From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 19 Mar 2009 14:21:40 -0400
Subject: [refpolicy] services_rpc.patch
In-Reply-To: <49AC5EA4.5050906@redhat.com>
References: <49AC5EA4.5050906@redhat.com>
Message-ID: <1237486900.4821.1530.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2009-03-02 at 17:33 -0500, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_rpc.patch
> 
> Add rpc.rquotad file context
> 
> Bind only to the rpc ports for all rpc 600-1023
> 
> mount now starts the rpcd daemon and gets a signal back when it completes
> 
> dontaudit getattr_core if for daemons
> 
> nfsd gettattr on everything in /dev, probably checking for size.
> 
> if nfsd is exporting the /home/dwalsh directory we want to make sure it creates user_home_t and not user_home_dir_t
> 
> If you are exporting any file with nfsd then we need to be able to gettattr on all pipes, sockets, blk files and chr files.
> 
> gssd_t writes to the auth cache when using pscd and coolkey
> 
> gssd uses kerberos keytabs

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150