networking (#937)

* misc small networking patches

Signed-off-by: Russell Coker <[email protected]>

Author: etbe

policy/modules/kernel/corenetwork.te.in

@@ -264,7 +264,7 @@ network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
 network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0, tcp,1161,s0)
 network_port(socks) # no defined portcon
 network_port(soundd, tcp,8000,s0, tcp,9433,s0, tcp, 16001, s0)
-network_port(spamd, tcp,783,s0)
+network_port(spamd, tcp,783,s0, tcp,11333,s0)
 network_port(speech, tcp,8036,s0)
 network_port(squid, udp,3401,s0, tcp,3401,s0, udp,4827,s0, tcp,4827,s0) # snmp and htcp
 network_port(ssdp, tcp,1900,s0, udp,1900,s0)

policy/modules/services/avahi.te

@@ -118,4 +118,3 @@ optional_policy(`
 optional_policy(`
 	unconfined_dbus_send(avahi_t)
 ')
-

policy/modules/services/bind.te

@@ -224,6 +224,8 @@ allow ndc_t self:capability2 block_suspend;
 allow ndc_t self:process { getsched setsched signal_perms };
 allow ndc_t self:fifo_file rw_fifo_file_perms;
 allow ndc_t self:unix_stream_socket { accept listen };
+allow ndc_t self:anon_inode { create map read write };
+allow ndc_t self:io_uring sqpoll;
 
 allow ndc_t dnssec_t:file read_file_perms;
 allow ndc_t dnssec_t:lnk_file read_lnk_file_perms;

policy/modules/services/networkmanager.te

@@ -66,6 +66,7 @@ allow NetworkManager_t wpa_cli_t:unix_dgram_socket sendto;
 allow NetworkManager_t NetworkManager_etc_t:dir list_dir_perms;
 allow NetworkManager_t NetworkManager_etc_t:file read_file_perms;
 allow NetworkManager_t NetworkManager_etc_t:lnk_file read_lnk_file_perms;
+allow NetworkManager_t NetworkManager_etc_t:dir watch;
 
 manage_dirs_pattern(NetworkManager_t, NetworkManager_etc_rw_t, NetworkManager_etc_rw_t)
 manage_files_pattern(NetworkManager_t, NetworkManager_etc_rw_t, NetworkManager_etc_rw_t)
@@ -162,7 +163,9 @@ storage_getattr_fixed_disk_dev(NetworkManager_t)
 init_read_utmp(NetworkManager_t)
 init_dontaudit_write_utmp(NetworkManager_t)
 init_domtrans_script(NetworkManager_t)
+init_get_generic_units_status(NetworkManager_t)
 init_get_system_status(NetworkManager_t)
+init_search_units(NetworkManager_t)
 
 auth_use_nsswitch(NetworkManager_t)
 
@@ -346,6 +349,7 @@ optional_policy(`
 	systemd_watch_logind_runtime_dirs(NetworkManager_t)
 	systemd_read_logind_sessions_files(NetworkManager_t)
 	systemd_watch_logind_sessions_dirs(NetworkManager_t)
+	systemd_read_networkd_runtime(NetworkManager_t)
 	systemd_read_machines(NetworkManager_t)
 	systemd_watch_machines_dirs(NetworkManager_t)
 	systemd_write_inherited_logind_inhibit_pipes(NetworkManager_t)

policy/modules/services/rpc.fc

@@ -20,6 +20,7 @@
 /usr/lib/systemd/system/rpc.*\.service --   gen_context(system_u:object_r:rpcd_unit_t,s0)
 
 /usr/sbin/blkmapd	--	gen_context(system_u:object_r:blkmapd_exec_t,s0)
+/usr/sbin/fsidd		--	gen_context(system_u:object_r:nfsd_exec_t,s0)
 /usr/sbin/nfsdcld	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
 /usr/sbin/rpc\..*	--	gen_context(system_u:object_r:rpcd_exec_t,s0)
 /usr/sbin/rpc\.idmapd	--	gen_context(system_u:object_r:rpcd_exec_t,s0)