Changes to the stunnel module which shouldn't be controversial, the interface is used by later RH patches to the inetd module. Index: refpolicy/policy/modules/services/stunnel.if =================================================================== --- refpolicy.orig/policy/modules/services/stunnel.if 2008-07-19 19:15:41.000000000 +0200 +++ refpolicy/policy/modules/services/stunnel.if 2008-08-03 21:21:31.000000000 +0200 @@ -1 +1,25 @@ ## <summary>SSL Tunneling Proxy</summary> + +######################################## +## <summary> +## Define the specified domain as a stunnel inetd service. +## </summary> +## <param name="domain"> +## <summary> +## The type associated with the stunnel inetd service process. +## </summary> +## </param> +## <param name="entrypoint"> +## <summary> +## The type associated with the process program. +## </summary> +## </param> +# +interface(`stunnel_service_domain',` + gen_require(` + type stunnel_t; + ') + + domtrans_pattern(stunnel_t,$2,$1) + allow $1 stunnel_t:tcp_socket rw_socket_perms; +') Index: refpolicy/policy/modules/services/stunnel.te =================================================================== --- refpolicy.orig/policy/modules/services/stunnel.te 2008-08-03 16:47:00.000000000 +0200 +++ refpolicy/policy/modules/services/stunnel.te 2008-08-03 21:21:31.000000000 +0200 @@ -20,7 +20,7 @@ ') type stunnel_etc_t; -files_type(stunnel_etc_t) +files_config_file(stunnel_etc_t) type stunnel_tmp_t; files_tmp_file(stunnel_tmp_t) -- David Härdeman -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
