ######################################## # @@ -31,7 +31,7 @@ domain_use_interactive_fds(kerneloops_t) corenet_all_recvfrom_unlabeled(kerneloops_t) corenet_all_recvfrom_netlabel(kerneloops_t) corenet_tcp_sendrecv_generic_if(kerneloops_t) -corenet_tcp_sendrecv_all_nodes(kerneloops_t) +corenet_tcp_sendrecv_generic_node(kerneloops_t) corenet_tcp_sendrecv_all_ports(kerneloops_t) corenet_tcp_bind_http_port(kerneloops_t) corenet_tcp_connect_http_port(kerneloops_t) diff --git a/policy/modules/services/ktalk.te b/policy/modules/services/ktalk.te index 91e3caa..78a5680 100644 --- a/policy/modules/services/ktalk.te +++ b/policy/modules/services/ktalk.te @@ -1,5 +1,5 @@ -policy_module(ktalk, 1.6.1) +policy_module(ktalk, 1.6.2) ######################################## # @@ -57,8 +57,8 @@ corenet_all_recvfrom_unlabeled(ktalkd_t) corenet_all_recvfrom_netlabel(ktalkd_t) corenet_tcp_sendrecv_generic_if(ktalkd_t) corenet_udp_sendrecv_generic_if(ktalkd_t) -corenet_tcp_sendrecv_all_nodes(ktalkd_t) -corenet_udp_sendrecv_all_nodes(ktalkd_t) +corenet_tcp_sendrecv_generic_node(ktalkd_t) +corenet_udp_sendrecv_generic_node(ktalkd_t) corenet_tcp_sendrecv_all_ports(ktalkd_t) corenet_udp_sendrecv_all_ports(ktalkd_t) diff --git a/policy/modules/services/ldap.te b/policy/modules/services/ldap.te index 2ec5349..21e80ad 100644 --- a/policy/modules/services/ldap.te +++ b/policy/modules/services/ldap.te @@ -1,5 +1,5 @@ -policy_module(ldap, 1.9.1) +policy_module(ldap, 1.9.2) ######################################## # @@ -83,11 +83,11 @@ corenet_all_recvfrom_unlabeled(slapd_t) corenet_all_recvfrom_netlabel(slapd_t) corenet_tcp_sendrecv_generic_if(slapd_t) corenet_udp_sendrecv_generic_if(slapd_t) -corenet_tcp_sendrecv_all_nodes(slapd_t) -corenet_udp_sendrecv_all_nodes(slapd_t) +corenet_tcp_sendrecv_generic_node(slapd_t) +corenet_udp_sendrecv_generic_node(slapd_t) corenet_tcp_sendrecv_all_ports(slapd_t) corenet_udp_sendrecv_all_ports(slapd_t) -corenet_tcp_bind_all_nodes(slapd_t) +corenet_tcp_bind_generic_node(slapd_t) corenet_tcp_bind_ldap_port(slapd_t) corenet_tcp_connect_all_ports(slapd_t) corenet_sendrecv_ldap_server_packets(slapd_t) diff --git a/policy/modules/services/lpd.te b/policy/modules/services/lpd.te index 2ab013b..8604239 100644 --- a/policy/modules/services/lpd.te +++ b/policy/modules/services/lpd.te @@ -1,5 +1,5 @@ -policy_module(lpd, 1.11.1) +policy_module(lpd, 1.11.2) ######################################## # @@ -90,8 +90,8 @@ corenet_all_recvfrom_unlabeled(checkpc_t) corenet_all_recvfrom_netlabel(checkpc_t) corenet_tcp_sendrecv_generic_if(checkpc_t) corenet_udp_sendrecv_generic_if(checkpc_t) -corenet_tcp_sendrecv_all_nodes(checkpc_t) -corenet_udp_sendrecv_all_nodes(checkpc_t) +corenet_tcp_sendrecv_generic_node(checkpc_t) +corenet_udp_sendrecv_generic_node(checkpc_t) corenet_tcp_sendrecv_all_ports(checkpc_t) corenet_udp_sendrecv_all_ports(checkpc_t) corenet_tcp_connect_all_ports(checkpc_t) @@ -170,11 +170,11 @@ corenet_all_recvfrom_unlabeled(lpd_t) corenet_all_recvfrom_netlabel(lpd_t) corenet_tcp_sendrecv_generic_if(lpd_t) corenet_udp_sendrecv_generic_if(lpd_t) -corenet_tcp_sendrecv_all_nodes(lpd_t) -corenet_udp_sendrecv_all_nodes(lpd_t) +corenet_tcp_sendrecv_generic_node(lpd_t) +corenet_udp_sendrecv_generic_node(lpd_t) corenet_tcp_sendrecv_all_ports(lpd_t) corenet_udp_sendrecv_all_ports(lpd_t) -corenet_tcp_bind_all_nodes(lpd_t) +corenet_tcp_bind_generic_node(lpd_t) corenet_tcp_bind_printer_port(lpd_t) corenet_sendrecv_printer_server_packets(lpd_t) @@ -245,8 +245,8 @@ corenet_all_recvfrom_unlabeled(lpr_t) corenet_all_recvfrom_netlabel(lpr_t) corenet_tcp_sendrecv_generic_if(lpr_t) corenet_udp_sendrecv_generic_if(lpr_t) -corenet_tcp_sendrecv_all_nodes(lpr_t) -corenet_udp_sendrecv_all_nodes(lpr_t) +corenet_tcp_sendrecv_generic_node(lpr_t) +corenet_udp_sendrecv_generic_node(lpr_t) corenet_tcp_sendrecv_all_ports(lpr_t) corenet_udp_sendrecv_all_ports(lpr_t) corenet_tcp_connect_all_ports(lpr_t) diff --git a/policy/modules/services/mailman.if b/policy/modules/services/mailman.if index 52dc898..547ddeb 100644 --- a/policy/modules/services/mailman.if +++ b/policy/modules/services/mailman.if @@ -53,13 +53,13 @@ template(`mailman_domain_template', ` corenet_tcp_sendrecv_generic_if(mailman_$1_t) corenet_udp_sendrecv_generic_if(mailman_$1_t) corenet_raw_sendrecv_generic_if(mailman_$1_t) - corenet_tcp_sendrecv_all_nodes(mailman_$1_t) - corenet_udp_sendrecv_all_nodes(mailman_$1_t) - corenet_raw_sendrecv_all_nodes(mailman_$1_t) + corenet_tcp_sendrecv_generic_node(mailman_$1_t) + corenet_udp_sendrecv_generic_node(mailman_$1_t) + corenet_raw_sendrecv_generic_node(mailman_$1_t) corenet_tcp_sendrecv_all_ports(mailman_$1_t) corenet_udp_sendrecv_all_ports(mailman_$1_t) - corenet_tcp_bind_all_nodes(mailman_$1_t) - corenet_udp_bind_all_nodes(mailman_$1_t) + corenet_tcp_bind_generic_node(mailman_$1_t) + corenet_udp_bind_generic_node(mailman_$1_t) corenet_tcp_connect_smtp_port(mailman_$1_t) corenet_sendrecv_smtp_client_packets(mailman_$1_t) diff --git a/policy/modules/services/mailman.te b/policy/modules/services/mailman.te index 67f5415..7932613 100644 --- a/policy/modules/services/mailman.te +++ b/policy/modules/services/mailman.te @@ -1,5 +1,5 @@ -policy_module(mailman, 1.6.1) +policy_module(mailman, 1.6.2) ######################################## # diff --git a/policy/modules/services/memcached.te b/policy/modules/services/memcached.te index 943931c..0311b91 100644 --- a/policy/modules/services/memcached.te +++ b/policy/modules/services/memcached.te @@ -1,5 +1,5 @@ -policy_module(memcached, 1.0.1) +policy_module(memcached, 1.0.2) ######################################## # @@ -28,13 +28,13 @@ allow memcached_t self:fifo_file rw_fifo_file_perms; corenet_all_recvfrom_unlabeled(memcached_t) corenet_udp_sendrecv_generic_if(memcached_t) -corenet_udp_sendrecv_all_nodes(memcached_t) +corenet_udp_sendrecv_generic_node(memcached_t) corenet_udp_sendrecv_all_ports(memcached_t) -corenet_udp_bind_all_nodes(memcached_t) +corenet_udp_bind_generic_node(memcached_t) corenet_tcp_sendrecv_generic_if(memcached_t) -corenet_tcp_sendrecv_all_nodes(memcached_t) +corenet_tcp_sendrecv_generic_node(memcached_t) corenet_tcp_sendrecv_all_ports(memcached_t) -corenet_tcp_bind_all_nodes(memcached_t) +corenet_tcp_bind_generic_node(memcached_t) corenet_tcp_bind_memcache_port(memcached_t) corenet_udp_bind_memcache_port(memcached_t) diff --git a/policy/modules/services/monop.te b/policy/modules/services/monop.te index 55abf57..1bd3dbc 100644 --- a/policy/modules/services/monop.te +++ b/policy/modules/services/monop.te @@ -1,5 +1,5 @@ -policy_module(monop, 1.6.0) +policy_module(monop, 1.6.1) ######################################## # @@ -47,11 +47,11 @@ corenet_all_recvfrom_unlabeled(monopd_t) corenet_all_recvfrom_netlabel(monopd_t) corenet_tcp_sendrecv_generic_if(monopd_t) corenet_udp_sendrecv_generic_if(monopd_t) -corenet_tcp_sendrecv_all_nodes(monopd_t) -corenet_udp_sendrecv_all_nodes(monopd_t) +corenet_tcp_sendrecv_generic_node(monopd_t) +corenet_udp_sendrecv_generic_node(monopd_t) corenet_tcp_sendrecv_all_ports(monopd_t) corenet_udp_sendrecv_all_ports(monopd_t) -corenet_tcp_bind_all_nodes(monopd_t) +corenet_tcp_bind_generic_node(monopd_t) corenet_tcp_bind_monopd_port(monopd_t) corenet_sendrecv_monopd_server_packets(monopd_t) diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if index d67c659..a437f02 100644 --- a/policy/modules/services/mta.if +++ b/policy/modules/services/mta.if @@ -74,7 +74,7 @@ template(`mta_base_mail_template',` corenet_all_recvfrom_unlabeled($1_mail_t) corenet_all_recvfrom_netlabel($1_mail_t) corenet_tcp_sendrecv_generic_if($1_mail_t) - corenet_tcp_sendrecv_all_nodes($1_mail_t) + corenet_tcp_sendrecv_generic_node($1_mail_t) corenet_tcp_sendrecv_all_ports($1_mail_t) corenet_tcp_connect_all_ports($1_mail_t) corenet_tcp_connect_smtp_port($1_mail_t) diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te index 370ce9f..5c33cd6 100644 --- a/policy/modules/services/mta.te +++ b/policy/modules/services/mta.te @@ -1,5 +1,5 @@ -policy_module(mta, 2.1.1) +policy_module(mta, 2.1.2) ######################################## # diff --git a/policy/modules/services/munin.te b/policy/modules/services/munin.te index 587fb0c..2a0971d 100644 --- a/policy/modules/services/munin.te +++ b/policy/modules/services/munin.te @@ -1,5 +1,5 @@ -policy_module(munin, 1.6.0) +policy_module(munin, 1.6.1) ######################################## # @@ -69,8 +69,8 @@ corenet_all_recvfrom_unlabeled(munin_t) corenet_all_recvfrom_netlabel(munin_t) corenet_tcp_sendrecv_generic_if(munin_t) corenet_udp_sendrecv_generic_if(munin_t) -corenet_tcp_sendrecv_all_nodes(munin_t) -corenet_udp_sendrecv_all_nodes(munin_t) +corenet_tcp_sendrecv_generic_node(munin_t) +corenet_udp_sendrecv_generic_node(munin_t) corenet_tcp_sendrecv_all_ports(munin_t) corenet_udp_sendrecv_all_ports(munin_t) diff --git a/policy/modules/services/mysql.te b/policy/modules/services/mysql.te index 05bba75..d2c6a9c 100644 --- a/policy/modules/services/mysql.te +++ b/policy/modules/services/mysql.te @@ -1,5 +1,5 @@ -policy_module(mysql, 1.10.1) +policy_module(mysql, 1.10.2) ######################################## # @@ -69,11 +69,11 @@ corenet_all_recvfrom_unlabeled(mysqld_t) corenet_all_recvfrom_netlabel(mysqld_t) corenet_tcp_sendrecv_generic_if(mysqld_t) corenet_udp_sendrecv_generic_if(mysqld_t) -corenet_tcp_sendrecv_all_nodes(mysqld_t) -corenet_udp_sendrecv_all_nodes(mysqld_t) +corenet_tcp_sendrecv_generic_node(mysqld_t) +corenet_udp_sendrecv_generic_node(mysqld_t) corenet_tcp_sendrecv_all_ports(mysqld_t) corenet_udp_sendrecv_all_ports(mysqld_t) -corenet_tcp_bind_all_nodes(mysqld_t) +corenet_tcp_bind_generic_node(mysqld_t) corenet_tcp_bind_mysqld_port(mysqld_t) corenet_tcp_connect_mysqld_port(mysqld_t) corenet_sendrecv_mysqld_client_packets(mysqld_t) diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te index d1364d1..e872fe5 100644 --- a/policy/modules/services/nagios.te +++ b/policy/modules/services/nagios.te @@ -1,5 +1,5 @@ -policy_module(nagios, 1.7.0) +policy_module(nagios, 1.7.1) ######################################## # @@ -70,8 +70,8 @@ corenet_all_recvfrom_unlabeled(nagios_t) corenet_all_recvfrom_netlabel(nagios_t) corenet_tcp_sendrecv_generic_if(nagios_t) corenet_udp_sendrecv_generic_if(nagios_t) -corenet_tcp_sendrecv_all_nodes(nagios_t) -corenet_udp_sendrecv_all_nodes(nagios_t) +corenet_tcp_sendrecv_generic_node(nagios_t) +corenet_udp_sendrecv_generic_node(nagios_t) corenet_tcp_sendrecv_all_ports(nagios_t) corenet_udp_sendrecv_all_ports(nagios_t) corenet_tcp_connect_all_ports(nagios_t) diff --git a/policy/modules/services/nessus.te b/policy/modules/services/nessus.te index 3d02f9f..94c7688 100644 --- a/policy/modules/services/nessus.te +++ b/policy/modules/services/nessus.te @@ -1,5 +1,5 @@ -policy_module(nessus, 1.6.0) +policy_module(nessus, 1.6.1) ######################################## # @@ -62,12 +62,12 @@ corenet_all_recvfrom_netlabel(nessusd_t) corenet_tcp_sendrecv_generic_if(nessusd_t) corenet_udp_sendrecv_generic_if(nessusd_t) corenet_raw_sendrecv_generic_if(nessusd_t) -corenet_tcp_sendrecv_all_nodes(nessusd_t) -corenet_udp_sendrecv_all_nodes(nessusd_t) -corenet_raw_sendrecv_all_nodes(nessusd_t) +corenet_tcp_sendrecv_generic_node(nessusd_t) +corenet_udp_sendrecv_generic_node(nessusd_t) +corenet_raw_sendrecv_generic_node(nessusd_t) corenet_tcp_sendrecv_all_ports(nessusd_t) corenet_udp_sendrecv_all_ports(nessusd_t) -corenet_tcp_bind_all_nodes(nessusd_t) +corenet_tcp_bind_generic_node(nessusd_t) corenet_tcp_bind_nessus_port(nessusd_t) corenet_tcp_connect_all_ports(nessusd_t) corenet_sendrecv_all_client_packets(nessusd_t) diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te