diff --git a/.cvsignore b/.cvsignore index 1d21095..7282265 100644 --- a/.cvsignore +++ b/.cvsignore @@ -108,3 +108,4 @@ serefpolicy-2.5.4.tgz serefpolicy-2.5.5.tgz serefpolicy-2.5.6.tgz serefpolicy-2.5.7.tgz +serefpolicy-2.5.8.tgz diff --git a/modules-mls.conf b/modules-mls.conf index cf9effa..aad8005 100644 --- a/modules-mls.conf +++ b/modules-mls.conf @@ -1037,3 +1037,10 @@ pcscd = module # Policy for tzdata-update # tzdata = base + +# Layer: admin +# Module: amtu +# +# Abstract Machine Test Utility (AMTU) +# +amtu = module diff --git a/modules-strict.conf b/modules-strict.conf index 64cadcb..b80282b 100644 --- a/modules-strict.conf +++ b/modules-strict.conf @@ -456,7 +456,7 @@ ethereal = module # Layer: apps # Module: userhelper # -# SELinux utility to run a shell with a new role +# A helper interface to pam. # userhelper = module @@ -815,13 +815,6 @@ openct = module snmp = module # Layer: services -# Module: ucspitcp -# -# ucspitcp policy -# -ucspitcp = module - -# Layer: services # Module: publicfile # # publicfile supplies files to the public through HTTP and FTP @@ -1128,7 +1121,7 @@ xserver = module # # Apache web server # -apache = module +apache = base # Layer: services # Module: slrnpull @@ -1340,3 +1333,24 @@ qmail = module # daiemon that bans IP that makes too many password failures # fail2ban = module + +# Layer: services +# Module: pyzor +# +# Spam Blocker +# +pyzor = module + +# Layer: services +# Module: ricci +# +# policy for ricci +# +ricci = module + +# Layer: admin +# Module: amtu +# +# Abstract Machine Test Utility (AMTU) +# +amtu = module diff --git a/modules-targeted.conf b/modules-targeted.conf index 319370d..2c442a6 100644 --- a/modules-targeted.conf +++ b/modules-targeted.conf @@ -11,92 +11,205 @@ # as individual loadable modules. # -# Layer: kernel -# Module: terminal -# Required in base +# Layer: admin +# Module: acct # -# Policy for terminals. +# Berkeley process accounting # -terminal = base +acct = base -# Layer: kernel -# Module: kernel -# Required in base +# Layer: admin +# Module: alsa # -# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. +# Ainit ALSA configuration tool # -kernel = base +alsa = off -# Layer: kernel -# Module: filesystem -# Required in base +# Layer: apps +# Module: ada # -# Policy for filesystems. +# ada executable # -filesystem = base +ada = base -# Layer: kernel -# Module: devices -# Required in base +# Layer: admin +# Module: amanda # -# Device nodes and interfaces for many basic system devices. +# Automated backup program. # -devices = base +amanda = base -# Layer: kernel -# Module: corenetwork -# Required in base +# Layer: services +# Module: amavis # -# Policy controlling access to network objects +# Anti-virus # -corenetwork = base +amavis = module -# Layer: kernel -# Module: mls -# Required in base +# Layer: admin +# Module: anaconda # -# Multilevel security policy +# Policy for the Anaconda installer. # -mls = base +anaconda = base -# Layer: kernel -# Module: mcs +# Layer: services +# Module: apache +# +# Apache web server +# +apache = base + +# Layer: services +# Module: apm +# +# Advanced power management daemon +# +apm = base + +# Layer: system +# Module: application # Required in base # -# MultiCategory security policy +# Defines attributs and interfaces for all user applications # -mcs = base +application = base + +# Layer: services +# Module: arpwatch +# +# Ethernet activity monitor. +# +arpwatch = base + +# Layer: services +# Module: audioentropy +# +# Generate entropy from audio input +# +audioentropy = module + +# Layer: system +# Module: authlogin +# +# Common policy for authentication and user login. +# +authlogin = base + +# Layer: services +# Module: automount +# +# Filesystem automounter service. +# +automount = base + +# Layer: services +# Module: avahi +# +# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture +# +avahi = base + +# Layer: services +# Module: bind +# +# Berkeley internet name domain DNS server. +# +bind = base + +# Layer: services +# Module: bluetooth +# +# Bluetooth tools and system services. +# +bluetooth = base # Layer: kernel -# Module: selinux -# Required in base +# Module: bootloader # -# Policy for kernel security interface, in particular, selinuxfs. +# Policy for the kernel modules, kernel image, and bootloader. # -selinux = base +bootloader = base + + +# Layer: services +# Module: canna +# +# Canna - kana-kanji