rpms/selinux-policy/F-12 policy-F12.patch, 1.121, 1.122 selinux-policy.spec, 1.954, 1.955
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 29 14:14:42 UTC 2009
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12568
Modified Files:
policy-F12.patch selinux-policy.spec
Log Message:
* Thu Oct 29 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-36
- Change labeling of /usr/share/yumex/yumex-yum-backend
- Allow initrc_t to request loading kernel modules
- Allow initrc_t to manage net_conf_t files
- Allow prelink to manage tmp files for "delta rpm"
- Allow livecd tool to transition to chfn and passwd
- Allow cupsd to bind to howl port
- Allow plymouth to delete /dev/null
- dontaudit leaked userdomain sockets to xauth
- Allow lircd to use pseudo terminal device
- Allow sambagui to send syslog messages
- dontaudit chrome using nfs and samba file systems if they are used for the homedir
- Allow prelude-dispatch ipc_lock and setpcap
- Change lircd /var/run specification
- Define ports for dhcpcv6
policy-F12.patch:
Makefile | 2
policy/flask/access_vectors | 1
policy/global_tunables | 24
policy/mcs | 10
policy/modules/admin/alsa.te | 2
policy/modules/admin/anaconda.te | 3
policy/modules/admin/brctl.te | 2
policy/modules/admin/certwatch.te | 2
policy/modules/admin/consoletype.te | 1
policy/modules/admin/dmesg.fc | 2
policy/modules/admin/dmesg.te | 10
policy/modules/admin/firstboot.te | 6
policy/modules/admin/logrotate.te | 13
policy/modules/admin/logwatch.te | 1
policy/modules/admin/mrtg.te | 1
policy/modules/admin/netutils.te | 1
policy/modules/admin/ntop.fc | 5
policy/modules/admin/ntop.if | 158 +++
policy/modules/admin/ntop.te | 40
policy/modules/admin/portage.te | 2
policy/modules/admin/prelink.if | 4
policy/modules/admin/prelink.te | 6
policy/modules/admin/readahead.te | 1
policy/modules/admin/rpm.fc | 20
policy/modules/admin/rpm.if | 324 ++++++
policy/modules/admin/rpm.te | 98 +
policy/modules/admin/shorewall.fc | 3
policy/modules/admin/shorewall.if | 40
policy/modules/admin/shorewall.te | 2
policy/modules/admin/smoltclient.fc | 4
policy/modules/admin/smoltclient.if | 1
policy/modules/admin/smoltclient.te | 66 +
policy/modules/admin/sudo.if | 13
policy/modules/admin/tmpreaper.te | 5
policy/modules/admin/tzdata.te | 2
policy/modules/admin/usermanage.if | 5
policy/modules/admin/usermanage.te | 34
policy/modules/admin/vbetool.te | 14
policy/modules/admin/vpn.te | 2
policy/modules/apps/calamaris.te | 7
policy/modules/apps/chrome.fc | 2
policy/modules/apps/chrome.if | 85 +
policy/modules/apps/chrome.te | 71 +
policy/modules/apps/cpufreqselector.te | 2
policy/modules/apps/execmem.fc | 35
policy/modules/apps/execmem.if | 76 +
policy/modules/apps/execmem.te | 11
policy/modules/apps/firewallgui.fc | 3
policy/modules/apps/firewallgui.if | 3
policy/modules/apps/firewallgui.te | 63 +
policy/modules/apps/gitosis.if | 45
policy/modules/apps/gnome.fc | 12
policy/modules/apps/gnome.if | 170 +++
policy/modules/apps/gnome.te | 99 +
policy/modules/apps/gpg.te | 20
policy/modules/apps/java.fc | 18
policy/modules/apps/java.if | 114 ++
policy/modules/apps/java.te | 19
policy/modules/apps/kdumpgui.fc | 2
policy/modules/apps/kdumpgui.if | 2
policy/modules/apps/kdumpgui.te | 65 +
policy/modules/apps/livecd.fc | 2
policy/modules/apps/livecd.if | 52 +
policy/modules/apps/livecd.te | 27
policy/modules/apps/loadkeys.te | 4
policy/modules/apps/mono.if | 101 +
policy/modules/apps/mono.te | 9
policy/modules/apps/mozilla.fc | 1
policy/modules/apps/mozilla.if | 32
policy/modules/apps/mozilla.te | 22
policy/modules/apps/nsplugin.fc | 11
policy/modules/apps/nsplugin.if | 323 ++++++
policy/modules/apps/nsplugin.te | 295 +++++
policy/modules/apps/openoffice.fc | 3
policy/modules/apps/openoffice.if | 93 +
policy/modules/apps/openoffice.te | 11
policy/modules/apps/pulseaudio.if | 2
policy/modules/apps/pulseaudio.te | 11
policy/modules/apps/qemu.fc | 4
policy/modules/apps/qemu.if | 189 +++
policy/modules/apps/qemu.te | 82 +
policy/modules/apps/sambagui.fc | 1
policy/modules/apps/sambagui.if | 2
policy/modules/apps/sambagui.te | 59 +
policy/modules/apps/sandbox.fc | 1
policy/modules/apps/sandbox.if | 184 +++
policy/modules/apps/sandbox.te | 330 ++++++
policy/modules/apps/screen.if | 7
policy/modules/apps/sectoolm.fc | 6
policy/modules/apps/sectoolm.if | 3
policy/modules/apps/sectoolm.te | 120 ++
policy/modules/apps/seunshare.fc | 2
policy/modules/apps/seunshare.if | 81 +
policy/modules/apps/seunshare.te | 45
policy/modules/apps/vmware.te | 1
policy/modules/apps/wine.fc | 24
policy/modules/apps/wine.if | 115 ++
policy/modules/apps/wine.te | 34
policy/modules/kernel/corecommands.fc | 32
policy/modules/kernel/corecommands.if | 21
policy/modules/kernel/corenetwork.te.in | 38
policy/modules/kernel/devices.fc | 11
policy/modules/kernel/devices.if | 255 +++++
policy/modules/kernel/devices.te | 25
policy/modules/kernel/domain.if | 151 ++
policy/modules/kernel/domain.te | 88 +
policy/modules/kernel/files.fc | 3
policy/modules/kernel/files.if | 324 ++++++
policy/modules/kernel/files.te | 6
policy/modules/kernel/filesystem.fc | 2
policy/modules/kernel/filesystem.if | 211 ++++
policy/modules/kernel/filesystem.te | 9
policy/modules/kernel/kernel.if | 58 +
policy/modules/kernel/kernel.te | 29
policy/modules/kernel/selinux.if | 25
policy/modules/kernel/storage.fc | 1
policy/modules/kernel/storage.if | 3
policy/modules/kernel/terminal.fc | 1
policy/modules/kernel/terminal.if | 40
policy/modules/kernel/terminal.te | 1
policy/modules/roles/guest.te | 8
policy/modules/roles/staff.te | 126 --
policy/modules/roles/sysadm.te | 124 --
policy/modules/roles/unconfineduser.fc | 8
policy/modules/roles/unconfineduser.if | 638 ++++++++++++
policy/modules/roles/unconfineduser.te | 426 ++++++++
policy/modules/roles/unprivuser.te | 127 --
policy/modules/roles/xguest.te | 37
policy/modules/services/abrt.fc | 2
policy/modules/services/abrt.if | 58 +
policy/modules/services/abrt.te | 26
policy/modules/services/afs.fc | 1
policy/modules/services/afs.te | 1
policy/modules/services/aisexec.fc | 12
policy/modules/services/aisexec.if | 106 ++
policy/modules/services/aisexec.te | 112 ++
policy/modules/services/amavis.te | 2
policy/modules/services/apache.fc | 41
policy/modules/services/apache.if | 410 +++++---
policy/modules/services/apache.te | 445 +++++++-
policy/modules/services/apm.te | 2
policy/modules/services/automount.te | 1
policy/modules/services/avahi.te | 2
policy/modules/services/bind.if | 40
policy/modules/services/bitlbee.te | 2
policy/modules/services/bluetooth.if | 21
policy/modules/services/bluetooth.te | 11
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.te | 33
policy/modules/services/certmaster.te | 2
policy/modules/services/chronyd.fc | 11
policy/modules/services/chronyd.if | 105 ++
policy/modules/services/chronyd.te | 67 +
policy/modules/services/clamav.te | 16
policy/modules/services/clogd.fc | 4
policy/modules/services/clogd.if | 98 +
policy/modules/services/clogd.te | 62 +
policy/modules/services/cobbler.fc | 2
policy/modules/services/cobbler.if | 24
policy/modules/services/cobbler.te | 5
policy/modules/services/consolekit.fc | 3
policy/modules/services/consolekit.if | 39
policy/modules/services/consolekit.te | 20
policy/modules/services/corosync.fc | 13
policy/modules/services/corosync.if | 108 ++
policy/modules/services/corosync.te | 109 ++
policy/modules/services/courier.if | 18
policy/modules/services/courier.te | 1