index 854c755..d8c5912 100644 --- a/policy/modules/services/networkmanager.te +++ b/policy/modules/services/networkmanager.te @@ -1,5 +1,5 @@ -policy_module(networkmanager, 1.12.1) +policy_module(networkmanager, 1.12.2) ######################################## # @@ -69,12 +69,12 @@ corenet_all_recvfrom_netlabel(NetworkManager_t) corenet_tcp_sendrecv_generic_if(NetworkManager_t) corenet_udp_sendrecv_generic_if(NetworkManager_t) corenet_raw_sendrecv_generic_if(NetworkManager_t) -corenet_tcp_sendrecv_all_nodes(NetworkManager_t) -corenet_udp_sendrecv_all_nodes(NetworkManager_t) -corenet_raw_sendrecv_all_nodes(NetworkManager_t) +corenet_tcp_sendrecv_generic_node(NetworkManager_t) +corenet_udp_sendrecv_generic_node(NetworkManager_t) +corenet_raw_sendrecv_generic_node(NetworkManager_t) corenet_tcp_sendrecv_all_ports(NetworkManager_t) corenet_udp_sendrecv_all_ports(NetworkManager_t) -corenet_udp_bind_all_nodes(NetworkManager_t) +corenet_udp_bind_generic_node(NetworkManager_t) corenet_udp_bind_isakmp_port(NetworkManager_t) corenet_udp_bind_dhcpc_port(NetworkManager_t) corenet_tcp_connect_all_ports(NetworkManager_t) diff --git a/policy/modules/services/nis.if b/policy/modules/services/nis.if index 29586f8..ff85c8d 100644 --- a/policy/modules/services/nis.if +++ b/policy/modules/services/nis.if @@ -41,12 +41,12 @@ interface(`nis_use_ypbind_uncond',` corenet_all_recvfrom_netlabel($1) corenet_tcp_sendrecv_generic_if($1) corenet_udp_sendrecv_generic_if($1) - corenet_tcp_sendrecv_all_nodes($1) - corenet_udp_sendrecv_all_nodes($1) + corenet_tcp_sendrecv_generic_node($1) + corenet_udp_sendrecv_generic_node($1) corenet_tcp_sendrecv_all_ports($1) corenet_udp_sendrecv_all_ports($1) - corenet_tcp_bind_all_nodes($1) - corenet_udp_bind_all_nodes($1) + corenet_tcp_bind_generic_node($1) + corenet_udp_bind_generic_node($1) corenet_tcp_bind_generic_port($1) corenet_udp_bind_generic_port($1) corenet_tcp_bind_reserved_port($1) diff --git a/policy/modules/services/nis.te b/policy/modules/services/nis.te index 0badd0f..3fd2ae2 100644 --- a/policy/modules/services/nis.te +++ b/policy/modules/services/nis.te @@ -1,5 +1,5 @@ -policy_module(nis, 1.8.1) +policy_module(nis, 1.8.2) ######################################## # @@ -73,12 +73,12 @@ corenet_all_recvfrom_unlabeled(ypbind_t) corenet_all_recvfrom_netlabel(ypbind_t) corenet_tcp_sendrecv_generic_if(ypbind_t) corenet_udp_sendrecv_generic_if(ypbind_t) -corenet_tcp_sendrecv_all_nodes(ypbind_t) -corenet_udp_sendrecv_all_nodes(ypbind_t) +corenet_tcp_sendrecv_generic_node(ypbind_t) +corenet_udp_sendrecv_generic_node(ypbind_t) corenet_tcp_sendrecv_all_ports(ypbind_t) corenet_udp_sendrecv_all_ports(ypbind_t) -corenet_tcp_bind_all_nodes(ypbind_t) -corenet_udp_bind_all_nodes(ypbind_t) +corenet_tcp_bind_generic_node(ypbind_t) +corenet_udp_bind_generic_node(ypbind_t) corenet_tcp_bind_generic_port(ypbind_t) corenet_udp_bind_generic_port(ypbind_t) corenet_tcp_bind_reserved_port(ypbind_t) @@ -147,12 +147,12 @@ corenet_all_recvfrom_unlabeled(yppasswdd_t) corenet_all_recvfrom_netlabel(yppasswdd_t) corenet_tcp_sendrecv_generic_if(yppasswdd_t) corenet_udp_sendrecv_generic_if(yppasswdd_t) -corenet_tcp_sendrecv_all_nodes(yppasswdd_t) -corenet_udp_sendrecv_all_nodes(yppasswdd_t) +corenet_tcp_sendrecv_generic_node(yppasswdd_t) +corenet_udp_sendrecv_generic_node(yppasswdd_t) corenet_tcp_sendrecv_all_ports(yppasswdd_t) corenet_udp_sendrecv_all_ports(yppasswdd_t) -corenet_tcp_bind_all_nodes(yppasswdd_t) -corenet_udp_bind_all_nodes(yppasswdd_t) +corenet_tcp_bind_generic_node(yppasswdd_t) +corenet_udp_bind_generic_node(yppasswdd_t) corenet_tcp_bind_reserved_port(yppasswdd_t) corenet_udp_bind_reserved_port(yppasswdd_t) corenet_dontaudit_tcp_bind_all_reserved_ports(yppasswdd_t) @@ -233,12 +233,12 @@ corenet_all_recvfrom_unlabeled(ypserv_t) corenet_all_recvfrom_netlabel(ypserv_t) corenet_tcp_sendrecv_generic_if(ypserv_t) corenet_udp_sendrecv_generic_if(ypserv_t) -corenet_tcp_sendrecv_all_nodes(ypserv_t) -corenet_udp_sendrecv_all_nodes(ypserv_t) +corenet_tcp_sendrecv_generic_node(ypserv_t) +corenet_udp_sendrecv_generic_node(ypserv_t) corenet_tcp_sendrecv_all_ports(ypserv_t) corenet_udp_sendrecv_all_ports(ypserv_t) -corenet_tcp_bind_all_nodes(ypserv_t) -corenet_udp_bind_all_nodes(ypserv_t) +corenet_tcp_bind_generic_node(ypserv_t) +corenet_udp_bind_generic_node(ypserv_t) corenet_tcp_bind_reserved_port(ypserv_t) corenet_udp_bind_reserved_port(ypserv_t) corenet_dontaudit_tcp_bind_all_reserved_ports(ypserv_t) @@ -298,12 +298,12 @@ corenet_all_recvfrom_unlabeled(ypxfr_t) corenet_all_recvfrom_netlabel(ypxfr_t) corenet_tcp_sendrecv_generic_if(ypxfr_t) corenet_udp_sendrecv_generic_if(ypxfr_t) -corenet_tcp_sendrecv_all_nodes(ypxfr_t) -corenet_udp_sendrecv_all_nodes(ypxfr_t) +corenet_tcp_sendrecv_generic_node(ypxfr_t) +corenet_udp_sendrecv_generic_node(ypxfr_t) corenet_tcp_sendrecv_all_ports(ypxfr_t) corenet_udp_sendrecv_all_ports(ypxfr_t) -corenet_tcp_bind_all_nodes(ypxfr_t) -corenet_udp_bind_all_nodes(ypxfr_t) +corenet_tcp_bind_generic_node(ypxfr_t) +corenet_udp_bind_generic_node(ypxfr_t) corenet_tcp_bind_reserved_port(ypxfr_t) corenet_udp_bind_reserved_port(ypxfr_t) corenet_dontaudit_tcp_bind_all_reserved_ports(ypxfr_t) diff --git a/policy/modules/services/nscd.te b/policy/modules/services/nscd.te index 701bdb5..b5351af 100644 --- a/policy/modules/services/nscd.te +++ b/policy/modules/services/nscd.te @@ -1,5 +1,5 @@ -policy_module(nscd, 1.8.1) +policy_module(nscd, 1.8.2) gen_require(` class nscd all_nscd_perms; @@ -69,8 +69,8 @@ corenet_all_recvfrom_unlabeled(nscd_t) corenet_all_recvfrom_netlabel(nscd_t) corenet_tcp_sendrecv_generic_if(nscd_t) corenet_udp_sendrecv_generic_if(nscd_t) -corenet_tcp_sendrecv_all_nodes(nscd_t) -corenet_udp_sendrecv_all_nodes(nscd_t) +corenet_tcp_sendrecv_generic_node(nscd_t) +corenet_udp_sendrecv_generic_node(nscd_t) corenet_tcp_sendrecv_all_ports(nscd_t) corenet_udp_sendrecv_all_ports(nscd_t) corenet_tcp_connect_all_ports(nscd_t) diff --git a/policy/modules/services/nsd.te b/policy/modules/services/nsd.te index a3d234b..ddeba29 100644 --- a/policy/modules/services/nsd.te +++ b/policy/modules/services/nsd.te @@ -1,5 +1,5 @@ -policy_module(nsd, 1.6.0) +policy_module(nsd, 1.6.1) ######################################## # @@ -66,12 +66,12 @@ corenet_all_recvfrom_unlabeled(nsd_t) corenet_all_recvfrom_netlabel(nsd_t) corenet_tcp_sendrecv_generic_if(nsd_t) corenet_udp_sendrecv_generic_if(nsd_t) -corenet_tcp_sendrecv_all_nodes(nsd_t) -corenet_udp_sendrecv_all_nodes(nsd_t) +corenet_tcp_sendrecv_generic_node(nsd_t) +corenet_udp_sendrecv_generic_node(nsd_t) corenet_tcp_sendrecv_all_ports(nsd_t) corenet_udp_sendrecv_all_ports(nsd_t) -corenet_tcp_bind_all_nodes(nsd_t) -corenet_udp_bind_all_nodes(nsd_t) +corenet_tcp_bind_generic_node(nsd_t) +corenet_udp_bind_generic_node(nsd_t) corenet_tcp_bind_dns_port(nsd_t) corenet_udp_bind_dns_port(nsd_t) corenet_sendrecv_dns_server_packets(nsd_t) @@ -144,8 +144,8 @@ corenet_all_recvfrom_unlabeled(nsd_crond_t) corenet_all_recvfrom_netlabel(nsd_crond_t) corenet_tcp_sendrecv_generic_if(nsd_crond_t) corenet_udp_sendrecv_generic_if(nsd_crond_t) -corenet_tcp_sendrecv_all_nodes(nsd_crond_t) -corenet_udp_sendrecv_all_nodes(nsd_crond_t) +corenet_tcp_sendrecv_generic_node(nsd_crond_t) +corenet_udp_sendrecv_generic_node(nsd_crond_t) corenet_tcp_sendrecv_all_ports(nsd_crond_t) corenet_udp_sendrecv_all_ports(nsd_crond_t) corenet_tcp_connect_all_ports(nsd_crond_t) diff --git a/policy/modules/services/ntop.te b/policy/modules/services/ntop.te index d245b21..ad6513d 100644 --- a/policy/modules/services/ntop.te +++ b/policy/modules/services/ntop.te @@ -1,5 +1,5 @@ -policy_module(ntop, 1.7.0) +policy_module(ntop, 1.7.1) ######################################## # @@ -67,9 +67,9 @@ corenet_all_recvfrom_netlabel(ntop_t) corenet_tcp_sendrecv_generic_if(ntop_t) corenet_udp_sendrecv_generic_if(ntop_t) corenet_raw_sendrecv_generic_if(ntop_t) -corenet_tcp_sendrecv_all_nodes(ntop_t) -corenet_udp_sendrecv_all_nodes(ntop_t) -corenet_raw_sendrecv_all_nodes(ntop_t) +corenet_tcp_sendrecv_generic_node(ntop_t) +corenet_udp_sendrecv_generic_node(ntop_t) +corenet_raw_sendrecv_generic_node(ntop_t) corenet_tcp_sendrecv_all_ports(ntop_t) corenet_udp_sendrecv_all_ports(ntop_t) diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te index 8f8e603..cb49868 100644 --- a/policy/modules/services/ntp.te +++ b/policy/modules/services/ntp.te @@ -1,5 +1,5 @@ -policy_module(ntp, 1.8.1) +policy_module(ntp, 1.8.2) ######################################## # @@ -73,12 +73,12 @@ corenet_all_recvfrom_unlabeled(ntpd_t) corenet_all_recvfrom_netlabel(ntpd_t) corenet_tcp_sendrecv_generic_if(ntpd_t) corenet_udp_sendrecv_generic_if(ntpd_t) -corenet_tcp_sendrecv_all_nodes(ntpd_t) -corenet_udp_sendrecv_all_nodes(ntpd_t) +corenet_tcp_sendrecv_generic_node(ntpd_t) +corenet_udp_sendrecv_generic_node(ntpd_t) corenet_tcp_sendrecv_all_ports(ntpd_t) corenet_udp_sendrecv_all_ports(ntpd_t) -corenet_tcp_bind_all_nodes(ntpd_t) -corenet_udp_bind_all_nodes(ntpd_t) +corenet_tcp_bind_generic_node(ntpd_t) +corenet_udp_bind_generic_node(ntpd_t) corenet_udp_bind_ntp_port(ntpd_t) corenet_tcp_connect_ntp_port(ntpd_t) corenet_sendrecv_ntp_server_packets(ntpd_t) diff --git a/policy/modules/services/nx.te b/policy/modules/services/nx.te index 1477950..15f175d 100644 --- a/policy/modules/services/nx.te +++ b/policy/modules/services/nx.te @@ -1,5 +1,5 @@ -policy_module(nx, 1.3.0) +policy_module(nx, 1.3.1) ######################################## # @@ -55,8 +55,8 @@ corenet_all_recvfrom_unlabeled(nx_server_t) corenet_all_recvfrom_netlabel(nx_server_t) corenet_tcp_sendrecv_generic_if(nx_server_t) corenet_udp_sendrecv_generic_if(nx_server_t) -corenet_tcp_sendrecv_all_nodes(nx_server_t) -corenet_udp_sendrecv_all_nodes(nx_server_t) +corenet_tcp_sendrecv_generic_node(nx_server_t) +corenet_udp_sendrecv_generic_node(nx_server_t) corenet_tcp_sendrecv_all_ports(nx_server_t) corenet_udp_sendrecv_all_ports(nx_server_t) corenet_tcp_connect_all_ports(nx_server_t) diff --git a/policy/modules/services/oav.te b/policy/modules/services/oav.te index 354db5b..c34d8e7 100644 --- a/policy/modules/services/oav.te +++ b/policy/modules/services/oav.te @@ -1,5 +1,5 @@ -policy_module(oav, 1.8.0) +policy_module(oav, 1.8.1) ######################################## # @@ -53,8 +53,8 @@ corenet_all_recvfrom_unlabeled(oav_update_t) corenet_all_recvfrom_netlabel(oav_update_t) corenet_tcp_sendrecv_generic_if(oav_update_t) corenet_udp_sendrecv_generic_if(oav_update_t) -corenet_tcp_sendrecv_all_nodes(oav_update_t) -corenet_udp_sendrecv_all_nodes(oav_update_t) +corenet_tcp_sendrecv_generic_node(oav_update_t) +corenet_udp_sendrecv_generic_node(oav_update_t) corenet_tcp_sendrecv_all_ports(oav_update_t) corenet_udp_sendrecv_all_ports(oav_update_t) @@ -106,8 +106,8 @@ corenet_all_recvfrom_unlabeled(scannerdaemon_t) corenet_all_recvfrom_netlabel(scannerdaemon_t) corenet_tcp_sendrecv_generic_if(scannerdaemon_t) corenet_udp_sendrecv_generic_if(scannerdaemon_t) -corenet_tcp_sendrecv_all_nodes(scannerdaemon_t) -corenet_udp_sendrecv_all_nodes(scannerdaemon_t) +corenet_tcp_sendrecv_generic_node(scannerdaemon_t) +corenet_udp_sendrecv_generic_node(scannerdaemon_t) corenet_tcp_sendrecv_all_ports(scannerdaemon_t) corenet_udp_sendrecv_all_ports(scannerdaemon_t) diff --git a/policy/modules/services/oident.te b/policy/modules/services/oident.te index 29b6a6f..08a7997 100644 --- a/policy/modules/services/oident.te +++ b/policy/modules/services/oident.te @@ -1,5 +1,5 @@ -policy_module(oident, 