From: dwalsh@redhat.com (Daniel J Walsh)
Date: Mon, 02 Mar 2009 17:33:08 -0500
Subject: [refpolicy] services_rpc.patch
Message-ID: <49AC5EA4.5050906@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_rpc.patch

Add rpc.rquotad file context

Bind only to the rpc ports for all rpc 600-1023

mount now starts the rpcd daemon and gets a signal back when it completes

dontaudit getattr_core if for daemons

nfsd gettattr on everything in /dev, probably checking for size.

if nfsd is exporting the /home/dwalsh directory we want to make sure it creates user_home_t and not user_home_dir_t

If you are exporting any file with nfsd then we need to be able to gettattr on all pipes, sockets, blk files and chr files.

gssd_t writes to the auth cache when using pscd and coolkey

gssd uses kerberos keytabs

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkmsXqMACgkQrlYvE4MpobNjHACbB9YVyf7GGJMjuS6NZ0zB285y
qrgAn0nf9Kp1h25V8+/IorZwa3Bu7VMO
=Sbuv
-----END PGP SIGNATURE-----