At some point in the Fedora 6 timeframe the "flow_in" and "flow_out" permissions were added to the "packet" class, most likely as part of the ill-fated secid-reconciliation effort. Despite the fact that these permissions are not currently used they should be included in the Reference Policy as they are now a permanent fixture in Fedora and it is crucial that the FLASK defines be kept in sync. This patch needs to be applied before any other patches that affect the "packet" class, otherwise the resulting policy may not load. Signed-off-by: Paul Moore <paul.moore@xxxxxx> --- policy/flask/access_vectors | 2 ++ 1 file changed, 2 insertions(+) Index: refpolicy_svn_repo/policy/flask/access_vectors =================================================================== --- refpolicy_svn_repo.orig/policy/flask/access_vectors +++ refpolicy_svn_repo/policy/flask/access_vectors @@ -644,6 +644,8 @@ class packet send recv relabelto + flow_in # not currently in use + flow_out # not currently in use } class key -- paul moore linux security @ hp -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
