rpms/selinux-policy/devel modules-minimum.conf, 1.30, 1.31 modules-mls.conf, 1.57, 1.58 modules-targeted.conf, 1.139, 1.140 policy-F12.patch, 1.74, 1.75 selinux-policy.spec, 1.913, 1.914
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Sep 8 23:55:33 UTC 2009
Author: dwalsh
Update of /cvs/extras/rpms/selinux-policy/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25056
Modified Files:
modules-minimum.conf modules-mls.conf modules-targeted.conf
policy-F12.patch selinux-policy.spec
Log Message:
* Tue Sep 8 2009 Dan Walsh <dwalsh at redhat.com> 3.6.30-6
- More fixes
Index: modules-minimum.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-minimum.conf,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -p -r1.30 -r1.31
--- modules-minimum.conf 26 Aug 2009 20:19:01 -0000 1.30
+++ modules-minimum.conf 8 Sep 2009 23:55:30 -0000 1.31
@@ -226,6 +226,13 @@ certmaster = module
cipe = module
# Layer: services
+# Module: chronyd
+#
+# Daemon for maintaining clock time
+#
+chronyd = module
+
+# Layer: services
# Module: comsat
#
# Comsat, a biff server.
Index: modules-mls.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-mls.conf,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -p -r1.57 -r1.58
--- modules-mls.conf 10 Aug 2009 18:22:10 -0000 1.57
+++ modules-mls.conf 8 Sep 2009 23:55:30 -0000 1.58
@@ -212,6 +212,13 @@ certwatch = module
certmaster = module
# Layer: services
+# Module: chronyd
+#
+# Daemon for maintaining clock time
+#
+chronyd = module
+
+q# Layer: services
# Module: cipe
#
# Encrypted tunnel daemon
Index: modules-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/modules-targeted.conf,v
retrieving revision 1.139
retrieving revision 1.140
diff -u -p -r1.139 -r1.140
--- modules-targeted.conf 26 Aug 2009 20:19:01 -0000 1.139
+++ modules-targeted.conf 8 Sep 2009 23:55:30 -0000 1.140
@@ -226,6 +226,13 @@ certmaster = module
cipe = module
# Layer: services
+# Module: chronyd
+#
+# Daemon for maintaining clock time
+#
+chronyd = module
+
+# Layer: services
# Module: comsat
#
# Comsat, a biff server.
policy-F12.patch:
Makefile | 2
policy/global_tunables | 24
policy/mcs | 10
policy/modules/admin/anaconda.te | 3
policy/modules/admin/certwatch.te | 1
policy/modules/admin/dmesg.fc | 2
policy/modules/admin/dmesg.te | 7
policy/modules/admin/firstboot.te | 6
policy/modules/admin/logrotate.te | 13
policy/modules/admin/logwatch.te | 1
policy/modules/admin/mrtg.te | 7
policy/modules/admin/portage.te | 2
policy/modules/admin/prelink.if | 19
policy/modules/admin/prelink.te | 1
policy/modules/admin/readahead.te | 3
policy/modules/admin/rpm.fc | 17
policy/modules/admin/rpm.if | 177 +++
policy/modules/admin/rpm.te | 65 +
policy/modules/admin/smoltclient.fc | 4
policy/modules/admin/smoltclient.if | 1
policy/modules/admin/smoltclient.te | 67 +
policy/modules/admin/sudo.if | 13
policy/modules/admin/tmpreaper.te | 4
policy/modules/admin/tzdata.te | 2
policy/modules/admin/usermanage.if | 5
policy/modules/admin/usermanage.te | 30
policy/modules/admin/vbetool.te | 16
policy/modules/apps/awstats.te | 4
policy/modules/apps/calamaris.te | 7
policy/modules/apps/cdrecord.te | 4
policy/modules/apps/cpufreqselector.te | 5
policy/modules/apps/gitosis.fc | 4
policy/modules/apps/gitosis.if | 96 ++
policy/modules/apps/gitosis.te | 36
policy/modules/apps/gnome.fc | 12
policy/modules/apps/gnome.if | 170 +++
policy/modules/apps/gnome.te | 93 +
policy/modules/apps/gpg.if | 2
policy/modules/apps/gpg.te | 16
policy/modules/apps/java.fc | 17
policy/modules/apps/java.if | 111 ++
policy/modules/apps/java.te | 12
policy/modules/apps/kdumpgui.fc | 2
policy/modules/apps/kdumpgui.if | 2
policy/modules/apps/kdumpgui.te | 66 +
policy/modules/apps/livecd.fc | 2
policy/modules/apps/livecd.if | 50 +
policy/modules/apps/livecd.te | 26
policy/modules/apps/mono.if | 101 ++
policy/modules/apps/mono.te | 9
policy/modules/apps/mozilla.fc | 1
policy/modules/apps/mozilla.if | 13
policy/modules/apps/mozilla.te | 21
