rpms/selinux-policy/devel modules-targeted.conf, 1.8, 1.9 policy-20060104.patch, 1.1, 1.2
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Jan 5 21:54:15 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv32404
Modified Files:
modules-targeted.conf policy-20060104.patch
Log Message:
* Wed Jan 4 2006 Dan Walsh <dwalsh at redhat.com> 2.1.7-1
- Update to upstream
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- modules-targeted.conf 30 Dec 2005 16:08:00 -0000 1.8
+++ modules-targeted.conf 5 Jan 2006 21:54:11 -0000 1.9
@@ -139,7 +139,7 @@
#
# Virtual Private Networking client
#
-vpn = off
+vpn = base
# Layer: admin
# Module: su
policy-20060104.patch:
Makefile | 2
Rules.modular | 10
config/appconfig-strict-mcs/default_type | 6
config/appconfig-strict-mls/default_type | 7
config/appconfig-strict-mls/initrc_context | 2
config/appconfig-targeted-mcs/default_type | 2
config/appconfig-targeted-mls/default_type | 2
config/appconfig-targeted-mls/initrc_context | 2
man/man8/ftpd_selinux.8 | 56 ++++
man/man8/httpd_selinux.8 | 123 ++++++++
man/man8/kerberos_selinux.8 | 31 ++
man/man8/named_selinux.8 | 29 ++
man/man8/nfs_selinux.8 | 30 ++
man/man8/nis_selinux.8 | 1
man/man8/rsync_selinux.8 | 41 ++
man/man8/samba_selinux.8 | 60 ++++
man/man8/ypbind_selinux.8 | 19 +
policy/global_tunables | 3
policy/mcs | 321 ++++-------------------
policy/mls | 371 +++++----------------------
policy/modules/admin/amanda.te | 4
policy/modules/admin/kudzu.te | 9
policy/modules/admin/logrotate.te | 4
policy/modules/admin/rpm.fc | 1
policy/modules/admin/rpm.te | 19 -
policy/modules/admin/su.if | 2
policy/modules/admin/tmpreaper.te | 3
policy/modules/admin/usermanage.te | 15 -
policy/modules/apps/java.fc | 4
policy/modules/apps/java.if | 23 +
policy/modules/apps/java.te | 25 +
policy/modules/apps/webalizer.te | 1
policy/modules/kernel/corecommands.te | 6
policy/modules/kernel/corenetwork.te.in | 12
policy/modules/kernel/devices.fc | 9
policy/modules/kernel/domain.if | 1
policy/modules/kernel/domain.te | 4
policy/modules/kernel/files.fc | 27 +
policy/modules/kernel/files.if | 17 +
policy/modules/kernel/kernel.if | 3
policy/modules/kernel/kernel.te | 30 +-
policy/modules/kernel/mls.te | 9
policy/modules/kernel/selinux.te | 2
policy/modules/kernel/storage.fc | 46 +--
policy/modules/services/apache.te | 9
policy/modules/services/apm.te | 1
policy/modules/services/automount.te | 9
policy/modules/services/bind.if | 19 +
policy/modules/services/bluetooth.te | 1
policy/modules/services/cron.te | 3
policy/modules/services/cups.te | 7
policy/modules/services/cvs.fc | 2
policy/modules/services/cvs.te | 6
policy/modules/services/dbus.te | 1
policy/modules/services/dovecot.te | 2
policy/modules/services/hal.te | 4
policy/modules/services/ldap.te | 4
policy/modules/services/locate.fc | 4
policy/modules/services/locate.if | 1
policy/modules/services/locate.te | 50 +++
policy/modules/services/logwatch.fc | 3
policy/modules/services/logwatch.if | 1
policy/modules/services/logwatch.te | 103 +++++++
policy/modules/services/mta.te | 13
policy/modules/services/nscd.te | 1
policy/modules/services/ntp.te | 2
policy/modules/services/ppp.te | 4
policy/modules/services/prelink.fc | 7
policy/modules/services/prelink.if | 39 ++
policy/modules/services/prelink.te | 64 ++++
policy/modules/services/remotelogin.te | 1
policy/modules/services/samba.if | 3
policy/modules/services/sasl.te | 8
policy/modules/services/sendmail.te | 36 --
policy/modules/services/ssh.te | 10
policy/modules/services/xdm.te | 4
policy/modules/system/authlogin.if | 12
policy/modules/system/authlogin.te | 1
policy/modules/system/getty.te | 3
policy/modules/system/hostname.if | 15 +
policy/modules/system/hostname.te | 37 --
policy/modules/system/init.if | 14 +
policy/modules/system/init.te | 22 +
policy/modules/system/iptables.te | 2
policy/modules/system/libraries.fc | 126 ++++-----
policy/modules/system/libraries.te | 4
policy/modules/system/locallogin.te | 2
policy/modules/system/logging.fc | 7
policy/modules/system/logging.if | 21 +
policy/modules/system/logging.te | 5
policy/modules/system/lvm.te | 2
policy/modules/system/mount.te | 2
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/selinuxutil.te | 11
policy/modules/system/udev.fc | 1
policy/modules/system/udev.te | 4
policy/modules/system/unconfined.fc | 2
policy/modules/system/unconfined.te | 13
policy/modules/system/userdomain.fc | 2
policy/modules/system/userdomain.if | 27 +
policy/modules/system/userdomain.te | 17 +
policy/users | 8
102 files changed, 1393 insertions(+), 789 deletions(-)
Index: policy-20060104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060104.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- policy-20060104.patch 4 Jan 2006 19:24:24 -0000 1.1
+++ policy-20060104.patch 5 Jan 2006 21:54:11 -0000 1.2
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mcs/default_type serefpolicy-2.1.7/config/appconfig-strict-mcs/default_type
--- nsaserefpolicy/config/appconfig-strict-mcs/default_type 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/config/appconfig-strict-mcs/default_type 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/config/appconfig-strict-mcs/default_type 2006-01-05 11:12:20.000000000 -0500
@@ -1,3 +1,3 @@
-sysadm_r:sysadm_t:s0
-staff_r:staff_t:s0
@@ -10,7 +10,7 @@
+user_r:user_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/default_type serefpolicy-2.1.7/config/appconfig-strict-mls/default_type
--- nsaserefpolicy/config/appconfig-strict-mls/default_type 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/config/appconfig-strict-mls/default_type 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/config/appconfig-strict-mls/default_type 2006-01-05 11:12:20.000000000 -0500
@@ -1,3 +1,4 @@
-sysadm_r:sysadm_t:s0
-staff_r:staff_t:s0
@@ -21,31 +21,31 @@
+user_r:user_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/initrc_context serefpolicy-2.1.7/config/appconfig-strict-mls/initrc_context
--- nsaserefpolicy/config/appconfig-strict-mls/initrc_context 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/config/appconfig-strict-mls/initrc_context 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/config/appconfig-strict-mls/initrc_context 2006-01-05 11:12:20.000000000 -0500
@@ -1 +1 @@
-system_u:system_r:initrc_t:s0
+system_u:system_r:initrc_t:s0-s15:c0.c255
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/default_type serefpolicy-2.1.7/config/appconfig-targeted-mcs/default_type
--- nsaserefpolicy/config/appconfig-targeted-mcs/default_type 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/config/appconfig-targeted-mcs/default_type 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/config/appconfig-targeted-mcs/default_type 2006-01-05 11:12:20.000000000 -0500
