- Update to upstream

- Turn off allow_execmem and allow_execmod booleans
- Add tcpd and automount policies

.cvsignore

@@ -16,3 +16,4 @@ nsadiff
 nsaserefpolicy
 serefpolicy-2.1.0.tgz
 serefpolicy-2.1.1.tgz
+serefpolicy-2.1.2.tgz

booleans-targeted.conf

@@ -1,10 +1,10 @@
 # Allow making anonymous memory executable, e.g.for runtime-code generation or executable stack.
 # 
-allow_execmem = true
+allow_execmem = false
 
 # Allow making a modified private filemapping executable (text relocation).
 # 
-allow_execmod = true
+allow_execmod = false
 
 # Allow making the stack executable via mprotect.Also requires allow_execmem.
 # 

modules-targeted.conf

@@ -382,6 +382,14 @@ remotelogin = base
 # 
 telnet = base
 
+# Layer: services
+# Module: irqbalance
+#
+# IRQ balancing daemon
+# 
+irqbalance = base
+
+
 # Layer: services
 # Module: mailman
 #
@@ -452,6 +460,13 @@ networkmanager = base
 # 
 inn = base
 
+# Layer: services
+# Module: sysstat
+#
+# Policy for sysstat. Reports on various system states
+# 
+sysstat = base
+
 # Layer: services
 # Module: comsat
 #
@@ -473,6 +488,13 @@ squid = base
 # 
 zebra = base
 
+# Layer: services
+# Module: xfs
+#
+# X Windows Font Server
+# 
+xfs = base
+
 # Layer: services
 # Module: ktalk
 #
@@ -501,6 +523,13 @@ lpd = base
 # 
 cyrus = base
 
+# Layer: services
+# Module: rdisc
+#
+# Network router discovery daemon
+# 
+rdisc = base
+
 # Layer: services
 # Module: xdm
 #
@@ -534,7 +563,7 @@ ftp = base
 #
 # General Purpose Mouse driver
 # 
-gpm = on
+gpm = base
 
 # Layer: services
 # Module: mta
@@ -550,6 +579,13 @@ mta = base
 # 
 postfix = base
 
+# Layer: services
+# Module: fetchmail
+#
+# Remote-mail retrieval and forwarding utility
+# 
+fetchmail = base
+
 # Layer: services
 # Module: ntp
 #
@@ -599,6 +635,13 @@ apache = base
 # 
 rsync = base
 
+# Layer: services
+# Module: automount
+#
+# Filesystem automounter service.
+# 
+automount = base
+
 # Layer: services
 # Module: kerberos
 #
@@ -681,7 +724,7 @@ apm = base
 #
 # Policy for TCP daemon.
 # 
-tcpd = off
+tcpd = base
 
 # Layer: services
 # Module: stunnel

selinux-policy.spec

@@ -9,8 +9,8 @@
 %define CHECKPOLICYVER 1.28-1
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 2.1.1
+Version: 2.1.2
-Release: 3
+Release: 1
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -234,11 +234,17 @@ SELinux Reference policy %{polname3} base module.
 %{rebuildpolicy} %{polname3} 
 
 %files %{polname3}
-#%#fileList %{polname3}
+%fileList %{polname3}
+
 %endif
 
 
 %changelog
+* Sat Dec  9 2005 Dan Walsh <dwalsh@redhat.com> 2.1.2-1
+- Update to upstream 
+- Turn off allow_execmem and allow_execmod booleans
+- Add tcpd and automount policies
+
 * Fri Dec  8 2005 Dan Walsh <dwalsh@redhat.com> 2.1.1-3
 - Add two new httpd booleans, turned off by default
 	* httpd_can_network_relay

sources

@@ -1 +1 @@
-616555f125d058a5b53683a8a5059247  serefpolicy-2.1.1.tgz
+d77949c237d2b879916e1bc44447d394  serefpolicy-2.1.2.tgz