+- Allow initrc_t file descriptors to be inherited regardless of MLS level.
+ Accordingly drop MLS permissions from daemons that inherit from any level.
- Files and radvd updates from Stefan Schulze Frielinghaus.
- Deprecate mls_file_write_down() and mls_file_read_up(), replaced with
mls_write_all_levels() and mls_read_all_levels(), for consistency.
-policy_module(cups,1.7.1)
+policy_module(cups,1.7.2)
########################################
#
fs_getattr_all_fs(cupsd_t)
fs_search_auto_mountpoints(cupsd_t)
-mls_fd_use_all_levels(cupsd_t)
mls_file_downgrade(cupsd_t)
mls_file_write_all_levels(cupsd_t)
mls_file_read_all_levels(cupsd_t)
-policy_module(inetd,1.4.0)
+policy_module(inetd,1.4.1)
########################################
#
miscfiles_read_localization(inetd_t)
# xinetd needs MLS override privileges to work
-mls_fd_use_all_levels(inetd_t)
mls_fd_share_all_levels(inetd_t)
mls_socket_read_to_clearance(inetd_t)
mls_process_set_level(inetd_t)
-mls_socket_read_to_clearance(inetd_t)
sysnet_read_config(inetd_t)
-policy_module(init,1.7.2)
+policy_module(init,1.7.3)
gen_require(`
class passwd rootok;
mls_process_read_up(initrc_t)
mls_process_write_down(initrc_t)
mls_rangetrans_source(initrc_t)
+mls_fd_share_all_levels(initrc_t)
selinux_get_enforce_mode(initrc_t)
-policy_module(logging,1.7.1)
+policy_module(logging,1.7.2)
########################################
#
mls_file_read_all_levels(auditd_t)
mls_file_write_all_levels(auditd_t) # Need to be able to write to /var/run/ directory
-mls_fd_use_all_levels(auditd_t)
seutil_dontaudit_read_config(auditd_t)
-policy_module(setrans,1.3.1)
+policy_module(setrans,1.3.2)
########################################
#
mls_socket_write_all_levels(setrans_t)
mls_process_read_up(setrans_t)
mls_socket_read_all_levels(setrans_t)
-mls_fd_use_all_levels(setrans_t)
selinux_compute_access_vector(setrans_t)