From 73fe81bbabb191bfcb687c2a919603acc553cc93 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 5 Feb 2009 13:44:44 +0000 Subject: [PATCH] - Grab remainder of network_peer_controls patch --- policy-20090105.patch | 19 ------------------- selinux-policy.spec | 5 ++++- 2 files changed, 4 insertions(+), 20 deletions(-) diff --git a/policy-20090105.patch b/policy-20090105.patch index c23ad784..0b72d128 100644 --- a/policy-20090105.patch +++ b/policy-20090105.patch @@ -6331,13 +6331,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.6.4/policy/modules/kernel/kernel.te --- nsaserefpolicy/policy/modules/kernel/kernel.te 2009-02-03 22:50:50.000000000 -0500 +++ serefpolicy-3.6.4/policy/modules/kernel/kernel.te 2009-02-03 22:57:29.000000000 -0500 -@@ -1,5 +1,5 @@ - --policy_module(kernel, 1.10.3) -+policy_module(kernel, 1.10.2) - - ######################################## - # @@ -63,6 +63,15 @@ genfscon debugfs / gen_context(system_u:object_r:debugfs_t,s0) @@ -6382,18 +6375,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol allow kernel_t proc_t:dir list_dir_perms; allow kernel_t proc_t:file read_file_perms; allow kernel_t proc_t:lnk_file read_lnk_file_perms; -@@ -221,10 +237,8 @@ - # connections with invalidated labels: - allow kernel_t unlabeled_t:packet send; - --# Allow unlabeled network traffic -+# Forwarded network traffic - allow unlabeled_t unlabeled_t:packet { forward_in forward_out }; --corenet_in_generic_if(unlabeled_t) --corenet_in_generic_node(unlabeled_t) - - corenet_all_recvfrom_unlabeled(kernel_t) - corenet_all_recvfrom_netlabel(kernel_t) @@ -248,7 +262,8 @@ selinux_load_policy(kernel_t) diff --git a/selinux-policy.spec b/selinux-policy.spec index 2e8b0b9c..76c74c48 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.6.4 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -444,6 +444,9 @@ exit 0 %endif %changelog +* Thu Feb 5 2009 Dan Walsh 3.6.4-3 +- Grab remainder of network_peer_controls patch + * Wed Feb 4 2009 Dan Walsh 3.6.4-2 - More fixes for devicekit