policy/modules/services/cron.fc | 6
policy/modules/services/cron.if | 72 +
policy/modules/services/cron.te | 82 +
policy/modules/services/cups.fc | 13
policy/modules/services/cups.te | 44
policy/modules/services/cvs.te | 1
policy/modules/services/cyrus.te | 1
policy/modules/services/dbus.if | 49
policy/modules/services/dbus.te | 25
policy/modules/services/dcc.te | 8
policy/modules/services/ddclient.if | 25
policy/modules/services/devicekit.fc | 2
policy/modules/services/devicekit.if | 22
policy/modules/services/devicekit.te | 58 +
policy/modules/services/dnsmasq.te | 12
policy/modules/services/dovecot.te | 22
policy/modules/services/exim.te | 5
policy/modules/services/fail2ban.te | 2
policy/modules/services/fetchmail.te | 2
policy/modules/services/fprintd.te | 4
policy/modules/services/ftp.te | 60 +
policy/modules/services/git.fc | 8
policy/modules/services/git.if | 286 +++++
policy/modules/services/git.te | 166 +++
policy/modules/services/gpm.te | 3
policy/modules/services/gpsd.fc | 5
policy/modules/services/gpsd.if | 27
policy/modules/services/gpsd.te | 14
policy/modules/services/hal.fc | 1
policy/modules/services/hal.if | 18
policy/modules/services/hal.te | 48
policy/modules/services/howl.te | 2
policy/modules/services/inetd.fc | 2
policy/modules/services/inetd.te | 4
policy/modules/services/irqbalance.te | 4
policy/modules/services/kerberos.te | 13
policy/modules/services/kerneloops.te | 2
policy/modules/services/ktalk.te | 1
policy/modules/services/lircd.fc | 2
policy/modules/services/lircd.if | 9
policy/modules/services/lircd.te | 23
policy/modules/services/mailman.te | 4
policy/modules/services/memcached.te | 2
policy/modules/services/milter.if | 2
policy/modules/services/modemmanager.te | 3
policy/modules/services/mta.fc | 2
policy/modules/services/mta.if | 10
policy/modules/services/mta.te | 36
policy/modules/services/munin.fc | 3
policy/modules/services/munin.te | 3
policy/modules/services/mysql.te | 7
policy/modules/services/nagios.fc | 16
policy/modules/services/nagios.if | 70 +
policy/modules/services/nagios.te | 72 -
policy/modules/services/networkmanager.fc | 14
policy/modules/services/networkmanager.if | 65 +
policy/modules/services/networkmanager.te | 115 +-
policy/modules/services/nis.fc | 5
policy/modules/services/nis.if | 87 +
policy/modules/services/nis.te | 13
policy/modules/services/nscd.if | 18
policy/modules/services/nscd.te | 17
policy/modules/services/nslcd.if | 8
policy/modules/services/ntp.if | 46
policy/modules/services/ntp.te | 8
policy/modules/services/nut.fc | 15
policy/modules/services/nut.if | 82 +
policy/modules/services/nut.te | 140 ++
policy/modules/services/nx.fc | 1
policy/modules/services/nx.if | 19
policy/modules/services/nx.te | 6
policy/modules/services/oddjob.if | 1
policy/modules/services/openvpn.te | 2
policy/modules/services/pcscd.te | 3
policy/modules/services/pegasus.te | 28
policy/modules/services/plymouth.fc | 5
policy/modules/services/plymouth.if | 286 +++++
policy/modules/services/plymouth.te | 97 +
policy/modules/services/policykit.fc | 5
policy/modules/services/policykit.if | 48
policy/modules/services/policykit.te | 64 -
policy/modules/services/postfix.fc | 2
policy/modules/services/postfix.if | 150 ++
policy/modules/services/postfix.te | 142 ++
policy/modules/services/postgresql.fc | 16
policy/modules/services/postgresql.if | 43
policy/modules/services/postgresql.te | 9
policy/modules/services/ppp.if | 6
policy/modules/services/ppp.te | 16
policy/modules/services/prelude.te | 3
policy/modules/services/privoxy.fc | 3
policy/modules/services/privoxy.te | 3
policy/modules/services/procmail.te | 12
policy/modules/services/pyzor.fc | 4
policy/modules/services/pyzor.if | 47
policy/modules/services/pyzor.te | 37
policy/modules/services/radvd.te | 1
policy/modules/services/razor.fc | 1
policy/modules/services/razor.if | 42
policy/modules/services/razor.te | 32
policy/modules/services/rgmanager.fc | 8
policy/modules/services/rgmanager.if | 59 +
policy/modules/services/rgmanager.te | 83 +
policy/modules/services/rhcs.fc | 22
policy/modules/services/rhcs.if | 348 ++++++
policy/modules/services/rhcs.te | 394 +++++++
policy/modules/services/ricci.te | 30
policy/modules/services/rpc.if | 7
policy/modules/services/rpc.te | 16
policy/modules/services/rpcbind.if | 20
policy/modules/services/rpcbind.te | 1
policy/modules/services/rsync.te | 23
policy/modules/services/rtkit.if | 20
policy/modules/services/rtkit.te | 2
policy/modules/services/samba.fc | 4
policy/modules/services/samba.if | 104 ++
policy/modules/services/samba.te | 89 +
policy/modules/services/sasl.te | 15
policy/modules/services/sendmail.if | 137 ++
policy/modules/services/sendmail.te | 87 +
policy/modules/services/setroubleshoot.fc | 2
policy/modules/services/setroubleshoot.if | 123 ++
policy/modules/services/setroubleshoot.te | 81 +
policy/modules/services/smartmon.te | 15
policy/modules/services/snmp.if | 38
policy/modules/services/snmp.te | 4
policy/modules/services/spamassassin.fc | 15
policy/modules/services/spamassassin.if | 89 +
policy/modules/services/spamassassin.te | 138 ++
policy/modules/services/squid.te | 9
policy/modules/services/ssh.fc | 2
policy/modules/services/ssh.if | 184 ++-
policy/modules/services/ssh.te | 77 -
policy/modules/services/sssd.fc | 5
policy/modules/services/sssd.if | 43
policy/modules/services/sssd.te | 12
policy/modules/services/sysstat.te | 5
policy/modules/services/tftp.fc | 2
policy/modules/services/tuned.fc | 6
policy/modules/services/tuned.if | 140 ++
policy/modules/services/tuned.te | 58 +
policy/modules/services/uucp.te | 7
policy/modules/services/virt.fc | 13
policy/modules/services/virt.if | 181 +++
policy/modules/services/virt.te | 274 +++++
policy/modules/services/w3c.te | 7
policy/modules/services/xserver.fc | 37
policy/modules/services/xserver.if | 588 ++++++++++-
policy/modules/services/xserver.te | 337 +++++-
policy/modules/system/application.if | 20
policy/modules/system/application.te | 11
policy/modules/system/authlogin.fc | 9
policy/modules/system/authlogin.if | 207 +++-
policy/modules/system/authlogin.te | 10
policy/modules/system/fstools.fc | 2
policy/modules/system/fstools.te | 7
policy/modules/system/init.fc | 7
policy/modules/system/init.if | 158 ++-
policy/modules/system/init.te | 290 ++++-
policy/modules/system/ipsec.fc | 3
policy/modules/system/ipsec.if | 25
policy/modules/system/ipsec.te | 58 +
policy/modules/system/iptables.fc | 17
policy/modules/system/iptables.if | 97 +
policy/modules/system/iptables.te | 20
policy/modules/system/iscsi.if | 40
policy/modules/system/iscsi.te | 6
policy/modules/system/libraries.fc | 164 ++-
policy/modules/system/libraries.if | 5
policy/modules/system/libraries.te | 18
policy/modules/system/locallogin.te | 30
policy/modules/system/logging.fc | 12
policy/modules/system/logging.if | 18
policy/modules/system/logging.te | 38
policy/modules/system/lvm.if | 39
policy/modules/system/lvm.te | 29
policy/modules/system/miscfiles.fc | 2
policy/modules/system/miscfiles.if | 60 +
policy/modules/system/miscfiles.te | 3
policy/modules/system/modutils.fc | 1
policy/modules/system/modutils.if | 46
policy/modules/system/modutils.te | 46
policy/modules/system/mount.fc | 7
policy/modules/system/mount.if | 2
policy/modules/system/mount.te | 76 +
policy/modules/system/raid.fc | 2
policy/modules/system/raid.te | 8
policy/modules/system/selinuxutil.fc | 17
policy/modules/system/selinuxutil.if | 309 ++++++
