tags 524516 patch thanks Patch: - Only record updates to modules selection. - Fixes pythonsetup policy.
Bastian
diff -u refpolicy-0.0.20080702/policy/modules/system/pythonsupport.te
refpolicy-0.0.20080702/policy/modules/system/pythonsupport.te
--- refpolicy-0.0.20080702/policy/modules/system/pythonsupport.te
+++ refpolicy-0.0.20080702/policy/modules/system/pythonsupport.te
@@ -42,3 +42,3 @@
allow pythoncompile_t python_compiled_t:file manage_file_perms;
-allow pythoncompile_t python_compiled_t:lnk_file manage_file_perms;
+allow pythoncompile_t python_compiled_t:lnk_file read_lnk_file_perms;
files_var_lib_filetrans(pythoncompile_t, python_compiled_t, dir)
diff -u refpolicy-0.0.20080702/debian/changelog
refpolicy-0.0.20080702/debian/changelog
--- refpolicy-0.0.20080702/debian/changelog
+++ refpolicy-0.0.20080702/debian/changelog
@@ -1,3 +1,12 @@
+refpolicy (2:0.0.20080702-14.1) UNRELEASED; urgency=low
+
+ * Non-maintainer upload.
+ * Only record changes to original modules selections. (closes: #524516)
+ * Again disable unbuildable portslave policy.
+ * Fix pythonsupport policy.
+
+ -- Bastian Blank <wa...@debian.org> Mon, 27 Apr 2009 13:55:58 +0200
+
refpolicy (2:0.0.20080702-14) unstable; urgency=high
* Allow noatsecure for Xen domains so that LD_PRELOAD will work across
reverted:
--- refpolicy-0.0.20080702/debian/modules.conf.default
+++ refpolicy-0.0.20080702.orig/debian/modules.conf.default
@@ -1,1201 +0,0 @@
-#
-# This file contains a listing of available modules.
-# To prevent a module from being used in policy
-# creation, set the module name to "off".
-#
-# For monolithic policies, modules set to "base" and "module"
-# will be built into the policy.
-#
-# For modular policies, modules set to "base" will be
-# included in the base module. "module" will be compiled
-# as individual loadable modules.
-#
-
-# Layer: admin
-# Module: dpkg
-#
-# Policy for the Debian package manager.
-#
-dpkg = base
-
-# Layer: admin
-# Module: apt
-#
-# APT advanced package toll.
-#
-apt = base
-
-# Layer: kernel
-# Module: terminal
-# Required in base
-#
-# Policy for terminals.
-#
-terminal = base
-
-# Layer: kernel
-# Module: kernel
-# Required in base
-#
-# Policy for kernel threads, proc filesystem,and unlabeled processes and
objects.
-#
-kernel = base
-
-# Layer: kernel
-# Module: filesystem
-# Required in base
-#
-# Policy for filesystems.
-#
-filesystem = base
-
-# Layer: kernel
-# Module: devices
-# Required in base
-#
-# Device nodes and interfaces for many basic system devices.
-#
-devices = base
-
-# Layer: kernel
-# Module: corenetwork
-# Required in base
-#
-# Policy controlling access to network objects
-#
-corenetwork = base
-
-# Layer: kernel
-# Module: mls
-# Required in base
-#
-# Multilevel security policy
-#
-mls = base
-
-# Layer: kernel
-# Module: mcs
-# Required in base
-#
-# MultiCategory security policy
-#
-mcs = base
-
-# Layer: kernel
-# Module: selinux
-# Required in base
-#
-# Policy for kernel security interface, in particular, selinuxfs.
-#
-selinux = base
-
-# Layer: kernel
-# Module: files
-# Required in base
-#
-# Basic filesystem types and interfaces.
-#
-files = base
-
-# Layer: kernel
-# Module: domain
-# Required in base
-#
-# Core policy for domains.
-#
-domain = base
-
-# Layer: kernel
-# Module: corecommands
-# Required in base
-#
-# Core policy for shells, and generic programs
-# in /bin, /sbin, /usr/bin, and /usr/sbin.
-#
-corecommands = base
-
-# Layer: admin
-# Module: acct
-#
-# Berkeley process accounting
-#
-acct = module
-
-# Layer: admin
-# Module: usermanage
-#
-# Policy for managing user accounts.
-#
-usermanage = base
-
-# Layer: admin
-# Module: rpm
-#
-# Policy for the RPM package manager.
-#
-rpm = off
-
-# Layer: admin
-# Module: readahead
-#
-# Readahead, read files into page cache for improved performance
-#
-readahead = off
-
-# Layer: apps
-# Module: alsa
-#
-# alsa - Configure sound
-#
-alsa = module
-
-# Layer: admin
-# Module: kudzu
-#
-# Hardware detection and configuration tools
-#
-kudzu = off
-
-# Layer: admin
-# Module: updfstab
-#
-# Red Hat utility to change /etc/fstab.
-#
-updfstab = off
-
-# Layer: admin
-# Module: netutils
-#
-# Network analysis utilities
-#
-netutils = module
-
-# Layer: admin
-# Module: vpn
-#
-# Virtual Private Networking client
-#
-vpn = module
-
-# Layer: admin
-# Module: su
-#
-# Run shells with substitute user and group
-#
-su = base
-
-# Layer: admin
-# Module: dmesg
-#
-# Policy for dmesg.
-#
-dmesg = base
-
-# Layer: admin
-# Module: anaconda
-#
-# Policy for the Anaconda installer.
-#
-anaconda = off
-
-# Layer: admin
-# Module: amanda
-#
-# Automated backup program.
-#
-amanda = module
-
-# Layer: admin
-# Module: logrotate
-#
-# Rotate and archive system logs
-#
-logrotate = base
-
-# Layer: admin
-# Module: quota
-#
-# File system quota management
-#
-quota = module
-
-# Layer: admin
-# Module: consoletype
-#
-# Determine of the console connected to the controlling terminal.