policy/modules/apps/nsplugin.fc | 12
policy/modules/apps/nsplugin.if | 313 ++++++
policy/modules/apps/nsplugin.te | 289 ++++++
policy/modules/apps/openoffice.fc | 3
policy/modules/apps/openoffice.if | 93 +
policy/modules/apps/openoffice.te | 11
policy/modules/apps/pulseaudio.te | 6
policy/modules/apps/qemu.fc | 4
policy/modules/apps/qemu.if | 190 ++++
policy/modules/apps/qemu.te | 82 +
policy/modules/apps/sambagui.fc | 1
policy/modules/apps/sambagui.if | 2
policy/modules/apps/sambagui.te | 56 +
policy/modules/apps/sandbox.fc | 1
policy/modules/apps/sandbox.if | 167 +++
policy/modules/apps/sandbox.te | 304 ++++++
policy/modules/apps/screen.if | 31
policy/modules/apps/seunshare.fc | 2
policy/modules/apps/seunshare.if | 76 +
policy/modules/apps/seunshare.te | 37
policy/modules/apps/vmware.fc | 1
policy/modules/apps/vmware.te | 1
policy/modules/apps/webalizer.te | 2
policy/modules/apps/wine.fc | 23
policy/modules/apps/wine.if | 59 +
policy/modules/apps/wine.te | 34
policy/modules/kernel/corecommands.fc | 28
policy/modules/kernel/corecommands.if | 2
policy/modules/kernel/corenetwork.te.in | 30
policy/modules/kernel/devices.fc | 5
policy/modules/kernel/devices.if | 164 +++
policy/modules/kernel/devices.te | 19
policy/modules/kernel/domain.if | 132 ++
policy/modules/kernel/domain.te | 84 +
policy/modules/kernel/files.fc | 3
policy/modules/kernel/files.if | 298 ++++++
policy/modules/kernel/files.te | 6
policy/modules/kernel/filesystem.fc | 2
policy/modules/kernel/filesystem.if | 211 ++++
policy/modules/kernel/filesystem.te | 8
policy/modules/kernel/kernel.if | 39
policy/modules/kernel/kernel.te | 29
policy/modules/kernel/selinux.if | 25
policy/modules/kernel/storage.fc | 1
policy/modules/kernel/storage.if | 2
policy/modules/kernel/terminal.fc | 1
policy/modules/kernel/terminal.if | 40
policy/modules/kernel/terminal.te | 1
policy/modules/roles/guest.te | 8
policy/modules/roles/staff.te | 124 --
policy/modules/roles/sysadm.te | 124 --
policy/modules/roles/unconfineduser.fc | 36
policy/modules/roles/unconfineduser.if | 638 +++++++++++++
policy/modules/roles/unconfineduser.te | 393 ++++++++
policy/modules/roles/unprivuser.te | 131 --
policy/modules/roles/xguest.te | 18
policy/modules/services/abrt.fc | 13
policy/modules/services/abrt.if | 126 ++
policy/modules/services/abrt.te | 120 ++
policy/modules/services/afs.fc | 1
policy/modules/services/afs.te | 1
policy/modules/services/amavis.te | 2
policy/modules/services/apache.fc | 37
policy/modules/services/apache.if | 371 +++++--
policy/modules/services/apache.te | 422 +++++++--
policy/modules/services/apm.te | 2
policy/modules/services/automount.te | 1
policy/modules/services/bind.if | 40
policy/modules/services/bluetooth.te | 8
policy/modules/services/certmaster.te | 2
policy/modules/services/chronyd.fc | 11
policy/modules/services/chronyd.if | 105 ++
policy/modules/services/chronyd.te | 67 +
policy/modules/services/clamav.te | 12
policy/modules/services/consolekit.if | 39
policy/modules/services/consolekit.te | 18
policy/modules/services/corosync.fc | 13
policy/modules/services/corosync.if | 108 ++
policy/modules/services/corosync.te | 109 ++
policy/modules/services/courier.if | 18
policy/modules/services/courier.te | 1
policy/modules/services/cron.fc | 13
policy/modules/services/cron.if | 202 +++-
policy/modules/services/cron.te | 150 ++-
policy/modules/services/cups.fc | 13
policy/modules/services/cups.te | 28
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.fc | 5
policy/modules/services/dbus.if | 49 -
policy/modules/services/dbus.te | 25
policy/modules/services/dcc.te | 8
policy/modules/services/ddclient.if | 25
policy/modules/services/devicekit.fc | 2
policy/modules/services/devicekit.if | 22
policy/modules/services/devicekit.te | 50 -
policy/modules/services/dnsmasq.te | 8
policy/modules/services/dovecot.te | 7
policy/modules/services/exim.te | 5
policy/modules/services/fetchmail.te | 2
policy/modules/services/fprintd.te | 4