@@ -1 +1 @@
-system_r:unconfined_t:s0
+system_r:unconfined_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mls/default_type serefpolicy-2.1.7/config/appconfig-targeted-mls/default_type
--- nsaserefpolicy/config/appconfig-targeted-mls/default_type 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/config/appconfig-targeted-mls/default_type 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/config/appconfig-targeted-mls/default_type 2006-01-05 11:12:20.000000000 -0500
@@ -1 +1 @@
-system_r:unconfined_t:s0
+system_r:unconfined_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mls/initrc_context serefpolicy-2.1.7/config/appconfig-targeted-mls/initrc_context
--- nsaserefpolicy/config/appconfig-targeted-mls/initrc_context 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/config/appconfig-targeted-mls/initrc_context 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/config/appconfig-targeted-mls/initrc_context 2006-01-05 11:12:20.000000000 -0500
@@ -1 +1 @@
-user_u:system_r:unconfined_t:s0
+user_u:system_r:unconfined_t:s0-s15:c0.c255
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-2.1.7/Makefile
--- nsaserefpolicy/Makefile 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.7/Makefile 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/Makefile 2006-01-05 11:12:20.000000000 -0500
@@ -92,7 +92,7 @@
# enable MLS if requested.
@@ -57,7 +57,7 @@
endif
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-2.1.7/man/man8/ftpd_selinux.8
--- nsaserefpolicy/man/man8/ftpd_selinux.8 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/man/man8/ftpd_selinux.8 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/man/man8/ftpd_selinux.8 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,56 @@
+.TH "ftpd_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "ftpd Selinux Policy documentation"
+.SH "NAME"
@@ -117,7 +117,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-2.1.7/man/man8/httpd_selinux.8
--- nsaserefpolicy/man/man8/httpd_selinux.8 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/man/man8/httpd_selinux.8 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/man/man8/httpd_selinux.8 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,123 @@
+.TH "httpd_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "httpd Selinux Policy documentation"
+.SH "NAME"
@@ -244,7 +244,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/kerberos_selinux.8 serefpolicy-2.1.7/man/man8/kerberos_selinux.8
--- nsaserefpolicy/man/man8/kerberos_selinux.8 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/man/man8/kerberos_selinux.8 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/man/man8/kerberos_selinux.8 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,31 @@
+.TH "kerberos_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "kerberos Selinux Policy documentation"
+.SH "NAME"
@@ -279,7 +279,7 @@
+selinux(8), kerberos(1), chcon(1), setsebool(8)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/named_selinux.8 serefpolicy-2.1.7/man/man8/named_selinux.8
--- nsaserefpolicy/man/man8/named_selinux.8 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/man/man8/named_selinux.8 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/man/man8/named_selinux.8 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,29 @@
+.TH "named_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "named Selinux Policy documentation"
+.SH "NAME"
@@ -312,7 +312,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/nfs_selinux.8 serefpolicy-2.1.7/man/man8/nfs_selinux.8
--- nsaserefpolicy/man/man8/nfs_selinux.8 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/man/man8/nfs_selinux.8 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/man/man8/nfs_selinux.8 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,30 @@
+.TH "nfs_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "nfs Selinux Policy documentation"
+.SH "NAME"
@@ -346,12 +346,12 @@
+selinux(8), chcon(1), setsebool(8)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/nis_selinux.8 serefpolicy-2.1.7/man/man8/nis_selinux.8
--- nsaserefpolicy/man/man8/nis_selinux.8 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/man/man8/nis_selinux.8 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/man/man8/nis_selinux.8 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1 @@
+.so man8/ypbind_selinux.8
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/rsync_selinux.8 serefpolicy-2.1.7/man/man8/rsync_selinux.8
--- nsaserefpolicy/man/man8/rsync_selinux.8 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/man/man8/rsync_selinux.8 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/man/man8/rsync_selinux.8 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,41 @@
+.TH "rsync_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "rsync Selinux Policy documentation"
+.SH "NAME"
@@ -396,7 +396,7 @@
+selinux(8), rsync(1), chcon(1), setsebool(8)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/samba_selinux.8 serefpolicy-2.1.7/man/man8/samba_selinux.8
--- nsaserefpolicy/man/man8/samba_selinux.8 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/man/man8/samba_selinux.8 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/man/man8/samba_selinux.8 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,60 @@
+.TH "samba_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "Samba Selinux Policy documentation"
+.SH "NAME"
@@ -460,7 +460,7 @@
+selinux(8), samba(7), chcon(1), setsebool(8)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ypbind_selinux.8 serefpolicy-2.1.7/man/man8/ypbind_selinux.8
--- nsaserefpolicy/man/man8/ypbind_selinux.8 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/man/man8/ypbind_selinux.8 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/man/man8/ypbind_selinux.8 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,19 @@
+.TH "ypbind_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "ypbind Selinux Policy documentation"
+.SH "NAME"
@@ -483,7 +483,7 @@
+selinux(8), ypbind(8), chcon(1), setsebool(8)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.1.7/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2005-12-12 23:05:35.000000000 -0500
-+++ serefpolicy-2.1.7/policy/global_tunables 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/global_tunables 2006-01-05 11:12:20.000000000 -0500
@@ -42,6 +42,9 @@
## Allow sasl to read shadow
gen_tunable(allow_saslauthd_read_shadow,false)
@@ -496,7 +496,7 @@
gen_tunable(allow_smbd_anon_write,false)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-2.1.7/policy/mcs
--- nsaserefpolicy/policy/mcs 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/policy/mcs 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/mcs 2006-01-05 11:12:20.000000000 -0500
