rpms/selinux-policy/devel policy-20060411.patch, NONE, 1.1 .cvsignore, 1.53, 1.54 file_contexts.patch, 1.1, 1.2 policy-20060323.patch, 1.11, 1.12 selinux-policy.spec, 1.170, 1.171 sources, 1.57, 1.58
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Apr 11 21:00:01 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv5502
Modified Files:
.cvsignore file_contexts.patch policy-20060323.patch
selinux-policy.spec sources
Added Files:
policy-20060411.patch
Log Message:
* Mon Apr 10 2006 Dan Walsh <dwalsh at redhat.com> 2.2.29-6
- Allow secadm_t ability to relabel all files
- Allow ftp to search xferlog_t directories
- Allow mysql to communicate with ldap
- Allow rsync to bind to rsync_port_t
policy-20060411.patch:
rpc.te | 4 ++--
samba.if | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
--- NEW FILE policy-20060411.patch ---
--- serefpolicy-2.2.30/policy/modules/services/rpc.te~ 2006-04-11 06:35:47.000000000 -0400
+++ serefpolicy-2.2.30/policy/modules/services/rpc.te 2006-04-11 11:21:31.000000000 -0400
@@ -110,13 +110,13 @@
portmap_udp_chat(nfsd_t)
tunable_policy(`nfs_export_all_rw',`
- auth_read_all_dirs_except_shadow(nfsd_t)
fs_read_noxattr_fs_files(nfsd_t)
+ auth_manage_all_files_except_shadow(nfsd_t)
')
tunable_policy(`nfs_export_all_ro',`
- auth_read_all_dirs_except_shadow(nfsd_t)
fs_read_noxattr_fs_files(nfsd_t)
+ auth_read_all_files_except_shadow(nfsd_t)
')
########################################
--- serefpolicy-2.2.30/policy/modules/services/samba.if~ 2006-04-11 06:35:48.000000000 -0400
+++ serefpolicy-2.2.30/policy/modules/services/samba.if 2006-04-11 11:07:50.000000000 -0400
@@ -33,6 +33,7 @@
')
tunable_policy(`samba_enable_home_dirs',`
+ userdom_manage_user_home_content_dirs($1,smbd_t)
userdom_manage_user_home_content_files($1,smbd_t)
userdom_manage_user_home_content_symlinks($1,smbd_t)
userdom_manage_user_home_content_sockets($1,smbd_t)
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -r1.53 -r1.54
--- .cvsignore 31 Mar 2006 20:57:44 -0000 1.53
+++ .cvsignore 11 Apr 2006 20:59:57 -0000 1.54
@@ -54,3 +54,4 @@
serefpolicy-2.2.27.tgz
serefpolicy-2.2.28.tgz
serefpolicy-2.2.29.tgz
+serefpolicy-2.2.30.tgz
file_contexts.patch:
admin/su.fc | 2 +-
apps/java.fc | 2 +-
kernel/corecommands.fc | 18 ++++++++++--------
kernel/devices.fc | 3 ++-
kernel/files.fc | 35 +++++++++++++++++++++++------------
services/kerberos.fc | 4 ++--
services/tftp.fc | 3 ++-
system/authlogin.fc | 3 ++-
system/daemontools.fc | 3 ++-
system/libraries.fc | 43 ++++++++++++++++++++++++-------------------
system/miscfiles.fc | 2 +-
system/modutils.fc | 6 ++++--
12 files changed, 74 insertions(+), 50 deletions(-)
Index: file_contexts.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/file_contexts.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- file_contexts.patch 10 Apr 2006 12:16:11 -0000 1.1
+++ file_contexts.patch 11 Apr 2006 20:59:57 -0000 1.2
@@ -1,16 +1,5 @@
-diff -ru serefpolicy-2.2.29.orig/policy/modules/admin/su.fc serefpolicy-2.2.29.fc/policy/modules/admin/su.fc
---- serefpolicy-2.2.29.orig/policy/modules/admin/su.fc 2006-04-01 03:11:34.000000000 +1100
-+++ serefpolicy-2.2.29.fc/policy/modules/admin/su.fc 2006-04-10 20:53:28.000000000 +1000
-@@ -1,5 +1,5 @@
-
- /bin/su -- gen_context(system_u:object_r:su_exec_t,s0)
-
--/usr(/local)?/bin/ksu -- gen_context(system_u:object_r:su_exec_t,s0)
-+/usr/(local/)?bin/ksu -- gen_context(system_u:object_r:su_exec_t,s0)
- /usr/bin/kdesu -- gen_context(system_u:object_r:su_exec_t,s0)
-diff -ru serefpolicy-2.2.29.orig/policy/modules/apps/java.fc serefpolicy-2.2.29.fc/policy/modules/apps/java.fc
---- serefpolicy-2.2.29.orig/policy/modules/apps/java.fc 2006-04-10 20:52:58.000000000 +1000
-+++ serefpolicy-2.2.29.fc/policy/modules/apps/java.fc 2006-04-10 20:53:28.000000000 +1000
+--- serefpolicy-2.2.30/policy/modules/apps/java.fc.fcon 2006-04-11 07:32:30.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/apps/java.fc 2006-04-11 07:32:30.000000000 -0400
@@ -1,7 +1,7 @@
#
# /usr
@@ -20,58 +9,156 @@
/usr/bin/gcj-dbtool -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/gij -- gen_context(system_u:object_r:java_exec_t,s0)
/opt(/.*)?/bin/java.* -- gen_context(system_u:object_r:java_exec_t,s0)
-diff -ru serefpolicy-2.2.29.orig/policy/modules/kernel/corecommands.fc serefpolicy-2.2.29.fc/policy/modules/kernel/corecommands.fc
---- serefpolicy-2.2.29.orig/policy/modules/kernel/corecommands.fc 2006-04-01 03:11:34.000000000 +1100
-+++ serefpolicy-2.2.29.fc/policy/modules/kernel/corecommands.fc 2006-04-10 20:53:28.000000000 +1000
-@@ -2,7 +2,8 @@
+--- serefpolicy-2.2.30/policy/modules/system/libraries.fc.fcon 2006-04-11 07:32:30.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/system/libraries.fc 2006-04-11 07:32:36.000000000 -0400
+@@ -24,15 +24,20 @@
#
- # /bin
+ # /lib(64)?
