rpms/selinux-policy/FC-5 .cvsignore, 1.50, 1.51 policy-20060411.patch, 1.1, 1.2 selinux-policy.spec, 1.164, 1.165 sources, 1.54, 1.55

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Fri Apr 21 11:02:21 UTC 2006 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv16857

Modified Files:
	.cvsignore policy-20060411.patch selinux-policy.spec sources 
Log Message:
* Fri Apr 21 2006 Dan Walsh <dwalsh at redhat.com> 2.2.34-3.fc5
- Bump for fc5



Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/.cvsignore,v
retrieving revision 1.50
retrieving revision 1.51
diff -u -r1.50 -r1.51
--- .cvsignore	15 Apr 2006 10:33:31 -0000	1.50
+++ .cvsignore	21 Apr 2006 11:02:17 -0000	1.51
@@ -51,3 +51,4 @@
 serefpolicy-2.2.25.tgz
 serefpolicy-2.2.29.tgz
 serefpolicy-2.2.32.tgz
+serefpolicy-2.2.34.tgz

policy-20060411.patch:
 config/appconfig-strict-mls/default_type |    1 
 policy/modules/admin/netutils.te         |    2 -
 policy/modules/admin/usermanage.te       |    1 
 policy/modules/apps/mono.te              |    3 +-
 policy/modules/kernel/corecommands.fc    |    1 
 policy/modules/kernel/domain.te          |    1 
 policy/modules/kernel/files.if           |   35 +++++++++++++++++++++++++++
 policy/modules/kernel/filesystem.if      |    6 ++--
 policy/modules/kernel/kernel.te          |    1 
 policy/modules/kernel/terminal.if        |    2 -
 policy/modules/services/cups.te          |    1 
 policy/modules/services/pegasus.te       |    8 ++++++
 policy/modules/services/procmail.te      |    2 -
 policy/modules/services/samba.te         |    2 -
 policy/modules/system/authlogin.te       |    2 +
 policy/modules/system/init.te            |    1 
 policy/modules/system/libraries.fc       |   18 +++-----------
 policy/modules/system/logging.te         |    4 +--
 policy/modules/system/sysnetwork.te      |    2 +
 policy/modules/system/unconfined.if      |   39 +++++++++++++++++++++++++++++++
 policy/modules/system/userdomain.te      |   24 +++++++++++++++++--
 policy/modules/system/xen.if             |   18 ++++++++++++++
 policy/modules/system/xen.te             |    1 
 policy/rolemap                           |    1 
 policy/users                             |    6 ++--
 25 files changed, 153 insertions(+), 29 deletions(-)

Index: policy-20060411.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/policy-20060411.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- policy-20060411.patch	15 Apr 2006 10:34:16 -0000	1.1
+++ policy-20060411.patch	21 Apr 2006 11:02:17 -0000	1.2
@@ -1,399 +1,74 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-2.2.32/policy/mcs
---- nsaserefpolicy/policy/mcs	2006-03-29 11:23:41.000000000 -0500
-+++ serefpolicy-2.2.32/policy/mcs	2006-04-14 12:06:19.000000000 -0400
-@@ -134,14 +134,18 @@
- # the high range of the file.  We use the high range of the process so
- # that processes can always simply run at s0.
- #
--# Only files are constrained by MCS at this stage.
-+# Note that getattr on files is always permitted.
- #
- mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom }
- 	( h1 dom h2 );
- 
-+# New filesystem object labels must be dominated by the relabeling subject
-+# clearance, also the objects are single-level.
- mlsconstrain file { create relabelto }
- 	(( h1 dom h2 ) and ( l2 eq h2 ));
- 
-+# At this time we do not restrict "ps" type operations via MCS.  This
-+# will probably change in future.
- mlsconstrain file { read }
- 	(( h1 dom h2 ) or ( t2 == domain ) or ( t1 == mlsfileread ));
- 
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.2.32/policy/modules/admin/amanda.te
---- nsaserefpolicy/policy/modules/admin/amanda.te	2006-03-24 11:15:40.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/admin/amanda.te	2006-04-14 14:29:14.000000000 -0400
-@@ -9,6 +9,7 @@
- type amanda_t;
- type amanda_inetd_exec_t;
- inetd_udp_service_domain(amanda_t,amanda_inetd_exec_t)
-+inetd_tcp_service_domain(amanda_t,amanda_inetd_exec_t)
- role system_r types amanda_t;
- 
- type amanda_exec_t;
-@@ -141,6 +142,10 @@
- corenet_non_ipsec_sendrecv(amanda_t)
- corenet_tcp_bind_all_nodes(amanda_t)
- corenet_udp_bind_all_nodes(amanda_t)
-+corenet_tcp_bind_reserved_port(amanda_t)
-+corenet_udp_bind_reserved_port(amanda_t)
-+corenet_dontaudit_tcp_bind_all_reserved_ports(amanda_t)
-+corenet_dontaudit_udp_bind_all_reserved_ports(amanda_t)
- 
- dev_getattr_all_blk_files(amanda_t)
- dev_getattr_all_chr_files(amanda_t)
-@@ -183,13 +188,15 @@
- 
- optional_policy(`
- 	nscd_socket_use(amanda_t)
-+	nscd_socket_use(amanda_recover_t)
- ')
- 
- ########################################
- #
- # Amanda recover local policy
- 
--allow amanda_recover_t self:capability { fowner fsetid kill setgid setuid chown dac_override net_bind_service };
-+allow amanda_recover_t self:capability { fowner fsetid kill setgid setuid chown dac_override };
-+corenet_tcp_bind_reserved_port(amanda_recover_t)
- allow amanda_recover_t self:process { sigkill sigstop signal };
- allow amanda_recover_t self:fifo_file { getattr ioctl read write };
- allow amanda_recover_t self:unix_stream_socket { connect create read write };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.2.32/policy/modules/admin/bootloader.te
---- nsaserefpolicy/policy/modules/admin/bootloader.te	2006-04-04 18:06:37.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/admin/bootloader.te	2006-04-14 12:06:19.000000000 -0400
-@@ -84,6 +84,7 @@
- dev_read_sysfs(bootloader_t)
- # for reading BIOS data
- dev_read_raw_memory(bootloader_t)
-+mls_file_read_up(bootloader_t)
- 
- fs_getattr_xattr_fs(bootloader_t)
- fs_read_tmpfs_symlinks(bootloader_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.2.32/policy/modules/admin/rpm.fc
---- nsaserefpolicy/policy/modules/admin/rpm.fc	2006-04-04 18:06:37.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/admin/rpm.fc	2006-04-14 12:06:19.000000000 -0400
-@@ -10,6 +10,7 @@
- /usr/lib(64)?/rpm/rpmv		-- 	gen_context(system_u:object_r:bin_t,s0)
- 
- /usr/share/yumex/yumex		--	gen_context(system_u:object_r:rpm_exec_t,s0)
-+/usr/sbin/system-install-packages --	gen_context(system_u:object_r:rpm_exec_t,s0)
- 
- ifdef(`distro_redhat', `
- /usr/bin/fedora-rmdevelrpms	--	gen_context(system_u:object_r:rpm_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.fc serefpolicy-2.2.32/policy/modules/admin/su.fc
---- nsaserefpolicy/policy/modules/admin/su.fc	2006-03-23 14:33:29.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/admin/su.fc	2006-04-14 12:06:19.000000000 -0400
-@@ -1,5 +1,5 @@
- 
- /bin/su			--	gen_context(system_u:object_r:su_exec_t,s0)
- 
--/usr(/local)?/bin/ksu	--	gen_context(system_u:object_r:su_exec_t,s0)
-+/usr/(local/)?bin/ksu	--	gen_context(system_u:object_r:su_exec_t,s0)
- /usr/bin/kdesu		--	gen_context(system_u:object_r:su_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.2.32/policy/modules/admin/usermanage.te
---- nsaserefpolicy/policy/modules/admin/usermanage.te	2006-04-04 18:06:38.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/admin/usermanage.te	2006-04-14 12:06:19.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/default_type serefpolicy-2.2.34/config/appconfig-strict-mls/default_type
+--- nsaserefpolicy/config/appconfig-strict-mls/default_type	2006-01-06 17:55:17.000000000 -0500
++++ serefpolicy-2.2.34/config/appconfig-strict-mls/default_type	2006-04-20 14:04:12.000000000 -0400
+@@ -2,3 +2,4 @@
+ secadm_r:secadm_t
+ staff_r:staff_t
+ user_r:user_t
++auditadm_r:auditadm_t
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.2.34/policy/modules/admin/netutils.te
+--- nsaserefpolicy/policy/modules/admin/netutils.te	2006-04-06 14:05:24.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/admin/netutils.te	2006-04-20 14:04:12.000000000 -0400
+@@ -97,7 +97,7 @@
+ 
+ allow ping_t self:tcp_socket create_socket_perms;
+ allow ping_t self:udp_socket create_socket_perms;
+-allow ping_t self:rawip_socket { create ioctl read write bind getopt setopt };
++allow ping_t self:{ rawip_socket packet_socket } { create ioctl read write bind getopt setopt };
+ 
+ corenet_tcp_sendrecv_all_if(ping_t)
+ corenet_udp_sendrecv_all_if(ping_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.2.34/policy/modules/admin/usermanage.te
+--- nsaserefpolicy/policy/modules/admin/usermanage.te	2006-04-18 22:49:59.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/admin/usermanage.te	2006-04-20 14:04:12.000000000 -0400
 @@ -514,6 +514,7 @@
  # Add/remove user home directories
  userdom_home_filetrans_generic_user_home_dir(useradd_t)
  userdom_manage_generic_user_home_content_dirs(useradd_t)
-+userdom_manage_staff_home_dir(useradd_t)
++userdom_manage_generic_user_home_content_files(useradd_t)
+ userdom_manage_staff_home_dirs(useradd_t)
  userdom_generic_user_home_dir_filetrans_generic_user_home_content(useradd_t,notdevfile_class_set)
  
