diff --git a/modules-targeted.conf b/modules-targeted.conf index 1c073f4..3b6baca 100644 --- a/modules-targeted.conf +++ b/modules-targeted.conf @@ -118,6 +118,13 @@ avahi = base bind = base # Layer: services +# Module: dnsmasq +# +# A lightweight DHCP and caching DNS server. +# +dnsmasq = base + +# Layer: services # Module: bluetooth # # Bluetooth tools and system services. diff --git a/policy-20070703.patch b/policy-20070703.patch index f7dfa86..12fe3b2 100644 --- a/policy-20070703.patch +++ b/policy-20070703.patch @@ -2518,8 +2518,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.0.6/policy/modules/kernel/domain.te --- nsaserefpolicy/policy/modules/kernel/domain.te 2007-07-25 10:37:36.000000000 -0400 -+++ serefpolicy-3.0.6/policy/modules/kernel/domain.te 2007-08-23 09:30:52.000000000 -0400 -@@ -6,6 +6,15 @@ ++++ serefpolicy-3.0.6/policy/modules/kernel/domain.te 2007-08-23 09:56:05.000000000 -0400 +@@ -6,6 +6,22 @@ # Declarations # @@ -2532,10 +2532,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain +gen_tunable(allow_netlabel,true) +') + ++## ++##

++## Allow unlabeled packets to work on system ++##

++##
++gen_tunable(allow_unlabeled_packets,true) ++ # Mark process types as domains attribute domain; -@@ -134,3 +143,22 @@ +@@ -134,3 +150,22 @@ # act on all domains keys allow unconfined_domain_type domain:key *; @@ -7573,7 +7580,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.0.6/policy/modules/services/sendmail.te --- nsaserefpolicy/policy/modules/services/sendmail.te 2007-07-25 10:37:42.000000000 -0400 -+++ serefpolicy-3.0.6/policy/modules/services/sendmail.te 2007-08-22 08:03:53.000000000 -0400 ++++ serefpolicy-3.0.6/policy/modules/services/sendmail.te 2007-08-23 09:58:58.000000000 -0400 @@ -32,7 +32,6 @@ allow sendmail_t self:unix_dgram_socket create_socket_perms; allow sendmail_t self:tcp_socket create_stream_socket_perms; @@ -7591,8 +7598,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send corenet_all_recvfrom_unlabeled(sendmail_t) corenet_all_recvfrom_netlabel(sendmail_t) corenet_tcp_sendrecv_all_if(sendmail_t) -@@ -93,9 +94,6 @@ +@@ -91,11 +92,9 @@ + + logging_send_syslog_msg(sendmail_t) ++miscfiles_read_certs(sendmail_t) miscfiles_read_localization(sendmail_t) -sysnet_dns_name_resolve(sendmail_t) @@ -7601,7 +7611,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send userdom_dontaudit_use_unpriv_user_fds(sendmail_t) userdom_dontaudit_search_sysadm_home_dirs(sendmail_t) -@@ -106,17 +104,14 @@ +@@ -106,17 +105,14 @@ # Write to /var/spool/mail and /var/spool/mqueue. mta_manage_queue(sendmail_t) mta_manage_spool(sendmail_t) @@ -7622,7 +7632,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send ') optional_policy(` -@@ -130,6 +125,10 @@ +@@ -130,6 +126,10 @@ ') optional_policy(` diff --git a/selinux-policy.spec b/selinux-policy.spec index cddbc3b..e6ddff2 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -360,6 +360,9 @@ exit 0 %endif %changelog +* Wed Aug 22 2007 Dan Walsh 3.0.6-1 +- Upgrade to upstream to grab postgressql changes + * Tue Aug 21 2007 Dan Walsh 3.0.5-11 - Add setransd for mls policy