diff --git a/booleans-mls.conf b/booleans-mls.conf index 43e4b5f..2750f0b 100644 --- a/booleans-mls.conf +++ b/booleans-mls.conf @@ -140,7 +140,7 @@ use_samba_home_dirs = false # Control users use of ping and traceroute # -user_ping = false +user_ping = true # Allow gpg executable stack # diff --git a/booleans-strict.conf b/booleans-strict.conf index fc1ff8d..32deb34 100644 --- a/booleans-strict.conf +++ b/booleans-strict.conf @@ -164,7 +164,7 @@ pppd_for_user = false # Allow applications to read untrusted contentIf this is disallowed, Internet content hasto be manually relabeled for read access to be granted # -read_untrusted_content = false +read_untrusted_content = true # Allow user spamassassin clients to use the network. # @@ -204,10 +204,17 @@ user_ttyfile_stat = false # Allow applications to write untrusted contentIf this is disallowed, no Internet contentwill be stored. # -write_untrusted_content = false +write_untrusted_content = true spamd_enable_home_dirs = false # Allow login domains to polyinstatiate directories # allow_polyinstantiation = false + +# Allow sysadm to ptrace all processes +# +allow_ptrace = false + +## Control users use of ping and traceroute +user_ping = true diff --git a/modules-strict.conf b/modules-strict.conf index a79d952..2b1505d 100644 --- a/modules-strict.conf +++ b/modules-strict.conf @@ -1304,3 +1304,11 @@ pcscd = module # Policy for tzdata-update # tzdata = base + +# Layer: apps +# Module: gnome +# +# gnome session and gconf +# +gnome = module + diff --git a/selinux-policy.spec b/selinux-policy.spec index 6ac9e77..9ec0984 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -351,6 +351,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init %endif %changelog +* Sat Dec 23 2006 Dan Walsh 2.4.6-18 +- Many fixes for strict policy and by extension mls. + * Fri Dec 22 2006 Dan Walsh 2.4.6-17 - Fix to allow ftp to bind to ports > 1024 Resolves: #219349