policy/modules/system/selinuxutil.te | 229 +---
policy/modules/system/setrans.if | 20
policy/modules/system/sysnetwork.fc | 9
policy/modules/system/sysnetwork.if | 117 ++
policy/modules/system/sysnetwork.te | 77 +
policy/modules/system/udev.fc | 3
policy/modules/system/udev.if | 39
policy/modules/system/udev.te | 39
policy/modules/system/unconfined.fc | 15
policy/modules/system/unconfined.if | 443 --------
policy/modules/system/unconfined.te | 224 ----
policy/modules/system/userdomain.fc | 6
policy/modules/system/userdomain.if | 1517 ++++++++++++++++++++++--------
policy/modules/system/userdomain.te | 47
policy/modules/system/xen.fc | 6
policy/modules/system/xen.if | 28
policy/modules/system/xen.te | 137 ++
policy/support/obj_perm_sets.spt | 14
policy/users | 13
376 files changed, 18267 insertions(+), 2760 deletions(-)
Index: policy-F12.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-12/policy-F12.patch,v
retrieving revision 1.121
retrieving revision 1.122
diff -u -p -r1.121 -r1.122
--- policy-F12.patch 27 Oct 2009 21:53:29 -0000 1.121
+++ policy-F12.patch 29 Oct 2009 14:14:24 -0000 1.122
@@ -561,7 +561,7 @@ diff -b -B --ignore-all-space --exclude-
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.6.32/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/admin/prelink.te 2009-10-15 15:48:26.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/admin/prelink.te 2009-10-28 08:45:40.000000000 -0400
@@ -80,6 +80,7 @@
selinux_get_enforce_mode(prelink_t)
@@ -578,6 +578,16 @@ diff -b -B --ignore-all-space --exclude-
optional_policy(`
amanda_manage_lib(prelink_t)
+@@ -99,5 +101,9 @@
+ ')
+
+ optional_policy(`
++ rpm_manage_tmp_files(prelink_t)
++')
++
++optional_policy(`
+ unconfined_domain(prelink_t)
+ ')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.6.32/policy/modules/admin/readahead.te
--- nsaserefpolicy/policy/modules/admin/readahead.te 2009-09-16 09:09:20.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/admin/readahead.te 2009-09-30 16:12:48.000000000 -0400
@@ -591,8 +601,8 @@ diff -b -B --ignore-all-space --exclude-
files_dontaudit_getattr_all_sockets(readahead_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.6.32/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/admin/rpm.fc 2009-09-30 16:12:48.000000000 -0400
-@@ -1,17 +1,17 @@
++++ serefpolicy-3.6.32/policy/modules/admin/rpm.fc 2009-10-28 08:38:25.000000000 -0400
+@@ -1,18 +1,18 @@
/bin/rpm -- gen_context(system_u:object_r:rpm_exec_t,s0)
+/usr/bin/rpm -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -610,11 +620,13 @@ diff -b -B --ignore-all-space --exclude-
/usr/sbin/system-install-packages -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/yum-updatesd -- gen_context(system_u:object_r:rpm_exec_t,s0)
-
+-/usr/share/yumex/yumex -- gen_context(system_u:object_r:rpm_exec_t,s0)
+/usr/sbin/packagekitd -- gen_context(system_u:object_r:rpm_exec_t,s0)
+/usr/libexec/yumDBUSBackend.py -- gen_context(system_u:object_r:rpm_exec_t,s0)
- /usr/share/yumex/yumex -- gen_context(system_u:object_r:rpm_exec_t,s0)
++/usr/share/yumex/yumex-yum-backend -- gen_context(system_u:object_r:rpm_exec_t,s0)
ifdef(`distro_redhat', `
+ /usr/bin/fedora-rmdevelrpms -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -21,15 +21,23 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -641,7 +653,7 @@ diff -b -B --ignore-all-space --exclude-
/usr/bin/online_update -- gen_context(system_u:object_r:rpm_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.6.32/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/admin/rpm.if 2009-10-23 08:38:05.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/admin/rpm.if 2009-10-28 08:45:03.000000000 -0400
@@ -13,11 +13,34 @@
interface(`rpm_domtrans',`
gen_require(`
@@ -1864,8 +1876,8 @@ diff -b -B --ignore-all-space --exclude-
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.te serefpolicy-3.6.32/policy/modules/apps/chrome.te
--- nsaserefpolicy/policy/modules/apps/chrome.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/apps/chrome.te 2009-10-26 09:18:12.000000000 -0400
-@@ -0,0 +1,61 @@
++++ serefpolicy-3.6.32/policy/modules/apps/chrome.te 2009-10-29 08:55:06.000000000 -0400
+@@ -0,0 +1,71 @@
+policy_module(chrome,1.0.0)
+
+########################################
@@ -1927,6 +1939,16 @@ diff -b -B --ignore-all-space --exclude-
+ execmem_exec(chrome_sandbox_t)
+')
+
++tunable_policy(`use_nfs_home_dirs',`
++ fs_dontaudit_append_nfs_files(chrome_sandbox_t)
++ fs_dontaudit_read_nfs_files(chrome_sandbox_t)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++ fs_dontaudit_append_cifs_files(chrome_sandbox_t)
++ fs_dontaudit_read_cifs_files(chrome_sandbox_t)
++')
++
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.te serefpolicy-3.6.32/policy/modules/apps/cpufreqselector.te
--- nsaserefpolicy/policy/modules/apps/cpufreqselector.te 2009-09-09 09:23:16.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/apps/cpufreqselector.te 2009-09-30 16:12:48.000000000 -0400
@@ -2910,8 +2932,8 @@ diff -b -B --ignore-all-space --exclude-
+/usr/bin/livecd-creator -- gen_context(system_u:object_r:livecd_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.6.32/policy/modules/apps/livecd.if
--- nsaserefpolicy/policy/modules/apps/livecd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/apps/livecd.if 2009-09-30 16:12:48.000000000 -0400
-@@ -0,0 +1,50 @@
++++ serefpolicy-3.6.32/policy/modules/apps/livecd.if 2009-10-28 11:28:39.000000000 -0400
+@@ -0,0 +1,52 @@
+
+## <summary>policy for livecd</summary>
+
@@ -2960,12 +2982,14 @@ diff -b -B --ignore-all-space --exclude-
+ role $2 types livecd_t;
+
+ seutil_run_setfiles_mac(livecd_t, $2)
++ usermanage_run_passwd(livecd_t, $2)
++ usermanage_run_chfn(livecd_t, $2)
+')
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.6.32/policy/modules/apps/livecd.te
--- nsaserefpolicy/policy/modules/apps/livecd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/apps/livecd.te 2009-09-30 16:12:48.000000000 -0400
-@@ -0,0 +1,26 @@
++++ serefpolicy-3.6.32/policy/modules/apps/livecd.te 2009-10-28 11:28:10.000000000 -0400
+@@ -0,0 +1,27 @@
+policy_module(livecd, 1.0.0)
+
+########################################
@@ -2992,6 +3016,7 @@ diff -b -B --ignore-all-space --exclude-
+')
+
+seutil_domtrans_setfiles_mac(livecd_t)
++
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.6.32/policy/modules/apps/loadkeys.te
--- nsaserefpolicy/policy/modules/apps/loadkeys.te 2009-08-14 16:14:31.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/apps/loadkeys.te 2009-10-01 14:51:17.000000000 -0400
@@ -3216,7 +3241,7 @@ diff -b -B --ignore-all-space --exclude-
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.6.32/policy/modules/apps/mozilla.te
--- nsaserefpolicy/policy/modules/apps/mozilla.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/apps/mozilla.te 2009-10-07 13:48:30.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/apps/mozilla.te 2009-10-29 08:54:49.000000000 -0400
@@ -59,6 +59,7 @@
manage_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
manage_lnk_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
@@ -4446,8 +4471,8 @@ diff -b -B --ignore-all-space --exclude-
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.6.32/policy/modules/apps/sambagui.te
--- nsaserefpolicy/policy/modules/apps/sambagui.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/apps/sambagui.te 2009-10-19 09:18:38.000000000 -0400