policy/modules/services/ftp.te | 58 +
policy/modules/services/gnomeclock.fc | 3
policy/modules/services/gnomeclock.if | 69 +
policy/modules/services/gnomeclock.te | 50 +
policy/modules/services/gpm.te | 3
policy/modules/services/gpsd.fc | 5
policy/modules/services/gpsd.if | 27
policy/modules/services/gpsd.te | 14
policy/modules/services/hal.fc | 1
policy/modules/services/hal.if | 18
policy/modules/services/hal.te | 47 -
policy/modules/services/hddtemp.fc | 4
policy/modules/services/hddtemp.if | 38
policy/modules/services/hddtemp.te | 40
policy/modules/services/inetd.te | 2
policy/modules/services/kerberos.te | 13
policy/modules/services/kerneloops.te | 2
policy/modules/services/ktalk.te | 1
policy/modules/services/lircd.te | 11
policy/modules/services/mailman.te | 4
policy/modules/services/memcached.te | 2
policy/modules/services/modemmanager.fc | 2
policy/modules/services/modemmanager.if | 43
policy/modules/services/modemmanager.te | 46
policy/modules/services/mta.fc | 2
policy/modules/services/mta.if | 5
policy/modules/services/mta.te | 52 -
policy/modules/services/munin.fc | 3
policy/modules/services/munin.te | 3
policy/modules/services/mysql.te | 7
policy/modules/services/nagios.fc | 11
policy/modules/services/nagios.if | 70 +
policy/modules/services/nagios.te | 55 -
policy/modules/services/networkmanager.fc | 13
policy/modules/services/networkmanager.if | 45
policy/modules/services/networkmanager.te | 114 ++
policy/modules/services/nis.fc | 5
policy/modules/services/nis.if | 87 +
policy/modules/services/nis.te | 13
policy/modules/services/nscd.if | 18
policy/modules/services/nscd.te | 11
policy/modules/services/nslcd.fc | 4
policy/modules/services/nslcd.if | 142 +++
policy/modules/services/nslcd.te | 48 +
policy/modules/services/ntp.if | 46
policy/modules/services/ntp.te | 7
policy/modules/services/nx.fc | 1
policy/modules/services/nx.if | 18
policy/modules/services/nx.te | 6
policy/modules/services/oddjob.if | 1
policy/modules/services/openvpn.te | 13
policy/modules/services/pcscd.te | 3
policy/modules/services/pegasus.te | 28
policy/modules/services/policykit.fc | 10
policy/modules/services/policykit.if | 49 +
policy/modules/services/policykit.te | 61 +
policy/modules/services/postfix.fc | 2
policy/modules/services/postfix.if | 150 ++-
policy/modules/services/postfix.te | 136 ++
policy/modules/services/postgresql.fc | 1
policy/modules/services/postgresql.if | 43
policy/modules/services/postgresql.te | 9
policy/modules/services/ppp.if | 6
policy/modules/services/ppp.te | 14
policy/modules/services/privoxy.te | 3
policy/modules/services/procmail.te | 12
policy/modules/services/pyzor.fc | 4
policy/modules/services/pyzor.if | 47 +
policy/modules/services/pyzor.te | 37
policy/modules/services/razor.fc | 1
policy/modules/services/razor.if | 42
policy/modules/services/razor.te | 32
policy/modules/services/rgmanager.fc | 6
policy/modules/services/rgmanager.if | 40
policy/modules/services/rgmanager.te | 54 +
policy/modules/services/rhcs.fc | 22
policy/modules/services/rhcs.if | 214 ++++
policy/modules/services/rhcs.te | 336 +++++++
policy/modules/services/ricci.te | 5
policy/modules/services/rpc.if | 6
policy/modules/services/rpc.te | 14
policy/modules/services/rpcbind.if | 20
policy/modules/services/rsync.te | 23
policy/modules/services/rtkit_daemon.fc | 2
policy/modules/services/rtkit_daemon.if | 63 +
policy/modules/services/rtkit_daemon.te | 38
policy/modules/services/samba.fc | 4
policy/modules/services/samba.if | 104 ++
policy/modules/services/samba.te | 87 +
policy/modules/services/sasl.te | 15
policy/modules/services/sendmail.if | 137 ++
policy/modules/services/sendmail.te | 87 +
policy/modules/services/setroubleshoot.fc | 2
policy/modules/services/setroubleshoot.if | 84 +
policy/modules/services/setroubleshoot.te | 79 +
policy/modules/services/shorewall.fc | 12
policy/modules/services/shorewall.if | 166 +++
policy/modules/services/shorewall.te | 95 ++
