rpms/selinux-policy/devel .cvsignore, 1.78, 1.79 policy-20060802.patch, 1.3, 1.4 selinux-policy.spec, 1.246, 1.247 sources, 1.82, 1.83
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Aug 8 20:40:39 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv1074
Modified Files:
.cvsignore policy-20060802.patch selinux-policy.spec sources
Log Message:
* Tue Aug 8 2006 Dan Walsh <dwalsh at redhat.com> 2.3.6-1
- Quiet down anaconda audit messages
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.78
retrieving revision 1.79
diff -u -r1.78 -r1.79
--- .cvsignore 8 Aug 2006 00:26:46 -0000 1.78
+++ .cvsignore 8 Aug 2006 20:40:36 -0000 1.79
@@ -79,3 +79,4 @@
serefpolicy-2.3.3.tgz
serefpolicy-2.3.4.tgz
serefpolicy-2.3.5.tgz
+serefpolicy-2.3.6.tgz
policy-20060802.patch:
mls | 9 -
modules/admin/anaconda.te | 20 ++-
modules/admin/consoletype.te | 11 +
modules/admin/firstboot.te | 2
modules/admin/prelink.te | 3
modules/admin/rpm.fc | 2
modules/admin/usermanage.te | 4
modules/apps/mozilla.if | 2
modules/kernel/corecommands.fc | 1
modules/kernel/corenetwork.te.in | 3
modules/kernel/devices.te | 2
modules/kernel/files.if | 18 ++
modules/kernel/filesystem.te | 2
modules/kernel/kernel.if | 75 ++++++++++++
modules/kernel/terminal.if | 19 +++
modules/services/amavis.te | 7 +
modules/services/apache.te | 1
modules/services/avahi.te | 1
modules/services/bind.te | 1
modules/services/bluetooth.te | 5
modules/services/clamav.if | 1
modules/services/cron.if | 16 ++
modules/services/cups.te | 8 -
modules/services/dbus.if | 5
modules/services/ldap.te | 2
modules/services/nis.te | 2
modules/services/ntp.te | 2
modules/services/pegasus.if | 31 ++++
modules/services/pegasus.te | 5
modules/services/postfix.te | 7 +
modules/services/procmail.te | 1
modules/services/samba.te | 4
modules/services/setroubleshoot.fc | 9 +
modules/services/setroubleshoot.if | 3
modules/services/setroubleshoot.te | 105 ++++++++++++++++
modules/services/spamassassin.te | 4
modules/services/squid.te | 4
modules/services/ssh.if | 25 +++-
modules/services/stunnel.te | 4
modules/services/xserver.if | 51 +++++++-
modules/services/xserver.te | 14 +-
modules/system/fstools.te | 1
modules/system/hostname.te | 10 +
modules/system/init.if | 7 -
modules/system/libraries.fc | 2
modules/system/locallogin.te | 4
modules/system/logging.fc | 3
modules/system/logging.if | 21 +++
modules/system/logging.te | 3
modules/system/miscfiles.fc | 1
modules/system/mount.te | 3
modules/system/selinuxutil.te | 9 +
modules/system/udev.fc | 1
modules/system/unconfined.if | 2
modules/system/unconfined.te | 5
modules/system/userdomain.if | 231 +++++++++++++++++++++++++------------
modules/system/userdomain.te | 50 +++-----
modules/system/xen.if | 38 ++++++
modules/system/xen.te | 26 +++-
59 files changed, 742 insertions(+), 166 deletions(-)
Index: policy-20060802.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060802.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- policy-20060802.patch 8 Aug 2006 00:26:46 -0000 1.3
+++ policy-20060802.patch 8 Aug 2006 20:40:36 -0000 1.4
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.3.5/policy/mls
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.3.6/policy/mls
--- nsaserefpolicy/policy/mls 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.5/policy/mls 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/mls 2006-08-08 16:15:43.000000000 -0400
@@ -184,19 +184,12 @@
( t2 == mlstrustedobject ));
@@ -22,9 +22,9 @@
mlsconstrain dir { add_name remove_name reparent rmdir }
((( l1 dom l2 ) and ( l1 domby h2 )) or
(( t1 == mlsfilewritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-2.3.5/policy/modules/admin/anaconda.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-2.3.6/policy/modules/admin/anaconda.te
--- nsaserefpolicy/policy/modules/admin/anaconda.te 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/admin/anaconda.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/admin/anaconda.te 2006-08-08 16:15:43.000000000 -0400
@@ -25,8 +25,12 @@
modutils_domtrans_insmod(anaconda_t)
@@ -38,7 +38,15 @@
ifdef(`distro_redhat',`
bootloader_create_runtime_file(anaconda_t)
')
-@@ -51,9 +55,7 @@
+@@ -41,6 +45,7 @@
+
+ optional_policy(`
+ rpm_domtrans(anaconda_t)
++ rpm_domtrans_script(anaconda_t)
+ ')
+
+ optional_policy(`
+@@ -51,9 +56,16 @@
usermanage_domtrans_admin_passwd(anaconda_t)
')
@@ -50,9 +58,18 @@
+ ssh_domtrans_keygen(anaconda_t)
')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.5/policy/modules/admin/consoletype.te
++
++# The following is just to quiet the anaconda complaining during the install
++type anaconda_exec_t;
++kernel_domtrans_to(anaconda_t,anaconda_exec_t)
++allow anaconda_t self:process execmem;
++dontaudit domain anaconda_t:fd use;
++dontaudit domain anaconda_t:fifo_file r_file_perms;