-#
-consoletype = off
-
-# Layer: admin
-# Module: sudo
-#
-# Execute a command with a substitute user
-#
-sudo = module
-
-# Layer: admin
-# Module: firstboot
-#
-# Final system configuration run during the first boot
-# after installation of Red Hat/Fedora systems.
-#
-firstboot = off
-
-# Layer: admin
-# Module: certwatch
-#
-# Digital Certificate Tracking
-#
-certwatch = module
-
-# Layer: admin
-# Module: tmpreaper
-#
-# Manage temporary directory sizes and file ages
-#
-tmpreaper = module
-
-# Layer: admin
-# Module: dmidecode
-#
-# Decode DMI data for x86/ia64 bioses.
-#
-dmidecode = module
-
-# Layer: apps
-# Module: gpg
-#
-# Policy for GNU Privacy Guard and related programs.
-#
-gpg = module
-
-# Layer: apps
-# Module: loadkeys
-#
-# Load keyboard mappings.
-#
-loadkeys = module
-
-# Layer: apps
-# Module: webalizer
-#
-# Web server log analysis
-#
-webalizer = module
-
-# Layer: kernel
-# Module: bootloader
-#
-# Policy for the kernel modules, kernel image, and bootloader.
-#
-bootloader = module
-
-# Layer: kernel
-# Module: storage
-#
-# Policy controlling access to storage devices
-#
-storage = base
-
-# Layer: services
-# Module: epmd
-#
-# Policy for Erlang Port Mapping Daemon
-#
-epmd = module
-
-# Layer: services
-# Module: jabber
-#
-# Policy for jabber messaging server
-#
-jabber = module
-
-# Layer: services
-# Module: audioentropy
-#
-# Policy for daemons that use a microphone input as a source of entropy
-#
-audioentropy = module
-
-# Layer: services
-# Module: nagios
-#
-# Policy for NAGIOS network monitor
-#
-nagios = module
-
-# Layer: services
-# Module: dkim
-#
-# Policy for DKIM mail signing milter
-#
-dkim = module
-
-# Layer: services
-# Module: clamav
-#
-# Policy for Clam Anti Virus
-#
-clamav = module
-
-# Layer: services
-# Module: asterisk
-#
-# Policy for Asterisk VOIP server
-#
-asterisk = module
-
-# Layer: services
-# Module: nis
-#
-# Policy for NIS (YP) servers and clients
-#
-nis = module
-
-# Layer: services
-# Module: distcc
-#
-# Distributed compiler daemon
-#
-distcc = module
-
-# Layer: services
-# Module: rshd
-#
-# Remote shell service.
-#
-rshd = module
-
-# Layer: services
-# Module: cpucontrol
-#
-# Services for loading CPU microcode and CPU frequency scaling.
-#
-cpucontrol = module
-
-# Layer: services
-# Module: vbetool
-#
-# run real-mode video BIOS code to alter hardware state
-#
-vbetool = module
-
-# Layer: services
-# Module: bind
-#
-# Berkeley internet name domain DNS server.
-#
-bind = module
-
-# Layer: services
-# Module: canna
-#
-# Canna - kana-kanji conversion server
-#
-canna = module
-
-# Layer: services
-# Module: uucp
-#
-# Unix to Unix Copy
-#
-uucp = module
-
-# Layer: services
-# Module: sasl
-#
-# SASL authentication server
-#
-sasl = module
-
-# Layer: services
-# Module: pegasus
-#
-# The Open Group Pegasus CIM/WBEM Server.
-#
-pegasus = module
-
-# Layer: services
-# Module: cron
-#
-# Periodic execution of scheduled commands.
-#
-cron = base
-
-# Layer: services
-# Module: sendmail
-#
-# Policy for sendmail.
-#
-sendmail = module
-
-# Layer: services
-# Module: samba
-#
-# SMB and CIFS client/server programs for UNIX and
-# name Service Switch daemon for resolving names
-# from Windows NT servers.
-#
-samba = module
-
-# Layer: services
-# Module: dbus
-#
-# Desktop messaging bus
-#
-dbus = module
-
-# Layer: services
-# Module: howl
-#
-# Port of Apple Rendezvous multicast DNS
-#
-howl = module
-
-# Layer: services
-# Module: postgresql
-#
-# PostgreSQL relational database
-#
-postgresql = module
-
-# Layer: services
-# Module: snmp
-#
-# Simple network management protocol services
-#
-snmp = module
-
-# Layer: services
-# Module: remotelogin
-#
-# Policy for rshd, rlogind, and telnetd.
-#
-remotelogin = module
-
-# Layer: services
-# Module: telnet
-#
-# Telnet daemon
-#
-telnet = module
-
-# Layer: services
-# Module: irqbalance
-#
-# IRQ balancing daemon
-#
-irqbalance = module
-
-# Layer: services
-# Module: mailman
-#
-# Mailman is for managing electronic mail discussion and e-newsletter lists
-#
-mailman = module
-
-# Layer: services
-# Module: dbskk
-#
-# Dictionary server for the SKK Japanese input method system.
-#
-dbskk = module
-
-# Layer: services
-# Module: ldap
-#
-# OpenLDAP directory server
-#
-ldap = module
-
-# Layer: services
-# Module: tftp
-#
-# Trivial file transfer protocol daemon
-#
-tftp = module
-
-# Layer: services
-# Module: portmap
-#
-# RPC port mapping service.
-#
-portmap = module
-
-# Layer: services
-# Module: arpwatch
-#
-# Ethernet activity monitor.
-#
-arpwatch = module
-
-# Layer: services
-# Module: dovecot
-#
-# Dovecot POP and IMAP mail server
-#
-dovecot = module
-
-# Layer: services
-# Module: cups
-#
-# Common UNIX printing system
-#
-cups = module
-
-# Layer: services
-# Module: networkmanager
-#
-# Manager for dynamically switching between networks.
-#
-networkmanager = module
-
-# Layer: services
-# Module: inn
-#
-# Internet News NNTP server
-#
-inn = module
-
-# Layer: services
-# Module: sysstat
-#
-# Policy for sysstat. Reports on various system states
-#
-sysstat = module
-
-# Layer: services
-# Module: comsat
-#
-# Comsat, a biff server.
