From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzdrum.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with SMTP id l71CHRkg021617 for ; Wed, 1 Aug 2007 08:17:27 -0400 Received: from mail.asahi-net.or.jp (jazzdrum.ncsc.mil [144.51.5.7]) by jazzdrum.ncsc.mil (8.12.10/8.12.10) with ESMTP id l71CHMKI005444 for ; Wed, 1 Aug 2007 12:17:23 GMT Message-ID: <46B079EF.9050909@kaigai.gr.jp> Date: Wed, 01 Aug 2007 21:17:51 +0900 From: KaiGai Kohei MIME-Version: 1.0 To: cpebenito@tresys.com Cc: dwalsh@redhat.com, selinux@tycho.nsa.gov Subject: Fedora/SE-PostgreSQL Content-Type: multipart/mixed; boundary="------------080702060803000208050804" Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov This is a multi-part message in MIME format. --------------080702060803000208050804 Content-Type: text/plain; charset=ISO-2022-JP Content-Transfer-Encoding: 7bit Hi, A week ago, I submitted a review request of SE-PostgreSQL to the Fedora project as follows: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249522 The biggest issue is lack of definitions of new object classes and access vectors related to database. Rest of policies can be installed as a binary security policy module packed within the RPM package, but these definitions and MLS/MCS rules cannot be moduled. The attached patch adds these definitions to the base policy. I remember Chris said as follows at the past. > Is the code on a path to being merged upstream? I'm hesitant to apply > class changes until the code is on a plan to be merged. However, I would like you to consider it again. I believe that spread of using secure applications, like SE-PostgreSQL, can help promote SELinux more, and it's so worthful to make it more uncomplicated to maintain. In addition, the next release of PostgreSQL with new features (8.4) is planed at the autumn 2008. It means that any SE-PostgreSQL users have to replace the default selinux-policy package by the modified