++dontaudit domain anaconda_t:unix_stream_socket connectto;
++
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.6/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/admin/consoletype.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/admin/consoletype.te 2006-08-08 16:15:43.000000000 -0400
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -75,9 +92,9 @@
+optional_policy(`
+ xen_dontaudit_use_fds(consoletype_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-2.3.5/policy/modules/admin/firstboot.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-2.3.6/policy/modules/admin/firstboot.te
--- nsaserefpolicy/policy/modules/admin/firstboot.te 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/admin/firstboot.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/admin/firstboot.te 2006-08-08 16:15:43.000000000 -0400
@@ -106,7 +106,7 @@
')
@@ -87,9 +104,9 @@
')
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.3.5/policy/modules/admin/prelink.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.3.6/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/admin/prelink.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/admin/prelink.te 2006-08-08 16:15:43.000000000 -0400
@@ -1,4 +1,3 @@
-
policy_module(prelink,1.1.5)
@@ -104,9 +121,9 @@
optional_policy(`
cron_system_entry(prelink_t, prelink_exec_t)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.5/policy/modules/admin/rpm.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.6/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/admin/rpm.fc 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/admin/rpm.fc 2006-08-08 16:15:43.000000000 -0400
@@ -19,6 +19,8 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -116,9 +133,9 @@
')
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.3.5/policy/modules/admin/usermanage.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.3.6/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/admin/usermanage.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/admin/usermanage.te 2006-08-08 16:15:43.000000000 -0400
@@ -260,7 +260,7 @@
')
@@ -137,9 +154,9 @@
nscd_socket_use(useradd_t)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-2.3.5/policy/modules/apps/mozilla.if
---- nsaserefpolicy/policy/modules/apps/mozilla.if 2006-07-14 17:04:31.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/apps/mozilla.if 2006-08-07 19:45:48.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-2.3.6/policy/modules/apps/mozilla.if
+--- nsaserefpolicy/policy/modules/apps/mozilla.if 2006-08-08 14:59:36.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/apps/mozilla.if 2006-08-08 16:15:43.000000000 -0400
@@ -63,6 +63,7 @@
allow $1_mozilla_t self:unix_stream_socket { listen accept };
# Browse the web, connect to printer
@@ -148,7 +165,7 @@
# for bash - old mozilla binary
can_exec($1_mozilla_t, mozilla_exec_t)
-@@ -175,6 +176,7 @@
+@@ -170,6 +171,7 @@
logging_send_syslog_msg($1_mozilla_t)
miscfiles_read_fonts($1_mozilla_t)
@@ -156,9 +173,9 @@
# Browse the web, connect to printer
sysnet_dns_name_resolve($1_mozilla_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.3.5/policy/modules/kernel/corecommands.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.3.6/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/kernel/corecommands.fc 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/kernel/corecommands.fc 2006-08-08 16:15:43.000000000 -0400
@@ -62,6 +62,7 @@
/etc/X11/xinit(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -167,9 +184,9 @@
ifdef(`distro_debian',`
/etc/mysql/debian-start -- gen_context(system_u:object_r:bin_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.3.5/policy/modules/kernel/corenetwork.te.in
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.3.6/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/kernel/corenetwork.te.in 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/kernel/corenetwork.te.in 2006-08-08 16:15:43.000000000 -0400
@@ -73,6 +73,7 @@
network_port(dhcpc, udp,68,s0)
network_port(dhcpd, udp,67,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0)
@@ -187,9 +204,9 @@
network_port(i18n_input, tcp,9010,s0)
network_port(imaze, tcp,5323,s0, udp,5323,s0)
network_port(inetd_child, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-2.3.5/policy/modules/kernel/devices.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-2.3.6/policy/modules/kernel/devices.te
--- nsaserefpolicy/policy/modules/kernel/devices.te 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/kernel/devices.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/kernel/devices.te 2006-08-08 16:15:43.000000000 -0400
@@ -166,7 +166,7 @@
dev_node(vmware_device_t)
@@ -199,9 +216,9 @@
type xen_device_t;