@@ -19,263 +19,70 @@
#
# Each category has a name and zero or more aliases.
@@ -827,7 +827,7 @@
# Each MCS level specifies a sensitivity and zero or more categories which may
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.1.7/policy/mls
--- nsaserefpolicy/policy/mls 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/policy/mls 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/mls 2006-01-05 11:12:20.000000000 -0500
@@ -33,262 +33,70 @@
#
# Each category has a name and zero or more aliases.
@@ -1294,7 +1294,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.1.7/policy/modules/admin/amanda.te
--- nsaserefpolicy/policy/modules/admin/amanda.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/admin/amanda.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/admin/amanda.te 2006-01-05 11:12:20.000000000 -0500
@@ -165,6 +165,10 @@
sysnet_read_config(amanda_t)
@@ -1308,7 +1308,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.1.7/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/admin/kudzu.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/admin/kudzu.te 2006-01-05 11:12:20.000000000 -0500
@@ -23,7 +23,8 @@
allow kudzu_t self:capability { dac_override sys_admin sys_rawio net_admin sys_tty_config mknod };
@@ -1340,8 +1340,8 @@
gpm_getattr_gpmctl(kudzu_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-2.1.7/policy/modules/admin/logrotate.te
---- nsaserefpolicy/policy/modules/admin/logrotate.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/admin/logrotate.te 2006-01-04 10:50:14.000000000 -0500
+--- nsaserefpolicy/policy/modules/admin/logrotate.te 2006-01-04 17:28:52.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/admin/logrotate.te 2006-01-05 11:12:20.000000000 -0500
@@ -67,6 +67,10 @@
kernel_read_system_state(logrotate_t)
kernel_read_kernel_sysctl(logrotate_t)
@@ -1355,7 +1355,7 @@
fs_search_auto_mountpoints(logrotate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.1.7/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2005-11-14 18:24:06.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/admin/rpm.fc 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/admin/rpm.fc 2006-01-05 11:12:20.000000000 -0500
@@ -1,5 +1,6 @@
/bin/rpm -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -1365,7 +1365,7 @@
/usr/bin/apt-shell -- gen_context(system_u:object_r:rpm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.1.7/policy/modules/admin/rpm.te
--- nsaserefpolicy/policy/modules/admin/rpm.te 2005-12-14 10:38:49.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/admin/rpm.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/admin/rpm.te 2006-01-05 11:12:20.000000000 -0500
@@ -114,6 +114,10 @@
fs_getattr_all_fs(rpm_t)
fs_search_auto_mountpoints(rpm_t)
@@ -1411,9 +1411,22 @@
tunable_policy(`allow_execmem',`
allow rpm_script_t self:process execmem;
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.1.7/policy/modules/admin/su.if
+--- nsaserefpolicy/policy/modules/admin/su.if 2005-12-09 23:35:04.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/admin/su.if 2006-01-05 16:38:30.000000000 -0500
+@@ -193,7 +193,9 @@
+ domain_use_wide_inherit_fd($1_su_t)
+
+ files_read_etc_files($1_su_t)
++ files_read_etc_runtime_files($1_su_t)
+ files_search_var_lib($1_su_t)
++ files_dontaudit_getattr_tmp_dir($1_su_t)
+
+ init_dontaudit_use_fd($1_su_t)
+ # Write to utmp.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-2.1.7/policy/modules/admin/tmpreaper.te
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/admin/tmpreaper.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/admin/tmpreaper.te 2006-01-05 11:12:20.000000000 -0500
@@ -39,6 +39,9 @@
miscfiles_read_localization(tmpreaper_t)
miscfiles_delete_man_pages(tmpreaper_t)
@@ -1426,7 +1439,7 @@
ifdef(`TODO',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.1.7/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/admin/usermanage.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/admin/usermanage.te 2006-01-05 11:12:20.000000000 -0500
@@ -44,6 +44,10 @@
type passwd_exec_t;
domain_entry_file(passwd_t,passwd_exec_t)
@@ -1479,7 +1492,7 @@
selinux_get_fs_mount(useradd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.1.7/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/apps/java.fc 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/apps/java.fc 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,4 @@
+
+/usr/.*/java -- gen_context(system_u:object_r:java_exec_t,s0)
@@ -1487,7 +1500,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-2.1.7/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/apps/java.if 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/apps/java.if 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,23 @@
+## <summary>Load keyboard mappings.</summary>
+
@@ -1514,7 +1527,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.1.7/policy/modules/apps/java.te
--- nsaserefpolicy/policy/modules/apps/java.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/apps/java.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/apps/java.te 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,25 @@
+policy_module(java,1.0.0)
+
@@ -1543,7 +1556,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalizer.te serefpolicy-2.1.7/policy/modules/apps/webalizer.te
--- nsaserefpolicy/policy/modules/apps/webalizer.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/apps/webalizer.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/apps/webalizer.te 2006-01-05 11:12:20.000000000 -0500
@@ -87,6 +87,7 @@
sysnet_read_config(webalizer_t)
@@ -1554,7 +1567,7 @@
apache_manage_sys_content(webalizer_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.te serefpolicy-2.1.7/policy/modules/kernel/corecommands.te
--- nsaserefpolicy/policy/modules/kernel/corecommands.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/kernel/corecommands.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/kernel/corecommands.te 2006-01-05 11:12:20.000000000 -0500
@@ -35,3 +35,9 @@
type chroot_exec_t;
@@ -1567,7 +1580,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.1.7/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2005-12-02 17:53:26.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/kernel/corenetwork.te.in 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/kernel/corenetwork.te.in 2006-01-05 11:12:20.000000000 -0500
@@ -143,15 +143,15 @@
# nodes in net_contexts or net_contexts.mls.
#
@@ -1601,7 +1614,7 @@
#network_interface(eth0, eth0,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.1.7/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/kernel/devices.fc 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/kernel/devices.fc 2006-01-05 11:12:20.000000000 -0500
@@ -17,10 +17,10 @@
/dev/full -c gen_context(system_u:object_r:null_device_t,s0)
/dev/irlpt[0-9]+ -c gen_context(system_u:object_r:printer_device_t,s0)
@@ -1639,7 +1652,7 @@
/dev/s(ou)?nd/.* -c gen_context(system_u:object_r:sound_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-2.1.7/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2005-12-12 15:35:53.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/kernel/domain.if 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/kernel/domain.if 2006-01-05 11:12:20.000000000 -0500
@@ -501,6 +501,7 @@
')
@@ -1650,7 +1663,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.1.7/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/kernel/domain.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/kernel/domain.te 2006-01-05 11:12:20.000000000 -0500
@@ -67,3 +67,7 @@
# cjp: also need to except correctly for SEFramework
neverallow { domain unlabeled_t } file_type:process *;
@@ -1661,8 +1674,8 @@
+')
\ No newline at end of file
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.1.7/policy/modules/kernel/files.fc
---- nsaserefpolicy/policy/modules/kernel/files.fc 2005-12-01 17:57:16.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/kernel/files.fc 2006-01-04 10:50:14.000000000 -0500
+--- nsaserefpolicy/policy/modules/kernel/files.fc 2006-01-04 17:28:52.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/kernel/files.fc 2006-01-05 11:12:20.000000000 -0500
@@ -24,7 +24,7 @@
# /boot
#
@@ -1672,7 +1685,7 @@
/boot/lost\+found/.* <<none>>
#
-@@ -88,9 +88,9 @@
+@@ -89,9 +89,9 @@
# HOME_ROOT
# expanded by genhomedircon
#
@@ -1684,7 +1697,7 @@
HOME_ROOT/lost\+found/.* <<none>>
#
-@@ -102,7 +102,7 @@
+@@ -103,7 +103,7 @@
#
# /lost+found
#
@@ -1693,7 +1706,7 @@
/lost\+found/.* <<none>>
#
-@@ -149,11 +149,11 @@
+@@ -150,11 +150,11 @@
#
# /tmp
#
@@ -1707,7 +1720,7 @@
/tmp/lost\+found/.* <<none>>
#
-@@ -170,19 +170,19 @@
+@@ -171,19 +171,19 @@
/usr/local/etc(/.*)? gen_context(system_u:object_r:etc_t,s0)
@@ -1730,7 +1743,7 @@
/usr/tmp/.* <<none>>
#
-@@ -201,16 +201,17 @@
+@@ -202,16 +202,17 @@
/var/lock(/.*)? gen_context(system_u:object_r:var_lock_t,s0)
@@ -1753,9 +1766,9 @@
/var/tmp/lost\+found/.* <<none>>
/var/tmp/vi\.recover -d gen_context(system_u:object_r:tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.1.7/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/kernel/files.if 2006-01-04 10:50:14.000000000 -0500
-@@ -3149,3 +3149,20 @@
+--- nsaserefpolicy/policy/modules/kernel/files.if 2006-01-04 17:28:52.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/kernel/files.if 2006-01-05 11:12:20.000000000 -0500
+@@ -3183,3 +3183,20 @@
')
')
')
@@ -1779,7 +1792,7 @@
\ No newline at end of file
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.1.7/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2005-12-06 19:49:49.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/kernel/kernel.if 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/kernel/kernel.if 2006-01-05 11:12:20.000000000 -0500
@@ -436,7 +436,7 @@
type debugfs_t;
')
@@ -1799,7 +1812,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.1.7/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/kernel/kernel.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/kernel/kernel.te 2006-01-05 11:12:20.000000000 -0500
@@ -38,7 +38,7 @@
domain_base_type(kernel_t)
mls_rangetrans_source(kernel_t)
@@ -1886,7 +1899,7 @@
term_use_console(kernel_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.1.7/policy/modules/kernel/mls.te
--- nsaserefpolicy/policy/modules/kernel/mls.te 2005-12-13 15:51:49.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/kernel/mls.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/kernel/mls.te 2006-01-05 11:12:20.000000000 -0500
@@ -36,8 +36,11 @@
attribute mlsxwinreadtoclr;
attribute mlsxwinwrite;
@@ -1915,7 +1928,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.te serefpolicy-2.1.7/policy/modules/kernel/selinux.te
--- nsaserefpolicy/policy/modules/kernel/selinux.te 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/kernel/selinux.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/kernel/selinux.te 2006-01-05 11:12:20.000000000 -0500
@@ -18,7 +18,7 @@
type security_t;
fs_type(security_t)
@@ -1927,7 +1940,7 @@
neverallow ~can_load_policy security_t:security load_policy;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-2.1.7/policy/modules/kernel/storage.fc
--- nsaserefpolicy/policy/modules/kernel/storage.fc 2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/kernel/storage.fc 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/kernel/storage.fc 2006-01-05 11:12:20.000000000 -0500
@@ -5,35 +5,35 @@
/dev/n?osst[0-3].* -c gen_context(system_u:object_r:tape_device_t,s0)
/dev/n?pt[0-9]+ -c gen_context(system_u:object_r:tape_device_t,s0)
@@ -2012,7 +2025,7 @@
/dev/usb/rio500 -c gen_context(system_u:object_r:removable_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.1.7/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2005-12-12 23:05:35.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/apache.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/apache.te 2006-01-05 11:12:20.000000000 -0500
@@ -391,6 +391,10 @@
userdom_dontaudit_use_sysadm_terms(httpd_t)
')
@@ -2035,7 +2048,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-2.1.7/policy/modules/services/apm.te
--- nsaserefpolicy/policy/modules/services/apm.te 2005-12-09 23:35:05.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/apm.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/apm.te 2006-01-05 11:12:20.000000000 -0500
@@ -196,6 +196,7 @@
')
@@ -2046,7 +2059,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.1.7/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2005-12-13 15:51:49.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/automount.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/automount.te 2006-01-05 11:12:20.000000000 -0500
@@ -28,7 +28,7 @@