- mta_manage_spool(useradd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.2.32/policy/modules/apps/java.fc
---- nsaserefpolicy/policy/modules/apps/java.fc	2006-04-12 13:44:36.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/apps/java.fc	2006-04-14 12:06:19.000000000 -0400
-@@ -1,11 +1,8 @@
- #
--# /opt
--#
--/opt(/.*)?/bin/java.* 	--	gen_context(system_u:object_r:java_exec_t,s0)
--
--#
- # /usr
- #
--/usr(/.*)?/bin/java.* 	--	gen_context(system_u:object_r:java_exec_t,s0)
-+/usr/(.*/)?bin/java.* 	--	gen_context(system_u:object_r:java_exec_t,s0)
-+/usr/lib(.*/)?bin/java([^/]*)? 	--	gen_context(system_u:object_r:java_exec_t,s0)
- /usr/bin/gcj-dbtool	--	gen_context(system_u:object_r:java_exec_t,s0)
- /usr/bin/gij		--	gen_context(system_u:object_r:java_exec_t,s0)
-+/opt/(.*/)?bin/java([^/]*)? 	--	gen_context(system_u:object_r:java_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.2.32/policy/modules/apps/java.te
---- nsaserefpolicy/policy/modules/apps/java.te	2006-04-12 13:44:36.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/apps/java.te	2006-04-14 12:06:19.000000000 -0400
-@@ -10,6 +10,7 @@
- domain_type(java_t)
- 
- type java_exec_t;
-+init_system_domain(java_t,java_exec_t)
- files_type(java_exec_t)
- 
- ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.2.32/policy/modules/apps/mono.te
---- nsaserefpolicy/policy/modules/apps/mono.te	2006-04-12 13:44:36.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/apps/mono.te	2006-04-14 12:06:19.000000000 -0400
-@@ -22,6 +22,8 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.2.34/policy/modules/apps/mono.te
+--- nsaserefpolicy/policy/modules/apps/mono.te	2006-04-18 22:49:59.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/apps/mono.te	2006-04-21 06:40:33.000000000 -0400
+@@ -20,8 +20,9 @@
+ ifdef(`targeted_policy',`
+ 	allow mono_t self:process { execheap execmem };
  	unconfined_domain_noaudit(mono_t)
- 	role system_r types mono_t;
- 
-+	init_dbus_chat_script(mono_t)
-+
- 	optional_policy(`
- 		avahi_dbus_chat(mono_t)
- 	')
-@@ -29,4 +31,8 @@
- 	optional_policy(`
- 		hal_dbus_chat(mono_t)
- 	')
-+	optional_policy(`
-+		networkmanager_dbus_chat(mono_t)
-+	')
-+
- ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.2.32/policy/modules/kernel/corecommands.fc
---- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2006-04-10 17:05:08.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/kernel/corecommands.fc	2006-04-14 12:06:19.000000000 -0400
-@@ -2,7 +2,8 @@
- #
- # /bin
- #
--/bin(/.*)?				gen_context(system_u:object_r:bin_t,s0)
-+/bin				-d	gen_context(system_u:object_r:bin_t,s0)
-+/bin/.*					gen_context(system_u:object_r:bin_t,s0)
- /bin/d?ash			--	gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/bash			--	gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/bash2			--	gen_context(system_u:object_r:shell_exec_t,s0)
-@@ -86,27 +87,30 @@
- #
- # /sbin
- #
--/sbin(/.*)?				gen_context(system_u:object_r:sbin_t,s0)
-+/sbin				-d	gen_context(system_u:object_r:sbin_t,s0)
-+/sbin/.*				gen_context(system_u:object_r:sbin_t,s0)
- /sbin/mkfs\.cramfs		--	gen_context(system_u:object_r:sbin_t,s0)
- /sbin/insmod_ksymoops_clean	--	gen_context(system_u:object_r:sbin_t,s0)
- 
- #
- # /opt
- #
--/opt(/.*)?/bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-+/opt/(.*/)?bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
- 
--/opt(/.*)?/libexec(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-+/opt/(.*/)?libexec(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+-	role system_r types mono_t;
++	unconfined_dbus_chat(mono_t)
  
--/opt(/.*)?/sbin(/.*)?			gen_context(system_u:object_r:sbin_t,s0)
-+/opt/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:sbin_t,s0)
- 
- #
- # /usr
- #
--/usr(/.*)?/Bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-+/usr/(.*/)?Bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
- 
--/usr(/.*)?/bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-+/usr/(.*/)?bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib(.*/)?bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
- 
--/usr(/.*)?/sbin(/.*)?			gen_context(system_u:object_r:sbin_t,s0)
-+/usr/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:sbin_t,s0)
-+/usr/lib(.*/)?sbin(/.*)?		gen_context(system_u:object_r:sbin_t,s0)
- 
- /usr/lib/ccache/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
- /usr/lib/pgsql/test/regress/.*\.sh --	gen_context(system_u:object_r:bin_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.2.32/policy/modules/kernel/devices.fc
---- nsaserefpolicy/policy/modules/kernel/devices.fc	2006-04-12 13:44:36.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/kernel/devices.fc	2006-04-14 12:06:19.000000000 -0400
-@@ -1,5 +1,6 @@
- 
--/dev(/.*)?			gen_context(system_u:object_r:device_t,s0)
-+/dev			-d	gen_context(system_u:object_r:device_t,s0)
-+/dev/.*				gen_context(system_u:object_r:device_t,s0)
- 
- /dev/.*mouse.*		-c	gen_context(system_u:object_r:mouse_device_t,s0)
- /dev/adsp		-c	gen_context(system_u:object_r:sound_device_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.2.32/policy/modules/kernel/devices.if
---- nsaserefpolicy/policy/modules/kernel/devices.if	2006-04-12 13:44:36.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/kernel/devices.if	2006-04-14 12:06:19.000000000 -0400
-@@ -2701,7 +2701,7 @@
- 	')
- 
- 	allow $1 device_t:dir r_dir_perms;
--	allow $1 xen_device_t:chr_file r_file_perms;
-+	allow $1 xen_device_t:chr_file rw_file_perms;
- ')
- 
- ########################################
-@@ -2720,7 +2720,7 @@
- 	')
- 
- 	allow $1 device_t:dir r_dir_perms;
--	allow $1 xen_device_t:chr_file r_file_perms;
-+	allow $1 xen_device_t:chr_file manage_file_perms;
- ')
- 
- ########################################
-@@ -2874,3 +2874,23 @@
- 
- 	typeattribute $1 devices_unconfined_type;
- ')
-+
-+########################################
-+## <summary>
-+##	Dontaudit getattr on all device nodes.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain to not audit.
-+##	</summary>
-+## </param>
-+#
-+interface(`dev_dontaudit_getattr_all_device_nodes',`
-+	gen_require(`
-+		attribute device_node;
-+	')
-+
-+	dontaudit $1 device_t:dir_file_class_set getattr;
-+	dontaudit $1 device_node:dir_file_class_set getattr;
-+')
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.2.32/policy/modules/kernel/files.fc
---- nsaserefpolicy/policy/modules/kernel/files.fc	2006-03-23 14:33:29.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/kernel/files.fc	2006-04-14 12:06:19.000000000 -0400
-@@ -25,7 +25,8 @@
- #
- # /boot
- #
--/boot(/.*)?			gen_context(system_u:object_r:boot_t,s0)
-+/boot			-d	gen_context(system_u:object_r:boot_t,s0)
-+/boot/.*			gen_context(system_u:object_r:boot_t,s0)
- /boot/\.journal			<<none>>
- /boot/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,s15:c0.c255)
- /boot/lost\+found/.*		<<none>>
-@@ -36,13 +37,15 @@
- #
- 
- ifdef(`distro_redhat',`
--/emul(/.*)?			gen_context(system_u:object_r:usr_t,s0)
-+/emul			-d	gen_context(system_u:object_r:usr_t,s0)
-+/emul/.*			gen_context(system_u:object_r:usr_t,s0)
- ')
++	role system_r types mono_t;
+ 	init_dbus_chat_script(mono_t)
  