one for a year and more, at least. I think it's a senseless work. It may be a time the definitions of object classes related to database are integrated into the base security policy. Thanks, -- KaiGai Kohei --------------080702060803000208050804 Content-Type: text/plain; name="refpolicy-add-sepgsql-definitions.patch.patch" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="refpolicy-add-sepgsql-definitions.patch.patch" SW5kZXg6IHJlZnBvbGljeS9wb2xpY3kvZmxhc2svc2VjdXJpdHlfY2xhc3Nlcwo9PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09Ci0tLSByZWZwb2xpY3kvcG9saWN5L2ZsYXNrL3NlY3VyaXR5X2NsYXNzZXMJKHJl dmlzaW9uIDIzODUpCisrKyByZWZwb2xpY3kvcG9saWN5L2ZsYXNrL3NlY3VyaXR5X2NsYXNz ZXMJKHdvcmtpbmcgY29weSkKQEAgLTk5LDQgKzk5LDEyIEBACiAKIGNsYXNzIG1lbXByb3Rl Y3QKIAorIyBTRS1Qb3N0Z3JlU1FMIHJlbGF0aW9uCitjbGFzcyBkYXRhYmFzZQkJCSMgdXNl cnNwYWNlCitjbGFzcyB0YWJsZQkJCSMgdXNlcnNwYWNlCitjbGFzcyBwcm9jZWR1cmUJCQkj IHVzZXJzcGFjZQorY2xhc3MgY29sdW1uCQkJIyB1c2Vyc3BhY2UKK2NsYXNzIHR1cGxlCQkJ IyB1c2Vyc3BhY2UKK2NsYXNzIGJsb2IJCQkjIHVzZXJzcGFjZQorCiAjIEZMQVNLCkluZGV4 OiByZWZwb2xpY3kvcG9saWN5L2ZsYXNrL2FjY2Vzc192ZWN0b3JzCj09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K LS0tIHJlZnBvbGljeS9wb2xpY3kvZmxhc2svYWNjZXNzX3ZlY3RvcnMJKHJldmlzaW9uIDIz ODUpCisrKyByZWZwb2xpY3kvcG9saWN5L2ZsYXNrL2FjY2Vzc192ZWN0b3JzCSh3b3JraW5n IGNvcHkpCkBAIC04MCw2ICs4MCwyMCBAQAogfQogCiAjCisjICBEZWZpbmUgYSBjb21tb24g cHJlZml4IGZvciB1c2Vyc3BhY2UgZGF0YWJhc2Ugb2JqZWN0IGFjY2VzcyB2ZWN0b3JzLgor IworCitjb21tb24gZGF0YWJhc2UKK3sKKwljcmVhdGUKKwlkcm9wCisJZ2V0YXR0cgorCXNl dGF0dHIKKwlyZWxhYmVsZnJvbQorCXJlbGFiZWx0bworfQorCisjCiAjIERlZmluZSB0aGUg YWNjZXNzIHZlY3RvcnMuCiAjCiAjIGNsYXNzIGNsYXNzX25hbWUgWyBpbmhlcml0cyBjb21t b25fbmFtZSBdIHsgcGVybWlzc2lvbl9uYW1lIC4uLiB9CkBAIC02NTUsMyArNjY5LDYxIEBA CiB7CiAJbW1hcF96ZXJvCiB9CisKKyMgZGVmaW5pdGlvbiBmb3IgU0UtUG9zdGdyZVNRTAor Y2xhc3MgZGF0YWJhc2UKK2luaGVyaXRzIGRhdGFiYXNlCit7CisJYWNjZXNzCisJaW5zdGFs bF9tb2R1bGUKKwlsb2FkX21vZHVsZQorCWdldF9wYXJhbQorCXNldF9wYXJhbQorfQorCitj