From 4dba2eb895028584699c055fa40d180caed0121c Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Oct 19 2011 12:29:33 +0000 Subject: Allow svirt_lxc_domain to chr_file and blk_file devices if they are in the domain Allow init process to setrlimit on itself Take away transition rules for users executing ssh-keygen Allow setroubleshoot_fixit_t to read /dev/urand Allow sshd to relbale tunnel sockets Allow fail2ban domtrans to shorewall in the same way as with iptables Add support for lnk files in the /var/lib/sssd directory Allow system mail to connect to courier-authdaemon over an unix stream socket --- diff --git a/default_trans.patch b/default_trans.patch new file mode 100644 index 0000000..617a301 --- /dev/null +++ b/default_trans.patch @@ -0,0 +1,11 @@ +diff --git a/policy/mcs b/policy/mcs +index ed7a0c1..90d0b1e 100644 +--- a/policy/mcs ++++ b/policy/mcs +@@ -1,4 +1,6 @@ + ifdef(`enable_mcs',` ++default_trans level dir_file_class_set parent; ++ + # + # Define sensitivities + # diff --git a/selinux-policy.spec b/selinux-policy.spec index 7605845..d94654c 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -250,7 +250,7 @@ Based off of reference policy: Checked out revision 2.20091117 %patch5 -p1 -b .userdomain %patch6 -p1 -b .apache %patch7 -p1 -b .ptrace -%patch8 -p1 -b .default_trans +#%patch8 -p1 -b .default_trans %install mkdir selinux_config