From e1ccb6fe661ffb340256b058a0a27523f76cd094 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Dec 09 2005 20:59:20 +0000
Subject: - Add two new httpd booleans, turned off by default

httpd_can_network_relay
httpd_can_network_connect_db

---

diff --git a/booleans-targeted.conf b/booleans-targeted.conf
index 7b6dd0f..1432d45 100644
--- a/booleans-targeted.conf
+++ b/booleans-targeted.conf
@@ -58,6 +58,14 @@ ftp_home_dir = false
 # 
 ftpd_is_daemon = true
 
+#
+# allow httpd to connect to mysql/posgresql 
+httpd_can_network_connect_db = false
+
+#
+# allow httpd to network relay
+httpd_can_network_relay = false
+
 # Allow httpd to use built in scripting (usually php)
 # 
 httpd_builtin_scripting = true
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 972dba4..32d5f80 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -10,7 +10,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.1.1
-Release: 2
+Release: 3
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -239,6 +239,11 @@ SELinux Reference policy %{polname3} base module.
 
 
 %changelog
+* Fri Dec  8 2005 Dan Walsh <dwalsh@redhat.com> 2.1.1-3
+- Add two new httpd booleans, turned off by default
+	* httpd_can_network_relay
+	* httpd_can_network_connect_db
+
 * Fri Dec  8 2005 Dan Walsh <dwalsh@redhat.com> 2.1.1-2
 - Add ghost for policy.20