dev_node(xen_device_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.3.5/policy/modules/kernel/files.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.3.6/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/kernel/files.if 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/kernel/files.if 2006-08-08 16:38:46.000000000 -0400
@@ -2934,6 +2934,24 @@
########################################
@@ -227,9 +244,9 @@
## Read the tmp directory (/tmp).
## </summary>
## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.3.5/policy/modules/kernel/filesystem.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.3.6/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/kernel/filesystem.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/kernel/filesystem.te 2006-08-08 16:15:43.000000000 -0400
@@ -24,6 +24,7 @@
fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr ext3 gen_context(system_u:object_r:fs_t,s0);
@@ -246,9 +263,9 @@
########################################
#
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.3.5/policy/modules/kernel/kernel.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.3.6/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2006-07-14 17:04:30.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/kernel/kernel.if 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/kernel/kernel.if 2006-08-08 16:15:43.000000000 -0400
@@ -1456,6 +1456,42 @@
########################################
@@ -335,9 +352,9 @@
+ dontaudit $1 proc_type:file getattr;
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.3.5/policy/modules/kernel/terminal.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.3.6/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/kernel/terminal.if 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/kernel/terminal.if 2006-08-08 16:15:43.000000000 -0400
@@ -308,6 +308,7 @@
type devpts_t;
')
@@ -368,9 +385,9 @@
+ allow $1 devpts_t:filesystem getattr;
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-2.3.5/policy/modules/services/amavis.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-2.3.6/policy/modules/services/amavis.te
--- nsaserefpolicy/policy/modules/services/amavis.te 2006-07-14 17:04:40.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/amavis.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/amavis.te 2006-08-08 16:15:43.000000000 -0400
@@ -62,10 +62,12 @@
allow amavis_t amavis_quarantine_t:dir create_dir_perms;
@@ -400,9 +417,9 @@
+optional_policy(`
+ postfix_read_config(amavis_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.3.5/policy/modules/services/apache.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.3.6/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/apache.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/apache.te 2006-08-08 16:15:43.000000000 -0400
@@ -273,7 +273,6 @@
sysnet_read_config(httpd_t)
@@ -411,9 +428,9 @@
mta_send_mail(httpd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-2.3.5/policy/modules/services/avahi.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-2.3.6/policy/modules/services/avahi.te
--- nsaserefpolicy/policy/modules/services/avahi.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/avahi.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/avahi.te 2006-08-08 16:15:43.000000000 -0400
@@ -79,6 +79,7 @@
sysnet_read_config(avahi_t)
@@ -422,9 +439,9 @@
userdom_dontaudit_use_unpriv_user_fds(avahi_t)
userdom_dontaudit_search_sysadm_home_dirs(avahi_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-2.3.5/policy/modules/services/bind.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-2.3.6/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/bind.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/bind.te 2006-08-08 16:15:43.000000000 -0400
@@ -226,6 +226,7 @@
allow ndc_t self:netlink_route_socket r_netlink_socket_perms;
@@ -433,9 +450,9 @@
allow ndc_t named_t:tcp_socket { connectto recvfrom };
allow ndc_t named_t:unix_stream_socket connectto;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.3.5/policy/modules/services/bluetooth.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.3.6/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/bluetooth.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/bluetooth.te 2006-08-08 16:15:43.000000000 -0400
@@ -247,3 +247,8 @@
optional_policy(`
xserver_stream_connect_xdm(bluetooth_helper_t)
@@ -445,17 +462,17 @@
+ nis_use_ypbind(bluetooth_helper_t)
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-2.3.5/policy/modules/services/clamav.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-2.3.6/policy/modules/services/clamav.if
--- nsaserefpolicy/policy/modules/services/clamav.if 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/clamav.if 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/clamav.if 2006-08-08 16:15:43.000000000 -0400
@@ -102,3 +102,4 @@
allow clamscan_t $1:fifo_file rw_file_perms;
allow clamscan_t $1:process sigchld;
')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.3.5/policy/modules/services/cron.if
---- nsaserefpolicy/policy/modules/services/cron.if 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/cron.if 2006-08-07 19:45:48.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.3.6/policy/modules/services/cron.if
+--- nsaserefpolicy/policy/modules/services/cron.if 2006-08-08 14:59:36.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/cron.if 2006-08-08 16:15:43.000000000 -0400
@@ -181,6 +181,7 @@
allow $1_crontab_t $2:fd use;
allow $1_crontab_t $2:fifo_file rw_file_perms;
@@ -464,7 +481,7 @@
# crontab shows up in user ps
allow $2 $1_crontab_t:dir { search getattr read };
-@@ -194,14 +195,19 @@
+@@ -193,14 +194,19 @@
# Allow crond to read those crontabs in cron spool.
allow crond_t $1_cron_spool_t:file create_file_perms;
@@ -487,7 +504,7 @@
# crontab signals crond by updating the mtime on the spooldir
allow $1_crontab_t cron_spool_t:dir setattr;
-@@ -239,6 +245,10 @@
+@@ -238,6 +244,10 @@
# Read user crontabs
userdom_read_user_home_content_files($1,$1_crontab_t)
@@ -498,10 +515,18 @@
tunable_policy(`fcron_crond', `
# fcron wants an instant update of a crontab change for the administrator
# also crontab does a security check for crontab -u
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.3.5/policy/modules/services/cups.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.3.6/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/cups.te 2006-08-07 19:45:48.000000000 -0400
-@@ -81,6 +81,7 @@
++++ serefpolicy-2.3.6/policy/modules/services/cups.te 2006-08-08 16:15:43.000000000 -0400
+@@ -74,13 +74,14 @@
+ #
+
+ # /usr/lib/cups/backend/serial needs sys_admin(?!)
+-allow cupsd_t self:capability { sys_admin dac_override dac_read_search kill setgid setuid fsetid net_bind_service fowner chown dac_override sys_tty_config audit_write };
++allow cupsd_t self:capability { sys_admin dac_override dac_read_search kill setgid setuid fsetid net_bind_service fowner chown dac_override sys_resource sys_tty_config audit_write };
+ dontaudit cupsd_t self:capability { sys_tty_config net_admin };
+ allow cupsd_t self:process { setsched signal_perms };
+ allow cupsd_t self:fifo_file rw_file_perms;
allow cupsd_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow cupsd_t self:unix_dgram_socket create_socket_perms;
allow cupsd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
@@ -528,9 +553,9 @@
sysnet_read_config(cupsd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.3.5/policy/modules/services/dbus.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.3.6/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/dbus.if 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/dbus.if 2006-08-08 16:15:43.000000000 -0400
@@ -171,6 +171,11 @@
xserver_use_xdm_fds($1_dbusd_t)
xserver_rw_xdm_pipes($1_dbusd_t)
@@ -543,9 +568,9 @@
')
#######################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-2.3.5/policy/modules/services/ldap.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-2.3.6/policy/modules/services/ldap.te
--- nsaserefpolicy/policy/modules/services/ldap.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/ldap.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/ldap.te 2006-08-08 16:15:43.000000000 -0400
@@ -72,7 +72,7 @@
allow slapd_t slapd_var_run_t:file create_file_perms;
@@ -555,9 +580,9 @@
kernel_read_system_state(slapd_t)
kernel_read_kernel_sysctls(slapd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-2.3.5/policy/modules/services/nis.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-2.3.6/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/nis.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/nis.te 2006-08-08 16:15:43.000000000 -0400
@@ -249,8 +249,6 @@
allow ypserv_t self:unix_dgram_socket create_socket_perms;
allow ypserv_t self:unix_stream_socket create_stream_socket_perms;
@@ -567,9 +592,9 @@
allow ypserv_t var_yp_t:dir rw_dir_perms;
allow ypserv_t var_yp_t:file create_file_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.3.5/policy/modules/services/ntp.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.3.6/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/ntp.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/ntp.te 2006-08-08 16:15:43.000000000 -0400
@@ -32,7 +32,7 @@
# sys_resource and setrlimit is for locking memory
@@ -579,9 +604,9 @@
dontaudit ntpd_t self:capability { net_admin sys_tty_config fsetid sys_nice };
allow ntpd_t self:process { signal_perms setcap setsched setrlimit };
allow ntpd_t self:fifo_file { read write getattr };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.3.5/policy/modules/services/pegasus.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.3.6/policy/modules/services/pegasus.if