-@@ -0,0 +1,57 @@
++++ serefpolicy-3.6.32/policy/modules/apps/sambagui.te 2009-10-29 08:45:14.000000000 -0400
+@@ -0,0 +1,59 @@
+policy_module(sambagui,1.0.0)
+
+########################################
@@ -4488,6 +4513,8 @@ diff -b -B --ignore-all-space --exclude-
+
+auth_use_nsswitch(sambagui_t)
+
++logging_send_syslog_msg(sambagui_t)
++
+miscfiles_read_localization(sambagui_t)
+
+# read meminfo
@@ -5698,7 +5725,7 @@ diff -b -B --ignore-all-space --exclude-
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.32/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/kernel/corenetwork.te.in 2009-10-26 15:32:50.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/kernel/corenetwork.te.in 2009-10-29 09:23:17.000000000 -0400
@@ -65,6 +65,7 @@
type server_packet_t, packet_type, server_packet_type;
@@ -5716,8 +5743,9 @@ diff -b -B --ignore-all-space --exclude-
network_port(dcc, udp,6276,s0, udp,6277,s0)
network_port(dccm, tcp,5679,s0, udp,5679,s0)
-network_port(dhcpc, udp,68,s0)
-+network_port(dhcpc, udp,68,s0, tcp,68,s0)
- network_port(dhcpd, udp,67,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0, tcp,7911,s0)
+-network_port(dhcpd, udp,67,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0, tcp,7911,s0)
++network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,547,s0, tcp, 547,s0)
++network_port(dhcpd, udp,67,s0, udp,548,s0, tcp, 548,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0, tcp,7911,s0)
network_port(dict, tcp,2628,s0)
network_port(distccd, tcp,3632,s0)
network_port(dns, udp,53,s0, tcp,53,s0)
@@ -5881,7 +5909,7 @@ diff -b -B --ignore-all-space --exclude-
/var/named/chroot/dev/zero -c gen_context(system_u:object_r:zero_device_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.6.32/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2009-08-28 14:58:20.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/kernel/devices.if 2009-10-19 09:10:56.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/kernel/devices.if 2009-10-29 08:29:49.000000000 -0400
@@ -1692,6 +1692,78 @@
########################################
@@ -7073,7 +7101,7 @@ diff -b -B --ignore-all-space --exclude-
+/dev/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.6.32/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/kernel/filesystem.if 2009-10-27 11:11:17.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/kernel/filesystem.if 2009-10-29 08:53:01.000000000 -0400
@@ -1149,6 +1149,44 @@
domain_auto_transition_pattern($1, cifs_t, $2)
')
@@ -7619,7 +7647,7 @@ diff -b -B --ignore-all-space --exclude-
/dev/tty -c gen_context(system_u:object_r:devtty_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.6.32/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2009-09-09 09:23:16.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/kernel/terminal.if 2009-10-20 18:45:22.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/kernel/terminal.if 2009-10-29 08:39:50.000000000 -0400
@@ -196,7 +196,7 @@
dev_list_all_dev_nodes($1)
@@ -8887,8 +8915,8 @@ diff -b -B --ignore-all-space --exclude-
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.6.32/policy/modules/roles/unconfineduser.te
--- nsaserefpolicy/policy/modules/roles/unconfineduser.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/roles/unconfineduser.te 2009-10-23 08:59:33.000000000 -0400
-@@ -0,0 +1,425 @@
++++ serefpolicy-3.6.32/policy/modules/roles/unconfineduser.te 2009-10-28 11:33:25.000000000 -0400
+@@ -0,0 +1,426 @@
+policy_module(unconfineduser, 1.0.0)
+
+########################################
@@ -9111,6 +9139,7 @@ diff -b -B --ignore-all-space --exclude-
+
+optional_policy(`
+ java_role_template(unconfined, unconfined_r, unconfined_t)
++ role system_r types unconfined_java_t;
+
+ files_execmod_all_files(unconfined_java_t)
+
@@ -12229,6 +12258,16 @@ diff -b -B --ignore-all-space --exclude-
+
+type cobbler_var_lib_t;
+files_type(cobbler_var_lib_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.6.32/policy/modules/services/consolekit.fc
+--- nsaserefpolicy/policy/modules/services/consolekit.fc 2009-07-14 14:19:57.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/consolekit.fc 2009-10-29 09:17:15.000000000 -0400
+@@ -2,4 +2,5 @@
+
+ /var/log/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_log_t,s0)
+ /var/run/consolekit\.pid -- gen_context(system_u:object_r:consolekit_var_run_t,s0)
+-/var/run/ConsoleKit(/.*)? -- gen_context(system_u:object_r:consolekit_var_run_t,s0)
++
++/var/run/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.6.32/policy/modules/services/consolekit.if
--- nsaserefpolicy/policy/modules/services/consolekit.if 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/services/consolekit.if 2009-09-30 16:12:48.000000000 -0400
@@ -13081,7 +13120,7 @@ diff -b -B --ignore-all-space --exclude-
+/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.6.32/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/cups.te 2009-10-20 18:48:38.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/cups.te 2009-10-29 08:36:18.000000000 -0400
@@ -23,6 +23,9 @@
type cupsd_initrc_exec_t;
init_script_file(cupsd_initrc_exec_t)
@@ -13127,7 +13166,15 @@ diff -b -B --ignore-all-space --exclude-
corenet_all_recvfrom_unlabeled(cupsd_t)
corenet_all_recvfrom_netlabel(cupsd_t)
-@@ -250,6 +260,7 @@
+@@ -171,6 +181,7 @@
+ corenet_udp_bind_generic_node(cupsd_t)
+ corenet_tcp_bind_ipp_port(cupsd_t)
+ corenet_udp_bind_ipp_port(cupsd_t)
++corenet_udp_bind_howl_port(cupsd_t)
+ corenet_tcp_bind_reserved_port(cupsd_t)
+ corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
+ corenet_tcp_bind_all_rpc_ports(cupsd_t)
+@@ -250,6 +261,7 @@
miscfiles_read_localization(cupsd_t)
# invoking ghostscript needs to read fonts
miscfiles_read_fonts(cupsd_t)
@@ -13135,7 +13182,7 @@ diff -b -B --ignore-all-space --exclude-
seutil_read_config(cupsd_t)
sysnet_exec_ifconfig(cupsd_t)
-@@ -317,6 +328,10 @@
+@@ -317,6 +329,10 @@
')
optional_policy(`
@@ -13146,7 +13193,7 @@ diff -b -B --ignore-all-space --exclude-
udev_read_db(cupsd_t)
')
-@@ -327,7 +342,7 @@
+@@ -327,7 +343,7 @@
allow cupsd_config_t self:capability { chown dac_override sys_tty_config };
dontaudit cupsd_config_t self:capability sys_tty_config;
@@ -13155,7 +13202,7 @@ diff -b -B --ignore-all-space --exclude-
allow cupsd_config_t self:fifo_file rw_fifo_file_perms;
allow cupsd_config_t self:unix_stream_socket create_socket_perms;
allow cupsd_config_t self:unix_dgram_socket create_socket_perms;
-@@ -407,6 +422,7 @@
+@@ -407,6 +423,7 @@
userdom_dontaudit_use_unpriv_user_fds(cupsd_config_t)
userdom_dontaudit_search_user_home_dirs(cupsd_config_t)
@@ -13163,7 +13210,7 @@ diff -b -B --ignore-all-space --exclude-
cups_stream_connect(cupsd_config_t)
-@@ -419,12 +435,15 @@
+@@ -419,12 +436,15 @@
')
optional_policy(`
@@ -13181,7 +13228,7 @@ diff -b -B --ignore-all-space --exclude-
optional_policy(`
hal_dbus_chat(cupsd_config_t)
-@@ -446,6 +465,10 @@
+@@ -446,6 +466,10 @@
')
optional_policy(`
@@ -13192,7 +13239,7 @@ diff -b -B --ignore-all-space --exclude-
rpm_read_db(cupsd_config_t)
')
-@@ -542,6 +565,8 @@
+@@ -542,6 +566,8 @@
manage_dirs_pattern(cups_pdf_t, cups_pdf_tmp_t, cups_pdf_tmp_t)
files_tmp_filetrans(cups_pdf_t, cups_pdf_tmp_t, { file dir })
@@ -13201,7 +13248,7 @@ diff -b -B --ignore-all-space --exclude-
kernel_read_system_state(cups_pdf_t)
files_read_etc_files(cups_pdf_t)
-@@ -556,11 +581,15 @@
+@@ -556,11 +582,15 @@
miscfiles_read_fonts(cups_pdf_t)
userdom_home_filetrans_user_home_dir(cups_pdf_t)
@@ -13217,7 +13264,7 @@ diff -b -B --ignore-all-space --exclude-
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(cups_pdf_t)
-@@ -601,6 +630,9 @@
+@@ -601,6 +631,9 @@
read_lnk_files_pattern(hplip_t, hplip_etc_t, hplip_etc_t)
files_search_etc(hplip_t)
@@ -13227,6 +13274,14 @@ diff -b -B --ignore-all-space --exclude-
manage_fifo_files_pattern(hplip_t, hplip_tmp_t, hplip_tmp_t)
files_tmp_filetrans(hplip_t, hplip_tmp_t, fifo_file )
+@@ -627,6 +660,7 @@
+ corenet_tcp_connect_ipp_port(hplip_t)
+ corenet_sendrecv_hplip_client_packets(hplip_t)
+ corenet_receive_hplip_server_packets(hplip_t)
++corenet_udp_bind_howl_port(hplip_t)
+
+ dev_read_sysfs(hplip_t)
+ dev_rw_printer(hplip_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.6.32/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2009-08-14 16:14:31.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/services/cvs.te 2009-09-30 16:12:48.000000000 -0400
@@ -14916,12 +14971,13 @@ diff -b -B --ignore-all-space --exclude-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.fc serefpolicy-3.6.32/policy/modules/services/lircd.fc
--- nsaserefpolicy/policy/modules/services/lircd.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/lircd.fc 2009-10-19 09:13:19.000000000 -0400
-@@ -6,3 +6,4 @@
++++ serefpolicy-3.6.32/policy/modules/services/lircd.fc 2009-10-29 09:05:50.000000000 -0400
+@@ -6,3 +6,5 @@
/usr/sbin/lircd -- gen_context(system_u:object_r:lircd_exec_t,s0)
/var/run/lircd\.pid gen_context(system_u:object_r:lircd_var_run_t,s0)
+/var/run/lircd(/.*)? gen_context(system_u:object_r:lircd_var_run_t,s0)
++/var/run/lirc(/.*)? gen_context(system_u:object_r:lircd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.if serefpolicy-3.6.32/policy/modules/services/lircd.if
--- nsaserefpolicy/policy/modules/services/lircd.if 2009-07-14 14:19:57.000000000 -0400
+++ serefpolicy-3.6.32/policy/modules/services/lircd.if 2009-10-23 09:32:21.000000000 -0400
@@ -14958,7 +15014,7 @@ diff -b -B --ignore-all-space --exclude-
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.6.32/policy/modules/services/lircd.te
--- nsaserefpolicy/policy/modules/services/lircd.te 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/lircd.te 2009-10-23 09:34:30.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/lircd.te 2009-10-29 08:39:44.000000000 -0400
@@ -16,13 +16,9 @@
type lircd_etc_t;
files_type(lircd_etc_t)
@@ -14974,7 +15030,7 @@ diff -b -B --ignore-all-space --exclude-
########################################
#
# lircd local policy
-@@ -34,15 +30,24 @@
+@@ -34,15 +30,26 @@
# etc file
read_files_pattern(lircd_t, lircd_etc_t, lircd_etc_t)
@@ -14992,6 +15048,8 @@ diff -b -B --ignore-all-space --exclude-
+dev_filetrans_lirc(lircd_t)
+dev_rw_lirc(lircd_t)
+dev_rw_input_dev(lircd_t)
++
++term_use_ptmx(lircd_t)
logging_send_syslog_msg(lircd_t)
@@ -17038,8 +17096,8 @@ diff -b -B --ignore-all-space --exclude-
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouth.te serefpolicy-3.6.32/policy/modules/services/plymouth.te
--- nsaserefpolicy/policy/modules/services/plymouth.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/services/plymouth.te 2009-10-18 12:52:36.000000000 -0400
-@@ -0,0 +1,96 @@
++++ serefpolicy-3.6.32/policy/modules/services/plymouth.te 2009-10-29 08:30:08.000000000 -0400
+@@ -0,0 +1,97 @@
+policy_module(plymouthd, 1.0.0)
+
+########################################
@@ -17091,6 +17149,7 @@ diff -b -B --ignore-all-space --exclude-
+dev_read_sysfs(plymouthd_t)
+dev_read_framebuffer(plymouthd_t)
+dev_write_framebuffer(plymouthd_t)
++dev_delete_null(plymouthd_t)
+
+domain_use_interactive_fds(plymouthd_t)
+
@@ -18249,11 +18308,13 @@ diff -b -B --ignore-all-space --exclude-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.6.32/policy/modules/services/prelude.te
--- nsaserefpolicy/policy/modules/services/prelude.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/prelude.te 2009-09-30 16:12:48.000000000 -0400
-@@ -123,6 +123,7 @@
++++ serefpolicy-3.6.32/policy/modules/services/prelude.te 2009-10-29 08:57:18.000000000 -0400
+@@ -122,7 +122,8 @@
+ #
# prelude_audisp local policy
#
- allow prelude_audisp_t self:capability dac_override;
+-allow prelude_audisp_t self:capability dac_override;
++allow prelude_audisp_t self:capability { dac_override ipc_lock setpcap };
+allow prelude_audisp_t self:process { getcap setcap };
allow prelude_audisp_t self:fifo_file rw_file_perms;
allow prelude_audisp_t self:unix_stream_socket create_stream_socket_perms;
@@ -22561,7 +22622,7 @@ diff -b -B --ignore-all-space --exclude-
+/var/run/libvirt/qemu(/.*)? gen_context(system_u:object_r:svirt_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.6.32/policy/modules/services/virt.if
--- nsaserefpolicy/policy/modules/services/virt.if 2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/virt.if 2009-10-26 13:38:47.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/virt.if 2009-10-28 12:01:39.000000000 -0400
@@ -136,7 +136,7 @@
')
@@ -22683,7 +22744,7 @@ diff -b -B --ignore-all-space --exclude-
fs_read_cifs_symlinks($1)
')
')
-@@ -346,3 +419,94 @@
+@@ -346,3 +419,95 @@
virt_manage_log($1)
')
@@ -22743,6 +22804,7 @@ diff -b -B --ignore-all-space --exclude-
+ stream_connect_pattern(virtd_t, $1_var_run_t, $1_var_run_t, virt_domain)
+ manage_dirs_pattern(virtd_t, $1_var_run_t, $1_var_run_t)
+ manage_files_pattern(virtd_t, $1_var_run_t, $1_var_run_t)
++ manage_sock_files_pattern(virtd_t, $1_var_run_t, $1_var_run_t)
+
+ manage_dirs_pattern($1_t, $1_var_run_t, $1_var_run_t)
+ manage_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
@@ -22780,7 +22842,7 @@ diff -b -B --ignore-all-space --exclude-
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.32/policy/modules/services/virt.te
--- nsaserefpolicy/policy/modules/services/virt.te 2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/virt.te 2009-10-26 16:18:49.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/virt.te 2009-10-28 12:03:46.000000000 -0400
@@ -20,6 +20,28 @@
## </desc>
gen_tunable(virt_use_samba, false)
@@ -22861,7 +22923,7 @@ diff -b -B --ignore-all-space --exclude-
-allow virtd_t self:tun_socket create;
+allow virtd_t self:tun_socket create_socket_perms;
+
-+allow virtd_t virt_domain:process { setsched transition signal signull sigkill };
++allow virtd_t virt_domain:process { getattr getsched setsched transition signal signull sigkill };
read_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
read_lnk_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
@@ -24111,7 +24173,7 @@ diff -b -B --ignore-all-space --exclude-
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.32/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2009-08-28 14:58:20.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/xserver.te 2009-10-22 11:37:53.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/xserver.te 2009-10-29 08:27:01.000000000 -0400
@@ -34,6 +34,13 @@
## <desc>
@@ -24275,7 +24337,15 @@ diff -b -B --ignore-all-space --exclude-
domain_use_interactive_fds(xauth_t)
files_read_etc_files(xauth_t)
-@@ -300,20 +321,31 @@
+@@ -278,6 +299,7 @@
+
+ userdom_use_user_terminals(xauth_t)
+ userdom_read_user_tmp_files(xauth_t)
++userdom_dontaudit_rw_stream(xauth_t)
+
+ xserver_rw_xdm_tmp_files(xauth_t)
+
+@@ -300,20 +322,31 @@
# XDM Local policy
#
@@ -24310,7 +24380,7 @@ diff -b -B --ignore-all-space --exclude-
# Allow gdm to run gdm-binary
can_exec(xdm_t, xdm_exec_t)