policy/modules/services/smartmon.te | 15
policy/modules/services/spamassassin.fc | 14
policy/modules/services/spamassassin.if | 88 +
policy/modules/services/spamassassin.te | 129 ++
policy/modules/services/squid.te | 9
policy/modules/services/ssh.fc | 2
policy/modules/services/ssh.if | 183 +++
policy/modules/services/ssh.te | 70 -
policy/modules/services/sssd.fc | 2
policy/modules/services/sssd.if | 43
policy/modules/services/sysstat.te | 2
policy/modules/services/uucp.te | 7
policy/modules/services/virt.fc | 12
policy/modules/services/virt.if | 127 ++
policy/modules/services/virt.te | 274 +++++
policy/modules/services/w3c.te | 7
policy/modules/services/xserver.fc | 30
policy/modules/services/xserver.if | 671 +++++++++++---
policy/modules/services/xserver.te | 310 +++++-
policy/modules/system/application.if | 20
policy/modules/system/application.te | 11
policy/modules/system/authlogin.fc | 9
policy/modules/system/authlogin.if | 204 +++-
policy/modules/system/authlogin.te | 39
policy/modules/system/clock.te | 8
policy/modules/system/fstools.fc | 2
policy/modules/system/fstools.te | 67 -
policy/modules/system/getty.te | 16
policy/modules/system/hostname.te | 22
policy/modules/system/init.fc | 6
policy/modules/system/init.if | 156 +++
policy/modules/system/init.te | 276 ++++-
policy/modules/system/ipsec.fc | 2
policy/modules/system/ipsec.if | 25
policy/modules/system/ipsec.te | 97 +-
policy/modules/system/iptables.fc | 11
policy/modules/system/iptables.te | 5
policy/modules/system/iscsi.if | 40
policy/modules/system/iscsi.te | 6
policy/modules/system/kdump.fc | 8
policy/modules/system/kdump.if | 111 ++
policy/modules/system/kdump.te | 38
policy/modules/system/libraries.fc | 158 ++-
policy/modules/system/libraries.if | 4
policy/modules/system/libraries.te | 16
policy/modules/system/locallogin.te | 74 -
policy/modules/system/logging.fc | 11
policy/modules/system/logging.if | 4
policy/modules/system/logging.te | 34
policy/modules/system/lvm.te | 53 -
policy/modules/system/miscfiles.if | 19
policy/modules/system/modutils.te | 168 ++-
policy/modules/system/mount.fc | 7
policy/modules/system/mount.if | 2
policy/modules/system/mount.te | 75 +
policy/modules/system/raid.te | 2
policy/modules/system/selinuxutil.fc | 17
policy/modules/system/selinuxutil.if | 288 ++++++
policy/modules/system/selinuxutil.te | 228 +---
policy/modules/system/setrans.if | 20
policy/modules/system/sysnetwork.fc | 9
policy/modules/system/sysnetwork.if | 117 ++
policy/modules/system/sysnetwork.te | 107 +-
policy/modules/system/udev.fc | 3
policy/modules/system/udev.if | 21
policy/modules/system/udev.te | 38
policy/modules/system/unconfined.fc | 15
policy/modules/system/unconfined.if | 446 ---------
policy/modules/system/unconfined.te | 224 ----
policy/modules/system/userdomain.fc | 6
policy/modules/system/userdomain.if | 1397 ++++++++++++++++++++++--------
policy/modules/system/userdomain.te | 50 -
policy/modules/system/xen.fc | 6
policy/modules/system/xen.if | 28
policy/modules/system/xen.te | 137 ++
policy/support/obj_perm_sets.spt | 14
policy/users | 13
328 files changed, 15806 insertions(+), 2939 deletions(-)
Index: policy-F12.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/policy-F12.patch,v
retrieving revision 1.74
retrieving revision 1.75
diff -u -p -r1.74 -r1.75
--- policy-F12.patch 8 Sep 2009 14:30:35 -0000 1.74
+++ policy-F12.patch 8 Sep 2009 23:55:30 -0000 1.75
@@ -846,8 +846,8 @@ diff -b -B --ignore-all-space --exclude-
+## <summary>The Fedora hardware profiler client</summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.te serefpolicy-3.6.30/policy/modules/admin/smoltclient.te
--- nsaserefpolicy/policy/modules/admin/smoltclient.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.30/policy/modules/admin/smoltclient.te 2009-08-31 13:40:47.000000000 -0400
-@@ -0,0 +1,66 @@
++++ serefpolicy-3.6.30/policy/modules/admin/smoltclient.te 2009-09-08 18:22:33.000000000 -0400
+@@ -0,0 +1,67 @@
+policy_module(smoltclient,1.0.0)
