SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List gentoo policy for stunnel This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ Next in thread ] [ Replies ] From: petre rodan <kaiowas_at_gentoo.org> Date: Mon, 15 Nov 2004 18:09:46 +0200 Hi, attached you'll find the policy we use for stunnel [1] [1] http://www.stunnel.org Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code. bye, peter -- petre rodan <kaiowas@gentoo.org> Developer, Hardened Gentoo Linux /usr/sbin/stunnel -- system_u:object_r:stunnel_exec_t /etc/stunnel(/.)? system_u:object_r:stunnel_etc_t /var/run/stunnel(/.)? system_u:object_r:stunnel_var_run_t # DESC: selinux policy for stunnel # # Author: petre rodan <kaiowas@gentoo.org> # type stunnel_port_t, port_type; daemon_domain(stunnel, `, privlog') can_network(stunnel_t) type stunnel_etc_t, file_type, sysadmfile; allow stunnel_t self:capability { setgid setuid sys_chroot }; allow stunnel_t self:fifo_file { read write }; allow stunnel_t self:tcp_socket { read write }; allow stunnel_t self:unix_stream_socket { connect create }; allow stunnel_t stunnel_port_t:tcp_socket { name_bind }; r_dir_file(stunnel_t, stunnel_etc_t) r_dir_file(stunnel_t, etc_t) -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. application/pgp-signature attachment: OpenPGP digital signature Received on Mon 15 Nov 2004 - 10:52:24 EST This message: [ Message body ] Next message: petre rodan: "gentoo diff for snmpd" Previous message: petre rodan: "gentoo diff for postgresql" Next in thread: Thomas Bleher: "Re: gentoo policy for stunnel" Reply: Thomas Bleher: "Re: gentoo policy for stunnel" Reply: James Carter: "Re: gentoo policy for stunnel" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom