rpms/selinux-policy/devel policy-20080710.patch, 1.3, 1.4 selinux-policy.spec, 1.687, 1.688

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Thu Jul 24 18:19:50 UTC 2008 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25985

Modified Files:
	policy-20080710.patch selinux-policy.spec 
Log Message:
* Wed Jul 16 2008 Dan Walsh <dwalsh at redhat.com> 3.5.1-1
- Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t
- Change dhclient to be able to red networkmanager_var_run


policy-20080710.patch:

View full diff with command:
/usr/bin/cvs -f diff  -kk -u -N -r 1.3 -r 1.4 policy-20080710.patch
Index: policy-20080710.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-20080710.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- policy-20080710.patch	17 Jul 2008 19:53:32 -0000	1.3
+++ policy-20080710.patch	24 Jul 2008 18:19:05 -0000	1.4
@@ -1,6 +1,6 @@
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.5.1/Makefile
 --- nsaserefpolicy/Makefile	2008-06-12 23:25:10.000000000 -0400
-+++ serefpolicy-3.5.1/Makefile	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/Makefile	2008-07-24 06:54:04.000000000 -0400
 @@ -311,20 +311,22 @@
  
  # parse-rolemap modulename,outputfile
@@ -47,7 +47,7 @@
  	$(verbose) $(INSTALL) -m 644 $< $@
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.5.1/Rules.modular
 --- nsaserefpolicy/Rules.modular	2008-06-12 23:25:10.000000000 -0400
-+++ serefpolicy-3.5.1/Rules.modular	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/Rules.modular	2008-07-24 06:54:04.000000000 -0400
 @@ -73,8 +73,8 @@
  $(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
  	@echo "Compliling $(NAME) $(@F) module"
@@ -79,7 +79,7 @@
  $(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.5.1/config/appconfig-mcs/default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/default_contexts	2008-06-12 23:25:09.000000000 -0400
-+++ serefpolicy-3.5.1/config/appconfig-mcs/default_contexts	2008-07-17 11:49:28.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-mcs/default_contexts	2008-07-24 06:54:04.000000000 -0400
 @@ -2,7 +2,7 @@
  system_r:local_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0 unconfined_r:unconfined_t:s0
  system_r:remote_login_t:s0	user_r:user_t:s0 staff_r:staff_t:s0 unconfined_r:unconfined_t:s0
@@ -91,13 +91,13 @@
  staff_r:staff_su_t:s0		user_r:user_t:s0 staff_r:staff_t:s0 sysadm_r:sysadm_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.5.1/config/appconfig-mcs/failsafe_context
 --- nsaserefpolicy/config/appconfig-mcs/failsafe_context	2008-06-12 23:25:09.000000000 -0400
-+++ serefpolicy-3.5.1/config/appconfig-mcs/failsafe_context	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-mcs/failsafe_context	2008-07-24 06:54:04.000000000 -0400
 @@ -1 +1 @@
 -sysadm_r:sysadm_t:s0
 +system_r:unconfined_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.5.1/config/appconfig-mcs/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.1/config/appconfig-mcs/guest_u_default_contexts	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-mcs/guest_u_default_contexts	2008-07-24 06:54:04.000000000 -0400
 @@ -0,0 +1,4 @@
 +system_r:local_login_t:s0	guest_r:guest_t:s0
 +system_r:remote_login_t:s0	guest_r:guest_t:s0
@@ -105,7 +105,7 @@
 +system_r:crond_t:s0		guest_r:guest_crond_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.5.1/config/appconfig-mcs/root_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/root_default_contexts	2008-06-12 23:25:09.000000000 -0400
-+++ serefpolicy-3.5.1/config/appconfig-mcs/root_default_contexts	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-mcs/root_default_contexts	2008-07-24 06:54:04.000000000 -0400
 @@ -1,11 +1,7 @@
  system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
  system_r:local_login_t:s0	unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -121,7 +121,7 @@
 +system_r:sshd_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.5.1/config/appconfig-mcs/unconfined_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.1/config/appconfig-mcs/unconfined_u_default_contexts	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-mcs/unconfined_u_default_contexts	2008-07-24 06:54:04.000000000 -0400
 @@ -0,0 +1,9 @@
 +system_r:crond_t:s0		unconfined_r:unconfined_t:s0
 +system_r:initrc_t:s0		unconfined_r:unconfined_t:s0
@@ -134,13 +134,13 @@
 +system_r:xdm_t:s0		unconfined_r:unconfined_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.5.1/config/appconfig-mcs/userhelper_context
 --- nsaserefpolicy/config/appconfig-mcs/userhelper_context	2008-06-12 23:25:09.000000000 -0400
-+++ serefpolicy-3.5.1/config/appconfig-mcs/userhelper_context	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-mcs/userhelper_context	2008-07-24 06:54:04.000000000 -0400
 @@ -1 +1 @@
 -system_u:sysadm_r:sysadm_t:s0
 +system_u:system_r:unconfined_t:s0	
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.5.1/config/appconfig-mcs/xguest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.1/config/appconfig-mcs/xguest_u_default_contexts	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-mcs/xguest_u_default_contexts	2008-07-24 06:54:04.000000000 -0400
 @@ -0,0 +1,5 @@
 +system_r:local_login_t	xguest_r:xguest_t:s0
 +system_r:remote_login_t	xguest_r:xguest_t:s0
@@ -149,7 +149,7 @@
 +system_r:xdm_t		xguest_r:xguest_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.5.1/config/appconfig-mls/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.1/config/appconfig-mls/guest_u_default_contexts	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-mls/guest_u_default_contexts	2008-07-24 06:54:04.000000000 -0400
 @@ -0,0 +1,4 @@
 +system_r:local_login_t:s0	guest_r:guest_t:s0
 +system_r:remote_login_t:s0	guest_r:guest_t:s0
@@ -157,7 +157,7 @@
 +system_r:crond_t:s0		guest_r:guest_crond_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts serefpolicy-3.5.1/config/appconfig-standard/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.1/config/appconfig-standard/guest_u_default_contexts	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-standard/guest_u_default_contexts	2008-07-24 06:54:04.000000000 -0400
 @@ -0,0 +1,4 @@
 +system_r:local_login_t	guest_r:guest_t
 +system_r:remote_login_t	guest_r:guest_t
@@ -165,7 +165,7 @@
 +system_r:crond_t	guest_r:guest_crond_t
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/root_default_contexts serefpolicy-3.5.1/config/appconfig-standard/root_default_contexts
 --- nsaserefpolicy/config/appconfig-standard/root_default_contexts	2008-06-12 23:25:09.000000000 -0400
-+++ serefpolicy-3.5.1/config/appconfig-standard/root_default_contexts	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-standard/root_default_contexts	2008-07-24 06:54:04.000000000 -0400
 @@ -1,11 +1,7 @@
  system_r:crond_t	unconfined_r:unconfined_t sysadm_r:sysadm_crond_t staff_r:staff_crond_t user_r:user_crond_t
  system_r:local_login_t  unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
@@ -181,7 +181,7 @@
 +system_r:sshd_t	unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts serefpolicy-3.5.1/config/appconfig-standard/xguest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.1/config/appconfig-standard/xguest_u_default_contexts	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/config/appconfig-standard/xguest_u_default_contexts	2008-07-24 06:54:04.000000000 -0400
 @@ -0,0 +1,5 @@
 +system_r:local_login_t	xguest_r:xguest_t
 +system_r:remote_login_t	xguest_r:xguest_t
@@ -190,21 +190,115 @@
 +system_r:xdm_t		xguest_r:xguest_t
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-3.5.1/man/man8/ftpd_selinux.8
