rpms/selinux-policy/devel .cvsignore, 1.55, 1.56 policy-20060411.patch, 1.3, 1.4 selinux-policy.spec, 1.173, 1.174 sources, 1.59, 1.60

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Fri Apr 14 19:50:06 UTC 2006 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv4141

Modified Files:
	.cvsignore policy-20060411.patch selinux-policy.spec sources 
Log Message:
* Fri Apr 14 2006 Dan Walsh <dwalsh at redhat.com> 2.2.32-1
- Update to latest from upstream



Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -r1.55 -r1.56
--- .cvsignore	13 Apr 2006 21:28:19 -0000	1.55
+++ .cvsignore	14 Apr 2006 19:50:03 -0000	1.56
@@ -56,3 +56,4 @@
 serefpolicy-2.2.29.tgz
 serefpolicy-2.2.30.tgz
 serefpolicy-2.2.31.tgz
+serefpolicy-2.2.32.tgz

policy-20060411.patch:
 Rules.modular                           |    2 -
 policy/mcs                              |    6 ++-
 policy/modules/admin/amanda.te          |    5 ++
 policy/modules/admin/bootloader.te      |    1 
 policy/modules/admin/rpm.fc             |    1 
 policy/modules/admin/su.fc              |    2 -
 policy/modules/admin/usermanage.te      |    1 
 policy/modules/apps/java.fc             |    9 +---
 policy/modules/apps/java.te             |    1 
 policy/modules/apps/mono.te             |    6 +++
 policy/modules/kernel/corecommands.fc   |   20 ++++++----
 policy/modules/kernel/devices.fc        |    3 +
 policy/modules/kernel/devices.if        |   24 +++++++++++-
 policy/modules/kernel/files.fc          |   37 ++++++++++++-------
 policy/modules/kernel/files.if          |   27 ++++++++++++++
 policy/modules/kernel/kernel.if         |    3 +
 policy/modules/kernel/mcs.te            |    4 ++
 policy/modules/kernel/mls.te            |    1 
 policy/modules/services/avahi.te        |    1 
 policy/modules/services/bind.fc         |    1 
 policy/modules/services/ftp.te          |    1 
 policy/modules/services/hal.te          |    1 
 policy/modules/services/kerberos.fc     |    4 +-
 policy/modules/services/mailman.if      |   38 ++++++++++++++++++++
 policy/modules/services/postfix.te      |    3 +
 policy/modules/services/postgresql.if   |    2 +
 policy/modules/services/rpc.te          |    4 +-
 policy/modules/services/samba.if        |    1 
 policy/modules/services/samba.te        |   12 +++++-
 policy/modules/services/spamassassin.fc |    2 -
 policy/modules/services/tftp.fc         |    3 +
 policy/modules/services/xserver.if      |   21 +++++++++++
 policy/modules/system/authlogin.fc      |    3 +
 policy/modules/system/authlogin.te      |    4 ++
 policy/modules/system/daemontools.fc    |    3 +
 policy/modules/system/fstools.te        |    1 
 policy/modules/system/init.te           |    1 
 policy/modules/system/libraries.fc      |   60 +++++++++++++++++++-------------
 policy/modules/system/miscfiles.fc      |    2 -
 policy/modules/system/modutils.fc       |    6 ++-
 policy/modules/system/selinuxutil.if    |    4 +-
 policy/modules/system/unconfined.te     |    3 +
 policy/modules/system/userdomain.if     |   28 ++++++++++----
 policy/modules/system/xen.te            |    5 ++
 44 files changed, 286 insertions(+), 81 deletions(-)

Index: policy-20060411.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060411.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- policy-20060411.patch	13 Apr 2006 20:33:48 -0000	1.3
+++ policy-20060411.patch	14 Apr 2006 19:50:03 -0000	1.4
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-2.2.31/policy/mcs
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-2.2.32/policy/mcs
 --- nsaserefpolicy/policy/mcs	2006-03-29 11:23:41.000000000 -0500
-+++ serefpolicy-2.2.31/policy/mcs	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/mcs	2006-04-14 12:06:19.000000000 -0400
 @@ -134,14 +134,18 @@
  # the high range of the file.  We use the high range of the process so
  # that processes can always simply run at s0.
@@ -21,9 +21,9 @@
  mlsconstrain file { read }
  	(( h1 dom h2 ) or ( t2 == domain ) or ( t1 == mlsfileread ));
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.2.31/policy/modules/admin/amanda.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.2.32/policy/modules/admin/amanda.te
 --- nsaserefpolicy/policy/modules/admin/amanda.te	2006-03-24 11:15:40.000000000 -0500
-+++ serefpolicy-2.2.31/policy/modules/admin/amanda.te	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/admin/amanda.te	2006-04-14 12:06:19.000000000 -0400
 @@ -9,6 +9,7 @@
  type amanda_t;
  type amanda_inetd_exec_t;
@@ -49,9 +49,9 @@
  allow amanda_recover_t self:process { sigkill sigstop signal };
  allow amanda_recover_t self:fifo_file { getattr ioctl read write };
  allow amanda_recover_t self:unix_stream_socket { connect create read write };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.2.31/policy/modules/admin/bootloader.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.2.32/policy/modules/admin/bootloader.te
 --- nsaserefpolicy/policy/modules/admin/bootloader.te	2006-04-04 18:06:37.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/admin/bootloader.te	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/admin/bootloader.te	2006-04-14 12:06:19.000000000 -0400
 @@ -84,6 +84,7 @@
  dev_read_sysfs(bootloader_t)
  # for reading BIOS data
@@ -60,9 +60,9 @@
  