#
--/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/bin -d gen_context(system_u:object_r:bin_t,s0)
-+/bin/.* gen_context(system_u:object_r:bin_t,s0)
- /bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0)
-@@ -86,27 +87,28 @@
+-/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
+-/lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
+-/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
++/lib -d gen_context(system_u:object_r:lib_t,s0)
++/lib/.* gen_context(system_u:object_r:lib_t,s0)
++/lib64 -d gen_context(system_u:object_r:lib_t,s0)
++/lib64/.* gen_context(system_u:object_r:lib_t,s0)
++/lib/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
++/lib64/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
++/lib/(.*/)?ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
++/lib64/(.*/)?ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
+
#
- # /sbin
+ # /opt
#
--/sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0)
-+/sbin -d gen_context(system_u:object_r:sbin_t,s0)
-+/sbin/.* gen_context(system_u:object_r:sbin_t,s0)
- /sbin/mkfs\.cramfs -- gen_context(system_u:object_r:sbin_t,s0)
- /sbin/insmod_ksymoops_clean -- gen_context(system_u:object_r:sbin_t,s0)
+-/opt(/.*)?/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
+-/opt(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
++/opt/(.*/)?lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
++/opt/(.*/)?lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
+ /opt/.*/jre.*/libdeploy.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /opt/.*/jre.*/libjvm.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -44,18 +49,18 @@
#
- # /opt
+ # /usr
#
--/opt(/.*)?/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/opt/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
+-/usr(/.*)?/HelixPlayer/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/(.*/)?HelixPlayer/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
--/opt(/.*)?/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/opt/(.*/)?libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
+-/usr(/.*)?/java/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+-/usr(/.*)?/java/.*\.jar -- gen_context(system_u:object_r:shlib_t,s0)
+-/usr(/.*)?/java/.*\.jsa -- gen_context(system_u:object_r:shlib_t,s0)
++/usr/(.*/)?java/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/(.*/)?java/.*\.jar -- gen_context(system_u:object_r:shlib_t,s0)
++/usr/(.*/)?java/.*\.jsa -- gen_context(system_u:object_r:shlib_t,s0)
--/opt(/.*)?/sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0)
-+/opt/(.*/)?sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0)
+-/usr(/.*)?/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
+-/usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
++/usr/(.*/)?lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
++/usr/(.*/)?lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
+
+-/usr(/.*)?/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0)
++/usr/(.*/)?lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0)
+
+-/usr(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/(.*/)?nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+ /usr/lib(64)?/pgsql/test/regress/.*\.so -- gen_context(system_u:object_r:shlib_t,s0)
+
+@@ -64,7 +69,7 @@
+ /usr/lib(64)?/im/.*\.so.* -- gen_context(system_u:object_r:shlib_t,s0)
+ /usr/lib(64)?/iiim/.*\.so.* -- gen_context(system_u:object_r:shlib_t,s0)
+
+-/usr(/.*)?/lib(64)?(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/(.*/)?lib(64)?(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libsipphoneapi\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
+ /usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libGLU\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -126,7 +131,7 @@
+ /usr/lib(64)?/.*/program/libsvx680li\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/.*/program/libcomphelp4gcc3\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/.*/program/libsoffice\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+-/usr(/.*)?/pcsc/drivers(/.*)?/lib(cm2020|cm4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/(.*/)?pcsc/drivers(/.*)?/lib(cm2020|cm4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+ /usr/lib(64)?/firefox.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/mozilla.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -184,10 +189,10 @@
+ /usr/.*/jre.*/libdeploy.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/.*/jre.*/libjvm.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+-/usr(/.*)?/intellinux/nppdf\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
+-/usr(/.*)?/intellinux/lib/\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
+-/usr(/.*)?/intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:texrel_shlib_t,s0)
+-/usr(/.*)?/intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/(.*/)?intellinux/nppdf\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
++/usr/(.*/)?intellinux/lib/\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
++/usr/(.*/)?intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:texrel_shlib_t,s0)
++/usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+ ') dnl end distro_redhat
+
+--- serefpolicy-2.2.30/policy/modules/system/daemontools.fc.fcon 2006-04-11 06:35:47.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/system/daemontools.fc 2006-04-11 07:32:30.000000000 -0400
+@@ -2,7 +2,8 @@
+ # /service
+ #
+
+-/service(/.*)? gen_context(system_u:object_r:svc_svc_t,s0)
++/service -d gen_context(system_u:object_r:svc_svc_t,s0)
++/service/.* gen_context(system_u:object_r:svc_svc_t,s0)
#
# /usr
+--- serefpolicy-2.2.30/policy/modules/system/authlogin.fc.fcon 2006-04-11 06:35:47.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/system/authlogin.fc 2006-04-11 07:32:30.000000000 -0400
+@@ -7,7 +7,8 @@
+ /etc/passwd\.lock -- gen_context(system_u:object_r:shadow_t,s0)
+ /etc/shadow.* -- gen_context(system_u:object_r:shadow_t,s0)
+
+-/lib(64)?/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:pam_exec_t,s0)
++/lib/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:pam_exec_t,s0)
++/lib64/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:pam_exec_t,s0)
+
+ /sbin/pam_console_apply -- gen_context(system_u:object_r:pam_console_exec_t,s0)
+ /sbin/pam_timestamp_check -- gen_context(system_u:object_r:pam_exec_t,s0)
+--- serefpolicy-2.2.30/policy/modules/system/modutils.fc.fcon 2006-04-11 06:35:47.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/system/modutils.fc 2006-04-11 07:32:30.000000000 -0400
+@@ -2,9 +2,11 @@
+ /etc/modules\.conf.* -- gen_context(system_u:object_r:modules_conf_t,s0)
+ /etc/modprobe\.conf.* -- gen_context(system_u:object_r:modules_conf_t,s0)
+
+-/lib(64)?/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0)
++/lib/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0)
++/lib64/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0)
+
+-/lib(64)?/modules/modprobe\.conf -- gen_context(system_u:object_r:modules_conf_t,s0)
++/lib/modules/modprobe\.conf -- gen_context(system_u:object_r:modules_conf_t,s0)
++/lib64/modules/modprobe\.conf -- gen_context(system_u:object_r:modules_conf_t,s0)
+
+ /sbin/depmod.* -- gen_context(system_u:object_r:depmod_exec_t,s0)
+ /sbin/generate-modprobe\.conf -- gen_context(system_u:object_r:update_modules_exec_t,s0)
+--- serefpolicy-2.2.30/policy/modules/system/miscfiles.fc.fcon 2006-04-11 06:35:47.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/system/miscfiles.fc 2006-04-11 07:32:30.000000000 -0400
+@@ -7,7 +7,7 @@
#
--/usr(/.*)?/Bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/usr/(.*/)?Bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
+ # /opt
+ #
+-/opt(/.*)?/man(/.*)? gen_context(system_u:object_r:man_t,s0)
++/opt/(.*/)?man(/.*)? gen_context(system_u:object_r:man_t,s0)
--/usr(/.*)?/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/usr/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
+ #
+ # /srv
+--- serefpolicy-2.2.30/policy/modules/admin/su.fc.fcon 2006-04-11 06:35:47.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/admin/su.fc 2006-04-11 07:32:30.000000000 -0400
+@@ -1,5 +1,5 @@
--/usr(/.*)?/sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0)
-+/usr/(.*/)?sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0)
+ /bin/su -- gen_context(system_u:object_r:su_exec_t,s0)
- /usr/lib/ccache/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
- /usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
-diff -ru serefpolicy-2.2.29.orig/policy/modules/kernel/devices.fc serefpolicy-2.2.29.fc/policy/modules/kernel/devices.fc
---- serefpolicy-2.2.29.orig/policy/modules/kernel/devices.fc 2006-04-10 20:52:58.000000000 +1000
-+++ serefpolicy-2.2.29.fc/policy/modules/kernel/devices.fc 2006-04-10 20:53:29.000000000 +1000
+-/usr(/local)?/bin/ksu -- gen_context(system_u:object_r:su_exec_t,s0)
++/usr/(local/)?bin/ksu -- gen_context(system_u:object_r:su_exec_t,s0)
+ /usr/bin/kdesu -- gen_context(system_u:object_r:su_exec_t,s0)
+--- serefpolicy-2.2.30/policy/modules/kernel/devices.fc.fcon 2006-04-11 07:32:30.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/kernel/devices.fc 2006-04-11 07:32:30.000000000 -0400
@@ -1,5 +1,6 @@
-/dev(/.*)? gen_context(system_u:object_r:device_t,s0)
@@ -80,9 +167,8 @@
/dev/.*mouse.* -c gen_context(system_u:object_r:mouse_device_t,s0)
