On Thursday 20 March 2008 8:50:56 am Christopher J. PeBenito wrote:
> On Wed, 2008-03-19 at 14:24 -0400, Paul Moore wrote:
> > On Wednesday 19 March 2008 9:19:53 am Christopher J. PeBenito wrote:
> > > > refpolicy_svn_repo.orig/policy/modules/kernel/corenetwork.if.in
> > > > +++ refpolicy_svn_repo/policy/modules/kernel/corenetwork.if.in
> > > > @@ -2380,6 +2392,27 @@ interface(`corenet_sendrecv_unlabeled_pa
> > > >
> > > > ########################################
> > > > ## <summary>
> > > > +## Receive packets from an unlabeled peer.
> > > > +## </summary>
> > > > +## <desc>
> > > > +## <p>
> > > > +## Receive packets from an unlabeled peer,
> > > > +## these packets do not have any peer labeling
> > > > +## information present.
> > > > +## </p>
> > > > +## </desc>
> > > > +## <param name="domain">
> > > > +## <summary>
> > > > +## Domain allowed access.
> > > > +## </summary>
> > > > +## </param>
> > > > +#
> > > > +interface(`corenet_recvfrom_unlabeled_peer',`
> > > > + kernel_recvfrom_unlabeled_peer($1)
> > > > +')
> > >
> > > Seems unnecessary since it seems like it should be called from
> > > corenet_(tcp|udp|raw)_recvfrom_unlabeled?
> >
> > Okay, would you prefer to add kernel_recvfrom_unlabeled_peer() to
> > corenet_{tcp,udp,raw}_recvfrom_unlabeled() or simply add the new
> > allow rule to kernel_{tcp,udp,raw}_recvfrom_unlabeled()?
>
> The latter seems the best choice.
Okey dokey, I'm kinda swamped right now but I'll get an updated
patch[set] out next week.
Thanks.
--
paul moore
linux security @ hp
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
