Latest diffs - Resent compressed this time.

[Daniel J Walsh <dwalsh@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 2856 bytes --]

Hopefully I caught all your changes.

Still have my MLS change

amanda policy has lots of contexts that they don't seem to use, so I am
removing them and making more defaults.

Cleanup anaconda policy to dontaudit a lot of stuff and have some proper
transitions.

bootloader on certain hardware needs to be able to write to bios_memory
device


hal wants to dbus_chat with firstboot

prelink wants to check enforcing mode

I want rpm to run under system_r in mls/strict policy not sysadm_r

usermanage/groubmanage restart nscd daemon on updates

Also need to rewrite faillog


ibm's java is not in a bin directory.  Lots of apps need to run as java_t.

mozilla_t needs to read routing table and localization files.

wine needs execheap

xen has a startup script in the /etc directory

prelink needs to be able to create new link_files.

Adding new ports for cluster, hplib, ricci, lmtp

change nvram to bios_device_t

watchdog_device_t cut and paste error in devices.te

gfs supports xattr's

kernel key handleing

fixes for amavis

apache should not dontaudited from looking at homedirs.

avahi needs to read usr_t and certs

ncd_t needs to read lnk_file for chroot environment

New policy for ccs, ricci, luci, oddjob.  These are still under development.

cpucontrol needs ipc_lock

crontab fixes for MLS policy

crond sends mail in targeted policy

cups always needs more privs

cyrus wants to bind to lmtp port and read snmp_var_lib

dbus fixes for strict policy

dbus needs access to certs and to read route table.

dovecot needs to read /var/lib files and to resolve addresses

innd needs to read route table.

ldap has a socket file

upstream moved locations of aliases file to /etc/mail

ntp needs to net_bind_service and connect to the windbind stream


openvpn needs to be able to write the routing table.

postfix wants to run bin files

postgresql wants to connect to ldap

radius wants to kill itself

moved the dev_read_urand and rand call to interface file for rpc.

rpcd wants to look at itself..

samba neds fower and to be able to create its log files

setroubleshootd has stabilized.

spamd wants to read postfix configuration files


squid needs sys_resource capability and to setrlimit

Need domain transition for sshkeygen

stunnel wants to send mail and read route table

sysstat needs access to locallogin fds and to use terminals (Maybe just
targeted)

turning off exec* for xserver, they are no longer needed.


Some fixes for strict policy in xdm and xserver

fsadm wants to execshells

xen fixes

initrc needs to rewrite localization files

some textrel_shlib_t files changed names

xulrunner added new textrel_shlib_t

added labeling for seamonkey

keyringmanagement for locallogin

auditd now has a sock

lvm fixes to use sock_file

fixes for mount

fix udev files

udev wants to ptrace all domains.

udev wants to run dhcp



[-- Attachment #2: policy-20060802.patch.bz2 --]
[-- Type: application/x-bzip, Size: 18673 bytes --]