/dev/adsp -c gen_context(system_u:object_r:sound_device_t,s0)
-diff -ru serefpolicy-2.2.29.orig/policy/modules/kernel/files.fc serefpolicy-2.2.29.fc/policy/modules/kernel/files.fc
---- serefpolicy-2.2.29.orig/policy/modules/kernel/files.fc 2006-04-01 03:11:34.000000000 +1100
-+++ serefpolicy-2.2.29.fc/policy/modules/kernel/files.fc 2006-04-10 20:53:29.000000000 +1000
+--- serefpolicy-2.2.30/policy/modules/kernel/files.fc.fcon 2006-04-11 06:35:47.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/kernel/files.fc 2006-04-11 07:32:30.000000000 -0400
@@ -25,7 +25,8 @@
#
# /boot
@@ -182,160 +268,73 @@
/var/\.journal <<none>>
/var/db/.*\.db -- gen_context(system_u:object_r:etc_t,s0)
-diff -ru serefpolicy-2.2.29.orig/policy/modules/services/kerberos.fc serefpolicy-2.2.29.fc/policy/modules/services/kerberos.fc
---- serefpolicy-2.2.29.orig/policy/modules/services/kerberos.fc 2006-04-01 03:11:34.000000000 +1100
-+++ serefpolicy-2.2.29.fc/policy/modules/services/kerberos.fc 2006-04-10 20:53:29.000000000 +1000
-@@ -5,8 +5,8 @@
- /etc/krb5kdc/kadm5.keytab -- gen_context(system_u:object_r:krb5_keytab_t,s0)
- /etc/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
-
--/usr(/local)?(/kerberos)?/sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0)
--/usr(/local)?(/kerberos)?/sbin/kadmind -- gen_context(system_u:object_r:kadmind_exec_t,s0)
-+/usr/(local/)?(kerberos/)?sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0)
-+/usr/(local/)?(kerberos/)?sbin/kadmind -- gen_context(system_u:object_r:kadmind_exec_t,s0)
-
- /usr/local/var/krb5kdc(/.*)? gen_context(system_u:object_r:krb5kdc_conf_t,s0)
- /usr/local/var/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
-diff -ru serefpolicy-2.2.29.orig/policy/modules/services/tftp.fc serefpolicy-2.2.29.fc/policy/modules/services/tftp.fc
---- serefpolicy-2.2.29.orig/policy/modules/services/tftp.fc 2006-04-01 03:11:34.000000000 +1100
-+++ serefpolicy-2.2.29.fc/policy/modules/services/tftp.fc 2006-04-10 20:53:29.000000000 +1000
-@@ -2,4 +2,5 @@
- /usr/sbin/atftpd -- gen_context(system_u:object_r:tftpd_exec_t,s0)
- /usr/sbin/in\.tftpd -- gen_context(system_u:object_r:tftpd_exec_t,s0)
-
--/tftpboot(/.*)? gen_context(system_u:object_r:tftpdir_t,s0)
-+/tftpboot -d gen_context(system_u:object_r:tftpdir_t,s0)
-+/tftpboot/.* gen_context(system_u:object_r:tftpdir_t,s0)
-diff -ru serefpolicy-2.2.29.orig/policy/modules/system/authlogin.fc serefpolicy-2.2.29.fc/policy/modules/system/authlogin.fc
---- serefpolicy-2.2.29.orig/policy/modules/system/authlogin.fc 2006-04-01 03:11:34.000000000 +1100
-+++ serefpolicy-2.2.29.fc/policy/modules/system/authlogin.fc 2006-04-10 20:53:29.000000000 +1000
-@@ -7,7 +7,8 @@
- /etc/passwd\.lock -- gen_context(system_u:object_r:shadow_t,s0)
- /etc/shadow.* -- gen_context(system_u:object_r:shadow_t,s0)
-
--/lib(64)?/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:pam_exec_t,s0)
-+/lib/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:pam_exec_t,s0)
-+/lib64/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:pam_exec_t,s0)
-
- /sbin/pam_console_apply -- gen_context(system_u:object_r:pam_console_exec_t,s0)
- /sbin/pam_timestamp_check -- gen_context(system_u:object_r:pam_exec_t,s0)
-diff -ru serefpolicy-2.2.29.orig/policy/modules/system/daemontools.fc serefpolicy-2.2.29.fc/policy/modules/system/daemontools.fc
---- serefpolicy-2.2.29.orig/policy/modules/system/daemontools.fc 2006-04-01 03:11:34.000000000 +1100
-+++ serefpolicy-2.2.29.fc/policy/modules/system/daemontools.fc 2006-04-10 20:53:29.000000000 +1000
+--- serefpolicy-2.2.30/policy/modules/kernel/corecommands.fc.fcon 2006-04-11 06:35:47.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/kernel/corecommands.fc 2006-04-11 07:32:30.000000000 -0400
@@ -2,7 +2,8 @@
- # /service
#
-
--/service(/.*)? gen_context(system_u:object_r:svc_svc_t,s0)
-+/service -d gen_context(system_u:object_r:svc_svc_t,s0)
-+/service/.* gen_context(system_u:object_r:svc_svc_t,s0)
-
+ # /bin
#
- # /usr
-diff -ru serefpolicy-2.2.29.orig/policy/modules/system/libraries.fc serefpolicy-2.2.29.fc/policy/modules/system/libraries.fc
---- serefpolicy-2.2.29.orig/policy/modules/system/libraries.fc 2006-04-10 20:52:58.000000000 +1000
-+++ serefpolicy-2.2.29.fc/policy/modules/system/libraries.fc 2006-04-10 20:53:29.000000000 +1000
-@@ -24,15 +24,20 @@
+-/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/bin -d gen_context(system_u:object_r:bin_t,s0)
++/bin/.* gen_context(system_u:object_r:bin_t,s0)
+ /bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0)
+@@ -86,27 +87,28 @@
#
- # /lib(64)?
+ # /sbin
#
--/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
--/lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
--/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
-+/lib -d gen_context(system_u:object_r:lib_t,s0)
-+/lib/.* gen_context(system_u:object_r:lib_t,s0)
-+/lib64 -d gen_context(system_u:object_r:lib_t,s0)
-+/lib64/.* gen_context(system_u:object_r:lib_t,s0)
-+/lib/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
-+/lib64/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
-+/lib/(.*/)?ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
-+/lib64/(.*/)?ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0)
+-/sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0)
++/sbin -d gen_context(system_u:object_r:sbin_t,s0)
++/sbin/.* gen_context(system_u:object_r:sbin_t,s0)
+ /sbin/mkfs\.cramfs -- gen_context(system_u:object_r:sbin_t,s0)
+ /sbin/insmod_ksymoops_clean -- gen_context(system_u:object_r:sbin_t,s0)
#
# /opt
#
--/opt(/.*)?/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
--/opt(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
-+/opt/(.*/)?lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
-+/opt/(.*/)?lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
- /opt/.*/jre.*/libdeploy.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
- /opt/.*/jre.*/libjvm.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+-/opt(/.*)?/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/opt/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
+
+-/opt(/.*)?/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/opt/(.*/)?libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
+
+-/opt(/.*)?/sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0)
++/opt/(.*/)?sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0)
-@@ -44,18 +49,18 @@
#
# /usr
#
--/usr(/.*)?/HelixPlayer/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/(.*/)?HelixPlayer/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
--/usr(/.*)?/java/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
--/usr(/.*)?/java/.*\.jar -- gen_context(system_u:object_r:shlib_t,s0)
--/usr(/.*)?/java/.*\.jsa -- gen_context(system_u:object_r:shlib_t,s0)
-+/usr/(.*/)?java/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/(.*/)?java/.*\.jar -- gen_context(system_u:object_r:shlib_t,s0)
-+/usr/(.*/)?java/.*\.jsa -- gen_context(system_u:object_r:shlib_t,s0)
-
--/usr(/.*)?/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
--/usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
-+/usr/(.*/)?lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
-+/usr/(.*/)?lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
-
--/usr(/.*)?/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0)
-+/usr/(.*/)?lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0)
-
--/usr(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/(.*/)?nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
- /usr(/.*)?/lib(64)?(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-@@ -130,7 +135,7 @@
- /usr/lib(64)?/.*/program/libsvx680li\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
- /usr/lib(64)?/.*/program/libcomphelp4gcc3\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
- /usr/lib(64)?/.*/program/libsoffice\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
--/usr(/.*)?/pcsc/drivers(/.*)?/lib(cm2020|cm4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/(.*/)?pcsc/drivers(/.*)?/lib(cm2020|cm4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
- /usr/lib(64)?/firefox.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
- /usr/lib(64)?/mozilla.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -185,9 +190,9 @@
- /usr/.*/jre.*/libdeploy.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
- /usr/.*/jre.*/libjvm.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+-/usr(/.*)?/Bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/usr/(.*/)?Bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
--/usr(/.*)?/intellinux/nppdf\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
--/usr(/.*)?/intellinux/lib/\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
--/usr(/.*)?/intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:texrel_shlib_t,s0)
-+/usr/(.*/)?intellinux/nppdf\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
-+/usr/(.*/)?intellinux/lib/\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
-+/usr/(.*/)?intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:texrel_shlib_t,s0)
- ') dnl end distro_redhat
+-/usr(/.*)?/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/usr/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
- ifdef(`distro_suse',`
-diff -ru serefpolicy-2.2.29.orig/policy/modules/system/miscfiles.fc serefpolicy-2.2.29.fc/policy/modules/system/miscfiles.fc
