rpms/selinux-policy-strict/devel policy-20050916.patch, 1.25, 1.26 selinux-policy-strict.spec, 1.397, 1.398
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Oct 19 21:28:27 UTC 2005
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv4470
Modified Files:
policy-20050916.patch selinux-policy-strict.spec
Log Message:
* Wed Oct 19 2005 Dan Walsh <dwalsh at redhat.com> 1.27.1-21
- Fixes for MLS
- Allow dhcp to write /etc/localtime
policy-20050916.patch:
Makefile | 26 +-
attrib.te | 96 ++++++++++-
domains/misc/kernel.te | 2
domains/program/crond.te | 2
domains/program/fsadm.te | 7
domains/program/hostname.te | 2
domains/program/ifconfig.te | 5
domains/program/initrc.te | 20 ++
domains/program/ldconfig.te | 3
domains/program/load_policy.te | 7
domains/program/login.te | 21 +-
domains/program/modutil.te | 14 -
domains/program/mount.te | 6
domains/program/netutils.te | 3
domains/program/newrole.te | 4
domains/program/passwd.te | 1
domains/program/restorecon.te | 3
domains/program/setfiles.te | 4
domains/program/ssh.te | 6
domains/program/su.te | 9 +
domains/program/syslogd.te | 6
domains/program/unused/NetworkManager.te | 8
domains/program/unused/alsa.te | 2
domains/program/unused/amanda.te | 74 ++------
domains/program/unused/anaconda.te | 5
domains/program/unused/apache.te | 22 +-
domains/program/unused/apmd.te | 19 ++
domains/program/unused/auditd.te | 2
domains/program/unused/automount.te | 4
domains/program/unused/bluetooth.te | 72 ++++++++
domains/program/unused/cups.te | 18 +-
domains/program/unused/cvs.te | 3
domains/program/unused/cyrus.te | 2
domains/program/unused/dbusd.te | 4
domains/program/unused/dcc.te | 5
domains/program/unused/dhcpc.te | 7
domains/program/unused/dhcpd.te | 3
domains/program/unused/dovecot.te | 4
domains/program/unused/ftpd.te | 6
domains/program/unused/hald.te | 5
domains/program/unused/hotplug.te | 5
domains/program/unused/hwclock.te | 2
domains/program/unused/ipsec.te | 2
domains/program/unused/kudzu.te | 5
domains/program/unused/mta.te | 8
domains/program/unused/mysqld.te | 10 -
domains/program/unused/named.te | 29 ++-
domains/program/unused/nscd.te | 1
domains/program/unused/ntpd.te | 10 -
domains/program/unused/openct.te | 16 +
domains/program/unused/pamconsole.te | 2
domains/program/unused/pegasus.te | 37 ++++
domains/program/unused/ping.te | 3
domains/program/unused/postfix.te | 57 ++++--
domains/program/unused/pppd.te | 8
domains/program/unused/procmail.te | 11 +
domains/program/unused/readahead.te | 21 ++
domains/program/unused/rlogind.te | 4
domains/program/unused/roundup.te | 29 +++
domains/program/unused/rpcd.te | 18 +-
domains/program/unused/rsync.te | 3
domains/program/unused/samba.te | 12 +
domains/program/unused/snmpd.te | 6
domains/program/unused/squid.te | 3
domains/program/unused/udev.te | 10 -
domains/program/unused/utempter.te | 2
domains/program/unused/webalizer.te | 3
domains/program/unused/winbind.te | 1
domains/program/unused/xdm.te | 3
domains/program/unused/yppasswdd.te | 40 ++++
domains/program/unused/ypserv.te | 1
domains/program/useradd.te | 5
file_contexts/distros.fc | 2
file_contexts/program/apache.fc | 2
file_contexts/program/bluetooth.fc | 3
file_contexts/program/dhcpc.fc | 2
file_contexts/program/dhcpd.fc | 5
file_contexts/program/ftpd.fc | 5
file_contexts/program/games.fc | 11 -