+
+########################################
@@ -883,6 +883,7 @@ diff -b -B --ignore-all-space --exclude-
+kernel_read_network_state(smoltclient_t)
+kernel_read_kernel_sysctls(smoltclient_t)
+
++corecmd_exec_bin(smoltclient_t)
+corecmd_exec_shell(smoltclient_t)
+
+corenet_tcp_connect_http_port(smoltclient_t)
@@ -1096,8 +1097,8 @@ diff -b -B --ignore-all-space --exclude-
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.6.30/policy/modules/admin/vbetool.te
--- nsaserefpolicy/policy/modules/admin/vbetool.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/admin/vbetool.te 2009-08-31 13:40:47.000000000 -0400
-@@ -15,15 +15,20 @@
++++ serefpolicy-3.6.30/policy/modules/admin/vbetool.te 2009-09-08 18:00:40.000000000 -0400
+@@ -15,15 +15,22 @@
# Local policy
#
@@ -1116,11 +1117,13 @@ diff -b -B --ignore-all-space --exclude-
+domain_mmap_low_type(vbetool_t)
+tunable_policy(`mmap_low_allowed',`
domain_mmap_low(vbetool_t)
++', `
++dontaudit vbetool_t self:memprotect mmap_zero;
+')
term_use_unallocated_ttys(vbetool_t)
-@@ -34,3 +39,8 @@
+@@ -34,3 +41,8 @@
hal_write_log(vbetool_t)
hal_dontaudit_append_lib_files(vbetool_t)
')
@@ -2427,7 +2430,7 @@ diff -b -B --ignore-all-space --exclude-
+/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.30/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.30/policy/modules/apps/nsplugin.if 2009-08-31 13:40:47.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/apps/nsplugin.if 2009-09-08 18:09:33.000000000 -0400
@@ -0,0 +1,313 @@
+
+## <summary>policy for nsplugin</summary>
@@ -4546,7 +4549,7 @@ diff -b -B --ignore-all-space --exclude-
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.30/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/kernel/corenetwork.te.in 2009-08-31 13:40:47.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/kernel/corenetwork.te.in 2009-09-08 18:22:33.000000000 -0400
@@ -65,6 +65,7 @@
type server_packet_t, packet_type, server_packet_type;
@@ -4555,7 +4558,7 @@ diff -b -B --ignore-all-space --exclude-
network_port(afs_fs, tcp,2040,s0, udp,7000,s0, udp,7005,s0)
network_port(afs_ka, udp,7004,s0)
network_port(afs_pt, udp,7002,s0)
-@@ -87,25 +88,31 @@
+@@ -87,25 +88,32 @@
network_port(comsat, udp,512,s0)
network_port(cvs, tcp,2401,s0, udp,2401,s0)
network_port(cyphesis, tcp,6767,s0, tcp,6769,s0, udp,32771,s0)
@@ -4585,10 +4588,11 @@ diff -b -B --ignore-all-space --exclude-
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
network_port(http_cache, tcp,3128,s0, udp,3130,s0, tcp,8080,s0, tcp,8118,s0) # 8118 is for privoxy
+portcon tcp 10001-10010 gen_context(system_u:object_r:http_cache_port_t, s0)
++network_port(chronyd, udp,323,s0)
network_port(i18n_input, tcp,9010,s0)
network_port(imaze, tcp,5323,s0, udp,5323,s0)
network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
-@@ -128,7 +135,7 @@
+@@ -128,7 +136,7 @@
network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
network_port(lmtp, tcp,24,s0, udp,24,s0)
type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
@@ -4597,7 +4601,7 @@ diff -b -B --ignore-all-space --exclude-
network_port(memcache, tcp,11211,s0, udp,11211,s0)
network_port(mmcc, tcp,5050,s0, udp,5050,s0)
network_port(monopd, tcp,1234,s0)
-@@ -146,6 +153,12 @@
+@@ -146,6 +154,12 @@
network_port(pegasus_https, tcp,5989,s0)
network_port(pgpkeyserver, udp, 11371,s0, tcp,11371,s0)
network_port(pingd, tcp,9125,s0)
@@ -4610,7 +4614,7 @@ diff -b -B --ignore-all-space --exclude-
network_port(pop, tcp,106,s0, tcp,109,s0, tcp,110,s0, tcp,143,s0, tcp,220,s0, tcp,993,s0, tcp,995,s0, tcp,1109,s0)
network_port(portmap, udp,111,s0, tcp,111,s0)
network_port(postfix_policyd, tcp,10031,s0)
-@@ -172,27 +185,31 @@
+@@ -172,27 +186,31 @@
network_port(sap, tcp,9875,s0, udp,9875,s0)
network_port(smbd, tcp,137-139,s0, tcp,445,s0)
network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
@@ -4645,7 +4649,7 @@ diff -b -B --ignore-all-space --exclude-
network_port(xdmcp, udp,177,s0, tcp,177,s0)