- #
- # /etc
- #
--/etc(/.*)?			gen_context(system_u:object_r:etc_t,s0)
-+/etc			-d	gen_context(system_u:object_r:etc_t,s0)
-+/etc/.*				gen_context(system_u:object_r:etc_t,s0)
- /etc/\.fstab\.hal\..+	--	gen_context(system_u:object_r:etc_runtime_t,s0)
- /etc/asound\.state	--	gen_context(system_u:object_r:etc_runtime_t,s0)
- /etc/blkid(/.*)?		gen_context(system_u:object_r:etc_runtime_t,s0)
-@@ -104,7 +107,8 @@
- #
- # /lib(64)?
- #
--/lib(64)?/modules(/.*)?		gen_context(system_u:object_r:modules_object_t,s0)
-+/lib/modules(/.*)?		gen_context(system_u:object_r:modules_object_t,s0)
-+/lib64/modules(/.*)?		gen_context(system_u:object_r:modules_object_t,s0)
- 
- #
- # /lost+found
-@@ -139,29 +143,34 @@
- #
- # /opt
- #
--/opt(/.*)?			gen_context(system_u:object_r:usr_t,s0)
-+/opt			-d	gen_context(system_u:object_r:usr_t,s0)
-+/opt/.*				gen_context(system_u:object_r:usr_t,s0)
- 
--/opt(/.*)?/var/lib(64)?(/.*)?	gen_context(system_u:object_r:var_lib_t,s0)
-+/opt/(.*/)?var/lib(64)?(/.*)?	gen_context(system_u:object_r:var_lib_t,s0)
- 
- #
- # /proc
- #
--/proc(/.*)?                     <<none>>
-+/proc			-d	<<none>>
-+/proc/.*			<<none>>
- 
- #
- # /selinux
- #
--/selinux(/.*)?                  <<none>>
-+/selinux		-d	<<none>>
-+/selinux/.*			<<none>>
- 
- #
- # /srv
- #
--/srv(/.*)?			gen_context(system_u:object_r:var_t,s0)
-+/srv			-d	gen_context(system_u:object_r:var_t,s0)
-+/srv/.*				gen_context(system_u:object_r:var_t,s0)
- 
- #
- # /sys
- #
--/sys(/.*)?                      <<none>>
-+/sys			-d	<<none>>
-+/sys/.*				<<none>>
- 
- #
- # /tmp
-@@ -176,7 +185,8 @@
- #
- # /usr
- #
--/usr(/.*)?			gen_context(system_u:object_r:usr_t,s0)
-+/usr			-d	gen_context(system_u:object_r:usr_t,s0)
-+/usr/.*				gen_context(system_u:object_r:usr_t,s0)
- /usr/\.journal			<<none>>
- 
- /usr/doc(/.*)?/lib(/.*)?		gen_context(system_u:object_r:usr_t,s0)
-@@ -200,7 +210,7 @@
- /usr/share(/.*)?/lib(64)?(/.*)?	gen_context(system_u:object_r:usr_t,s0)
- 
- /usr/src(/.*)?			gen_context(system_u:object_r:src_t,s0)
--/usr/src(/.*)?/lib(/.*)?		gen_context(system_u:object_r:usr_t,s0)
-+/usr/src/kernels/.+/lib(/.*)?		gen_context(system_u:object_r:usr_t,s0)
- 
- /usr/tmp			-d	gen_context(system_u:object_r:tmp_t,s0-s15:c0.c255)
- /usr/tmp/.*			<<none>>
-@@ -208,7 +218,8 @@
- #
- # /var
- #
--/var(/.*)?			gen_context(system_u:object_r:var_t,s0)
-+/var			-d	gen_context(system_u:object_r:var_t,s0)
-+/var/.*				gen_context(system_u:object_r:var_t,s0)
- /var/\.journal			<<none>>
- 
- /var/db/.*\.db		--	gen_context(system_u:object_r:etc_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.32/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if	2006-04-14 07:58:12.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/kernel/files.if	2006-04-14 12:06:19.000000000 -0400
-@@ -948,6 +948,18 @@
- 
- ########################################
- #
-+# files_stat_all_mountpoints(domain)
-+#
-+interface(`files_stat_all_mountpoints',`
-+	gen_require(`
-+		attribute mountpoint;
-+	')
-+
-+	allow $1 mountpoint:dir { getattr };
-+')
-+
-+########################################
-+#
- # files_list_root(domain)
- #
- interface(`files_list_root',`
-@@ -1661,6 +1673,21 @@
+ 	optional_policy(`
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.2.34/policy/modules/kernel/corecommands.fc
+--- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2006-04-18 22:49:59.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/kernel/corecommands.fc	2006-04-20 14:04:12.000000000 -0400
+@@ -177,6 +177,7 @@
+ ifdef(`distro_redhat', `
+ /usr/lib/.*/program(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
++/usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/cvs/contrib/rcs2log	--	gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/hwbrowser/hwbrowser -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/pwlib/make/ptlib-config --	gen_context(system_u:object_r:bin_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.2.34/policy/modules/kernel/domain.te
+--- nsaserefpolicy/policy/modules/kernel/domain.te	2006-04-20 08:17:36.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/kernel/domain.te	2006-04-20 14:04:12.000000000 -0400
+@@ -96,6 +96,7 @@
+ 	# workaround until role dominance is fixed in
+ 	# the module compiler
+ 	role secadm_r types domain;
++	role auditadm_r types domain;
+ 	role sysadm_r types domain;
+ 	role user_r types domain;
+ 	role staff_r types domain;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.34/policy/modules/kernel/files.if
+--- nsaserefpolicy/policy/modules/kernel/files.if	2006-04-18 22:49:59.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/kernel/files.if	2006-04-20 14:04:12.000000000 -0400
+@@ -1679,6 +1679,21 @@
  ')
  
  ########################################
@@ -415,378 +90,178 @@
  ## <summary>
  ##	Read files in /etc that are dynamically
  ##	created on boot, such as mtab.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.2.32/policy/modules/kernel/kernel.if
---- nsaserefpolicy/policy/modules/kernel/kernel.if	2006-04-10 17:05:10.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/kernel/kernel.if	2006-04-14 12:06:19.000000000 -0400
-@@ -1148,7 +1148,8 @@
- 
- 	allow $1 proc_t:dir search;
- 	allow $1 sysctl_t:dir r_dir_perms;
--	allow $1 sysctl_vm_t:dir list_dir_perms;
-+#hal needs allow hald_t sysctl_vm_t:dir write;
-+	allow $1 sysctl_vm_t:dir rw_dir_perms;
- 	allow $1 sysctl_vm_t:file rw_file_perms;
- ')
+@@ -3905,3 +3920,23 @@
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.te serefpolicy-2.2.32/policy/modules/kernel/mcs.te
---- nsaserefpolicy/policy/modules/kernel/mcs.te	2006-04-04 18:06:38.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/kernel/mcs.te	2006-04-14 12:06:19.000000000 -0400
-@@ -32,6 +32,10 @@
- type xdm_exec_t;
- 
- ifdef(`enable_mcs',`
-+# The eventual plan is to have a range_transition to s0 for the daemon by
-+# default and have the daemons which need to run with all categories be
-+# exceptions.  But while range_transitions have to be in the base module
-+# this is not possible.
- range_transition getty_t login_exec_t s0 - s0:c0.c255;
- range_transition init_t xdm_exec_t s0 - s0:c0.c255;
- range_transition initrc_t crond_exec_t s0 - s0:c0.c255;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.2.32/policy/modules/kernel/mls.te
---- nsaserefpolicy/policy/modules/kernel/mls.te	2006-03-07 10:31:09.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/kernel/mls.te	2006-04-14 12:06:19.000000000 -0400
-@@ -60,6 +60,7 @@
- 
- ifdef(`enable_mls',`
- range_transition initrc_t auditd_exec_t s15:c0.c255;
-+range_transition secadm_t auditctl_exec_t s15:c0.c255;
- range_transition kernel_t init_exec_t s0 - s15:c0.c255;
- range_transition kernel_t lvm_exec_t s0 - s15:c0.c255;
+ 	typeattribute $1 files_unconfined_type;
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-2.2.32/policy/modules/services/avahi.te
---- nsaserefpolicy/policy/modules/services/avahi.te	2006-03-24 11:15:50.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/services/avahi.te	2006-04-14 12:06:19.000000000 -0400
-@@ -92,6 +92,7 @@
- 	dbus_system_bus_client_template(avahi,avahi_t)
- 	dbus_connect_system_bus(avahi_t)
- 	dbus_send_system_bus(avahi_t)
-+	init_dbus_chat_script(avahi_t)
- ')
- 
- optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-2.2.32/policy/modules/services/bind.fc
---- nsaserefpolicy/policy/modules/services/bind.fc	2006-01-16 17:04:24.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/services/bind.fc	2006-04-14 12:06:19.000000000 -0400
-@@ -29,6 +29,7 @@
- 
- ifdef(`distro_redhat',`
- /etc/named\.conf		--	gen_context(system_u:object_r:named_conf_t,s0)
-+/etc/named\.caching-nameserver\.conf		--	gen_context(system_u:object_r:named_conf_t,s0)
- /var/named(/.*)?			gen_context(system_u:object_r:named_zone_t,s0)
- /var/named/slaves(/.*)?		gen_context(system_u:object_r:named_cache_t,s0)
- /var/named/data(/.*)?		gen_context(system_u:object_r:named_cache_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.2.32/policy/modules/services/ftp.te
---- nsaserefpolicy/policy/modules/services/ftp.te	2006-04-12 13:44:37.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/services/ftp.te	2006-04-14 13:41:32.000000000 -0400
-@@ -126,6 +126,7 @@
- seutil_dontaudit_search_config(ftpd_t)
- 
- sysnet_read_config(ftpd_t)
-+sysnet_use_ldap(ftpd_t)
- 
- userdom_dontaudit_search_sysadm_home_dirs(ftpd_t)
- userdom_dontaudit_use_unpriv_user_fds(ftpd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.2.32/policy/modules/services/hal.te
---- nsaserefpolicy/policy/modules/services/hal.te	2006-04-12 13:44:37.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/services/hal.te	2006-04-14 12:06:19.000000000 -0400
-@@ -103,6 +103,7 @@
- fs_getattr_all_fs(hald_t)
- fs_search_all(hald_t)
- fs_list_auto_mountpoints(hald_t)
-+files_stat_all_mountpoints(hald_t)
- 
- mls_file_read_up(hald_t)
- 
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-2.2.32/policy/modules/services/kerberos.fc
---- nsaserefpolicy/policy/modules/services/kerberos.fc	2005-10-06 17:29:17.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/services/kerberos.fc	2006-04-14 12:06:19.000000000 -0400
-@@ -5,8 +5,8 @@
- /etc/krb5kdc/kadm5.keytab 	--	gen_context(system_u:object_r:krb5_keytab_t,s0)
- /etc/krb5kdc/principal.*		gen_context(system_u:object_r:krb5kdc_principal_t,s0)
- 
--/usr(/local)?(/kerberos)?/sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0)
--/usr(/local)?(/kerberos)?/sbin/kadmind -- gen_context(system_u:object_r:kadmind_exec_t,s0)
-+/usr/(local/)?(kerberos/)?sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0)
-+/usr/(local/)?(kerberos/)?sbin/kadmind -- gen_context(system_u:object_r:kadmind_exec_t,s0)
- 
- /usr/local/var/krb5kdc(/.*)?		gen_context(system_u:object_r:krb5kdc_conf_t,s0)
- /usr/local/var/krb5kdc/principal.*	gen_context(system_u:object_r:krb5kdc_principal_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-2.2.32/policy/modules/services/mailman.if
---- nsaserefpolicy/policy/modules/services/mailman.if	2006-03-24 11:15:50.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/services/mailman.if	2006-04-14 12:06:19.000000000 -0400
-@@ -200,6 +200,44 @@
- 
- #######################################
- ## <summary>
-+##	Allow domain to to create mailman data files and write the directory
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
-+#
-+interface(`mailman_create_data_file',`
-+	gen_require(`
-+		type mailman_data_t;
-+	')
-+
-+	allow $1 mailman_data_t:dir rw_dir_perms;
-+	allow $1 mailman_data_t:file create_file_perms;
-+')
 +
-+#######################################
++########################################
 +## <summary>
-+##	Allow domain to to read mailman data files
++##     Read kernel files in the /boot directory.
 +## </summary>
 +## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
++##     <summary>
++##     Domain allowed access.
++##     </summary>
 +## </param>
 +#
-+interface(`mailman_read_data_file',`
-+	gen_require(`
-+		type mailman_data_t;
-+	')
-+
-+	allow $1 mailman_data_t:dir search_dir_perms;
-+	allow $1 mailman_data_t:file read_file_perms;
++interface(`files_read_kernel_img',`
++       gen_require(`
++               type boot_t;
++       ')
++
++       allow $1 boot_t:dir r_dir_perms;
++       allow $1 boot_t:file { getattr read };
++       allow $1 boot_t:lnk_file { getattr read };
 +')
-+
-+#######################################
-+## <summary>
- ##	List the contents of mailman data directories.
- ## </summary>
- ## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.2.32/policy/modules/services/postfix.te
---- nsaserefpolicy/policy/modules/services/postfix.te	2006-04-04 18:06:38.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/services/postfix.te	2006-04-14 14:54:13.000000000 -0400
-@@ -305,6 +305,7 @@
- 
- kernel_read_kernel_sysctls(postfix_map_t)
- kernel_dontaudit_list_proc(postfix_map_t)
-+kernel_dontaudit_read_system_state(postfix_map_t)
- 
- corenet_tcp_sendrecv_all_if(postfix_map_t)
- corenet_udp_sendrecv_all_if(postfix_map_t)
-@@ -350,6 +351,7 @@
- ifdef(`targeted_policy',`
- 	# FIXME: would be better to use a run interface
- 	role system_r types postfix_map_t;
-+	term_dontaudit_use_generic_ptys(postfix_map_t)
- ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.2.34/policy/modules/kernel/filesystem.if
+--- nsaserefpolicy/policy/modules/kernel/filesystem.if	2006-04-18 22:49:59.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/kernel/filesystem.if	2006-04-20 14:54:31.000000000 -0400
+@@ -609,7 +609,7 @@
+ 		attribute noxattrfs;
+ 	')
  
