- Update to upstream

modules-strict.conf

@@ -19,6 +19,14 @@
 # 
 terminal = base
 
+# Layer: kernel
+# Module: mcs
+# Required in base
+#
+# Multicategory security policy
+# 
+mcs = base
+
 # Layer: kernel
 # Module: files
 # Required in base
@@ -81,17 +89,9 @@ corenetwork = base
 # Module: mls
 # Required in base
 #
-# MultiCategory security policy
-# 
-mls = base
-
-# Layer: kernel
-# Module: mcs
-# Required in base
-#
 # Multilevel security policy
 # 
-mcs = base
+mls = base
 
 # Layer: kernel
 # Module: selinux
@@ -143,6 +143,13 @@ readahead = module
 # 
 kudzu = module
 
+# Layer: admin
+# Module: bootloader
+#
+# Policy for the kernel modules, kernel image, and bootloader.
+# 
+bootloader = base
+
 # Layer: admin
 # Module: updfstab
 #
@@ -155,7 +162,7 @@ updfstab = module
 #
 # Network analysis utilities
 # 
-netutils = module
+netutils = base
 
 # Layer: admin
 # Module: alsa
@@ -186,6 +193,13 @@ portage = module
 # 
 su = module
 
+# Layer: admin
+# Module: apt
+#
+# APT advanced package toll.
+# 
+apt = module
+
 # Layer: admin
 # Module: dmesg
 #
@@ -200,6 +214,13 @@ dmesg = module
 # 
 anaconda = module
 
+# Layer: admin
+# Module: dpkg
+#
+# Policy for the Debian package manager.
+# 
+dpkg = off
+
 # Layer: admin
 # Module: amanda
 #
@@ -278,6 +299,13 @@ certwatch = module
 # 
 tmpreaper = module
 
+# Layer: admin
+# Module: mrtg
+#
+# Network traffic graphing
+# 
+mrtg = module
+
 # Layer: admin
 # Module: dmidecode
 #
@@ -292,6 +320,27 @@ dmidecode = module
 # 
 logwatch = module
 
+# Layer: kernel
+# Module: storage
+#
+# Policy controlling access to storage devices
+# 
+storage = base
+
+# Layer: apps
+# Module: evolution
+#
+# Evolution email client
+# 
+evolution = module
+
+# Layer: apps
+# Module: mozilla
+#
+# Policy for Mozilla and related web browsers
+# 
+mozilla = module
+
 # Layer: apps
 # Module: irc
 #
@@ -320,6 +369,13 @@ usernetctl = module
 # 
 gpg = module
 
+# Layer: apps
+# Module: thunderbird
+#
+# Thunderbird email client
+# 
+thunderbird = module
+
 # Layer: apps
 # Module: wine
 #
@@ -341,6 +397,20 @@ loadkeys = module
 # 
 screen = module
 
+# Layer: apps
+# Module: calamaris
+#
+# Squid log analysis
+# 
+calamaris = module
+
+# Layer: apps
+# Module: tvtime
+#
+# tvtime - a high quality television application
+# 
+tvtime = module
+
 # Layer: apps
 # Module: java
 #
@@ -348,6 +418,13 @@ screen = module
 # 
 java = module
 
+# Layer: apps
+# Module: uml
+#
+# Policy for UML
+# 
+uml = module
+
 # Layer: apps
 # Module: cdrecord
 #
@@ -355,6 +432,13 @@ java = module
 # 
 cdrecord = module
 
+# Layer: apps
+# Module: mplayer
+#
+# Mplayer media player and encoder
+# 
+mplayer = module
+
 # Layer: apps
 # Module: webalizer
 #
@@ -362,6 +446,13 @@ cdrecord = module
 # 
 webalizer = module
 
+# Layer: apps
+# Module: ethereal
+#
+# Ethereal packet capture tool.
+# 
+ethereal = module
+
 # Layer: apps
 # Module: userhelper
 #
@@ -369,6 +460,13 @@ webalizer = module
 # 
 userhelper = module
 
+# Layer: apps
+# Module: games
+#
+# Games
+# 
+games = module
+
 # Layer: apps
 # Module: mono
 #
@@ -383,19 +481,181 @@ mono = module
 # 
 slocate = module
 
-# Layer: kernel
+# Layer: system
-# Module: bootloader
+# Module: xen
 #
-# Policy for the kernel modules, kernel image, and bootloader.
+# Xen hypervisor
 # 
-bootloader = module
+xen = module
 