conversion server +# +canna = base + + +# Layer: services +# Module: ccs +# +# policy for ccs +# +ccs = module + +# Layer: apps +# Module: calamaris +# +# +# Squid log analysis +# +calamaris = module + +# Layer: apps +# Module: cdrecord +# +# Policy for cdrecord +# +cdrecord = module # Layer: admin -# Module: prelink +# Module: certwatch # -# Manage temporary directory sizes and file ages +# Digital Certificate Tracking # -prelink = base +certwatch = module -# Layer: kernel -# Module: files -# Required in base +# Layer: services +# Module: cipe # -# Basic filesystem types and interfaces. +# Encrypted tunnel daemon # -files = base +cipe = module + +# Layer: services +# Module: comsat +# +# Comsat, a biff server. +# +comsat = base + +# Layer: services +# Module: clamav +# +# ClamAV Virus Scanner +# +clamav = module # Layer: system -# Module: domain -# Required in base +# Module: clock # -# Core policy for domains. +# Policy for reading and setting the hardware clock. # -domain = base +clock = base + +# Layer: services +# Module: consolekit +# +# ConsoleKit is a system daemon for tracking what users are logged +# +consolekit = module + +# Layer: admin +# Module: consoletype +# +# Determine of the console connected to the controlling terminal. +# +consoletype = base # Layer: kernel # Module: corecommands @@ -107,145 +220,207 @@ domain = base # corecommands = base -# Layer: admin -# Module: acct +# Layer: kernel +# Module: corenetwork +# Required in base # -# Berkeley process accounting +# Policy controlling access to network objects # -acct = base +corenetwork = base -# Layer: admin -# Module: usermanage +# Layer: services +# Module: cpucontrol # -# Policy for managing user accounts. +# Services for loading CPU microcode and CPU frequency scaling. # -usermanage = base +cpucontrol = base -# Layer: admin -# Module: rpm +# Layer: services +# Module: cron # -# Policy for the RPM package manager. +# Periodic execution of scheduled commands. # -rpm = base +cron = base -# Layer: admin -# Module: readahead +# Layer: services +# Module: cups # -# Readahead, read files into page cache for improved performance +# Common UNIX printing system # -readahead = base +cups = base + +# Layer: services +# Module: cvs +# +# Concurrent versions system +# +cvs = base + +# Layer: services +# Module: cyrus +# +# Cyrus is an IMAP service intended to be run on sealed servers +# +cyrus = base + +# Layer: system +# Module: daemontools +# +# Collection of tools for managing UNIX services +# +daemontools = module + +# Layer: services +# Module: dbskk +# +# Dictionary server for the SKK Japanese input method system. +# +dbskk = base + +# Layer: services +# Module: dbus +# +# Desktop messaging bus +# +dbus = base + + +# Layer: services +# Module: dcc +# +# A distributed, collaborative, spam detection and filtering network. +# +dcc = module # Layer: admin -# Module: kudzu +# Module: ddcprobe # -# Hardware detection and configuration tools +# ddcprobe retrieves monitor and graphics card information # -kudzu = base +ddcprobe = off # Layer: kernel -# Module: bootloader +# Module: devices +# Required in base # -# Policy for the kernel modules, kernel image, and bootloader. +# Device nodes and interfaces for many basic system devices. # -bootloader = base +devices = base -# Layer: admin -# Module: updfstab +# Layer: services +# Module: dhcp # -# Red Hat utility to change /etc/fstab. +# Dynamic host configuration protocol (DHCP) server # -updfstab = base +dhcp = base -# Layer: admin -# Module: netutils +# Layer: services +# Module: dictd # -# Network analysis utilities +# Dictionary daemon # -netutils = base +dictd = base + +# Layer: services +# Module: distcc +# +# Distributed compiler daemon +# +distcc = off # Layer: admin -# Module: alsa +# Module: dmesg # -# Ainit ALSA configuration tool +# Policy for dmesg. # -alsa = off +dmesg = base # Layer: admin -# Module: vpn +# Module: dmidecode +# +# Decode DMI data for x86/ia64 bioses. +# +dmidecode = base + +# Layer: system +# Module: domain +# Required in base # -# Virtual Private Networking client +# Core policy for domains. # -vpn = base +domain = base -# Layer: admin -# Module: su +# Layer: services +# Module: dovecot # -# Run shells with substitute user and group +# Dovecot POP and IMAP mail server # -su = base +dovecot = base -# Layer: admin -# Module: dmesg +# Layer: apps +# Module: gpg # -# Policy for