- tunable_policy(`read_default_t',`
-@@ -408,6 +410,9 @@
+-	allow $1 noxattrfs:dir search;
++	allow $1 noxattrfs:dir search_dir_perms;
+ 	allow $1 noxattrfs:file r_file_perms;
  
- optional_policy(`
- 	mailman_domtrans_queue(postfix_pipe_t)
-+#	for postalias
-+	mailman_create_data_file(postfix_master_t)
-+	mailman_read_data_file(postfix_local_t)
  ')
- 
- ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-2.2.32/policy/modules/services/postgresql.if
---- nsaserefpolicy/policy/modules/services/postgresql.if	2006-02-10 17:05:19.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/services/postgresql.if	2006-04-14 16:09:39.000000000 -0400
-@@ -113,10 +113,12 @@
- #
- interface(`postgresql_stream_connect',`
- 	gen_require(`
--		type postgresql_t, postgresql_var_run_t;
-+		type postgresql_t, postgresql_var_run_t, postgresql_tmp_t;
+@@ -629,7 +629,7 @@
+ 		attribute noxattrfs;
  	')
  
- 	files_search_pids($1)
- 	allow $1 postgresql_t:unix_stream_socket connectto;
- 	allow $1 postgresql_var_run_t:sock_file write;
-+        # Some versions of postgresql put the sock file in /tmp
-+	allow $1 postgresql_tmp_t:sock_file write;
- ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.2.32/policy/modules/services/rpc.te
---- nsaserefpolicy/policy/modules/services/rpc.te	2006-03-24 11:15:50.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/services/rpc.te	2006-04-14 12:06:19.000000000 -0400
-@@ -110,13 +110,13 @@
- portmap_udp_chat(nfsd_t)
- 
- tunable_policy(`nfs_export_all_rw',`
--	auth_read_all_dirs_except_shadow(nfsd_t) 
- 	fs_read_noxattr_fs_files(nfsd_t) 
-+	auth_manage_all_files_except_shadow(nfsd_t)
+-	allow $1 noxattrfs:dir search;
++	allow $1 noxattrfs:dir search_dir_perms;
+ 	allow $1 noxattrfs:lnk_file r_file_perms;
  ')
  
- tunable_policy(`nfs_export_all_ro',`
--	auth_read_all_dirs_except_shadow(nfsd_t) 
- 	fs_read_noxattr_fs_files(nfsd_t) 
-+	auth_read_all_files_except_shadow(nfsd_t)
- ')
+@@ -1294,7 +1294,7 @@
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-2.2.32/policy/modules/services/samba.if
---- nsaserefpolicy/policy/modules/services/samba.if	2006-02-21 14:35:36.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/services/samba.if	2006-04-14 12:06:19.000000000 -0400
-@@ -33,6 +33,7 @@
- 	')
- 
- 	tunable_policy(`samba_enable_home_dirs',`
-+		userdom_manage_user_home_content_dirs($1,smbd_t)
- 		userdom_manage_user_home_content_files($1,smbd_t)
- 		userdom_manage_user_home_content_symlinks($1,smbd_t)
- 		userdom_manage_user_home_content_sockets($1,smbd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.2.32/policy/modules/services/samba.te
---- nsaserefpolicy/policy/modules/services/samba.te	2006-04-12 13:44:37.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/services/samba.te	2006-04-14 13:42:57.000000000 -0400
-@@ -106,8 +106,8 @@
- files_tmp_filetrans(samba_net_t, samba_net_tmp_t, { file dir })
+ ## <summary>
+-##	Read files on a NFS filesystem.
++##	Write files on a NFS filesystem.
+ ## </summary>
+ ## <param name="domain">
+ ##	<summary>
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.2.34/policy/modules/kernel/kernel.te
+--- nsaserefpolicy/policy/modules/kernel/kernel.te	2006-04-18 22:49:59.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/kernel/kernel.te	2006-04-20 14:04:12.000000000 -0400
+@@ -28,6 +28,7 @@
  
- allow samba_net_t samba_var_t:dir rw_dir_perms;
-+allow samba_net_t samba_var_t:file create_file_perms;
- allow samba_net_t samba_var_t:lnk_file create_lnk_perms;
--allow samba_net_t samba_var_t:file create_lnk_perms;
+ ifdef(`enable_mls',`
+ 	role secadm_r;
++	role auditadm_r;
+ ')
  
- kernel_read_proc_symlinks(samba_net_t)
+ #
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.2.34/policy/modules/kernel/terminal.if
+--- nsaserefpolicy/policy/modules/kernel/terminal.if	2006-02-13 17:05:45.000000000 -0500
++++ serefpolicy-2.2.34/policy/modules/kernel/terminal.if	2006-04-20 14:04:12.000000000 -0400
+@@ -174,7 +174,7 @@
+ 	')
+ 
+ 	dev_list_all_dev_nodes($1)
+-	allow $1 console_device_t:chr_file write;
++	allow $1 console_device_t:chr_file { getattr write append };
+ ')
  
-@@ -160,8 +160,10 @@
- 	corenet_non_ipsec_sendrecv(samba_net_t)
- 	corenet_tcp_bind_all_nodes(samba_net_t)
- 	sysnet_read_config(samba_net_t)
-+        corenet_tcp_connect_ldap_port(samba_net_t)
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.2.34/policy/modules/services/cups.te
+--- nsaserefpolicy/policy/modules/services/cups.te	2006-04-12 13:44:36.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/services/cups.te	2006-04-20 15:02:03.000000000 -0400
+@@ -79,6 +79,7 @@
+ allow cupsd_t self:process { setsched signal_perms };
+ allow cupsd_t self:fifo_file rw_file_perms;
+ allow cupsd_t self:unix_stream_socket { create_stream_socket_perms connectto };
++allow cupsd_t self:socket create_socket_perms;
+ allow cupsd_t self:unix_dgram_socket create_socket_perms;
+ allow cupsd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
+ allow cupsd_t self:netlink_route_socket { r_netlink_socket_perms };
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.2.34/policy/modules/services/pegasus.te
+--- nsaserefpolicy/policy/modules/services/pegasus.te	2006-04-04 18:06:38.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/services/pegasus.te	2006-04-20 14:04:12.000000000 -0400
+@@ -79,11 +79,16 @@
+ corenet_tcp_connect_pegasus_https_port(pegasus_t)
+ corenet_tcp_connect_generic_port(pegasus_t)
+ 
++corecmd_exec_sbin(pegasus_t)
++corecmd_exec_bin(pegasus_t)
++corecmd_exec_shell(pegasus_t)
++
+ dev_read_sysfs(pegasus_t)
+ dev_read_urand(pegasus_t)
+ 
+ fs_getattr_all_fs(pegasus_t)
+ fs_search_auto_mountpoints(pegasus_t)
++files_getattr_all_dirs(pegasus_t)
+ 
+ term_dontaudit_use_console(pegasus_t)
+ 
+@@ -98,6 +103,8 @@
+ files_read_var_lib_files(pegasus_t)
+ files_read_var_lib_symlinks(pegasus_t)
+ 
++hostname_exec(pegasus_t)
++
+ init_use_fds(pegasus_t)
+ init_use_script_ptys(pegasus_t)
+ init_rw_utmp(pegasus_t)
+@@ -116,6 +123,7 @@
+ 	term_dontaudit_use_unallocated_ttys(pegasus_t)
+ 	term_dontaudit_use_generic_ptys(pegasus_t)
+ 	files_dontaudit_read_root_files(pegasus_t)
++	unconfined_signull(pegasus_t)
  ')
  
