rpms/selinux-policy/F-9 policy-20071130.patch, 1.180, 1.181 selinux-policy.spec, 1.687, 1.688

Fri Jun 27 11:16:35 UTC 2008

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25605

Modified Files:
	policy-20071130.patch selinux-policy.spec 
Log Message:
* Wed Jun 23 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-72
- Fix file context of real player


policy-20071130.patch:

Index: policy-20071130.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/policy-20071130.patch,v
retrieving revision 1.180
retrieving revision 1.181
diff -u -r1.180 -r1.181

--- policy-20071130.patch	24 Jun 2008 11:14:24 -0000	1.180
+++ policy-20071130.patch	27 Jun 2008 11:15:46 -0000	1.181
@@ -3099,9 +3099,20 @@
 +	xserver_exec_pid(vbetool_t)
 +	xserver_write_pid(vbetool_t)
 +')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.3.1/policy/modules/admin/vpn.if
+--- nsaserefpolicy/policy/modules/admin/vpn.if	2008-06-12 23:38:01.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.if	2008-06-26 07:40:55.000000000 -0400
+@@ -48,6 +48,7 @@
+ 	vpn_domtrans($1)
+ 	role $2 types vpnc_t;
+ 	allow vpnc_t $3:chr_file rw_term_perms;
++	sysnet_run_ifconfig(vpnc_t, $2, $3)
+ ')
+ 
+ ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.3.1/policy/modules/admin/vpn.te
 --- nsaserefpolicy/policy/modules/admin/vpn.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/admin/vpn.te	2008-06-12 23:38:02.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.te	2008-06-26 07:40:35.000000000 -0400
 @@ -24,7 +24,8 @@
  
  allow vpnc_t self:capability { dac_override net_admin ipc_lock net_raw };
@@ -3112,6 +3123,14 @@
  allow vpnc_t self:tcp_socket create_stream_socket_perms;
  allow vpnc_t self:udp_socket create_socket_perms;
  allow vpnc_t self:rawip_socket create_socket_perms;
+@@ -102,7 +103,6 @@
+ seutil_dontaudit_search_config(vpnc_t)
+ seutil_use_newrole_fds(vpnc_t)
+ 
+-sysnet_domtrans_ifconfig(vpnc_t)
+ sysnet_etc_filetrans_config(vpnc_t)
+ sysnet_manage_config(vpnc_t)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.fc serefpolicy-3.3.1/policy/modules/apps/ethereal.fc
 --- nsaserefpolicy/policy/modules/apps/ethereal.fc	2008-06-12 23:38:02.000000000 -0400
 +++ serefpolicy-3.3.1/policy/modules/apps/ethereal.fc	2008-06-12 23:38:04.000000000 -0400
@@ -13937,7 +13956,7 @@
  /var/run/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.3.1/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.if	2008-06-12 23:38:04.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/dbus.if	2008-06-26 07:24:33.000000000 -0400
 @@ -53,6 +53,7 @@
  	gen_require(`
  		type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
@@ -14043,8 +14062,11 @@
  	')
  ')
  
-@@ -209,12 +225,9 @@
+@@ -207,14 +223,12 @@
+ 		type system_dbusd_t, system_dbusd_t;
+ 		type system_dbusd_var_run_t, system_dbusd_var_lib_t;
  		class dbus send_msg;
++		attribute dbusd_unconfined;
  	')
  
 -#	type $1_dbusd_system_t;
@@ -14053,12 +14075,12 @@
  	# SE-DBus specific permissions
 -#	allow $1_dbusd_system_t { system_dbusd_t self }:dbus send_msg;
 -	allow $2 { system_dbusd_t self }:dbus send_msg;
-+	allow $2 { system_dbusd_t $2 }:dbus send_msg;
-+	allow system_dbusd_t $2:dbus send_msg;
++	allow $2 { system_dbusd_t $2 dbusd_unconfined }:dbus send_msg;
++	allow { system_dbusd_t dbusd_unconfined } $2:dbus send_msg;
  
  	read_files_pattern($2, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
  	files_search_var_lib($2)
-@@ -223,6 +236,10 @@
+@@ -223,6 +237,10 @@
  	files_search_pids($2)
  	stream_connect_pattern($2,system_dbusd_var_run_t,system_dbusd_var_run_t,system_dbusd_t)
  	dbus_read_config($2)
@@ -14069,7 +14091,7 @@
  ')
  
