From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 898BC138202 for ; Wed, 12 Dec 2012 19:34:48 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 463D8E06C2; Wed, 12 Dec 2012 19:33:51 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 61346E06C2 for ; Wed, 12 Dec 2012 19:33:50 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 615B233DA71 for ; Wed, 12 Dec 2012 19:33:49 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 0755DE544E for ; Wed, 12 Dec 2012 19:33:47 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1355340405.3b14930b6c4ff35ec280e1cd98b7ca9ff10592a8.SwifT@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/stunnel.te X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 3b14930b6c4ff35ec280e1cd98b7ca9ff10592a8 X-VCS-Branch: master Date: Wed, 12 Dec 2012 19:33:47 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: f5d8dfb1-7a17-4142-9590-fad1e52fc00c X-Archives-Hash: 90e6f7f6950c8637a74e63b69dc2904e commit: 3b14930b6c4ff35ec280e1cd98b7ca9ff10592a8 Author: Sven Vermeulen siphos be> AuthorDate: Sat Dec 8 20:57:02 2012 +0000 Commit: Sven Vermeulen siphos be> CommitDate: Wed Dec 12 19:26:45 2012 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=3b14930b Updates on stunnel policy Allow the stunnel domain to bind on any port (its primary purpose is to provide encrypted tunnel services regardless of the underlying service). Allow the stunnel domain to read generic certs (be it for the mutual authentication, for which the CA certificate needs to be provided, or for its own certificates if placed in /etc/ssl). Signed-off-by: Sven Vermeulen siphos.be> --- policy/modules/contrib/stunnel.te | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/policy/modules/contrib/stunnel.te b/policy/modules/contrib/stunnel.te index deb0bdc..acb822c 100644 --- a/policy/modules/contrib/stunnel.te +++ b/policy/modules/contrib/stunnel.te @@ -53,6 +53,7 @@ corenet_all_recvfrom_netlabel(stunnel_t) corenet_tcp_sendrecv_generic_if(stunnel_t) corenet_tcp_sendrecv_generic_node(stunnel_t) corenet_tcp_sendrecv_all_ports(stunnel_t) +corenet_tcp_bind_all_ports(stunnel_t) corenet_tcp_bind_generic_node(stunnel_t) corenet_sendrecv_all_client_packets(stunnel_t) @@ -73,6 +74,7 @@ auth_use_nsswitch(stunnel_t) logging_send_syslog_msg(stunnel_t) +miscfiles_read_generic_certs(stunnel_t) miscfiles_read_localization(stunnel_t) userdom_dontaudit_use_unpriv_user_fds(stunnel_t)