-@@ -325,26 +357,43 @@
+@@ -325,26 +358,43 @@
# this is ugly, daemons should not create files under /etc!
manage_files_pattern(xdm_t, xdm_rw_etc_t, xdm_rw_etc_t)
@@ -24361,7 +24431,7 @@ diff -b -B --ignore-all-space --exclude-
allow xdm_t xserver_t:process signal;
allow xdm_t xserver_t:unix_stream_socket connectto;
-@@ -358,6 +407,7 @@
+@@ -358,6 +408,7 @@
allow xdm_t xserver_t:process { noatsecure siginh rlimitinh signal sigkill };
allow xdm_t xserver_t:shm rw_shm_perms;
@@ -24369,7 +24439,7 @@ diff -b -B --ignore-all-space --exclude-
# connect to xdm xserver over stream socket
stream_connect_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t, xserver_t)
-@@ -366,10 +416,14 @@
+@@ -366,10 +417,14 @@
delete_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
delete_sock_files_pattern(xdm_t, xserver_tmp_t, xserver_tmp_t)
@@ -24385,7 +24455,7 @@ diff -b -B --ignore-all-space --exclude-
kernel_read_system_state(xdm_t)
kernel_read_kernel_sysctls(xdm_t)
-@@ -389,11 +443,13 @@
+@@ -389,11 +444,13 @@
corenet_udp_sendrecv_all_ports(xdm_t)
corenet_tcp_bind_generic_node(xdm_t)
corenet_udp_bind_generic_node(xdm_t)
@@ -24399,7 +24469,7 @@ diff -b -B --ignore-all-space --exclude-
dev_read_rand(xdm_t)
dev_read_sysfs(xdm_t)
dev_getattr_framebuffer_dev(xdm_t)
-@@ -401,6 +457,7 @@
+@@ -401,6 +458,7 @@
dev_getattr_mouse_dev(xdm_t)
dev_setattr_mouse_dev(xdm_t)
dev_rw_apm_bios(xdm_t)
@@ -24407,7 +24477,7 @@ diff -b -B --ignore-all-space --exclude-
dev_setattr_apm_bios_dev(xdm_t)
dev_rw_dri(xdm_t)
dev_rw_agp(xdm_t)
-@@ -413,14 +470,17 @@
+@@ -413,14 +471,17 @@
dev_setattr_video_dev(xdm_t)
dev_getattr_scanner_dev(xdm_t)
dev_setattr_scanner_dev(xdm_t)
@@ -24427,7 +24497,7 @@ diff -b -B --ignore-all-space --exclude-
files_read_etc_files(xdm_t)
files_read_var_files(xdm_t)
-@@ -431,9 +491,13 @@
+@@ -431,9 +492,13 @@
files_read_usr_files(xdm_t)
# Poweroff wants to create the /poweroff file when run from xdm
files_create_boot_flag(xdm_t)
@@ -24441,7 +24511,7 @@ diff -b -B --ignore-all-space --exclude-
storage_dontaudit_read_fixed_disk(xdm_t)
storage_dontaudit_write_fixed_disk(xdm_t)
-@@ -442,6 +506,7 @@
+@@ -442,6 +507,7 @@
storage_dontaudit_raw_write_removable_device(xdm_t)
storage_dontaudit_setattr_removable_dev(xdm_t)
storage_dontaudit_rw_scsi_generic(xdm_t)
@@ -24449,7 +24519,7 @@ diff -b -B --ignore-all-space --exclude-
term_setattr_console(xdm_t)
term_use_unallocated_ttys(xdm_t)
-@@ -450,6 +515,7 @@
+@@ -450,6 +516,7 @@
auth_domtrans_pam_console(xdm_t)
auth_manage_pam_pid(xdm_t)
auth_manage_pam_console_data(xdm_t)
@@ -24457,7 +24527,7 @@ diff -b -B --ignore-all-space --exclude-
auth_rw_faillog(xdm_t)
auth_write_login_records(xdm_t)
-@@ -460,10 +526,11 @@
+@@ -460,10 +527,11 @@
logging_read_generic_logs(xdm_t)
@@ -24471,7 +24541,7 @@ diff -b -B --ignore-all-space --exclude-
userdom_dontaudit_use_unpriv_user_fds(xdm_t)
userdom_create_all_users_keys(xdm_t)
-@@ -472,6 +539,9 @@
+@@ -472,6 +540,9 @@
# Search /proc for any user domain processes.
userdom_read_all_users_state(xdm_t)
userdom_signal_all_users(xdm_t)
@@ -24481,7 +24551,7 @@ diff -b -B --ignore-all-space --exclude-
xserver_rw_session(xdm_t, xdm_tmpfs_t)
xserver_unconfined(xdm_t)
-@@ -504,10 +574,12 @@
+@@ -504,10 +575,12 @@
optional_policy(`
alsa_domtrans(xdm_t)
@@ -24494,7 +24564,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -515,12 +587,46 @@
+@@ -515,12 +588,46 @@
')
optional_policy(`
@@ -24541,7 +24611,7 @@ diff -b -B --ignore-all-space --exclude-
hostname_exec(xdm_t)
')
-@@ -542,6 +648,38 @@
+@@ -542,6 +649,38 @@
')
optional_policy(`
@@ -24580,7 +24650,7 @@ diff -b -B --ignore-all-space --exclude-
seutil_sigchld_newrole(xdm_t)
')
-@@ -550,8 +688,9 @@
+@@ -550,8 +689,9 @@
')
optional_policy(`
@@ -24592,7 +24662,7 @@ diff -b -B --ignore-all-space --exclude-
ifndef(`distro_redhat',`
allow xdm_t self:process { execheap execmem };
-@@ -560,7 +699,6 @@
+@@ -560,7 +700,6 @@
ifdef(`distro_rhel4',`
allow xdm_t self:process { execheap execmem };
')
@@ -24600,7 +24670,7 @@ diff -b -B --ignore-all-space --exclude-
optional_policy(`
userhelper_dontaudit_search_config(xdm_t)
-@@ -571,6 +709,10 @@
+@@ -571,6 +710,10 @@
')
optional_policy(`
@@ -24611,7 +24681,7 @@ diff -b -B --ignore-all-space --exclude-
xfs_stream_connect(xdm_t)
')