-# Layer: kernel
+# Layer: system
-# Module: storage
+# Module: fstools
 #
-# Policy controlling access to storage devices
+# Tools for filesystem management, such as mkfs and fsck.
 # 
-storage = module
+fstools = base
+
+# Layer: system
+# Module: logging
+#
+# Policy for the kernel message logger and system logging daemon.
+# 
+logging = base
+
+# Layer: system
+# Module: hostname
+#
+# Policy for changing the system host name.
+# 
+hostname = module
+
+# Layer: system
+# Module: daemontools
+#
+# Collection of tools for managing UNIX services
+# 
+daemontools = module
+
+# Layer: system
+# Module: getty
+#
+# Policy for getty.
+# 
+getty = module
+
+# Layer: system
+# Module: lvm
+#
+# Policy for logical volume management programs.
+# 
+lvm = base
+
+# Layer: system
+# Module: sysnetwork
+#
+# Policy for network configuration: ifconfig and dhcp client.
+# 
+sysnetwork = base
+
+# Layer: system
+# Module: init
+#
+# System initialization programs (init and init scripts).
+# 
+init = base
+
+# Layer: system
+# Module: selinuxutil
+#
+# Policy for SELinux policy and userland applications.
+# 
+selinuxutil = base
+
+# Layer: system
+# Module: udev
+#
+# Policy for udev.
+# 
+udev = base
+
+# Layer: system
+# Module: pcmcia
+#
+# PCMCIA card management services
+# 
+pcmcia = module
+
+# Layer: system
+# Module: authlogin
+#
+# Common policy for authentication and user login.
+# 
+authlogin = base
+
+# Layer: system
+# Module: libraries
+#
+# Policy for system libraries.
+# 
+libraries = base
+
+# Layer: system
+# Module: raid
+#
+# RAID array management tools
+# 
+raid = module
+
+# Layer: system
+# Module: userdomain
+#
+# Policy for user domains
+# 
+userdomain = base
+
+# Layer: system
+# Module: modutils
+#
+# Policy for kernel module utilities
+# 
+modutils = base
+
+# Layer: system
+# Module: hotplug
+#
+# Policy for hotplug system, for supporting the
+# connection and disconnection of devices at runtime.
+# 
+hotplug = base
+
+# Layer: system
+# Module: clock
+#
+# Policy for reading and setting the hardware clock.
+# 
+clock = base
+
+# Layer: system
+# Module: locallogin
+#
+# Policy for local logins.
+# 
+locallogin = base
+
+# Layer: system
+# Module: iptables
+#
+# Policy for iptables.
+# 
+iptables = module
+
+# Layer: system
+# Module: mount
+#
+# Policy for mount.
+# 
+mount = base
+
+# Layer: system
+# Module: unconfined
+#
+# The unconfined domain.
+# 
+unconfined = module
+
+# Layer: system
+# Module: miscfiles
+#
+# Miscelaneous files.
+# 
+miscfiles = base
+
+# Layer: system
+# Module: ipsec
+#
+# TCP/IP encryption
+# 
+ipsec = module
 
 # Layer: services
 # Module: nis
@@ -411,6 +671,13 @@ nis = module
 # 
 distcc = module
 
+# Layer: services
+# Module: tor
+#
+# TOR, the onion router
+# 
+tor = module
+
 # Layer: services
 # Module: rshd
 #
@@ -432,6 +699,13 @@ cpucontrol = module
 # 
 bind = module
 
+# Layer: services
+# Module: cipe
+#
+# Encrypted tunnel daemon
+# 
+cipe = module
+
 # Layer: services
 # Module: canna
 #
@@ -623,6 +897,14 @@ arpwatch = module
 # 
 dovecot = module
 
+# Layer: services
+# Module: amavis
+#
+# Daemon that interfaces mail transfer agents and content
+# checkers, such as virus scanners.
+# 
+amavis = module
+
 # Layer: services
 # Module: cups
 #
@@ -714,13 +996,6 @@ cyrus = module
 # 
 rdisc = module
 
-# Layer: services
-# Module: xserver
-#
-# X windows login display manager
-# 
-xserver = module
-
 # Layer: services
 # Module: nscd
 #
@@ -756,12 +1031,26 @@ ftp = module
 # 
 gpm = module
 