-+
  optional_policy(`
- 	nscd_socket_use(samba_net_t)
- ')
-@@ -268,6 +270,7 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.2.34/policy/modules/services/procmail.te
+--- nsaserefpolicy/policy/modules/services/procmail.te	2006-03-24 11:15:50.000000000 -0500
++++ serefpolicy-2.2.34/policy/modules/services/procmail.te	2006-04-20 15:06:02.000000000 -0400
+@@ -95,13 +95,13 @@
  
- init_use_fds(smbd_t)
- init_use_script_ptys(smbd_t)
-+init_rw_utmp(smbd_t)
- 
- libs_use_ld_so(smbd_t)
- libs_use_shared_libs(smbd_t)
-@@ -333,6 +336,13 @@
+ optional_policy(`
+ 	mta_read_config(procmail_t)
++	sendmail_domtrans(procmail_t)
+ 	sendmail_rw_tcp_sockets(procmail_t)
+ 	sendmail_rw_unix_stream_sockets(procmail_t)
  ')
- allow smbd_t mtrr_device_t:file getattr;
  
-+# Support Samba sharing of NFS mount points
-+bool samba_share_nfs false;
-+if (samba_share_nfs) {
-+fs_manage_nfs_dirs(smbd_t)
-+fs_manage_nfs_files(smbd_t)
-+}
-+
- ########################################
- #
- # nmbd Local policy
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-2.2.32/policy/modules/services/spamassassin.fc
---- nsaserefpolicy/policy/modules/services/spamassassin.fc	2005-12-01 17:57:16.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/services/spamassassin.fc	2006-04-14 12:06:19.000000000 -0400
-@@ -1,5 +1,5 @@
- 
--/usr/bin/sa-learn	--	gen_context(system_u:object_r:spamd_exec_t,s0)
-+/usr/bin/sa-learn	--	gen_context(system_u:object_r:spamc_exec_t,s0)
- /usr/bin/spamc		--	gen_context(system_u:object_r:spamc_exec_t,s0)
- /usr/bin/spamd		--	gen_context(system_u:object_r:spamd_exec_t,s0)
- 
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.fc serefpolicy-2.2.32/policy/modules/services/tftp.fc
---- nsaserefpolicy/policy/modules/services/tftp.fc	2005-10-06 17:29:17.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/services/tftp.fc	2006-04-14 12:06:19.000000000 -0400
-@@ -2,4 +2,5 @@
- /usr/sbin/atftpd	--	gen_context(system_u:object_r:tftpd_exec_t,s0)
- /usr/sbin/in\.tftpd	--	gen_context(system_u:object_r:tftpd_exec_t,s0)
- 
--/tftpboot(/.*)?			gen_context(system_u:object_r:tftpdir_t,s0)
-+/tftpboot		-d	gen_context(system_u:object_r:tftpdir_t,s0)
-+/tftpboot/.*			gen_context(system_u:object_r:tftpdir_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.2.32/policy/modules/services/xserver.if
---- nsaserefpolicy/policy/modules/services/xserver.if	2006-04-06 15:31:54.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/services/xserver.if	2006-04-14 12:06:19.000000000 -0400
-@@ -1070,3 +1070,24 @@
+ optional_policy(`
+ 	corenet_udp_bind_generic_port(procmail_t)
+-	corenet_tcp_connect_spamd_port(procmail_t)
  
- 	dontaudit $1 xdm_xserver_t:tcp_socket { read write };
- ')
-+
-+########################################
-+## <summary>
-+##	Allow read and write to
-+##	a XDM X server socket.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain to allow
-+##	</summary>
-+## </param>
-+#
-+interface(`xserver_rw_xdm_sockets',`
-+	gen_require(`
-+		type xdm_xserver_tmp_t;
-+	')
-+
-+	allow $1 xdm_xserver_tmp_t:dir search;
-+	allow $1 xdm_xserver_tmp_t:sock_file { read write };
-+')
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-2.2.32/policy/modules/system/authlogin.fc
---- nsaserefpolicy/policy/modules/system/authlogin.fc	2006-01-19 17:48:34.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/system/authlogin.fc	2006-04-14 12:06:19.000000000 -0400
-@@ -7,7 +7,8 @@
- /etc/passwd\.lock	--	gen_context(system_u:object_r:shadow_t,s0)
- /etc/shadow.*		--	gen_context(system_u:object_r:shadow_t,s0)
- 
--/lib(64)?/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:pam_exec_t,s0)
-+/lib/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:pam_exec_t,s0)
-+/lib64/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:pam_exec_t,s0)
- 
- /sbin/pam_console_apply	 --	gen_context(system_u:object_r:pam_console_exec_t,s0)
- /sbin/pam_timestamp_check --	gen_context(system_u:object_r:pam_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.2.32/policy/modules/system/authlogin.te
---- nsaserefpolicy/policy/modules/system/authlogin.te	2006-04-04 18:06:38.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/system/authlogin.te	2006-04-14 12:06:19.000000000 -0400
-@@ -173,9 +173,13 @@
- dev_setattr_video_dev(pam_console_t)
- dev_getattr_xserver_misc_dev(pam_console_t)
- dev_setattr_xserver_misc_dev(pam_console_t)
-+dev_read_urand(pam_console_t)
+ 	files_getattr_tmp_dirs(procmail_t)
  
- fs_search_auto_mountpoints(pam_console_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.2.34/policy/modules/services/samba.te
+--- nsaserefpolicy/policy/modules/services/samba.te	2006-04-19 12:23:07.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/services/samba.te	2006-04-20 14:04:12.000000000 -0400
+@@ -106,8 +106,8 @@
+ files_tmp_filetrans(samba_net_t, samba_net_tmp_t, { file dir })
  
-+miscfiles_read_localization(pam_console_t)
-+miscfiles_read_certs(pam_console_t)
-+
- storage_getattr_fixed_disk_dev(pam_console_t)
- storage_setattr_fixed_disk_dev(pam_console_t)
- storage_getattr_removable_dev(pam_console_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.fc serefpolicy-2.2.32/policy/modules/system/daemontools.fc
---- nsaserefpolicy/policy/modules/system/daemontools.fc	2006-04-05 11:35:09.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/system/daemontools.fc	2006-04-14 12:06:19.000000000 -0400
-@@ -2,7 +2,8 @@
- # /service
- #
+ allow samba_net_t samba_var_t:dir rw_dir_perms;
++allow samba_net_t samba_var_t:file create_file_perms;
+ allow samba_net_t samba_var_t:lnk_file create_lnk_perms;
+-allow samba_net_t samba_var_t:file create_lnk_perms;
  
--/service(/.*)?			gen_context(system_u:object_r:svc_svc_t,s0)
-+/service		-d	gen_context(system_u:object_r:svc_svc_t,s0)
-+/service/.*			gen_context(system_u:object_r:svc_svc_t,s0)
+ kernel_read_proc_symlinks(samba_net_t)
  
- #
- # /usr
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.2.32/policy/modules/system/fstools.te
---- nsaserefpolicy/policy/modules/system/fstools.te	2006-04-04 18:06:38.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/system/fstools.te	2006-04-14 12:06:19.000000000 -0400
-@@ -77,6 +77,7 @@
- dev_getattr_usbfs_dirs(fsadm_t)
- # Access to /dev/mapper/control
- dev_rw_lvm_control(fsadm_t)
-+dev_dontaudit_getattr_all_device_nodes(fsadm_t)
- 
- fs_search_auto_mountpoints(fsadm_t)
- fs_getattr_xattr_fs(fsadm_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.2.32/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te	2006-04-06 15:32:43.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/system/init.te	2006-04-14 12:06:19.000000000 -0400
-@@ -352,6 +352,7 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.2.34/policy/modules/system/authlogin.te
+--- nsaserefpolicy/policy/modules/system/authlogin.te	2006-04-19 12:23:07.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/system/authlogin.te	2006-04-20 14:04:12.000000000 -0400
+@@ -188,6 +188,8 @@
+ storage_setattr_scsi_generic_dev(pam_console_t)
+ 
+ term_use_console(pam_console_t)
++term_use_all_user_ttys(pam_console_t)
++term_use_all_user_ptys(pam_console_t)
+ term_setattr_console(pam_console_t)
+ term_getattr_unallocated_ttys(pam_console_t)
+ term_setattr_unallocated_ttys(pam_console_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.2.34/policy/modules/system/init.te
+--- nsaserefpolicy/policy/modules/system/init.te	2006-04-20 08:17:40.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/system/init.te	2006-04-20 14:04:12.000000000 -0400
+@@ -348,6 +348,7 @@
  files_mounton_isid_type_dirs(initrc_t)
  files_list_default(initrc_t)
  files_mounton_default(initrc_t)
@@ -794,286 +269,313 @@
  
