Remove unlabeled packet access

When SECMARK or Netlabel packet labeling is used, it's useful to forbid receiving and sending unlabeled packets. If packet labeling is not active, there's no effect. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> Signed-off-by: Jason Zaman <perfinion@gentoo.org>
author: Topi Miettinen <toiwoton@gmail.com> 2020-05-22 15:56:01 +0300
committer: Jason Zaman <perfinion@gentoo.org> 2020-08-09 19:58:45 -0700
commit: 34c040f8d980dc24b4b34b75a532af72cee9306f (patch)
tree: fbb347ff231b7c89c1ea0e03a60cfb695a7d74a1 /policy/modules/services/ntp.te
parent: apache: quote gen_tunable name argument (diff)
download: hardened-refpolicy-34c040f8d980dc24b4b34b75a532af72cee9306f.tar.gz
hardened-refpolicy-34c040f8d980dc24b4b34b75a532af72cee9306f.tar.bz2
hardened-refpolicy-34c040f8d980dc24b4b34b75a532af72cee9306f.zip
1 files changed, 0 insertions, 1 deletions
diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te
index e70d7bbc8..bab525d25 100644
--- a/policy/modules/services/ntp.te
+++ b/policy/modules/services/ntp.te
@@ -96,7 +96,6 @@ kernel_read_system_state(ntpd_t)
 kernel_read_network_state(ntpd_t)
 kernel_request_load_module(ntpd_t)
 
-corenet_all_recvfrom_unlabeled(ntpd_t)
 corenet_all_recvfrom_netlabel(ntpd_t)
 corenet_udp_sendrecv_generic_if(ntpd_t)
 corenet_udp_sendrecv_generic_node(ntpd_t)
author	Topi Miettinen <toiwoton@gmail.com>	2020-05-22 15:56:01 +0300
committer	Jason Zaman <perfinion@gentoo.org>	2020-08-09 19:58:45 -0700
commit	34c040f8d980dc24b4b34b75a532af72cee9306f (patch)
tree	fbb347ff231b7c89c1ea0e03a60cfb695a7d74a1 /policy/modules/services/ntp.te
parent	apache: quote gen_tunable name argument (diff)
download	hardened-refpolicy-34c040f8d980dc24b4b34b75a532af72cee9306f.tar.gz hardened-refpolicy-34c040f8d980dc24b4b34b75a532af72cee9306f.tar.bz2 hardened-refpolicy-34c040f8d980dc24b4b34b75a532af72cee9306f.zip