- Grab remainder of network_peer_controls patch

policy-20090105.patch

@@ -6331,13 +6331,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.6.4/policy/modules/kernel/kernel.te
 --- nsaserefpolicy/policy/modules/kernel/kernel.te	2009-02-03 22:50:50.000000000 -0500
 +++ serefpolicy-3.6.4/policy/modules/kernel/kernel.te	2009-02-03 22:57:29.000000000 -0500
-@@ -1,5 +1,5 @@
- 
--policy_module(kernel, 1.10.3)
-+policy_module(kernel, 1.10.2)
- 
- ########################################
- #
 @@ -63,6 +63,15 @@
  genfscon debugfs / gen_context(system_u:object_r:debugfs_t,s0)
  
@@ -6382,18 +6375,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow kernel_t proc_t:dir list_dir_perms;
  allow kernel_t proc_t:file read_file_perms;
  allow kernel_t proc_t:lnk_file read_lnk_file_perms;
-@@ -221,10 +237,8 @@
- # connections with invalidated labels:
- allow kernel_t unlabeled_t:packet send;
- 
--# Allow unlabeled network traffic
-+# Forwarded network traffic
- allow unlabeled_t unlabeled_t:packet { forward_in forward_out };
--corenet_in_generic_if(unlabeled_t)
--corenet_in_generic_node(unlabeled_t)
- 
- corenet_all_recvfrom_unlabeled(kernel_t)
- corenet_all_recvfrom_netlabel(kernel_t)
 @@ -248,7 +262,8 @@
  
  selinux_load_policy(kernel_t)

selinux-policy.spec

@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.4
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@ exit 0
 %endif
 
 %changelog
+* Thu Feb 5 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-3
+- Grab remainder of network_peer_controls patch
+
 * Wed Feb 4 2009 Dan Walsh <dwalsh@redhat.com> 3.6.4-2
 - More fixes for devicekit