mirrors/passt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
passt/contrib/selinux
History
Stefano Brivio de9b0cb5fe contrib/selinux: Allow binding and connecting to all UDP and TCP ports 
Laine reports that with a simple:

      <portForward proto='tcp'>
        <range start='2022' to='22'/>
      </portForward>

in libvirt's domain XML, passt won't start as it fails to bind
arbitrary ports. That was actually the intention behind passt_port_t:
the user or system administrator should have explicitly configured
allowed ports on a given machine. But it's probably not realistic, so
just allow any port to be bound and forwarded.

Also fix up some missing operations on sockets.

Reported-by: Laine Stump <laine@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Tested-by: Laine Stump <laine@redhat.com>
Reviewed-by: Laine Stump <laine@redhat.com>
2023-03-09 00:36:08 +01:00
..
passt.fc selinux: Switch to a more reasonable model for PID and socket files 2023-02-21 19:12:37 +01:00
passt.if selinux: Define interfaces for libvirt and similar frameworks 2023-02-21 19:12:37 +01:00
passt.te contrib/selinux: Allow binding and connecting to all UDP and TCP ports 2023-03-09 00:36:08 +01:00
pasta.fc passt, pasta: Add examples of SELinux policy modules 2022-03-29 15:35:38 +02:00
pasta.if passt, pasta: Add examples of SELinux policy modules 2022-03-29 15:35:38 +02:00
pasta.te passt, pasta: Add examples of SELinux policy modules 2022-03-29 15:35:38 +02:00