dmesg. +# Policy for GNU Privacy Guard and related programs. # -dmesg = base +gpg = off -# Layer: admin -# Module: anaconda +# Layer: services +# Module: gpm # -# Policy for the Anaconda installer. +# General Purpose Mouse driver # -anaconda = base +gpm = base -# Layer: admin -# Module: amanda +# Layer: apps +# Module: ethereal # -# Automated backup program. +# Ethereal packet capture tool. # -amanda = base +ethereal = module -# Layer: admin -# Module: logrotate +# Layer: apps +# Module: evolution # -# Rotate and archive system logs +# Evolution email client # -logrotate = base +evolution = module -# Layer: admin -# Module: ddcprobe +# Layer: services +# Module: fail2ban # -# ddcprobe retrieves monitor and graphics card information +# daiemon that bans IP that makes too many password failures # -ddcprobe = off +fail2ban = module -# Layer: admin -# Module: quota +# Layer: services +# Module: fetchmail # -# File system quota management +# Remote-mail retrieval and forwarding utility # -quota = off +fetchmail = base -# Layer: admin -# Module: consoletype +# Layer: kernel +# Module: files +# Required in base # -# Determine of the console connected to the controlling terminal. +# Basic filesystem types and interfaces. # -consoletype = base +files = base -# Layer: admin -# Module: sudo +# Layer: kernel +# Module: filesystem +# Required in base # -# Execute a command with a substitute user +# Policy for filesystems. # -sudo = base +filesystem = base -# Layer: admin -# Module: vbetool +# Layer: services +# Module: finger # -# run real-mode video BIOS code to alter hardware state +# Finger user information service. # -vbetool = base +finger = base # Layer: admin # Module: firstboot @@ -255,96 +430,126 @@ vbetool = base # firstboot = base -# Layer: admin -# Module: tmpreaper +# Layer: system +# Module: fstools # -# Manage temporary directory sizes and file ages +# Tools for filesystem management, such as mkfs and fsck. # -tmpreaper = off +fstools = base -# Layer: admin -# Module: dmidecode +# Layer: services +# Module: ftp # -# Decode DMI data for x86/ia64 bioses. +# File transfer protocol service # -dmidecode = base +ftp = base # Layer: apps -# Module: gpg +# Module: games # -# Policy for GNU Privacy Guard and related programs. +# The Open Group Pegasus CIM/WBEM Server. # -gpg = off +games = module -# Layer: apps -# Module: loadkeys +# Layer: system +# Module: getty # -# Load keyboard mappings. +# Policy for getty. # -loadkeys = base +getty = base # Layer: apps -# Module: webalizer +# Module: gnome # -# Web server log analysis +# gnome session and gconf # -webalizer = base +gnome = module -# Layer: kernel -# Module: storage +# Layer: services +# Module: hal # -# Policy controlling access to storage devices +# Hardware abstraction layer # -storage = base +hal = module -# Layer: services -# Module: nis +# Layer: system +# Module: hostname # -# Policy for NIS (YP) servers and clients +# Policy for changing the system host name. # -nis = base +hostname = base -# Layer: services -# Module: distcc + +# Layer: system +# Module: hotplug # -# Distributed compiler daemon +# Policy for hotplug system, for supporting the +# connection and disconnection of devices at runtime. # -distcc = off +hotplug = base # Layer: services -# Module: rshd +# Module: howl # -# Remote shell service. +# Port of Apple Rendezvous multicast DNS # -rshd = base +howl = base # Layer: services -# Module: cpucontrol +# Module: inetd # -# Services for loading CPU microcode and CPU frequency scaling. +# Internet services daemon. # -cpucontrol = base +inetd = base -# Layer: services -# Module: vbetool +# Layer: system +# Module: init # -# run real-mode video BIOS code to alter hardware state +# System initialization programs (init and init scripts). # -vbetool = base +init = base # Layer: services -# Module: bind +# Module: inn # -# Berkeley internet name domain DNS server. +# Internet News NNTP server # -bind = base +inn = base + +# Layer: system +# Module: iptables +# +# Policy for iptables. +# +iptables = base + +# Layer: system +# Module: ipsec +# +# TCP/IP encryption +# +ipsec = off + +# Layer: apps +# Module: irc +# +# IRC client policy +# +irc = module # Layer: services -# Module: canna +# Module: irqbalance # -# Canna - kana-kanji conversion server +# IRQ balancing daemon # -canna = base +irqbalance = base + +# Layer: system +# Module: iscsi +# +# Open-iSCSI daemon +# +iscsi = module # Layer: services # Module: i18n_input @@ -353,112 +558,113 @@ canna = base # i18n_input = off -# Layer: services -# Module: uucp + +# Layer: apps +# Module: java # -# Unix to Unix Copy +# java executable # -uucp = base +java = base # Layer: services -# Module: sasl +# Module: kerberos # -# SASL authentication server +# MIT Kerberos admin and KDC # -sasl = base +kerberos = base -# Layer: services -# Module: pegasus +# Layer: kernel +# Module: kernel +# Required in base # -# The Open Group Pegasus CIM/WBEM Server. +# Policy for kernel threads, proc filesystem,and unlabeled processes and objects. # -pegasus = base +kernel = base # Layer: services -# Module: cron +# Module: ktalk # -# Periodic execution of scheduled commands. +# KDE Talk daemon # -cron = base +ktalk = base -# Layer: services -# Module: sendmail +# Layer: admin +# Module: kudzu # -# Policy for sendmail. +# Hardware detection and configuration tools # -sendmail = base +kudzu = base + # Layer: services -# Module: samba +# Module: ldap # -# SMB and CIFS client/server programs for UNIX and -# name Service Switch daemon for resolving names -# from Windows NT servers. +# OpenLDAP directory server # -samba = base +ldap = base -# Layer: services -# Module: dbus +# Layer: system +# Module: libraries # -# Desktop messaging bus +# Policy for system libraries. # -dbus = base +libraries = base -# Layer: services -# Module: howl +# Layer: apps +# Module: loadkeys # -# Port of Apple Rendezvous multicast DNS +# Load keyboard mappings. # -howl = base +loadkeys = base -# Layer: services -# Module: timidity +# Layer: system +# Module: locallogin # -# MIDI to WAV converter and player configured as a service +# Policy for local logins. # -timidity = off +locallogin = base -# Layer: services -# Module: postgresql +# Layer: apps +# Module: lockdev # -# PostgreSQL relational database +# device locking policy for lockdev # -postgresql = base +lockdev = module -# Layer: services -# Module: openct +# Layer: system +# Module: logging # -# Service for handling smart card readers. +# Policy for the kernel message logger and system logging daemon. # -openct = off +logging = base -# Layer: services -# Module: snmp +# Layer: admin +# Module: logrotate # -# Simple network management protocol services +# Rotate and archive system logs # -snmp = base +logrotate = base # Layer: services -# Module: remotelogin +# Module: logwatch # -# Policy for rshd, rlogind, and telnetd. +# logwatch executable # -remotelogin = base +logwatch = base # Layer: services -# Module: telnet +# Module: lpd # -# Telnet daemon +# Line printer daemon # -telnet = base +lpd = base -# Layer: services -# Module: irqbalance +# Layer: system +# Module: lvm # -# IRQ balancing daemon +# Policy for logical volume management programs. # -irqbalance = base +lvm = base # Layer: services @@ -468,187 +674,190 @@ irqbalance = base # mailman = base -# Layer: services -# Module: dbskk +# Layer: kernel +# Module: mcs +# Required in base # -# Dictionary server for the SKK Japanese input method system. +# MultiCategory security policy # -dbskk = base +mcs = base -# Layer: services -# Module: ldap +# Layer: system +# Module: miscfiles # -# OpenLDAP directory server +# Miscelaneous files. # -ldap = base +miscfiles = base -# Layer: services -# Module: tftp +# Layer: kernel +# Module: mls +# Required in base # -# Trivial file transfer protocol daemon +# Multilevel security policy # -tftp = base +mls = base -# Layer: services -# Module: portmap +# Layer: system +# Module: modutils # -# RPC port mapping service. +# Policy for kernel module utilities # -portmap = base +modutils = base -# Layer: services -# Module: arpwatch +# Layer: apps +# Module: mono # -# Ethernet activity monitor. +# mono executable # -arpwatch = base +mono = base -# Layer: services -# Module: dovecot +# Layer: system +# Module: mount # -# Dovecot POP and IMAP mail server +# Policy for mount. # -dovecot = base +mount = base -# Layer: services -# Module: cups +# Layer: apps +# Module: mozilla # -# Common UNIX printing system +# Policy for Mozilla and related web browsers # -cups = base +mozilla = module -# Layer: services -# Module: networkmanager -# -# Manager for dynamically switching between networks. -# -networkmanager = base -# Layer: services -# Module: inn +# Layer: apps +# Module: mplayer # -# Internet News NNTP server +# Policy for Mozilla and