bGFzcyB0YWJsZQoraW5oZXJpdHMgZGF0YWJhc2UKK3sKKwl1c2UKKwlzZWxlY3QKKwl1cGRh dGUKKwlpbnNlcnQKKwlkZWxldGUKKwlsb2NrCit9CisKK2NsYXNzIHByb2NlZHVyZQoraW5o ZXJpdHMgZGF0YWJhc2UKK3sKKwlleGVjdXRlCisJZW50cnlwb2ludAorfQorCitjbGFzcyBj b2x1bW4KK2luaGVyaXRzIGRhdGFiYXNlCit7CisJdXNlCisJc2VsZWN0CisJdXBkYXRlCisJ aW5zZXJ0Cit9CisKK2NsYXNzIHR1cGxlCit7CisJcmVsYWJlbGZyb20KKwlyZWxhYmVsdG8K Kwl1c2UKKwlzZWxlY3QKKwl1cGRhdGUKKwlpbnNlcnQKKwlkZWxldGUKK30KKworY2xhc3Mg YmxvYgoraW5oZXJpdHMgZGF0YWJhc2UKK3sKKwlyZWFkCisJd3JpdGUKKwlpbXBvcnQKKwll eHBvcnQKK30KSW5kZXg6IHJlZnBvbGljeS9wb2xpY3kvbWNzCj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0t IHJlZnBvbGljeS9wb2xpY3kvbWNzCShyZXZpc2lvbiAyMzg1KQorKysgcmVmcG9saWN5L3Bv bGljeS9tY3MJKHdvcmtpbmcgY29weSkKQEAgLTk4LDQgKzk4LDI4IEBACiBtbHNjb25zdHJh aW4gcHJvY2VzcyB7IHNpZ2tpbGwgc2lnc3RvcCB9CiAJKCggaDEgZG9tIGgyICkgb3IgKCB0 MSA9PSBtY3NraWxsYWxsICkpOwogCisjIE1DUyBwb2xpY3kgZm9yIFNFLVBvc3RncmVTUUwK KyMtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCisKKyMgQW55IGRhdGFiYXNlIG9i amVjdCBtdXN0IGJlIGRvbWluYXRlZCBieSB0aGUgcmVsYWJlbGluZyBzdWJqZWN0CisjIGNs ZWFyYW5jZSwgYWxzbyB0aGUgb2JqZWN0cyBhcmUgc2luZ2xlLWxldmVsLgorbWxzY29uc3Ry YWluIHsgZGF0YWJhc2UgdGFibGUgcHJvY2VkdXJlIGNvbHVtbiBibG9iIH0geyBjcmVhdGUg cmVsYWJlbHRvIH0KKwkoKGgxIGRvbSBoMikgYW5kICggbDEgZG9tYnkgaDIgKSBhbmQgKCBs MiBlcSBoMiApKTsKK21sc2NvbnN0cmFpbiB0dXBsZSB7IGluc2VydCByZWxhYmVsdG8gfQor CSgoIGgxIGRvbSBoMiApIGFuZCAoIGwxIGRvbWJ5IGgyICkgYW5kICggbDIgZXEgaDIgKSk7 CisKKyMgQWNjZXNzIGNvbnRyb2wgZm9yIGFueSBkYXRhYmFzZSBvYmplY3RzIGJhc2VkIG9u IE1DUyBydWxlcy4KK21sc2NvbnN0cmFpbiBkYXRhYmFzZSB7IGRyb3Agc2V0YXR0ciByZWxh YmVsZnJvbSBhY2Nlc3MgaW5zdGFsbF9tb2R1bGUgbG9hZF9tb2R1bGUgZ2V0X3BhcmFtIHNl dF9wYXJhbSB9CisJKCBoMSBkb20gaDIgKTsKK21sc2NvbnN0cmFpbiB0YWJsZSB7IGRyb3Ag c2V0YXR0ciByZWxhYmVsZnJvbSBzZWxlY3QgdXBkYXRlIGluc2VydCBkZWxldGUgdXNlIH0K KwkoIGgxIGRvbSBoMiApOworbWxzY29uc3RyYWluIGNvbHVtbiB7IGRyb3Agc2V0YXR0ciBy ZWxhYmVsZnJvbSBzZWxlY3QgdXBkYXRlIGluc2VydCB1c2UgfQorCSggaDEgZG9tIGgyICk7 