-#
-comsat = module
-
-# Layer: services
-# Module: squid
-#
-# Squid caching http proxy server
-#
-squid = module
-
-# Layer: services
-# Module: zebra
-#
-# Zebra border gateway protocol network routing service
-#
-zebra = module
-
-# Layer: services
-# Module: xfs
-#
-# X Windows Font Server
-#
-xfs = module
-
-# Layer: services
-# Module: ktalk
-#
-# KDE Talk daemon
-#
-ktalk = module
-
-# Layer: services
-# Module: procmail
-#
-# Procmail mail delivery agent
-#
-procmail = module
-
-# Layer: services
-# Module: lpd
-#
-# Line printer daemon
-#
-lpd = module
-
-# Layer: services
-# Module: cyrus
-#
-# Cyrus is an IMAP service intended to be run on sealed servers
-#
-cyrus = module
-
-# Layer: services
-# Module: rdisc
-#
-# Network router discovery daemon
-#
-rdisc = module
-
-# Layer: services
-# Module: xserver
-#
-# X windows login display manager
-#
-xserver = module
-
-# Layer: services
-# Module: nscd
-#
-# Name service cache daemon
-#
-nscd = module
-
-# Layer: services
-# Module: ppp
-#
-# Point to Point Protocol daemon creates links in ppp networks
-#
-ppp = module
-
-# Layer: services
-# Module: ftp
-#
-# File transfer protocol service
-#
-ftp = module
-
-# Layer: services
-# Module: gpm
-#
-# General Purpose Mouse driver
-#
-gpm = module
-
-# Layer: services
-# Module: mta
-#
-# Policy common to all email tranfer agents.
-#
-mta = base
-
-# Layer: services
-# Module: exim
-#
-# Exim email server
-#
-exim = module
-
-# Layer: services
-# Module: postfix
-#
-# Postfix email server
-#
-postfix = module
-
-# Layer: services
-# Module: fetchmail
-#
-# Remote-mail retrieval and forwarding utility
-#
-fetchmail = module
-
-# Layer: services
-# Module: ntp
-#
-# Network time protocol daemon
-#
-ntp = module
-
-# Layer: services
-# Module: bluetooth
-#
-# Bluetooth tools and system services.
-#
-bluetooth = module
-
-# Layer: services
-# Module: hal
-#
-# Hardware abstraction layer
-#
-hal = base
-
-# Layer: services
-# Module: avahi
-#
-# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture
-#
-avahi = module
-
-# Layer: services
-# Module: rpc
-#
-# Remote Procedure Call Daemon for managment of network based process
communication
-#
-rpc = module
-
-# Layer: services
-# Module: apache
-#
-# Apache web server
-#
-apache = module
-
-# Layer: services
-# Module: rsync
-#
-# Fast incremental file transfer for synchronization
-#
-rsync = module
-
-# Layer: services
-# Module: automount
-#
-# Filesystem automounter service.
-#
-automount = module
-
-# Layer: services
-# Module: kerberos
-#
-# MIT Kerberos admin and KDC
-#
-kerberos = module
-
-# Layer: services
-# Module: dhcp
-#
-# Dynamic host configuration protocol (DHCP) server
-#
-dhcp = module
-
-# Layer: services
-# Module: ssh
-#
-# Secure shell client and server policy.
-#
-ssh = module
-
-# Layer: services
-# Module: inetd
-#
-# Internet services daemon.
-#
-inetd = base
-
-# Layer: services
-# Module: mysql
-#
-# Policy for MySQL
-#
-mysql = module
-
-# Layer: services
-# Module: dictd
-#
-# Dictionary daemon
-#
-dictd = module
-
-# Layer: services
-# Module: finger
-#
-# Finger user information service.
-#
-finger = module
-
-# Layer: services
-# Module: radius
-#
-# RADIUS authentication and accounting server.
-#
-radius = module
-
-# Layer: services
-# Module: spamassassin
-#
-# Filter used for removing unsolicited email.
-#
-spamassassin = module
-
-# Layer: services
-# Module: radvd
-#
-# IPv6 router advertisement daemon
-#
-radvd = module
-
-# Layer: services
-# Module: apm
-#
-# Advanced power management daemon
-#
-apm = module
-
-# Layer: system
-# Module: application
-# Required in base
-#
-# Defines attributs and interfaces for all user applications
-#
-application = base
-
-# Layer: services
-# Module: tcpd
-#
-# Policy for TCP daemon.
-#
-tcpd = module
-
-# Layer: services
-# Module: stunnel
-#
-# SSL Tunneling Proxy
-#
-stunnel = module
-
-# Layer: services
-# Module: privoxy
-#
-# Privacy enhancing web proxy.
-#
-privoxy = module
-
-# Layer: services
-# Module: cvs
-#
-# Concurrent versions system
-#
-cvs = module
-
-# Layer: services
-# Module: rlogin
-#
-# Remote login daemon
-#
-rlogin = module
-
-# Layer: system
-# Module: application
-# Required in base
-#
-# Defines attributs and interfaces for all user applications
-#
-application = base
-
-# Layer: system
-# Module: fstools
-#
-# Tools for filesystem management, such as mkfs and fsck.
-#
-fstools = base
-
-# Layer: system
-# Module: logging
-#
-# Policy for the kernel message logger and system logging daemon.
-#
-logging = base
-
-# Layer: system
-# Module: hostname
-#
-# Policy for changing the system host name.
-#
-hostname = base
-
-# Layer: system
-# Module: getty
-#
-# Policy for getty.
-#
-getty = base
-
-# Layer: system
-# Module: lvm
-#
-# Policy for logical volume management programs.
-#
-lvm = module
-
-# Layer: system
-# Module: sysnetwork
-#
-# Policy for network configuration: ifconfig and dhcp client.
-#
-sysnetwork = base
-
-# Layer: system
-# Module: init
-#
-# System initialization programs (init and init scripts).