-@@ -587,10 +729,9 @@
+@@ -587,10 +730,9 @@
# execheap needed until the X module loader is fixed.
# NVIDIA Needs execstack
@@ -24623,7 +24693,7 @@ diff -b -B --ignore-all-space --exclude-
allow xserver_t self:fd use;
allow xserver_t self:fifo_file rw_fifo_file_perms;
allow xserver_t self:sock_file read_sock_file_perms;
-@@ -602,9 +743,12 @@
+@@ -602,9 +744,12 @@
allow xserver_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow xserver_t self:tcp_socket create_stream_socket_perms;
allow xserver_t self:udp_socket create_socket_perms;
@@ -24636,7 +24706,7 @@ diff -b -B --ignore-all-space --exclude-
allow xserver_t { input_xevent_t input_xevent_type }:x_event send;
-@@ -616,13 +760,14 @@
+@@ -616,13 +761,14 @@
type_transition xserver_t xserver_t:{ x_drawable x_colormap } rootwindow_t;
allow xserver_t { rootwindow_t x_domain }:x_drawable send;
@@ -24652,7 +24722,7 @@ diff -b -B --ignore-all-space --exclude-
manage_dirs_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
manage_files_pattern(xserver_t, xserver_tmpfs_t, xserver_tmpfs_t)
-@@ -635,9 +780,19 @@
+@@ -635,9 +781,19 @@
manage_lnk_files_pattern(xserver_t, xkb_var_lib_t, xkb_var_lib_t)
files_search_var_lib(xserver_t)
@@ -24672,7 +24742,7 @@ diff -b -B --ignore-all-space --exclude-
kernel_read_system_state(xserver_t)
kernel_read_device_sysctls(xserver_t)
-@@ -671,7 +826,6 @@
+@@ -671,7 +827,6 @@
dev_rw_agp(xserver_t)
dev_rw_framebuffer(xserver_t)
dev_manage_dri_dev(xserver_t)
@@ -24680,7 +24750,7 @@ diff -b -B --ignore-all-space --exclude-
dev_create_generic_dirs(xserver_t)
dev_setattr_generic_dirs(xserver_t)
# raw memory access is needed if not using the frame buffer
-@@ -681,9 +835,12 @@
+@@ -681,9 +836,12 @@
dev_rw_xserver_misc(xserver_t)
# read events - the synaptics touchpad driver reads raw events
dev_rw_input_dev(xserver_t)
@@ -24694,7 +24764,7 @@ diff -b -B --ignore-all-space --exclude-
files_read_etc_files(xserver_t)
files_read_etc_runtime_files(xserver_t)
-@@ -698,8 +855,12 @@
+@@ -698,8 +856,12 @@
fs_search_nfs(xserver_t)
fs_search_auto_mountpoints(xserver_t)
fs_search_ramfs(xserver_t)
@@ -24707,7 +24777,7 @@ diff -b -B --ignore-all-space --exclude-
selinux_validate_context(xserver_t)
selinux_compute_access_vector(xserver_t)
-@@ -721,6 +882,7 @@
+@@ -721,6 +883,7 @@
miscfiles_read_localization(xserver_t)
miscfiles_read_fonts(xserver_t)
@@ -24715,7 +24785,7 @@ diff -b -B --ignore-all-space --exclude-
modutils_domtrans_insmod(xserver_t)
-@@ -743,7 +905,7 @@
+@@ -743,7 +906,7 @@
')
ifdef(`enable_mls',`
@@ -24724,7 +24794,7 @@ diff -b -B --ignore-all-space --exclude-
range_transition xserver_t xserver_t:x_drawable s0 - mls_systemhigh;
')
-@@ -775,12 +937,20 @@
+@@ -775,12 +938,20 @@
')
optional_policy(`
@@ -24746,7 +24816,7 @@ diff -b -B --ignore-all-space --exclude-
unconfined_domtrans(xserver_t)
')
-@@ -807,12 +977,12 @@
+@@ -807,12 +978,12 @@
allow xserver_t xdm_var_lib_t:file { getattr read };
dontaudit xserver_t xdm_var_lib_t:dir search;
@@ -24763,7 +24833,7 @@ diff -b -B --ignore-all-space --exclude-
# Run xkbcomp.
allow xserver_t xkb_var_lib_t:lnk_file read;
-@@ -828,9 +998,14 @@
+@@ -828,9 +999,14 @@
# to read ROLE_home_t - examine this in more detail
# (xauth?)
userdom_read_user_home_content_files(xserver_t)
@@ -24778,7 +24848,7 @@ diff -b -B --ignore-all-space --exclude-
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_dirs(xserver_t)
fs_manage_nfs_files(xserver_t)
-@@ -845,11 +1020,14 @@
+@@ -845,11 +1021,14 @@
optional_policy(`
dbus_system_bus_client(xserver_t)
@@ -24794,7 +24864,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -882,6 +1060,8 @@
+@@ -882,6 +1061,8 @@
# X Server
# can read server-owned resources
allow x_domain xserver_t:x_resource read;
@@ -24803,7 +24873,7 @@ diff -b -B --ignore-all-space --exclude-
# can mess with own clients
allow x_domain self:x_client { manage destroy };
-@@ -906,6 +1086,8 @@
+@@ -906,6 +1087,8 @@
# operations allowed on my windows
allow x_domain self:x_drawable { create destroy getattr setattr read write show hide list_child add_child remove_child manage send receive };
@@ -24812,7 +24882,7 @@ diff -b -B --ignore-all-space --exclude-
# X Colormaps
# can use the default colormap
allow x_domain rootwindow_t:x_colormap { read use add_color };
-@@ -973,17 +1155,49 @@
+@@ -973,17 +1156,49 @@
allow xserver_unconfined_type { x_domain xserver_t }:x_resource *;
allow xserver_unconfined_type xevent_type:{ x_event x_synthetic_event } *;
@@ -24960,7 +25030,7 @@ diff -b -B --ignore-all-space --exclude-
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.32/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/system/authlogin.if 2009-10-14 10:09:41.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/system/authlogin.if 2009-10-28 09:49:28.000000000 -0400
@@ -40,17 +40,76 @@
## </summary>
## </param>
@@ -25626,7 +25696,7 @@ diff -b -B --ignore-all-space --exclude-
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.32/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/system/init.te 2009-10-08 12:27:01.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/system/init.te 2009-10-28 09:49:31.000000000 -0400
@@ -17,6 +17,20 @@
## </desc>
gen_tunable(init_upstart, false)
@@ -25751,7 +25821,11 @@ diff -b -B --ignore-all-space --exclude-
files_tmp_filetrans(initrc_t, initrc_tmp_t, { file dir })
init_write_initctl(initrc_t)
-@@ -249,10 +287,15 @@
+@@ -246,13 +284,19 @@
+ kernel_clear_ring_buffer(initrc_t)
+ kernel_get_sysvipc_info(initrc_t)
+ kernel_read_all_sysctls(initrc_t)
++kernel_request_load_module(initrc_t)
kernel_rw_all_sysctls(initrc_t)
# for lsof which is used by alsa shutdown:
kernel_dontaudit_getattr_message_if(initrc_t)
@@ -25769,7 +25843,7 @@ diff -b -B --ignore-all-space --exclude-
corenet_all_recvfrom_unlabeled(initrc_t)
corenet_all_recvfrom_netlabel(initrc_t)
-@@ -272,16 +315,63 @@
+@@ -272,16 +316,63 @@
dev_rw_sysfs(initrc_t)
dev_list_usbfs(initrc_t)
dev_read_framebuffer(initrc_t)
@@ -25834,7 +25908,7 @@ diff -b -B --ignore-all-space --exclude-
domain_kill_all_domains(initrc_t)
domain_signal_all_domains(initrc_t)
-@@ -291,7 +381,7 @@
+@@ -291,7 +382,7 @@
domain_sigchld_all_domains(initrc_t)
domain_read_all_domains_state(initrc_t)
domain_getattr_all_domains(initrc_t)
@@ -25843,7 +25917,7 @@ diff -b -B --ignore-all-space --exclude-
domain_getsession_all_domains(initrc_t)
domain_use_interactive_fds(initrc_t)
# for lsof which is used by alsa shutdown:
-@@ -306,14 +396,15 @@
+@@ -306,14 +397,15 @@
files_getattr_all_pipes(initrc_t)
files_getattr_all_sockets(initrc_t)
files_purge_tmp(initrc_t)
@@ -25861,7 +25935,7 @@ diff -b -B --ignore-all-space --exclude-
files_exec_etc_files(initrc_t)
files_read_usr_files(initrc_t)
files_manage_urandom_seed(initrc_t)
-@@ -324,48 +415,16 @@
+@@ -324,48 +416,16 @@
files_mounton_isid_type_dirs(initrc_t)
files_list_default(initrc_t)
files_mounton_default(initrc_t)
@@ -25914,7 +25988,7 @@ diff -b -B --ignore-all-space --exclude-
logging_send_syslog_msg(initrc_t)
logging_manage_generic_logs(initrc_t)
logging_read_all_logs(initrc_t)
-@@ -374,19 +433,22 @@
+@@ -374,19 +434,22 @@
miscfiles_read_localization(initrc_t)
# slapd needs to read cert files from its initscript
@@ -25938,7 +26012,7 @@ diff -b -B --ignore-all-space --exclude-
ifdef(`distro_debian',`
dev_setattr_generic_dirs(initrc_t)
-@@ -422,8 +484,6 @@
+@@ -422,16 +485,12 @@
# init scripts touch this
clock_dontaudit_write_adjtime(initrc_t)