network_port(xen, tcp,8002,s0)
network_port(xfs, tcp,7100,s0)
-@@ -221,6 +238,8 @@
+@@ -221,6 +239,8 @@
type node_t, node_type;
sid node gen_context(system_u:object_r:node_t,s0 - mls_systemhigh)
@@ -5705,8 +5709,53 @@ diff -b -B --ignore-all-space --exclude-
+/dev/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.6.30/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/kernel/filesystem.if 2009-09-08 07:44:43.000000000 -0400
-@@ -1537,6 +1537,24 @@
++++ serefpolicy-3.6.30/policy/modules/kernel/filesystem.if 2009-09-08 19:26:15.000000000 -0400
+@@ -1149,6 +1149,44 @@
+ domain_auto_transition_pattern($1, cifs_t, $2)
+ ')
+
++#######################################
++## <summary>
++## Create, read, write, and delete dirs
++## on a configfs filesystem.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`fs_manage_configfs_dirs',`
++ gen_require(`
++ type configfs_t;
++ ')
++
++ manage_dirs_pattern($1,configfs_t,configfs_t)
++')
++
++#######################################
++## <summary>
++## Create, read, write, and delete files
++## on a configfs filesystem.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`fs_manage_configfs_files',`
++ gen_require(`
++ type configfs_t;
++ ')
++
++ manage_files_pattern($1,configfs_t,configfs_t)
++')
++
+ ########################################
+ ## <summary>
+ ## Mount a DOS filesystem, such as
+@@ -1537,6 +1575,24 @@
########################################
## <summary>
@@ -5731,7 +5780,7 @@ diff -b -B --ignore-all-space --exclude-
## Search inotifyfs filesystem.
## </summary>
## <param name="domain">
-@@ -2542,6 +2560,42 @@
+@@ -2542,6 +2598,42 @@
########################################
## <summary>
@@ -5774,7 +5823,7 @@ diff -b -B --ignore-all-space --exclude-
## Read and write NFS server files.
## </summary>
## <param name="domain">
-@@ -3971,3 +4025,122 @@
+@@ -3971,3 +4063,122 @@
relabelfrom_blk_files_pattern($1, noxattrfs, noxattrfs)
relabelfrom_chr_files_pattern($1, noxattrfs, noxattrfs)
')
@@ -9920,6 +9969,201 @@ diff -b -B --ignore-all-space --exclude-
allow certmaster_t self:tcp_socket create_stream_socket_perms;
# config files
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.fc serefpolicy-3.6.30/policy/modules/services/chronyd.fc
+--- nsaserefpolicy/policy/modules/services/chronyd.fc 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.30/policy/modules/services/chronyd.fc 2009-09-08 18:22:33.000000000 -0400
+@@ -0,0 +1,11 @@
++
++/etc/rc\.d/init\.d/chronyd -- gen_context(system_u:object_r:chronyd_initrc_exec_t,s0)
++
++/usr/sbin/chronyd -- gen_context(system_u:object_r:chronyd_exec_t,s0)
++
++/var/lib/chrony(/.*)? gen_context(system_u:object_r:chronyd_var_lib_t,s0)
++
++/var/log/chrony(/.*)? gen_context(system_u:object_r:chronyd_var_log_t,s0)
++
++/var/run/chronyd\.pid -- gen_context(system_u:object_r:chronyd_var_run_t,s0)
++
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.if serefpolicy-3.6.30/policy/modules/services/chronyd.if
+--- nsaserefpolicy/policy/modules/services/chronyd.if 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.30/policy/modules/services/chronyd.if 2009-09-08 18:22:33.000000000 -0400
+@@ -0,0 +1,105 @@
++## <summary>chrony background daemon</summary>
++
++#####################################
++## <summary>
++## Execute chronyd in the chronyd domain.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`chronyd_domtrans',`
++ gen_require(`
++ type chronyd_t, chronyd_exec_t;
++ ')
++
++ corecmd_search_bin($1)
++ domtrans_pattern($1, chronyd_exec_t, chronyd_t)
++')
++
++####################################
++## <summary>
++## Execute chronyd
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`chronyd_exec',`
++ gen_require(`
++ type chronyd_exec_t;
++ ')
++
++ can_exec($1, chronyd_exec_t)
++')
++
++#####################################
++## <summary>
++## Read chronyd logs.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`chronyd_read_log',`
++ gen_require(`
++ type chronyd_var_log_t;