-#
-init = base
-
-# Layer: system
-# Module: selinuxutil
-#
-# Policy for SELinux policy and userland applications.
-#
-selinuxutil = base
-
-# Layer: system
-# Module: udev
-#
-# Policy for udev.
-#
-udev = base
-
-# Layer: system
-# Module: xen
-#
-# Xen virtualisation management
-#
-xen = module
-
-# Layer: system
-# Module: pcmcia
-#
-# PCMCIA card management services
-#
-pcmcia = module
-
-# Layer: system
-# Module: authlogin
-#
-# Common policy for authentication and user login.
-#
-authlogin = base
-
-# Layer: system
-# Module: libraries
-#
-# Policy for system libraries.
-#
-libraries = base
-
-# Layer: system
-# Module: raid
-#
-# RAID array management tools
-#
-raid = module
-
-# Layer: system
-# Module: userdomain
-#
-# Policy for user domains
-#
-userdomain = base
-
-# Layer: system
-# Module: modutils
-#
-# Policy for kernel module utilities
-#
-modutils = base
-
-# Layer: system
-# Module: hotplug
-#
-# Policy for hotplug system, for supporting the
-# connection and disconnection of devices at runtime.
-#
-hotplug = base
-
-# Layer: system
-# Module: clock
-#
-# Policy for reading and setting the hardware clock.
-#
-clock = base
-
-# Layer: system
-# Module: locallogin
-#
-# Policy for local logins.
-#
-locallogin = base
-
-# Layer: system
-# Module: iptables
-#
-# Policy for iptables.
-#
-iptables = base
-
-# Layer: system
-# Module: mount
-#
-# Policy for mount.
-#
-mount = base
-
-# Layer: system
-# Module: unconfined
-#
-# The unconfined domain.
-#
-unconfined = module
-
-# Layer: system
-# Module: miscfiles
-#
-# Miscelaneous files.
-#
-miscfiles = base
-
-# Layer: system
-# Module: ipsec
-#
-# TCP/IP encryption
-#
-ipsec = module
-
-# Layer: apps
-# Module: java
-#
-# java executable
-#
-java = module
-
-# Layer: services
-# Module: prelink
-#
-# prelink executable
-#
-prelink = module
-
-# Layer: apps
-# Module: slocate
-#
-# locate executable
-#
-slocate = module
-
-# Layer: services
-# Module: logwatch
-#
-# logwatch executable
-#
-logwatch = module
-
-# Layer: system
-# Module: setrans
-# Required in base
-#
-# Policy for setrans
-#
-setrans = base
-
-# Layer: services
-# Module: openvpn
-#
-# Policy for OPENVPN full-featured SSL VPN solution
-#
-openvpn = module
-
-# Layer: services
-# Module: smartmon
-#
-# Smart disk monitoring daemon policy
-#
-smartmon = module
-
-# Layer: system
-# Module: netlabel
-# Required in base
-#
-# Basic netlabel types and interfaces.
-#
-netlabel = base
-
-# Layer: services
-# Module: aide
-#
-# Policy for aide
-#
-aide = module
-
-# Layer: service
-# Module: pcscd
-#
-# PC/SC Smart Card Daemon
-#
-pcscd = module
-
-# Layer: service
-# Module: openct
-#
-# Middleware framework for smart card terminals
-#
-openct = module
-
-# Layer: system
-# Module: tzdata
-#
-# Policy for tzdata-update
-#
-tzdata = module
-
-# Layer: admin
-# Module: amtu
-#
-# Abstract Machine Test Utility (AMTU)
-#
-amtu = off
-
-# Layer: services
-# Module: prelude
-#
-#
-#
-prelude = module
-
-# Layer: role
-# Module: secadm
-#
-# Root role used to manage selinux
-#
-secadm = off
-
-# Layer: role
-# Module: auditadm
-#
-# Root role used to manage audit system
-#
-auditadm = module
-
-# Layer:role
-# Module: staff
-#
-# admin account
-#
-staff = base
-
-# Layer:role
-# Module: sysadm
-#
-# System Administrator
-#
-sysadm = base
-
-# Layer: role
-# Module: unprivuser
-#
-# user account
-#
-unprivuser = base
-
-# Layer: role
-# Module: guest
-#
-# Minimally privs guest account on tty logins
-#
-#guest = module
-
-# Layer: role
-# Module: xguest
-#
-# Minimally privs guest account on X Windows logins
-#
-#xguest = module
-
-# Layer: services
-# Module: courier
-#
-# IMAP and POP3 email servers
-#
-courier = module
diff -u refpolicy-0.0.20080702/debian/local.mk
refpolicy-0.0.20080702/debian/local.mk
--- refpolicy-0.0.20080702/debian/local.mk
+++ refpolicy-0.0.20080702/debian/local.mk
@@ -73,10 +73,14 @@
$(MAKE) -C $(SRCTOP)/debian/build-$(package) \
NAME=mls TYPE=mls $(OPTIONS) bare
test -e debian/stamp-config-mls || \
+ cp debian/modules.conf.mls.update
debian/build-$(package)/policy/modules.conf
+ test -e debian/stamp-config-mls || \
(cd $(SRCTOP)/debian/build-$(package) ; \
$(MAKE) NAME=mls TYPE=mls $(OPTIONS) conf)
- cp debian/modules.conf.mls \
- $(SRCTOP)/debian/build-$(package)/policy/modules.conf
+# cat debian/modules.conf.mls.update
debian/build-$(package)/policy/modules.conf | \
+# sort -k 1,1 -u > \
+# debian/build-$(package)/policy/modules.conf.new
+# mv debian/build-$(package)/policy/modules.conf.new
debian/build-$(package)/policy/modules.conf
echo done > debian/stamp-config-mls
STAMPS_TO_CLEAN += debian/stamp-config-mls
DIRS_TO_CLEAN += debian/build-selinux-policy-mls
@@ -98,10 +102,14 @@
$(MAKE) -C $(SRCTOP)/debian/build-$(package) \
NAME=default TYPE=mcs $(OPTIONS) bare
test -e debian/stamp-config-default || \
+ cp debian/modules.conf.default.update
debian/build-$(package)/policy/modules.conf
+ test -e debian/stamp-config-default || \
(cd $(SRCTOP)/debian/build-$(package) ; \
$(MAKE) NAME=default TYPE=mcs $(OPTIONS) conf)
- cp debian/modules.conf.default \
- $(SRCTOP)/debian/build-$(package)/policy/modules.conf
+# cat debian/modules.conf.default.update
debian/build-$(package)/policy/modules.conf | \
+# sort -k 1,1 -u > \
+# debian/build-$(package)/policy/modules.conf.new
+# mv debian/build-$(package)/policy/modules.conf.new
debian/build-$(package)/policy/modules.conf
echo done > debian/stamp-config-default
STAMPS_TO_CLEAN += debian/stamp-config-default
DIRS_TO_CLEAN += debian/build-selinux-policy-default
reverted:
--- refpolicy-0.0.20080702/debian/modules.conf.mls
+++ refpolicy-0.0.20080702.orig/debian/modules.conf.mls
@@ -1,1201 +0,0 @@
-#
-# This file contains a listing of available modules.
