- Upgrade to upstream to grab postgressql changes

This commit is contained in:
Daniel J Walsh 2007-08-23 13:31:59 +00:00
parent 77a22067be
commit e92bb82e8a

View File

@ -2518,8 +2518,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.0.6/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2007-07-25 10:37:36.000000000 -0400
+++ serefpolicy-3.0.6/policy/modules/kernel/domain.te 2007-08-22 08:03:53.000000000 -0400
@@ -6,6 +6,29 @@
+++ serefpolicy-3.0.6/policy/modules/kernel/domain.te 2007-08-23 09:30:52.000000000 -0400
@@ -6,6 +6,15 @@
# Declarations
#
@ -2530,26 +2530,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+## </p>
+## </desc>
+gen_tunable(allow_netlabel,true)
+
+## <desc>
+## <p>
+## Allow all domains to use ipsec labeled packets
+## </p>
+## </desc>
+gen_tunable(allow_ipsec_label,true)
+')
+
+## <desc>
+## <p>
+## Allow unlabeled packets to work on system
+## </p>
+## </desc>
+gen_tunable(allow_unlabeled_packets,true)
+
# Mark process types as domains
attribute domain;
@@ -134,3 +157,25 @@
@@ -134,3 +143,22 @@
# act on all domains keys
allow unconfined_domain_type domain:key *;
@ -2571,9 +2557,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+ kernel_tcp_recvfrom_unlabeled(domain)
+ kernel_udp_recvfrom_unlabeled(domain)
+ ')
+ tunable_policy(`allow_ipsec_label',`
+ ipsec_labeled(domain)
+ ')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.0.6/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-07-03 07:05:38.000000000 -0400
@ -4063,7 +4046,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
+/var/named/chroot/var/log/named.* -- gen_context(system_u:object_r:named_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.0.6/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2007-07-25 10:37:42.000000000 -0400
+++ serefpolicy-3.0.6/policy/modules/services/bind.te 2007-08-22 08:03:53.000000000 -0400
+++ serefpolicy-3.0.6/policy/modules/services/bind.te 2007-08-22 17:35:04.000000000 -0400
@@ -66,7 +66,6 @@
allow named_t self:unix_dgram_socket create_socket_perms;
allow named_t self:tcp_socket create_stream_socket_perms;
@ -4081,19 +4064,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
# read zone files
allow named_t named_zone_t:dir list_dir_perms;
read_files_pattern(named_t,named_zone_t,named_zone_t)
@@ -119,6 +120,11 @@
corenet_sendrecv_dns_client_packets(named_t)
corenet_sendrecv_rndc_server_packets(named_t)
corenet_sendrecv_rndc_client_packets(named_t)
+corenet_udp_bind_all_unreserved_ports(named_t)
+
+#dnsmasq
+corenet_tcp_bind_dhcpd_port(named_t)
+corenet_udp_bind_dhcpd_port(named_t)
dev_read_sysfs(named_t)
dev_read_rand(named_t)
@@ -175,6 +181,10 @@
@@ -175,6 +176,10 @@
')
optional_policy(`
@ -4104,7 +4075,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
# this seems like fds that arent being
# closed. these should probably be
# dontaudits instead.
@@ -184,14 +194,6 @@
@@ -184,14 +189,6 @@
')
optional_policy(`
@ -4119,7 +4090,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
seutil_sigchld_newrole(named_t)
')
@@ -232,6 +234,7 @@
@@ -232,6 +229,7 @@
corenet_tcp_sendrecv_all_nodes(ndc_t)
corenet_tcp_sendrecv_all_ports(ndc_t)
corenet_tcp_connect_rndc_port(ndc_t)