  fs_getattr_xattr_fs(bootloader_t)
  fs_read_tmpfs_symlinks(bootloader_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.2.31/policy/modules/admin/rpm.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.2.32/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2006-04-04 18:06:37.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/admin/rpm.fc	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/admin/rpm.fc	2006-04-14 12:06:19.000000000 -0400
 @@ -10,6 +10,7 @@
  /usr/lib(64)?/rpm/rpmv		-- 	gen_context(system_u:object_r:bin_t,s0)
  
@@ -71,9 +71,9 @@
  
  ifdef(`distro_redhat', `
  /usr/bin/fedora-rmdevelrpms	--	gen_context(system_u:object_r:rpm_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.fc serefpolicy-2.2.31/policy/modules/admin/su.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.fc serefpolicy-2.2.32/policy/modules/admin/su.fc
 --- nsaserefpolicy/policy/modules/admin/su.fc	2006-03-23 14:33:29.000000000 -0500
-+++ serefpolicy-2.2.31/policy/modules/admin/su.fc	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/admin/su.fc	2006-04-14 12:06:19.000000000 -0400
 @@ -1,5 +1,5 @@
  
  /bin/su			--	gen_context(system_u:object_r:su_exec_t,s0)
@@ -81,9 +81,9 @@
 -/usr(/local)?/bin/ksu	--	gen_context(system_u:object_r:su_exec_t,s0)
 +/usr/(local/)?bin/ksu	--	gen_context(system_u:object_r:su_exec_t,s0)
  /usr/bin/kdesu		--	gen_context(system_u:object_r:su_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.2.31/policy/modules/admin/usermanage.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.2.32/policy/modules/admin/usermanage.te
 --- nsaserefpolicy/policy/modules/admin/usermanage.te	2006-04-04 18:06:38.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/admin/usermanage.te	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/admin/usermanage.te	2006-04-14 12:06:19.000000000 -0400
 @@ -514,6 +514,7 @@
  # Add/remove user home directories
  userdom_home_filetrans_generic_user_home_dir(useradd_t)
@@ -92,9 +92,9 @@
  userdom_generic_user_home_dir_filetrans_generic_user_home_content(useradd_t,notdevfile_class_set)
  
  mta_manage_spool(useradd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.2.31/policy/modules/apps/java.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.2.32/policy/modules/apps/java.fc
 --- nsaserefpolicy/policy/modules/apps/java.fc	2006-04-12 13:44:36.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/apps/java.fc	2006-04-13 16:12:57.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/apps/java.fc	2006-04-14 12:06:19.000000000 -0400
 @@ -1,11 +1,8 @@
  #
 -# /opt
@@ -110,9 +110,9 @@
  /usr/bin/gcj-dbtool	--	gen_context(system_u:object_r:java_exec_t,s0)
  /usr/bin/gij		--	gen_context(system_u:object_r:java_exec_t,s0)
 +/opt/(.*/)?bin/java([^/]*)? 	--	gen_context(system_u:object_r:java_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.2.31/policy/modules/apps/java.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.2.32/policy/modules/apps/java.te
 --- nsaserefpolicy/policy/modules/apps/java.te	2006-04-12 13:44:36.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/apps/java.te	2006-04-13 15:36:02.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/apps/java.te	2006-04-14 12:06:19.000000000 -0400
 @@ -10,6 +10,7 @@
  domain_type(java_t)
  
@@ -121,9 +121,9 @@
  files_type(java_exec_t)
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.2.31/policy/modules/apps/mono.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.2.32/policy/modules/apps/mono.te
 --- nsaserefpolicy/policy/modules/apps/mono.te	2006-04-12 13:44:36.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/apps/mono.te	2006-04-13 16:32:05.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/apps/mono.te	2006-04-14 12:06:19.000000000 -0400
 @@ -22,6 +22,8 @@
  	unconfined_domain_noaudit(mono_t)
  	role system_r types mono_t;
@@ -142,9 +142,9 @@
 +	')
 +
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.2.31/policy/modules/kernel/corecommands.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.2.32/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2006-04-10 17:05:08.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/kernel/corecommands.fc	2006-04-13 14:39:12.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/kernel/corecommands.fc	2006-04-14 12:06:19.000000000 -0400
 @@ -2,7 +2,8 @@
  #
  # /bin
@@ -193,9 +193,9 @@
  