  libs_rw_ld_so_cache(initrc_t)
  libs_use_ld_so(initrc_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.2.32/policy/modules/system/libraries.fc
---- nsaserefpolicy/policy/modules/system/libraries.fc	2006-04-12 13:44:38.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/system/libraries.fc	2006-04-14 12:06:19.000000000 -0400
-@@ -24,17 +24,22 @@
- #
- # /lib(64)?
- #
--/lib(64)?(/.*)?					gen_context(system_u:object_r:lib_t,s0)
-+/lib(/.*)?					gen_context(system_u:object_r:lib_t,s0)
-+/lib64(/.*)?					gen_context(system_u:object_r:lib_t,s0)
- /lib(64)?/.*\.so(\.[^/]*)*		--	gen_context(system_u:object_r:shlib_t,s0)
- /lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:ld_so_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.2.34/policy/modules/system/libraries.fc
+--- nsaserefpolicy/policy/modules/system/libraries.fc	2006-04-19 12:23:07.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/system/libraries.fc	2006-04-20 14:04:21.000000000 -0400
+@@ -66,13 +66,8 @@
  
- #
- # /opt
- #
--/opt(/.*)?/lib(64)?(/.*)?			gen_context(system_u:object_r:lib_t,s0)
--/opt(/.*)?/lib(64)?/.*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:shlib_t,s0)
--/opt/.*/jre.*/libdeploy.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
--/opt/.*/jre.*/libjvm.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/opt/(.*/)?lib(/.*)?			gen_context(system_u:object_r:lib_t,s0)
-+/opt/(.*/)?lib64(/.*)?			gen_context(system_u:object_r:lib_t,s0)
-+/opt/(.*/)?lib/.*\.so		--	gen_context(system_u:object_r:shlib_t,s0)
-+/opt/(.*/)?lib/.*\.so\.[^/]*	--	gen_context(system_u:object_r:shlib_t,s0)
-+/opt/(.*/)?lib64/.*\.so		--	gen_context(system_u:object_r:shlib_t,s0)
-+/opt/(.*/)?lib64/.*\.so\.[^/]*	--	gen_context(system_u:object_r:shlib_t,s0)
-+/opt/(.*/)?jre.*/libdeploy.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/opt/(.*/)?jre.*/libjvm.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/(.*/)?nvidia/.*\.so(\..*)?		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
- #
- # /sbin
-@@ -44,18 +49,22 @@
- #
- # /usr
- #
--/usr(/.*)?/HelixPlayer/.*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/(.*/)?/HelixPlayer/.*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
- 
--/usr(/.*)?/java/.*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
--/usr(/.*)?/java/.*\.jar			--	gen_context(system_u:object_r:shlib_t,s0)
--/usr(/.*)?/java/.*\.jsa			--	gen_context(system_u:object_r:shlib_t,s0)
-+/usr/(.*/)?java/.*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/(.*/)?java/.*\.jar			--	gen_context(system_u:object_r:shlib_t,s0)
-+/usr/(.*/)?java/.*\.jsa			--	gen_context(system_u:object_r:shlib_t,s0)
-+
-+/usr/(.*/)?lib(/.*)?			gen_context(system_u:object_r:lib_t,s0)
-+/usr/(.*/)?lib64(/.*)?			gen_context(system_u:object_r:lib_t,s0)
-+/usr/(.*/)?lib/.*\.so		--	gen_context(system_u:object_r:shlib_t,s0)
-+/usr/(.*/)?lib/.*\.so\.[^/]*	--	gen_context(system_u:object_r:shlib_t,s0)
-+/usr/(.*/)?lib64/.*\.so		--	gen_context(system_u:object_r:shlib_t,s0)
-+/usr/(.*/)?lib64/.*\.so\.[^/]*	--	gen_context(system_u:object_r:shlib_t,s0)
- 
--/usr(/.*)?/lib(64)?(/.*)?			gen_context(system_u:object_r:lib_t,s0)
--/usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:shlib_t,s0)
-+/usr/(.*/)?lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0)
- 
--/usr(/.*)?/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0)
+-/usr/lib(64)?/pgsql/test/regress/.*\.so	--	gen_context(system_u:object_r:shlib_t,s0)
 -
--/usr(/.*)?/nvidia/.*\.so(\..*)?		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/(.*/)?nvidia/.*\.so(\..*)?		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
- 
- /usr/lib(64)?/pgsql/test/regress/.*\.so	--	gen_context(system_u:object_r:shlib_t,s0)
+ /usr/lib/win32/.*			--	gen_context(system_u:object_r:shlib_t,s0)
  
-@@ -64,7 +73,7 @@
- /usr/lib(64)?/im/.*\.so.*		--	gen_context(system_u:object_r:shlib_t,s0)
- /usr/lib(64)?/iiim/.*\.so.*		--	gen_context(system_u:object_r:shlib_t,s0)
- 
--/usr(/.*)?/lib(64)?(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/(.*/)?lib(64)?(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+-/usr/lib(64)?/im/.*\.so.*		--	gen_context(system_u:object_r:shlib_t,s0)
+-/usr/lib(64)?/iiim/.*\.so.*		--	gen_context(system_u:object_r:shlib_t,s0)
+-
+ /usr/(.*/)?lib(64)?(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/libsipphoneapi\.so.*	--	gen_context(system_u:object_r:texrel_shlib_t,s0)
  /usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
- /usr/lib(64)?/libGLU\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -74,9 +83,8 @@
- /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libGL(core)?\.so(\.[^/]*)*             --      	gen_context(system_u:object_r:textrel_shlib_t,s0)
- /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)*              --      	gen_context(system_u:object_r:textrel_shlib_t,s0)
- /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.*            --      	gen_context(system_u:object_r:textrel_shlib_t,s0)
--/usr/lib(64)?/vmware(.*/)?/VmPerl\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
- 
--/usr/(local/)?lib/wine/.*\.so  		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/(local/)?lib(64)?/wine/.*\.so  		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
- /usr/(local/)?lib/libfame-.*\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
- /usr/local/.*\.so(\.[^/]*)*		--	gen_context(system_u:object_r:shlib_t,s0)
- 
-@@ -127,7 +135,7 @@
- /usr/lib(64)?/.*/program/libsvx680li\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
- /usr/lib(64)?/.*/program/libcomphelp4gcc3\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
- /usr/lib(64)?/.*/program/libsoffice\.so  --	gen_context(system_u:object_r:textrel_shlib_t,s0)
--/usr(/.*)?/pcsc/drivers(/.*)?/lib(cm2020|cm4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/(.*/)?pcsc/drivers(/.*)?/lib(cm2020|cm4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
- 
- /usr/lib(64)?/firefox.*\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
- /usr/lib(64)?/mozilla.*\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -180,15 +188,17 @@
- 
- # vmware 
- /usr/lib(64)?/vmware/lib(/.*)?/libgdk-x11-.*\.so.*  -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/lib(64)?/vmware/lib(/.*)?/HConfig.so  -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/lib(64)?/vmware/(.*/)?VmPerl\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
- 
- # Java, Sun Microsystems (JPackage SRPM)
--/usr/.*/jre.*/libdeploy.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
--/usr/.*/jre.*/libjvm.so			--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/(.*/)?jre.*/libdeploy.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/(.*/)?jre.*/libjvm.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
- 
--/usr(/.*)?/intellinux/nppdf\.so		--	gen_context(system_u:object_r:texrel_shlib_t,s0)
--/usr(/.*)?/intellinux/lib/\.so		--	gen_context(system_u:object_r:texrel_shlib_t,s0)
--/usr(/.*)?/intellinux/plug_ins/.*\.api	--	gen_context(system_u:object_r:texrel_shlib_t,s0)
--/usr(/.*)?/intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/(.*/)?intellinux/nppdf\.so		--	gen_context(system_u:object_r:texrel_shlib_t,s0)
-+/usr/(.*/)?intellinux/lib/\.so		--	gen_context(system_u:object_r:texrel_shlib_t,s0)
-+/usr/(.*/)?intellinux/plug_ins/.*\.api	--	gen_context(system_u:object_r:texrel_shlib_t,s0)
-+/usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -99,7 +94,6 @@
+ /usr/lib(64)?/xorg/modules/extensions/nvidia(-[^/]*)?/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ 
+ ifdef(`distro_redhat',`
+-/usr/lib(64)?/.*/program/.*\.so.*		gen_context(system_u:object_r:shlib_t,s0)
+ /usr/share/rhn/rhn_applet/eggtrayiconmodule\.so -- gen_context(system_u:object_r:shlib_t,s0)
+ 
+ # The following are libraries with text relocations in need of execmod permissions
+@@ -113,7 +107,7 @@
+ /usr/lib(64)?/libstdc\+\+\.so\.2\.7\.2\.8 --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libg\+\+\.so\.2\.7\.2\.8	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libglide3\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+-/usr/lib(64)?/libglide-v[0-9]*\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/libglide3-v[0-9]*\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libdv\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/helix/plugins/oggfformat\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/helix/plugins/theorarend\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -198,16 +192,12 @@
+ /usr/(.*/)?jre.*/libdeploy.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/(.*/)?jre.*/libjvm.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ 
+-/usr/(.*/)?intellinux/nppdf\.so		--	gen_context(system_u:object_r:texrel_shlib_t,s0)
+-/usr/(.*/)?intellinux/lib/\.so		--	gen_context(system_u:object_r:texrel_shlib_t,s0)
+-/usr/(.*/)?intellinux/plug_ins/.*\.api	--	gen_context(system_u:object_r:texrel_shlib_t,s0)
++/usr/(local/)?Adobe/(.*/)?intellinux/nppdf\.so	--	gen_context(system_u:object_r:texrel_shlib_t,s0)
++/usr/(local/)?Adobe/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
++/usr/(local/)?Adobe/.*\.api	--	gen_context(system_u:object_r:texrel_shlib_t,s0)
+ /usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  ') dnl end distro_redhat
  
