From 4eaf5c6dc62bf156d0331cfdc1d1d2f579eb974a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 7 Sep 2007 20:26:11 +0000 Subject: [PATCH] - Turn off direct transition --- policy-20070703.patch | 14 +++++++------- selinux-policy.spec | 13 ++++++++----- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/policy-20070703.patch b/policy-20070703.patch index 853a0b92..d196d987 100644 --- a/policy-20070703.patch +++ b/policy-20070703.patch @@ -9334,7 +9334,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.7/policy/modules/services/xserver.te --- nsaserefpolicy/policy/modules/services/xserver.te 2007-08-22 07:14:07.000000000 -0400 -+++ serefpolicy-3.0.7/policy/modules/services/xserver.te 2007-09-07 15:02:10.000000000 -0400 ++++ serefpolicy-3.0.7/policy/modules/services/xserver.te 2007-09-07 16:19:01.000000000 -0400 @@ -16,6 +16,13 @@ ## @@ -9370,14 +9370,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser allow xdm_t xdm_xserver_t:process signal; allow xdm_t xdm_xserver_t:unix_stream_socket connectto; -@@ -189,6 +200,7 @@ +@@ -185,6 +196,7 @@ + corenet_udp_sendrecv_all_ports(xdm_t) + corenet_tcp_bind_all_nodes(xdm_t) + corenet_udp_bind_all_nodes(xdm_t) ++corenet_udp_bind_xdmcp_port(xdm_t) + corenet_tcp_connect_all_ports(xdm_t) corenet_sendrecv_all_client_packets(xdm_t) # xdm tries to bind to biff_port_t - corenet_dontaudit_tcp_bind_all_ports(xdm_t) -+corenet_udp_bind_xdmcp_ports(xdm_t) - - dev_read_rand(xdm_t) - dev_read_sysfs(xdm_t) @@ -246,6 +258,7 @@ auth_domtrans_pam_console(xdm_t) auth_manage_pam_pid(xdm_t) diff --git a/selinux-policy.spec b/selinux-policy.spec index 86d19307..8afa942a 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.0.7 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -194,8 +194,8 @@ make clean %if %{BUILD_TARGETED} # Build targeted policy # Commented out because only targeted ref policy currently builds -%setupCmds targeted mcs y y -%installCmds targeted mcs y y +%setupCmds targeted mcs n y +%installCmds targeted mcs n y %endif %if %{BUILD_MLS} @@ -207,8 +207,8 @@ make clean %if %{BUILD_OLPC} # Build targeted policy # Commented out because only targeted ref policy currently builds -%setupCmds olpc mcs y y -%installCmds olpc mcs y y +%setupCmds olpc mcs n y +%installCmds olpc mcs n y %endif make NAME=targeted TYPE=targeted-mcs DISTRO=%{distro} DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} POLY=y MLS_CATS=1024 MCS_CATS=1024 install-headers install-docs @@ -362,6 +362,9 @@ exit 0 %endif %changelog +* Fri Sep 7 2007 Dan Walsh 3.0.7-7 +- Turn off direct transition + * Fri Sep 7 2007 Dan Walsh 3.0.7-6 - Allow wine to run in system role