  /usr/lib/ccache/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
  /usr/lib/pgsql/test/regress/.*\.sh --	gen_context(system_u:object_r:bin_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.2.31/policy/modules/kernel/devices.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.2.32/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2006-04-12 13:44:36.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/kernel/devices.fc	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/kernel/devices.fc	2006-04-14 12:06:19.000000000 -0400
 @@ -1,5 +1,6 @@
  
 -/dev(/.*)?			gen_context(system_u:object_r:device_t,s0)
@@ -204,9 +204,9 @@
  
  /dev/.*mouse.*		-c	gen_context(system_u:object_r:mouse_device_t,s0)
  /dev/adsp		-c	gen_context(system_u:object_r:sound_device_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.2.31/policy/modules/kernel/devices.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.2.32/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2006-04-12 13:44:36.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/kernel/devices.if	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/kernel/devices.if	2006-04-14 12:06:19.000000000 -0400
 @@ -2701,7 +2701,7 @@
  	')
  
@@ -249,9 +249,9 @@
 +	dontaudit $1 device_node:dir_file_class_set getattr;
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.2.31/policy/modules/kernel/files.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.2.32/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2006-03-23 14:33:29.000000000 -0500
-+++ serefpolicy-2.2.31/policy/modules/kernel/files.fc	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/kernel/files.fc	2006-04-14 12:06:19.000000000 -0400
 @@ -25,7 +25,8 @@
  #
  # /boot
@@ -360,9 +360,9 @@
  /var/\.journal			<<none>>
  
  /var/db/.*\.db		--	gen_context(system_u:object_r:etc_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.31/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if	2006-04-10 17:05:10.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/kernel/files.if	2006-04-13 12:53:30.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.32/policy/modules/kernel/files.if
+--- nsaserefpolicy/policy/modules/kernel/files.if	2006-04-14 07:58:12.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/kernel/files.if	2006-04-14 12:06:19.000000000 -0400
 @@ -948,6 +948,18 @@
  
  ########################################
@@ -404,9 +404,9 @@
  ## <summary>
  ##	Read files in /etc that are dynamically
  ##	created on boot, such as mtab.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.2.31/policy/modules/kernel/kernel.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.2.32/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2006-04-10 17:05:10.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/kernel/kernel.if	2006-04-13 15:25:54.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/kernel/kernel.if	2006-04-14 12:06:19.000000000 -0400
 @@ -1148,7 +1148,8 @@
  
  	allow $1 proc_t:dir search;
@@ -417,9 +417,9 @@
  	allow $1 sysctl_vm_t:file rw_file_perms;
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.te serefpolicy-2.2.31/policy/modules/kernel/mcs.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.te serefpolicy-2.2.32/policy/modules/kernel/mcs.te
 --- nsaserefpolicy/policy/modules/kernel/mcs.te	2006-04-04 18:06:38.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/kernel/mcs.te	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/kernel/mcs.te	2006-04-14 12:06:19.000000000 -0400
 @@ -32,6 +32,10 @@
  type xdm_exec_t;
  
@@ -431,9 +431,9 @@
  range_transition getty_t login_exec_t s0 - s0:c0.c255;
  range_transition init_t xdm_exec_t s0 - s0:c0.c255;
  range_transition initrc_t crond_exec_t s0 - s0:c0.c255;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.2.31/policy/modules/kernel/mls.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.2.32/policy/modules/kernel/mls.te
 --- nsaserefpolicy/policy/modules/kernel/mls.te	2006-03-07 10:31:09.000000000 -0500
-+++ serefpolicy-2.2.31/policy/modules/kernel/mls.te	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/kernel/mls.te	2006-04-14 12:06:19.000000000 -0400
 @@ -60,6 +60,7 @@
  
  ifdef(`enable_mls',`
@@ -442,9 +442,9 @@
  range_transition kernel_t init_exec_t s0 - s15:c0.c255;
  range_transition kernel_t lvm_exec_t s0 - s15:c0.c255;
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-2.2.31/policy/modules/services/avahi.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-2.2.32/policy/modules/services/avahi.te
 --- nsaserefpolicy/policy/modules/services/avahi.te	2006-03-24 11:15:50.000000000 -0500
-+++ serefpolicy-2.2.31/policy/modules/services/avahi.te	2006-04-13 16:17:29.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/services/avahi.te	2006-04-14 12:06:19.000000000 -0400
 @@ -92,6 +92,7 @@
  	dbus_system_bus_client_template(avahi,avahi_t)
  	dbus_connect_system_bus(avahi_t)
@@ -453,9 +453,9 @@
  ')
  
  optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-2.2.31/policy/modules/services/bind.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-2.2.32/policy/modules/services/bind.fc
 --- nsaserefpolicy/policy/modules/services/bind.fc	2006-01-16 17:04:24.000000000 -0500
-+++ serefpolicy-2.2.31/policy/modules/services/bind.fc	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/services/bind.fc	2006-04-14 12:06:19.000000000 -0400
 @@ -29,6 +29,7 @@
  
  ifdef(`distro_redhat',`
@@ -464,9 +464,20 @@
  /var/named(/.*)?			gen_context(system_u:object_r:named_zone_t,s0)
  /var/named/slaves(/.*)?		gen_context(system_u:object_r:named_cache_t,s0)
  /var/named/data(/.*)?		gen_context(system_u:object_r:named_cache_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.2.31/policy/modules/services/hal.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.2.32/policy/modules/services/ftp.te
+--- nsaserefpolicy/policy/modules/services/ftp.te	2006-04-12 13:44:37.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/services/ftp.te	2006-04-14 13:41:32.000000000 -0400
+@@ -126,6 +126,7 @@
+ seutil_dontaudit_search_config(ftpd_t)
+ 
+ sysnet_read_config(ftpd_t)
++sysnet_use_ldap(ftpd_t)
+ 
+ userdom_dontaudit_search_sysadm_home_dirs(ftpd_t)
+ userdom_dontaudit_use_unpriv_user_fds(ftpd_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.2.32/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2006-04-12 13:44:37.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/services/hal.te	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/services/hal.te	2006-04-14 12:06:19.000000000 -0400
 @@ -103,6 +103,7 @@
  fs_getattr_all_fs(hald_t)
  fs_search_all(hald_t)
@@ -475,9 +486,9 @@
  
  mls_file_read_up(hald_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-2.2.31/policy/modules/services/kerberos.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-2.2.32/policy/modules/services/kerberos.fc
 --- nsaserefpolicy/policy/modules/services/kerberos.fc	2005-10-06 17:29:17.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/services/kerberos.fc	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/services/kerberos.fc	2006-04-14 12:06:19.000000000 -0400
 @@ -5,8 +5,8 @@
  /etc/krb5kdc/kadm5.keytab 	--	gen_context(system_u:object_r:krb5_keytab_t,s0)
  /etc/krb5kdc/principal.*		gen_context(system_u:object_r:krb5kdc_principal_t,s0)
@@ -489,9 +500,9 @@
  
  /usr/local/var/krb5kdc(/.*)?		gen_context(system_u:object_r:krb5kdc_conf_t,s0)
  /usr/local/var/krb5kdc/principal.*	gen_context(system_u:object_r:krb5kdc_principal_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-2.2.31/policy/modules/services/mailman.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-2.2.32/policy/modules/services/mailman.if
 --- nsaserefpolicy/policy/modules/services/mailman.if	2006-03-24 11:15:50.000000000 -0500
-+++ serefpolicy-2.2.31/policy/modules/services/mailman.if	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/services/mailman.if	2006-04-14 12:06:19.000000000 -0400
 @@ -200,6 +200,44 @@
  
  #######################################
@@ -537,9 +548,9 @@
  ##	List the contents of mailman data directories.
  ## </summary>
  ## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.2.31/policy/modules/services/postfix.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.2.32/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2006-04-04 18:06:38.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/services/postfix.te	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/services/postfix.te	2006-04-14 12:06:19.000000000 -0400
 @@ -408,6 +408,9 @@
  
  optional_policy(`
@@ -550,9 +561,19 @@
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.2.31/policy/modules/services/rpc.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-2.2.32/policy/modules/services/postgresql.if
+--- nsaserefpolicy/policy/modules/services/postgresql.if	2006-02-10 17:05:19.000000000 -0500
++++ serefpolicy-2.2.32/policy/modules/services/postgresql.if	2006-04-14 12:06:19.000000000 -0400
+@@ -119,4 +119,6 @@
+ 	files_search_pids($1)
+ 	allow $1 postgresql_t:unix_stream_socket connectto;
+ 	allow $1 postgresql_var_run_t:sock_file write;
++        # Some versions of postgresql put the sock file in /tmp
++	allow $1 postgresql_tmp_t:sock_file write;
+ ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.2.32/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2006-03-24 11:15:50.000000000 -0500
-+++ serefpolicy-2.2.31/policy/modules/services/rpc.te	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/services/rpc.te	2006-04-14 12:06:19.000000000 -0400
 @@ -110,13 +110,13 @@
  portmap_udp_chat(nfsd_t)
  