-# To prevent a module from being used in policy
-# creation, set the module name to "off".
-#
-# For monolithic policies, modules set to "base" and "module"
-# will be built into the policy.
-#
-# For modular policies, modules set to "base" will be
-# included in the base module. "module" will be compiled
-# as individual loadable modules.
-#
-
-# Layer: admin
-# Module: dpkg
-#
-# Policy for the Debian package manager.
-#
-dpkg = base
-
-# Layer: admin
-# Module: apt
-#
-# APT advanced package toll.
-#
-apt = base
-
-# Layer: kernel
-# Module: terminal
-# Required in base
-#
-# Policy for terminals.
-#
-terminal = base
-
-# Layer: kernel
-# Module: kernel
-# Required in base
-#
-# Policy for kernel threads, proc filesystem,and unlabeled processes and
objects.
-#
-kernel = base
-
-# Layer: kernel
-# Module: filesystem
-# Required in base
-#
-# Policy for filesystems.
-#
-filesystem = base
-
-# Layer: kernel
-# Module: devices
-# Required in base
-#
-# Device nodes and interfaces for many basic system devices.
-#
-devices = base
-
-# Layer: kernel
-# Module: corenetwork
-# Required in base
-#
-# Policy controlling access to network objects
-#
-corenetwork = base
-
-# Layer: kernel
-# Module: mls
-# Required in base
-#
-# Multilevel security policy
-#
-mls = base
-
-# Layer: kernel
-# Module: mcs
-# Required in base
-#
-# MultiCategory security policy
-#
-mcs = base
-
-# Layer: kernel
-# Module: selinux
-# Required in base
-#
-# Policy for kernel security interface, in particular, selinuxfs.
-#
-selinux = base
-
-# Layer: kernel
-# Module: files
-# Required in base
-#
-# Basic filesystem types and interfaces.
-#
-files = base
-
-# Layer: kernel
-# Module: domain
-# Required in base
-#
-# Core policy for domains.
-#
-domain = base
-
-# Layer: kernel
-# Module: corecommands
-# Required in base
-#
-# Core policy for shells, and generic programs
-# in /bin, /sbin, /usr/bin, and /usr/sbin.
-#
-corecommands = base
-
-# Layer: admin
-# Module: acct
-#
-# Berkeley process accounting
-#
-acct = module
-
-# Layer: admin
-# Module: usermanage
-#
-# Policy for managing user accounts.
-#
-usermanage = base
-
-# Layer: admin
-# Module: rpm
-#
-# Policy for the RPM package manager.
-#
-rpm = off
-
-# Layer: admin
-# Module: readahead
-#
-# Readahead, read files into page cache for improved performance
-#
-readahead = off
-
-# Layer: apps
-# Module: alsa
-#
-# alsa - Configure sound
-#
-alsa = module
-
-# Layer: admin
-# Module: kudzu
-#
-# Hardware detection and configuration tools
-#
-kudzu = off
-
-# Layer: admin
-# Module: updfstab
-#
-# Red Hat utility to change /etc/fstab.
-#
-updfstab = off
-
-# Layer: admin
-# Module: netutils
-#
-# Network analysis utilities
-#
-netutils = module
-
-# Layer: admin
-# Module: vpn
-#
-# Virtual Private Networking client
-#
-vpn = module
-
-# Layer: admin
-# Module: su
-#
-# Run shells with substitute user and group
-#
-su = base
-
-# Layer: admin
-# Module: dmesg
-#
-# Policy for dmesg.
-#
-dmesg = base
-
-# Layer: admin
-# Module: anaconda
-#
-# Policy for the Anaconda installer.
-#
-anaconda = off
-
-# Layer: admin
-# Module: amanda
-#
-# Automated backup program.
-#
-amanda = module
-
-# Layer: admin
-# Module: logrotate
-#
-# Rotate and archive system logs
-#
-logrotate = base
-
-# Layer: admin
-# Module: quota
-#
-# File system quota management
-#
-quota = module
-
-# Layer: admin
-# Module: consoletype
-#
-# Determine of the console connected to the controlling terminal.
-#
-consoletype = off
-
-# Layer: admin
-# Module: sudo
-#
-# Execute a command with a substitute user
-#
-sudo = module
-
-# Layer: admin
-# Module: firstboot
-#
-# Final system configuration run during the first boot
-# after installation of Red Hat/Fedora systems.
-#
-firstboot = off
-
-# Layer: admin
-# Module: certwatch
-#
-# Digital Certificate Tracking
-#
-certwatch = module
-
-# Layer: admin
-# Module: tmpreaper
-#
-# Manage temporary directory sizes and file ages
-#
-tmpreaper = module
-
-# Layer: admin
-# Module: dmidecode
-#
-# Decode DMI data for x86/ia64 bioses.
-#
-dmidecode = module
-
-# Layer: apps
-# Module: gpg
-#
-# Policy for GNU Privacy Guard and related programs.