---- serefpolicy-2.2.29.orig/policy/modules/system/miscfiles.fc 2006-04-01 03:11:34.000000000 +1100
-+++ serefpolicy-2.2.29.fc/policy/modules/system/miscfiles.fc 2006-04-10 20:53:29.000000000 +1000
-@@ -7,7 +7,7 @@
- #
- # /opt
- #
--/opt(/.*)?/man(/.*)? gen_context(system_u:object_r:man_t,s0)
-+/opt/(.*/)?man(/.*)? gen_context(system_u:object_r:man_t,s0)
+-/usr(/.*)?/sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0)
++/usr/(.*/)?sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0)
- #
- # /srv
-diff -ru serefpolicy-2.2.29.orig/policy/modules/system/modutils.fc serefpolicy-2.2.29.fc/policy/modules/system/modutils.fc
---- serefpolicy-2.2.29.orig/policy/modules/system/modutils.fc 2006-04-01 03:11:34.000000000 +1100
-+++ serefpolicy-2.2.29.fc/policy/modules/system/modutils.fc 2006-04-10 20:53:29.000000000 +1000
-@@ -2,9 +2,11 @@
- /etc/modules\.conf.* -- gen_context(system_u:object_r:modules_conf_t,s0)
- /etc/modprobe\.conf.* -- gen_context(system_u:object_r:modules_conf_t,s0)
+ /usr/lib/ccache/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
+--- serefpolicy-2.2.30/policy/modules/services/kerberos.fc.fcon 2006-04-11 06:35:48.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/services/kerberos.fc 2006-04-11 07:32:30.000000000 -0400
+@@ -5,8 +5,8 @@
+ /etc/krb5kdc/kadm5.keytab -- gen_context(system_u:object_r:krb5_keytab_t,s0)
+ /etc/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
--/lib(64)?/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0)
-+/lib/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0)
-+/lib64/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0)
+-/usr(/local)?(/kerberos)?/sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0)
+-/usr(/local)?(/kerberos)?/sbin/kadmind -- gen_context(system_u:object_r:kadmind_exec_t,s0)
++/usr/(local/)?(kerberos/)?sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0)
++/usr/(local/)?(kerberos/)?sbin/kadmind -- gen_context(system_u:object_r:kadmind_exec_t,s0)
--/lib(64)?/modules/modprobe\.conf -- gen_context(system_u:object_r:modules_conf_t,s0)
-+/lib/modules/modprobe\.conf -- gen_context(system_u:object_r:modules_conf_t,s0)
-+/lib64/modules/modprobe\.conf -- gen_context(system_u:object_r:modules_conf_t,s0)
+ /usr/local/var/krb5kdc(/.*)? gen_context(system_u:object_r:krb5kdc_conf_t,s0)
+ /usr/local/var/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
+--- serefpolicy-2.2.30/policy/modules/services/tftp.fc.fcon 2006-04-11 06:35:48.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/services/tftp.fc 2006-04-11 07:32:30.000000000 -0400
+@@ -2,4 +2,5 @@
+ /usr/sbin/atftpd -- gen_context(system_u:object_r:tftpd_exec_t,s0)
+ /usr/sbin/in\.tftpd -- gen_context(system_u:object_r:tftpd_exec_t,s0)
- /sbin/depmod.* -- gen_context(system_u:object_r:depmod_exec_t,s0)
- /sbin/generate-modprobe\.conf -- gen_context(system_u:object_r:update_modules_exec_t,s0)
+-/tftpboot(/.*)? gen_context(system_u:object_r:tftpdir_t,s0)
++/tftpboot -d gen_context(system_u:object_r:tftpdir_t,s0)
++/tftpboot/.* gen_context(system_u:object_r:tftpdir_t,s0)
policy-20060323.patch:
admin/rpm.te | 1 +
apps/ada.fc | 7 +++++++
apps/ada.if | 29 +++++++++++++++++++++++++++++
apps/ada.te | 24 ++++++++++++++++++++++++
apps/java.fc | 1 +
apps/mono.if | 23 +++++++++++++++++++++++
kernel/devices.fc | 1 +
kernel/devices.if | 40 ++++++++++++++++++++++++++++++++++++++++
kernel/files.if | 15 +++++++++++++++
kernel/mls.te | 1 +
services/apache.if | 20 ++++++++++++++++++++
services/automount.te | 1 +
services/avahi.te | 4 ++++
services/bluetooth.te | 7 +++++--
services/cups.te | 2 +-
services/dbus.te | 1 +
services/ftp.te | 1 +
services/gpm.te | 3 +--
services/hal.te | 13 ++++++++++++-
services/mysql.te | 1 +
services/networkmanager.te | 1 +
services/nscd.if | 20 ++++++++++++++++++++
services/rsync.te | 4 ++++
services/samba.te | 2 ++
services/snmp.te | 1 +
services/xserver.if | 21 +++++++++++++++++++++
system/fstools.te | 1 +
system/getty.fc | 1 +
system/getty.te | 2 ++
system/init.te | 1 +
system/libraries.fc | 32 ++++++++++++++++++++++----------
system/mount.te | 4 +++-
system/unconfined.if | 10 ++++++----
system/unconfined.te | 4 ++--
system/userdomain.te | 5 +++--
35 files changed, 279 insertions(+), 25 deletions(-)
Index: policy-20060323.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060323.patch,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- policy-20060323.patch 10 Apr 2006 21:10:33 -0000 1.11
+++ policy-20060323.patch 11 Apr 2006 20:59:57 -0000 1.12
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.2.29/policy/modules/admin/rpm.te
---- nsaserefpolicy/policy/modules/admin/rpm.te 2006-03-30 10:59:02.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/admin/rpm.te 2006-04-03 16:38:39.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.2.30/policy/modules/admin/rpm.te
+--- nsaserefpolicy/policy/modules/admin/rpm.te 2006-04-04 18:06:37.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/admin/rpm.te 2006-04-11 07:05:00.000000000 -0400
@@ -117,6 +117,7 @@
mls_file_read_up(rpm_t)
mls_file_write_down(rpm_t)
@@ -9,9 +9,9 @@
selinux_get_fs_mount(rpm_t)
selinux_validate_context(rpm_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ada.fc serefpolicy-2.2.29/policy/modules/apps/ada.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ada.fc serefpolicy-2.2.30/policy/modules/apps/ada.fc
--- nsaserefpolicy/policy/modules/apps/ada.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/apps/ada.fc 2006-04-04 06:29:46.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/apps/ada.fc 2006-04-11 07:05:00.000000000 -0400
@@ -0,0 +1,7 @@
+#
+# /usr
@@ -20,186 +20,12 @@
+/usr/bin/gnatbind -- gen_context(system_u:object_r:ada_exec_t,s0)
+/usr/bin/gnatls -- gen_context(system_u:object_r:ada_exec_t,s0)
+/usr/bin/gnatmake -- gen_context(system_u:object_r:ada_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ada.if serefpolicy-2.2.29/policy/modules/apps/ada.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ada.if serefpolicy-2.2.30/policy/modules/apps/ada.if
--- nsaserefpolicy/policy/modules/apps/ada.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/apps/ada.if 2006-04-04 06:28:18.000000000 -0400
-@@ -0,0 +1,203 @@
++++ serefpolicy-2.2.30/policy/modules/apps/ada.if 2006-04-11 07:05:43.000000000 -0400
+@@ -0,0 +1,29 @@
+## <summary>Java virtual machine</summary>
+
-+#######################################
-+## <summary>
-+## The per user domain template for the ada module.
-+## </summary>
-+## <desc>
-+## <p>
-+## This template creates a derived domains which are used
-+## for ada plugins that are executed by a browser.
-+## </p>
-+## <p>
-+## This template is invoked automatically for each user, and
-+## generally does not need to be invoked directly
-+## by policy writers.
-+## </p>
-+## </desc>
-+## <param name="userdomain_prefix">
-+## <summary>
-+## The prefix of the user domain (e.g., user
-+## is the prefix for user_t).
-+## </summary>
-+## </param>
-+## <param name="user_domain">
-+## <summary>
-+## The type of the user domain.
-+## </summary>
-+## </param>
-+## <param name="user_role">
-+## <summary>
-+## The role associated with the user domain.
-+## </summary>
-+## </param>
-+#
-+template(`ada_per_userdomain_template',`
-+ gen_require(`
-+ type ada_exec_t;
-+ ')
-+
-+ ########################################
-+ #
-+ # Declarations
-+ #
-+
-+ type $1_adaplugin_t;
-+ domain_type($1_adaplugin_t)
-+ role $3 types $1_adaplugin_t;
-+
-+ type $1_adaplugin_tmp_t;
-+ files_tmp_file($1_adaplugin_tmp_t)
-+
-+ type $1_adaplugin_tmpfs_t;
-+ files_tmpfs_file($1_adaplugin_tmpfs_t)
-+
-+ ########################################
-+ #
-+ # Local policy
-+ #
-+
-+ allow $1_adaplugin_t self:process { signal_perms getsched setsched execmem };
-+ allow $1_adaplugin_t self:fifo_file rw_file_perms;
-+ allow $1_adaplugin_t self:tcp_socket create_socket_perms;
-+ allow $1_adaplugin_t self:udp_socket create_socket_perms;
-+
-+ allow $1_adaplugin_t $2:unix_stream_socket connectto;
-+ allow $1_adaplugin_t $2:unix_stream_socket { read write };
-+ userdom_write_user_tmp_sockets($1,$1_adaplugin_t)
-+
-+ allow $1_adaplugin_t $1_adaplugin_tmp_t:dir create_dir_perms;
-+ allow $1_adaplugin_t $1_adaplugin_tmp_t:file create_file_perms;
-+ files_tmp_filetrans($1_adaplugin_t,$1_adaplugin_tmp_t,{ file dir })
-+
-+ allow $1_adaplugin_t $1_adaplugin_tmpfs_t:dir { read getattr lock search ioctl add_name remove_name write };
-+ allow $1_adaplugin_t $1_adaplugin_tmpfs_t:file { create ioctl read getattr lock write setattr append link unlink rename };
-+ allow $1_adaplugin_t $1_adaplugin_tmpfs_t:lnk_file { create read getattr setattr link unlink rename };
-+ allow $1_adaplugin_t $1_adaplugin_tmpfs_t:sock_file { create ioctl read getattr lock write setattr append link unlink rename };
-+ allow $1_adaplugin_t $1_adaplugin_tmpfs_t:fifo_file { create ioctl read getattr lock write setattr append link unlink rename };
-+ fs_tmpfs_filetrans($1_adaplugin_t,$1_adaplugin_tmpfs_t,{ dir file lnk_file sock_file fifo_file })
-+
-+ # cjp: rw_dir_perms here doesnt make sense
-+ allow $1_adaplugin_t $1_home_t:dir rw_dir_perms;
-+ allow $1_adaplugin_t $1_home_t:file rw_file_perms;
-+ allow $1_adaplugin_t $1_home_t:lnk_file { getattr read };
-+
-+ can_exec($1_adaplugin_t, ada_exec_t)
-+
-+ # The user role is authorized for this domain.
