diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2020-05-22 15:56:01 +0300 |
---|---|---|
committer | Jason Zaman <perfinion@gentoo.org> | 2020-08-09 19:58:45 -0700 |
commit | 34c040f8d980dc24b4b34b75a532af72cee9306f (patch) | |
tree | fbb347ff231b7c89c1ea0e03a60cfb695a7d74a1 /policy/modules/services/postgrey.te | |
parent | apache: quote gen_tunable name argument (diff) | |
download | hardened-refpolicy-34c040f8d980dc24b4b34b75a532af72cee9306f.tar.gz hardened-refpolicy-34c040f8d980dc24b4b34b75a532af72cee9306f.tar.bz2 hardened-refpolicy-34c040f8d980dc24b4b34b75a532af72cee9306f.zip |
Remove unlabeled packet access
When SECMARK or Netlabel packet labeling is used, it's useful to
forbid receiving and sending unlabeled packets. If packet labeling is
not active, there's no effect.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'policy/modules/services/postgrey.te')
-rw-r--r-- | policy/modules/services/postgrey.te | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/policy/modules/services/postgrey.te b/policy/modules/services/postgrey.te index c4c3e10d..2b50d5f2 100644 --- a/policy/modules/services/postgrey.te +++ b/policy/modules/services/postgrey.te @@ -60,7 +60,6 @@ kernel_read_kernel_sysctls(postgrey_t) corecmd_read_bin_files(postgrey_t) corecmd_exec_bin(postgrey_t) -corenet_all_recvfrom_unlabeled(postgrey_t) corenet_all_recvfrom_netlabel(postgrey_t) corenet_tcp_sendrecv_generic_if(postgrey_t) corenet_tcp_sendrecv_generic_node(postgrey_t) |