On Fri, 2008-02-08 at 16:25 -0500, paul.moore@xxxxxx wrote: > plain text document attachment (refpol-flask_fedora_fix) > At some point in the Fedora 6 timeframe the "flow_in" and "flow_out" > permissions were added to the "packet" class, most likely as part of the > ill-fated secid-reconciliation effort. Despite the fact that these permissions > are not currently used they should be included in the Reference Policy as they > are now a permanent fixture in Fedora and it is crucial that the FLASK > defines be kept in sync. > > This patch needs to be applied before any other patches that affect the > "packet" class, otherwise the resulting policy may not load. Merged. > Signed-off-by: Paul Moore <paul.moore@xxxxxx> > --- > policy/flask/access_vectors | 2 ++ > 1 file changed, 2 insertions(+) > > Index: refpolicy_svn_repo/policy/flask/access_vectors > =================================================================== > --- refpolicy_svn_repo.orig/policy/flask/access_vectors > +++ refpolicy_svn_repo/policy/flask/access_vectors > @@ -650,6 +650,8 @@ class packet > send > recv > relabelto > + flow_in # not currently in use > + flow_out # not currently in use > } > > class key > -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