@@ -25947,7 +26021,16 @@ diff -b -B --ignore-all-space --exclude-
# for integrated run_init to read run_init_type.
# happens during boot (/sbin/rc execs init scripts)
seutil_read_default_contexts(initrc_t)
-@@ -450,11 +510,9 @@
+
+ # /lib/rcscripts/net/system.sh rewrites resolv.conf :(
+- sysnet_create_config(initrc_t)
+- sysnet_write_config(initrc_t)
+- sysnet_setattr_config(initrc_t)
++ sysnet_manage_config(initrc_t)
+
+ optional_policy(`
+ arpwatch_manage_data_files(initrc_t)
+@@ -450,11 +509,9 @@
# Red Hat systems seem to have a stray
# fd open from the initrd
@@ -25960,7 +26043,7 @@ diff -b -B --ignore-all-space --exclude-
# These seem to be from the initrd
# during device initialization:
dev_create_generic_dirs(initrc_t)
-@@ -464,6 +522,7 @@
+@@ -464,6 +521,7 @@
storage_raw_read_fixed_disk(initrc_t)
storage_raw_write_fixed_disk(initrc_t)
@@ -25968,7 +26051,7 @@ diff -b -B --ignore-all-space --exclude-
files_create_boot_flag(initrc_t)
files_rw_boot_symlinks(initrc_t)
# wants to read /.fonts directory
-@@ -492,11 +551,17 @@
+@@ -492,11 +550,17 @@
optional_policy(`
bind_manage_config_dirs(initrc_t)
bind_write_config(initrc_t)
@@ -25986,7 +26069,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -515,6 +580,33 @@
+@@ -515,6 +579,33 @@
')
')
@@ -26020,7 +26103,7 @@ diff -b -B --ignore-all-space --exclude-
optional_policy(`
amavis_search_lib(initrc_t)
amavis_setattr_pid_files(initrc_t)
-@@ -567,10 +659,19 @@
+@@ -567,10 +658,19 @@
dbus_connect_system_bus(initrc_t)
dbus_system_bus_client(initrc_t)
dbus_read_config(initrc_t)
@@ -26040,7 +26123,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -590,6 +691,10 @@
+@@ -590,6 +690,10 @@
')
optional_policy(`
@@ -26051,7 +26134,7 @@ diff -b -B --ignore-all-space --exclude-
dev_read_usbfs(initrc_t)
# init scripts run /etc/hotplug/usb.rc
-@@ -646,20 +751,20 @@
+@@ -646,20 +750,20 @@
')
optional_policy(`
@@ -26078,7 +26161,7 @@ diff -b -B --ignore-all-space --exclude-
optional_policy(`
ifdef(`distro_redhat',`
-@@ -668,6 +773,7 @@
+@@ -668,6 +772,7 @@
mysql_stream_connect(initrc_t)
mysql_write_log(initrc_t)
@@ -26086,7 +26169,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -696,7 +802,6 @@
+@@ -696,7 +801,6 @@
')
optional_policy(`
@@ -26094,7 +26177,7 @@ diff -b -B --ignore-all-space --exclude-
fs_write_ramfs_sockets(initrc_t)
fs_search_ramfs(initrc_t)
-@@ -718,8 +823,6 @@
+@@ -718,8 +822,6 @@
# bash tries ioctl for some reason
files_dontaudit_ioctl_all_pids(initrc_t)
@@ -26103,7 +26186,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -732,13 +835,16 @@
+@@ -732,13 +834,16 @@
squid_manage_logs(initrc_t)
')
@@ -26120,7 +26203,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -747,6 +853,7 @@
+@@ -747,6 +852,7 @@
optional_policy(`
udev_rw_db(initrc_t)
@@ -26128,7 +26211,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -754,6 +861,15 @@
+@@ -754,6 +860,15 @@
')
optional_policy(`
@@ -26144,7 +26227,7 @@ diff -b -B --ignore-all-space --exclude-
unconfined_domain(initrc_t)
ifdef(`distro_redhat',`
-@@ -764,6 +880,21 @@
+@@ -764,6 +879,21 @@
optional_policy(`
mono_domtrans(initrc_t)
')
@@ -26166,7 +26249,7 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -789,3 +920,31 @@
+@@ -789,3 +919,31 @@
optional_policy(`
zebra_read_config(initrc_t)
')
@@ -26242,7 +26325,7 @@ diff -b -B --ignore-all-space --exclude-
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.6.32/policy/modules/system/ipsec.te
--- nsaserefpolicy/policy/modules/system/ipsec.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/system/ipsec.te 2009-10-20 11:08:58.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/system/ipsec.te 2009-10-28 08:39:49.000000000 -0400
@@ -6,6 +6,13 @@
# Declarations
#
@@ -30307,7 +30390,7 @@ diff -b -B --ignore-all-space --exclude-
+HOME_DIR/\.gvfs(/.*)? <<none>>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.32/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-08-31 13:30:04.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/system/userdomain.if 2009-10-26 15:32:20.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/system/userdomain.if 2009-10-29 08:26:32.000000000 -0400
@@ -30,8 +30,9 @@
')
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-12/selinux-policy.spec,v
retrieving revision 1.954
retrieving revision 1.955
diff -u -p -r1.954 -r1.955
--- selinux-policy.spec 27 Oct 2009 21:14:53 -0000 1.954
+++ selinux-policy.spec 29 Oct 2009 14:14:27 -0000 1.955
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.32
-Release: 35%{?dist}
+Release: 36%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -445,6 +445,22 @@ exit 0
%endif
%changelog
+* Thu Oct 29 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-36
+- Change labeling of /usr/share/yumex/yumex-yum-backend
+- Allow initrc_t to request loading kernel modules
+- Allow initrc_t to manage net_conf_t files
+- Allow prelink to manage tmp files for "delta rpm"
+- Allow livecd tool to transition to chfn and passwd
+- Allow cupsd to bind to howl port
+- Allow plymouth to delete /dev/null
+- dontaudit leaked userdomain sockets to xauth
+- Allow lircd to use pseudo terminal device
+- Allow sambagui to send syslog messages
+- dontaudit chrome using nfs and samba file systems if they are used for the homedir
+- Allow prelude-dispatch ipc_lock and setpcap
+- Change lircd /var/run specification
+- Define ports for dhcpcv6
+
* Tue Oct 27 2009 Dan Walsh <dwalsh at redhat.com> 3.6.32-35
- Allow bittlebee to connect to privoxy port
- Allow iptables to work with shorewall
More information about the fedora-extras-commits
mailing list