-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_rpc.patch
Add rpc.rquotad file context
Bind only to the rpc ports for all rpc 600-1023
mount now starts the rpcd daemon and gets a signal back when it completes
dontaudit getattr_core if for daemons
nfsd gettattr on everything in /dev, probably checking for size.
if nfsd is exporting the /home/dwalsh directory we want to make sure it creates user_home_t and not user_home_dir_t
If you are exporting any file with nfsd then we need to be able to gettattr on all pipes, sockets, blk files and chr files.
gssd_t writes to the auth cache when using pscd and coolkey
gssd uses kerberos keytabs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmsXqMACgkQrlYvE4MpobNjHACbB9YVyf7GGJMjuS6NZ0zB285y
qrgAn0nf9Kp1h25V8+/IorZwa3Bu7VMO
=Sbuv
-----END PGP SIGNATURE-----
On Mon, 2009-03-02 at 17:33 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_rpc.patch
>
> Add rpc.rquotad file context
>
> Bind only to the rpc ports for all rpc 600-1023
>
> mount now starts the rpcd daemon and gets a signal back when it completes
>
> dontaudit getattr_core if for daemons
>
> nfsd gettattr on everything in /dev, probably checking for size.
>
> if nfsd is exporting the /home/dwalsh directory we want to make sure it creates user_home_t and not user_home_dir_t
>
> If you are exporting any file with nfsd then we need to be able to gettattr on all pipes, sockets, blk files and chr files.
>
> gssd_t writes to the auth cache when using pscd and coolkey
>
> gssd uses kerberos keytabs
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150