- Update to upstream
- Turn off allow_execmem and allow_execmod booleans - Add tcpd and automount policies
This commit is contained in:
Daniel J Walsh
parent
e1ccb6fe66
commit
d4da533c32
@ -16,3 +16,4 @@ nsadiff
|
||||
nsaserefpolicy
|
||||
serefpolicy-2.1.0.tgz
|
||||
serefpolicy-2.1.1.tgz
|
||||
serefpolicy-2.1.2.tgz
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
# Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
|
||||
#
|
||||
allow_execmem = true
|
||||
allow_execmem = false
|
||||
|
||||
# Allow making a modified private filemapping executable (text relocation).
|
||||
#
|
||||
allow_execmod = true
|
||||
allow_execmod = false
|
||||
|
||||
# Allow making the stack executable via mprotect.Also requires allow_execmem.
|
||||
#
|
||||
|
||||
@ -382,6 +382,14 @@ remotelogin = base
|
||||
#
|
||||
telnet = base
|
||||
|
||||
# Layer: services
|
||||
# Module: irqbalance
|
||||
#
|
||||
# IRQ balancing daemon
|
||||
#
|
||||
irqbalance = base
|
||||
|
||||
|
||||
# Layer: services
|
||||
# Module: mailman
|
||||
#
|
||||
@ -452,6 +460,13 @@ networkmanager = base
|
||||
#
|
||||
inn = base
|
||||
|
||||
# Layer: services
|
||||
# Module: sysstat
|
||||
#
|
||||
# Policy for sysstat. Reports on various system states
|
||||
#
|
||||
sysstat = base
|
||||
|
||||
# Layer: services
|
||||
# Module: comsat
|
||||
#
|
||||
@ -473,6 +488,13 @@ squid = base
|
||||
#
|
||||
zebra = base
|
||||
|
||||
# Layer: services
|
||||
# Module: xfs
|
||||
#
|
||||
# X Windows Font Server
|
||||
#
|
||||
xfs = base
|
||||
|
||||
# Layer: services
|
||||
# Module: ktalk
|
||||
#
|
||||
@ -501,6 +523,13 @@ lpd = base
|
||||
#
|
||||
cyrus = base
|
||||
|
||||
# Layer: services
|
||||
# Module: rdisc
|
||||
#
|
||||
# Network router discovery daemon
|
||||
#
|
||||
rdisc = base
|
||||
|
||||
# Layer: services
|
||||
# Module: xdm
|
||||
#
|
||||
@ -534,7 +563,7 @@ ftp = base
|
||||
#
|
||||
# General Purpose Mouse driver
|
||||
#
|
||||
gpm = on
|
||||
gpm = base
|
||||
|
||||
# Layer: services
|
||||
# Module: mta
|
||||
@ -550,6 +579,13 @@ mta = base
|
||||
#
|
||||
postfix = base
|
||||
|
||||
# Layer: services
|
||||
# Module: fetchmail
|
||||
#
|
||||
# Remote-mail retrieval and forwarding utility
|
||||
#
|
||||
fetchmail = base
|
||||
|
||||
# Layer: services
|
||||
# Module: ntp
|
||||
#
|
||||
@ -599,6 +635,13 @@ apache = base
|
||||
#
|
||||
rsync = base
|
||||
|
||||
# Layer: services
|
||||
# Module: automount
|
||||
#
|
||||
# Filesystem automounter service.
|
||||
#
|
||||
automount = base
|
||||
|
||||
# Layer: services
|
||||
# Module: kerberos
|
||||
#
|
||||
@ -681,7 +724,7 @@ apm = base
|
||||
#
|
||||
# Policy for TCP daemon.
|
||||
#
|
||||
tcpd = off
|
||||
tcpd = base
|
||||
|
||||
# Layer: services
|
||||
# Module: stunnel
|
||||
|
||||
@ -9,8 +9,8 @@
|
||||
%define CHECKPOLICYVER 1.28-1
|
||||
Summary: SELinux policy configuration
|
||||
Name: selinux-policy
|
||||
Version: 2.1.1
|
||||
Release: 3
|
||||
Version: 2.1.2
|
||||
Release: 1
|
||||
License: GPL
|
||||
Group: System Environment/Base
|
||||
Source: serefpolicy-%{version}.tgz
|
||||
@ -234,11 +234,17 @@ SELinux Reference policy %{polname3} base module.
|
||||
%{rebuildpolicy} %{polname3}
|
||||
|
||||
%files %{polname3}
|
||||
#%#fileList %{polname3}
|
||||
%fileList %{polname3}
|
||||
|
||||
%endif
|
||||
|
||||
|
||||
%changelog
|
||||
* Sat Dec 9 2005 Dan Walsh <dwalsh@redhat.com> 2.1.2-1
|
||||
- Update to upstream
|
||||
- Turn off allow_execmem and allow_execmod booleans
|
||||
- Add tcpd and automount policies
|
||||
|
||||
* Fri Dec 8 2005 Dan Walsh <dwalsh@redhat.com> 2.1.1-3
|
||||
- Add two new httpd booleans, turned off by default
|
||||
* httpd_can_network_relay
|
||||
|
||||
Loading…
Reference in New Issue
Block a user