file_contexts/program/ipsec.fc | 1
file_contexts/program/kudzu.fc | 2
file_contexts/program/openct.fc | 2
file_contexts/program/pegasus.fc | 11 +
file_contexts/program/pppd.fc | 2
file_contexts/program/readahead.fc | 1
file_contexts/program/roundup.fc | 2
file_contexts/program/rpm.fc | 4
file_contexts/program/rshd.fc | 1
file_contexts/program/rsync.fc | 2
file_contexts/program/squid.fc | 3
file_contexts/program/xdm.fc | 2
file_contexts/program/yppasswdd.fc | 2
file_contexts/program/ypserv.fc | 1
file_contexts/types.fc | 4
genfs_contexts | 3
macros/base_user_macros.te | 6
macros/core_macros.te | 3
macros/global_macros.te | 18 +-
macros/network_macros.te | 17 +
macros/program/apache_macros.te | 13 +
macros/program/bonobo_macros.te | 2
macros/program/cdrecord_macros.te | 2
macros/program/crontab_macros.te | 2
macros/program/dbusd_macros.te | 4
macros/program/gconf_macros.te | 2
macros/program/gift_macros.te | 2
macros/program/gpg_macros.te | 2
macros/program/i18n_input_macros.te | 21 ++
macros/program/lpr_macros.te | 2
macros/program/mta_macros.te | 4
macros/program/newrole_macros.te | 2
macros/program/pyzor_macros.te | 2
macros/program/razor_macros.te | 2
macros/program/su_macros.te | 4
macros/program/uml_macros.te | 2
macros/program/xdm_macros.te | 2
macros/user_macros.te | 6
man/man8/ftpd_selinux.8 | 19 +-
man/man8/httpd_selinux.8 | 9 +
man/man8/rsync_selinux.8 | 12 +
man/man8/samba_selinux.8 | 9 +
mcs | 210 +++++++++---------------
mls | 270 +++++++++++--------------------
net_contexts | 8
targeted/appconfig/root_default_contexts | 4
targeted/assert.te | 2
targeted/domains/program/ssh.te | 3
targeted/domains/program/xdm.te | 4
targeted/domains/unconfined.te | 16 +
tunables/distro.tun | 2
tunables/tunable.tun | 4
types/device.te | 4
types/devpts.te | 4
types/file.te | 18 +-
types/network.te | 13 -
types/security.te | 5
136 files changed, 1109 insertions(+), 579 deletions(-)
Index: policy-20050916.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20050916.patch,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- policy-20050916.patch 19 Oct 2005 01:38:03 -0000 1.25
+++ policy-20050916.patch 19 Oct 2005 21:28:23 -0000 1.26
@@ -1,57 +1,145 @@
diff --exclude-from=exclude -N -u -r nsapolicy/attrib.te policy-1.27.1/attrib.te
--- nsapolicy/attrib.te 2005-09-16 11:17:08.000000000 -0400
-+++ policy-1.27.1/attrib.te 2005-10-13 10:06:10.000000000 -0400
-@@ -17,17 +17,49 @@
++++ policy-1.27.1/attrib.te 2005-10-19 10:54:14.000000000 -0400
+@@ -8,51 +8,130 @@
+ # explicitly declared here, and can then be associated with particular
+ # types in type declarations. Attribute names can then be used throughout
+ # the configuration to express the set of types that are associated with
+-# the attribute. Except for the MLS attributes, attributes have no implicit
+-# meaning to SELinux. The meaning of all other attributes are completely
+-# defined through their usage within the configuration, but should be
+-# documented here as comments preceding the attribute declaration.
++# the attribute. Attributes have no implicit meaning to SELinux. The
++# meaning of all attributes are completely defined through their
++# usage within the configuration, but should be documented here as
++# comments preceding the attribute declaration.
