[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/kernel/

[Sven Vermeulen]

commit:     49047f621c6f9d5001be7d2ab6a1c33689d6b214
Author:     cgzones <cgzones <AT> googlemail <DOT> com>
AuthorDate: Fri Jan  6 14:06:37 2017 +0000
Commit:     Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Fri Jan 13 18:39:10 2017 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=49047f62

update corenetwork module

* remove deprecated interfaces
* label tcp port 2812 for monit

 policy/modules/kernel/corenetwork.fc    | 17 ++++++++---------
 policy/modules/kernel/corenetwork.te.in |  1 +
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/policy/modules/kernel/corenetwork.fc 
b/policy/modules/kernel/corenetwork.fc
index 9af1f7a..a717876 100644
--- a/policy/modules/kernel/corenetwork.fc
+++ b/policy/modules/kernel/corenetwork.fc
@@ -1,13 +1,12 @@
+/dev/ippp.*            -c      gen_context(system_u:object_r:ppp_device_t,s0)
+/dev/ppp               -c      gen_context(system_u:object_r:ppp_device_t,s0)
+/dev/pppox.*           -c      gen_context(system_u:object_r:ppp_device_t,s0)
+/dev/tap.*             -c      
gen_context(system_u:object_r:tun_tap_device_t,s0)
 
-/dev/ippp.*    -c      gen_context(system_u:object_r:ppp_device_t,s0)
-/dev/ppp       -c      gen_context(system_u:object_r:ppp_device_t,s0)
-/dev/pppox.*   -c      gen_context(system_u:object_r:ppp_device_t,s0)
-/dev/tap.*     -c      gen_context(system_u:object_r:tun_tap_device_t,s0)
+/dev/net/.*            -c      
gen_context(system_u:object_r:tun_tap_device_t,s0)
 
-/dev/net/.*    -c      gen_context(system_u:object_r:tun_tap_device_t,s0)
+/lib/udev/devices/ppp  -c      gen_context(system_u:object_r:ppp_device_t,s0)
+/lib/udev/devices/net/.* -c    
gen_context(system_u:object_r:tun_tap_device_t,s0)
 
-/lib/udev/devices/ppp -c gen_context(system_u:object_r:ppp_device_t,s0)
-/lib/udev/devices/net/.* -c gen_context(system_u:object_r:tun_tap_device_t,s0)
-
-/usr/lib/udev/devices/ppp -c gen_context(system_u:object_r:ppp_device_t,s0)
+/usr/lib/udev/devices/ppp -c   gen_context(system_u:object_r:ppp_device_t,s0)
 /usr/lib/udev/devices/net/.* -c 
gen_context(system_u:object_r:tun_tap_device_t,s0)

diff --git a/policy/modules/kernel/corenetwork.te.in 
b/policy/modules/kernel/corenetwork.te.in
index bac6665..6e0ac9d 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -179,6 +179,7 @@ network_port(matahari, tcp,49000,s0, udp,49000,s0)
 network_port(memcache, tcp,11211,s0, udp,11211,s0)
 network_port(milter) # no defined portcon
 network_port(mmcc, tcp,5050,s0, udp,5050,s0)
+network_port(monit, tcp,2812,s0)
 network_port(monopd, tcp,1234,s0)
 network_port(mountd, tcp,20048,s0, udp,20048,s0)
 network_port(movaz_ssc, tcp,5252,s0, udp,5252,s0)