-#
-gpg = module
-
-# Layer: apps
-# Module: loadkeys
-#
-# Load keyboard mappings.
-#
-loadkeys = module
-
-# Layer: apps
-# Module: webalizer
-#
-# Web server log analysis
-#
-webalizer = module
-
-# Layer: kernel
-# Module: bootloader
-#
-# Policy for the kernel modules, kernel image, and bootloader.
-#
-bootloader = module
-
-# Layer: kernel
-# Module: storage
-#
-# Policy controlling access to storage devices
-#
-storage = base
-
-# Layer: services
-# Module: epmd
-#
-# Policy for Erlang Port Mapping Daemon
-#
-epmd = module
-
-# Layer: services
-# Module: jabber
-#
-# Policy for jabber messaging server
-#
-jabber = module
-
-# Layer: services
-# Module: audioentropy
-#
-# Policy for daemons that use a microphone input as a source of entropy
-#
-audioentropy = module
-
-# Layer: services
-# Module: nagios
-#
-# Policy for NAGIOS network monitor
-#
-nagios = module
-
-# Layer: services
-# Module: dkim
-#
-# Policy for DKIM mail signing milter
-#
-dkim = module
-
-# Layer: services
-# Module: clamav
-#
-# Policy for Clam Anti Virus
-#
-clamav = module
-
-# Layer: services
-# Module: asterisk
-#
-# Policy for Asterisk VOIP server
-#
-asterisk = module
-
-# Layer: services
-# Module: nis
-#
-# Policy for NIS (YP) servers and clients
-#
-nis = module
-
-# Layer: services
-# Module: distcc
-#
-# Distributed compiler daemon
-#
-distcc = module
-
-# Layer: services
-# Module: rshd
-#
-# Remote shell service.
-#
-rshd = module
-
-# Layer: services
-# Module: cpucontrol
-#
-# Services for loading CPU microcode and CPU frequency scaling.
-#
-cpucontrol = module
-
-# Layer: services
-# Module: vbetool
-#
-# run real-mode video BIOS code to alter hardware state
-#
-vbetool = module
-
-# Layer: services
-# Module: bind
-#
-# Berkeley internet name domain DNS server.
-#
-bind = module
-
-# Layer: services
-# Module: canna
-#
-# Canna - kana-kanji conversion server
-#
-canna = module
-
-# Layer: services
-# Module: uucp
-#
-# Unix to Unix Copy
-#
-uucp = module
-
-# Layer: services
-# Module: sasl
-#
-# SASL authentication server
-#
-sasl = module
-
-# Layer: services
-# Module: pegasus
-#
-# The Open Group Pegasus CIM/WBEM Server.
-#
-pegasus = module
-
-# Layer: services
-# Module: cron
-#
-# Periodic execution of scheduled commands.
-#
-cron = base
-
-# Layer: services
-# Module: sendmail
-#
-# Policy for sendmail.
-#
-sendmail = module
-
-# Layer: services
-# Module: samba
-#
-# SMB and CIFS client/server programs for UNIX and
-# name Service Switch daemon for resolving names
-# from Windows NT servers.
-#
-samba = module
-
-# Layer: services
-# Module: dbus
-#
-# Desktop messaging bus
-#
-dbus = module
-
-# Layer: services
-# Module: howl
-#
-# Port of Apple Rendezvous multicast DNS
-#
-howl = module
-
-# Layer: services
-# Module: postgresql
-#
-# PostgreSQL relational database
-#
-postgresql = module
-
-# Layer: services
-# Module: snmp
-#
-# Simple network management protocol services
-#
-snmp = module
-
-# Layer: services
-# Module: remotelogin
-#
-# Policy for rshd, rlogind, and telnetd.
-#
-remotelogin = module
-
-# Layer: services
-# Module: telnet
-#
-# Telnet daemon
-#
-telnet = module
-
-# Layer: services
-# Module: irqbalance
-#
-# IRQ balancing daemon
-#
-irqbalance = module
-
-# Layer: services
-# Module: mailman
-#
-# Mailman is for managing electronic mail discussion and e-newsletter lists
-#
-mailman = module
-
-# Layer: services
-# Module: dbskk
-#
-# Dictionary server for the SKK Japanese input method system.
-#
-dbskk = module
-
-# Layer: services
-# Module: ldap
-#
-# OpenLDAP directory server
-#
-ldap = module
-
-# Layer: services
-# Module: tftp
-#
-# Trivial file transfer protocol daemon
-#
-tftp = module
-
-# Layer: services
-# Module: portmap
-#
-# RPC port mapping service.
-#
-portmap = module
-
-# Layer: services
-# Module: arpwatch
-#
-# Ethernet activity monitor.
-#
-arpwatch = module
-
-# Layer: services
-# Module: dovecot
-#
-# Dovecot POP and IMAP mail server
-#
-dovecot = module
-
-# Layer: services
-# Module: cups
-#
-# Common UNIX printing system
-#
-cups = module
-
-# Layer: services
-# Module: networkmanager
-#
-# Manager for dynamically switching between networks.
-#
-networkmanager = module
-
-# Layer: services
-# Module: inn
-#
-# Internet News NNTP server
-#
-inn = module
-
-# Layer: services
-# Module: sysstat
-#
-# Policy for sysstat. Reports on various system states
-#
-sysstat = module
-
-# Layer: services
-# Module: comsat
-#
-# Comsat, a biff server.