related web browsers # -inn = base +mplayer = module -# Layer: services -# Module: sysstat +# Layer: admin +# Module: mrtg # -# Policy for sysstat. Reports on various system states +# Network traffic graphing # -sysstat = base +mrtg = module + # Layer: services -# Module: comsat +# Module: mta # -# Comsat, a biff server. +# Policy common to all email tranfer agents. # -comsat = base +mta = base + # Layer: services -# Module: squid +# Module: mysql # -# Squid caching http proxy server +# Policy for MySQL # -squid = base +mysql = base # Layer: services -# Module: zebra +# Module: nagios # -# Zebra border gateway protocol network routing service +# policy for nagios Host/service/network monitoring program # -zebra = base +nagios = module -# Layer: services -# Module: xfs +# Layer: admin +# Module: netutils # -# X Windows Font Server +# Network analysis utilities # -xfs = base +netutils = base # Layer: services -# Module: ktalk +# Module: networkmanager # -# KDE Talk daemon +# Manager for dynamically switching between networks. # -ktalk = base +networkmanager = base # Layer: services -# Module: procmail +# Module: nis # -# Procmail mail delivery agent +# Policy for NIS (YP) servers and clients # -procmail = base +nis = base + # Layer: services -# Module: lpd +# Module: nscd # -# Line printer daemon +# Name service cache daemon # -lpd = base +nscd = base + # Layer: services -# Module: cyrus +# Module: ntp # -# Cyrus is an IMAP service intended to be run on sealed servers +# Network time protocol daemon # -cyrus = base +ntp = base # Layer: services -# Module: rdisc +# Module: oddjob # -# Network router discovery daemon +# policy for oddjob # -rdisc = base +oddjob = module # Layer: services -# Module: xserver +# Module: openct # -# X windows login display manager +# Service for handling smart card readers. # -xserver = base +openct = off # Layer: services -# Module: rhgb +# Module: openvpn # -# X windows login display manager +# Policy for OPENVPN full-featured SSL VPN solution # -rhgb = base +openvpn = base -# Layer: services -# Module: nscd + + +# Layer: service +# Module: pcscd # -# Name service cache daemon -# -nscd = base +# PC/SC Smart Card Daemon +# +pcscd = module -# Layer: services -# Module: ppp +# Layer: system +# Module: pcmcia # -# Point to Point Protocol daemon creates links in ppp networks +# PCMCIA card management services # -ppp = base +pcmcia = base # Layer: services -# Module: ftp +# Module: pegasus # -# File transfer protocol service +# The Open Group Pegasus CIM/WBEM Server. # -ftp = base +pegasus = base # Layer: services -# Module: gpm +# Module: postgresql # -# General Purpose Mouse driver +# PostgreSQL relational database # -gpm = base +postgresql = base # Layer: services -# Module: mta +# Module: portmap # -# Policy common to all email tranfer agents. +# RPC port mapping service. # -mta = base +portmap = base + # Layer: services # Module: postfix @@ -658,335 +867,350 @@ mta = base postfix = base # Layer: services -# Module: fetchmail +# Module: ppp +# +# Point to Point Protocol daemon creates links in ppp networks +# +ppp = base + +# Layer: admin +# Module: prelink # -# Remote-mail retrieval and forwarding utility +# Manage temporary directory sizes and file ages # -fetchmail = base +prelink = base # Layer: services -# Module: ntp +# Module: procmail # -# Network time protocol daemon +# Procmail mail delivery agent # -ntp = base +procmail = base # Layer: services -# Module: bluetooth +# Module: privoxy # -# Bluetooth tools and system services. +# Privacy enhancing web proxy. # -bluetooth = base +privoxy = base # Layer: services -# Module: hal +# Module: publicfile # -# Hardware abstraction layer +# publicfile supplies files to the public through HTTP and FTP # -hal = module +publicfile = module # Layer: services -# Module: consolekit +# Module: pyzor # -# ConsoleKit is a system daemon for tracking what users are logged +# Spam Blocker # -consolekit = module +pyzor = module + # Layer: services -# Module: avahi +# Module: qmail # -# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture +# Policy for sendmail. # -avahi = base +qmail = module -# Layer: services -# Module: rpc +# Layer: admin +# Module: quota # -# Remote Procedure Call Daemon for managment of network based process communication +# File system quota management # -rpc = base +quota = off -# Layer: services -# Module: apache +# Layer: system +# Module: raid # -# Apache web server +# RAID array management tools # -apache = base +raid = base # Layer: services -# Module: slrnpull +# Module: radius # -# Service for downloading news feeds the slrn newsreader. +# RADIUS authentication and accounting server. # -slrnpull = off +radius = base # Layer: services -# Module: rsync +# Module: radius # -# Fast incremental file transfer for synchronization +# RADIUS authentication and accounting server. # -rsync = base +radius = base + # Layer: services -# Module: automount +# Module: radvd # -# Filesystem automounter service. +# IPv6 router advertisement daemon # -automount = base +radvd = base # Layer: services -# Module: kerberos +# Module: razor # -# MIT Kerberos admin and KDC +# A distributed, collaborative, spam detection and filtering network. # -kerberos = base +razor = module -# Layer: services -# Module: dhcp +# Layer: admin +# Module: readahead # -# Dynamic host configuration protocol (DHCP) server +# Readahead, read files into page cache for improved performance # -dhcp = base +readahead = base # Layer: services -# Module: ssh +# Module: rhgb # -# Secure shell client and server policy. +# X windows login display manager # -ssh = base +rhgb = base # Layer: services -# Module: inetd +# Module: rdisc # -# Internet services daemon. +# Network router discovery daemon # -inetd = base +rdisc = base # Layer: services -# Module: mysql +# Module: remotelogin # -# Policy for MySQL +# Policy for rshd, rlogind, and telnetd. # -mysql = base +remotelogin = base # Layer: services -# Module: dictd +# Module: ricci # -# Dictionary daemon +# policy for ricci # -dictd = base +ricci = module # Layer: services -# Module: finger +# Module: rlogin # -# Finger user information service. +# Remote login daemon # -finger = base +rlogin = base # Layer: services -# Module: radius +# Module: roundup # -# RADIUS authentication and accounting server. +# Roundup Issue Tracking System policy # -radius = base +roundup = module # Layer: services -# Module: spamassassin +# Module: rpc # -# Filter used for removing unsolicited email. +# Remote Procedure Call Daemon for managment of network based process communication # -spamassassin = base +rpc = base -# Layer: services -# Module: radvd +# Layer: admin +# Module: rpm # -# IPv6 router advertisement daemon +# Policy for the RPM package manager. # -radvd = base +rpm = base + # Layer: services -# Module: apm +# Module: rshd # -# Advanced power management daemon +# Remote shell service. # -apm = base +rshd = base # Layer: services -# Module: tcpd +# Module: rsync # -# Policy for TCP daemon. +# Fast incremental file transfer for synchronization # -tcpd = base +rsync = base + # Layer: services -# Module: stunnel +# Module: sasl # -# SSL Tunneling Proxy +# SASL authentication server # -stunnel = base +sasl = base # Layer: services -# Module: privoxy +# Module: sendmail # -# Privacy enhancing web proxy. +# Policy for sendmail. # -privoxy = base +sendmail = base # Layer: services -# Module: cvs +# Module: samba # -# Concurrent versions system +# SMB and CIFS client/server programs for UNIX and +# name Service Switch daemon for resolving names +# from Windows NT servers. # -cvs = base +samba = base -# Layer: services -# Module: rlogin +# Layer: apps +# Module: screen # -# Remote login daemon +# GNU terminal multiplexer # -rlogin = base +screen = module -# Layer: system -# Module: application +# Layer: kernel +# Module: selinux # Required in base # -# Defines attributs and interfaces for all user applications +# Policy for kernel security interface, in particular, selinuxfs. # -application = base +selinux = base # Layer: system -# Module: fstools +# Module: selinuxutil # -# Tools for filesystem management, such as mkfs and fsck. +# Policy for SELinux policy and userland applications. # -fstools = base +selinuxutil = base # Layer: system -# Module: logging +# Module: setrans +# Required in base # -# Policy for the kernel message logger and system logging daemon. +# Policy for setrans # -logging = base +setrans = base -# Layer: system -# Module: hostname +# Layer: services +# Module: setroubleshoot # -# Policy for changing the system host name. +# Policy for the SELinux troubleshooting utility # -hostname = base +setroubleshoot = base -# Layer: system -# Module: getty +# Layer: services +# Module: slrnpull # -# Policy for getty. +# Service for downloading news feeds