CittbHNjb25zdHJhaW4gdHVwbGUgeyByZWxhYmVsZnJvbSBzZWxlY3QgdXBkYXRlIGRlbGV0 ZSB1c2UgfQorCSggaDEgZG9tIGgyICk7CittbHNjb25zdHJhaW4gcHJvY2VkdXJlIHsgZXhl Y3V0ZSB9CisJKCBoMSBkb20gaDIgKTsKK21sc2NvbnN0cmFpbiBibG9iIHsgZHJvcCBzZXRh dHRyIHJlbGFiZWxmcm9tIHJlYWQgd3JpdGUgfQorCSggaDEgZG9tIGgyICk7CisKICcpIGRu bCBlbmQgZW5hYmxlX21jcwpJbmRleDogcmVmcG9saWN5L3BvbGljeS9tb2R1bGVzL2tlcm5l bC9tbHMudGUKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PQotLS0gcmVmcG9saWN5L3BvbGljeS9tb2R1bGVzL2tl cm5lbC9tbHMudGUJKHJldmlzaW9uIDIzODUpCisrKyByZWZwb2xpY3kvcG9saWN5L21vZHVs ZXMva2VybmVsL21scy50ZQkod29ya2luZyBjb3B5KQpAQCAtNDMsNiArNDMsMTQgQEAKIGF0 dHJpYnV0ZSBtbHN4d2lud3JpdGVjb2xvcm1hcDsKIGF0dHJpYnV0ZSBtbHN4d2lud3JpdGV4 aW5wdXQ7CiAKK2F0dHJpYnV0ZSBtbHNkYXRhYmFzZXJlYWQ7CithdHRyaWJ1dGUgbWxzZGF0 YWJhc2VyZWFkdG9jbHI7CithdHRyaWJ1dGUgbWxzZGF0YWJhc2V3cml0ZTsKK2F0dHJpYnV0 ZSBtbHNkYXRhYmFzZXdyaXRldG9jbHI7CithdHRyaWJ1dGUgbWxzZGF0YWJhc2V3cml0ZWlu cmFuZ2U7CithdHRyaWJ1dGUgbWxzZGF0YWJhc2V1cGdyYWRlOworYXR0cmlidXRlIG1sc2Rh dGFiYXNlZG93bmdyYWRlOworCiBhdHRyaWJ1dGUgbWxzdHJ1c3RlZG9iamVjdDsKIAogYXR0 cmlidXRlIHByaXZyYW5nZXRyYW5zOwpJbmRleDogcmVmcG9saWN5L3BvbGljeS9tb2R1bGVz L2tlcm5lbC9tbHMuaWYKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gcmVmcG9saWN5L3BvbGljeS9tb2R1 bGVzL2tlcm5lbC9tbHMuaWYJKHJldmlzaW9uIDIzODUpCisrKyByZWZwb2xpY3kvcG9saWN5 L21vZHVsZXMva2VybmVsL21scy5pZgkod29ya2luZyBjb3B5KQpAQCAtNDA2LDYgKzQwNiw4 MiBAQAogCiAjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiAjIyA8 c3VtbWFyeT4KKyMjICAgICAgTWFrZSBzcGVjaWZpZWQgZG9tYWluIE1MUyB0cnVzdGVkCisj IyAgICAgIGZvciByZWFkaW5nIGZyb20gZGF0YWJhc2VzIGF0IGhpZ2hlciBsZXZlbHMuCisj IyA8L3N1bW1hcnk+CisjIyA8cGFyYW0gbmFtZT0iZG9tYWluIj4KKyMjICAgICAgPHN1bW1h cnk+CisjIyAgICAgIERvbWFpbiBhbGxvd2VkIGFjY2Vzcy4KKyMjICAgICAgPC9zdW1tYXJ5 PgorIyMgPC9wYXJhbT4KKyMKK2ludGVyZmFjZShgbWxzX2RhdGFiYXNlX3JlYWRfdXAnLGAK KwlnZW5fcmVxdWlyZShgCisJCWF0dHJpYnV0ZSBtbHNkYXRhYmFzZXJlYWQ7CisJJykKKwor