2.0.1) +policy_module(oident, 2.0.2) ######################################## # @@ -38,8 +38,8 @@ allow oidentd_t oidentd_config_t:file read_file_perms; corenet_all_recvfrom_unlabeled(oidentd_t) corenet_all_recvfrom_netlabel(oidentd_t) corenet_tcp_sendrecv_generic_if(oidentd_t) -corenet_tcp_sendrecv_all_nodes(oidentd_t) -corenet_tcp_bind_all_nodes(oidentd_t) +corenet_tcp_sendrecv_generic_node(oidentd_t) +corenet_tcp_bind_generic_node(oidentd_t) corenet_tcp_bind_auth_port(oidentd_t) corenet_sendrecv_auth_server_packets(oidentd_t) diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te index 2efa44e..7ddf99e 100644 --- a/policy/modules/services/openvpn.te +++ b/policy/modules/services/openvpn.te @@ -1,5 +1,5 @@ -policy_module(openvpn, 1.7.1) +policy_module(openvpn, 1.7.2) ######################################## # @@ -74,8 +74,8 @@ corenet_tcp_sendrecv_generic_node(openvpn_t) corenet_udp_sendrecv_generic_node(openvpn_t) corenet_tcp_sendrecv_all_ports(openvpn_t) corenet_udp_sendrecv_all_ports(openvpn_t) -corenet_tcp_bind_all_nodes(openvpn_t) -corenet_udp_bind_all_nodes(openvpn_t) +corenet_tcp_bind_generic_node(openvpn_t) +corenet_udp_bind_generic_node(openvpn_t) corenet_tcp_bind_openvpn_port(openvpn_t) corenet_udp_bind_openvpn_port(openvpn_t) corenet_tcp_connect_openvpn_port(openvpn_t) diff --git a/policy/modules/services/pcscd.te b/policy/modules/services/pcscd.te index b7d12a0..adefaae 100644 --- a/policy/modules/services/pcscd.te +++ b/policy/modules/services/pcscd.te @@ -1,5 +1,5 @@ -policy_module(pcscd, 1.4.1) +policy_module(pcscd, 1.4.2) ######################################## # @@ -34,7 +34,7 @@ files_pid_filetrans(pcscd_t, pcscd_var_run_t, { file sock_file }) corenet_all_recvfrom_unlabeled(pcscd_t) corenet_all_recvfrom_netlabel(pcscd_t) corenet_tcp_sendrecv_generic_if(pcscd_t) -corenet_tcp_sendrecv_all_nodes(pcscd_t) +corenet_tcp_sendrecv_generic_node(pcscd_t) corenet_tcp_sendrecv_all_ports(pcscd_t) corenet_tcp_connect_http_port(pcscd_t) diff --git a/policy/modules/services/pegasus.te b/policy/modules/services/pegasus.te index c89b731..567d1d3 100644 --- a/policy/modules/services/pegasus.te +++ b/policy/modules/services/pegasus.te @@ -1,5 +1,5 @@ -policy_module(pegasus, 1.7.1) +policy_module(pegasus, 1.7.2) ######################################## # @@ -70,9 +70,9 @@ kernel_read_net_sysctls(pegasus_t) corenet_all_recvfrom_unlabeled(pegasus_t) corenet_all_recvfrom_netlabel(pegasus_t) corenet_tcp_sendrecv_generic_if(pegasus_t) -corenet_tcp_sendrecv_all_nodes(pegasus_t) +corenet_tcp_sendrecv_generic_node(pegasus_t) corenet_tcp_sendrecv_all_ports(pegasus_t) -corenet_tcp_bind_all_nodes(pegasus_t) +corenet_tcp_bind_generic_node(pegasus_t) corenet_tcp_bind_pegasus_http_port(pegasus_t) corenet_tcp_bind_pegasus_https_port(pegasus_t) corenet_tcp_connect_pegasus_http_port(pegasus_t) diff --git a/policy/modules/services/perdition.te b/policy/modules/services/perdition.te index d608d01..824dc7e 100644 --- a/policy/modules/services/perdition.te +++ b/policy/modules/services/perdition.te @@ -1,5 +1,5 @@ -policy_module(perdition, 1.6.0) +policy_module(perdition, 1.6.1) ######################################## # @@ -41,11 +41,11 @@ corenet_all_recvfrom_unlabeled(perdition_t) corenet_all_recvfrom_netlabel(perdition_t) corenet_tcp_sendrecv_generic_if(perdition_t) corenet_udp_sendrecv_generic_if(perdition_t) -corenet_tcp_sendrecv_all_nodes(perdition_t) -corenet_udp_sendrecv_all_nodes(perdition_t) +corenet_tcp_sendrecv_generic_node(perdition_t) +corenet_udp_sendrecv_generic_node(perdition_t) corenet_tcp_sendrecv_all_ports(perdition_t) corenet_udp_sendrecv_all_ports(perdition_t) -corenet_tcp_bind_all_nodes(perdition_t) +corenet_tcp_bind_generic_node(perdition_t) corenet_tcp_bind_pop_port(perdition_t) corenet_sendrecv_pop_server_packets(perdition_t) diff --git a/policy/modules/services/portmap.te b/policy/modules/services/portmap.te index 3c8ed89..4ec905b 100644 --- a/policy/modules/services/portmap.te +++ b/policy/modules/services/portmap.te @@ -1,5 +1,5 @@ -policy_module(portmap, 1.8.1) +policy_module(portmap, 1.8.2) ######################################## # @@ -48,12 +48,12 @@ corenet_all_recvfrom_unlabeled(portmap_t) corenet_all_recvfrom_netlabel(portmap_t) corenet_tcp_sendrecv_generic_if(portmap_t) corenet_udp_sendrecv_generic_if(portmap_t) -corenet_tcp_sendrecv_all_nodes(portmap_t) -corenet_udp_sendrecv_all_nodes(portmap_t) +corenet_tcp_sendrecv_generic_node(portmap_t) +corenet_udp_sendrecv_generic_node(portmap_t) corenet_tcp_sendrecv_all_ports(portmap_t) corenet_udp_sendrecv_all_ports(portmap_t) -corenet_tcp_bind_all_nodes(portmap_t) -corenet_udp_bind_all_nodes(portmap_t) +corenet_tcp_bind_generic_node(portmap_t) +corenet_udp_bind_generic_node(portmap_t) corenet_tcp_bind_portmap_port(portmap_t) corenet_udp_bind_portmap_port(portmap_t) corenet_tcp_connect_all_ports(portmap_t) @@ -119,13 +119,13 @@ corenet_all_recvfrom_netlabel(portmap_helper_t) corenet_tcp_sendrecv_generic_if(portmap_helper_t) corenet_udp_sendrecv_generic_if(portmap_helper_t) corenet_raw_sendrecv_generic_if(portmap_helper_t) -corenet_tcp_sendrecv_all_nodes(portmap_helper_t) -corenet_udp_sendrecv_all_nodes(portmap_helper_t) -corenet_raw_sendrecv_all_nodes(portmap_helper_t) +corenet_tcp_sendrecv_generic_node(portmap_helper_t) +corenet_udp_sendrecv_generic_node(portmap_helper_t) +corenet_raw_sendrecv_generic_node(portmap_helper_t) corenet_tcp_sendrecv_all_ports(portmap_helper_t) corenet_udp_sendrecv_all_ports(portmap_helper_t) -corenet_tcp_bind_all_nodes(portmap_helper_t) -corenet_udp_bind_all_nodes(portmap_helper_t) +corenet_tcp_bind_generic_node(portmap_helper_t) +corenet_udp_bind_generic_node(portmap_helper_t) corenet_tcp_bind_reserved_port(portmap_helper_t) corenet_udp_bind_reserved_port(portmap_helper_t) corenet_dontaudit_tcp_bind_all_reserved_ports(portmap_helper_t) diff --git a/policy/modules/services/portslave.te b/policy/modules/services/portslave.te index e84d223..cb2ec6d 100644 --- a/policy/modules/services/portslave.te +++ b/policy/modules/services/portslave.te @@ -1,5 +1,5 @@ -policy_module(portslave, 1.6.0) +policy_module(portslave, 1.6.1) ######################################## # @@ -59,8 +59,8 @@ corenet_all_recvfrom_unlabeled(portslave_t) corenet_all_recvfrom_netlabel(portslave_t) corenet_tcp_sendrecv_generic_if(portslave_t) corenet_udp_sendrecv_generic_if(portslave_t) -corenet_tcp_sendrecv_all_nodes(portslave_t) -corenet_udp_sendrecv_all_nodes(portslave_t) +corenet_tcp_sendrecv_generic_node(portslave_t) +corenet_udp_sendrecv_generic_node(portslave_t) corenet_tcp_sendrecv_all_ports(portslave_t) corenet_udp_sendrecv_all_ports(portslave_t) corenet_rw_ppp_dev(portslave_t) diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if index c7703b9..30a826c 100644 --- a/policy/modules/services/postfix.if +++ b/policy/modules/services/postfix.if @@ -121,12 +121,12 @@ template(`postfix_server_domain_template',` corenet_all_recvfrom_netlabel(postfix_$1_t) corenet_tcp_sendrecv_generic_if(postfix_$1_t) corenet_udp_sendrecv_generic_if(postfix_$1_t) - corenet_tcp_sendrecv_all_nodes(postfix_$1_t) - corenet_udp_sendrecv_all_nodes(postfix_$1_t) + corenet_tcp_sendrecv_generic_node(postfix_$1_t) + corenet_udp_sendrecv_generic_node(postfix_$1_t) corenet_tcp_sendrecv_all_ports(postfix_$1_t) corenet_udp_sendrecv_all_ports(postfix_$1_t) - corenet_tcp_bind_all_nodes(postfix_$1_t) - corenet_udp_bind_all_nodes(postfix_$1_t) + corenet_tcp_bind_generic_node(postfix_$1_t) + corenet_udp_bind_generic_node(postfix_$1_t) corenet_tcp_connect_all_ports(postfix_$1_t) corenet_sendrecv_all_client_packets(postfix_$1_t) ') diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te index 24e1706..9527d12 100644 --- a/policy/modules/services/postfix.te +++ b/policy/modules/services/postfix.te @@ -1,5 +1,5 @@ -policy_module(postfix, 1.10.1) +policy_module(postfix, 1.10.2) ######################################## # @@ -149,11 +149,11 @@ corenet_all_recvfrom_unlabeled(postfix_master_t) corenet_all_recvfrom_netlabel(postfix_master_t) corenet_tcp_sendrecv_generic_if(postfix_master_t) corenet_udp_sendrecv_generic_if(postfix_master_t) -corenet_tcp_sendrecv_all_nodes(postfix_master_t) -corenet_udp_sendrecv_all_nodes(postfix_master_t) +corenet_tcp_sendrecv_generic_node(postfix_master_t) +corenet_udp_sendrecv_generic_node(postfix_master_t) corenet_tcp_sendrecv_all_ports(postfix_master_t) corenet_udp_sendrecv_all_ports(postfix_master_t) -corenet_tcp_bind_all_nodes(postfix_master_t) +corenet_tcp_bind_generic_node(postfix_master_t) corenet_tcp_bind_amavisd_send_port(postfix_master_t) corenet_tcp_bind_smtp_port(postfix_master_t) corenet_tcp_connect_all_ports(postfix_master_t) @@ -315,8 +315,8 @@ corenet_all_recvfrom_unlabeled(postfix_map_t) corenet_all_recvfrom_netlabel(postfix_map_t) corenet_tcp_sendrecv_generic_if(postfix_map_t) corenet_udp_sendrecv_generic_if(postfix_map_t) -corenet_tcp_sendrecv_all_nodes(postfix_map_t) -corenet_udp_sendrecv_all_nodes(postfix_map_t) +corenet_tcp_sendrecv_generic_node(postfix_map_t) +corenet_udp_sendrecv_generic_node(postfix_map_t) corenet_tcp_sendrecv_all_ports(postfix_map_t) corenet_udp_sendrecv_all_ports(postfix_map_t) corenet_tcp_connect_all_ports(postfix_map_t) @@ -415,7 +415,7 @@ postfix_list_spool(postfix_postdrop_t) manage_files_pattern(postfix_postdrop_t, postfix_spool_maildrop_t, postfix_spool_maildrop_t) corenet_udp_sendrecv_generic_if(postfix_postdrop_t) -corenet_udp_sendrecv_all_nodes(postfix_postdrop_t) +corenet_udp_sendrecv_generic_node(postfix_postdrop_t) term_dontaudit_use_all_user_ptys(postfix_postdrop_t) term_dontaudit_use_all_user_ttys(postfix_postdrop_t) diff --git a/policy/modules/services/postfixpolicyd.te b/policy/modules/services/postfixpolicyd.te index e8c9846..b672356 100644 --- a/policy/modules/services/postfixpolicyd.te +++ b/policy/modules/services/postfixpolicyd.te @@ -1,5 +1,5 @@ -policy_module(postfixpolicyd, 1.1.0) +policy_module(postfixpolicyd, 1.1.1) ######################################## # @@ -38,9 +38,9 @@ files_pid_filetrans(postfix_policyd_t, postfix_policyd_var_run_t, file) corenet_all_recvfrom_unlabeled(postfix_policyd_t) corenet_tcp_sendrecv_generic_if(postfix_policyd_t) -corenet_tcp_sendrecv_all_nodes(postfix_policyd_t) +corenet_tcp_sendrecv_generic_node(postfix_policyd_t) corenet_tcp_sendrecv_all_ports(postfix_policyd_t) -corenet_tcp_bind_all_nodes(postfix_policyd_t) +corenet_tcp_bind_generic_node(postfix_policyd_t) corenet_tcp_bind_postfix_policyd_port(postfix_policyd_t) corenet_tcp_bind_mysqld_port(postfix_policyd_t) diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te index aec203e..b5ea273 100644 --- a/policy/modules/services/postgresql.te +++ b/policy/modules/services/postgresql.te @@ -1,5 +1,5 @@ -policy_module(postgresql, 1.8.1) +policy_module(postgresql, 1.8.2) gen_require(` class db_database all_db_database_perms; @@ -190,11 +190,11 @@ corenet_all_recvfrom_unlabeled(postgresql_t) corenet_all_recvfrom_netlabel(postgresql_t) corenet_tcp_sendrecv_generic_if(postgresql_t) corenet_udp_sendrecv_generic_if(postgresql_t) -corenet_tcp_sendrecv_all_nodes(postgresql_t) -corenet_udp_sendrecv_all_nodes(postgresql_t) +corenet_tcp_sendrecv_generic_node(postgresql_t) +corenet_udp_sendrecv_generic_node(postgresql_t) corenet_tcp_sendrecv_all_ports(postgresql_t) corenet_udp_sendrecv_all_ports(postgresql_t) -corenet_tcp_bind_all_nodes(postgresql_t) +corenet_tcp_bind_generic_node(postgresql_t) corenet_tcp_bind_postgresql_port(postgresql_t) corenet_tcp_connect_auth_port(postgresql_t) corenet_sendrecv_postgresql_server_packets(postgresql_t) diff --git a/policy/modules/services/postgrey.te