++ ')
++
++ logging_search_logs($1)
++ read_files_pattern($1, chronyd_var_log_t, chronyd_var_log_t)
++')
++
++####################################
++## <summary>
++## All of the rules required to administrate
++## an chronyd environment
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## The role to be allowed to manage the chronyd domain.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`chronyd_admin',`
++ gen_require(`
++ type chronyd_t, chronyd_var_log_t;
++ type chronyd_var_run_t, chronyd_var_lib_t;
++ type chronyd_initrc_exec_t;
++ ')
++
++ allow $1 chronyd_t:process { ptrace signal_perms };
++ ps_process_pattern($1, chronyd_t)
++
++ init_labeled_script_domtrans($1, chronyd_initrc_exec_t)
++ domain_system_change_exemption($1)
++ role_transition $2 chronyd_initrc_exec_t system_r;
++ allow $2 system_r;
++
++ logging_search_logs($1)
++ admin_pattern($1, chronyd_var_log_t)
++
++ files_search_var_lib($1)
++ admin_pattern($1, chronyd_var_lib_t)
++
++ files_search_pids($1)
++ admin_pattern($1, chronyd_var_run_t)
++
++ files_search_tmp($1)
++ admin_pattern($1, chronyd_tmp_t)
++
++')
++
++
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.te serefpolicy-3.6.30/policy/modules/services/chronyd.te
+--- nsaserefpolicy/policy/modules/services/chronyd.te 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.30/policy/modules/services/chronyd.te 2009-09-08 18:22:33.000000000 -0400
+@@ -0,0 +1,67 @@
++policy_module(chronyd,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type chronyd_t;
++type chronyd_exec_t;
++init_daemon_domain(chronyd_t, chronyd_exec_t)
++
++type chronyd_initrc_exec_t;
++init_script_file(chronyd_initrc_exec_t)
++
++# var/lib files
++type chronyd_var_lib_t;
++files_type(chronyd_var_lib_t)
++
++# log files
++type chronyd_var_log_t;
++logging_log_file(chronyd_var_log_t)
++
++# pid files
++type chronyd_var_run_t;
++files_pid_file(chronyd_var_run_t)
++
++
++########################################
++#
++# chronyd local policy
++#
++
++allow chronyd_t self:capability { setuid setgid sys_time };
++allow chronyd_t self:process { getcap setcap };
++
++allow chronyd_t self:udp_socket create_socket_perms;
++allow chronyd_t self:unix_dgram_socket create_socket_perms;
++
++# chronyd var/lib files
++manage_files_pattern(chronyd_t, chronyd_var_lib_t, chronyd_var_lib_t)
++manage_dirs_pattern(chronyd_t, chronyd_var_lib_t, chronyd_var_lib_t)
++files_var_lib_filetrans(chronyd_t,chronyd_var_lib_t, { file dir })
++
++# chronyd log files
++manage_files_pattern(chronyd_t, chronyd_var_log_t, chronyd_var_log_t)
++manage_dirs_pattern(chronyd_t, chronyd_var_log_t, chronyd_var_log_t)
++logging_log_filetrans(chronyd_t, chronyd_var_log_t,{ file dir })
++
++# chronyd pid files
++manage_files_pattern(chronyd_t, chronyd_var_run_t, chronyd_var_run_t)
++manage_dirs_pattern(chronyd_t, chronyd_var_run_t, chronyd_var_run_t)
++files_pid_filetrans(chronyd_t,chronyd_var_run_t, { file })
++
++corenet_udp_bind_ntp_port(chronyd_t)
++# bind to udp/323
++corenet_udp_bind_chronyd_port(chronyd_t)
++
++# real time clock option
++dev_rw_realtime_clock(chronyd_t)
++
++auth_use_nsswitch(chronyd_t)
++
++logging_send_syslog_msg(chronyd_t)
++
++miscfiles_read_localization(chronyd_t)
++
++permissive chronyd_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.6.30/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2009-08-14 16:14:31.000000000 -0400
+++ serefpolicy-3.6.30/policy/modules/services/clamav.te 2009-08-31 13:40:47.000000000 -0400
@@ -10064,84 +10308,326 @@ diff -b -B --ignore-all-space --exclude-
unconfined_stream_connect(consolekit_t)
')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.6.30/policy/modules/services/courier.if
---- nsaserefpolicy/policy/modules/services/courier.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/courier.if 2009-08-31 13:40:47.000000000 -0400
-@@ -179,6 +179,24 @@
-
- ########################################
- ## <summary>
-+## Read courier spool files.