CXR5cGVhdHRyaWJ1dGUgJDEgbWxzZGF0YWJhc2VyZWFkOworJykKKworIyMjIyMjIyMjIyMj IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIworIyMgPHN1bW1hcnk+CisjIyAgICAgICBN YWtlIHNwZWNpZmllZCBkb21haW4gTUxTIHRydXN0ZWQKKyMjICAgICAgIGZvciB3cml0aW5n IHRvIGRhdGFiYXNlcyBhdCBsb3dlciBsZXZlbHMuCisjIyA8L3N1bW1hcnk+CisjIyA8cGFy YW0gbmFtZT0iZG9tYWluIj4KKyMjICAgICAgPHN1bW1hcnk+CisjIyAgICAgIERvbWFpbiBh bGxvd2VkIGFjY2Vzcy4KKyMjICAgICAgPC9zdW1tYXJ5PgorIyMgPC9wYXJhbT4KKyMKK2lu dGVyZmFjZShgbWxzX2RhdGFiYXNlX3dyaXRlX2Rvd24nLGAKKwlnZW5fcmVxdWlyZShgCisJ CWF0dHJpYnV0ZSBtbHNkYXRhYmFzZXdyaXRlOworCScpCisKKwl0eXBlYXR0cmlidXRlICQx IG1sc2RhdGFiYXNld3JpdGU7CisnKQorCisjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj IyMjIyMjIyMjIyMjCisjIyA8c3VtbWFyeT4KKyMjICAgICAgTWFrZSBzcGVjaWZpZWQgZG9t YWluIE1MUyB0cnVzdGVkCisjIyAgICAgIGZvciByYWlzaW5nIHRoZSBsZXZlbCBvZiBkYXRh YmFzZXMuCisjIyA8L3N1bW1hcnk+CisjIyA8cGFyYW0gbmFtZT0iZG9tYWluIj4KKyMjICAg ICAgPHN1bW1hcnk+CisjIyAgICAgIERvbWFpbiBhbGxvd2VkIGFjY2Vzcy4KKyMjICAgICAg PC9zdW1tYXJ5PgorIyMgPC9wYXJhbT4KKyMKK2ludGVyZmFjZShgbWxzX2RhdGFiYXNlX3Vw Z3JhZGUnLGAKKwlnZW5fcmVxdWlyZShgCisJCWF0dHJpYnV0ZSBtbHNkYXRhYmFzZXVwZ3Jh ZGU7CisJJykKKworCXR5cGVhdHRyaWJ1dGUgJDEgbWxzZGF0YWJhc2V1cGdyYWRlOworJykK KworIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIworIyMgPHN1bW1h cnk+CisjIyAgICAgIE1ha2Ugc3BlY2lmaWVkIGRvbWFpbiBNTFMgdHJ1c3RlZAorIyMgICAg ICBmb3IgbG93ZXJpbmcgdGhlIGxldmVsIG9mIGRhdGFiYXNlcy4KKyMjIDwvc3VtbWFyeT4K KyMjIDxwYXJhbSBuYW1lPSJkb21haW4iPgorIyMgICAgICA8c3VtbWFyeT4KKyMjICAgICAg RG9tYWluIGFsbG93ZWQgYWNjZXNzLgorIyMgICAgICA8L3N1bW1hcnk+CisjIyA8L3BhcmFt PgorIworaW50ZXJmYWNlKGBtbHNfZGF0YWJhc2VfZG93bmdyYWRlJyxgCisJZ2VuX3JlcXVp cmUoYAorCQlhdHRyaWJ1dGUgbWxzZGF0YWJhc2Vkb3duZ3JhZGU7CisJJykKKworCXR5cGVh dHRyaWJ1dGUgJDEgbWxzZGF0YWJhc2Vkb3duZ3JhZGU7CisnKQorCisjIyMjIyMjIyMjIyMj IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCisjIyA8c3VtbWFyeT4KICMjCU1ha2Ugc3Bl Y2lmaWVkIG9iamVjdCBNTFMgdHJ1c3RlZC4KICMjIDwvc3VtbWFyeT4KICMjIDxkZXNjPgpJ bmRleDogcmVmcG9saWN5L3BvbGljeS9tbHMKPT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gcmVmcG9saWN5 L3BvbGljeS9tbHMJKHJldmlzaW9uIDIzODUpCisrKyByZWZwb2xpY3kvcG9saWN5L21scwko d29ya2luZyBjb3B5KQpAQCAtNjAwLDQgKzYwMCwxMDkgQEAKIG1sc2NvbnN0cmFpbiBjb250 ZXh0IGNvbnRhaW5zCiAJKCBoMSBkb20gaDIgKTsKIAorIworIyBNTFMgcG9saWN5IGZvciB0 aGUgZGF0YWJhc2UgcmVsYXRlZCBjbGFzc2VzCisjCisKKyMgbWFrZSBzdXJlIHRoZXNlIGRh dGFiYXNlIGNsYXNzZXMgYXJlICJzaW5nbGUgbGV2ZWwiCittbHNjb25zdHJhaW4geyBkYXRh YmFzZSB0YWJsZSBwcm9jZWR1cmUgY29sdW1uIGJsb2IgfSB7IGNyZWF0ZSByZWxhYmVsdG8g fQorCSggbDIgZXEgaDIgKTsKK21sc2NvbnN0cmFpbiB7IHR1cGxlIH0geyBpbnNlcnQgcmVs YWJlbHRvIH0KKwkoIGwyIGVxIGgyICk7CisKKyMgbmV3IGZpbGUgbGFiZWxzIG11c3QgYmUg ZG9taW5hdGVkIGJ5IHRoZSByZWxhYmVsaW5nIHN1YmplY3RzIGNsZWFyYW5jZQorbWxzY29u c3RyYWluIHsgZGF0YWJhc2UgdGFibGUgcHJvY2VkdXJlIGNvbHVtbiB0dXBsZSBibG9iIH0g eyByZWxhYmVsdG8gfQorCSggaDEgZG9tIGgyICk7CisKKyMgdGhlIGRhdGFiYXNlICJyZWFk IiBvcHMgKG5vdGUgdGhlIGNoZWNrIGlzIGRvbWluYW5jZSBvZiB0aGUgbG93IGxldmVsKQor bWxzY29uc3RyYWluIHsgZGF0YWJhc2UgdGFibGUgcHJvY2VkdXJlIGNvbHVtbiBibG9iIH0g eyBnZXRhdHRyIH0KKwkoKCBsMSBkb20gbDIgKSBvcgorCSAoKCB0MSA9PSBtbHNkYXRhYmFz ZXJlYWR0b2NsciApIGFuZCAoIGgxIGRvbSBsMiApKSBvcgorCSAoIHQxID09IG1sc2RhdGFi YXNlcmVhZCApIG9yCisJICggdDIgPT0gbWxzdHJ1c3RlZG9iamVjdCApKTsKKworbWxzY29u c3RyYWluIHsgZGF0YWJhc2UgfSB7IGFjY2VzcyBnZXRfcGFyYW0gfQorCSgoIGwxIGRvbSBs MiApIG9yCisJICgoIHQxID09IG1sc2RhdGFiYXNlcmVhZHRvY2xyICkgYW5kICggaDEgZG9t IGwyICkpIG9yCisJICggdDEgPT0gbWxzZGF0YWJhc2VyZWFkICkgb3IKKwkgKCB0MiA9PSBt bHN0cnVzdGVkb2JqZWN0ICkpOworCittbHNjb25zdHJhaW4geyB0YWJsZSBjb2x1bW4gfSB7 IHVzZSBzZWxlY3QgfQorCSgoIGwxIGRvbSBsMiApIG9yCisJICgoIHQxID09IG1sc2RhdGFi YXNlcmVhZHRvY2xyICkgYW5kICggaDEgZG9tIGwyICkpIG9yCisJICggdDEgPT0gbWxzZGF0 YWJhc2VyZWFkICkgb3IKKwkgKCB0MiA9PSBtbHN0cnVzdGVkb2JqZWN0ICkpOworCittbHNj b25zdHJhaW4geyBwcm9jZWR1cmUgfSB7IGV4ZWN1dGUgfQorCSgoIGwxIGRvbSBsMiApIG9y CisJICgoIHQxID09IG1sc2RhdGFiYXNlcmVhZHRvY2xyICkgYW5kICggaDEgZG9tIGwyICkp