  #######################################
-@@ -251,18 +268,16 @@
+@@ -251,18 +269,16 @@
  template(`dbus_user_bus_client_template',`
  	gen_require(`
  		type $1_dbusd_t;
@@ -14090,7 +14112,7 @@
  ')
  
  ########################################
-@@ -292,6 +307,55 @@
+@@ -292,6 +308,55 @@
  
  ########################################
  ## <summary>
@@ -14146,7 +14168,7 @@
  ##	Read dbus configuration.
  ## </summary>
  ## <param name="domain">
-@@ -366,3 +430,55 @@
+@@ -366,3 +431,55 @@
  
  	allow $1 system_dbusd_t:dbus *;
  ')
@@ -14204,7 +14226,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.3.1/policy/modules/services/dbus.te
 --- nsaserefpolicy/policy/modules/services/dbus.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.te	2008-06-12 23:38:04.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/services/dbus.te	2008-06-26 07:21:03.000000000 -0400
 @@ -9,9 +9,10 @@
  #
  # Delcarations
@@ -14286,7 +14308,7 @@
  
  libs_use_ld_so(system_dbusd_t)
  libs_use_shared_libs(system_dbusd_t)
-@@ -121,9 +139,36 @@
+@@ -121,9 +139,37 @@
  ')
  
  optional_policy(`
@@ -14317,6 +14339,7 @@
 +	')
 +	unconfined_domain(unconfined_dbusd_t)
 +	allow dbusd_unconfined domain:dbus send_msg;
++	allow domain dbusd_unconfined:dbus send_msg;
 +
 +	optional_policy(`
 +		xserver_xdm_rw_shm(unconfined_dbusd_t)
@@ -30330,6 +30353,49 @@
  	zebra_read_config(initrc_t)
  ')
 +
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.3.1/policy/modules/system/ipsec.if
+--- nsaserefpolicy/policy/modules/system/ipsec.if	2008-06-12 23:38:01.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.if	2008-06-26 07:50:05.000000000 -0400
+@@ -152,6 +152,25 @@
+ 
+ ########################################
+ ## <summary>
++##	write the ipsec_var_run_t files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`ipsec_write_pid',`
++	gen_require(`
++		type ipsec_var_run_t;
++	')
++
++	files_search_pids($1)
++	write_files_pattern($1,ipsec_var_run_t,ipsec_var_run_t)
++')
++
++########################################
++## <summary>
+ ##	Execute racoon in the racoon domain.
+ ## </summary>
+ ## <param name="domain">
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.3.1/policy/modules/system/ipsec.te
+--- nsaserefpolicy/policy/modules/system/ipsec.te	2008-06-12 23:38:01.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.te	2008-06-26 07:47:23.000000000 -0400
+@@ -69,8 +69,8 @@
+ read_files_pattern(ipsec_t,ipsec_key_file_t,ipsec_key_file_t)
+ read_lnk_files_pattern(ipsec_t,ipsec_key_file_t,ipsec_key_file_t)
+ 
+-allow ipsec_t ipsec_var_run_t:file manage_file_perms;
+-allow ipsec_t ipsec_var_run_t:sock_file manage_sock_file_perms;
++manage_files_pattern(ipsec_t, ipsec_var_run_t,  ipsec_var_run_t)
++manage_sock_files_pattern(ipsec_t, ipsec_var_run_t,  ipsec_var_run_t)
+ files_pid_filetrans(ipsec_t,ipsec_var_run_t,{ file sock_file })
+ 
+ can_exec(ipsec_t, ipsec_mgmt_exec_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.3.1/policy/modules/system/iptables.te
 --- nsaserefpolicy/policy/modules/system/iptables.te	2008-06-12 23:38:01.000000000 -0400
 +++ serefpolicy-3.3.1/policy/modules/system/iptables.te	2008-06-12 23:38:02.000000000 -0400
@@ -30391,7 +30457,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.3.1/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/libraries.fc	2008-06-12 23:38:02.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/libraries.fc	2008-06-25 07:11:54.000000000 -0400
 @@ -69,8 +69,10 @@
  ifdef(`distro_gentoo',`
  # despite the extensions, they are actually libs
@@ -30403,7 +30469,20 @@
  