+
+ #####################
# Attributes for MLS:
#
-+# Read files and search directories that have a classification higher than
-+# subject clearance
- attribute mlsfileread;
++# Common Terminology
++# MLS Range: low-high
++# low referred to as "Effective Sensitivity Label (SL)"
++# high referred to as "Clearance SL"
+
-+# Read files and search directories with a classification higher than the
-+# effective clearance but not higher than the clearance
- attribute mlsfilereadtoclr;
+
-+# Write files and directories in situations where MLS normally denies writes
++#
++# File System MLS attributes/privileges
++#
++# Grant MLS read access to files not dominated by the process Effective SL
+ attribute mlsfileread;
++# Grant MLS read access to files which dominate the process Effective SL
++# and are dominated by the process Clearance SL
+ attribute mlsfilereadtoclr;
++# Grant MLS write access to files not equal to the Effective SL
attribute mlsfilewrite;
-+
-+# Write files and directories where clearance of the subject dominates the
-+# classification of the file/dir and the classification of the file/dir
-+# dominates the effective clearance of the subject.
++# Grant MLS write access to files which dominate the process Effective SL
++# and are dominated by the process Clearance SL
attribute mlsfilewritetoclr;
-+
-+# Increase the classification and/or effective classification of the object
-+# regardless of the clearance of the subject.
++# Grant MLS ability to change file label to a new label which dominates
++# the old label
attribute mlsfileupgrade;
-+
-+# Decrease the classification and/or effective classification of the object
-+# regardless of the clearance of the subject. NB An new label with an
-+# incomparable effective classification and an equal classification is
-+# considered a downgrade as is an incomparable classification
++# Grant MLS ability to change file label to a new label which is
++# dominated by or incomparable to the old label
attribute mlsfiledowngrade;
-+# Read network data with a lower effective classification than the effective
-+# clearance of the process
++#
++# Network MLS attributes/privileges
++#
++# Grant MLS read access to packets not dominated by the process Effective SL
attribute mlsnetread;
-+
-+# Read network data with a lower effective classification than the effective
-+# clearance of the process when the classification of the process is higher
++# Grant MLS read access to packets which dominate the process Effective SL
++# and are dominated by the process Clearance SL
attribute mlsnetreadtoclr;
-+
-+# Write network data with a higher effective classification or with a
-+# classification higher than the clearance of the subject
++# Grant MLS write access to packets not equal to the Effective SL
attribute mlsnetwrite;
-+
-+# Write network data where the clearance of the process dominates the
-+# effective classification of the data and the effective classification of
-+# the data dominates the effective clearance of the subject.
++# Grant MLS write access to packets which dominate the Effective SL
++# and are dominated by the process Clearance SL
attribute mlsnetwritetoclr;
-+
++# Grant MLS read access to packets from hosts or interfaces which dominate
++# or incomparable to the process Effective SL
++attribute mlsnetrecvall;
++# Grant MLS ability to change socket label to a new label which dominates
++# the old label
attribute mlsnetupgrade;
++# Grant MLS ability to change socket label to a new label which is
++# dominated by or incomparable to the old label
attribute mlsnetdowngrade;
- attribute mlsnetrecvall;
-@@ -443,6 +475,9 @@
+-attribute mlsnetrecvall;
+
++#
++# IPC MLS attributes/privileges
++#
++# Grant MLS read access to IPC objects not dominated by the process Effective SL
+ attribute mlsipcread;
++# Grant MLS read access to IPC objects which dominate the process Effective SL
++# and are dominated by the process Clearance SL
