From: dwalsh@redhat.com (Daniel J Walsh)
Date: Tue, 25 Nov 2008 16:55:59 -0500
Subject: [refpolicy] kernel_domain.patch
Message-ID: <492C746F.8030001@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_domain.patch

Separate the type for domains that can mmap_zero from the actual ability
to set mmap_zero so we can use a boolean to set this ability.  If we
ever got the ability to have attributes surrounded by booleans, this
type of hacking would not be necessary.

Allow all unconfined_domains to set chat with all domains.

Allow unconfined domains to write to all domains proc files

A bunch of domain prevent dumb avcs

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkksdG8ACgkQrlYvE4MpobMawQCeMaHw+nTBbUlKv0mGaLg48kZ/
wroAoJjrbmP2GSI3cJ6iBf19fEBNKtP7
=zkYf
-----END PGP SIGNATURE-----