-#
-comsat = module
-
-# Layer: services
-# Module: squid
-#
-# Squid caching http proxy server
-#
-squid = module
-
-# Layer: services
-# Module: zebra
-#
-# Zebra border gateway protocol network routing service
-#
-zebra = module
-
-# Layer: services
-# Module: xfs
-#
-# X Windows Font Server
-#
-xfs = module
-
-# Layer: services
-# Module: ktalk
-#
-# KDE Talk daemon
-#
-ktalk = module
-
-# Layer: services
-# Module: procmail
-#
-# Procmail mail delivery agent
-#
-procmail = module
-
-# Layer: services
-# Module: lpd
-#
-# Line printer daemon
-#
-lpd = module
-
-# Layer: services
-# Module: cyrus
-#
-# Cyrus is an IMAP service intended to be run on sealed servers
-#
-cyrus = module
-
-# Layer: services
-# Module: rdisc
-#
-# Network router discovery daemon
-#
-rdisc = module
-
-# Layer: services
-# Module: xserver
-#
-# X windows login display manager
-#
-xserver = module
-
-# Layer: services
-# Module: nscd
-#
-# Name service cache daemon
-#
-nscd = module
-
-# Layer: services
-# Module: ppp
-#
-# Point to Point Protocol daemon creates links in ppp networks
-#
-ppp = module
-
-# Layer: services
-# Module: ftp
-#
-# File transfer protocol service
-#
-ftp = module
-
-# Layer: services
-# Module: gpm
-#
-# General Purpose Mouse driver
-#
-gpm = module
-
-# Layer: services
-# Module: mta
-#
-# Policy common to all email tranfer agents.
-#
-mta = base
-
-# Layer: services
-# Module: exim
-#
-# Exim email server
-#
-exim = module
-
-# Layer: services
-# Module: postfix
-#
-# Postfix email server
-#
-postfix = module
-
-# Layer: services
-# Module: fetchmail
-#
-# Remote-mail retrieval and forwarding utility
-#
-fetchmail = module
-
-# Layer: services
-# Module: ntp
-#
-# Network time protocol daemon
-#
-ntp = module
-
-# Layer: services
-# Module: bluetooth
-#
-# Bluetooth tools and system services.
-#
-bluetooth = module
-
-# Layer: services
-# Module: hal
-#
-# Hardware abstraction layer
-#
-hal = base
-
-# Layer: services
-# Module: avahi
-#
-# mDNS/DNS-SD daemon implementing Apple ZeroConf architecture
-#
-avahi = module
-
-# Layer: services
-# Module: rpc
-#
-# Remote Procedure Call Daemon for managment of network based process
communication
-#
-rpc = module
-
-# Layer: services
-# Module: apache
-#
-# Apache web server
-#
-apache = module
-
-# Layer: services
-# Module: rsync
-#
-# Fast incremental file transfer for synchronization
-#
-rsync = module
-
-# Layer: services
-# Module: automount
-#
-# Filesystem automounter service.
-#
-automount = module
-
-# Layer: services
-# Module: kerberos
-#
-# MIT Kerberos admin and KDC
-#
-kerberos = module
-
-# Layer: services
-# Module: dhcp
-#
-# Dynamic host configuration protocol (DHCP) server
-#
-dhcp = module
-
-# Layer: services
-# Module: ssh
-#
-# Secure shell client and server policy.
-#
-ssh = module
-
-# Layer: services
-# Module: inetd
-#
-# Internet services daemon.
-#
-inetd = base
-
-# Layer: services
-# Module: mysql
-#
-# Policy for MySQL
-#
-mysql = module
-
-# Layer: services
-# Module: dictd
-#
-# Dictionary daemon
-#
-dictd = module
-
-# Layer: services
-# Module: finger
-#
-# Finger user information service.
-#
-finger = module
-
-# Layer: services
-# Module: radius
-#
-# RADIUS authentication and accounting server.
-#
-radius = module
-
-# Layer: services
-# Module: spamassassin
-#
-# Filter used for removing unsolicited email.
-#
-spamassassin = module
-
-# Layer: services
-# Module: radvd
-#
-# IPv6 router advertisement daemon
-#
-radvd = module
-
-# Layer: services
-# Module: apm
-#
-# Advanced power management daemon
-#
-apm = module
-
-# Layer: system
-# Module: application
-# Required in base
-#
-# Defines attributs and interfaces for all user applications
-#
-application = base
-
-# Layer: services
-# Module: tcpd
-#
-# Policy for TCP daemon.
-#
-tcpd = module
-
-# Layer: services
-# Module: stunnel
-#
-# SSL Tunneling Proxy
-#
-stunnel = module
-
-# Layer: services
-# Module: privoxy
-#
-# Privacy enhancing web proxy.
-#
-privoxy = module
-
-# Layer: services
-# Module: cvs
-#
-# Concurrent versions system
-#
-cvs = module
-
-# Layer: services
-# Module: rlogin
-#
-# Remote login daemon
-#
-rlogin = module
-
-# Layer: system
-# Module: application
-# Required in base
-#
-# Defines attributs and interfaces for all user applications
-#
-application = base
-
-# Layer: system
-# Module: fstools
-#
-# Tools for filesystem management, such as mkfs and fsck.
-#
-fstools = base
-
-# Layer: system
-# Module: logging
-#
-# Policy for the kernel message logger and system logging daemon.
-#
-logging = base
-
-# Layer: system
-# Module: hostname
-#
-# Policy for changing the system host name.
-#
-hostname = base
-
-# Layer: system
-# Module: getty
-#
-# Policy for getty.
-#
-getty = base
-
-# Layer: system
-# Module: lvm
-#
-# Policy for logical volume management programs.
-#
-lvm = module
-
-# Layer: system
-# Module: sysnetwork
-#
-# Policy for network configuration: ifconfig and dhcp client.
-#
-sysnetwork = base
-
-# Layer: system
-# Module: init
-#
-# System initialization programs (init and init scripts).
-#
-init = base
-
-# Layer: system
-# Module: selinuxutil
-#
-# Policy for SELinux policy and userland applications.
-#
-selinuxutil = base
-
-# Layer: system
-# Module: udev
-#
-# Policy for udev.
-#
-udev = base
-
-# Layer: system
-# Module: xen
-#
-# Xen virtualisation management
-#
-xen = module
-
-# Layer: system
-# Module: pcmcia
-#
-# PCMCIA card management services
-#
-pcmcia = module
-
-# Layer: system
-# Module: authlogin
-#
-# Common policy for authentication and user login.
-#
-authlogin = base
-
-# Layer: system
-# Module: libraries
-#
-# Policy for system libraries.