+ attribute mlsipcreadtoclr;
++# Grant MLS write access to IPC objects not equal to the process Effective SL
+ attribute mlsipcwrite;
++# Grant MLS write access to IPC objects which dominate the process Effective SL
++# and are dominated by the process Clearance SL
+ attribute mlsipcwritetoclr;
+
++#
++# Process MLS attributes/privileges
++#
++# Grant MLS read access to processes not dominated by the process Effective SL
+ attribute mlsprocread;
++# Grant MLS read access to processes which dominate the process Effective SL
++# and are dominated by the process Clearance SL
+ attribute mlsprocreadtoclr;
++# Grant MLS write access to processes not equal to the Effective SL
+ attribute mlsprocwrite;
++# Grant MLS write access to processes which dominate the process Effective SL
++# and are dominated by the process Clearance SL
+ attribute mlsprocwritetoclr;
++# Grant MLS ability to change Effective SL or Clearance SL of process to a
++# label dominated by the Clearance SL
+ attribute mlsprocsetsl;
+
++#
++# X Window MLS attributes/privileges
++#
++# Grant MLS read access to X objects not dominated by the process Effective SL
+ attribute mlsxwinread;
++# Grant MLS read access to X objects which dominate the process Effective SL
++# and are dominated by the process Clearance SL
+ attribute mlsxwinreadtoclr;
++# Grant MLS write access to X objects not equal to the process Effective SL
+ attribute mlsxwinwrite;
++# Grant MLS write access to X objects which dominate the process Effective SL
++# and are dominated by the process Clearance SL
+ attribute mlsxwinwritetoclr;
+-attribute mlsxwinupgrade;
+-attribute mlsxwindowngrade;
++# Grant MLS read access to X properties not dominated by
++# the process Effective SL
++attribute mlsxwinreadproperty;
++# Grant MLS write access to X properties not equal to the process Effective SL
++attribute mlsxwinwriteproperty;
++# Grant MLS read access to X colormaps not dominated by
++# the process Effective SL
++attribute mlsxwinreadcolormap;
++# Grant MLS write access to X colormaps not equal to the process Effective SL
++attribute mlsxwinwritecolormap;
++# Grant MLS write access to X xinputs not equal to the process Effective SL
++attribute mlsxwinwritexinput;
+
++# Grant MLS read/write access to objects which internally arbitrate MLS
+ attribute mlstrustedobject;
+
++#
++# Both of the following attributes are needed for a range transition to succeed
++#
++# Grant ability for the current domain to change SL upon process transition
+ attribute privrangetrans;
++# Grant ability for the new process domain to change SL upon process transition
+ attribute mlsrangetrans;
+
+ #########################
+@@ -443,6 +522,9 @@
# Attribute to designate unrestricted access
attribute unrestricted;
@@ -737,7 +825,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apmd.te policy-1.27.1/domains/program/unused/apmd.te
--- nsapolicy/domains/program/unused/apmd.te 2005-09-16 11:17:08.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/apmd.te 2005-09-27 17:14:40.000000000 -0400
++++ policy-1.27.1/domains/program/unused/apmd.te 2005-10-19 07:35:44.000000000 -0400
@@ -47,6 +47,7 @@
# acpid also has a logfile
@@ -746,7 +834,7 @@
ifdef(`distro_suse', `
var_lib_domain(apmd)
-@@ -140,3 +141,15 @@
+@@ -140,3 +141,21 @@
allow apmd_t user_tty_type:chr_file rw_file_perms;
# Access /dev/apm_bios.
allow initrc_t apm_bios_t:chr_file { setattr getattr read };
@@ -762,6 +850,12 @@
+unconfined_domain(apmd_t)
+')
+
++ifdef(`NetworkManager.te', `
++ifdef(`dbusd.te', `
++allow apmd_t NetworkManager_t:dbus send_msg;
++allow NetworkManager_t apmd_t:dbus send_msg;
++')
++')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/auditd.te policy-1.27.1/domains/program/unused/auditd.te
--- nsapolicy/domains/program/unused/auditd.te 2005-09-12 16:40:28.000000000 -0400
+++ policy-1.27.1/domains/program/unused/auditd.te 2005-09-27 17:14:40.000000000 -0400