 --- nsaserefpolicy/man/man8/ftpd_selinux.8	2008-06-12 23:25:09.000000000 -0400
-+++ serefpolicy-3.5.1/man/man8/ftpd_selinux.8	2008-07-16 10:33:11.000000000 -0400
-@@ -35,10 +35,6 @@
- directorories, you need to set the ftp_home_dir boolean. 
++++ serefpolicy-3.5.1/man/man8/ftpd_selinux.8	2008-07-24 06:54:04.000000000 -0400
+@@ -1,52 +1,65 @@
+-.TH  "ftpd_selinux"  "8"  "17 Jan 2005" "dwalsh at redhat.com" "ftpd Selinux Policy documentation"
++.TH  "ftpd_selinux"  "8"  "17 Jan 2005" "dwalsh at redhat.com" "ftpd SELinux policy documentation"
+ .SH "NAME"
+-ftpd_selinux \- Security Enhanced Linux Policy for the ftp daemon
++.PP
++ftpd_selinux \- Security-Enhanced Linux policy for ftp daemons.
+ .SH "DESCRIPTION"
+-
+-Security-Enhanced Linux secures the ftpd server via flexible mandatory access
+-control.  
++.PP
++Security-Enhanced Linux provides security for ftp daemons via flexible mandatory access control.
+ .SH FILE_CONTEXTS
+-SELinux requires files to have an extended attribute to define the file type. 
+-Policy governs the access daemons have to these files. 
+-If you want to share files anonymously, you must label the files and directories public_content_t.  So if you created a special directory /var/ftp, you would need to label the directory with the chcon tool.
+-.TP
+-chcon -R -t public_content_t /var/ftp
+-.TP
+-If you want to setup a directory where you can upload files to you must label the files and directories public_content_rw_t.  So if you created a special directory /var/ftp/incoming, you would need to label the directory with the chcon tool.
+-.TP
+-chcon -t public_content_rw_t /var/ftp/incoming
++.PP
++SELinux requires files to have a file type. File types may be specified with semanage and are restored with restorecon.  Policy governs the access that daemons have to files.
+ .TP
+-You must also turn on the boolean allow_ftpd_anon_write.
++Allow ftp servers to read the /var/ftp directory by adding the public_content_t file type to the directory and by restoring the file type.
++.PP
++.B
++semanage fcontext -a -t public_content_t "/var/ftp(/.*)?"
++.TP
++.B
++restorecon -R -v /var/ftp
++.TP
++Allow ftp servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file type.  This also requires the allow_ftpd_anon_write boolean to be set.
++.PP
++.B
++semanage fcontext -a -t public_content_rw_t "/var/ftp/incoming(/.*)?"
  .TP
- setsebool -P ftp_home_dir 1
+-setsebool -P allow_ftpd_anon_write=1
+-.TP
+-If you want to make this permanant, i.e. survive a relabel, you must add an entry to the file_contexts.local file.
+-.TP
+-/etc/selinux/POLICYTYPE/contexts/files/file_contexts.local
+-.br
+-/var/ftp(/.*)? system_u:object_r:public_content_t
+-/var/ftp/incoming(/.*)? system_u:object_r:public_content_rw_t
++.B
++restorecon -R -v /var/ftp/incoming
+ 
+ .SH BOOLEANS
+-SELinux ftp daemon policy is customizable based on least access required.  So by 
+-default SElinux does not allow users to login and read their home directories.
+-.br
+-If you are setting up this machine as a ftpd server and wish to allow users to access their home
+-directorories, you need to set the ftp_home_dir boolean. 
+-.TP
+-setsebool -P ftp_home_dir 1
 -.TP
 -ftpd can run either as a standalone daemon or as part of the xinetd domain.  If you want to run ftpd as a daemon you must set the ftpd_is_daemon boolean.
 -.TP
 -setsebool -P ftpd_is_daemon 1
- .br
- service vsftpd restart
+-.br
+-service vsftpd restart
++.PP
++SELinux policy is based on least privilege required and may also be customizable by setting a boolean with setsebool.
++.TP
++Allow ftp servers to read and write files with the public_content_rw_t file type.
[...4620 lines suppressed...]
  optional_policy(`
-@@ -226,6 +235,10 @@
+@@ -226,6 +229,10 @@
  ')
  
