diff --git a/.cvsignore b/.cvsignore index f8e1dc71..66eec257 100644 --- a/.cvsignore +++ b/.cvsignore @@ -16,3 +16,4 @@ nsadiff nsaserefpolicy serefpolicy-2.1.0.tgz serefpolicy-2.1.1.tgz +serefpolicy-2.1.2.tgz diff --git a/booleans-targeted.conf b/booleans-targeted.conf index 1432d455..9646d9ed 100644 --- a/booleans-targeted.conf +++ b/booleans-targeted.conf @@ -1,10 +1,10 @@ # Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack. # -allow_execmem = true +allow_execmem = false # Allow making a modified private filemapping executable (text relocation). # -allow_execmod = true +allow_execmod = false # Allow making the stack executable via mprotect.Also requires allow_execmem. # diff --git a/modules-targeted.conf b/modules-targeted.conf index 5380d708..65af0bcb 100644 --- a/modules-targeted.conf +++ b/modules-targeted.conf @@ -382,6 +382,14 @@ remotelogin = base # telnet = base +# Layer: services +# Module: irqbalance +# +# IRQ balancing daemon +# +irqbalance = base + + # Layer: services # Module: mailman # @@ -452,6 +460,13 @@ networkmanager = base # inn = base +# Layer: services +# Module: sysstat +# +# Policy for sysstat. Reports on various system states +# +sysstat = base + # Layer: services # Module: comsat # @@ -473,6 +488,13 @@ squid = base # zebra = base +# Layer: services +# Module: xfs +# +# X Windows Font Server +# +xfs = base + # Layer: services # Module: ktalk # @@ -501,6 +523,13 @@ lpd = base # cyrus = base +# Layer: services +# Module: rdisc +# +# Network router discovery daemon +# +rdisc = base + # Layer: services # Module: xdm # @@ -534,7 +563,7 @@ ftp = base # # General Purpose Mouse driver # -gpm = on +gpm = base # Layer: services # Module: mta @@ -550,6 +579,13 @@ mta = base # postfix = base +# Layer: services +# Module: fetchmail +# +# Remote-mail retrieval and forwarding utility +# +fetchmail = base + # Layer: services # Module: ntp # @@ -599,6 +635,13 @@ apache = base # rsync = base +# Layer: services +# Module: automount +# +# Filesystem automounter service. +# +automount = base + # Layer: services # Module: kerberos # @@ -681,7 +724,7 @@ apm = base # # Policy for TCP daemon. # -tcpd = off +tcpd = base # Layer: services # Module: stunnel diff --git a/selinux-policy.spec b/selinux-policy.spec index 32d5f808..588f2fed 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -9,8 +9,8 @@ %define CHECKPOLICYVER 1.28-1 Summary: SELinux policy configuration Name: selinux-policy -Version: 2.1.1 -Release: 3 +Version: 2.1.2 +Release: 1 License: GPL Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -234,11 +234,17 @@ SELinux Reference policy %{polname3} base module. %{rebuildpolicy} %{polname3} %files %{polname3} -#%#fileList %{polname3} +%fileList %{polname3} + %endif %changelog +* Sat Dec 9 2005 Dan Walsh 2.1.2-1 +- Update to upstream +- Turn off allow_execmem and allow_execmod booleans +- Add tcpd and automount policies + * Fri Dec 8 2005 Dan Walsh 2.1.1-3 - Add two new httpd booleans, turned off by default * httpd_can_network_relay diff --git a/sources b/sources index 76806c51..4c6c7b70 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -616555f125d058a5b53683a8a5059247 serefpolicy-2.1.1.tgz +d77949c237d2b879916e1bc44447d394 serefpolicy-2.1.2.tgz