selinux-policy/fix_djbdns.patch

Index: fedora-policy/policy/modules/contrib/djbdns.te
===================================================================
--- fedora-policy.orig/policy/modules/contrib/djbdns.te	2019-08-05 09:39:48.641670181 +0200
+++ fedora-policy/policy/modules/contrib/djbdns.te	2019-08-05 09:53:08.383084236 +0200
@@ -24,28 +24,6 @@ allow djbdns_domain self:fifo_file rw_fi
 allow djbdns_domain self:tcp_socket create_stream_socket_perms;
 allow djbdns_domain self:udp_socket create_socket_perms;
 
-corenet_all_recvfrom_unlabeled(djbdns_domain)
-corenet_all_recvfrom_netlabel(djbdns_domain)
-corenet_tcp_sendrecv_generic_if(djbdns_domain)
-corenet_udp_sendrecv_generic_if(djbdns_domain)
-corenet_tcp_sendrecv_generic_node(djbdns_domain)
-corenet_udp_sendrecv_generic_node(djbdns_domain)
-corenet_tcp_sendrecv_all_ports(djbdns_domain)
-corenet_udp_sendrecv_all_ports(djbdns_domain)
-corenet_tcp_bind_generic_node(djbdns_domain)
-corenet_udp_bind_generic_node(djbdns_domain)
-
-corenet_sendrecv_dns_server_packets(djbdns_domain)
-corenet_tcp_bind_dns_port(djbdns_domain)
-corenet_udp_bind_dns_port(djbdns_domain)
-
-corenet_sendrecv_dns_client_packets(djbdns_domain)
-corenet_tcp_connect_dns_port(djbdns_domain)
-
-corenet_sendrecv_generic_server_packets(djbdns_domain)
-corenet_tcp_bind_generic_port(djbdns_domain)
-corenet_udp_bind_generic_port(djbdns_domain)
-
 files_search_var(djbdns_domain)
 
 daemontools_ipc_domain(djbdns_axfrdns_t)
Accepting request 734854 from home:jsegitz:branches:security:SELinux - Moved back to fedora policy (20190802) - Removed spec file conditionals for old SELinux userland - Removed config.tgz - Removed patches: * label_sysconfig.selinux.patch * label_var_run_rsyslog.patch * suse_additions_obs.patch * suse_additions_sslh.patch * suse_modifications_apache.patch * suse_modifications_cron.patch * suse_modifications_getty.patch * suse_modifications_logging.patch * suse_modifications_ntp.patch * suse_modifications_usermanage.patch * suse_modifications_virt.patch * suse_modifications_xserver.patch * sysconfig_network_scripts.patch * segenxml_interpreter.patch - Added patches: * fix_djbdns.patch * fix_dbus.patch * fix_gift.patch * fix_java.patch * fix_hadoop.patch * fix_thunderbird.patch * postfix_paths.patch * fix_nscd.patch * fix_sysnetwork.patch * fix_logging.patch * fix_xserver.patch OBS-URL: https://build.opensuse.org/request/show/734854 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/selinux-policy?expand=0&rev=73 2019-10-04 04:15:03 +02:00			`Index: fedora-policy/policy/modules/contrib/djbdns.te`
			`===================================================================`
			`--- fedora-policy.orig/policy/modules/contrib/djbdns.te 2019-08-05 09:39:48.641670181 +0200`
			`+++ fedora-policy/policy/modules/contrib/djbdns.te 2019-08-05 09:53:08.383084236 +0200`
			`@@ -24,28 +24,6 @@ allow djbdns_domain self:fifo_file rw_fi`
			`allow djbdns_domain self:tcp_socket create_stream_socket_perms;`
			`allow djbdns_domain self:udp_socket create_socket_perms;`

			`-corenet_all_recvfrom_unlabeled(djbdns_domain)`
			`-corenet_all_recvfrom_netlabel(djbdns_domain)`
			`-corenet_tcp_sendrecv_generic_if(djbdns_domain)`
			`-corenet_udp_sendrecv_generic_if(djbdns_domain)`
			`-corenet_tcp_sendrecv_generic_node(djbdns_domain)`
			`-corenet_udp_sendrecv_generic_node(djbdns_domain)`
			`-corenet_tcp_sendrecv_all_ports(djbdns_domain)`
			`-corenet_udp_sendrecv_all_ports(djbdns_domain)`
			`-corenet_tcp_bind_generic_node(djbdns_domain)`
			`-corenet_udp_bind_generic_node(djbdns_domain)`
			`-`
			`-corenet_sendrecv_dns_server_packets(djbdns_domain)`
			`-corenet_tcp_bind_dns_port(djbdns_domain)`
			`-corenet_udp_bind_dns_port(djbdns_domain)`
			`-`
			`-corenet_sendrecv_dns_client_packets(djbdns_domain)`
			`-corenet_tcp_connect_dns_port(djbdns_domain)`
			`-`
			`-corenet_sendrecv_generic_server_packets(djbdns_domain)`
			`-corenet_tcp_bind_generic_port(djbdns_domain)`
			`-corenet_udp_bind_generic_port(djbdns_domain)`
			`-`
			`files_search_var(djbdns_domain)`

			`daemontools_ipc_domain(djbdns_axfrdns_t)`