@@ -569,9 +590,9 @@
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-2.2.31/policy/modules/services/samba.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-2.2.32/policy/modules/services/samba.if
 --- nsaserefpolicy/policy/modules/services/samba.if	2006-02-21 14:35:36.000000000 -0500
-+++ serefpolicy-2.2.31/policy/modules/services/samba.if	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/services/samba.if	2006-04-14 12:06:19.000000000 -0400
 @@ -33,6 +33,7 @@
  	')
  
@@ -580,10 +601,39 @@
  		userdom_manage_user_home_content_files($1,smbd_t)
  		userdom_manage_user_home_content_symlinks($1,smbd_t)
  		userdom_manage_user_home_content_sockets($1,smbd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.2.31/policy/modules/services/samba.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.2.32/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2006-04-12 13:44:37.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/services/samba.te	2006-04-13 12:53:30.000000000 -0400
-@@ -333,6 +333,13 @@
++++ serefpolicy-2.2.32/policy/modules/services/samba.te	2006-04-14 13:42:57.000000000 -0400
+@@ -106,8 +106,8 @@
+ files_tmp_filetrans(samba_net_t, samba_net_tmp_t, { file dir })
+ 
+ allow samba_net_t samba_var_t:dir rw_dir_perms;
++allow samba_net_t samba_var_t:file create_file_perms;
+ allow samba_net_t samba_var_t:lnk_file create_lnk_perms;
+-allow samba_net_t samba_var_t:file create_lnk_perms;
+ 
+ kernel_read_proc_symlinks(samba_net_t)
+ 
+@@ -160,8 +160,10 @@
+ 	corenet_non_ipsec_sendrecv(samba_net_t)
+ 	corenet_tcp_bind_all_nodes(samba_net_t)
+ 	sysnet_read_config(samba_net_t)
++        corenet_tcp_connect_ldap_port(samba_net_t)
+ ')
+ 
++
+ optional_policy(`
+ 	nscd_socket_use(samba_net_t)
+ ')
+@@ -268,6 +270,7 @@
+ 
+ init_use_fds(smbd_t)
+ init_use_script_ptys(smbd_t)
++init_rw_utmp(smbd_t)
+ 
+ libs_use_ld_so(smbd_t)
+ libs_use_shared_libs(smbd_t)
+@@ -333,6 +336,13 @@
  ')
  allow smbd_t mtrr_device_t:file getattr;
  
@@ -597,9 +647,19 @@
  ########################################
  #
  # nmbd Local policy
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.fc serefpolicy-2.2.31/policy/modules/services/tftp.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-2.2.32/policy/modules/services/spamassassin.fc
+--- nsaserefpolicy/policy/modules/services/spamassassin.fc	2005-12-01 17:57:16.000000000 -0500
++++ serefpolicy-2.2.32/policy/modules/services/spamassassin.fc	2006-04-14 12:06:19.000000000 -0400
+@@ -1,5 +1,5 @@
+ 
+-/usr/bin/sa-learn	--	gen_context(system_u:object_r:spamd_exec_t,s0)
++/usr/bin/sa-learn	--	gen_context(system_u:object_r:spamc_exec_t,s0)
+ /usr/bin/spamc		--	gen_context(system_u:object_r:spamc_exec_t,s0)
+ /usr/bin/spamd		--	gen_context(system_u:object_r:spamd_exec_t,s0)
+ 
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.fc serefpolicy-2.2.32/policy/modules/services/tftp.fc
 --- nsaserefpolicy/policy/modules/services/tftp.fc	2005-10-06 17:29:17.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/services/tftp.fc	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/services/tftp.fc	2006-04-14 12:06:19.000000000 -0400
 @@ -2,4 +2,5 @@
  /usr/sbin/atftpd	--	gen_context(system_u:object_r:tftpd_exec_t,s0)
  /usr/sbin/in\.tftpd	--	gen_context(system_u:object_r:tftpd_exec_t,s0)
@@ -607,9 +667,9 @@
 -/tftpboot(/.*)?			gen_context(system_u:object_r:tftpdir_t,s0)
 +/tftpboot		-d	gen_context(system_u:object_r:tftpdir_t,s0)
 +/tftpboot/.*			gen_context(system_u:object_r:tftpdir_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.2.31/policy/modules/services/xserver.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.2.32/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2006-04-06 15:31:54.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/services/xserver.if	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/services/xserver.if	2006-04-14 12:06:19.000000000 -0400
 @@ -1070,3 +1070,24 @@
  