# Local policy
#
@@ -2086,7 +2099,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-2.1.7/policy/modules/services/bind.if
--- nsaserefpolicy/policy/modules/services/bind.if 2005-12-02 17:53:53.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/bind.if 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/bind.if 2006-01-05 11:12:20.000000000 -0500
@@ -188,3 +188,22 @@
allow $1 named_var_run_t:dir setattr;
@@ -2112,7 +2125,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.1.7/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2005-12-09 23:35:05.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/bluetooth.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/bluetooth.te 2006-01-05 11:12:20.000000000 -0500
@@ -54,6 +54,7 @@
allow bluetooth_t bluetooth_conf_t:dir rw_dir_perms;
@@ -2123,7 +2136,7 @@
allow bluetooth_t bluetooth_conf_rw_t:file create_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.1.7/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2005-12-13 15:51:49.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/cron.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/cron.te 2006-01-05 11:12:20.000000000 -0500
@@ -1,5 +1,5 @@
-policy_module(cron, 1.1.1)
@@ -2141,7 +2154,7 @@
libs_use_shared_libs(crond_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.1.7/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2005-12-09 23:35:05.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/cups.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/cups.te 2006-01-05 11:12:20.000000000 -0500
@@ -201,8 +201,7 @@
')
@@ -2172,7 +2185,7 @@
optional_policy(`dbus',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.fc serefpolicy-2.1.7/policy/modules/services/cvs.fc
--- nsaserefpolicy/policy/modules/services/cvs.fc 2005-11-14 18:24:07.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/cvs.fc 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/cvs.fc 2006-01-05 11:12:20.000000000 -0500
@@ -1,2 +1,4 @@
/usr/bin/cvs -- gen_context(system_u:object_r:cvs_exec_t,s0)
@@ -2180,7 +2193,7 @@
+/opt/cvs(/.*)? gen_context(system_u:object_r:cvs_data_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.1.7/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2005-12-09 23:35:05.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/cvs.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/cvs.te 2006-01-05 11:12:20.000000000 -0500
@@ -86,6 +86,12 @@
mta_send_mail(cvs_t)
@@ -2196,7 +2209,7 @@
kerberos_read_keytab(cvs_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-2.1.7/policy/modules/services/dbus.te
--- nsaserefpolicy/policy/modules/services/dbus.te 2005-12-09 23:35:05.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/dbus.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/dbus.te 2006-01-05 11:12:20.000000000 -0500
@@ -44,6 +44,7 @@
allow system_dbusd_t dbusd_etc_t:dir r_dir_perms;
allow system_dbusd_t dbusd_etc_t:file r_file_perms;
@@ -2207,7 +2220,7 @@
allow system_dbusd_t system_dbusd_tmp_t:file create_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.1.7/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2005-12-13 15:51:50.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/dovecot.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/dovecot.te 2006-01-05 11:12:20.000000000 -0500
@@ -95,6 +95,8 @@
files_read_etc_files(dovecot_t)
files_search_spool(dovecot_t)
@@ -2219,7 +2232,7 @@
init_use_script_pty(dovecot_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.1.7/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2005-12-14 10:38:50.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/hal.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/hal.te 2006-01-05 11:12:20.000000000 -0500
@@ -49,6 +49,8 @@
kernel_read_kernel_sysctl(hald_t)
kernel_write_proc_file(hald_t)
@@ -2247,7 +2260,7 @@
init_use_script_pty(hald_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-2.1.7/policy/modules/services/ldap.te
--- nsaserefpolicy/policy/modules/services/ldap.te 2005-12-09 23:35:05.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/ldap.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/ldap.te 2006-01-05 11:12:20.000000000 -0500
@@ -142,6 +142,10 @@
nis_use_ypbind(slapd_t)
')
@@ -2261,7 +2274,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/locate.fc serefpolicy-2.1.7/policy/modules/services/locate.fc
--- nsaserefpolicy/policy/modules/services/locate.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/locate.fc 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/locate.fc 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,4 @@
+# locate - file locater
+/usr/bin/updatedb -- gen_context(system_u:object_r:locate_exec_t, s0)
@@ -2269,12 +2282,12 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/locate.if serefpolicy-2.1.7/policy/modules/services/locate.if
--- nsaserefpolicy/policy/modules/services/locate.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/locate.if 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/locate.if 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1 @@
+## <summary>Update database for mlocate</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/locate.te serefpolicy-2.1.7/policy/modules/services/locate.te
--- nsaserefpolicy/policy/modules/services/locate.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/locate.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/locate.te 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,50 @@
+policy_module(locate,1.0.0)
+
@@ -2328,19 +2341,19 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/logwatch.fc serefpolicy-2.1.7/policy/modules/services/logwatch.fc
--- nsaserefpolicy/policy/modules/services/logwatch.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/logwatch.fc 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/logwatch.fc 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,3 @@
+# logwatch - file logwatchr
+/usr/share/logwatch/scripts/logwatch.pl -- gen_context(system_u:object_r:logwatch_exec_t, s0)
+/var/cache/logwatch(/.*)? gen_context(system_u:object_r:logwatch_cache_t, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/logwatch.if serefpolicy-2.1.7/policy/modules/services/logwatch.if