-#
-libraries = base
-
-# Layer: system
-# Module: raid
-#
-# RAID array management tools
-#
-raid = module
-
-# Layer: system
-# Module: userdomain
-#
-# Policy for user domains
-#
-userdomain = base
-
-# Layer: system
-# Module: modutils
-#
-# Policy for kernel module utilities
-#
-modutils = base
-
-# Layer: system
-# Module: hotplug
-#
-# Policy for hotplug system, for supporting the
-# connection and disconnection of devices at runtime.
-#
-hotplug = base
-
-# Layer: system
-# Module: clock
-#
-# Policy for reading and setting the hardware clock.
-#
-clock = base
-
-# Layer: system
-# Module: locallogin
-#
-# Policy for local logins.
-#
-locallogin = base
-
-# Layer: system
-# Module: iptables
-#
-# Policy for iptables.
-#
-iptables = base
-
-# Layer: system
-# Module: mount
-#
-# Policy for mount.
-#
-mount = base
-
-# Layer: system
-# Module: unconfined
-#
-# The unconfined domain.
-#
-unconfined = off
-
-# Layer: system
-# Module: miscfiles
-#
-# Miscelaneous files.
-#
-miscfiles = base
-
-# Layer: system
-# Module: ipsec
-#
-# TCP/IP encryption
-#
-ipsec = module
-
-# Layer: apps
-# Module: java
-#
-# java executable
-#
-java = module
-
-# Layer: services
-# Module: prelink
-#
-# prelink executable
-#
-prelink = module
-
-# Layer: apps
-# Module: slocate
-#
-# locate executable
-#
-slocate = module
-
-# Layer: services
-# Module: logwatch
-#
-# logwatch executable
-#
-logwatch = module
-
-# Layer: system
-# Module: setrans
-# Required in base
-#
-# Policy for setrans
-#
-setrans = base
-
-# Layer: services
-# Module: openvpn
-#
-# Policy for OPENVPN full-featured SSL VPN solution
-#
-openvpn = module
-
-# Layer: services
-# Module: smartmon
-#
-# Smart disk monitoring daemon policy
-#
-smartmon = module
-
-# Layer: system
-# Module: netlabel
-# Required in base
-#
-# Basic netlabel types and interfaces.
-#
-netlabel = base
-
-# Layer: services
-# Module: aide
-#
-# Policy for aide
-#
-aide = module
-
-# Layer: service
-# Module: pcscd
-#
-# PC/SC Smart Card Daemon
-#
-pcscd = module
-
-# Layer: service
-# Module: openct
-#
-# Middleware framework for smart card terminals
-#
-openct = module
-
-# Layer: system
-# Module: tzdata
-#
-# Policy for tzdata-update
-#
-tzdata = module
-
-# Layer: admin
-# Module: amtu
-#
-# Abstract Machine Test Utility (AMTU)
-#
-amtu = off
-
-# Layer: services
-# Module: prelude
-#
-#
-#
-prelude = module
-
-# Layer: role
-# Module: secadm
-#
-# Root role used to manage selinux
-#
-secadm = base
-
-# Layer: role
-# Module: auditadm
-#
-# Root role used to manage audit system
-#
-auditadm = base
-
-# Layer:role
-# Module: staff
-#
-# admin account
-#
-staff = base
-
-# Layer:role
-# Module: sysadm
-#
-# System Administrator
-#
-sysadm = base
-
-# Layer: role
-# Module: unprivuser
-#
-# user account
-#
-unprivuser = base
-
-# Layer: role
-# Module: guest
-#
-# Minimally privs guest account on tty logins
-#
-#guest = module
-
-# Layer: role
-# Module: xguest
-#
-# Minimally privs guest account on X Windows logins
-#
-#xguest = module
-
-# Layer: services
-# Module: courier
-#
-# IMAP and POP3 email servers
-#
-courier = module
only in patch2:
unchanged:
--- refpolicy-0.0.20080702.orig/debian/modules.conf.mls.update
+++ refpolicy-0.0.20080702/debian/modules.conf.mls.update
@@ -0,0 +1,51 @@
+amtu = off
+anaconda = off
+application = base
+apt = base
+auditadm = base
+authlogin = base
+clock = base
+consoletype = off
+cron = base
+dkim = module
+dmesg = base
+dpkg = base
+epmd = module
+firstboot = off
+fstools = base
+getty = base
+hal = base
+hostname = base
+hotplug = base
+inetd = base
+init = base
+iptables = base
+kudzu = off
+libraries = base
+locallogin = base
+logging = base
+logrotate = base
+miscfiles = base
+modutils = base
+mount = base
+mta = base
+netlabel = base
+readahead = off
+rpm = off
+secadm = base
+selinuxutil = base
+setrans = base
+staff = base
+storage = base
+su = base
+sysadm = base
+sysnetwork = base
+udev = base
+unconfined = off
+unprivuser = base
+updfstab = off
+userdomain = base
+usermanage = base
+
+# unbuildable
+portslave = off
only in patch2:
unchanged:
--- refpolicy-0.0.20080702.orig/debian/modules.conf.default.update
+++ refpolicy-0.0.20080702/debian/modules.conf.default.update
@@ -0,0 +1,49 @@
+amtu = off
+anaconda = off
+application = base
+apt = base
+authlogin = base
+clock = base
+consoletype = off
+cron = base
+dkim = module
+dmesg = base
+dpkg = base
+epmd = module
+firstboot = off
+fstools = base
+getty = base
+hal = base
+hostname = base
+hotplug = base
+inetd = base
+init = base
+iptables = base
+kudzu = off
+libraries = base
+locallogin = base
+logging = base
+logrotate = base
+miscfiles = base
+modutils = base
+mount = base
+mta = base
+netlabel = base
+readahead = off
+rpm = off
+secadm = off
+selinuxutil = base
+setrans = base
+staff = base
+storage = base
+su = base
+sysadm = base
+sysnetwork = base
+udev = base
+unprivuser = base
+updfstab = off
+userdomain = base
+usermanage = base
+
+# unbuildable
+portslave = off
signature.asc
Description: Digital signature