+# Layer: services
+# Module: audioentropy
+#
+# Generate entropy from audio input
+# 
+audioentropy = module
+
 # Layer: services
 # Module: mta
 #
 # Policy common to all email tranfer agents.
 # 
-mta = module
+mta = base
+
+# Layer: services
+# Module: rhgb
+#
+# Red Hat Graphical Boot
+# 
+rhgb = module
 
 # Layer: services
 # Module: postfix
@@ -833,6 +1122,13 @@ apache = module
 # 
 slrnpull = module
 
+# Layer: services
+# Module: clamav
+#
+# ClamAV Virus Scanner
+# 
+clamav = module
+
 # Layer: services
 # Module: rsync
 #
@@ -966,186 +1262,3 @@ cvs = module
 # 
 rlogin = module
 
-# Layer: system
-# Module: fstools
-#
-# Tools for filesystem management, such as mkfs and fsck.
-# 
-fstools = module
-
-# Layer: system
-# Module: logging
-#
-# Policy for the kernel message logger and system logging daemon.
-# 
-logging = module
-
-# Layer: system
-# Module: hostname
-#
-# Policy for changing the system host name.
-# 
-hostname = module
-
-# Layer: system
-# Module: daemontools
-#
-# Collection of tools for managing UNIX services
-# 
-daemontools = module
-
-# Layer: system
-# Module: getty
-#
-# Policy for getty.
-# 
-getty = module
-
-# Layer: system
-# Module: lvm
-#
-# Policy for logical volume management programs.
-# 
-lvm = module
-
-# Layer: system
-# Module: sysnetwork
-#
-# Policy for network configuration: ifconfig and dhcp client.
-# 
-sysnetwork = module
-
-# Layer: system
-# Module: init
-#
-# System initialization programs (init and init scripts).
-# 
-init = module
-
-# Layer: system
-# Module: selinuxutil
-#
-# Policy for SELinux policy and userland applications.
-# 
-selinuxutil = module
-
-# Layer: system
-# Module: udev
-#
-# Policy for udev.
-# 
-udev = module
-
-# Layer: system
-# Module: pcmcia
-#
-# PCMCIA card management services
-# 
-pcmcia = module
-
-# Layer: system
-# Module: authlogin
-#
-# Common policy for authentication and user login.
-# 
-authlogin = base
-
-# Layer: system
-# Module: libraries
-#
-# Policy for system libraries.
-# 
-libraries = base
-
-# Layer: system
-# Module: raid
-#
-# RAID array management tools
-# 
-raid = module
-
-# Layer: system
-# Module: userdomain
-#
-# Policy for user domains
-# 
-userdomain = module
-
-# Layer: system
-# Module: modutils
-#
-# Policy for kernel module utilities
-# 
-modutils = module
-
-# Layer: system
-# Module: hotplug
-#
-# Policy for hotplug system, for supporting the
-# connection and disconnection of devices at runtime.
-# 
-hotplug = module
-
-# Layer: system
-# Module: clock
-#
-# Policy for reading and setting the hardware clock.
-# 
-clock = module
-
-# Layer: system
-# Module: locallogin
-#
-# Policy for local logins.
-# 
-locallogin = module
-
-# Layer: system
-# Module: iptables
-#
-# Policy for iptables.
-# 
-iptables = module
-
-# Layer: system
-# Module: mount
-#
-# Policy for mount.
-# 
-mount = module
-
-# Layer: system
-# Module: unconfined
-#
-# The unconfined domain.
-# 
-unconfined = module
-
-# Layer: system
-# Module: miscfiles
-#
-# Miscelaneous files.
-# 
-miscfiles = module
-
-# Layer: system
-# Module: ipsec
-#
-# TCP/IP encryption
-# 
-ipsec = module
-
-# Layer: admin
-# Module: mrtg
-#
-# System log analyzer and reporter
-# 
-mrtg = module
-
-# Layer: system
-# Module: xen
-#
-# TCP/IP encryption
-# 
-xen = base
-

selinux-policy.spec

@@ -184,6 +184,7 @@ chmod +x ${RPM_BUILD_ROOT}%{_usr}/share/selinux/devel/policyhelp
 # Commented out because only targeted ref policy currently builds
 make NAME=strict TYPE=strict-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} POLY=n bare 
 make NAME=strict TYPE=strict-mcs DISTRO=%{distro} DIRECT_INITRC=y MONOLITHIC=%{monolithic} POLY=n conf
+cp -f ${RPM_SOURCE_DIR}/modules-strict.conf  ./policy/modules.conf 
 %installCmds strict strict-mcs y n
 %endif