Allow svirt_lxc_domain to chr_file and blk_file devices if they are in the domain

Allow init process to setrlimit on itself Take away transition rules for users executing ssh-keygen Allow setroubleshoot_fixit_t to read /dev/urand Allow sshd to relbale tunnel sockets Allow fail2ban domtrans to shorewall in the same way as with iptables Add support for lnk files in the /var/lib/sssd directory Allow system mail to connect to courier-authdaemon over an unix stream socket
2011-10-19 08:29:33 -04:00 · 2011-10-19 08:29:33 -04:00 · 4dba2eb895
parent 1414f9f3a7
commit 4dba2eb895
2 changed files with 12 additions and 1 deletions
--- a/default_trans.patch
+++ b/default_trans.patch
@ -0,0 +1,11 @@
+diff --git a/policy/mcs b/policy/mcs
+index ed7a0c1..90d0b1e 100644
+--- a/policy/mcs
+++ b/policy/mcs
+@@ -1,4 +1,6 @@
+ ifdef(`enable_mcs',`
+default_trans level dir_file_class_set parent;
+
+ #
+ # Define sensitivities 
+ #
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -250,7 +250,7 @@ Based off of reference policy: Checked out revision  2.20091117
 %patch5 -p1 -b .userdomain
 %patch6 -p1 -b .apache
 %patch7 -p1 -b .ptrace
-%patch8 -p1 -b .default_trans
+#%patch8 -p1 -b .default_trans

 %install
 mkdir selinux_config