-+ domain_auto_trans($1_t, ada_exec_t, $1_adaplugin_t)
-+ allow $1_adaplugin_t $2:fd use;
-+ # Unrestricted inheritance from the caller.
-+ allow $2 $1_adaplugin_t:process { noatsecure siginh rlimitinh };
-+ allow $1_adaplugin_t $2:process signull;
-+
-+ kernel_read_all_sysctls($1_adaplugin_t)
-+ kernel_search_vm_sysctl($1_adaplugin_t)
-+ kernel_read_network_state($1_adaplugin_t)
-+ kernel_read_system_state($1_adaplugin_t)
-+
-+ # Search bin directory under adaplugin for adaplugin executable
-+ corecmd_search_bin($1_adaplugin_t)
-+
-+ corenet_non_ipsec_sendrecv($1_adaplugin_t)
-+ corenet_tcp_sendrecv_generic_if($1_adaplugin_t)
-+ corenet_udp_sendrecv_generic_if($1_adaplugin_t)
-+ corenet_raw_sendrecv_generic_if($1_adaplugin_t)
-+ corenet_tcp_sendrecv_all_nodes($1_adaplugin_t)
-+ corenet_udp_sendrecv_all_nodes($1_adaplugin_t)
-+ corenet_raw_sendrecv_all_nodes($1_adaplugin_t)
-+ corenet_tcp_sendrecv_all_ports($1_adaplugin_t)
-+ corenet_udp_sendrecv_all_ports($1_adaplugin_t)
-+ corenet_tcp_bind_all_nodes($1_adaplugin_t)
-+ corenet_udp_bind_all_nodes($1_adaplugin_t)
-+ corenet_tcp_connect_all_ports($1_adaplugin_t)
-+
-+ dev_read_sound($1_adaplugin_t)
-+ dev_write_sound($1_adaplugin_t)
-+ dev_read_urand($1_adaplugin_t)
-+ dev_read_rand($1_adaplugin_t)
-+
-+ files_read_etc_files($1_adaplugin_t)
-+ files_read_usr_files($1_adaplugin_t)
-+ files_search_home($1_adaplugin_t)
-+ files_search_var_lib($1_adaplugin_t)
-+ files_read_etc_runtime_files($1_adaplugin_t)
-+ # Read global fonts and font config
-+ files_read_etc_files($1_adaplugin_t)
-+
-+ fs_getattr_xattr_fs($1_adaplugin_t)
-+ fs_dontaudit_rw_tmpfs_files($1_adaplugin_t)
-+
-+ libs_use_ld_so($1_adaplugin_t)
-+ libs_use_shared_libs($1_adaplugin_t)
-+
-+ logging_send_syslog_msg($1_adaplugin_t)
-+
-+ miscfiles_read_localization($1_adaplugin_t)
-+ # Read global fonts and font config
-+ miscfiles_read_fonts($1_adaplugin_t)
-+
-+ sysnet_read_config($1_adaplugin_t)
-+
-+ userdom_dontaudit_use_user_terminals($1,$1_adaplugin_t)
-+ userdom_dontaudit_setattr_user_home_content_files($1,$1_adaplugin_t)
-+ userdom_dontaudit_exec_user_home_content_files($1,$1_adaplugin_t)
-+ userdom_manage_user_home_content_dirs($1,$1_adaplugin_t)
-+ userdom_manage_user_home_content_files($1,$1_adaplugin_t)
-+ userdom_manage_user_home_content_symlinks($1,$1_adaplugin_t)
-+ userdom_manage_user_home_content_pipes($1,$1_adaplugin_t)
-+ userdom_manage_user_home_content_sockets($1,$1_adaplugin_t)
-+ userdom_user_home_dir_filetrans_user_home_content($1,$1_adaplugin_t,{ file lnk_file sock_file fifo_file })
-+
-+ tunable_policy(`allow_ada_execstack',`
-+ allow $1_adaplugin_t self:process execstack;
-+
-+ allow $1_adaplugin_t $1_adaplugin_tmp_t:file execute;
-+
-+ libs_legacy_use_shared_libs($1_adaplugin_t)
-+ libs_legacy_use_ld_so($1_adaplugin_t)
-+ libs_use_lib_files($1_adaplugin_t)
-+
-+ miscfiles_legacy_read_localization($1_adaplugin_t)
-+ ')
-+
-+ optional_policy(`
-+ nis_use_ypbind($1_adaplugin_t)
-+ ')
-+
-+ optional_policy(`
-+ nscd_socket_use($1_adaplugin_t)
-+ ')
-+
-+ optional_policy(`
-+ xserver_user_client_template($1,$1_adaplugin_t,$1_adaplugin_tmpfs_t)
-+ ')
-+')
-+
+########################################
+## <summary>
+## Execute the ada program in the ada domain.
@@ -227,9 +53,9 @@
+ errprint(`Warning: $0($1) has no effect in strict policy.'__endline__)
+ ')
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ada.te serefpolicy-2.2.29/policy/modules/apps/ada.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ada.te serefpolicy-2.2.30/policy/modules/apps/ada.te
--- nsaserefpolicy/policy/modules/apps/ada.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/apps/ada.te 2006-04-04 06:28:03.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/apps/ada.te 2006-04-11 07:05:00.000000000 -0400
@@ -0,0 +1,24 @@
+
+policy_module(ada,1.1.0)
@@ -255,17 +81,17 @@
+ unconfined_domain_noaudit(ada_t)
+ role system_r types ada_t;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.2.29/policy/modules/apps/java.fc
---- nsaserefpolicy/policy/modules/apps/java.fc 2006-03-23 16:46:10.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/apps/java.fc 2006-04-06 14:52:12.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.2.30/policy/modules/apps/java.fc
+--- nsaserefpolicy/policy/modules/apps/java.fc 2006-02-20 11:33:04.000000000 -0500
++++ serefpolicy-2.2.30/policy/modules/apps/java.fc 2006-04-11 07:05:00.000000000 -0400
@@ -4,3 +4,4 @@
/usr(/.*)?/bin/java.* -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/gcj-dbtool -- gen_context(system_u:object_r:java_exec_t,s0)
/usr/bin/gij -- gen_context(system_u:object_r:java_exec_t,s0)
+/opt(/.*)?/bin/java.* -- gen_context(system_u:object_r:java_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-2.2.29/policy/modules/apps/mono.if
---- nsaserefpolicy/policy/modules/apps/mono.if 2006-03-23 16:46:10.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/apps/mono.if 2006-04-03 10:03:24.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-2.2.30/policy/modules/apps/mono.if
+--- nsaserefpolicy/policy/modules/apps/mono.if 2006-02-10 17:05:18.000000000 -0500
++++ serefpolicy-2.2.30/policy/modules/apps/mono.if 2006-04-11 07:05:00.000000000 -0400
@@ -23,3 +23,26 @@
allow mono_t $1:fifo_file rw_file_perms;
allow mono_t $1:process sigchld;
@@ -293,17 +119,9 @@
+ allow mono_t $1:dbus send_msg;
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.2.29/policy/modules/apps/mono.te
---- nsaserefpolicy/policy/modules/apps/mono.te 2006-03-23 16:46:10.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/apps/mono.te 2006-04-03 12:28:33.000000000 -0400
-@@ -22,3 +22,4 @@
- unconfined_domain_noaudit(mono_t)
- role system_r types mono_t;
- ')
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.2.29/policy/modules/kernel/devices.fc
---- nsaserefpolicy/policy/modules/kernel/devices.fc 2006-03-23 16:45:31.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/kernel/devices.fc 2006-03-31 11:49:27.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.2.30/policy/modules/kernel/devices.fc
+--- nsaserefpolicy/policy/modules/kernel/devices.fc 2006-03-23 14:33:29.000000000 -0500
++++ serefpolicy-2.2.30/policy/modules/kernel/devices.fc 2006-04-11 07:05:00.000000000 -0400
@@ -59,6 +59,7 @@
')
/dev/vbi.* -c gen_context(system_u:object_r:v4l_device_t,s0)
@@ -312,9 +130,9 @@
/dev/vttuner -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/vtx.* -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/winradio. -c gen_context(system_u:object_r:v4l_device_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.2.29/policy/modules/kernel/devices.if
---- nsaserefpolicy/policy/modules/kernel/devices.if 2006-03-30 10:03:20.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/kernel/devices.if 2006-04-03 11:31:23.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.2.30/policy/modules/kernel/devices.if
+--- nsaserefpolicy/policy/modules/kernel/devices.if 2006-04-10 17:05:09.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/kernel/devices.if 2006-04-11 07:08:48.000000000 -0400