- ifdef(`distro_suse',`
-@@ -214,3 +224,5 @@
- /var/spool/postfix/lib(64)?/lib.*\.so.*	--	gen_context(system_u:object_r:shlib_t,s0)
- /var/spool/postfix/lib(64)?/[^/]*/lib.*\.so.* -- gen_context(system_u:object_r:shlib_t,s0)
- /var/spool/postfix/lib(64)?/devfsd/.*\.so.* -- gen_context(system_u:object_r:shlib_t,s0)
-+/usr/NX/lib/libXcomp.so.*	--  gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/NX/lib/libjpeg.so.* 	--  gen_context(system_u:object_r:textrel_shlib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-2.2.32/policy/modules/system/miscfiles.fc
---- nsaserefpolicy/policy/modules/system/miscfiles.fc	2005-10-27 14:57:47.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/system/miscfiles.fc	2006-04-14 12:06:19.000000000 -0400
-@@ -7,7 +7,7 @@
+-ifdef(`distro_suse',`
+-/usr/lib(64)?/samba/classic/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
+-')
+-
  #
- # /opt
+ # /var
  #
--/opt(/.*)?/man(/.*)?		gen_context(system_u:object_r:man_t,s0)
-+/opt/(.*/)?man(/.*)?		gen_context(system_u:object_r:man_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.2.34/policy/modules/system/logging.te
+--- nsaserefpolicy/policy/modules/system/logging.te	2006-04-06 15:32:43.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/system/logging.te	2006-04-20 14:04:12.000000000 -0400
+@@ -140,7 +140,7 @@
+ init_use_fds(auditd_t)
+ init_exec(auditd_t)
+ init_write_initctl(auditd_t)
+-init_use_script_ptys(auditd_t)
++init_dontaudit_use_script_ptys(auditd_t)
+ 
+ logging_send_syslog_msg(auditd_t)
+ 
+@@ -293,7 +293,7 @@
+ 
+ fs_search_auto_mountpoints(syslogd_t)
+ 
+-term_dontaudit_use_console(syslogd_t)
++term_write_console(syslogd_t)
+ # Allow syslog to a terminal
+ term_write_unallocated_ttys(syslogd_t)
+ 
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.2.34/policy/modules/system/sysnetwork.te
+--- nsaserefpolicy/policy/modules/system/sysnetwork.te	2006-03-24 11:15:53.000000000 -0500
++++ serefpolicy-2.2.34/policy/modules/system/sysnetwork.te	2006-04-20 14:04:12.000000000 -0400
+@@ -248,6 +248,7 @@
  
- #
- # /srv
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.fc serefpolicy-2.2.32/policy/modules/system/modutils.fc
---- nsaserefpolicy/policy/modules/system/modutils.fc	2005-10-06 17:29:17.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/system/modutils.fc	2006-04-14 12:06:19.000000000 -0400
-@@ -2,9 +2,11 @@
- /etc/modules\.conf.*	--	gen_context(system_u:object_r:modules_conf_t,s0)
- /etc/modprobe\.conf.*	--	gen_context(system_u:object_r:modules_conf_t,s0)
- 
--/lib(64)?/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0)
-+/lib/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0)
-+/lib64/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0)
- 
--/lib(64)?/modules/modprobe\.conf -- gen_context(system_u:object_r:modules_conf_t,s0)
-+/lib/modules/modprobe\.conf -- gen_context(system_u:object_r:modules_conf_t,s0)
-+/lib64/modules/modprobe\.conf -- gen_context(system_u:object_r:modules_conf_t,s0)
- 
- /sbin/depmod.*		--	gen_context(system_u:object_r:depmod_exec_t,s0)
- /sbin/generate-modprobe\.conf -- gen_context(system_u:object_r:update_modules_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.2.32/policy/modules/system/selinuxutil.if
---- nsaserefpolicy/policy/modules/system/selinuxutil.if	2006-03-29 14:18:17.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/system/selinuxutil.if	2006-04-14 12:06:19.000000000 -0400
-@@ -697,8 +697,8 @@
- 
- 	files_search_etc($1)
- 	allow $1 selinux_config_t:dir search;
--	allow $1 file_context_t:dir r_dir_perms;
--	allow $1 file_context_t:file rw_file_perms;
-+	allow $1 file_context_t:dir rw_dir_perms;
-+	allow $1 file_context_t:file create_file_perms;
- 	allow $1 file_context_t:lnk_file { getattr read };
+ optional_policy(`
+ 	xen_append_log(dhcpc_t)
++	xen_dontaudit_rw_unix_stream_sockets(dhcpc_t)
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.2.32/policy/modules/system/unconfined.te
---- nsaserefpolicy/policy/modules/system/unconfined.te	2006-04-12 13:44:38.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/system/unconfined.te	2006-04-14 12:06:19.000000000 -0400
-@@ -37,6 +37,7 @@
- 	logging_domtrans_auditctl(unconfined_t)
- 
- 	seutil_domtrans_restorecon(unconfined_t)
-+	seutil_domtrans_semanage(unconfined_t)
- 
- 	userdom_unconfined(unconfined_t)
- 	userdom_priveleged_home_dir_manager(unconfined_t)
-@@ -64,6 +65,8 @@
- 	optional_policy(`
- 		dbus_stub(unconfined_t)
+ ########################################
+@@ -346,4 +347,5 @@
+ 
+ optional_policy(`
+ 	xen_append_log(ifconfig_t)
++	xen_dontaudit_rw_unix_stream_sockets(ifconfig_t)
+ ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.2.34/policy/modules/system/unconfined.if
+--- nsaserefpolicy/policy/modules/system/unconfined.if	2006-04-12 13:44:38.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/system/unconfined.if	2006-04-21 06:40:24.000000000 -0400
+@@ -224,6 +224,24 @@
  
-+		init_dbus_chat_script(unconfined_t)
+ ########################################
+ ## <summary>
++##	Send a SIGNULL signal to the unconfined domain.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`unconfined_signull',`
++	gen_require(`
++		type unconfined_t;
++	')
 +
- 		optional_policy(`
- 			avahi_dbus_chat(unconfined_t)
- 		')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.2.32/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if	2006-04-14 07:58:13.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/system/userdomain.if	2006-04-14 12:06:19.000000000 -0400
-@@ -379,10 +379,6 @@
- 	')
++	allow $1 unconfined_t:process signull;
++')
++
++########################################
++## <summary>
+ ##	Send generic signals to the unconfined domain.
+ ## </summary>
+ ## <param name="domain">
+@@ -363,6 +381,27 @@
  
- 	optional_policy(`
--		jabber_tcp_connect($1_t)
--	')
--
--	optional_policy(`
- 		nis_use_ypbind($1_t)
+ ########################################
+ ## <summary>
++##	Send and receive messages from
++##	unconfined_t over dbus.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`unconfined_dbus_chat',`
++	gen_require(`
++		type unconfined_t;
++		class dbus send_msg;
++	')
++
++	allow $1 unconfined_t:dbus send_msg;
++	allow unconfined_t $1:dbus send_msg;
++')
++
++########################################
++## <summary>
+ ##	Add an alias type to the unconfined domain.
+ ## </summary>
+ ## <desc>
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.34/policy/modules/system/userdomain.te
+--- nsaserefpolicy/policy/modules/system/userdomain.te	2006-04-20 08:17:40.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/system/userdomain.te	2006-04-20 14:04:12.000000000 -0400
+@@ -6,6 +6,7 @@
+ 
+ 	ifdef(`enable_mls',`
+ 		role secadm_r;
++		role auditadm_r;
  	')
+ ')
  
-@@ -408,10 +404,6 @@
+@@ -67,6 +68,7 @@
+ 	# Define some type aliases to help with compatibility with
+ 	# macros and domains from the "strict" policy.
+ 	unconfined_alias_domain(secadm_t)
++	unconfined_alias_domain(auditadm_t)
+ 	unconfined_alias_domain(sysadm_t)
+ 
+ 	# User home directory type.
+@@ -82,6 +84,7 @@
+ 
+ 	# compatibility for switching from strict
+ #	dominance { role secadm_r { role system_r; }}
++#	dominance { role auditadm_r { role system_r; }}
+ #	dominance { role sysadm_r { role system_r; }}
+ #	dominance { role user_r { role system_r; }}
+ #	dominance { role staff_r { role system_r; }}
+@@ -105,9 +108,10 @@
+ 
+ 	ifdef(`enable_mls',`
+ 		allow secadm_r system_r;
++		allow auditadm_r system_r;
+ 		allow secadm_r user_r;
+-		allow user_r secadm_r;
+ 		allow staff_r secadm_r;
++		allow staff_r auditadm_r;
  	')
  
  	optional_policy(`
--		perdition_tcp_connect($1_t)
--	')
--
--	optional_policy(`
- 		portmap_tcp_connect($1_t)
+@@ -128,8 +132,19 @@
+ 
+ 	ifdef(`enable_mls',`
+ 		admin_user_template(secadm)
++		admin_user_template(auditadm)
++
++		role_change(staff,auditadm)
+ 		role_change(staff,secadm)
++
+ 		role_change(sysadm,secadm)
++		role_change(sysadm,auditadm)
++
++		role_change(auditadm,secadm)
++		role_change(auditadm,sysadm)
++
++		role_change(secadm,auditadm)
++		role_change(secadm,sysadm)
+ 	')
+ 
+ 	# this should be tunable_policy, but
+@@ -179,10 +194,13 @@
+ 		mls_file_downgrade(secadm_t)
+ 		init_exec(secadm_t)
+ 		logging_read_audit_log(secadm_t)
+-		logging_run_auditctl(secadm_t,secadm_r,{ secadm_tty_device_t secadm_devpts_t })
+ 		userdom_dontaudit_append_staff_home_content_files(secadm_t)
+ 		files_relabel_all_files(secadm_t)
+ 		auth_relabel_shadow(secadm_t)
++
++		corecmd_exec_shell(auditadm_t)
++		logging_read_audit_log(auditadm_t)
++		logging_run_auditctl(auditadm_t,auditadm_r,{ auditadm_tty_device_t auditadm_devpts_t })
+ 	', `
+ 		logging_read_audit_log(sysadm_t)
+ 		logging_run_auditctl(sysadm_t,sysadm_r,admin_terminal)
+@@ -236,6 +254,7 @@
+ 
+ 		ifdef(`enable_mls',`
+ 			consoletype_exec(secadm_t)
++			consoletype_exec(auditadm_t)
+ 		')
  	')
  