--- nsaserefpolicy/policy/modules/services/logwatch.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/logwatch.if 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/logwatch.if 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1 @@
+## <summary>Update database for mlogwatch</summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/logwatch.te serefpolicy-2.1.7/policy/modules/services/logwatch.te
--- nsaserefpolicy/policy/modules/services/logwatch.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/logwatch.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/logwatch.te 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,103 @@
+policy_module(logwatch,1.0.0)
+
@@ -2446,8 +2459,8 @@
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.1.7/policy/modules/services/mta.te
---- nsaserefpolicy/policy/modules/services/mta.te 2005-12-09 23:35:05.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/mta.te 2006-01-04 10:50:14.000000000 -0500
+--- nsaserefpolicy/policy/modules/services/mta.te 2006-01-04 17:28:52.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/mta.te 2006-01-05 11:12:20.000000000 -0500
@@ -47,6 +47,9 @@
allow system_mail_t etc_mail_t:dir { getattr search };
allow system_mail_t etc_mail_t:file r_file_perms;
@@ -2469,7 +2482,7 @@
optional_policy(`postfix',`
allow system_mail_t etc_aliases_t:dir create_dir_perms;
allow system_mail_t etc_aliases_t:file create_file_perms;
-@@ -170,3 +177,9 @@
+@@ -174,3 +181,9 @@
cron_read_system_job_tmp_files(mta_user_agent)
')
')
@@ -2481,7 +2494,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-2.1.7/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/nscd.te 2006-01-04 12:04:46.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/nscd.te 2006-01-05 11:12:20.000000000 -0500
@@ -128,7 +128,6 @@
optional_policy(`samba',`
@@ -2492,7 +2505,7 @@
optional_policy(`udev',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.1.7/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/ntp.te 2006-01-04 12:03:40.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/ntp.te 2006-01-05 11:12:20.000000000 -0500
@@ -148,8 +148,6 @@
')
@@ -2504,7 +2517,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-2.1.7/policy/modules/services/ppp.te
--- nsaserefpolicy/policy/modules/services/ppp.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/ppp.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/ppp.te 2006-01-05 11:12:20.000000000 -0500
@@ -318,10 +318,10 @@
udev_read_db(pptp_t)
')
@@ -2520,7 +2533,7 @@
domain_auto_trans(pppd_t, pppd_script_exec_t, initrc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelink.fc serefpolicy-2.1.7/policy/modules/services/prelink.fc
--- nsaserefpolicy/policy/modules/services/prelink.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/prelink.fc 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/prelink.fc 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,7 @@
+# prelink - prelink ELF shared libraries and binaries to speed up startup time
+/usr/sbin/prelink -- gen_context(system_u:object_r:prelink_exec_t,s0)
@@ -2531,7 +2544,7 @@
+/etc/prelink\.cache -- gen_context(system_u:object_r:prelink_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelink.if serefpolicy-2.1.7/policy/modules/services/prelink.if
--- nsaserefpolicy/policy/modules/services/prelink.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/prelink.if 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/prelink.if 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,39 @@
+## <summary>Prelink mappings.</summary>
+
@@ -2574,7 +2587,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelink.te serefpolicy-2.1.7/policy/modules/services/prelink.te
--- nsaserefpolicy/policy/modules/services/prelink.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/prelink.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/prelink.te 2006-01-05 11:12:20.000000000 -0500
@@ -0,0 +1,64 @@
+policy_module(prelink,1.0.0)
+
@@ -2642,7 +2655,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remotelogin.te serefpolicy-2.1.7/policy/modules/services/remotelogin.te
--- nsaserefpolicy/policy/modules/services/remotelogin.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/remotelogin.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/remotelogin.te 2006-01-05 11:12:20.000000000 -0500
@@ -106,6 +106,7 @@
logging_send_syslog_msg(remote_login_t)
@@ -2653,7 +2666,7 @@
mls_file_downgrade(remote_login_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-2.1.7/policy/modules/services/samba.if
--- nsaserefpolicy/policy/modules/services/samba.if 2005-12-05 22:35:03.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/samba.if 2006-01-04 12:04:33.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/samba.if 2006-01-05 11:12:20.000000000 -0500
@@ -158,6 +158,7 @@
')
@@ -2674,7 +2687,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-2.1.7/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/sasl.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/sasl.te 2006-01-05 11:12:20.000000000 -0500
@@ -88,9 +88,11 @@
')
@@ -2692,7 +2705,7 @@
mysql_search_db_dir(saslauthd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-2.1.7/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/sendmail.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/sendmail.te 2006-01-05 11:12:20.000000000 -0500
@@ -15,15 +15,10 @@
type sendmail_var_run_t;
files_pid_file(sendmail_var_run_t)
@@ -2775,7 +2788,7 @@
') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.1.7/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/ssh.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/ssh.te 2006-01-05 11:12:20.000000000 -0500
@@ -91,10 +91,6 @@
seutil_read_config(sshd_t)
@@ -2802,7 +2815,7 @@
# Relabel and access ptys created by sshd
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xdm.te serefpolicy-2.1.7/policy/modules/services/xdm.te
--- nsaserefpolicy/policy/modules/services/xdm.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/services/xdm.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/services/xdm.te 2006-01-05 11:12:20.000000000 -0500
@@ -319,6 +319,10 @@
allow xdm_xserver_t xkb_var_lib_t:lnk_file read;
can_exec(xdm_xserver_t, xkb_var_lib_t)
@@ -2816,7 +2829,7 @@