  	dontaudit $1 xdm_xserver_t:tcp_socket { read write };
@@ -635,9 +695,9 @@
 +	allow $1 xdm_xserver_tmp_t:sock_file { read write };
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-2.2.31/policy/modules/system/authlogin.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-2.2.32/policy/modules/system/authlogin.fc
 --- nsaserefpolicy/policy/modules/system/authlogin.fc	2006-01-19 17:48:34.000000000 -0500
-+++ serefpolicy-2.2.31/policy/modules/system/authlogin.fc	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/system/authlogin.fc	2006-04-14 12:06:19.000000000 -0400
 @@ -7,7 +7,8 @@
  /etc/passwd\.lock	--	gen_context(system_u:object_r:shadow_t,s0)
  /etc/shadow.*		--	gen_context(system_u:object_r:shadow_t,s0)
@@ -648,9 +708,26 @@
  
  /sbin/pam_console_apply	 --	gen_context(system_u:object_r:pam_console_exec_t,s0)
  /sbin/pam_timestamp_check --	gen_context(system_u:object_r:pam_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.fc serefpolicy-2.2.31/policy/modules/system/daemontools.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.2.32/policy/modules/system/authlogin.te
+--- nsaserefpolicy/policy/modules/system/authlogin.te	2006-04-04 18:06:38.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/system/authlogin.te	2006-04-14 12:06:19.000000000 -0400
+@@ -173,9 +173,13 @@
+ dev_setattr_video_dev(pam_console_t)
+ dev_getattr_xserver_misc_dev(pam_console_t)
+ dev_setattr_xserver_misc_dev(pam_console_t)
++dev_read_urand(pam_console_t)
+ 
+ fs_search_auto_mountpoints(pam_console_t)
+ 
++miscfiles_read_localization(pam_console_t)
++miscfiles_read_certs(pam_console_t)
++
+ storage_getattr_fixed_disk_dev(pam_console_t)
+ storage_setattr_fixed_disk_dev(pam_console_t)
+ storage_getattr_removable_dev(pam_console_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.fc serefpolicy-2.2.32/policy/modules/system/daemontools.fc
 --- nsaserefpolicy/policy/modules/system/daemontools.fc	2006-04-05 11:35:09.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/system/daemontools.fc	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/system/daemontools.fc	2006-04-14 12:06:19.000000000 -0400
 @@ -2,7 +2,8 @@
  # /service
  #
@@ -661,9 +738,9 @@
  
  #
  # /usr
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.2.31/policy/modules/system/fstools.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.2.32/policy/modules/system/fstools.te
 --- nsaserefpolicy/policy/modules/system/fstools.te	2006-04-04 18:06:38.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/system/fstools.te	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/system/fstools.te	2006-04-14 12:06:19.000000000 -0400
 @@ -77,6 +77,7 @@
  dev_getattr_usbfs_dirs(fsadm_t)
  # Access to /dev/mapper/control
@@ -672,9 +749,9 @@
  
  fs_search_auto_mountpoints(fsadm_t)
  fs_getattr_xattr_fs(fsadm_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.2.31/policy/modules/system/init.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.2.32/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2006-04-06 15:32:43.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/system/init.te	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/system/init.te	2006-04-14 12:06:19.000000000 -0400
 @@ -352,6 +352,7 @@
  files_mounton_isid_type_dirs(initrc_t)
  files_list_default(initrc_t)
@@ -683,9 +760,9 @@
  
  libs_rw_ld_so_cache(initrc_t)
  libs_use_ld_so(initrc_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.2.31/policy/modules/system/libraries.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.2.32/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2006-04-12 13:44:38.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/system/libraries.fc	2006-04-13 16:25:13.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/system/libraries.fc	2006-04-14 12:06:19.000000000 -0400
 @@ -24,17 +24,22 @@
  #
  # /lib(64)?
@@ -755,19 +832,18 @@
  /usr/lib(64)?/libsipphoneapi\.so.*	--	gen_context(system_u:object_r:texrel_shlib_t,s0)
  /usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libGLU\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -74,9 +83,9 @@
+@@ -74,9 +83,8 @@
  /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libGL(core)?\.so(\.[^/]*)*             --      	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)*              --      	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.*            --      	gen_context(system_u:object_r:textrel_shlib_t,s0)
 -/usr/lib(64)?/vmware(.*/)?/VmPerl\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/lib(64)?/vmware(.*/)?VmPerl\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
 -/usr/(local/)?lib/wine/.*\.so  		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 +/usr/(local/)?lib(64)?/wine/.*\.so  		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/(local/)?lib/libfame-.*\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/local/.*\.so(\.[^/]*)*		--	gen_context(system_u:object_r:shlib_t,s0)
  
