From d4da533c327001aa4ece117403feaff09ae9fef8 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Dec 10 2005 05:19:29 +0000 Subject: - Update to upstream - Turn off allow_execmem and allow_execmod booleans - Add tcpd and automount policies --- diff --git a/.cvsignore b/.cvsignore index f8e1dc7..66eec25 100644 --- a/.cvsignore +++ b/.cvsignore @@ -16,3 +16,4 @@ nsadiff nsaserefpolicy serefpolicy-2.1.0.tgz serefpolicy-2.1.1.tgz +serefpolicy-2.1.2.tgz diff --git a/booleans-targeted.conf b/booleans-targeted.conf index 1432d45..9646d9e 100644 --- a/booleans-targeted.conf +++ b/booleans-targeted.conf @@ -1,10 +1,10 @@ # Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack. # -allow_execmem = true +allow_execmem = false # Allow making a modified private filemapping executable (text relocation). # -allow_execmod = true +allow_execmod = false # Allow making the stack executable via mprotect.Also requires allow_execmem. # diff --git a/modules-targeted.conf b/modules-targeted.conf index 5380d70..65af0bc 100644 --- a/modules-targeted.conf +++ b/modules-targeted.conf @@ -383,6 +383,14 @@ remotelogin = base telnet = base # Layer: services +# Module: irqbalance +# +# IRQ balancing daemon +# +irqbalance = base + + +# Layer: services # Module: mailman # # Mailman is for managing electronic mail discussion and e-newsletter lists @@ -453,6 +461,13 @@ networkmanager = base inn = base # Layer: services +# Module: sysstat +# +# Policy for sysstat. Reports on various system states +# +sysstat = base + +# Layer: services # Module: comsat # # Comsat, a biff server. @@ -474,6 +489,13 @@ squid = base zebra = base # Layer: services +# Module: xfs +# +# X Windows Font Server +# +xfs = base + +# Layer: services # Module: ktalk # # KDE Talk daemon @@ -502,6 +524,13 @@ lpd = base cyrus = base # Layer: services +# Module: rdisc +# +# Network router discovery daemon +# +rdisc = base + +# Layer: services # Module: xdm # # X windows login display manager @@ -534,7 +563,7 @@ ftp = base # # General Purpose Mouse driver # -gpm = on +gpm = base # Layer: services # Module: mta @@ -551,6 +580,13 @@ mta = base postfix = base # Layer: services +# Module: fetchmail +# +# Remote-mail retrieval and forwarding utility +# +fetchmail = base + +# Layer: services # Module: ntp # # Network time protocol daemon @@ -600,6 +636,13 @@ apache = base rsync = base # Layer: services +# Module: automount +# +# Filesystem automounter service. +# +automount = base + +# Layer: services # Module: kerberos # # MIT Kerberos admin and KDC @@ -681,7 +724,7 @@ apm = base # # Policy for TCP daemon. # -tcpd = off +tcpd = base # Layer: services # Module: stunnel diff --git a/selinux-policy.spec b/selinux-policy.spec index 32d5f80..588f2fe 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -9,8 +9,8 @@ %define CHECKPOLICYVER 1.28-1 Summary: SELinux policy configuration Name: selinux-policy -Version: 2.1.1 -Release: 3 +Version: 2.1.2 +Release: 1 License: GPL Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -234,11 +234,17 @@ SELinux Reference policy %{polname3} base module. %{rebuildpolicy} %{polname3} %files %{polname3} -#%#fileList %{polname3} +%fileList %{polname3} + %endif %changelog +* Sat Dec 9 2005 Dan Walsh 2.1.2-1 +- Update to upstream +- Turn off allow_execmem and allow_execmod booleans +- Add tcpd and automount policies + * Fri Dec 8 2005 Dan Walsh 2.1.1-3 - Add two new httpd booleans, turned off by default * httpd_can_network_relay diff --git a/sources b/sources index 76806c5..4c6c7b7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -616555f125d058a5b53683a8a5059247 serefpolicy-2.1.1.tgz +d77949c237d2b879916e1bc44447d394 serefpolicy-2.1.2.tgz