Re: policy

[James Carter <jwcart2@xxxxxxxxxxxxxx>]

Merged.

This chunk is not needed because this rule occurs earlier in rpm's
policy.

--- /usr/src/se/policy/domains/program/unused/rpm.te    2004-11-21 21:51:14.000000000 +1100
+++ ./domains/program/unused/rpm.te     2004-11-22 03:14:43.000000000 +1100
@@ -66,6 +66,11 @@
 domain_auto_trans(rpm_script_t, cupsd_exec_t, cupsd_t)
 ')
 
+ifdef(`gpg.te', `
+# gpg wants this so it does not dump core on errors
+allow rpm_t self:process { setrlimit };
+')
+
 # for a bug in rm
 dontaudit initrc_t pidfile:file write;
 

On Sun, 2005-01-02 at 10:01, Russell Coker wrote:
> udev.diff just combines a couple of lines into a single line.
> 
> diff changes the Makefile to have it not run setfiles -q needlessly (good for 
> when a script runs "make install" a few hundred times).
> 
> Adds a couple of lines to assert.te.
> 
> Adds hide_broken_symptoms to ldconfig.te (there is no good cause for 
> ldconfig_t to access a TCP socket).
> 
> Changes ftpd.te to allow access to home_root_t for the case of NFS root.  This 
> means that if you have home directories individually mounted on /home/user 
> then things will still work (and there's no harm in granting such access).
> 
> Added some extra access that seems to be needed by the latest version of howl.
> 
> Removed the memory_device_t commend from xdm.te - we should not need to 
> re-enable that.
> 
> Removed redundant entries from types.fc relating to the old locations 
> before /etc/selinux was used.
> 
> Add support for the Debian locations for pmap_dump and pmap_set.  I wonder 
> whether those files will have to change locations in other distributions for 
> the case of /usr on NFS...
-- 
James Carter <jwcart2@xxxxxxxxxxxxxx>
National Security Agency

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.