Re: cups sends mail, connects to smbd port and binds to ports 600-1023

From: Daniel J Walsh <dwalsh_at_nospam>
Date: Mon Apr 30 2007 - 18:17:33 GMT
To: "Christopher J. PeBenito" <cpebenito@tresys.com>

Christopher J. PeBenito wrote: > On Fri, 2007-04-20 at 14:52 -0400, dwalsh@redhat.com wrote: > >> --- nsaserefpolicy/policy/modules/services/cups.te 2007-03-26 10:39:04.000000000 -0400 >> +++ serefpolicy-2.5.12/policy/modules/services/cups.te 2007-04-11 17:07:34.000000000 -0400 >> @@ -151,9 +151,11 @@
>> corenet_tcp_bind_reserved_port(cupsd_t)
>> corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
>> corenet_tcp_connect_all_ports(cupsd_t)
>> +corenet_tcp_connect_smbd_port(cupsd_t)
>> corenet_sendrecv_hplip_client_packets(cupsd_t)
>> corenet_sendrecv_ipp_client_packets(cupsd_t)
>> corenet_sendrecv_ipp_server_packets(cupsd_t)
>> +corenet_tcp_bind_all_rpc_ports(cupsd_t)
>>
> > Any info on why it binds to these ports? > > Tim, why does cupsd bind to ports 600-1023?
>> dev_rw_printer(cupsd_t)
>> dev_read_urand(cupsd_t)
>> @@ -294,6 +296,10 @@
>> ')
>>
>> optional_policy(`
>> + sendmail_domtrans(cupsd_t) >> +')
>>
> > Wouldn't mta_send_mail() be better? > Yes > >> + >> +optional_policy(`
>> seutil_sigchld_newrole(cupsd_t)
>> ')
>>

>
> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.

This message: [ Message body ]
Next message: rob myers: "oracle policy"
Previous message: Christopher J. PeBenito: "Re: rwho patch"
In reply to: Christopher J. PeBenito: "Re: cups sends mail, connects to smbd port and binds to ports 600-1023"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]