@@ -1025,7 +1119,7 @@
# the dcc user (even though the default dcc user is root).
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dhcpc.te policy-1.27.1/domains/program/unused/dhcpc.te
--- nsapolicy/domains/program/unused/dhcpc.te 2005-09-16 11:17:09.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/dhcpc.te 2005-10-18 21:31:48.000000000 -0400
++++ policy-1.27.1/domains/program/unused/dhcpc.te 2005-10-19 13:22:32.000000000 -0400
@@ -120,6 +120,7 @@
allow dhcpc_t self:packet_socket create_socket_perms;
allow dhcpc_t var_lib_t:dir search;
@@ -1050,7 +1144,7 @@
')
ifdef(`ntpd.te', `
domain_auto_trans(dhcpc_t, ntpd_exec_t, ntpd_t)
-@@ -161,5 +162,6 @@
+@@ -161,5 +162,7 @@
ifdef(`unconfined.te', `
allow unconfined_t dhcpc_t:dbus send_msg;
allow dhcpc_t unconfined_t:dbus send_msg;
@@ -1058,6 +1152,7 @@
')
+')
+ifdef(`netutils.te', `domain_auto_trans(dhcpd_t, netutils_exec_t, netutils_t)')
++allow dhcpc_t locale_t:file write;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dhcpd.te policy-1.27.1/domains/program/unused/dhcpd.te
--- nsapolicy/domains/program/unused/dhcpd.te 2005-09-12 16:40:28.000000000 -0400
+++ policy-1.27.1/domains/program/unused/dhcpd.te 2005-09-27 17:14:40.000000000 -0400
@@ -1232,7 +1327,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/mysqld.te policy-1.27.1/domains/program/unused/mysqld.te
--- nsapolicy/domains/program/unused/mysqld.te 2005-09-16 11:17:09.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/mysqld.te 2005-09-27 17:14:40.000000000 -0400
++++ policy-1.27.1/domains/program/unused/mysqld.te 2005-10-19 09:19:37.000000000 -0400
@@ -12,7 +12,7 @@
#
daemon_domain(mysqld, `, nscd_client_domain')
@@ -1242,6 +1337,17 @@
allow mysqld_t mysqld_var_run_t:sock_file create_file_perms;
+@@ -33,8 +33,8 @@
+
+ allow initrc_t mysqld_log_t:file { write append setattr ioctl };
+
+-allow mysqld_t self:capability { dac_override setgid setuid net_bind_service };
+-allow mysqld_t self:process { setsched getsched };
++allow mysqld_t self:capability { dac_override setgid setuid net_bind_service sys_resource };
++allow mysqld_t self:process { setrlimit setsched getsched };
+
+ allow mysqld_t proc_t:file { getattr read };
+
@@ -42,7 +42,7 @@
create_dir_file(mysqld_t, mysqld_db_t)
allow mysqld_t var_lib_t:dir { getattr search };
@@ -3253,7 +3359,7 @@
#
diff --exclude-from=exclude -N -u -r nsapolicy/mls policy-1.27.1/mls
--- nsapolicy/mls 2005-09-12 16:40:26.000000000 -0400
-+++ policy-1.27.1/mls 2005-10-14 08:07:13.000000000 -0400
++++ policy-1.27.1/mls 2005-10-19 10:54:15.000000000 -0400
@@ -13,12 +13,17 @@
sensitivity s7;
sensitivity s8;
@@ -3505,6 +3611,107 @@
#
+@@ -545,7 +492,8 @@
+ mlsconstrain window { addchild create destroy chstack chproplist chprop setattr setfocus move chselection chparent ctrllife transparent clientcomevent }
+ (( l1 eq l2 ) or
+ (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+- ( t1 == mlsxwinwrite ));
++ ( t1 == mlsxwinwrite ) or
++ ( t2 == mlstrustedobject ));
+
+ # these access vectors have no MLS restrictions
+ # window { map unmap }
+@@ -583,12 +531,14 @@
+ mlsconstrain colormap { list read getattr }
+ (( l1 dom l2 ) or
+ (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
++ ( t1 == mlsxwinreadcolormap ) or
+ ( t1 == mlsxwinread ));
+
+ # the colormap "write" ops (implicit single level)
+ mlsconstrain colormap { create free install uninstall store setattr }
