From: dwalsh@redhat.com (Daniel J Walsh)
Date: Thu, 21 May 2009 11:19:31 -0400
Subject: [refpolicy] kernel_domain.patch
Message-ID: <4A157103.8010907@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

http://people.fedoraproject.org/~dwalsh/SELinux/F11/kernel_domain.patch

Add search_dir_perms to domain search

Add interface to define domain_mmap_low_type So I can have the attribute 
without the right.   Then I can write the allow rule with a boolean.

Add attribute polydomain which can turn on and off 
allow_polyinstatiation boolean.


Lots of global allows to prevent spurious avc messages.