  optional_policy(`
@@ -32631,7 +32661,7 @@
  	kernel_read_xen_state(dhcpc_t)
  	kernel_write_xen_state(dhcpc_t)
  	xen_append_log(dhcpc_t)
-@@ -239,7 +252,6 @@
+@@ -239,7 +246,6 @@
  
  allow ifconfig_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execheap execstack };
  allow ifconfig_t self:capability { net_raw net_admin sys_tty_config };
@@ -32639,7 +32669,7 @@
  
  allow ifconfig_t self:fd use;
  allow ifconfig_t self:fifo_file rw_fifo_file_perms;
-@@ -253,6 +265,7 @@
+@@ -253,6 +259,7 @@
  allow ifconfig_t self:sem create_sem_perms;
  allow ifconfig_t self:msgq create_msgq_perms;
  allow ifconfig_t self:msg { send receive };
@@ -32647,7 +32677,7 @@
  
  # Create UDP sockets, necessary when called from dhcpc
  allow ifconfig_t self:udp_socket create_socket_perms;
-@@ -268,7 +281,10 @@
+@@ -268,7 +275,10 @@
  kernel_read_system_state(ifconfig_t)
  kernel_read_network_state(ifconfig_t)
  kernel_search_network_sysctl(ifconfig_t)
@@ -32658,7 +32688,7 @@
  
  corenet_rw_tun_tap_dev(ifconfig_t)
  
-@@ -279,8 +295,11 @@
+@@ -279,8 +289,11 @@
  fs_getattr_xattr_fs(ifconfig_t)
  fs_search_auto_mountpoints(ifconfig_t)
  
@@ -32670,7 +32700,7 @@
  
  domain_use_interactive_fds(ifconfig_t)
  
-@@ -308,7 +327,7 @@
+@@ -308,7 +321,7 @@
  		unconfined_domain(ifconfig_t)
  	')
  ')
@@ -32679,7 +32709,7 @@
  ifdef(`hide_broken_symptoms',`
  	optional_policy(`
  		dev_dontaudit_rw_cardmgr(ifconfig_t)
-@@ -324,6 +343,10 @@
+@@ -324,6 +337,10 @@
  ')
  
  optional_policy(`
@@ -32690,7 +32720,7 @@
  	nis_use_ypbind(ifconfig_t)
  ')
  
-@@ -332,6 +355,14 @@
+@@ -332,6 +349,14 @@
  ')
  
  optional_policy(`
@@ -32707,7 +32737,7 @@
  	xen_append_log(ifconfig_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.5.1/policy/modules/system/udev.if
 --- nsaserefpolicy/policy/modules/system/udev.if	2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/udev.if	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/udev.if	2008-07-24 06:54:05.000000000 -0400
 @@ -96,6 +96,24 @@
  
  ########################################
@@ -32763,7 +32793,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.5.1/policy/modules/system/udev.te
 --- nsaserefpolicy/policy/modules/system/udev.te	2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/udev.te	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/udev.te	2008-07-24 06:54:05.000000000 -0400
 @@ -83,6 +83,7 @@
  kernel_rw_unix_dgram_sockets(udev_t)
  kernel_dgram_send(udev_t)
@@ -32821,8 +32851,8 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.5.1/policy/modules/system/unconfined.fc
 --- nsaserefpolicy/policy/modules/system/unconfined.fc	2008-07-16 10:26:23.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/unconfined.fc	2008-07-16 10:33:11.000000000 -0400
-@@ -2,15 +2,28 @@
++++ serefpolicy-3.5.1/policy/modules/system/unconfined.fc	2008-07-24 06:54:05.000000000 -0400
+@@ -2,15 +2,29 @@
  # e.g.:
  # /usr/local/bin/appsrv		--	gen_context(system_u:object_r:unconfined_exec_t,s0)
  # For the time being until someone writes a sane policy, we need initrc to transition to unconfined_t
@@ -32856,9 +32886,10 @@
 +/usr/libexec/ghc-[^/]+/ghc-.*  --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 +
 +/opt/real/(.*/)?realplay\.bin --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
++/usr/sbin/vbetool	       --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.5.1/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2008-07-16 10:26:23.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/unconfined.if	2008-07-16 14:12:57.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/unconfined.if	2008-07-24 06:54:05.000000000 -0400
 @@ -12,14 +12,13 @@
  #
  interface(`unconfined_domain_noaudit',`
@@ -33228,7 +33259,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.5.1/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2008-07-16 10:26:23.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/unconfined.te	2008-07-16 14:13:22.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/unconfined.te	2008-07-24 06:54:05.000000000 -0400
 @@ -6,35 +6,74 @@
  # Declarations
  #
@@ -33564,7 +33595,7 @@
 +domain_ptrace_all_domains(unconfined_notrans_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.5.1/policy/modules/system/userdomain.fc
 --- nsaserefpolicy/policy/modules/system/userdomain.fc	2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/userdomain.fc	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/userdomain.fc	2008-07-24 06:54:05.000000000 -0400
 @@ -1,4 +1,5 @@
 -HOME_DIR	-d	gen_context(system_u:object_r:ROLE_home_dir_t,s0-mls_systemhigh)
 -HOME_DIR/.+		gen_context(system_u:object_r:ROLE_home_t,s0)
@@ -33577,7 +33608,7 @@
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.5.1/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-07-10 11:38:46.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/userdomain.if	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/userdomain.if	2008-07-24 06:54:05.000000000 -0400
 @@ -28,10 +28,14 @@
  		class context contains;
  	')
@@ -36333,7 +36364,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.5.1/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2008-07-10 11:38:46.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/userdomain.te	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/userdomain.te	2008-07-24 06:54:05.000000000 -0400
 @@ -8,13 +8,6 @@
  