@@ -2439,6 +2439,26 @@
########################################
@@ -342,9 +160,9 @@
## Associate a file to a usbfs filesystem.
## </summary>
## <param name="file_type">
-@@ -2860,3 +2880,23 @@
- allow $1 self:capability sys_rawio;
- typeattribute $1 memory_raw_write, memory_raw_read;
+@@ -2855,3 +2875,23 @@
+
+ typeattribute $1 devices_unconfined_type;
')
+
+########################################
@@ -366,10 +184,10 @@
+ dontaudit $1 device_node:dir_file_class_set getattr;
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.29/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if 2006-03-30 10:04:15.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/kernel/files.if 2006-04-03 17:43:29.000000000 -0400
-@@ -1643,6 +1643,21 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.2.30/policy/modules/kernel/files.if
+--- nsaserefpolicy/policy/modules/kernel/files.if 2006-04-10 17:05:10.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/kernel/files.if 2006-04-11 07:05:00.000000000 -0400
+@@ -1661,6 +1661,21 @@
')
########################################
@@ -391,9 +209,9 @@
## <summary>
## Read files in /etc that are dynamically
## created on boot, such as mtab.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.2.29/policy/modules/kernel/mls.te
---- nsaserefpolicy/policy/modules/kernel/mls.te 2006-03-23 16:45:31.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/kernel/mls.te 2006-04-03 16:29:39.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.2.30/policy/modules/kernel/mls.te
+--- nsaserefpolicy/policy/modules/kernel/mls.te 2006-03-07 10:31:09.000000000 -0500
++++ serefpolicy-2.2.30/policy/modules/kernel/mls.te 2006-04-11 07:05:00.000000000 -0400
@@ -60,6 +60,7 @@
ifdef(`enable_mls',`
@@ -402,9 +220,9 @@
range_transition kernel_t init_exec_t s0 - s15:c0.c255;
range_transition kernel_t lvm_exec_t s0 - s15:c0.c255;
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.2.29/policy/modules/services/apache.if
---- nsaserefpolicy/policy/modules/services/apache.if 2006-03-24 11:09:14.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/services/apache.if 2006-04-03 13:02:08.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.2.30/policy/modules/services/apache.if
+--- nsaserefpolicy/policy/modules/services/apache.if 2006-04-06 14:05:25.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/services/apache.if 2006-04-11 07:05:00.000000000 -0400
@@ -197,6 +197,26 @@
allow httpd_$1_script_t self:lnk_file read;
')
@@ -432,9 +250,9 @@
tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
allow httpd_$1_script_t self:tcp_socket create_stream_socket_perms;
allow httpd_$1_script_t self:udp_socket create_socket_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.2.29/policy/modules/services/automount.te
---- nsaserefpolicy/policy/modules/services/automount.te 2006-03-24 11:09:13.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/services/automount.te 2006-03-31 11:21:52.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.2.30/policy/modules/services/automount.te
+--- nsaserefpolicy/policy/modules/services/automount.te 2006-03-24 11:15:50.000000000 -0500
++++ serefpolicy-2.2.30/policy/modules/services/automount.te 2006-04-11 07:05:00.000000000 -0400
@@ -123,6 +123,7 @@
logging_search_logs(automount_t)
@@ -443,9 +261,9 @@
# Run mount in the mount_t domain.
mount_domtrans(automount_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-2.2.29/policy/modules/services/avahi.te
---- nsaserefpolicy/policy/modules/services/avahi.te 2006-03-24 11:09:13.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/services/avahi.te 2006-04-03 10:04:43.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-2.2.30/policy/modules/services/avahi.te
+--- nsaserefpolicy/policy/modules/services/avahi.te 2006-03-24 11:15:50.000000000 -0500
++++ serefpolicy-2.2.30/policy/modules/services/avahi.te 2006-04-11 07:05:00.000000000 -0400
@@ -92,6 +92,10 @@
dbus_system_bus_client_template(avahi,avahi_t)
dbus_connect_system_bus(avahi_t)
@@ -457,9 +275,9 @@
')
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.2.29/policy/modules/services/bluetooth.te
---- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-03-30 10:59:02.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/services/bluetooth.te 2006-04-03 10:50:10.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.2.30/policy/modules/services/bluetooth.te
+--- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-04-04 18:06:38.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/services/bluetooth.te 2006-04-11 07:05:00.000000000 -0400
@@ -41,7 +41,7 @@
# Bluetooth services local policy
#
@@ -495,9 +313,9 @@
')
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.2.29/policy/modules/services/cups.te
---- nsaserefpolicy/policy/modules/services/cups.te 2006-03-30 10:59:02.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/services/cups.te 2006-04-03 17:42:39.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.2.30/policy/modules/services/cups.te
+--- nsaserefpolicy/policy/modules/services/cups.te 2006-04-04 18:06:38.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/services/cups.te 2006-04-11 07:05:00.000000000 -0400
@@ -110,7 +110,7 @@
files_tmp_filetrans(cupsd_t, cupsd_tmp_t, { file dir fifo_file })
@@ -507,9 +325,9 @@
allow cupsd_t cupsd_var_run_t:sock_file create_file_perms;
files_pid_filetrans(cupsd_t,cupsd_var_run_t,file)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-2.2.29/policy/modules/services/dbus.te
---- nsaserefpolicy/policy/modules/services/dbus.te 2006-03-24 11:09:14.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/services/dbus.te 2006-03-31 11:21:52.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-2.2.30/policy/modules/services/dbus.te
+--- nsaserefpolicy/policy/modules/services/dbus.te 2006-03-24 11:15:50.000000000 -0500
++++ serefpolicy-2.2.30/policy/modules/services/dbus.te 2006-04-11 07:05:00.000000000 -0400
@@ -102,6 +102,7 @@
logging_send_syslog_msg(system_dbusd_t)
@@ -518,9 +336,9 @@
seutil_read_config(system_dbusd_t)
seutil_read_default_contexts(system_dbusd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.2.29/policy/modules/services/ftp.te
---- nsaserefpolicy/policy/modules/services/ftp.te 2006-03-30 10:59:02.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/services/ftp.te 2006-04-08 10:26:14.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.2.30/policy/modules/services/ftp.te
+--- nsaserefpolicy/policy/modules/services/ftp.te 2006-04-04 18:06:38.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/services/ftp.te 2006-04-11 07:05:00.000000000 -0400
@@ -62,6 +62,7 @@
files_pid_filetrans(ftpd_t,ftpd_var_run_t,file)
@@ -529,9 +347,22 @@
allow ftpd_t xferlog_t:file create_file_perms;
logging_log_filetrans(ftpd_t,xferlog_t,file)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.2.29/policy/modules/services/hal.te
---- nsaserefpolicy/policy/modules/services/hal.te 2006-03-30 10:59:02.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/services/hal.te 2006-04-03 17:43:25.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-2.2.30/policy/modules/services/gpm.te
+--- nsaserefpolicy/policy/modules/services/gpm.te 2006-04-04 18:06:38.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/services/gpm.te 2006-04-11 07:05:00.000000000 -0400
+@@ -54,8 +54,7 @@
+
+ dev_read_sysfs(gpm_t)
+ # Access the mouse.
+-# cjp: why write?