--- nsaserefpolicy/policy/modules/services/pegasus.if 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/pegasus.if 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/pegasus.if 2006-08-08 16:15:43.000000000 -0400
@@ -1 +1,32 @@
## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
+
@@ -615,9 +640,9 @@
+ allow pegasus_t $1:fifo_file rw_file_perms;
+ allow pegasus_t $1:process sigchld;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.3.5/policy/modules/services/pegasus.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.3.6/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/pegasus.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/pegasus.te 2006-08-08 16:15:43.000000000 -0400
@@ -100,13 +100,12 @@
auth_use_nsswitch(pegasus_t)
@@ -634,9 +659,9 @@
files_read_var_lib_symlinks(pegasus_t)
hostname_exec(pegasus_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.3.5/policy/modules/services/postfix.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.3.6/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/postfix.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/postfix.te 2006-08-08 16:15:43.000000000 -0400
@@ -250,6 +250,7 @@
allow postfix_cleanup_t postfix_spool_t:lnk_file create_lnk_perms;
@@ -672,9 +697,9 @@
optional_policy(`
postgrey_stream_connect(postfix_smtpd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.3.5/policy/modules/services/procmail.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.3.6/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/procmail.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/procmail.te 2006-08-08 16:15:43.000000000 -0400
@@ -29,6 +29,7 @@
kernel_read_kernel_sysctls(procmail_t)
@@ -683,9 +708,9 @@
corenet_tcp_sendrecv_all_if(procmail_t)
corenet_udp_sendrecv_all_if(procmail_t)
corenet_tcp_sendrecv_all_nodes(procmail_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.3.5/policy/modules/services/samba.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.3.6/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/samba.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/samba.te 2006-08-08 16:15:43.000000000 -0400
@@ -191,7 +191,7 @@
allow smbd_t samba_etc_t:dir rw_dir_perms;
allow smbd_t samba_etc_t:file { rw_file_perms setattr };
@@ -704,9 +729,9 @@
allow nmbd_t samba_log_t:file { create ra_file_perms };
allow nmbd_t samba_var_t:dir rw_dir_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-2.3.5/policy/modules/services/setroubleshoot.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-2.3.6/policy/modules/services/setroubleshoot.fc
--- nsaserefpolicy/policy/modules/services/setroubleshoot.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.5/policy/modules/services/setroubleshoot.fc 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/setroubleshoot.fc 2006-08-08 16:15:43.000000000 -0400
@@ -0,0 +1,9 @@
+# setroubleshoot executables
+
@@ -717,16 +742,16 @@
+/var/log/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_log_t,s0)
+
+/var/lib/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-2.3.5/policy/modules/services/setroubleshoot.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-2.3.6/policy/modules/services/setroubleshoot.if
--- nsaserefpolicy/policy/modules/services/setroubleshoot.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.5/policy/modules/services/setroubleshoot.if 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/setroubleshoot.if 2006-08-08 16:15:43.000000000 -0400
@@ -0,0 +1,3 @@
+## <summary>policy for setroubleshoot</summary>
+
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.3.5/policy/modules/services/setroubleshoot.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.3.6/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.5/policy/modules/services/setroubleshoot.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/setroubleshoot.te 2006-08-08 16:15:43.000000000 -0400
@@ -0,0 +1,105 @@
+policy_module(setroubleshoot,1.0.0)
+
@@ -833,9 +858,9 @@
+
+files_dontaudit_search_tmp(setroubleshootd_t)
+files_dontaudit_search_src(setroubleshootd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.3.5/policy/modules/services/spamassassin.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.3.6/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/spamassassin.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/spamassassin.te 2006-08-08 16:15:43.000000000 -0400
@@ -194,3 +194,7 @@
optional_policy(`
udev_read_db(spamd_t)
@@ -844,9 +869,9 @@
+optional_policy(`
+ postfix_read_config(spamd_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-2.3.5/policy/modules/services/squid.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-2.3.6/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/squid.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/squid.te 2006-08-08 16:15:43.000000000 -0400