the slrn newsreader. # -getty = base +slrnpull = off -# Layer: system -# Module: lvm + +# Layer: apps +# Module: slocate # -# Policy for logical volume management programs. +# Update database for mlocate # -lvm = base +slocate = module -# Layer: system -# Module: sysnetwork +# Layer: services +# Module: smartmon # -# Policy for network configuration: ifconfig and dhcp client. +# Smart disk monitoring daemon policy # -sysnetwork = base +smartmon = module -# Layer: system -# Module: init +# Layer: services +# Module: snmp # -# System initialization programs (init and init scripts). +# Simple network management protocol services # -init = base +snmp = base -# Layer: system -# Module: selinuxutil +# Layer: services +# Module: spamassassin # -# Policy for SELinux policy and userland applications. +# Filter used for removing unsolicited email. # -selinuxutil = base +spamassassin = base -# Layer: system -# Module: udev +# Layer: services +# Module: squid # -# Policy for udev. +# Squid caching http proxy server # -udev = base +squid = base -# Layer: system -# Module: pcmcia +# Layer: services +# Module: ssh # -# PCMCIA card management services +# Secure shell client and server policy. # -pcmcia = base +ssh = base -# Layer: system -# Module: authlogin +# Layer: kernel +# Module: storage # -# Common policy for authentication and user login. +# Policy controlling access to storage devices # -authlogin = base +storage = base -# Layer: system -# Module: libraries +# Layer: services +# Module: stunnel # -# Policy for system libraries. +# SSL Tunneling Proxy # -libraries = base +stunnel = base -# Layer: system -# Module: userdomain +# Layer: admin +# Module: su # -# Policy for user domains +# Run shells with substitute user and group # -userdomain = base +su = base -# Layer: system -# Module: modutils +# Layer: admin +# Module: sudo # -# Policy for kernel module utilities +# Execute a command with a substitute user # -modutils = base +sudo = base # Layer: system -# Module: hotplug +# Module: sysnetwork # -# Policy for hotplug system, for supporting the -# connection and disconnection of devices at runtime. +# Policy for network configuration: ifconfig and dhcp client. # -hotplug = base +sysnetwork = base -# Layer: system -# Module: clock + +# Layer: services +# Module: sysstat # -# Policy for reading and setting the hardware clock. +# Policy for sysstat. Reports on various system states # -clock = base +sysstat = base -# Layer: system -# Module: locallogin +# Layer: services +# Module: tcpd # -# Policy for local logins. +# Policy for TCP daemon. # -locallogin = base +tcpd = base # Layer: system -# Module: iptables +# Module: udev # -# Policy for iptables. +# Policy for udev. # -iptables = base +udev = base # Layer: system -# Module: mount +# Module: userdomain # -# Policy for mount. +# Policy for user domains # -mount = base +userdomain = base # Layer: system # Module: unconfined @@ -995,223 +1219,187 @@ mount = base # unconfined = base -# Layer: system -# Module: miscfiles -# -# Miscelaneous files. -# -miscfiles = base - -# Layer: system -# Module: ipsec +# Layer: apps +# Module: wine # -# TCP/IP encryption +# wine executable # -ipsec = off +wine = base -# Layer: system -# Module: xen +# Layer: admin +# Module: tzdata # -# TCP/IP encryption +# Policy for tzdata-update # -xen = base +tzdata = base # Layer: apps -# Module: java +# Module: userhelper # -# java executable +# A helper interface to pam. # -java = base +userhelper = module # Layer: apps -# Module: ada +# Module: thunderbird # -# ada executable +# Thunderbird email client # -ada = base +thunderbird = module # Layer: services -# Module: logwatch +# Module: tor # -# logwatch executable +# TOR, the onion router # -logwatch = base +tor = module # Layer: apps -# Module: wine +# Module: tvtime # -# wine executable +# tvtime - a high quality television application # -wine = base +tvtime = module # Layer: apps -# Module: mono -# -# mono executable -# -mono = base - -# Layer: services -# Module: pyzor +# Module: uml # -# Spam Blocker +# Policy for UML # -pyzor = module +uml = module -# Layer: services -# Module: amavis +# Layer: admin +# Module: usbmodules # -# Anti-virus +# List kernel modules of USB devices # -amavis = module +usbmodules = module -# Layer: services -# Module: clamav +# Layer: apps +# Module: usernetctl # -# ClamAV Virus Scanner +# User network interface configuration