IG9yCisJICggdDEgPT0gbWxzZGF0YWJhc2VyZWFkICkgb3IKKwkgKCB0MiA9PSBtbHN0cnVz dGVkb2JqZWN0ICkpOworCittbHNjb25zdHJhaW4geyBibG9iIH0geyByZWFkIH0KKwkoKCBs MSBkb20gbDIgKSBvcgorCSAoKCB0MSA9PSBtbHNkYXRhYmFzZXJlYWR0b2NsciApIGFuZCAo IGgxIGRvbSBsMiApKSBvcgorCSAoIHQxID09IG1sc2RhdGFiYXNlcmVhZCApIG9yCisJICgg dDIgPT0gbWxzdHJ1c3RlZG9iamVjdCApKTsKKworbWxzY29uc3RyYWluIHsgdHVwbGUgfSB7 IHVzZSBzZWxlY3QgfQorCSgoIGwxIGRvbSBsMiApIG9yCisJICgoIHQxID09IG1sc2RhdGFi YXNlcmVhZHRvY2xyICkgYW5kICggaDEgZG9tIGwyICkpIG9yCisJICggdDEgPT0gbWxzZGF0 YWJhc2VyZWFkICkgb3IKKwkgKCB0MiA9PSBtbHN0cnVzdGVkb2JqZWN0ICkpOworCisjIHRo ZSAic2luZ2xlIGxldmVsIiBmaWxlICJ3cml0ZSIgb3BzCittbHNjb25zdHJhaW4geyBkYXRh YmFzZSB0YWJsZSBwcm9jZWR1cmUgY29sdW1uIGJsb2IgfSB7IGNyZWF0ZSBkcm9wIHNldGF0 dHIgcmVsYWJlbGZyb20gfQorCSgoIGwxIGVxIGwyICkgb3IKKwkgKCggdDEgPT0gbWxzZGF0 YWJhc2V3cml0ZXRvY2xyICkgYW5kICggaDEgZG9tIGwyICkgYW5kICggbDEgZG9tYnkgbDIg KSkgb3IKKwkgKCggdDIgPT0gbWxzZGF0YWJhc2V3cml0ZWlucmFuZ2UgKSBhbmQgKCBsMSBk b20gbDIgKSBhbmQgKCBoMSBkb21ieSBoMiApKSBvcgorCSAoIHQxID09IG1sc2RhdGFiYXNl d3JpdGUgKSBvcgorCSAoIHQyID09IG1sc3RydXN0ZWRvYmplY3QgKSk7CisKK21sc2NvbnN0 cmFpbiB7IGRhdGFiYXNlIH0geyBpbnN0YWxsX21vZHVsZSBsb2FkX21vZHVsZSBzZXRfcGFy YW0gfQorCSgoIGwxIGVxIGwyICkgb3IKKwkgKCggdDEgPT0gbWxzZGF0YWJhc2V3cml0ZXRv Y2xyICkgYW5kICggaDEgZG9tIGwyICkgYW5kICggbDEgZG9tYnkgbDIgKSkgb3IKKwkgKCgg dDIgPT0gbWxzZGF0YWJhc2V3cml0ZWlucmFuZ2UgKSBhbmQgKCBsMSBkb20gbDIgKSBhbmQg KCBoMSBkb21ieSBoMiApKSBvcgorCSAoIHQxID09IG1sc2RhdGFiYXNld3JpdGUgKSBvcgor CSAoIHQyID09IG1sc3RydXN0ZWRvYmplY3QgKSk7CisKK21sc2NvbnN0cmFpbiB7IHRhYmxl IH0geyB1cGRhdGUgaW5zZXJ0IGRlbGV0ZSBsb2NrIH0KKwkoKCBsMSBlcSBsMiApIG9yCisJ ICgoIHQxID09IG1sc2RhdGFiYXNld3JpdGV0b2NsciApIGFuZCAoIGgxIGRvbSBsMiApIGFu ZCAoIGwxIGRvbWJ5IGwyICkpIG9yCisJICgoIHQyID09IG1sc2RhdGFiYXNld3JpdGVpbnJh bmdlICkgYW5kICggbDEgZG9tIGwyICkgYW5kICggaDEgZG9tYnkgaDIgKSkgb3IKKwkgKCB0 MSA9PSBtbHNkYXRhYmFzZXdyaXRlICkgb3IKKwkgKCB0MiA9PSBtbHN0cnVzdGVkb2JqZWN0 ICkpOworCittbHNjb25zdHJhaW4geyBjb2x1bW4gfSB7IHVwZGF0ZSBpbnNlcnQgfQorCSgo