On Mon, 2008-08-04 at 14:35 +0200, david@xxxxxxxxxxx wrote: > plain text document attachment (policy_modules_services_stunnel.patch) > Changes to the stunnel module which shouldn't be controversial, the interface > is used by later RH patches to the inetd module. Merged. > Index: refpolicy/policy/modules/services/stunnel.if > =================================================================== > --- refpolicy.orig/policy/modules/services/stunnel.if 2008-07-19 19:15:41.000000000 +0200 > +++ refpolicy/policy/modules/services/stunnel.if 2008-08-03 21:21:31.000000000 +0200 > @@ -1 +1,25 @@ > ## <summary>SSL Tunneling Proxy</summary> > + > +######################################## > +## <summary> > +## Define the specified domain as a stunnel inetd service. > +## </summary> > +## <param name="domain"> > +## <summary> > +## The type associated with the stunnel inetd service process. > +## </summary> > +## </param> > +## <param name="entrypoint"> > +## <summary> > +## The type associated with the process program. > +## </summary> > +## </param> > +# > +interface(`stunnel_service_domain',` > + gen_require(` > + type stunnel_t; > + ') > + > + domtrans_pattern(stunnel_t,$2,$1) > + allow $1 stunnel_t:tcp_socket rw_socket_perms; > +') > Index: refpolicy/policy/modules/services/stunnel.te > =================================================================== > --- refpolicy.orig/policy/modules/services/stunnel.te 2008-08-03 16:47:00.000000000 +0200 > +++ refpolicy/policy/modules/services/stunnel.te 2008-08-03 21:21:31.000000000 +0200 > @@ -20,7 +20,7 @@ > ') > > type stunnel_etc_t; > -files_type(stunnel_etc_t) > +files_config_file(stunnel_etc_t) > > type stunnel_tmp_t; > files_tmp_file(stunnel_tmp_t) > -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
