Major change in targeted policy is about to hit. Basically we are going to turn off allow_execmod, allow_execmem, and allow_execstack by default for unconfined_t programs.

So several of these patches are to allow that to happen. Including turning on a real xdm policy. Getting rid of the alias of texrel_shlib_t to shlib_t. Mozilla libraries all marked texrel_shlib_t. ( A bug has been reported on this and hopefully a fix will be added.)

So far I see hal and Xorg as needing execmem.

gfs support is added

Most if not all of the kernel leaky file descriptors have been fixed so alot of nasty dontaudits are no longer necessary.

customizable_types file generated from base.pp for targeted policy.

-- 





--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.



text/x-patch attachment: policy-20051208.patch