b/policy/modules/services/postgrey.te index bda1164..15734cd 100644 --- a/policy/modules/services/postgrey.te +++ b/policy/modules/services/postgrey.te @@ -1,5 +1,5 @@ -policy_module(postgrey, 1.6.0) +policy_module(postgrey, 1.6.1) ######################################## # @@ -61,9 +61,9 @@ corecmd_search_bin(postgrey_t) corenet_all_recvfrom_unlabeled(postgrey_t) corenet_all_recvfrom_netlabel(postgrey_t) corenet_tcp_sendrecv_generic_if(postgrey_t) -corenet_tcp_sendrecv_all_nodes(postgrey_t) +corenet_tcp_sendrecv_generic_node(postgrey_t) corenet_tcp_sendrecv_all_ports(postgrey_t) -corenet_tcp_bind_all_nodes(postgrey_t) +corenet_tcp_bind_generic_node(postgrey_t) corenet_tcp_bind_postgrey_port(postgrey_t) corenet_sendrecv_postgrey_server_packets(postgrey_t) diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te index 5c92d20..4c13d9c 100644 --- a/policy/modules/services/ppp.te +++ b/policy/modules/services/ppp.te @@ -1,5 +1,5 @@ -policy_module(ppp, 1.10.1) +policy_module(ppp, 1.10.2) ######################################## # @@ -129,9 +129,9 @@ corenet_all_recvfrom_netlabel(pppd_t) corenet_tcp_sendrecv_generic_if(pppd_t) corenet_raw_sendrecv_generic_if(pppd_t) corenet_udp_sendrecv_generic_if(pppd_t) -corenet_tcp_sendrecv_all_nodes(pppd_t) -corenet_raw_sendrecv_all_nodes(pppd_t) -corenet_udp_sendrecv_all_nodes(pppd_t) +corenet_tcp_sendrecv_generic_node(pppd_t) +corenet_raw_sendrecv_generic_node(pppd_t) +corenet_udp_sendrecv_generic_node(pppd_t) corenet_tcp_sendrecv_all_ports(pppd_t) corenet_udp_sendrecv_all_ports(pppd_t) # Access /dev/ppp. @@ -252,10 +252,10 @@ corenet_all_recvfrom_unlabeled(pptp_t) corenet_all_recvfrom_netlabel(pptp_t) corenet_tcp_sendrecv_generic_if(pptp_t) corenet_raw_sendrecv_generic_if(pptp_t) -corenet_tcp_sendrecv_all_nodes(pptp_t) -corenet_raw_sendrecv_all_nodes(pptp_t) +corenet_tcp_sendrecv_generic_node(pptp_t) +corenet_raw_sendrecv_generic_node(pptp_t) corenet_tcp_sendrecv_all_ports(pptp_t) -corenet_tcp_bind_all_nodes(pptp_t) +corenet_tcp_bind_generic_node(pptp_t) corenet_tcp_connect_generic_port(pptp_t) corenet_tcp_connect_all_reserved_ports(pptp_t) corenet_sendrecv_generic_client_packets(pptp_t) diff --git a/policy/modules/services/prelude.te b/policy/modules/services/prelude.te index a749abf..aa31eca 100644 --- a/policy/modules/services/prelude.te +++ b/policy/modules/services/prelude.te @@ -1,5 +1,5 @@ -policy_module(prelude, 1.0.1) +policy_module(prelude, 1.0.2) ######################################## # @@ -54,8 +54,8 @@ corecmd_search_bin(prelude_t) corenet_all_recvfrom_unlabeled(prelude_t) corenet_all_recvfrom_netlabel(prelude_t) corenet_tcp_sendrecv_generic_if(prelude_t) -corenet_tcp_sendrecv_all_nodes(prelude_t) -corenet_tcp_bind_all_nodes(prelude_t) +corenet_tcp_sendrecv_generic_node(prelude_t) +corenet_tcp_bind_generic_node(prelude_t) dev_read_rand(prelude_t) dev_read_urand(prelude_t) @@ -105,8 +105,8 @@ corecmd_search_bin(prelude_audisp_t) corenet_all_recvfrom_unlabeled(prelude_audisp_t) corenet_all_recvfrom_netlabel(prelude_audisp_t) corenet_tcp_sendrecv_generic_if(prelude_audisp_t) -corenet_tcp_sendrecv_all_nodes(prelude_audisp_t) -corenet_tcp_bind_all_nodes(prelude_audisp_t) +corenet_tcp_sendrecv_generic_node(prelude_audisp_t) +corenet_tcp_bind_generic_node(prelude_audisp_t) dev_read_rand(prelude_audisp_t) dev_read_urand(prelude_audisp_t) diff --git a/policy/modules/services/privoxy.te b/policy/modules/services/privoxy.te index 571c9b1..9660faa 100644 --- a/policy/modules/services/privoxy.te +++ b/policy/modules/services/privoxy.te @@ -1,5 +1,5 @@ -policy_module(privoxy, 1.8.1) +policy_module(privoxy, 1.8.2) ######################################## # @@ -46,9 +46,9 @@ kernel_read_proc_symlinks(privoxy_t) corenet_all_recvfrom_unlabeled(privoxy_t) corenet_all_recvfrom_netlabel(privoxy_t) corenet_tcp_sendrecv_generic_if(privoxy_t) -corenet_tcp_sendrecv_all_nodes(privoxy_t) +corenet_tcp_sendrecv_generic_node(privoxy_t) corenet_tcp_sendrecv_all_ports(privoxy_t) -corenet_tcp_bind_all_nodes(privoxy_t) +corenet_tcp_bind_generic_node(privoxy_t) corenet_tcp_bind_http_cache_port(privoxy_t) corenet_tcp_connect_http_port(privoxy_t) corenet_tcp_connect_http_cache_port(privoxy_t) diff --git a/policy/modules/services/procmail.te b/policy/modules/services/procmail.te index 645fa10..188bad5 100644 --- a/policy/modules/services/procmail.te +++ b/policy/modules/services/procmail.te @@ -1,5 +1,5 @@ -policy_module(procmail, 1.10.1) +policy_module(procmail, 1.10.2) ######################################## # @@ -49,11 +49,11 @@ corenet_all_recvfrom_unlabeled(procmail_t) corenet_all_recvfrom_netlabel(procmail_t) corenet_tcp_sendrecv_generic_if(procmail_t) corenet_udp_sendrecv_generic_if(procmail_t) -corenet_tcp_sendrecv_all_nodes(procmail_t) -corenet_udp_sendrecv_all_nodes(procmail_t) +corenet_tcp_sendrecv_generic_node(procmail_t) +corenet_udp_sendrecv_generic_node(procmail_t) corenet_tcp_sendrecv_all_ports(procmail_t) corenet_udp_sendrecv_all_ports(procmail_t) -corenet_udp_bind_all_nodes(procmail_t) +corenet_udp_bind_generic_node(procmail_t) corenet_tcp_connect_spamd_port(procmail_t) corenet_sendrecv_spamd_client_packets(procmail_t) corenet_sendrecv_comsat_client_packets(procmail_t) diff --git a/policy/modules/services/pyzor.te b/policy/modules/services/pyzor.te index 3ac177f..1293325 100644 --- a/policy/modules/services/pyzor.te +++ b/policy/modules/services/pyzor.te @@ -1,5 +1,5 @@ -policy_module(pyzor, 2.0.1) +policy_module(pyzor, 2.0.2) ######################################## # @@ -69,8 +69,8 @@ corecmd_getattr_bin_files(pyzor_t) corenet_tcp_sendrecv_generic_if(pyzor_t) corenet_udp_sendrecv_generic_if(pyzor_t) -corenet_tcp_sendrecv_all_nodes(pyzor_t) -corenet_udp_sendrecv_all_nodes(pyzor_t) +corenet_tcp_sendrecv_generic_node(pyzor_t) +corenet_udp_sendrecv_generic_node(pyzor_t) corenet_tcp_sendrecv_all_ports(pyzor_t) corenet_udp_sendrecv_all_ports(pyzor_t) corenet_tcp_connect_http_port(pyzor_t) @@ -125,9 +125,9 @@ corecmd_exec_bin(pyzord_t) corenet_all_recvfrom_unlabeled(pyzord_t) corenet_all_recvfrom_netlabel(pyzord_t) corenet_udp_sendrecv_generic_if(pyzord_t) -corenet_udp_sendrecv_all_nodes(pyzord_t) +corenet_udp_sendrecv_generic_node(pyzord_t) corenet_udp_sendrecv_all_ports(pyzord_t) -corenet_udp_bind_all_nodes(pyzord_t) +corenet_udp_bind_generic_node(pyzord_t) corenet_udp_bind_pyzor_port(pyzord_t) corenet_sendrecv_pyzor_server_packets(pyzord_t) diff --git a/policy/modules/services/radius.te b/policy/modules/services/radius.te index 050498d..a42e66c 100644 --- a/policy/modules/services/radius.te +++ b/policy/modules/services/radius.te @@ -1,5 +1,5 @@ -policy_module(radius, 1.10.1) +policy_module(radius, 1.10.2) ######################################## # @@ -70,11 +70,11 @@ corenet_all_recvfrom_unlabeled(radiusd_t) corenet_all_recvfrom_netlabel(radiusd_t) corenet_tcp_sendrecv_generic_if(radiusd_t) corenet_udp_sendrecv_generic_if(radiusd_t) -corenet_tcp_sendrecv_all_nodes(radiusd_t) -corenet_udp_sendrecv_all_nodes(radiusd_t) +corenet_tcp_sendrecv_generic_node(radiusd_t) +corenet_udp_sendrecv_generic_node(radiusd_t) corenet_tcp_sendrecv_all_ports(radiusd_t) corenet_udp_sendrecv_all_ports(radiusd_t) -corenet_udp_bind_all_nodes(radiusd_t) +corenet_udp_bind_generic_node(radiusd_t) corenet_udp_bind_radacct_port(radiusd_t) corenet_udp_bind_radius_port(radiusd_t) corenet_tcp_connect_mysqld_port(radiusd_t) diff --git a/policy/modules/services/radvd.te b/policy/modules/services/radvd.te index 4fd16b4..b37971c 100644 --- a/policy/modules/services/radvd.te +++ b/policy/modules/services/radvd.te @@ -1,5 +1,5 @@ -policy_module(radvd, 1.10.1) +policy_module(radvd, 1.10.2) ######################################## # @@ -47,9 +47,9 @@ corenet_all_recvfrom_netlabel(radvd_t) corenet_tcp_sendrecv_generic_if(radvd_t) corenet_udp_sendrecv_generic_if(radvd_t) corenet_raw_sendrecv_generic_if(radvd_t) -corenet_tcp_sendrecv_all_nodes(radvd_t) -corenet_udp_sendrecv_all_nodes(radvd_t) -corenet_raw_sendrecv_all_nodes(radvd_t) +corenet_tcp_sendrecv_generic_node(radvd_t) +corenet_udp_sendrecv_generic_node(radvd_t) +corenet_raw_sendrecv_generic_node(radvd_t) corenet_tcp_sendrecv_all_ports(radvd_t) corenet_udp_sendrecv_all_ports(radvd_t) diff --git a/policy/modules/services/razor.if b/policy/modules/services/razor.if index b564199..f4a355f 100644 --- a/policy/modules/services/razor.if +++ b/policy/modules/services/razor.if @@ -75,8 +75,8 @@ template(`razor_common_domain_template',` corenet_all_recvfrom_netlabel($1_t) corenet_tcp_sendrecv_generic_if($1_t) corenet_raw_sendrecv_generic_if($1_t) - corenet_tcp_sendrecv_all_nodes($1_t) - corenet_raw_sendrecv_all_nodes($1_t) + corenet_tcp_sendrecv_generic_node($1_t) + corenet_raw_sendrecv_generic_node($1_t) corenet_tcp_sendrecv_razor_port($1_t) # mktemp and other randoms diff --git a/policy/modules/services/razor.te b/policy/modules/services/razor.te index f856ccf..6ef4a54 100644 --- a/policy/modules/services/razor.te +++ b/policy/modules/services/razor.te @@ -1,5 +1,5 @@ -policy_module(razor, 2.0.0) +policy_module(razor, 2.0.1) ######################################## # @@ -64,8 +64,8 @@ corenet_all_recvfrom_unlabeled(system_razor_t) corenet_all_recvfrom_netlabel(system_razor_t) corenet_tcp_sendrecv_generic_if(system_razor_t) corenet_raw_sendrecv_generic_if(system_razor_t) -corenet_tcp_sendrecv_all_nodes(system_razor_t) -corenet_raw_sendrecv_all_nodes(system_razor_t) +corenet_tcp_sendrecv_generic_node(system_razor_t) +corenet_raw_sendrecv_generic_node(system_razor_t) corenet_tcp_sendrecv_razor_port(system_razor_t) corenet_tcp_connect_razor_port(system_razor_t) corenet_sendrecv_razor_client_packets(system_razor_t) diff --git a/policy/modules/services/rdisc.te b/policy/modules/services/rdisc.te index add9910..85cfa1a 100644 --- a/policy/modules/services/rdisc.te +++ b/policy/modules/services/rdisc.te @@ -1,5 +1,5 @@ -policy_module(rdisc, 1.6.0) +policy_module(rdisc, 1.6.1) ######################################## # @@ -30,8 +30,8 @@ corenet_all_recvfrom_unlabeled(rdisc_t) corenet_all_recvfrom_netlabel(rdisc_t) corenet_udp_sendrecv_generic_if(rdisc_t) corenet_raw_sendrecv_generic_if(rdisc_t) -corenet_udp_sendrecv_all_nodes(rdisc_t) -corenet_raw_sendrecv_all_nodes(rdisc_t) +corenet_udp_sendrecv_generic_node(rdisc_t) +corenet_raw_sendrecv_generic_node(rdisc_t) corenet_udp_sendrecv_all_ports(rdisc_t) dev_read_sysfs(rdisc_t) diff --git a/policy/modules/services/rhgb.te b/policy/modules/services/rhgb.te index 467d6a6..ec3dfcf 100644 --- a/policy/modules/services/rhgb.te +++ b/policy/modules/services/rhgb.te @@ -1,5 +1,5 @@ -policy_module(rhgb, 1.8.0) +policy_module(rhgb, 1.8.1) ######################################## # @@ -51,8 +51,8 @@ corenet_all_recvfrom_unlabeled(rhgb_t) corenet_all_recvfrom_netlabel(rhgb_t) corenet_tcp_sendrecv_generic_if(rhgb_t) corenet_udp_sendrecv_generic_if(rhgb_t) -corenet_tcp_sendrecv_all_nodes(rhgb_t) -corenet_udp_sendrecv_all_nodes(rhgb_t) +corenet_tcp_sendrecv_generic_node(rhgb_t) +corenet_udp_sendrecv_generic_node(rhgb_t) corenet_tcp_sendrecv_all_ports(rhgb_t) corenet_udp_sendrecv_all_ports(rhgb_t) corenet_tcp_connect_all_ports(rhgb_t) diff --git a/policy/modules/services/ricci.te b/policy/modules/services/ricci.te index 4f2d305..e5f980d 100644 --- a/policy/modules/services/ricci.te +++ b/policy/modules/services/ricci.te @@ -1,5 +1,5 @@ -policy_module(ricci, 1.5.1) +policy_module(ricci, 1.5.2) ######################################## # @@ -123,10 +123,10 @@ corecmd_exec_bin(ricci_t) corenet_all_recvfrom_unlabeled(ricci_t) corenet_all_recvfrom_netlabel(ricci_t) corenet_tcp_sendrecv_generic_if(ricci_t) -corenet_tcp_sendrecv_all_nodes(ricci_t) +corenet_tcp_sendrecv_generic_node(ricci_t) corenet_tcp_sendrecv_all_ports(ricci_t) -corenet_tcp_bind_all_nodes(ricci_t) -corenet_udp_bind_all_nodes(ricci_t) +corenet_tcp_bind_generic_node(ricci_t) +corenet_udp_bind_generic_node(ricci_t) corenet_tcp_bind_ricci_port(ricci_t) corenet_udp_bind_ricci_port(ricci_t) corenet_tcp_connect_http_port(ricci_t) @@ -283,7 +283,7 @@ corecmd_exec_bin(ricci_modclusterd_t) corenet_tcp_sendrecv_generic_if(ricci_modclusterd_t) corenet_tcp_sendrecv_all_ports(ricci_modclusterd_t) -corenet_tcp_bind_all_nodes(ricci_modclusterd_t) +corenet_tcp_bind_generic_node(ricci_modclusterd_t) corenet_tcp_bind_ricci_modcluster_port(ricci_modclusterd_t) corenet_tcp_connect_ricci_modcluster_port(ricci_modclusterd_t) diff --git a/policy/modules/services/rlogin.te b/policy/modules/services/rlogin.te index 07818ef..b05c1a8 100644 --- a/policy/modules/services/rlogin.te +++ b/policy/modules/services/rlogin.te @@ -1,5 +1,5 @@ -policy_module(rlogin, 1.8.1) +policy_module(rlogin, 1.8.2) ######################################## # @@ -54,8 +54,8 @@ corenet_all_recvfrom_unlabeled(rlogind_t) corenet_all_recvfrom_netlabel(rlogind_t) corenet_tcp_sendrecv_generic_if(rlogind_t) corenet_udp_sendrecv_generic_if(rlogind_t) -corenet_tcp_sendrecv_all_nodes(rlogind_t) -corenet_udp_sendrecv_all_nodes(rlogind_t) +corenet_tcp_sendrecv_generic_node(rlogind_t) +corenet_udp_sendrecv_generic_node(rlogind_t) corenet_tcp_sendrecv_all_ports(rlogind_t) corenet_udp_sendrecv_all_ports(rlogind_t) diff --git a/policy/modules/services/roundup.te b/policy/modules/services/roundup.te index 6bc3ca2..8491a07 100644 --- a/policy/modules/services/roundup.te +++ b/policy/modules/services/roundup.te @@ -1,5 +1,5 @@ -policy_module(roundup, 1.6.0) +policy_module(roundup, 1.6.1) ######################################## # @@ -51,12 +51,12 @@ corenet_all_recvfrom_netlabel(roundup_t) corenet_tcp_sendrecv_generic_if(roundup_t) corenet_udp_sendrecv_generic_if(roundup_t) corenet_raw_sendrecv_generic_if(roundup_t) -corenet_tcp_sendrecv_all_nodes(roundup_t) -corenet_udp_sendrecv_all_nodes(roundup_t) -corenet_raw_sendrecv_all_nodes(roundup_t) +corenet_tcp_sendrecv_generic_node(roundup_t) +corenet_udp_sendrecv_generic_node(roundup_t) +corenet_raw_sendrecv_generic_node(roundup_t) corenet_tcp_sendrecv_all_ports(roundup_t) corenet_udp_sendrecv_all_ports(roundup_t) -corenet_tcp_bind_all_nodes(roundup_t) +corenet_tcp_bind_generic_node(roundup_t) corenet_tcp_bind_http_cache_port(roundup_t) corenet_tcp_connect_smtp_port(roundup_t) corenet_sendrecv_http_cache_server_packets(roundup_t) diff --git a/policy/modules/services/rpc.if b/policy/modules/services/rpc.if index 56238e6..7584b3e 100644 --- a/policy/modules/services/rpc.if +++ b/policy/modules/services/rpc.if @@ -73,12 +73,12 @@ template(`rpc_domain_template', ` corenet_all_recvfrom_netlabel($1_t) corenet_tcp_sendrecv_generic_if($1_t) corenet_udp_sendrecv_generic_if($1_t) - corenet_tcp_sendrecv_all_nodes($1_t) - corenet_udp_sendrecv_all_nodes($1_t) + corenet_tcp_sendrecv_generic_node($1_t) + corenet_udp_sendrecv_generic_node($1_t) corenet_tcp_sendrecv_all_ports($1_t) corenet_udp_sendrecv_all_ports($1_t) - corenet_tcp_bind_all_nodes($1_t) - corenet_udp_bind_all_nodes($1_t) + corenet_tcp_bind_generic_node($1_t) + corenet_udp_bind_generic_node($1_t) corenet_tcp_bind_reserved_port($1_t) corenet_tcp_connect_all_ports($1_t) corenet_sendrecv_portmap_client_packets($1_t) diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te index ac7bfc7..02c3fcd 100644 --- a/policy/modules/services/rpc.te +++ b/policy/modules/services/rpc.te @@ -1,5 +1,5 @@ -policy_module(rpc, 1.10.1) +policy_module(rpc, 1.10.2) ######################################## # diff --git a/policy/modules/services/rpcbind.te b/policy/modules/services/rpcbind.te index f1d99f4..cdc81bf 100644 --- a/policy/modules/services/rpcbind.te +++ b/policy/modules/services/rpcbind.te @@ -1,5 +1,5 @@ -policy_module(rpcbind, 1.3.1) +policy_module(rpcbind, 1.3.2) ######################################## # @@ -47,12 +47,12 @@ corenet_all_recvfrom_unlabeled(rpcbind_t) corenet_all_recvfrom_netlabel(rpcbind_t) corenet_tcp_sendrecv_generic_if(rpcbind_t) corenet_udp_sendrecv_generic_if(rpcbind_t) -corenet_tcp_sendrecv_all_nodes(rpcbind_t) -corenet_udp_sendrecv_all_nodes(rpcbind_t) +corenet_tcp_sendrecv_generic_node(rpcbind_t) +corenet_udp_sendrecv_generic_node(rpcbind_t) corenet_tcp_sendrecv_all_ports(rpcbind_t) corenet_udp_sendrecv_all_ports(rpcbind_t) -corenet_tcp_bind_all_nodes(rpcbind_t) -corenet_udp_bind_all_nodes(rpcbind_t) +corenet_tcp_bind_generic_node(rpcbind_t) +corenet_udp_bind_generic_node(rpcbind_t) corenet_tcp_bind_portmap_port(rpcbind_t) corenet_udp_bind_portmap_port(rpcbind_t) corenet_udp_bind_all_rpc_ports(rpcbind_t) diff --git a/policy/modules/services/rshd.te b/policy/modules/services/rshd.te index 846e1f2..f338d63 100644 --- a/policy/modules/services/rshd.te +++ b/policy/modules/services/rshd.te @@ -1,5 +1,5 @@ -policy_module(rshd, 1.6.0) +policy_module(rshd, 1.6.1) ######################################## # @@ -27,11 +27,11 @@ corenet_all_recvfrom_unlabeled(rshd_t) corenet_all_recvfrom_netlabel(rshd_t) corenet_tcp_sendrecv_generic_if(rshd_t) corenet_udp_sendrecv_generic_if(rshd_t) -corenet_tcp_sendrecv_all_nodes(rshd_t) -corenet_udp_sendrecv_all_nodes(rshd_t) +corenet_tcp_sendrecv_generic_node(rshd_t) +corenet_udp_sendrecv_generic_node(rshd_t) corenet_tcp_sendrecv_all_ports(rshd_t) corenet_udp_sendrecv_all_ports(rshd_t) -corenet_tcp_bind_all_nodes(rshd_t) +corenet_tcp_bind_generic_node(rshd_t) corenet_tcp_bind_rsh_port(rshd_t) corenet_tcp_bind_all_rpc_ports(rshd_t) corenet_tcp_connect_all_ports(rshd_t) diff --git a/policy/modules/services/rsync.te b/policy/modules/services/rsync.te index 9ef053a..9367c21 100644 --- a/policy/modules/services/rsync.te +++ b/policy/modules/services/rsync.te @@ -1,5 +1,5 @@ -policy_module(rsync, 1.8.1) +policy_module(rsync, 1.8.2) ######################################## # @@ -79,11 +79,11 @@ corenet_all_recvfrom_unlabeled(rsync_t) corenet_all_recvfrom_netlabel(rsync_t) corenet_tcp_sendrecv_generic_if(rsync_t) corenet_udp_sendrecv_generic_if(rsync_t) -corenet_tcp_sendrecv_all_nodes(rsync_t) -corenet_udp_sendrecv_all_nodes(rsync_t) +corenet_tcp_sendrecv_generic_node(rsync_t) +corenet_udp_sendrecv_generic_node(rsync_t) corenet_tcp_sendrecv_all_ports(rsync_t) corenet_udp_sendrecv_all_ports(rsync_t) -corenet_tcp_bind_all_nodes(rsync_t) +corenet_tcp_bind_generic_node(rsync_t) corenet_tcp_bind_rsync_port(rsync_t) corenet_sendrecv_rsync_server_packets(rsync_t) diff --git a/policy/modules/services/rwho.te b/policy/modules/services/rwho.te index 40a4a90..f18452e 100644 --- a/policy/modules/services/rwho.te +++ b/policy/modules/services/rwho.te @@ -1,5 +1,5 @@ -policy_module(rwho, 1.5.1) +policy_module(rwho, 1.5.2) ######################################## # @@ -43,9 +43,9 @@ kernel_read_system_state(rwho_t) corenet_all_recvfrom_unlabeled(rwho_t) corenet_all_recvfrom_netlabel(rwho_t) corenet_udp_sendrecv_generic_if(rwho_t) -corenet_udp_sendrecv_all_nodes(rwho_t) +corenet_udp_sendrecv_generic_node(rwho_t) corenet_udp_sendrecv_all_ports(rwho_t) -corenet_udp_bind_all_nodes(rwho_t) +corenet_udp_bind_generic_node(rwho_t) corenet_udp_bind_rwho_port(rwho_t) corenet_sendrecv_rwho_server_packets(rwho_t) diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te index 03c9387..22dff5b 100644 --- a/policy/modules/services/samba.te +++ b/policy/modules/services/samba.te @@ -1,5 +1,5 @@ -policy_module(samba, 1.11.1) +policy_module(samba, 1.11.2) ################################# # @@ -176,13 +176,13 @@ corenet_all_recvfrom_netlabel(samba_net_t) corenet_tcp_sendrecv_generic_if(samba_net_t) corenet_udp_sendrecv_generic_if(samba_net_t) corenet_raw_sendrecv_generic_if(samba_net_t) -corenet_tcp_sendrecv_all_nodes(samba_net_t) -corenet_udp_sendrecv_all_nodes(samba_net_t) -corenet_raw_sendrecv_all_nodes(samba_net_t) +corenet_tcp_sendrecv_generic_node(samba_net_t) +corenet_udp_sendrecv_generic_node(samba_net_t) +corenet_raw_sendrecv_generic_node(samba_net_t) corenet_tcp_sendrecv_all_ports(samba_net_t) corenet_udp_sendrecv_all_ports(samba_net_t) -corenet_tcp_bind_all_nodes(samba_net_t) -corenet_udp_bind_all_nodes(samba_net_t) +corenet_tcp_bind_generic_node(samba_net_t) +corenet_udp_bind_generic_node(samba_net_t) corenet_tcp_connect_smbd_port(samba_net_t) dev_read_urand(samba_net_t) @@ -274,13 +274,13 @@ corenet_all_recvfrom_netlabel(smbd_t) corenet_tcp_sendrecv_generic_if(smbd_t) corenet_udp_sendrecv_generic_if(smbd_t) corenet_raw_sendrecv_generic_if(smbd_t) -corenet_tcp_sendrecv_all_nodes(smbd_t) -corenet_udp_sendrecv_all_nodes(smbd_t) -corenet_raw_sendrecv_all_nodes(smbd_t) +corenet_tcp_sendrecv_generic_node(smbd_t) +corenet_udp_sendrecv_generic_node(smbd_t) +corenet_raw_sendrecv_generic_node(smbd_t) corenet_tcp_sendrecv_all_ports(smbd_t) corenet_udp_sendrecv_all_ports(smbd_t) -corenet_tcp_bind_all_nodes(smbd_t) -corenet_udp_bind_all_nodes(smbd_t) +corenet_tcp_bind_generic_node(smbd_t) +corenet_udp_bind_generic_node(smbd_t) corenet_tcp_bind_smbd_port(smbd_t) corenet_tcp_connect_ipp_port(smbd_t) corenet_tcp_connect_smbd_port(smbd_t) @@ -440,11 +440,11 @@ corenet_all_recvfrom_unlabeled(nmbd_t) corenet_all_recvfrom_netlabel(nmbd_t) corenet_tcp_sendrecv_generic_if(nmbd_t) corenet_udp_sendrecv_generic_if(nmbd_t) -corenet_tcp_sendrecv_all_nodes(nmbd_t) -corenet_udp_sendrecv_all_nodes(nmbd_t) +corenet_tcp_sendrecv_generic_node(nmbd_t) +corenet_udp_sendrecv_generic_node(nmbd_t) corenet_tcp_sendrecv_all_ports(nmbd_t) corenet_udp_sendrecv_all_ports(nmbd_t) -corenet_udp_bind_all_nodes(nmbd_t) +corenet_udp_bind_generic_node(nmbd_t) corenet_udp_bind_nmbd_port(nmbd_t) corenet_sendrecv_nmbd_server_packets(nmbd_t) corenet_sendrecv_nmbd_client_packets(nmbd_t) @@ -513,13 +513,13 @@ corenet_all_recvfrom_netlabel(smbmount_t) corenet_tcp_sendrecv_generic_if(smbmount_t) corenet_raw_sendrecv_generic_if(smbmount_t) corenet_udp_sendrecv_generic_if(smbmount_t) -corenet_tcp_sendrecv_all_nodes(smbmount_t) -corenet_raw_sendrecv_all_nodes(smbmount_t) -corenet_udp_sendrecv_all_nodes(smbmount_t) +corenet_tcp_sendrecv_generic_node(smbmount_t) +corenet_raw_sendrecv_generic_node(smbmount_t) +corenet_udp_sendrecv_generic_node(smbmount_t) corenet_tcp_sendrecv_all_ports(smbmount_t) corenet_udp_sendrecv_all_ports(smbmount_t) -corenet_tcp_bind_all_nodes(smbmount_t) -corenet_udp_bind_all_nodes(smbmount_t) +corenet_tcp_bind_generic_node(smbmount_t) +corenet_udp_bind_generic_node(smbmount_t) corenet_tcp_connect_all_ports(smbmount_t) fs_getattr_cifs(smbmount_t) @@ -597,9 +597,9 @@ corenet_all_recvfrom_netlabel(swat_t) corenet_tcp_sendrecv_generic_if(swat_t) corenet_udp_sendrecv_generic_if(swat_t) corenet_raw_sendrecv_generic_if(swat_t) -corenet_tcp_sendrecv_all_nodes(swat_t) -corenet_udp_sendrecv_all_nodes(swat_t) -corenet_raw_sendrecv_all_nodes(swat_t) +corenet_tcp_sendrecv_generic_node(swat_t) +corenet_udp_sendrecv_generic_node(swat_t) +corenet_raw_sendrecv_generic_node(swat_t) corenet_tcp_sendrecv_all_ports(swat_t) corenet_udp_sendrecv_all_ports(swat_t) corenet_tcp_connect_smbd_port(swat_t) @@ -692,13 +692,13 @@ corenet_all_recvfrom_netlabel(winbind_t) corenet_tcp_sendrecv_generic_if(winbind_t) corenet_udp_sendrecv_generic_if(winbind_t) corenet_raw_sendrecv_generic_if(winbind_t) -corenet_tcp_sendrecv_all_nodes(winbind_t) -corenet_udp_sendrecv_all_nodes(winbind_t) -corenet_raw_sendrecv_all_nodes(winbind_t) +corenet_tcp_sendrecv_generic_node(winbind_t) +corenet_udp_sendrecv_generic_node(winbind_t) +corenet_raw_sendrecv_generic_node(winbind_t) corenet_tcp_sendrecv_all_ports(winbind_t) corenet_udp_sendrecv_all_ports(winbind_t) -corenet_tcp_bind_all_nodes(winbind_t) -corenet_udp_bind_all_nodes(winbind_t) +corenet_tcp_bind_generic_node(winbind_t) +corenet_udp_bind_generic_node(winbind_t) corenet_tcp_connect_smbd_port(winbind_t) dev_read_sysfs(winbind_t) diff --git a/policy/modules/services/sasl.te b/policy/modules/services/sasl.te index 5a08408..4d47b0a 100644 --- a/policy/modules/services/sasl.te +++ b/policy/modules/services/sasl.te @@ -1,5 +1,5 @@ -policy_module(sasl, 1.11.1) +policy_module(sasl, 1.11.2) ######################################## # @@ -53,7 +53,7 @@ kernel_read_system_state(saslauthd_t) corenet_all_recvfrom_unlabeled(saslauthd_t) corenet_all_recvfrom_netlabel(saslauthd_t) corenet_tcp_sendrecv_generic_if(saslauthd_t) -corenet_tcp_sendrecv_all_nodes(saslauthd_t) +corenet_tcp_sendrecv_generic_node(saslauthd_t) corenet_tcp_sendrecv_all_ports(saslauthd_t) corenet_tcp_connect_pop_port(saslauthd_t) corenet_sendrecv_pop_client_packets(saslauthd_t) diff --git a/policy/modules/services/sendmail.te b/policy/modules/services/sendmail.te index 56327e4..d7f9030 100644 --- a/policy/modules/services/sendmail.te +++ b/policy/modules/services/sendmail.te @@ -1,5 +1,5 @@ -policy_module(sendmail, 1.9.1) +policy_module(sendmail, 1.9.2) ######################################## # @@ -51,9 +51,9 @@ kernel_read_system_state(sendmail_t) corenet_all_recvfrom_unlabeled(sendmail_t) corenet_all_recvfrom_netlabel(sendmail_t) corenet_tcp_sendrecv_generic_if(sendmail_t) -corenet_tcp_sendrecv_all_nodes(sendmail_t) +corenet_tcp_sendrecv_generic_node(sendmail_t) corenet_tcp_sendrecv_all_ports(sendmail_t) -corenet_tcp_bind_all_nodes(sendmail_t) +corenet_tcp_bind_generic_node(sendmail_t) corenet_tcp_bind_smtp_port(sendmail_t) corenet_tcp_connect_all_ports(sendmail_t) corenet_sendrecv_smtp_server_packets(sendmail_t) diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te index c4bb155..6614dc8 100644 --- a/policy/modules/services/setroubleshoot.te +++ b/policy/modules/services/setroubleshoot.te @@ -1,5 +1,5 @@ -policy_module(setroubleshoot, 1.9.0) +policy_module(setroubleshoot, 1.9.1) ######################################## # @@ -60,9 +60,9 @@ corecmd_exec_shell(setroubleshootd_t) corenet_all_recvfrom_unlabeled(setroubleshootd_t) corenet_all_recvfrom_netlabel(setroubleshootd_t) corenet_tcp_sendrecv_generic_if(setroubleshootd_t) -corenet_tcp_sendrecv_all_nodes(setroubleshootd_t) +corenet_tcp_sendrecv_generic_node(setroubleshootd_t) corenet_tcp_sendrecv_all_ports(setroubleshootd_t) -corenet_tcp_bind_all_nodes(setroubleshootd_t) +corenet_tcp_bind_generic_node(setroubleshootd_t) corenet_tcp_connect_smtp_port(setroubleshootd_t) corenet_sendrecv_smtp_client_packets(setroubleshootd_t) diff --git a/policy/modules/services/smartmon.te b/policy/modules/services/smartmon.te index 024e78d..1967d94 100644 --- a/policy/modules/services/smartmon.te +++ b/policy/modules/services/smartmon.te @@ -1,5 +1,5 @@ -policy_module(smartmon, 1.8.0) +policy_module(smartmon, 1.8.1) ######################################## # @@ -49,7 +49,7 @@ corecmd_exec_all_executables(fsdaemon_t) corenet_all_recvfrom_unlabeled(fsdaemon_t) corenet_all_recvfrom_netlabel(fsdaemon_t) corenet_udp_sendrecv_generic_if(fsdaemon_t) -corenet_udp_sendrecv_all_nodes(fsdaemon_t) +corenet_udp_sendrecv_generic_node(fsdaemon_t) corenet_udp_sendrecv_all_ports(fsdaemon_t) dev_read_sysfs(fsdaemon_t) diff --git a/policy/modules/services/snmp.te b/policy/modules/services/snmp.te index 5141037..0306b0a 100644 --- a/policy/modules/services/snmp.te +++ b/policy/modules/services/snmp.te @@ -1,5 +1,5 @@ -policy_module(snmp, 1.9.1) +policy_module(snmp, 1.9.2) ######################################## # @@ -62,12 +62,12 @@ corenet_all_recvfrom_unlabeled(snmpd_t) corenet_all_recvfrom_netlabel(snmpd_t) corenet_tcp_sendrecv_generic_if(snmpd_t) corenet_udp_sendrecv_generic_if(snmpd_t) -corenet_tcp_sendrecv_all_nodes(snmpd_t) -corenet_udp_sendrecv_all_nodes(snmpd_t) +corenet_tcp_sendrecv_generic_node(snmpd_t) +corenet_udp_sendrecv_generic_node(snmpd_t) corenet_tcp_sendrecv_all_ports(snmpd_t) corenet_udp_sendrecv_all_ports(snmpd_t) -corenet_tcp_bind_all_nodes(snmpd_t) -corenet_udp_bind_all_nodes(snmpd_t) +corenet_tcp_bind_generic_node(snmpd_t) +corenet_udp_bind_generic_node(snmpd_t) corenet_tcp_bind_snmp_port(snmpd_t) corenet_udp_bind_snmp_port(snmpd_t) corenet_sendrecv_snmp_server_packets(snmpd_t) diff --git a/policy/modules/services/snort.te b/policy/modules/services/snort.te index 160960b..ab03809 100644 --- a/policy/modules/services/snort.te +++ b/policy/modules/services/snort.te @@ -1,5 +1,5 @@ -policy_module(snort, 1.7.0) +policy_module(snort, 1.7.1) ######################################## # @@ -65,9 +65,9 @@ corenet_all_recvfrom_netlabel(snort_t) corenet_tcp_sendrecv_generic_if(snort_t) corenet_udp_sendrecv_generic_if(snort_t) corenet_raw_sendrecv_generic_if(snort_t) -corenet_tcp_sendrecv_all_nodes(snort_t) -corenet_udp_sendrecv_all_nodes(snort_t) -corenet_raw_sendrecv_all_nodes(snort_t) +corenet_tcp_sendrecv_generic_node(snort_t) +corenet_udp_sendrecv_generic_node(snort_t) +corenet_raw_sendrecv_generic_node(snort_t) corenet_tcp_sendrecv_all_ports(snort_t) corenet_udp_sendrecv_all_ports(snort_t) diff --git a/policy/modules/services/soundserver.te b/policy/modules/services/soundserver.te index c462033..869c3cd 100644 --- a/policy/modules/services/soundserver.te +++ b/policy/modules/services/soundserver.te @@ -1,5 +1,5 @@ -policy_module(soundserver, 1.7.0) +policy_module(soundserver, 1.7.1) ######################################## # @@ -73,11 +73,11 @@ corenet_all_recvfrom_unlabeled(soundd_t) corenet_all_recvfrom_netlabel(soundd_t) corenet_tcp_sendrecv_generic_if(soundd_t) corenet_udp_sendrecv_generic_if(soundd_t) -corenet_tcp_sendrecv_all_nodes(soundd_t) -corenet_udp_sendrecv_all_nodes(soundd_t) +corenet_tcp_sendrecv_generic_node(soundd_t) +corenet_udp_sendrecv_generic_node(soundd_t) corenet_tcp_sendrecv_all_ports(soundd_t) corenet_udp_sendrecv_all_ports(soundd_t) -corenet_tcp_bind_all_nodes(soundd_t) +corenet_tcp_bind_generic_node(soundd_t) corenet_tcp_bind_soundd_port(soundd_t) corenet_sendrecv_soundd_server_packets(soundd_t) diff --git a/policy/modules/services/spamassassin.te b/policy/modules/services/spamassassin.te index 3242f18..622b4b2 100644 --- a/policy/modules/services/spamassassin.te +++ b/policy/modules/services/spamassassin.te @@ -1,5 +1,5 @@ -policy_module(spamassassin, 2.1.1) +policy_module(spamassassin, 2.1.2) ######################################## # @@ -153,8 +153,8 @@ tunable_policy(`spamassassin_can_network',` corenet_all_recvfrom_netlabel(spamassassin_t) corenet_tcp_sendrecv_generic_if(spamassassin_t) corenet_udp_sendrecv_generic_if(spamassassin_t) - corenet_tcp_sendrecv_all_nodes(spamassassin_t) - corenet_udp_sendrecv_all_nodes(spamassassin_t) + corenet_tcp_sendrecv_generic_node(spamassassin_t) + corenet_udp_sendrecv_generic_node(spamassassin_t) corenet_tcp_sendrecv_all_ports(spamassassin_t) corenet_udp_sendrecv_all_ports(spamassassin_t) corenet_tcp_connect_all_ports(spamassassin_t) @@ -231,8 +231,8 @@ corenet_all_recvfrom_unlabeled(spamc_t) corenet_all_recvfrom_netlabel(spamc_t) corenet_tcp_sendrecv_generic_if(spamc_t) corenet_udp_sendrecv_generic_if(spamc_t) -corenet_tcp_sendrecv_all_nodes(spamc_t) -corenet_udp_sendrecv_all_nodes(spamc_t) +corenet_tcp_sendrecv_generic_node(spamc_t) +corenet_udp_sendrecv_generic_node(spamc_t) corenet_tcp_sendrecv_all_ports(spamc_t) corenet_udp_sendrecv_all_ports(spamc_t) corenet_tcp_connect_all_ports(spamc_t) @@ -342,11 +342,11 @@ corenet_all_recvfrom_unlabeled(spamd_t) corenet_all_recvfrom_netlabel(spamd_t) corenet_tcp_sendrecv_generic_if(spamd_t) corenet_udp_sendrecv_generic_if(spamd_t) -corenet_tcp_sendrecv_all_nodes(spamd_t) -corenet_udp_sendrecv_all_nodes(spamd_t) +corenet_tcp_sendrecv_generic_node(spamd_t) +corenet_udp_sendrecv_generic_node(spamd_t) corenet_tcp_sendrecv_all_ports(spamd_t) corenet_udp_sendrecv_all_ports(spamd_t) -corenet_tcp_bind_all_nodes(spamd_t) +corenet_tcp_bind_generic_node(spamd_t) corenet_tcp_bind_spamd_port(spamd_t) corenet_tcp_connect_razor_port(spamd_t) corenet_tcp_connect_smtp_port(spamd_t) @@ -355,7 +355,7 @@ corenet_sendrecv_spamd_server_packets(spamd_t) # spamassassin 3.1 needs this for its # DnsResolver.pm module which binds to # random ports >= 1024. -corenet_udp_bind_all_nodes(spamd_t) +corenet_udp_bind_generic_node(spamd_t) corenet_udp_bind_generic_port(spamd_t) corenet_udp_bind_imaze_port(spamd_t) corenet_dontaudit_udp_bind_all_ports(spamd_t) diff --git a/policy/modules/services/squid.te b/policy/modules/services/squid.te index 15b5e2a..6ce86fd 100644 --- a/policy/modules/services/squid.te +++ b/policy/modules/services/squid.te @@ -1,5 +1,5 @@ -policy_module(squid, 1.8.1) +policy_module(squid, 1.8.2) ######################################## # @@ -82,12 +82,12 @@ corenet_all_recvfrom_unlabeled(squid_t) corenet_all_recvfrom_netlabel(squid_t) corenet_tcp_sendrecv_generic_if(squid_t) corenet_udp_sendrecv_generic_if(squid_t) -corenet_tcp_sendrecv_all_nodes(squid_t) -corenet_udp_sendrecv_all_nodes(squid_t) +corenet_tcp_sendrecv_generic_node(squid_t) +corenet_udp_sendrecv_generic_node(squid_t) corenet_tcp_sendrecv_all_ports(squid_t) corenet_udp_sendrecv_all_ports(squid_t) -corenet_tcp_bind_all_nodes(squid_t) -corenet_udp_bind_all_nodes(squid_t) +corenet_tcp_bind_generic_node(squid_t) +corenet_udp_bind_generic_node(squid_t) corenet_tcp_bind_http_port(squid_t) corenet_tcp_bind_http_cache_port(squid_t) corenet_udp_bind_http_cache_port(squid_t) diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if index e3a269f..c057256 100644 --- a/policy/modules/services/ssh.if +++ b/policy/modules/services/ssh.if @@ -111,7 +111,7 @@ template(`ssh_basic_client_template',` corenet_all_recvfrom_unlabeled($1_ssh_t) corenet_all_recvfrom_netlabel($1_ssh_t) corenet_tcp_sendrecv_generic_if($1_ssh_t) - corenet_tcp_sendrecv_all_nodes($1_ssh_t) + corenet_tcp_sendrecv_generic_node($1_ssh_t) corenet_tcp_sendrecv_all_ports($1_ssh_t) corenet_tcp_connect_ssh_port($1_ssh_t) corenet_sendrecv_ssh_client_packets($1_ssh_t) @@ -220,13 +220,13 @@ template(`ssh_server_template', ` corenet_tcp_sendrecv_generic_if($1_t) corenet_udp_sendrecv_generic_if($1_t) corenet_raw_sendrecv_generic_if($1_t) - corenet_tcp_sendrecv_all_nodes($1_t) - corenet_udp_sendrecv_all_nodes($1_t) - corenet_raw_sendrecv_all_nodes($1_t) + corenet_tcp_sendrecv_generic_node($1_t) + corenet_udp_sendrecv_generic_node($1_t) + corenet_raw_sendrecv_generic_node($1_t) corenet_udp_sendrecv_all_ports($1_t) corenet_tcp_sendrecv_all_ports($1_t) - corenet_tcp_bind_all_nodes($1_t) - corenet_udp_bind_all_nodes($1_t) + corenet_tcp_bind_generic_node($1_t) + corenet_udp_bind_generic_node($1_t) corenet_tcp_bind_ssh_port($1_t) corenet_tcp_connect_all_ports($1_t) corenet_sendrecv_ssh_server_packets($1_t) diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te index 3b93c88..d727a75 100644 --- a/policy/modules/services/ssh.te +++ b/policy/modules/services/ssh.te @@ -1,5 +1,5 @@ -policy_module(ssh, 2.0.1) +policy_module(ssh, 2.0.2) ######################################## # @@ -135,7 +135,7 @@ kernel_read_kernel_sysctls(ssh_t) corenet_all_recvfrom_unlabeled(ssh_t) corenet_all_recvfrom_netlabel(ssh_t) corenet_tcp_sendrecv_generic_if(ssh_t) -corenet_tcp_sendrecv_all_nodes(ssh_t) +corenet_tcp_sendrecv_generic_node(ssh_t) corenet_tcp_sendrecv_all_ports(ssh_t) corenet_tcp_connect_ssh_port(ssh_t) corenet_sendrecv_ssh_client_packets(ssh_t) diff --git a/policy/modules/services/stunnel.te