IGwxIGVxIGwyICkgb3IKKwkgKCggdDEgPT0gbWxzZGF0YWJhc2V3cml0ZXRvY2xyICkgYW5k ICggaDEgZG9tIGwyICkgYW5kICggbDEgZG9tYnkgbDIgKSkgb3IKKwkgKCggdDIgPT0gbWxz ZGF0YWJhc2V3cml0ZWlucmFuZ2UgKSBhbmQgKCBsMSBkb20gbDIgKSBhbmQgKCBoMSBkb21i eSBoMiApKSBvcgorCSAoIHQxID09IG1sc2RhdGFiYXNld3JpdGUgKSBvcgorCSAoIHQyID09 IG1sc3RydXN0ZWRvYmplY3QgKSk7CisKK21sc2NvbnN0cmFpbiB7IGJsb2IgfSB7IHdyaXRl IGltcG9ydCBleHBvcnQgfQorCSgoIGwxIGVxIGwyICkgb3IKKwkgKCggdDEgPT0gbWxzZGF0 YWJhc2V3cml0ZXRvY2xyICkgYW5kICggaDEgZG9tIGwyICkgYW5kICggbDEgZG9tYnkgbDIg KSkgb3IKKwkgKCggdDIgPT0gbWxzZGF0YWJhc2V3cml0ZWlucmFuZ2UgKSBhbmQgKCBsMSBk b20gbDIgKSBhbmQgKCBoMSBkb21ieSBoMiApKSBvcgorCSAoIHQxID09IG1sc2RhdGFiYXNl d3JpdGUgKSBvcgorCSAoIHQyID09IG1sc3RydXN0ZWRvYmplY3QgKSk7CisKK21sc2NvbnN0 cmFpbiB7IHR1cGxlIH0geyByZWxhYmVsZnJvbSB1cGRhdGUgaW5zZXJ0IGRlbGV0ZSB9CisJ KCggbDEgZXEgbDIgKSBvcgorCSAoKCB0MSA9PSBtbHNkYXRhYmFzZXdyaXRldG9jbHIgKSBh bmQgKCBoMSBkb20gbDIgKSBhbmQgKCBsMSBkb21ieSBsMiApKSBvcgorCSAoKCB0MiA9PSBt bHNkYXRhYmFzZXdyaXRlaW5yYW5nZSApIGFuZCAoIGwxIGRvbSBsMiApIGFuZCAoIGgxIGRv bWJ5IGgyICkpIG9yCisJICggdDEgPT0gbWxzZGF0YWJhc2V3cml0ZSApIG9yCisJICggdDIg PT0gbWxzdHJ1c3RlZG9iamVjdCApKTsKKworIyB0aGUgZGF0YWJhc2UgdXBncmFkZS9kb3du Z3JhZGUgcnVsZQorbWxzdmFsaWRhdGV0cmFucyB7IGRhdGFiYXNlIHRhYmxlIHByb2NlZHVy ZSBjb2x1bW4gdHVwbGUgYmxvYiB9CisJKCgoIGwxIGVxIGwyICkgb3IKKwkgICgoIHQzID09 IG1sc2RhdGFiYXNldXBncmFkZSApIGFuZCAoIGwxIGRvbWJ5IGwyICkpIG9yCisJICAoKCB0 MyA9PSBtbHNkYXRhYmFzZWRvd25ncmFkZSApIGFuZCAoIGwxIGRvbSBsMiApKSBvcgorCSAg KCggdDMgPT0gbWxzZGF0YWJhc2Vkb3duZ3JhZGUgKSBhbmQgKCBsMSBpbmNvbXAgbDIgKSkp IGFuZAorCSAoKCBsMSBlcSBoMiApIG9yCisJICAoKCB0MyA9PSBtbHNkYXRhYmFzZXVwZ3Jh ZGUgKSBhbmQgKCBoMSBkb21ieSBoMiApKSBvcgorCSAgKCggdDMgPT0gbWxzZGF0YWJhc2Vk b3duZ3JhZGUgKSBhbmQgKCBoMSBkb20gaDIgKSkgb3IKKwkgICgoIHQzID09IG1sc2RhdGFi YXNlZG93bmdyYWRlICkgYW5kICggaDEgaW5jb21wIGgyICkpKSk7CisKICcpIGRubCBlbmQg ZW5hYmxlX21scwo= --------------080702060803000208050804-- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.