-@@ -127,7 +136,7 @@
+@@ -127,7 +135,7 @@
  /usr/lib(64)?/.*/program/libsvx680li\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/.*/program/libcomphelp4gcc3\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/.*/program/libsoffice\.so  --	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -776,8 +852,12 @@
  
  /usr/lib(64)?/firefox.*\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/mozilla.*\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -182,13 +191,13 @@
+@@ -180,15 +188,17 @@
+ 
+ # vmware 
  /usr/lib(64)?/vmware/lib(/.*)?/libgdk-x11-.*\.so.*  -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/vmware/lib(/.*)?/HConfig.so  -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/vmware/(.*/)?VmPerl\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
  # Java, Sun Microsystems (JPackage SRPM)
 -/usr/.*/jre.*/libdeploy.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -796,9 +876,15 @@
  ') dnl end distro_redhat
  
  ifdef(`distro_suse',`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-2.2.31/policy/modules/system/miscfiles.fc
+@@ -214,3 +224,5 @@
+ /var/spool/postfix/lib(64)?/lib.*\.so.*	--	gen_context(system_u:object_r:shlib_t,s0)
+ /var/spool/postfix/lib(64)?/[^/]*/lib.*\.so.* -- gen_context(system_u:object_r:shlib_t,s0)
+ /var/spool/postfix/lib(64)?/devfsd/.*\.so.* -- gen_context(system_u:object_r:shlib_t,s0)
++/usr/NX/lib/libXcomp.so.*	--  gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/NX/lib/libjpeg.so.* 	--  gen_context(system_u:object_r:textrel_shlib_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-2.2.32/policy/modules/system/miscfiles.fc
 --- nsaserefpolicy/policy/modules/system/miscfiles.fc	2005-10-27 14:57:47.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/system/miscfiles.fc	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/system/miscfiles.fc	2006-04-14 12:06:19.000000000 -0400
 @@ -7,7 +7,7 @@
  #
  # /opt
@@ -808,9 +894,9 @@
  
  #
  # /srv
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.fc serefpolicy-2.2.31/policy/modules/system/modutils.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.fc serefpolicy-2.2.32/policy/modules/system/modutils.fc
 --- nsaserefpolicy/policy/modules/system/modutils.fc	2005-10-06 17:29:17.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/system/modutils.fc	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/system/modutils.fc	2006-04-14 12:06:19.000000000 -0400
 @@ -2,9 +2,11 @@
  /etc/modules\.conf.*	--	gen_context(system_u:object_r:modules_conf_t,s0)
  /etc/modprobe\.conf.*	--	gen_context(system_u:object_r:modules_conf_t,s0)
@@ -825,20 +911,10 @@
  
  /sbin/depmod.*		--	gen_context(system_u:object_r:depmod_exec_t,s0)
  /sbin/generate-modprobe\.conf -- gen_context(system_u:object_r:update_modules_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.2.31/policy/modules/system/selinuxutil.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.2.32/policy/modules/system/selinuxutil.if
 --- nsaserefpolicy/policy/modules/system/selinuxutil.if	2006-03-29 14:18:17.000000000 -0500
-+++ serefpolicy-2.2.31/policy/modules/system/selinuxutil.if	2006-04-13 15:29:28.000000000 -0400
-@@ -623,7 +623,8 @@
- 	')
- 
- 	files_search_etc($1)
--	allow $1 selinux_config_t:dir rw_dir_perms;
-+	# semanage wants to rmdir 
-+	allow $1 selinux_config_t:dir { rmdir rw_dir_perms };
- 	allow $1 selinux_config_t:file manage_file_perms;
- 	allow $1 selinux_config_t:lnk_file { getattr read };
- ')
-@@ -697,8 +698,8 @@
++++ serefpolicy-2.2.32/policy/modules/system/selinuxutil.if	2006-04-14 12:06:19.000000000 -0400
+@@ -697,8 +697,8 @@
  
  	files_search_etc($1)
  	allow $1 selinux_config_t:dir search;
@@ -849,10 +925,18 @@
  	allow $1 file_context_t:lnk_file { getattr read };
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.2.31/policy/modules/system/unconfined.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.2.32/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2006-04-12 13:44:38.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/system/unconfined.te	2006-04-13 15:21:35.000000000 -0400
-@@ -64,6 +64,8 @@
++++ serefpolicy-2.2.32/policy/modules/system/unconfined.te	2006-04-14 12:06:19.000000000 -0400
+@@ -37,6 +37,7 @@
+ 	logging_domtrans_auditctl(unconfined_t)
+ 
+ 	seutil_domtrans_restorecon(unconfined_t)
++	seutil_domtrans_semanage(unconfined_t)
+ 
+ 	userdom_unconfined(unconfined_t)
+ 	userdom_priveleged_home_dir_manager(unconfined_t)
+@@ -64,6 +65,8 @@
  	optional_policy(`
  		dbus_stub(unconfined_t)
  