b/policy/modules/services/stunnel.te index 02ff4a9..0792988 100644 --- a/policy/modules/services/stunnel.te +++ b/policy/modules/services/stunnel.te @@ -1,5 +1,5 @@ -policy_module(stunnel, 1.8.1) +policy_module(stunnel, 1.8.2) ######################################## # @@ -58,11 +58,11 @@ corenet_all_recvfrom_unlabeled(stunnel_t) corenet_all_recvfrom_netlabel(stunnel_t) corenet_tcp_sendrecv_generic_if(stunnel_t) corenet_udp_sendrecv_generic_if(stunnel_t) -corenet_tcp_sendrecv_all_nodes(stunnel_t) -corenet_udp_sendrecv_all_nodes(stunnel_t) +corenet_tcp_sendrecv_generic_node(stunnel_t) +corenet_udp_sendrecv_generic_node(stunnel_t) corenet_tcp_sendrecv_all_ports(stunnel_t) corenet_udp_sendrecv_all_ports(stunnel_t) -corenet_tcp_bind_all_nodes(stunnel_t) +corenet_tcp_bind_generic_node(stunnel_t) corenet_tcp_connect_all_ports(stunnel_t) fs_getattr_all_fs(stunnel_t) diff --git a/policy/modules/services/tcpd.te b/policy/modules/services/tcpd.te index 9906332..d3dd172 100644 --- a/policy/modules/services/tcpd.te +++ b/policy/modules/services/tcpd.te @@ -1,5 +1,5 @@ -policy_module(tcpd, 1.3.1) +policy_module(tcpd, 1.3.2) ######################################## # @@ -26,7 +26,7 @@ files_tmp_filetrans(tcpd_t, tcpd_tmp_t, { file dir }) corenet_all_recvfrom_unlabeled(tcpd_t) corenet_all_recvfrom_netlabel(tcpd_t) corenet_tcp_sendrecv_generic_if(tcpd_t) -corenet_tcp_sendrecv_all_nodes(tcpd_t) +corenet_tcp_sendrecv_generic_node(tcpd_t) corenet_tcp_sendrecv_all_ports(tcpd_t) fs_getattr_xattr_fs(tcpd_t) diff --git a/policy/modules/services/telnet.te b/policy/modules/services/telnet.te index a97a1d7..f472ca9 100644 --- a/policy/modules/services/telnet.te +++ b/policy/modules/services/telnet.te @@ -1,5 +1,5 @@ -policy_module(telnet, 1.8.1) +policy_module(telnet, 1.8.2) ######################################## # @@ -52,8 +52,8 @@ corenet_all_recvfrom_unlabeled(telnetd_t) corenet_all_recvfrom_netlabel(telnetd_t) corenet_tcp_sendrecv_generic_if(telnetd_t) corenet_udp_sendrecv_generic_if(telnetd_t) -corenet_tcp_sendrecv_all_nodes(telnetd_t) -corenet_udp_sendrecv_all_nodes(telnetd_t) +corenet_tcp_sendrecv_generic_node(telnetd_t) +corenet_udp_sendrecv_generic_node(telnetd_t) corenet_tcp_sendrecv_all_ports(telnetd_t) corenet_udp_sendrecv_all_ports(telnetd_t) diff --git a/policy/modules/services/tftp.te b/policy/modules/services/tftp.te index d4f9217..56a81d9 100644 --- a/policy/modules/services/tftp.te +++ b/policy/modules/services/tftp.te @@ -1,5 +1,5 @@ -policy_module(tftp, 1.10.1) +policy_module(tftp, 1.10.2) ######################################## # @@ -58,12 +58,12 @@ corenet_all_recvfrom_unlabeled(tftpd_t) corenet_all_recvfrom_netlabel(tftpd_t) corenet_tcp_sendrecv_generic_if(tftpd_t) corenet_udp_sendrecv_generic_if(tftpd_t) -corenet_tcp_sendrecv_all_nodes(tftpd_t) -corenet_udp_sendrecv_all_nodes(tftpd_t) +corenet_tcp_sendrecv_generic_node(tftpd_t) +corenet_udp_sendrecv_generic_node(tftpd_t) corenet_tcp_sendrecv_all_ports(tftpd_t) corenet_udp_sendrecv_all_ports(tftpd_t) -corenet_tcp_bind_all_nodes(tftpd_t) -corenet_udp_bind_all_nodes(tftpd_t) +corenet_tcp_bind_generic_node(tftpd_t) +corenet_udp_bind_generic_node(tftpd_t) corenet_udp_bind_tftp_port(tftpd_t) corenet_sendrecv_tftp_server_packets(tftpd_t) diff --git a/policy/modules/services/timidity.te b/policy/modules/services/timidity.te index 8c493a7..a3d24ba 100644 --- a/policy/modules/services/timidity.te +++ b/policy/modules/services/timidity.te @@ -1,5 +1,5 @@ -policy_module(timidity, 1.8.0) +policy_module(timidity, 1.8.1) # Note: You only need this policy if you want to run timidity as a server @@ -44,8 +44,8 @@ corenet_all_recvfrom_unlabeled(timidity_t) corenet_all_recvfrom_netlabel(timidity_t) corenet_tcp_sendrecv_generic_if(timidity_t) corenet_udp_sendrecv_generic_if(timidity_t) -corenet_tcp_sendrecv_all_nodes(timidity_t) -corenet_udp_sendrecv_all_nodes(timidity_t) +corenet_tcp_sendrecv_generic_node(timidity_t) +corenet_udp_sendrecv_generic_node(timidity_t) corenet_tcp_sendrecv_all_ports(timidity_t) corenet_udp_sendrecv_all_ports(timidity_t) diff --git a/policy/modules/services/tor.te b/policy/modules/services/tor.te index 85dd2e1..6e720f7 100644 --- a/policy/modules/services/tor.te +++ b/policy/modules/services/tor.te @@ -1,5 +1,5 @@ -policy_module(tor, 1.5.1) +policy_module(tor, 1.5.2) ######################################## # @@ -70,10 +70,10 @@ kernel_read_system_state(tor_t) corenet_all_recvfrom_unlabeled(tor_t) corenet_all_recvfrom_netlabel(tor_t) corenet_tcp_sendrecv_generic_if(tor_t) -corenet_tcp_sendrecv_all_nodes(tor_t) +corenet_tcp_sendrecv_generic_node(tor_t) corenet_tcp_sendrecv_all_ports(tor_t) corenet_tcp_sendrecv_all_reserved_ports(tor_t) -corenet_tcp_bind_all_nodes(tor_t) +corenet_tcp_bind_generic_node(tor_t) corenet_tcp_bind_tor_port(tor_t) corenet_sendrecv_tor_server_packets(tor_t) # TOR will need to connect to various ports diff --git a/policy/modules/services/transproxy.te b/policy/modules/services/transproxy.te index 5cee49e..0b4acdd 100644 --- a/policy/modules/services/transproxy.te +++ b/policy/modules/services/transproxy.te @@ -1,5 +1,5 @@ -policy_module(transproxy, 1.6.0) +policy_module(transproxy, 1.6.1) ######################################## # @@ -33,9 +33,9 @@ kernel_read_proc_symlinks(transproxy_t) corenet_all_recvfrom_unlabeled(transproxy_t) corenet_all_recvfrom_netlabel(transproxy_t) corenet_tcp_sendrecv_generic_if(transproxy_t) -corenet_tcp_sendrecv_all_nodes(transproxy_t) +corenet_tcp_sendrecv_generic_node(transproxy_t) corenet_tcp_sendrecv_all_ports(transproxy_t) -corenet_tcp_bind_all_nodes(transproxy_t) +corenet_tcp_bind_generic_node(transproxy_t) corenet_tcp_bind_transproxy_port(transproxy_t) corenet_sendrecv_transproxy_server_packets(transproxy_t) diff --git a/policy/modules/services/ucspitcp.te b/policy/modules/services/ucspitcp.te index 80064b1..920dc65 100644 --- a/policy/modules/services/ucspitcp.te +++ b/policy/modules/services/ucspitcp.te @@ -1,5 +1,5 @@ -policy_module(ucspitcp, 1.2.1) +policy_module(ucspitcp, 1.2.2) ######################################## # @@ -29,11 +29,11 @@ corenet_all_recvfrom_unlabeled(rblsmtpd_t) corenet_all_recvfrom_netlabel(rblsmtpd_t) corenet_tcp_sendrecv_generic_if(rblsmtpd_t) corenet_udp_sendrecv_generic_if(rblsmtpd_t) -corenet_tcp_sendrecv_all_nodes(rblsmtpd_t) -corenet_udp_sendrecv_all_nodes(rblsmtpd_t) +corenet_tcp_sendrecv_generic_node(rblsmtpd_t) +corenet_udp_sendrecv_generic_node(rblsmtpd_t) corenet_tcp_sendrecv_all_ports(rblsmtpd_t) corenet_udp_sendrecv_all_ports(rblsmtpd_t) -corenet_tcp_bind_all_nodes(rblsmtpd_t) +corenet_tcp_bind_generic_node(rblsmtpd_t) corenet_udp_bind_generic_port(rblsmtpd_t) files_read_etc_files(rblsmtpd_t) @@ -60,12 +60,12 @@ corenet_all_recvfrom_unlabeled(ucspitcp_t) corenet_all_recvfrom_netlabel(ucspitcp_t) corenet_tcp_sendrecv_generic_if(ucspitcp_t) corenet_udp_sendrecv_generic_if(ucspitcp_t) -corenet_tcp_sendrecv_all_nodes(ucspitcp_t) -corenet_udp_sendrecv_all_nodes(ucspitcp_t) +corenet_tcp_sendrecv_generic_node(ucspitcp_t) +corenet_udp_sendrecv_generic_node(ucspitcp_t) corenet_tcp_sendrecv_all_ports(ucspitcp_t) corenet_udp_sendrecv_all_ports(ucspitcp_t) -corenet_tcp_bind_all_nodes(ucspitcp_t) -corenet_udp_bind_all_nodes(ucspitcp_t) +corenet_tcp_bind_generic_node(ucspitcp_t) +corenet_udp_bind_generic_node(ucspitcp_t) # server ports: corenet_tcp_bind_ftp_port(ucspitcp_t) diff --git a/policy/modules/services/uucp.te b/policy/modules/services/uucp.te index bcd99fe..e5999d6 100644 --- a/policy/modules/services/uucp.te +++ b/policy/modules/services/uucp.te @@ -1,5 +1,5 @@ -policy_module(uucp, 1.9.1) +policy_module(uucp, 1.9.2) ######################################## # @@ -73,8 +73,8 @@ corenet_all_recvfrom_unlabeled(uucpd_t) corenet_all_recvfrom_netlabel(uucpd_t) corenet_tcp_sendrecv_generic_if(uucpd_t) corenet_udp_sendrecv_generic_if(uucpd_t) -corenet_tcp_sendrecv_all_nodes(uucpd_t) -corenet_udp_sendrecv_all_nodes(uucpd_t) +corenet_tcp_sendrecv_generic_node(uucpd_t) +corenet_udp_sendrecv_generic_node(uucpd_t) corenet_tcp_sendrecv_all_ports(uucpd_t) corenet_udp_sendrecv_all_ports(uucpd_t) diff --git a/policy/modules/services/uwimap.te b/policy/modules/services/uwimap.te index 0cd864a..cc23135 100644 --- a/policy/modules/services/uwimap.te +++ b/policy/modules/services/uwimap.te @@ -1,5 +1,5 @@ -policy_module(uwimap, 1.7.0) +policy_module(uwimap, 1.7.1) ######################################## # @@ -42,9 +42,9 @@ kernel_read_proc_symlinks(imapd_t) corenet_all_recvfrom_unlabeled(imapd_t) corenet_all_recvfrom_netlabel(imapd_t) corenet_tcp_sendrecv_generic_if(imapd_t) -corenet_tcp_sendrecv_all_nodes(imapd_t) +corenet_tcp_sendrecv_generic_node(imapd_t) corenet_tcp_sendrecv_all_ports(imapd_t) -corenet_tcp_bind_all_nodes(imapd_t) +corenet_tcp_bind_generic_node(imapd_t) corenet_tcp_bind_pop_port(imapd_t) corenet_tcp_connect_all_ports(imapd_t) corenet_sendrecv_pop_server_packets(imapd_t) diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te index 3f583fa..213ada2 100644 --- a/policy/modules/services/virt.te +++ b/policy/modules/services/virt.te @@ -1,5 +1,5 @@ -policy_module(virt, 1.1.1) +policy_module(virt, 1.1.2) ######################################## # @@ -93,9 +93,9 @@ corecmd_exec_shell(virtd_t) corenet_all_recvfrom_unlabeled(virtd_t) corenet_all_recvfrom_netlabel(virtd_t) corenet_tcp_sendrecv_generic_if(virtd_t) -corenet_tcp_sendrecv_all_nodes(virtd_t) +corenet_tcp_sendrecv_generic_node(virtd_t) corenet_tcp_sendrecv_all_ports(virtd_t) -corenet_tcp_bind_all_nodes(virtd_t) +corenet_tcp_bind_generic_node(virtd_t) #corenet_tcp_bind_virt_port(virtd_t) corenet_tcp_bind_vnc_port(virtd_t) corenet_tcp_connect_vnc_port(virtd_t) diff --git a/policy/modules/services/watchdog.te b/policy/modules/services/watchdog.te index d526426..4ba63a4 100644 --- a/policy/modules/services/watchdog.te +++ b/policy/modules/services/watchdog.te @@ -1,5 +1,5 @@ -policy_module(watchdog, 1.6.0) +policy_module(watchdog, 1.6.1) ################################# # @@ -47,8 +47,8 @@ corenet_all_recvfrom_unlabeled(watchdog_t) corenet_all_recvfrom_netlabel(watchdog_t) corenet_tcp_sendrecv_generic_if(watchdog_t) corenet_udp_sendrecv_generic_if(watchdog_t) -corenet_tcp_sendrecv_all_nodes(watchdog_t) -corenet_udp_sendrecv_all_nodes(watchdog_t) +corenet_tcp_sendrecv_generic_node(watchdog_t) +corenet_udp_sendrecv_generic_node(watchdog_t) corenet_tcp_sendrecv_all_ports(watchdog_t) corenet_udp_sendrecv_all_ports(watchdog_t) corenet_tcp_connect_all_ports(watchdog_t) diff --git a/policy/modules/services/xfs.te b/policy/modules/services/xfs.te index 5ac37a1..71b3abb 100644 --- a/policy/modules/services/xfs.te +++ b/policy/modules/services/xfs.te @@ -1,5 +1,5 @@ -policy_module(xfs, 1.5.0) +policy_module(xfs, 1.5.1) ######################################## # @@ -41,9 +41,9 @@ kernel_read_system_state(xfs_t) corenet_all_recvfrom_unlabeled(xfs_t) corenet_all_recvfrom_netlabel(xfs_t) corenet_tcp_sendrecv_generic_if(xfs_t) -corenet_tcp_sendrecv_all_nodes(xfs_t) +corenet_tcp_sendrecv_generic_node(xfs_t) corenet_tcp_sendrecv_all_ports(xfs_t) -corenet_tcp_bind_all_nodes(xfs_t) +corenet_tcp_bind_generic_node(xfs_t) corenet_tcp_bind_xfs_port(xfs_t) corenet_sendrecv_xfs_server_packets(xfs_t) diff --git a/policy/modules/services/xprint.te b/policy/modules/services/xprint.te index 2c4c55f..be395ce 100644 --- a/policy/modules/services/xprint.te +++ b/policy/modules/services/xprint.te @@ -1,5 +1,5 @@ -policy_module(xprint, 1.6.0) +policy_module(xprint, 1.6.1) ######################################## # @@ -37,8 +37,8 @@ corenet_all_recvfrom_unlabeled(xprint_t) corenet_all_recvfrom_netlabel(xprint_t) corenet_tcp_sendrecv_generic_if(xprint_t) corenet_udp_sendrecv_generic_if(xprint_t) -corenet_tcp_sendrecv_all_nodes(xprint_t) -corenet_udp_sendrecv_all_nodes(xprint_t) +corenet_tcp_sendrecv_generic_node(xprint_t) +corenet_udp_sendrecv_generic_node(xprint_t) corenet_tcp_sendrecv_all_ports(xprint_t) corenet_udp_sendrecv_all_ports(xprint_t) diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te index af00c0e..260252d 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -1,5 +1,5 @@ -policy_module(xserver, 3.1.0) +policy_module(xserver, 3.1.1) gen_require(` class x_drawable all_x_drawable_perms; @@ -383,12 +383,12 @@ corenet_all_recvfrom_unlabeled(xdm_t) corenet_all_recvfrom_netlabel(xdm_t) corenet_tcp_sendrecv_generic_if(xdm_t) corenet_udp_sendrecv_generic_if(xdm_t) -corenet_tcp_sendrecv_all_nodes(xdm_t) -corenet_udp_sendrecv_all_nodes(xdm_t) +corenet_tcp_sendrecv_generic_node(xdm_t) +corenet_udp_sendrecv_generic_node(xdm_t) corenet_tcp_sendrecv_all_ports(xdm_t) corenet_udp_sendrecv_all_ports(xdm_t) -corenet_tcp_bind_all_nodes(xdm_t) -corenet_udp_bind_all_nodes(xdm_t) +corenet_tcp_bind_generic_node(xdm_t) +corenet_udp_bind_generic_node(xdm_t) corenet_tcp_connect_all_ports(xdm_t) corenet_sendrecv_all_client_packets(xdm_t) # xdm tries to bind to biff_port_t @@ -654,11 +654,11 @@ corenet_all_recvfrom_unlabeled(xserver_t) corenet_all_recvfrom_netlabel(xserver_t) corenet_tcp_sendrecv_generic_if(xserver_t) corenet_udp_sendrecv_generic_if(xserver_t) -corenet_tcp_sendrecv_all_nodes(xserver_t) -corenet_udp_sendrecv_all_nodes(xserver_t) +corenet_tcp_sendrecv_generic_node(xserver_t) +corenet_udp_sendrecv_generic_node(xserver_t) corenet_tcp_sendrecv_all_ports(xserver_t) corenet_udp_sendrecv_all_ports(xserver_t) -corenet_tcp_bind_all_nodes(xserver_t) +corenet_tcp_bind_generic_node(xserver_t) corenet_tcp_bind_xserver_port(xserver_t) corenet_tcp_connect_all_ports(xserver_t) corenet_sendrecv_xserver_server_packets(xserver_t) diff --git a/policy/modules/services/zebra.te b/policy/modules/services/zebra.te index f3560d3..78d82ac 100644 --- a/policy/modules/services/zebra.te +++ b/policy/modules/services/zebra.te @@ -1,5 +1,5 @@ -policy_module(zebra, 1.9.1) +policy_module(zebra, 1.9.2) ######################################## # @@ -76,13 +76,13 @@ corenet_all_recvfrom_netlabel(zebra_t) corenet_tcp_sendrecv_generic_if(zebra_t) corenet_udp_sendrecv_generic_if(zebra_t) corenet_raw_sendrecv_generic_if(zebra_t) -corenet_tcp_sendrecv_all_nodes(zebra_t) -corenet_udp_sendrecv_all_nodes(zebra_t) -corenet_raw_sendrecv_all_nodes(zebra_t) +corenet_tcp_sendrecv_generic_node(zebra_t) +corenet_udp_sendrecv_generic_node(zebra_t) +corenet_raw_sendrecv_generic_node(zebra_t) corenet_tcp_sendrecv_all_ports(zebra_t) corenet_udp_sendrecv_all_ports(zebra_t) -corenet_tcp_bind_all_nodes(zebra_t) -corenet_udp_bind_all_nodes(zebra_t) +corenet_tcp_bind_generic_node(zebra_t) +corenet_udp_bind_generic_node(zebra_t) corenet_tcp_bind_bgp_port(zebra_t) corenet_tcp_bind_zebra_port(zebra_t) corenet_udp_bind_router_port(zebra_t) diff --git a/policy/modules/system/hotplug.te b/policy/modules/system/hotplug.te index 89ddf79..6e01745 100644 --- a/policy/modules/system/hotplug.te +++ b/policy/modules/system/hotplug.te @@ -1,5 +1,5 @@ -policy_module(hotplug, 1.11.1) +policy_module(hotplug, 1.11.2) ######################################## # @@ -55,8 +55,8 @@ corenet_all_recvfrom_unlabeled(hotplug_t) corenet_all_recvfrom_netlabel(hotplug_t) corenet_tcp_sendrecv_generic_if(hotplug_t) corenet_udp_sendrecv_generic_if(hotplug_t) -corenet_tcp_sendrecv_all_nodes(hotplug_t) -corenet_udp_sendrecv_all_nodes(hotplug_t) +corenet_tcp_sendrecv_generic_node(hotplug_t) +corenet_udp_sendrecv_generic_node(hotplug_t) corenet_tcp_sendrecv_all_ports(hotplug_t) corenet_udp_sendrecv_all_ports(hotplug_t) diff --git a/policy/modules/system/iscsi.te b/policy/modules/system/iscsi.te index 79724e1..8ceb526 100644 --- a/policy/modules/system/iscsi.te +++ b/policy/modules/system/iscsi.te @@ -1,5 +1,5 @@ -policy_module(iscsi, 1.5.1) +policy_module(iscsi, 1.5.2) ######################################## # @@ -59,7 +59,7 @@ kernel_read_system_state(iscsid_t) corenet_all_recvfrom_unlabeled(iscsid_t) corenet_all_recvfrom_netlabel(iscsid_t) corenet_tcp_sendrecv_generic_if(iscsid_t) -corenet_tcp_sendrecv_all_nodes(iscsid_t) +corenet_tcp_sendrecv_generic_node(iscsid_t) corenet_tcp_sendrecv_all_ports(iscsid_t) corenet_tcp_connect_http_port(iscsid_t) corenet_tcp_connect_iscsi_port(iscsid_t) diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te index 8e9c692..20132d7 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te @@ -1,5 +1,5 @@ -policy_module(logging, 1.13.1) +policy_module(logging, 1.13.2) ######################################## # @@ -156,9 +156,9 @@ selinux_search_fs(auditctl_t) corenet_all_recvfrom_unlabeled(auditd_t) corenet_all_recvfrom_netlabel(auditd_t) corenet_tcp_sendrecv_generic_if(auditd_t) -corenet_tcp_sendrecv_all_nodes(auditd_t) +corenet_tcp_sendrecv_generic_node(auditd_t) corenet_tcp_sendrecv_all_ports(auditd_t) -corenet_tcp_bind_all_nodes(auditd_t) +corenet_tcp_bind_generic_node(auditd_t) corenet_tcp_bind_audit_port(auditd_t) corenet_sendrecv_audit_server_packets(auditd_t) @@ -250,7 +250,7 @@ allow audisp_remote_t self:tcp_socket create_socket_perms; corenet_all_recvfrom_unlabeled(audisp_remote_t) corenet_all_recvfrom_netlabel(audisp_remote_t) corenet_tcp_sendrecv_generic_if(audisp_remote_t) -corenet_tcp_sendrecv_all_nodes(audisp_remote_t) +corenet_tcp_sendrecv_generic_node(audisp_remote_t) corenet_tcp_connect_audit_port(audisp_remote_t) corenet_sendrecv_audit_client_packets(audisp_remote_t) @@ -380,15 +380,15 @@ kernel_change_ring_buffer_level(syslogd_t) corenet_all_recvfrom_unlabeled(syslogd_t) corenet_all_recvfrom_netlabel(syslogd_t) corenet_udp_sendrecv_generic_if(syslogd_t) -corenet_udp_sendrecv_all_nodes(syslogd_t) +corenet_udp_sendrecv_generic_node(syslogd_t) corenet_udp_sendrecv_all_ports(syslogd_t) -corenet_udp_bind_all_nodes(syslogd_t) +corenet_udp_bind_generic_node(syslogd_t) corenet_udp_bind_syslogd_port(syslogd_t) # syslog-ng can listen and connect on tcp port 514 (rsh) corenet_tcp_sendrecv_generic_if(syslogd_t) -corenet_tcp_sendrecv_all_nodes(syslogd_t) +corenet_tcp_sendrecv_generic_node(syslogd_t) corenet_tcp_sendrecv_all_ports(syslogd_t) -corenet_tcp_bind_all_nodes(syslogd_t) +corenet_tcp_bind_generic_node(syslogd_t) corenet_tcp_bind_rsh_port(syslogd_t) corenet_tcp_connect_rsh_port(syslogd_t) # Allow users to define additional syslog ports to connect to diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te index 5963405..8983ba6 100644 --- a/policy/modules/system/lvm.te +++ b/policy/modules/system/lvm.te @@ -1,5 +1,5 @@ -policy_module(lvm, 1.10.1) +policy_module(lvm, 1.10.2) ######################################## # @@ -74,12 +74,12 @@ corenet_all_recvfrom_netlabel(clvmd_t) corenet_tcp_sendrecv_generic_if(clvmd_t) corenet_udp_sendrecv_generic_if(clvmd_t) corenet_raw_sendrecv_generic_if(clvmd_t) -corenet_tcp_sendrecv_all_nodes(clvmd_t) -corenet_udp_sendrecv_all_nodes(clvmd_t) -corenet_raw_sendrecv_all_nodes(clvmd_t) +corenet_tcp_sendrecv_generic_node(clvmd_t) +corenet_udp_sendrecv_generic_node(clvmd_t) +corenet_raw_sendrecv_generic_node(clvmd_t) corenet_tcp_sendrecv_all_ports(clvmd_t) corenet_udp_sendrecv_all_ports(clvmd_t) -corenet_tcp_bind_all_nodes(clvmd_t) +corenet_tcp_bind_generic_node(clvmd_t) corenet_tcp_bind_reserved_port(clvmd_t) corenet_dontaudit_tcp_bind_all_reserved_ports(clvmd_t) corenet_sendrecv_generic_server_packets(clvmd_t) diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if index 3a3de4d..e2eb2fe 100644 --- a/policy/modules/system/sysnetwork.if +++ b/policy/modules/system/sysnetwork.if @@ -548,8 +548,8 @@ interface(`sysnet_dns_name_resolve',` corenet_all_recvfrom_netlabel($1) corenet_tcp_sendrecv_generic_if($1) corenet_udp_sendrecv_generic_if($1) - corenet_tcp_sendrecv_all_nodes($1) - corenet_udp_sendrecv_all_nodes($1) + corenet_tcp_sendrecv_generic_node($1) + corenet_udp_sendrecv_generic_node($1) corenet_tcp_sendrecv_dns_port($1) corenet_udp_sendrecv_dns_port($1) corenet_tcp_connect_dns_port($1) @@ -579,7 +579,7 @@ interface(`sysnet_use_ldap',` corenet_all_recvfrom_unlabeled($1) corenet_all_recvfrom_netlabel($1) corenet_tcp_sendrecv_generic_if($1) - corenet_tcp_sendrecv_all_nodes($1) + corenet_tcp_sendrecv_generic_node($1) corenet_tcp_sendrecv_ldap_port($1) corenet_tcp_connect_ldap_port($1) corenet_sendrecv_ldap_client_packets($1) @@ -610,8 +610,8 @@ interface(`sysnet_use_portmap',` corenet_all_recvfrom_netlabel($1) corenet_tcp_sendrecv_generic_if($1) corenet_udp_sendrecv_generic_if($1) - corenet_tcp_sendrecv_all_nodes($1) - corenet_udp_sendrecv_all_nodes($1) + corenet_tcp_sendrecv_generic_node($1) + corenet_udp_sendrecv_generic_node($1) corenet_tcp_sendrecv_portmap_port($1) corenet_udp_sendrecv_portmap_port($1) corenet_tcp_connect_portmap_port($1) diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te index 6106bc9..09b9a9b 100644 --- a/policy/modules/system/sysnetwork.te +++ b/policy/modules/system/sysnetwork.te @@ -1,5 +1,5 @@ -policy_module(sysnetwork, 1.9.1) +policy_module(sysnetwork, 1.9.2) ######################################## # diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index 12c5714..740a841 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -391,8 +391,8 @@ template(`userdom_basic_networking_template',` corenet_all_recvfrom_netlabel($1_t) corenet_tcp_sendrecv_generic_if($1_t) corenet_udp_sendrecv_generic_if($1_t) - corenet_tcp_sendrecv_all_nodes($1_t) - corenet_udp_sendrecv_all_nodes($1_t) + corenet_tcp_sendrecv_generic_node($1_t) + corenet_udp_sendrecv_generic_node($1_t) corenet_tcp_sendrecv_all_ports($1_t) corenet_udp_sendrecv_all_ports($1_t) corenet_tcp_connect_all_ports($1_t) @@ -524,7 +524,7 @@ template(`userdom_common_user_template',` corecmd_exec_bin($1_t) - corenet_udp_bind_all_nodes($1_t) + corenet_udp_bind_generic_node($1_t) corenet_udp_bind_generic_port($1_t) dev_read_rand($1_t) @@ -996,7 +996,7 @@ template(`userdom_unpriv_user_template', ` # the same domain and outside users) disabling this forces FTP passive mode # and may change other protocols tunable_policy(`user_tcp_server',` - corenet_tcp_bind_all_nodes($1_t) + corenet_tcp_bind_generic_node($1_t) corenet_tcp_bind_generic_port($1_t) ') diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te index b8a4b5f..54174b0 100644 --- a/policy/modules/system/userdomain.te +++ b/policy/modules/system/userdomain.te @@ -1,5 +1,5 @@ -policy_module(userdomain, 4.1.1) +policy_module(userdomain, 4.1.2) ######################################## # diff --git a/policy/modules/system/xen.te b/policy/modules/system/xen.te index 5db33f3..161f298 100644 --- a/policy/modules/system/xen.te +++ b/policy/modules/system/xen.te @@ -1,5 +1,5 @@ -policy_module(xen, 1.8.1) +policy_module(xen, 1.8.2) ######################################## # @@ -142,9 +142,9 @@ corecmd_exec_shell(xend_t) corenet_all_recvfrom_unlabeled(xend_t) corenet_all_recvfrom_netlabel(xend_t) corenet_tcp_sendrecv_generic_if(xend_t) -corenet_tcp_sendrecv_all_nodes(xend_t) +corenet_tcp_sendrecv_generic_node(xend_t) corenet_tcp_sendrecv_all_ports(xend_t) -corenet_tcp_bind_all_nodes(xend_t) +corenet_tcp_bind_generic_node(xend_t) corenet_tcp_bind_xen_port(xend_t) corenet_tcp_bind_soundd_port(xend_t) corenet_tcp_bind_generic_port(xend_t) @@ -326,7 +326,7 @@ kernel_write_xen_state(xm_t) corecmd_exec_bin(xm_t) corenet_tcp_sendrecv_generic_if(xm_t) -corenet_tcp_sendrecv_all_nodes(xm_t) +corenet_tcp_sendrecv_generic_node(xm_t) corenet_tcp_connect_soundd_port(xm_t) dev_read_urand(xm_t)