+-dev_rw_input_dev(event_device_t)
++dev_rw_input_dev(gpm_t)
+ dev_rw_mouse(gpm_t)
+
+ fs_getattr_all_fs(gpm_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.2.30/policy/modules/services/hal.te
+--- nsaserefpolicy/policy/modules/services/hal.te 2006-04-04 18:06:38.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/services/hal.te 2006-04-11 07:05:00.000000000 -0400
@@ -22,7 +22,7 @@
#
@@ -580,9 +411,9 @@
')
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-2.2.29/policy/modules/services/mysql.te
---- nsaserefpolicy/policy/modules/services/mysql.te 2006-03-24 11:09:13.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/services/mysql.te 2006-04-08 11:18:50.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-2.2.30/policy/modules/services/mysql.te
+--- nsaserefpolicy/policy/modules/services/mysql.te 2006-03-24 11:15:50.000000000 -0500
++++ serefpolicy-2.2.30/policy/modules/services/mysql.te 2006-04-11 07:05:00.000000000 -0400
@@ -104,6 +104,7 @@
miscfiles_read_localization(mysqld_t)
@@ -591,9 +422,9 @@
sysnet_read_config(mysqld_t)
userdom_dontaudit_use_unpriv_user_fds(mysqld_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.2.29/policy/modules/services/networkmanager.te
---- nsaserefpolicy/policy/modules/services/networkmanager.te 2006-03-24 11:09:15.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/services/networkmanager.te 2006-04-03 12:24:37.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.2.30/policy/modules/services/networkmanager.te
+--- nsaserefpolicy/policy/modules/services/networkmanager.te 2006-03-24 11:15:50.000000000 -0500
++++ serefpolicy-2.2.30/policy/modules/services/networkmanager.te 2006-04-11 07:05:00.000000000 -0400
@@ -155,6 +155,7 @@
optional_policy(`
@@ -602,9 +433,9 @@
')
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-2.2.29/policy/modules/services/nscd.if
---- nsaserefpolicy/policy/modules/services/nscd.if 2006-03-23 16:46:11.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/services/nscd.if 2006-04-03 12:24:28.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-2.2.30/policy/modules/services/nscd.if
+--- nsaserefpolicy/policy/modules/services/nscd.if 2006-03-23 14:33:30.000000000 -0500
++++ serefpolicy-2.2.30/policy/modules/services/nscd.if 2006-04-11 07:05:00.000000000 -0400
@@ -126,3 +126,23 @@
allow $1 nscd_t:nscd *;
@@ -629,9 +460,9 @@
+ allow $1 nscd_t:process signal;
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-2.2.29/policy/modules/services/rsync.te
---- nsaserefpolicy/policy/modules/services/rsync.te 2006-03-24 11:09:14.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/services/rsync.te 2006-04-08 10:31:40.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-2.2.30/policy/modules/services/rsync.te
+--- nsaserefpolicy/policy/modules/services/rsync.te 2006-03-24 11:15:50.000000000 -0500
++++ serefpolicy-2.2.30/policy/modules/services/rsync.te 2006-04-11 07:05:00.000000000 -0400
@@ -50,6 +50,8 @@
allow rsync_t rsync_var_run_t:dir rw_dir_perms;
files_pid_filetrans(rsync_t,rsync_var_run_t,file)
@@ -657,9 +488,9 @@
miscfiles_read_localization(rsync_t)
miscfiles_read_public_files(rsync_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.2.29/policy/modules/services/samba.te
---- nsaserefpolicy/policy/modules/services/samba.te 2006-03-24 11:09:15.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/services/samba.te 2006-04-03 14:24:40.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.2.30/policy/modules/services/samba.te
+--- nsaserefpolicy/policy/modules/services/samba.te 2006-04-04 18:06:38.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/services/samba.te 2006-04-11 07:05:00.000000000 -0400
@@ -105,6 +105,8 @@
allow samba_net_t samba_net_tmp_t:file create_file_perms;
files_tmp_filetrans(samba_net_t, samba_net_tmp_t, { file dir })
@@ -669,9 +500,9 @@
allow samba_net_t samba_var_t:dir rw_dir_perms;
allow samba_net_t samba_var_t:lnk_file create_lnk_perms;
allow samba_net_t samba_var_t:file create_lnk_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-2.2.29/policy/modules/services/snmp.te
---- nsaserefpolicy/policy/modules/services/snmp.te 2006-03-24 11:09:13.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/services/snmp.te 2006-04-03 13:11:33.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-2.2.30/policy/modules/services/snmp.te
+--- nsaserefpolicy/policy/modules/services/snmp.te 2006-04-04 18:06:38.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/services/snmp.te 2006-04-11 07:05:00.000000000 -0400
@@ -49,6 +49,7 @@
allow snmpd_t snmpd_var_run_t:dir rw_dir_perms;
files_pid_filetrans(snmpd_t,snmpd_var_run_t,file)
@@ -680,10 +511,10 @@
kernel_read_kernel_sysctls(snmpd_t)
kernel_read_net_sysctls(snmpd_t)
kernel_read_proc_symlinks(snmpd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.2.29/policy/modules/services/xserver.if
---- nsaserefpolicy/policy/modules/services/xserver.if 2006-03-30 10:16:43.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/services/xserver.if 2006-04-03 10:43:12.000000000 -0400
-@@ -1015,3 +1015,24 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.2.30/policy/modules/services/xserver.if
+--- nsaserefpolicy/policy/modules/services/xserver.if 2006-04-06 15:31:54.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/services/xserver.if 2006-04-11 07:05:00.000000000 -0400
+@@ -1070,3 +1070,24 @@
dontaudit $1 xdm_xserver_t:tcp_socket { read write };
')
@@ -708,9 +539,9 @@
+ allow $1 xdm_xserver_tmp_t:sock_file { read write };
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.2.29/policy/modules/system/fstools.te
---- nsaserefpolicy/policy/modules/system/fstools.te 2006-03-30 10:59:03.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/system/fstools.te 2006-03-31 11:21:52.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.2.30/policy/modules/system/fstools.te
+--- nsaserefpolicy/policy/modules/system/fstools.te 2006-04-04 18:06:38.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/system/fstools.te 2006-04-11 07:05:00.000000000 -0400
@@ -77,6 +77,7 @@
dev_getattr_usbfs_dirs(fsadm_t)
# Access to /dev/mapper/control
@@ -719,17 +550,17 @@
fs_search_auto_mountpoints(fsadm_t)
fs_getattr_xattr_fs(fsadm_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.fc serefpolicy-2.2.29/policy/modules/system/getty.fc
---- nsaserefpolicy/policy/modules/system/getty.fc 2006-03-23 16:46:11.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/system/getty.fc 2006-04-03 12:51:51.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.fc serefpolicy-2.2.30/policy/modules/system/getty.fc
+--- nsaserefpolicy/policy/modules/system/getty.fc 2005-10-06 17:29:17.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/system/getty.fc 2006-04-11 07:05:00.000000000 -0400
@@ -6,3 +6,4 @@
/var/log/mgetty\.log.* -- gen_context(system_u:object_r:getty_log_t,s0)
/var/run/mgetty\.pid.* -- gen_context(system_u:object_r:getty_var_run_t,s0)
+/var/spool/fax -- gen_context(system_u:object_r:getty_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-2.2.29/policy/modules/system/getty.te
---- nsaserefpolicy/policy/modules/system/getty.te 2006-03-29 10:50:04.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/system/getty.te 2006-04-03 12:52:46.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-2.2.30/policy/modules/system/getty.te
+--- nsaserefpolicy/policy/modules/system/getty.te 2006-03-29 11:23:41.000000000 -0500
++++ serefpolicy-2.2.30/policy/modules/system/getty.te 2006-04-11 07:05:00.000000000 -0400
@@ -104,6 +104,8 @@
miscfiles_read_localization(getty_t)
@@ -739,10 +570,10 @@
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(getty_t)
term_dontaudit_use_generic_ptys(getty_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.2.29/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te 2006-03-30 10:13:28.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/system/init.te 2006-03-31 11:21:52.000000000 -0500
-@@ -353,6 +353,7 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.2.30/policy/modules/system/init.te
+--- nsaserefpolicy/policy/modules/system/init.te 2006-04-06 15:32:43.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/system/init.te 2006-04-11 07:05:00.000000000 -0400
+@@ -352,6 +352,7 @@
files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t)
files_mounton_default(initrc_t)
@@ -750,9 +581,9 @@
libs_rw_ld_so_cache(initrc_t)
libs_use_ld_so(initrc_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.2.29/policy/modules/system/libraries.fc
---- nsaserefpolicy/policy/modules/system/libraries.fc 2006-03-30 10:18:07.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/system/libraries.fc 2006-04-04 08:19:58.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.2.30/policy/modules/system/libraries.fc
+--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-04-05 11:35:09.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/system/libraries.fc 2006-04-11 07:20:26.000000000 -0400
@@ -33,6 +33,8 @@
#
/opt(/.*)?/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0)
@@ -762,28 +593,26 @@
#
# /sbin
-@@ -55,6 +57,8 @@
+@@ -55,14 +57,16 @@
/usr(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr(/.*)?/lib(64)?(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+
- /usr/lib(64)?/pgsql/test/regress/.*\.so -- gen_context(system_u:object_r:shlib_t,s0)
+-/usr/lib(64)?/pgsql/test/regress/.*\.so -- gen_context(system_u:object_r:shlib_t,s0)
++/usr/lib(64)?/pgsql/test/regress/.*\.so -- gen_context(system_u:object_r:shlib_t,s0)
/usr/lib/win32/.* -- gen_context(system_u:object_r:shlib_t,s0)
-@@ -62,18 +66,27 @@
+
/usr/lib(64)?/im/.*\.so.* -- gen_context(system_u:object_r:shlib_t,s0)
/usr/lib(64)?/iiim/.*\.so.* -- gen_context(system_u:object_r:shlib_t,s0)
+-/usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr(/.*)?/lib(64)?(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/libsipphoneapi\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0)
-+
- /usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libGLU\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?(/.*)?/libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?(/.*)?/nvidia_drv.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-
-+/usr/lib(64)?/vmware/lib(/.*)?/libgdk-x11-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+
+@@ -70,10 +74,15 @@
/usr/(local/)?lib/wine/.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(local/)?lib/libfame-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/local/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
@@ -800,7 +629,7 @@
/usr/x11R6/lib/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xorg/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -92,6 +105,7 @@
+@@ -92,6 +101,7 @@
/usr/lib(64)?/libstdc\+\+\.so\.2\.7\.2\.8 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libg\+\+\.so\.2\.7\.2\.8 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libglide3\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -808,66 +637,35 @@
/usr/lib(64)?/libdv\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/helix/plugins/oggfformat\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/helix/plugins/theorarend\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -168,12 +182,12 @@
- /usr/lib(64)?/libdivxencore.so.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -167,16 +177,18 @@
+ /usr/lib(64)?/libdivxdecore.so.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libdivxencore.so.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+-# vmware
+-/usr/lib/vmware/lib/libgdk-x11-2.0.so.0/libgdk-x11-2.0.so.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++# vmware
++/usr/lib(64)?/vmware/lib(/.*)?/libgdk-x11-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
# Java, Sun Microsystems (JPackage SRPM)
-/usr/.*/jre.*/lib/i386/libdeploy.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/.*/jre.*/libdeploy.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/.*/jre.*/libjvm.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++
++/usr(/.*)?/intellinux/nppdf\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
++/usr(/.*)?/intellinux/lib/\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
++/usr(/.*)?/intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:texrel_shlib_t,s0)
++/usr(/.*)?/intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr(/.*)?/Reader/intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:shlib_t,s0)
-/usr(/.*)?/Reader/intellinux/plug_ins/AcroForm\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr(/.*)?/Reader/intellinux/plug_ins/EScript\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr(/.*)?/Reader/intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr(/.*)?/intellinux/nppdf\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
-+/usr(/.*)?/intellinux/lib/\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0)
-+/usr(/.*)?/intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:texrel_shlib_t,s0)
') dnl end distro_redhat
ifdef(`distro_suse',`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-2.2.29/policy/modules/system/logging.if
---- nsaserefpolicy/policy/modules/system/logging.if 2006-03-23 16:46:11.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/system/logging.if 2006-03-31 11:21:52.000000000 -0500
-@@ -368,3 +368,35 @@
- allow $1 var_log_t:dir rw_dir_perms;
- allow $1 var_log_t:file create_file_perms;
- ')
-+
-+########################################
-+## <summary>
-+## Execute auditctl in the auditctl domain, and
-+## allow the specified role the auditctl domain.