  ## <desc>
@@ -36450,7 +36481,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.5.1/policy/modules/system/xen.fc
 --- nsaserefpolicy/policy/modules/system/xen.fc	2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/xen.fc	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/xen.fc	2008-07-24 06:54:05.000000000 -0400
 @@ -20,6 +20,7 @@
  /var/run/xenconsoled\.pid --	gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
  /var/run/xend(/.*)?		gen_context(system_u:object_r:xend_var_run_t,s0)
@@ -36461,7 +36492,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.5.1/policy/modules/system/xen.if
 --- nsaserefpolicy/policy/modules/system/xen.if	2008-06-12 23:25:07.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/xen.if	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/xen.if	2008-07-24 06:54:05.000000000 -0400
 @@ -167,11 +167,14 @@
  #
  interface(`xen_stream_connect',`
@@ -36505,7 +36536,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.5.1/policy/modules/system/xen.te
 --- nsaserefpolicy/policy/modules/system/xen.te	2008-07-10 11:38:46.000000000 -0400
-+++ serefpolicy-3.5.1/policy/modules/system/xen.te	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/modules/system/xen.te	2008-07-24 06:54:05.000000000 -0400
 @@ -6,6 +6,13 @@
  # Declarations
  #
@@ -36744,7 +36775,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns.spt serefpolicy-3.5.1/policy/support/file_patterns.spt
 --- nsaserefpolicy/policy/support/file_patterns.spt	2008-06-12 23:25:08.000000000 -0400
-+++ serefpolicy-3.5.1/policy/support/file_patterns.spt	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/support/file_patterns.spt	2008-07-24 06:54:05.000000000 -0400
 @@ -537,3 +537,23 @@
  	allow $1 $2:dir rw_dir_perms;
  	type_transition $1 $2:$4 $3;
@@ -36771,7 +36802,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.5.1/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2008-06-12 23:25:08.000000000 -0400
-+++ serefpolicy-3.5.1/policy/support/obj_perm_sets.spt	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/support/obj_perm_sets.spt	2008-07-24 06:54:05.000000000 -0400
 @@ -316,3 +316,13 @@
  #
  define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
@@ -36788,7 +36819,7 @@
 +define(`manage_key_perms', `{ create link read search setattr view write } ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.5.1/policy/users
 --- nsaserefpolicy/policy/users	2008-07-10 11:38:46.000000000 -0400
-+++ serefpolicy-3.5.1/policy/users	2008-07-16 10:33:11.000000000 -0400
++++ serefpolicy-3.5.1/policy/users	2008-07-24 06:54:05.000000000 -0400
 @@ -1,3 +1,9 @@
 +role auditadm_r;
 +role secadm_r;


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.687
retrieving revision 1.688
diff -u -r1.687 -r1.688
--- selinux-policy.spec	17 Jul 2008 19:53:32 -0000	1.687
+++ selinux-policy.spec	24 Jul 2008 18:19:05 -0000	1.688
@@ -377,6 +377,7 @@
 %changelog
 * Wed Jul 16 2008 Dan Walsh <dwalsh at redhat.com> 3.5.1-1
 - Fix xguest -> xguest_mozilla_t -> xguest_openiffice_t
+- Change dhclient to be able to red networkmanager_var_run
 
 * Tue Jul 15 2008 Dan Walsh <dwalsh at redhat.com> 3.5.0-1
 - Update to latest refpolicy

More information about the fedora-extras-commits mailing list