diff options
author | Topi Miettinen <toiwoton@gmail.com> | 2020-05-22 15:56:01 +0300 |
---|---|---|
committer | Jason Zaman <perfinion@gentoo.org> | 2020-08-09 19:58:45 -0700 |
commit | 34c040f8d980dc24b4b34b75a532af72cee9306f (patch) | |
tree | fbb347ff231b7c89c1ea0e03a60cfb695a7d74a1 /policy/modules/services/redis.te | |
parent | apache: quote gen_tunable name argument (diff) | |
download | hardened-refpolicy-34c040f8d980dc24b4b34b75a532af72cee9306f.tar.gz hardened-refpolicy-34c040f8d980dc24b4b34b75a532af72cee9306f.tar.bz2 hardened-refpolicy-34c040f8d980dc24b4b34b75a532af72cee9306f.zip |
Remove unlabeled packet access
When SECMARK or Netlabel packet labeling is used, it's useful to
forbid receiving and sending unlabeled packets. If packet labeling is
not active, there's no effect.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'policy/modules/services/redis.te')
-rw-r--r-- | policy/modules/services/redis.te | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/policy/modules/services/redis.te b/policy/modules/services/redis.te index 4048ad97a..f0ccc9325 100644 --- a/policy/modules/services/redis.te +++ b/policy/modules/services/redis.te @@ -52,7 +52,6 @@ manage_lnk_files_pattern(redis_t, redis_runtime_t, redis_runtime_t) kernel_read_system_state(redis_t) -corenet_all_recvfrom_unlabeled(redis_t) corenet_all_recvfrom_netlabel(redis_t) corenet_tcp_sendrecv_generic_if(redis_t) corenet_tcp_sendrecv_generic_node(redis_t) |