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## The type of the process performing this action.
-+## </summary>
-+## </param>
-+## <param name="role">
-+## <summary>
-+## The role to be allowed the auditctl domain.
-+## </summary>
-+## </param>
-+## <param name="terminal">
-+## <summary>
-+## The type of the terminal allow the auditctl domain to use.
-+## </summary>
-+## </param>
-+#
-+interface(`logging_run_auditctl',`
-+ gen_require(`
-+ type auditctl_t;
-+ ')
-+
-+ logging_domtrans_auditctl($1)
-+ role $2 types auditctl_t;
-+ allow auditctl_t $3:chr_file rw_term_perms;
-+')
-+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.2.29/policy/modules/system/mount.te
---- nsaserefpolicy/policy/modules/system/mount.te 2006-03-30 10:59:03.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/system/mount.te 2006-03-31 15:12:44.000000000 -0500
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.2.30/policy/modules/system/mount.te
+--- nsaserefpolicy/policy/modules/system/mount.te 2006-04-04 18:06:38.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/system/mount.te 2006-04-11 07:05:00.000000000 -0400
@@ -19,7 +19,8 @@
# mount local policy
#
@@ -886,9 +684,9 @@
fs_mount_all_fs(mount_t)
fs_unmount_all_fs(mount_t)
fs_remount_all_fs(mount_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.2.29/policy/modules/system/unconfined.if
---- nsaserefpolicy/policy/modules/system/unconfined.if 2006-03-29 09:34:53.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/system/unconfined.if 2006-04-03 11:09:45.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.2.30/policy/modules/system/unconfined.if
+--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-04-10 17:05:11.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/system/unconfined.if 2006-04-11 07:05:00.000000000 -0400
@@ -55,7 +55,7 @@
tunable_policy(`allow_execmem && allow_execstack',`
# Allow making the stack executable via mprotect.
@@ -898,22 +696,15 @@
', `
# These are fairly common but seem to be harmless
# caused by using shared libraries built with old tool chains
-@@ -89,14 +89,6 @@
+@@ -88,6 +88,7 @@
+ optional_policy(`
storage_unconfined($1)
')
-
-- ifdef(`TODO',`
-- if (allow_execmod) {
-- ifdef(`targeted_policy', `', `
-- # Allow text relocations on system shared libraries, e.g. libGL.
-- allow $1 home_type:file execmod;
-- ')
-- }
-- ') dnl end TODO
++
')
########################################
-@@ -118,9 +110,10 @@
+@@ -109,9 +110,10 @@
auditallow $1 self:process execheap;
')
@@ -927,25 +718,15 @@
')
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.2.29/policy/modules/system/unconfined.te
---- nsaserefpolicy/policy/modules/system/unconfined.te 2006-03-29 09:34:53.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/system/unconfined.te 2006-04-04 06:30:36.000000000 -0400
-@@ -94,19 +94,19 @@
- ')
-
- optional_policy(`
-- lpd_domtrans_checkpc(unconfined_t)
-+ ada_domtrans(unconfined_t)
- ')
-
- optional_policy(`
-- modutils_domtrans_update_mods(unconfined_t)
-+ lpd_domtrans_checkpc(unconfined_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.2.30/policy/modules/system/unconfined.te
+--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-04-10 17:05:11.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/system/unconfined.te 2006-04-11 07:23:35.000000000 -0400
+@@ -102,11 +102,11 @@
')
optional_policy(`
- mono_domtrans(unconfined_t)
-+ modutils_domtrans_update_mods(unconfined_t)
++ ada_domtrans(unconfined_t)
')
optional_policy(`
@@ -954,21 +735,20 @@
')
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.29/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te 2006-03-28 12:58:49.000000000 -0500
-+++ serefpolicy-2.2.29/policy/modules/system/userdomain.te 2006-04-10 16:46:24.000000000 -0400
-@@ -179,10 +179,12 @@
- mls_file_downgrade(secadm_t)
- init_exec(secadm_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.2.30/policy/modules/system/userdomain.te
+--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-04-05 17:08:56.000000000 -0400
++++ serefpolicy-2.2.30/policy/modules/system/userdomain.te 2006-04-11 07:05:00.000000000 -0400
+@@ -181,10 +181,11 @@
logging_read_audit_log(secadm_t)
-- logging_domtrans_auditctl(secadm_t)
-+ logging_run_auditctl(secadm_t,secadm_r,admin_terminal)
+ logging_run_auditctl(secadm_t,secadm_r,{ secadm_tty_device_t secadm_devpts_t })
userdom_dontaudit_append_staff_home_content_files(secadm_t)
+ auth_relabel_all_files_except_shadow(secadm_t)
+ auth_relabel_shadow(secadm_t)
', `
- logging_domtrans_auditctl(sysadm_t)
-+ logging_run_auditctl(sysadm_t,sysadm_r,admin_terminal)
- logging_read_audit_log(sysadm_t)
+- logging_read_audit_log(sysadm_t)
+ logging_run_auditctl(sysadm_t,sysadm_r,admin_terminal)
++ logging_read_audit_log(sysadm_t)
')
+ tunable_policy(`allow_ptrace',`
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.170
retrieving revision 1.171
diff -u -r1.170 -r1.171
--- selinux-policy.spec 10 Apr 2006 21:10:33 -0000 1.170
+++ selinux-policy.spec 11 Apr 2006 20:59:57 -0000 1.171
@@ -15,14 +15,15 @@
%define CHECKPOLICYVER 1.30.1-2
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.2.29
-Release: 6
+Version: 2.2.30
+Release: 1
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
patch1: policy-20060323.patch
patch2: file_contexts.patch
patch3: policy-200604.patch
+patch4: policy-20060411.patch
Source1: modules-targeted.conf
Source2: booleans-targeted.conf
Source3: Makefile.devel
@@ -150,9 +151,10 @@
%prep
%setup -q -n serefpolicy-%{version}
-%patch1 -p1
-%patch2 -p1
+%patch1 -p1
+%patch2 -p1
%patch3 -p1
+%patch4 -p1
%install
# Build targeted policy
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/sources,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- sources 31 Mar 2006 20:57:44 -0000 1.57
+++ sources 11 Apr 2006 20:59:57 -0000 1.58
@@ -1 +1 @@
-a2106965fe20d1d3d41e0d4e05c2effb serefpolicy-2.2.29.tgz
+98fa24fd09b92b958155d3f0354e42e5 serefpolicy-2.2.30.tgz
More information about the fedora-cvs-commits
mailing list