diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.in b/refpolicy/policy/modules/kernel/corenetwork.if.in index 680714a..58a3c91 100644 --- a/refpolicy/policy/modules/kernel/corenetwork.if.in +++ b/refpolicy/policy/modules/kernel/corenetwork.if.in @@ -704,6 +704,22 @@ interface(`corenet_tcp_bind_all_ports',` ######################################## ## +## Do not audit attepts to bind TCP sockets to any ports. +## +## +## Domain to not audit. +## +# +interface(`corenet_dontaudit_tcp_bind_all_ports',` + gen_require(` + attribute port_type; + ') + + dontaudit $1 port_type:tcp_socket name_bind; +') + +######################################## +## ## Bind UDP sockets to all ports. ## ##