On Wed, 2012-09-19 at 16:01 -0400, Daniel J Walsh wrote:
On 09/19/2012 03:20 PM, Dominick Grift wrote:
On Wed, 2012-09-19 at 15:07 -0400, Daniel J Walsh wrote:
## <desc> ## <p> +## Allow postgresql to use ssh and rsync to replicate databases +## </p> +## </desc> +gen_tunable(postgesql_replication, false)
typo in there
we should probably implement a ssh_tcp_connect if it doesnt exists already and use that (that goes for all service ports)
######################################## ## <summary> ## Connect to ssh over the TCP network. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`ssh_tcp_connect',` gen_require(` type sshd_t; ')
corenet_tcp_recvfrom_labeled($1, sshd_t) corenet_tcp_sendrecv_ssh_port($1) corenet_tcp_connect_ssh_port($1) corenet_sendrecv_ssh_client_packets($1) ')
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Looks like Chris did not like a previous interface by that name. ######################################## ## <summary> ## Connect to SSH daemons over TCP sockets. (Deprecated) ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`ssh_tcp_connect',` refpolicywarn(`$0($*) has been deprecated.') ')
I noticed that and i dont know why. Its also inconsistent because mysql and postgres have it but some have it deprecated like i guess ssh and snmp
I actually like this interface it provides support for labeled networking.