@@ -28,9 +28,9 @@
# Local policy
#
@@ -859,9 +884,9 @@
allow squid_t self:fifo_file rw_file_perms;
allow squid_t self:sock_file r_file_perms;
allow squid_t self:fd use;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-2.3.5/policy/modules/services/ssh.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-2.3.6/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/ssh.if 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/ssh.if 2006-08-08 16:15:43.000000000 -0400
@@ -1,5 +1,4 @@
## <summary>Secure shell client and server policy.</summary>
-
@@ -896,9 +921,9 @@
+ allow ssh_keygen_t $1:fifo_file rw_file_perms;
+ allow ssh_keygen_t $1:process sigchld;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-2.3.5/policy/modules/services/stunnel.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-2.3.6/policy/modules/services/stunnel.te
--- nsaserefpolicy/policy/modules/services/stunnel.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/stunnel.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/stunnel.te 2006-08-08 16:15:43.000000000 -0400
@@ -105,6 +105,10 @@
')
@@ -910,9 +935,9 @@
seutil_sigchld_newrole(stunnel_t)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.3.5/policy/modules/services/xserver.if
---- nsaserefpolicy/policy/modules/services/xserver.if 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/xserver.if 2006-08-07 19:45:48.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.3.6/policy/modules/services/xserver.if
+--- nsaserefpolicy/policy/modules/services/xserver.if 2006-08-08 14:59:36.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/xserver.if 2006-08-08 16:15:43.000000000 -0400
@@ -45,7 +45,6 @@
allow $1_xserver_t self:capability { dac_override fsetid setgid setuid ipc_owner sys_rawio sys_admin sys_nice sys_tty_config mknod net_bind_service };
dontaudit $1_xserver_t self:capability chown;
@@ -943,7 +968,7 @@
auth_search_pam_console_data($1_xserver_t)
')
-@@ -1125,7 +1130,47 @@
+@@ -1103,7 +1108,47 @@
')
files_search_tmp($1)
@@ -992,9 +1017,9 @@
+ allow $1 ice_tmp_t:dir ra_dir_perms;
+ allow $1 ice_tmp_t:sock_file create_file_perms;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.3.5/policy/modules/services/xserver.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.3.6/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/services/xserver.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/services/xserver.te 2006-08-08 16:15:43.000000000 -0400
@@ -81,7 +81,7 @@
#
@@ -1058,9 +1083,9 @@
unconfined_domain_noaudit(xdm_xserver_t)
unconfined_domtrans(xdm_xserver_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.3.5/policy/modules/system/fstools.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.3.6/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/fstools.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/fstools.te 2006-08-08 16:15:43.000000000 -0400
@@ -111,6 +111,7 @@
corecmd_read_sbin_files(fsadm_t)
corecmd_read_sbin_pipes(fsadm_t)
@@ -1069,9 +1094,9 @@
domain_use_interactive_fds(fsadm_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.3.5/policy/modules/system/hostname.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.3.6/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/hostname.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/hostname.te 2006-08-08 16:15:43.000000000 -0400
@@ -8,7 +8,10 @@
type hostname_t;
@@ -1094,9 +1119,9 @@
+ xen_dontaudit_use_fds(hostname_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.3.5/policy/modules/system/init.if
---- nsaserefpolicy/policy/modules/system/init.if 2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/init.if 2006-08-07 19:45:48.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.3.6/policy/modules/system/init.if
+--- nsaserefpolicy/policy/modules/system/init.if 2006-08-08 14:59:36.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/init.if 2006-08-08 16:15:43.000000000 -0400
@@ -158,13 +158,6 @@
allow $1 initrc_t:fifo_file rw_file_perms;
allow $1 initrc_t:process sigchld;
@@ -1111,9 +1136,9 @@
')
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.3.5/policy/modules/system/libraries.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.3.6/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/libraries.fc 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/libraries.fc 2006-08-08 16:15:43.000000000 -0400
@@ -200,7 +200,7 @@
/usr/lib(64)?/libpostproc\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libavformat.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -1123,9 +1148,9 @@