  /opt/netscape/plugins(/.*)?			gen_context(system_u:object_r:lib_t,s0)
  /opt/netscape/plugins/libflashplayer\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -133,6 +135,7 @@
+@@ -101,8 +103,10 @@
+ #
+ # /usr
+ #
+-/usr/(.*/)?/HelixPlayer/.+\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+-/usr/(.*/)?/RealPlayer/.+\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/(.*/)?HelixPlayer/.+\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/(.*/)?RealPlayer/.+\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/opt/real/(.*/)?.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
++/opt/helix/(.*/)?.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ 
+ /usr/(.*/)?java/.+\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/(.*/)?java/.+\.jar			--	gen_context(system_u:object_r:lib_t,s0)
+@@ -133,6 +137,7 @@
  /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/xorg/libGL\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30411,7 +30490,7 @@
  /usr/lib(64)?/xulrunner-[^/]*/libgtkembedmoz\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/xulrunner-[^/]*/libxul\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
-@@ -165,6 +168,7 @@
+@@ -165,6 +170,7 @@
  # 	HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
  /usr/lib(64)?/gstreamer-.*/[^/]*\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  HOME_DIR/.*/\.gstreamer-.*/plugins/*\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30419,7 +30498,7 @@
  
  /usr/lib/firefox-[^/]*/plugins/nppdf.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/libFLAC\.so.*			--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -183,6 +187,7 @@
+@@ -183,6 +189,7 @@
  /usr/lib(64)?/libdv\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/helix/plugins/[^/]*\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/helix/codecs/[^/]*\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30427,7 +30506,7 @@
  /usr/lib(64)?/libSDL-.*\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/xorg/modules/dri/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/X11R6/lib/modules/dri/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -242,7 +247,7 @@
+@@ -242,7 +249,7 @@
  
  # Flash plugin, Macromedia
  HOME_DIR/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30436,7 +30515,7 @@
  /usr/lib(64)?/.*/libflashplayer\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/local/(.*/)?libflashplayer\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  HOME_DIR/.*/plugins/nprhapengine\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-@@ -287,11 +292,15 @@
+@@ -287,11 +294,15 @@
  /usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/acroread/.+\.api		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib/acroread/(.*/)?ADMPlugin\.apl	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -30452,7 +30531,7 @@
  /var/ftp/lib(64)?(/.*)?				gen_context(system_u:object_r:lib_t,s0)
  /var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)*	--	gen_context(system_u:object_r:ld_so_t,s0)
  
-@@ -304,3 +313,11 @@
+@@ -304,3 +315,11 @@
  /var/spool/postfix/lib(64)?(/.*)? 		gen_context(system_u:object_r:lib_t,s0)
  /var/spool/postfix/usr(/.*)?			gen_context(system_u:object_r:lib_t,s0)
  /var/spool/postfix/lib(64)?/ld.*\.so.*	--	gen_context(system_u:object_r:ld_so_t,s0)
@@ -33133,7 +33212,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.3.1/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te	2008-06-12 23:38:02.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te	2008-06-26 07:51:09.000000000 -0400
 @@ -20,6 +20,10 @@
  init_daemon_domain(dhcpc_t,dhcpc_exec_t)
  role system_r types dhcpc_t;
@@ -33283,7 +33362,16 @@
  
  domain_use_interactive_fds(ifconfig_t)
  
-@@ -308,7 +334,7 @@
+@@ -303,12 +329,16 @@
+ 
+ userdom_use_all_users_fds(ifconfig_t)
+ 
++optional_policy(`
++	ipsec_write_pid(ifconfig_t)
++')
++
+ ifdef(`distro_ubuntu',`
+ 	optional_policy(`
  		unconfined_domain(ifconfig_t)
  	')
  ')
@@ -33292,7 +33380,7 @@
  ifdef(`hide_broken_symptoms',`
  	optional_policy(`
  		dev_dontaudit_rw_cardmgr(ifconfig_t)
-@@ -332,6 +358,14 @@
+@@ -332,6 +362,14 @@
  ')
  
  optional_policy(`
@@ -33423,8 +33511,8 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.3.1/policy/modules/system/unconfined.fc
 --- nsaserefpolicy/policy/modules/system/unconfined.fc	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.fc	2008-06-23 06:28:07.000000000 -0400
-@@ -1,16 +1,24 @@
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.fc	2008-06-25 07:14:00.000000000 -0400
+@@ -1,16 +1,26 @@
  # Add programs here which should not be confined by SELinux
  # e.g.:
 -# /usr/local/bin/appsrv		--	gen_context(system_u:object_r:unconfined_exec_t,s0)
@@ -33455,6 +33543,8 @@
 +/usr/bin/runhaskell  --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 +/usr/libexec/ghc-[^/]+/.*bin  --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 +/usr/libexec/ghc-[^/]+/ghc-.*  --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
++
++/opt/real/(.*/)?realplay\.bin --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.3.1/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2008-06-12 23:38:01.000000000 -0400
 +++ serefpolicy-3.3.1/policy/modules/system/unconfined.if	2008-06-12 23:38:02.000000000 -0400
@@ -34152,7 +34242,7 @@
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-06-12 23:38:01.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2008-06-24 06:25:05.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2008-06-27 07:06:25.000000000 -0400
 @@ -29,9 +29,14 @@
  	')
  
