commit: 7b3c908130c376a0c5d312057979dbfa4281d2ea
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Mar 25 02:24:42 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Wed Mar 25 15:52:04 2015 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=7b3c9081
git: make inetd interface optional
git-daemon can be run without inetd, this patch makes the
interface optional so that git.pp can be loaded without inetd
policy/modules/contrib/git.te | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/policy/modules/contrib/git.te b/policy/modules/contrib/git.te
index 084ac9d..a93c976 100644
--- a/policy/modules/contrib/git.te
+++ b/policy/modules/contrib/git.te
@@ -86,7 +86,6 @@ apache_content_template(git)
type git_system_t, git_daemon;
type gitd_exec_t;
-inetd_service_domain(git_system_t, gitd_exec_t)
init_daemon_domain(git_system_t, gitd_exec_t)
type git_session_t, git_daemon;
@@ -122,6 +121,10 @@ auth_use_nsswitch(git_session_t)
userdom_use_user_terminals(git_session_t)
+optional_policy(`
+ inetd_service_domain(git_system_t, gitd_exec_t)
+')
+
tunable_policy(`git_session_bind_all_unreserved_ports',`
corenet_sendrecv_all_server_packets(git_session_t)
corenet_tcp_bind_all_unreserved_ports(git_session_t)
