From 11ef2470b7473b758630a300e986517e3ec90aa4 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sep 18 2008 21:02:12 +0000 Subject: - Fix labeling on new pm*log - Allow ssh to bind to all nodes --- diff --git a/modules-mls.conf b/modules-mls.conf index e155c9b..52c70a9 100644 --- a/modules-mls.conf +++ b/modules-mls.conf @@ -409,14 +409,14 @@ snmp = module # # Policy for rshd, rlogind, and telnetd. # -remotelogin = base +remotelogin = module # Layer: services # Module: telnet # # Telnet daemon # -telnet = base +telnet = module # Layer: services # Module: irqbalance diff --git a/modules-targeted.conf b/modules-targeted.conf index 8c09075..20c9465 100644 --- a/modules-targeted.conf +++ b/modules-targeted.conf @@ -1040,7 +1040,7 @@ rdisc = module # # Policy for rshd, rlogind, and telnetd. # -remotelogin = base +remotelogin = module # Layer: services # Module: ricci diff --git a/policy-20080710.patch b/policy-20080710.patch index 1b915e2..6340878 100644 --- a/policy-20080710.patch +++ b/policy-20080710.patch @@ -23287,7 +23287,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol ## diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.5.8/policy/modules/services/rpc.te --- nsaserefpolicy/policy/modules/services/rpc.te 2008-08-14 13:08:27.000000000 -0400 -+++ serefpolicy-3.5.8/policy/modules/services/rpc.te 2008-09-18 16:45:56.000000000 -0400 ++++ serefpolicy-3.5.8/policy/modules/services/rpc.te 2008-09-18 16:55:00.000000000 -0400 @@ -23,7 +23,7 @@ gen_tunable(allow_nfsd_anon_write, false) @@ -23331,7 +23331,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol +userdom_dontaudit_search_users_home_dirs(gssd_t) +sysadm_dontaudit_search_home_dirs(gssd_t) -+userdom_dontaudit_write_user_tmp_files(user, gssd_t) ++userdom_dontaudit_manage_user_tmp_files(user, gssd_t) + tunable_policy(`allow_gssd_read_tmp',` userdom_list_unpriv_users_tmp(gssd_t) diff --git a/selinux-policy.spec b/selinux-policy.spec index 39380cb..d85b2bd 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.5.8 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -381,7 +381,7 @@ exit 0 %endif %changelog -* Thu Sep 18 2008 Dan Walsh 3.5.8-2 +* Thu Sep 18 2008 Dan Walsh 3.5.8-3 - Fix labeling on new pm*log - Allow ssh to bind to all nodes