/usr/lib(64)?/libxvidcore\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xine/plugins/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libgsm\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.3.5/policy/modules/system/locallogin.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.3.6/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/locallogin.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/locallogin.te 2006-08-08 16:15:43.000000000 -0400
@@ -47,7 +47,7 @@
allow local_login_t self:sem create_sem_perms;
allow local_login_t self:msgq create_msgq_perms;
@@ -1144,9 +1169,9 @@
dev_setattr_mouse_dev(local_login_t)
dev_getattr_mouse_dev(local_login_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-2.3.5/policy/modules/system/logging.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-2.3.6/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/logging.fc 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/logging.fc 2006-08-08 16:15:43.000000000 -0400
@@ -38,3 +38,6 @@
/var/spool/postfix/pid -d gen_context(system_u:object_r:var_run_t,s0)
@@ -1154,9 +1179,9 @@
+
+/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,s0)
+/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-2.3.5/policy/modules/system/logging.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-2.3.6/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/logging.if 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/logging.if 2006-08-08 16:15:43.000000000 -0400
@@ -553,3 +553,24 @@
allow $1 var_log_t:dir rw_dir_perms;
allow $1 var_log_t:file create_file_perms;
@@ -1182,9 +1207,9 @@
+ allow $1 auditd_var_run_t:sock_file rw_file_perms;
+ allow $1 auditd_t:unix_stream_socket connectto;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.3.5/policy/modules/system/logging.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.3.6/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/logging.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/logging.te 2006-08-08 16:15:43.000000000 -0400
@@ -120,9 +120,10 @@
allow auditd_t auditd_log_t:lnk_file create_lnk_perms;
allow auditd_t var_log_t:dir search;
@@ -1197,9 +1222,9 @@
kernel_read_kernel_sysctls(auditd_t)
# Needs to be able to run dispatcher. see /etc/audit/auditd.conf
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-2.3.5/policy/modules/system/miscfiles.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-2.3.6/policy/modules/system/miscfiles.fc
--- nsaserefpolicy/policy/modules/system/miscfiles.fc 2006-07-14 17:04:43.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/miscfiles.fc 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/miscfiles.fc 2006-08-08 16:15:43.000000000 -0400
@@ -9,6 +9,7 @@
# /etc
#
@@ -1208,10 +1233,18 @@
/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
#
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.3.5/policy/modules/system/mount.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.3.6/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/mount.te 2006-08-07 19:45:48.000000000 -0400
-@@ -97,6 +97,8 @@
++++ serefpolicy-2.3.6/policy/modules/system/mount.te 2006-08-08 16:38:58.000000000 -0400
+@@ -80,6 +80,7 @@
+ files_read_isid_type_files(mount_t)
+ # For reading cert files
+ files_read_usr_files(mount_t)
++files_list_mnt(mount_t)
+
+ init_use_fds(mount_t)
+ init_use_script_ptys(mount_t)
+@@ -97,6 +98,8 @@
sysnet_use_portmap(mount_t)
@@ -1220,9 +1253,9 @@
userdom_use_all_users_fds(mount_t)
ifdef(`distro_redhat',`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.3.5/policy/modules/system/selinuxutil.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.3.6/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/selinuxutil.te 2006-08-07 20:14:05.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/selinuxutil.te 2006-08-08 16:15:43.000000000 -0400
@@ -355,6 +355,8 @@
kernel_relabelfrom_unlabeled_symlinks(restorecon_t)
kernel_relabelfrom_unlabeled_pipes(restorecon_t)
@@ -1253,9 +1286,9 @@
optional_policy(`
nscd_socket_use(semanage_t)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-2.3.5/policy/modules/system/udev.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-2.3.6/policy/modules/system/udev.fc
--- nsaserefpolicy/policy/modules/system/udev.fc 2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/udev.fc 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/udev.fc 2006-08-08 16:15:43.000000000 -0400
@@ -1,5 +1,6 @@
# udev
@@ -1263,9 +1296,9 @@
/dev/\.udevdb -- gen_context(system_u:object_r:udev_tbl_t,s0)
/dev/udev\.tbl -- gen_context(system_u:object_r:udev_tbl_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.3.5/policy/modules/system/unconfined.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.3.6/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/unconfined.if 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/unconfined.if 2006-08-08 16:15:43.000000000 -0400
