From: dwalsh@redhat.com (Daniel J Walsh)
Date: Thu, 20 Nov 2008 10:22:15 -0500
Subject: [refpolicy] services_avahi.patch and services_dbus.patch
Message-ID: <492580A7.1000209@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_avahi.patch


Added avahi_signull and avahi_initrc_domtrans  both used by networkmanager

Also allow avahi to search var_lib and avahi is now started by dbus.



http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_dbus.patch

dbus needs to be ranged.

Fix system_dbusd_var_lib_t definition.

dbus needs getcap and setpgid

dbus can exec itself.

Lists inotify

dbus can be used to start initrc scripts and random binaries so needs to
transition to initrc_t.  Probably should be blocked on mls machines.

Starts networkmanager,  add dbus unconfiend

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkklgKcACgkQrlYvE4MpobNhwwCg1UlOZrS42vEEvkl0DSPRW4R4
S/MAoKDXPrQe+fZJkMgx3JaQhPJSrjRK
=DK63
-----END PGP SIGNATURE-----