@@ -861,10 +945,32 @@
  		optional_policy(`
  			avahi_dbus_chat(unconfined_t)
  		')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.2.31/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if	2006-04-11 16:58:42.000000000 -0400
-+++ serefpolicy-2.2.31/policy/modules/system/userdomain.if	2006-04-13 12:53:30.000000000 -0400
-@@ -4132,11 +4132,31 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.2.32/policy/modules/system/userdomain.if
+--- nsaserefpolicy/policy/modules/system/userdomain.if	2006-04-14 07:58:13.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/system/userdomain.if	2006-04-14 12:06:19.000000000 -0400
+@@ -379,10 +379,6 @@
+ 	')
+ 
+ 	optional_policy(`
+-		jabber_tcp_connect($1_t)
+-	')
+-
+-	optional_policy(`
+ 		nis_use_ypbind($1_t)
+ 	')
+ 
+@@ -408,10 +404,6 @@
+ 	')
+ 
+ 	optional_policy(`
+-		perdition_tcp_connect($1_t)
+-	')
+-
+-	optional_policy(`
+ 		portmap_tcp_connect($1_t)
+ 	')
+ 
+@@ -4140,11 +4132,31 @@
  		type user_home_dir_t;
  	')
  
@@ -896,9 +1002,9 @@
  ##	Search generic user home directories.
  ## </summary>
  ## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.2.31/policy/modules/system/xen.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.2.32/policy/modules/system/xen.te
 --- nsaserefpolicy/policy/modules/system/xen.te	2006-03-23 14:33:30.000000000 -0500
-+++ serefpolicy-2.2.31/policy/modules/system/xen.te	2006-04-13 12:53:30.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/system/xen.te	2006-04-14 12:06:19.000000000 -0400
 @@ -19,6 +19,8 @@
  # var/lib files
  type xend_var_lib_t;
@@ -925,3 +1031,15 @@
  
  init_use_fds(xenstored_t)
  
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.2.32/Rules.modular
+--- nsaserefpolicy/Rules.modular	2006-03-23 14:33:29.000000000 -0500
++++ serefpolicy-2.2.32/Rules.modular	2006-04-14 14:21:43.000000000 -0400
+@@ -208,7 +208,7 @@
+ #
+ $(APPDIR)/customizable_types: $(BASE_CONF)
+ 	@mkdir -p $(APPDIR)
+-	$(verbose) $(GREP) '^[[:blank:]]*type .*customizable' $< | cut -d',' -f1 | cut -d' ' -f2 | $(SORT) -u > $(TMPDIR)/customizable_types
++	$(verbose) $(GREP) '^[[:blank:]]*type .*customizable' $< | cut -d';' -f1 | cut -d',' -f1 | cut -d' ' -f2 | $(SORT) -u > $(TMPDIR)/customizable_types
+ 	$(verbose) install -m 644 $(TMPDIR)/customizable_types $@ 
+ 
+ ########################################


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.173
retrieving revision 1.174
diff -u -r1.173 -r1.174
--- selinux-policy.spec	13 Apr 2006 20:33:49 -0000	1.173
+++ selinux-policy.spec	14 Apr 2006 19:50:03 -0000	1.174
@@ -15,7 +15,7 @@
 %define CHECKPOLICYVER 1.30.1-2
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 2.2.31
+Version: 2.2.32
 Release: 1
 License: GPL
 Group: System Environment/Base
@@ -122,6 +122,7 @@
 %define saveFileContext() \
 if [ -s /etc/selinux/config ]; then \
 	. %{_sysconfdir}/selinux/config; \
+	restorecon -R %{_sysconfdir}/selinux/%1; \
 	FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
 	if [ "${SELINUXTYPE}" == %1 -a -f ${FILE_CONTEXT} ]; then \
 		cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.pre; \
@@ -320,6 +321,9 @@
 %endif
 
 %changelog
+* Fri Apr 14 2006 Dan Walsh <dwalsh at redhat.com> 2.2.32-1
+- Update to latest from upstream
+
 * Thu Apr 14 2006 Dan Walsh <dwalsh at redhat.com> 2.2.31-1
 - Update to latest from upstream
 - Allow mono and unconfined to talk to initrc_t dbus objects


Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/sources,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -r1.59 -r1.60
--- sources	13 Apr 2006 21:28:19 -0000	1.59
+++ sources	14 Apr 2006 19:50:03 -0000	1.60
@@ -1 +1 @@
-437521998aafb56999299bc4e3532244  serefpolicy-2.2.31.tgz
+7a3563e2478a4b18dc689de8561831b5  serefpolicy-2.2.32.tgz

More information about the fedora-cvs-commits mailing list