allow xdm_xserver_t sysctl_modprobe_t:file { getattr read };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.1.7/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2005-12-08 15:57:16.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/authlogin.if 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/authlogin.if 2006-01-05 11:12:20.000000000 -0500
@@ -320,15 +320,25 @@
## </param>
#
@@ -2845,8 +2858,8 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.1.7/policy/modules/system/authlogin.te
---- nsaserefpolicy/policy/modules/system/authlogin.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/authlogin.te 2006-01-04 10:50:14.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/authlogin.te 2006-01-04 17:28:53.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/authlogin.te 2006-01-05 11:12:20.000000000 -0500
@@ -211,6 +211,7 @@
logging_send_syslog_msg(pam_console_t)
@@ -2857,7 +2870,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-2.1.7/policy/modules/system/getty.te
--- nsaserefpolicy/policy/modules/system/getty.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/getty.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/getty.te 2006-01-05 11:12:20.000000000 -0500
@@ -63,6 +63,9 @@
kernel_list_proc(getty_t)
kernel_read_proc_symlinks(getty_t)
@@ -2870,7 +2883,7 @@
fs_search_auto_mountpoints(getty_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.if serefpolicy-2.1.7/policy/modules/system/hostname.if
--- nsaserefpolicy/policy/modules/system/hostname.if 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/hostname.if 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/hostname.if 2006-01-05 11:12:20.000000000 -0500
@@ -66,3 +66,18 @@
can_exec($1,hostname_exec_t)
@@ -2892,7 +2905,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.1.7/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/hostname.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/hostname.te 2006-01-05 11:12:20.000000000 -0500
@@ -7,8 +7,10 @@
#
@@ -2945,7 +2958,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.1.7/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2005-12-09 23:35:06.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/init.if 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/init.if 2006-01-05 11:12:20.000000000 -0500
@@ -195,6 +195,19 @@
########################################
@@ -2973,7 +2986,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.1.7/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2005-12-12 15:35:53.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/init.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/init.te 2006-01-05 11:12:20.000000000 -0500
@@ -369,6 +369,7 @@
mls_file_write_down(initrc_t)
mls_process_read_up(initrc_t)
@@ -3037,7 +3050,7 @@
') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-2.1.7/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2005-12-09 23:35:07.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/iptables.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/iptables.te 2006-01-05 11:12:20.000000000 -0500
@@ -43,6 +43,8 @@
kernel_read_modprobe_sysctl(iptables_t)
kernel_use_fd(iptables_t)
@@ -3049,7 +3062,7 @@
fs_getattr_xattr_fs(iptables_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.1.7/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2005-12-14 10:38:50.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/libraries.fc 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/libraries.fc 2006-01-05 11:12:20.000000000 -0500
@@ -11,6 +11,9 @@
/emul/ia32-linux/lib(/.*)? gen_context(system_u:object_r:lib_t,s0)
/emul/ia32-linux/lib/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0)
@@ -3233,7 +3246,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-2.1.7/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2005-12-12 15:35:54.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/libraries.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/libraries.te 2006-01-05 11:12:20.000000000 -0500
@@ -94,6 +94,10 @@
unconfined_domain_template(ldconfig_t)
')
@@ -3247,7 +3260,7 @@
apache_dontaudit_search_modules(ldconfig_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.1.7/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2005-12-09 23:35:08.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/locallogin.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/locallogin.te 2006-01-05 11:12:20.000000000 -0500
@@ -152,6 +152,7 @@
miscfiles_read_localization(local_login_t)
@@ -3266,7 +3279,7 @@
mta_getattr_spool(local_login_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-2.1.7/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2005-11-14 18:24:06.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/logging.fc 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/logging.fc 2006-01-05 11:12:20.000000000 -0500
@@ -19,10 +19,11 @@
/var/lib/stunnel/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
')
@@ -3284,7 +3297,7 @@
/var/run/log -s gen_context(system_u:object_r:devlog_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-2.1.7/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/logging.if 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/logging.if 2006-01-05 11:12:20.000000000 -0500
@@ -341,3 +341,24 @@
allow $1 var_log_t:dir rw_dir_perms;
allow $1 var_log_t:file create_file_perms;
@@ -3312,7 +3325,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.1.7/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2005-12-09 23:35:08.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/logging.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/logging.te 2006-01-05 11:12:20.000000000 -0500
@@ -71,6 +71,8 @@
kernel_read_kernel_sysctl(auditctl_t)
kernel_read_proc_symlinks(auditctl_t)
@@ -3341,7 +3354,7 @@
optional_policy(`udev',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.1.7/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2005-12-09 23:35:08.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/lvm.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/lvm.te 2006-01-05 11:12:20.000000000 -0500
@@ -155,6 +155,8 @@
allow lvm_t lvm_etc_t:file r_file_perms;
@@ -3353,7 +3366,7 @@
allow lvm_t lvm_metadata_t:file create_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.1.7/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2005-12-12 23:05:35.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/mount.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/mount.te 2006-01-05 11:12:20.000000000 -0500
