On Wed, 2012-09-19 at 16:01 -0400, Daniel J Walsh wrote: > On 09/19/2012 03:20 PM, Dominick Grift wrote: > > > > > > On Wed, 2012-09-19 at 15:07 -0400, Daniel J Walsh wrote: > >> > >> ## <desc> ## <p> +## Allow postgresql to use ssh and rsync to > >> replicate databases +## </p> +## </desc> > >> +gen_tunable(postgesql_replication, false) > > > > typo in there > > > > we should probably implement a ssh_tcp_connect if it doesnt exists already > > and use that (that goes for all service ports) > > > > ######################################## ## <summary> ## Connect to ssh > > over the TCP network. ## </summary> ## <param name="domain"> ## <summary> > > ## Domain allowed access. ## </summary> ## </param> # > > interface(`ssh_tcp_connect',` gen_require(` type sshd_t; ') > > > > corenet_tcp_recvfrom_labeled($1, sshd_t) corenet_tcp_sendrecv_ssh_port($1) > > corenet_tcp_connect_ssh_port($1) corenet_sendrecv_ssh_client_packets($1) > > ') > > > > > > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/selinux > > > Looks like Chris did not like a previous interface by that name. > ######################################## > ## <summary> > ## Connect to SSH daemons over TCP sockets. (Deprecated) > ## </summary> > ## <param name="domain"> > ## <summary> > ## Domain allowed access. > ## </summary> > ## </param> > # > interface(`ssh_tcp_connect',` > refpolicywarn(`$0($*) has been deprecated.') > ') > Anyways , ok ignore it for now. I guess this should be discussed with pebenito. I can always change it later -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