@@ -20,6 +20,7 @@
# Use any Linux capability.
allow $1 self:capability *;
@@ -1282,9 +1315,9 @@
files_unconfined($1)
fs_unconfined($1)
selinux_unconfined($1)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.3.5/policy/modules/system/unconfined.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.3.6/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/unconfined.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/unconfined.te 2006-08-08 16:15:43.000000000 -0400
@@ -195,4 +195,9 @@
ifdef(`targeted_policy',`
allow unconfined_execmem_t self:process { execstack execmem };
@@ -1295,9 +1328,9 @@
+ unconfined_dbus_chat(unconfined_execmem_t)
+ ')
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.3.5/policy/modules/system/userdomain.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.3.6/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-07-14 17:04:43.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/userdomain.if 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/userdomain.if 2006-08-08 16:15:43.000000000 -0400
@@ -8,11 +8,10 @@
## <desc>
## <p>
@@ -1704,9 +1737,9 @@
+ dontaudit $1_t { $2_devpts_t $2_tty_device_t }:chr_file ioctl;
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.3.5/policy/modules/system/userdomain.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.3.6/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-07-14 17:04:43.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/userdomain.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/userdomain.te 2006-08-08 16:15:43.000000000 -0400
@@ -56,14 +56,6 @@
# Local policy
#
@@ -1815,9 +1848,9 @@
', `
selinux_set_enforce_mode(sysadm_t)
selinux_set_boolean(sysadm_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.3.5/policy/modules/system/xen.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.3.6/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2006-07-14 17:04:43.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/xen.if 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/xen.if 2006-08-08 16:15:43.000000000 -0400
@@ -127,3 +127,41 @@
allow xm_t $1:fifo_file rw_file_perms;
allow xm_t $1:process sigchld;
@@ -1860,9 +1893,9 @@
+
+ dontaudit $1 xend_t:fd use;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.3.5/policy/modules/system/xen.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.3.6/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.5/policy/modules/system/xen.te 2006-08-07 19:45:48.000000000 -0400
++++ serefpolicy-2.3.6/policy/modules/system/xen.te 2006-08-08 16:15:43.000000000 -0400
@@ -69,7 +69,10 @@
#
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.246
retrieving revision 1.247
diff -u -r1.246 -r1.247
--- selinux-policy.spec 8 Aug 2006 00:26:46 -0000 1.246
+++ selinux-policy.spec 8 Aug 2006 20:40:36 -0000 1.247
@@ -15,7 +15,7 @@
%define CHECKPOLICYVER 1.30.4-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.3.5
+Version: 2.3.6
Release: 1
License: GPL
Group: System Environment/Base
@@ -259,7 +259,6 @@
fi
fi
-
%if %{BUILD_TARGETED}
%package targeted
Summary: SELinux targeted base policy
@@ -348,6 +347,9 @@
%endif
%changelog
+* Tue Aug 8 2006 Dan Walsh <dwalsh at redhat.com> 2.3.6-1
+- Quiet down anaconda audit messages
+
* Mon Aug 7 2006 Dan Walsh <dwalsh at redhat.com> 2.3.5-1
- Fix setroubleshootd
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/sources,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -r1.82 -r1.83
--- sources 8 Aug 2006 00:26:46 -0000 1.82
+++ sources 8 Aug 2006 20:40:36 -0000 1.83
@@ -1 +1 @@
-dd1d9d958535e36048d5470580d3f108 serefpolicy-2.3.5.tgz
+d374829a4b5a08e44d337dc5cbf77d21 serefpolicy-2.3.6.tgz
More information about the fedora-cvs-commits
mailing list