@@ -46,7 +46,7 @@
fs_search_auto_mountpoints(mount_t)
fs_use_tmpfs_chr_dev(mount_t)
@@ -3365,7 +3378,7 @@
corecmd_exec_sbin(mount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.1.7/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2005-11-14 18:24:05.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/selinuxutil.fc 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/selinuxutil.fc 2006-01-05 11:12:20.000000000 -0500
@@ -9,9 +9,9 @@
/etc/selinux/([^/]*/)?contexts/files(/.*)? gen_context(system_u:object_r:file_context_t,s0)
@@ -3381,7 +3394,7 @@
# /root
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.1.7/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2005-12-09 23:35:08.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/selinuxutil.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/selinuxutil.te 2006-01-05 11:12:20.000000000 -0500
@@ -182,6 +182,7 @@
# for mcs.conf
@@ -3432,7 +3445,7 @@
# by a different user or has restrictive SE permissions, do not want to audit
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-2.1.7/policy/modules/system/udev.fc
--- nsaserefpolicy/policy/modules/system/udev.fc 2005-11-14 18:24:06.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/udev.fc 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/udev.fc 2006-01-05 11:12:20.000000000 -0500
@@ -17,3 +17,4 @@
/sbin/wait_for_sysfs -- gen_context(system_u:object_r:udev_exec_t,s0)
@@ -3440,7 +3453,7 @@
+/lib/udev/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.1.7/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2005-12-09 23:35:08.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/udev.te 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/udev.te 2006-01-05 11:12:20.000000000 -0500
@@ -39,7 +39,7 @@
# Local policy
#
@@ -3468,7 +3481,7 @@
fs_manage_tmpfs_dirs(udev_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-2.1.7/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2005-11-14 18:24:06.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/unconfined.fc 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/unconfined.fc 2006-01-05 11:12:20.000000000 -0500
@@ -1,3 +1,5 @@
# Add programs here which should not be confined by SELinux
# e.g.:
@@ -3477,7 +3490,7 @@
+/usr/bin/vncserver -- gen_context(system_u:object_r:unconfined_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.1.7/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2005-12-14 10:38:50.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/unconfined.te 2006-01-04 10:51:57.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/unconfined.te 2006-01-05 11:12:20.000000000 -0500
@@ -57,6 +57,10 @@
bluetooth_domtrans_helper(unconfined_t)
')
@@ -3521,7 +3534,7 @@
rw_dir_create_file(sysadm_su_t, home_dir_type)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-2.1.7/policy/modules/system/userdomain.fc
--- nsaserefpolicy/policy/modules/system/userdomain.fc 2005-11-15 09:13:40.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/userdomain.fc 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/userdomain.fc 2006-01-05 11:12:20.000000000 -0500
@@ -4,6 +4,6 @@
HOME_DIR -d gen_context(system_u:object_r:user_home_dir_t,s0)
HOME_DIR/.+ gen_context(system_u:object_r:user_home_t,s0)
@@ -3531,9 +3544,9 @@
HOME_DIR/.+ gen_context(system_u:object_r:ROLE_home_t,s0)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.1.7/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if 2005-12-06 19:49:51.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/userdomain.if 2006-01-04 11:35:09.000000000 -0500
-@@ -568,6 +568,7 @@
+--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-01-04 17:28:53.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/userdomain.if 2006-01-05 11:12:20.000000000 -0500
+@@ -572,6 +572,7 @@
corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
files_read_etc_files($1_t)
@@ -3541,7 +3554,7 @@
files_list_home($1_t)
files_read_usr_files($1_t)
files_exec_usr_files($1_t)
-@@ -1880,9 +1881,14 @@
+@@ -1884,9 +1885,14 @@
type sysadm_home_dir_t;
')
@@ -3556,7 +3569,7 @@
########################################
## <summary>
## Search the sysadm users home directory.
-@@ -1913,8 +1919,12 @@
+@@ -1917,8 +1923,12 @@
type sysadm_home_dir_t;
')
@@ -3569,7 +3582,7 @@
########################################
## <summary>
-@@ -2644,6 +2654,23 @@
+@@ -2648,6 +2658,23 @@
########################################
## <summary>
@@ -3594,10 +3607,10 @@
## </summary>
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.1.7/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te 2005-12-09 23:35:10.000000000 -0500
-+++ serefpolicy-2.1.7/policy/modules/system/userdomain.te 2006-01-04 11:28:50.000000000 -0500
+--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-01-04 17:28:53.000000000 -0500
++++ serefpolicy-2.1.7/policy/modules/system/userdomain.te 2006-01-05 11:12:20.000000000 -0500
@@ -2,7 +2,7 @@
- policy_module(userdomain,1.1.0)
+ policy_module(userdomain,1.1.1)
gen_require(`
- role sysadm_r, staff_r, user_r;
@@ -3652,7 +3665,7 @@
optional_policy(`amanda',`
amanda_run_recover(sysadm_t,sysadm_r,admin_terminal)
')
-@@ -188,6 +201,7 @@
+@@ -192,6 +205,7 @@
optional_policy(`hostname',`
hostname_run(sysadm_t,sysadm_r,admin_terminal)
@@ -3660,7 +3673,7 @@
')
optional_policy(`ipsec',`
-@@ -311,4 +325,5 @@
+@@ -315,4 +329,5 @@
optional_policy(`webalizer',`
webalizer_run(sysadm_t,sysadm_r,admin_terminal)
')
@@ -3668,7 +3681,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.1.7/policy/users
--- nsaserefpolicy/policy/users 2005-12-05 22:35:02.000000000 -0500
-+++ serefpolicy-2.1.7/policy/users 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/policy/users 2006-01-05 11:12:20.000000000 -0500
@@ -26,7 +26,9 @@
ifdef(`targeted_policy',`
gen_user(user_u, user_r sysadm_r system_r, s0, s0 - s15:c0.c255, c0.c255)
@@ -3693,7 +3706,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.1.7/Rules.modular
--- nsaserefpolicy/Rules.modular 2005-12-09 23:35:04.000000000 -0500
-+++ serefpolicy-2.1.7/Rules.modular 2006-01-04 10:50:14.000000000 -0500
++++ serefpolicy-2.1.7/Rules.modular 2006-01-05 11:12:20.000000000 -0500
@@ -170,6 +170,16 @@
########################################
More information about the fedora-cvs-commits
mailing list