targeted policy patch

[Serge Hallyn <serge.hallyn@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 623 bytes --]

Hi,

In order to compile the sf.net targeted policy on a gentoo system with
the sf.net checkpolicy, I needed the following patch.  It does several
small things, the last of which I expect is actually wrong, but at
least gets me a compiling policy:

1. preserves kernel.te to get its type declaration.
2. fixes what i assume is a type, 'rm -rf domains/misc/used' instead of unused
3. deletes setfiles.fc, since setfiles_exec_t is not declared in the policy
4. adds the unrestricted attribute to the insmod_t domain.  This stops
a conflict with the neverallow rule for ~signal -> unconfined_t.

thanks,
-serge

[-- Attachment #2: targeted_nits.patch --]
[-- Type: application/octet-stream, Size: 1883 bytes --]

Index: policy/selinux-policy-targeted.spec
===================================================================
--- policy.orig/selinux-policy-targeted.spec	2005-05-19 09:56:03.000000000 -0500
+++ policy/selinux-policy-targeted.spec	2005-05-19 09:57:28.000000000 -0500
@@ -48,8 +48,10 @@
 for i in amanda.te apache.te chkpwd.te cups.te dhcpd.te dictd.te dovecot.te fingerd.te ftpd.te howl.te i18n_input.te init.te initrc.te inetd.te innd.te kerberos.te ktalkd.te ldconfig.te login.te lpd.te mailman.te modutil.te mta.te mysqld.te named.te nscd.te ntpd.te portmap.te postgresql.te privoxy.te radius.te radvd.te rlogind.te rpcd.te rshd.te rsync.te samba.te slapd.te snmpd.te spamd.te squid.te stunnel.te syslogd.te telnetd.te tftpd.te winbind.te ypbind.te ypserv.te zebra.te; do
 mv domains/program/unused/$i domains/program/ 
 done 
+cp domains/misc/unused/kernel.te domains/misc
 rm -rf domains/program/unused 
-rm -rf domains/misc/used 
+rm -rf domains/misc/unused 
+rm file_contexts/program/setfiles.fc
 cp -R %{type}/* .
 echo "define(\`targeted_policy')"  > tunables/tunable.tun
 echo "define(\`hide_broken_symptoms')"  >> tunables/tunable.tun
Index: policy/domains/program/modutil.te
===================================================================
--- policy.orig/domains/program/modutil.te	2005-05-19 09:56:03.000000000 -0500
+++ policy/domains/program/modutil.te	2005-05-19 09:58:17.000000000 -0500
@@ -70,7 +70,7 @@
 # Rules for the insmod_t domain.
 #
 
-type insmod_t, domain, privlog, sysctl_kernel_writer, privmem, privsysmod ifdef(`unlimitedUtils', `, admin, etc_writer, fs_domain, auth_write, privowner, privmodule' )
+type insmod_t, domain, unrestricted, privlog, sysctl_kernel_writer, privmem, privsysmod ifdef(`unlimitedUtils', `, admin, etc_writer, fs_domain, auth_write, privowner, privmodule' )
 ;
 role system_r types insmod_t;
 role sysadm_r types insmod_t;