-@@ -4140,11 +4132,31 @@
- 		type user_home_dir_t;
+@@ -248,6 +267,7 @@
+ 
+ 		ifdef(`enable_mls',`
+ 			dmesg_exec(secadm_t)
++			dmesg_exec(auditadm_t)
+ 		')
  	')
  
-+	allow $1 user_home_dir_t:dir create_dir_perms;
- 	files_home_filetrans($1,user_home_dir_t,dir)
- ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.2.34/policy/modules/system/xen.if
+--- nsaserefpolicy/policy/modules/system/xen.if	2006-03-23 16:08:51.000000000 -0500
++++ serefpolicy-2.2.34/policy/modules/system/xen.if	2006-04-20 14:04:12.000000000 -0400
+@@ -47,6 +47,24 @@
  
  ########################################
  ## <summary>
-+##	Create staff home directories
-+##	with automatic file type transition.
++##     Don't audit leaked file descriptor.
 +## </summary>
 +## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
++##     <summary>
++##     Domain to don't audit.
++##     </summary>
 +## </param>
 +#
-+interface(`userdom_manage_staff_home_dir',`
-+	gen_require(`
-+		type staff_home_dir_t;
-+	')
++interface(`xen_dontaudit_rw_unix_stream_sockets',`
++       gen_require(`
++               type xend_t;
++       ')
 +
-+	allow $1 staff_home_dir_t:dir create_dir_perms;
++       dontaudit $1 xend_t:unix_stream_socket { read write };
 +')
 +
 +########################################
 +## <summary>
- ##	Search generic user home directories.
+ ##	Connect to xenstored over an unix stream socket.
  ## </summary>
  ## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.2.32/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te	2006-03-23 14:33:30.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/system/xen.te	2006-04-14 12:06:19.000000000 -0400
-@@ -19,6 +19,8 @@
- # var/lib files
- type xend_var_lib_t;
- files_type(xend_var_lib_t)
-+# for mounting an NFS store
-+files_mountpoint(xend_var_lib_t)
- 
- # log files
- type xend_var_log_t;
-@@ -67,6 +69,8 @@
- allow xend_t self:tcp_socket create_stream_socket_perms;
- allow xend_t self:packet_socket create_socket_perms;
- 
-+files_read_kernel_symbol_table(xend_t)
-+
- # pid file
- allow xend_t xend_var_run_t:file manage_file_perms;
- allow xend_t xend_var_run_t:sock_file manage_file_perms;
-@@ -210,6 +214,7 @@
- dev_filetrans_xen(xenstored_t)
- 
- term_dontaudit_use_generic_ptys(xenstored_t)
-+dev_rw_xen(xenstored_t)
- 
- init_use_fds(xenstored_t)
- 
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.2.32/Rules.modular
---- nsaserefpolicy/Rules.modular	2006-03-23 14:33:29.000000000 -0500
-+++ serefpolicy-2.2.32/Rules.modular	2006-04-14 14:21:43.000000000 -0400
-@@ -208,7 +208,7 @@
- #
- $(APPDIR)/customizable_types: $(BASE_CONF)
- 	@mkdir -p $(APPDIR)
--	$(verbose) $(GREP) '^[[:blank:]]*type .*customizable' $< | cut -d',' -f1 | cut -d' ' -f2 | $(SORT) -u > $(TMPDIR)/customizable_types
-+	$(verbose) $(GREP) '^[[:blank:]]*type .*customizable' $< | cut -d';' -f1 | cut -d',' -f1 | cut -d' ' -f2 | $(SORT) -u > $(TMPDIR)/customizable_types
- 	$(verbose) install -m 644 $(TMPDIR)/customizable_types $@ 
- 
- ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.2.34/policy/modules/system/xen.te
+--- nsaserefpolicy/policy/modules/system/xen.te	2006-04-18 22:50:01.000000000 -0400
++++ serefpolicy-2.2.34/policy/modules/system/xen.te	2006-04-20 14:04:12.000000000 -0400
+@@ -125,6 +125,7 @@
+ 
+ files_read_etc_files(xend_t)
+ files_read_kernel_symbol_table(xend_t)
++files_read_kernel_img(xend_t)
+ 
+ storage_raw_read_fixed_disk(xend_t)
+ 
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/rolemap serefpolicy-2.2.34/policy/rolemap
+--- nsaserefpolicy/policy/rolemap	2006-01-26 15:38:41.000000000 -0500
++++ serefpolicy-2.2.34/policy/rolemap	2006-04-20 14:04:12.000000000 -0400
+@@ -15,5 +15,6 @@
+ 
+ 	ifdef(`enable_mls',`
+ 		secadm_r secadm secadm_t
++		auditadm_t auditadm auditadm_t
+ 	')
+ ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.2.34/policy/users
+--- nsaserefpolicy/policy/users	2006-02-15 17:02:30.000000000 -0500
++++ serefpolicy-2.2.34/policy/users	2006-04-20 14:04:12.000000000 -0400
+@@ -29,7 +29,7 @@
+ gen_user(user_u, user, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255)
+ ',`
+ gen_user(user_u, user, user_r, s0, s0)
+-gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r'), s0, s0 - s15:c0.c255, c0.c255)
++gen_user(staff_u, staff, staff_r sysadm_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - s15:c0.c255, c0.c255)
+ gen_user(sysadm_u, sysadm, sysadm_r, s0, s0 - s15:c0.c255, c0.c255)
+ ')
+ 
+@@ -44,8 +44,8 @@
+ 	gen_user(root, user, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255)
+ ',`
+ 	ifdef(`direct_sysadm_daemon',`
+-		gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r') system_r, s0, s0 - s15:c0.c255, c0.c255)
++		gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - s15:c0.c255, c0.c255)
+ 	',`
+-		gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r'), s0, s0 - s15:c0.c255, c0.c255)
++		gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - s15:c0.c255, c0.c255)
+ 	')
+ ')


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/selinux-policy.spec,v
retrieving revision 1.164
retrieving revision 1.165
diff -u -r1.164 -r1.165
--- selinux-policy.spec	15 Apr 2006 10:33:31 -0000	1.164
+++ selinux-policy.spec	21 Apr 2006 11:02:17 -0000	1.165
@@ -15,8 +15,8 @@
 %define CHECKPOLICYVER 1.30.3-1
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 2.2.32
-Release: 1.fc5
+Version: 2.2.34
+Release: 3.fc5
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -321,6 +321,30 @@
 %endif
 
 %changelog
+* Fri Apr 21 2006 Dan Walsh <dwalsh at redhat.com> 2.2.34-3.fc5
+- Bump for fc5
+
+* Fri Apr 21 2006 Dan Walsh <dwalsh at redhat.com> 2.2.34-3
+- Allow mono to chat with unconfined
+
+* Thu Apr 20 2006 Dan Walsh <dwalsh at redhat.com> 2.2.34-2
+- Allow procmail to sendmail
+- Allow nfs to share dosfs
+
+* Thu Apr 20 2006 Dan Walsh <dwalsh at redhat.com> 2.2.34-1
+- Update to latest from upstream
+- Allow selinux-policy to be removed and kernel not to crash
+
+* Tue Apr 18 2006 Dan Walsh <dwalsh at redhat.com> 2.2.33-1
+- Update to latest from upstream
+- Add James Antill patch for xen
+- Many fixes for pegasus
+
+* Sat Apr 15 2006 Dan Walsh <dwalsh at redhat.com> 2.2.32-2
+- Add unconfined_mount_t
+- Allow privoxy to connect to httpd_cache
+- fix cups labeleing on /var/cache/cups
+
 * Sat Apr 15 2006 Dan Walsh <dwalsh at redhat.com> 2.2.32-1.fc5
 - Bump for fc5
 


Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/FC-5/sources,v
retrieving revision 1.54
retrieving revision 1.55
diff -u -r1.54 -r1.55
--- sources	15 Apr 2006 10:33:31 -0000	1.54
+++ sources	21 Apr 2006 11:02:17 -0000	1.55
@@ -1 +1 @@
-7a3563e2478a4b18dc689de8561831b5  serefpolicy-2.2.32.tgz
+5c1fa51a13bdb35dcf053a9b68072ff5  serefpolicy-2.2.34.tgz

More information about the fedora-cvs-commits mailing list