+ (( l1 eq l2 ) or
+ (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
++ ( t1 == mlsxwinwritecolormap ) or
+ ( t1 == mlsxwinwrite ));
+
+
+@@ -602,12 +552,14 @@
+ mlsconstrain property { read }
+ (( l1 dom l2 ) or
+ (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
++ ( t1 == mlsxwinreadproperty ) or
+ ( t1 == mlsxwinread ));
+
+ # the property "write" ops (implicit single level)
+ mlsconstrain property { create free write }
+ (( l1 eq l2 ) or
+ (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
++ ( t1 == mlsxwinwriteproperty ) or
+ ( t1 == mlsxwinwrite ));
+
+
+@@ -643,16 +595,14 @@
+ # MLS policy for the xinput class
+ #
+
+-# the xinput "read" ops (implicit single level)
+-mlsconstrain xinput { lookup getattr mousemotion }
+- (( l1 dom l2 ) or
+- (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
+- ( t1 == mlsxwinread ));
++# these access vectors have no MLS restrictions
++# xinput ~{ relabelinput setattr }
+
+ # the xinput "write" ops (implicit single level)
+-mlsconstrain xinput { setattr setfocus warppointer activegrab passivegrab ungrab bell relabelinput }
++mlsconstrain xinput { setattr relabelinput }
+ (( l1 eq l2 ) or
+ (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
++ ( t1 == mlsxwinwritexinput ) or
+ ( t1 == mlsxwinwrite ));
+
+
+@@ -662,17 +612,8 @@
+ # MLS policy for the xserver class
+ #
+
+-# the xserver "read" ops (implicit single level)
+-mlsconstrain xserver { gethostlist getfontpath getattr screensaver }
+- (( l1 dom l2 ) or
+- (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
+- ( t1 == mlsxwinread ));
+-
+-# the xserver "write" ops (implicit single level)
+-mlsconstrain xserver { sethostlist setfontpath grab ungrab screensaver }
+- (( l1 eq l2 ) or
+- (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+- ( t1 == mlsxwinwrite ));
++# these access vectors have no MLS restrictions
++# xserver *
+
+
+
+@@ -681,17 +622,8 @@
+ # MLS policy for the xextension class
+ #
+
+-# the xextension "read" ops (implicit single level)
+-mlsconstrain xextension query
+- (( l1 dom l2 ) or
+- (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
+- ( t1 == mlsxwinread ));
+-
+-# the xextension "write" ops (implicit single level)
+-mlsconstrain xextension use
+- (( l1 eq l2 ) or
+- (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+- ( t1 == mlsxwinwrite ));
++# these access vectors have no MLS restrictions
++# xextension { query use }
+
+
+ #
diff --exclude-from=exclude -N -u -r nsapolicy/net_contexts policy-1.27.1/net_contexts
--- nsapolicy/net_contexts 2005-09-16 11:17:08.000000000 -0400
+++ policy-1.27.1/net_contexts 2005-10-18 09:14:50.000000000 -0400
Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.397
retrieving revision 1.398
diff -u -r1.397 -r1.398
--- selinux-policy-strict.spec 19 Oct 2005 01:38:03 -0000 1.397
+++ selinux-policy-strict.spec 19 Oct 2005 21:28:23 -0000 1.398
@@ -10,7 +10,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.27.1
-Release: 20
+Release: 21
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -244,6 +244,10 @@
exit 0
%changelog
+* Wed Oct 19 2005 Dan Walsh <dwalsh at redhat.com> 1.27.1-21
+- Fixes for MLS
+- Allow dhcp to write /etc/localtime
+
* Tue Oct 18 2005 Dan Walsh <dwalsh at redhat.com> 1.27.1-20
- Allow dhcpc to run arping
More information about the fedora-cvs-commits
mailing list