@@ -36474,7 +36564,16 @@
  ')
  
  ########################################
-@@ -4839,6 +5116,26 @@
+@@ -4815,6 +5092,8 @@
+ 	')
+ 
+ 	dontaudit $1 { home_dir_type home_type }:dir search_dir_perms;
++	fs_dontaudit_list_nfs($1)
++	fs_dontaudit_list_cifs($1)
+ ')
+ 
+ ########################################
+@@ -4839,6 +5118,26 @@
  
  ########################################
  ## <summary>
@@ -36501,7 +36600,7 @@
  ##	Create, read, write, and delete all directories
  ##	in all users home directories.
  ## </summary>
-@@ -4859,6 +5156,25 @@
+@@ -4859,6 +5158,25 @@
  
  ########################################
  ## <summary>
@@ -36527,7 +36626,7 @@
  ##	Create, read, write, and delete all files
  ##	in all users home directories.
  ## </summary>
-@@ -4879,6 +5195,26 @@
+@@ -4879,6 +5197,26 @@
  
  ########################################
  ## <summary>
@@ -36554,7 +36653,7 @@
  ##	Create, read, write, and delete all symlinks
  ##	in all users home directories.
  ## </summary>
-@@ -5115,7 +5451,7 @@
+@@ -5115,7 +5453,7 @@
  #
  interface(`userdom_relabelto_generic_user_home_dirs',`
  	gen_require(`
@@ -36563,7 +36662,7 @@
  	')
  
  	files_search_home($1)
-@@ -5304,8 +5640,8 @@
+@@ -5304,8 +5642,8 @@
  
  ########################################
  ## <summary>
@@ -36574,7 +36673,7 @@
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -5313,19 +5649,26 @@
+@@ -5313,19 +5651,26 @@
  ##	</summary>
  ## </param>
  #
@@ -36605,7 +36704,7 @@
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -5333,18 +5676,29 @@
+@@ -5333,18 +5678,29 @@
  ##	</summary>
  ## </param>
  #
@@ -36638,7 +36737,7 @@
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -5352,17 +5706,19 @@
+@@ -5352,17 +5708,19 @@
  ##	</summary>
  ## </param>
  #
@@ -36662,7 +36761,7 @@
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -5370,14 +5726,51 @@
+@@ -5370,14 +5728,51 @@
  ##	</summary>
  ## </param>
  #
@@ -36719,7 +36818,7 @@
  
  ########################################
  ## <summary>
-@@ -5509,6 +5902,42 @@
+@@ -5509,6 +5904,42 @@
  
  ########################################
  ## <summary>
@@ -36762,7 +36861,7 @@
  ##	Read and write unprivileged user ttys.
  ## </summary>
  ## <param name="domain">
-@@ -5559,7 +5988,7 @@
+@@ -5559,7 +5990,7 @@
  		attribute userdomain;
  	')
  
@@ -36771,7 +36870,7 @@
  	kernel_search_proc($1)
  ')
  
-@@ -5674,6 +6103,42 @@
+@@ -5674,6 +6105,42 @@
  
  ########################################
  ## <summary>
@@ -36814,7 +36913,7 @@
  ##	Send a dbus message to all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -5704,3 +6169,408 @@
+@@ -5704,3 +6171,408 @@
  interface(`userdom_unconfined',`
  	refpolicywarn(`$0($*) has been deprecated.')
  ')


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-9/selinux-policy.spec,v
retrieving revision 1.687
retrieving revision 1.688
diff -u -r1.687 -r1.688
--- selinux-policy.spec	24 Jun 2008 11:14:24 -0000	1.687
+++ selinux-policy.spec	27 Jun 2008 11:15:46 -0000	1.688
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 71%{?dist}
+Release: 72%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -385,6 +385,9 @@
 %endif
 
 %changelog
+* Wed Jun 23 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-72
+- Fix file context of real player
+
 * Mon Jun 23 2008 Dan Walsh <dwalsh at redhat.com> 3.3.1-71
 - Allow system_mail_t to exec other mail clients
 - Label mogrel_rails as an apache server