helper # -clamav = module +usernetctl = module -# Layer: services -# Module: razor -# -# A distributed, collaborative, spam detection and filtering network. -# -razor = module -# Layer: services -# Module: dcc -# -# A distributed, collaborative, spam detection and filtering network. -# -dcc = module # Layer: system -# Module: setrans -# Required in base +# Module: xen # -# Policy for setrans +# TCP/IP encryption # -setrans = base +xen = base # Layer: services -# Module: openvpn +# Module: telnet # -# Policy for OPENVPN full-featured SSL VPN solution +# Telnet daemon # -openvpn = base - +telnet = base # Layer: services -# Module: setroubleshoot +# Module: timidity # -# Policy for the SELinux troubleshooting utility +# MIDI to WAV converter and player configured as a service # -setroubleshoot = base +timidity = off # Layer: services -# Module: nagios +# Module: tftp # -# policy for nagios Host/service/network monitoring program +# Trivial file transfer protocol daemon # -nagios = module - +tftp = base -# Layer: apps -# Module: evolution +# Layer: services +# Module: uucp # -# Evolution email client +# Unix to Unix Copy # -evolution = module +uucp = base -# Layer: apps -# Module: mplayer +# Layer: services +# Module: vbetool # -# Policy for Mozilla and related web browsers +# run real-mode video BIOS code to alter hardware state # -mplayer = module +vbetool = base # Layer: apps -# Module: mozilla +# Module: webalizer # -# Policy for Mozilla and related web browsers +# Web server log analysis # -mozilla = module +webalizer = base # Layer: services -# Module: ricci +# Module: xfs # -# policy for ricci +# X Windows Font Server # -ricci = module +xfs = base # Layer: services -# Module: oddjob +# Module: xserver # -# policy for oddjob +# X windows login display manager # -oddjob = module +xserver = base # Layer: services -# Module: ccs +# Module: zebra # -# policy for ccs +# Zebra border gateway protocol network routing service # -ccs = module +zebra = base -# Layer: system -# Module: raid +# Layer: admin +# Module: usermanage # -# RAID array management tools +# Policy for managing user accounts. # -raid = base +usermanage = base -# Layer: services -# Module: smartmon +# Layer: admin +# Module: updfstab # -# Smart disk monitoring daemon policy +# Red Hat utility to change /etc/fstab. # -smartmon = module +updfstab = base -# Layer: system -# Module: iscsi +# Layer: admin +# Module: vpn # -# Open-iSCSI daemon +# Virtual Private Networking client # -iscsi = module - -# Layer: service -# Module: pcscd -# -# PC/SC Smart Card Daemon -# -pcscd = module +vpn = base # Layer: admin -# Module: tzdata +# Module: vbetool # -# Policy for tzdata-update +# run real-mode video BIOS code to alter hardware state # -tzdata = base +vbetool = base -# Layer: services -# Module: qmail +# Layer: kernel +# Module: terminal +# Required in base # -# Policy for sendmail. +# Policy for terminals. # -qmail = module +terminal = base -# Layer: apps -# Module: games +# Layer: admin +# Module: tmpreaper # -# The Open Group Pegasus CIM/WBEM Server. +# Manage temporary directory sizes and file ages # -games = module +tmpreaper = off -# Layer: services -# Module: fail2ban +# Layer: admin +# Module: amtu # -# daiemon that bans IP that makes too many password failures +# Abstract Machine Test Utility (AMTU) # -fail2ban = module - +amtu = module diff --git a/selinux-policy.spec b/selinux-policy.spec index 2c45d32..7fa2443 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -16,7 +16,7 @@ %define CHECKPOLICYVER 1.30.11-1 Summary: SELinux policy configuration Name: selinux-policy -Version: 2.5.7 +Version: 2.5.8 Release: 1%{?dist} License: GPL Group: System Environment/Base @@ -166,7 +166,7 @@ fi; %description SELinux Reference Policy - modular. -Based off of reference policy: Checked out revision 2204. +Based off of reference policy: Checked out revision 2215. %prep %setup -q -n serefpolicy-%{version} @@ -356,6 +356,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init %endif %changelog +* Thu Mar 1 2007 Dan Walsh 2.5.8-1 +- More of my patches from upstream + * Thu Mar 1 2007 Dan Walsh 2.5.7-1 - Update to latest from upstream - Add fail2ban policy diff --git a/sources b/sources index 5529383..79bead5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5209f5a625764686415aac33935756f5 serefpolicy-2.5.7.tgz +4fdcc031513d86d233bab7661226046a serefpolicy-2.5.8.tgz