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.fc serefpolicy-3.6.30/policy/modules/services/corosync.fc
+--- nsaserefpolicy/policy/modules/services/corosync.fc 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.30/policy/modules/services/corosync.fc 2009-09-08 19:26:20.000000000 -0400
+@@ -0,0 +1,13 @@
++
++/etc/rc\.d/init\.d/corosync -- gen_context(system_u:object_r:corosync_initrc_exec_t,s0)
++
++/usr/sbin/corosync -- gen_context(system_u:object_r:corosync_exec_t,s0)
++
++/usr/sbin/ccs_tool -- gen_context(system_u:object_r:corosync_exec_t,s0)
++
++/var/lib/corosync(/.*)? gen_context(system_u:object_r:corosync_var_lib_t,s0)
++
++/var/log/cluster/corosync\.log -- gen_context(system_u:object_r:corosync_var_log_t,s0)
++
++/var/run/corosync\.pid -- gen_context(system_u:object_r:corosync_var_run_t,s0)
++
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.if serefpolicy-3.6.30/policy/modules/services/corosync.if
+--- nsaserefpolicy/policy/modules/services/corosync.if 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.30/policy/modules/services/corosync.if 2009-09-08 19:26:20.000000000 -0400
+@@ -0,0 +1,108 @@
++## <summary>SELinux policy for Corosync Cluster Engine</summary>
++
++########################################
++## <summary>
++## Execute a domain transition to run corosync.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
+## </summary>
-+## <param name="prefix">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
+## </param>
+#
-+interface(`courier_read_spool',`
-+ gen_require(`
-+ type courier_spool_t;
-+ ')
++interface(`corosync_domtrans',`
++ gen_require(`
++ type corosync_t, corosync_exec_t;
++ ')
+
-+ read_files_pattern($1, courier_spool_t, courier_spool_t)
++ domtrans_pattern($1, corosync_exec_t, corosync_t)
+')
+
-+########################################
++#####################################
+## <summary>
- ## Read and write to courier spool pipes.
- ## </summary>
- ## <param name="domain">
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.6.30/policy/modules/services/courier.te
---- nsaserefpolicy/policy/modules/services/courier.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/courier.te 2009-08-31 13:40:47.000000000 -0400
-@@ -10,6 +10,7 @@
-
- type courier_etc_t;
- files_config_file(courier_etc_t)
-+mta_system_content(courier_etc_t)
-
- courier_domain_template(pcp)
-
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.6.30/policy/modules/services/cron.fc
---- nsaserefpolicy/policy/modules/services/cron.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/cron.fc 2009-08-31 13:40:47.000000000 -0400
-@@ -1,3 +1,4 @@
-+/etc/rc\.d/init\.d/atd -- gen_context(system_u:object_r:crond_initrc_exec_t,s0)
-
- /etc/cron\.d(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0)
- /etc/crontab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
-@@ -17,9 +18,9 @@
- /var/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0)
- /var/run/fcron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
-
--/var/spool/at -d gen_context(system_u:object_r:cron_spool_t,s0)
--/var/spool/at/spool -d gen_context(system_u:object_r:cron_spool_t,s0)
--/var/spool/at/[^/]* -- <<none>>
-+/var/spool/anacron(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0)
++## Connect to corosync over a unix domain
++## stream socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`corosync_stream_connect',`
++ gen_require(`
++ type corosync_t, corosync_var_run_t;
++ ')
+
-+/var/spool/at(/.*)? gen_context(system_u:object_r:user_cron_spool_t,s0)
-
- /var/spool/cron -d gen_context(system_u:object_r:cron_spool_t,s0)
- #/var/spool/cron/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0)
-@@ -41,7 +42,11 @@
- #/var/spool/cron/crontabs/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0)
-
- /var/spool/fcron -d gen_context(system_u:object_r:cron_spool_t,s0)
--/var/spool/fcron/[^/]* <<none>>
-+/var/spool/fcron/.* <<none>>
- /var/spool/fcron/systab\.orig -- gen_context(system_u:object_r:system_cron_spool_t,s0)
- /var/spool/fcron/systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
- /var/spool/fcron/new\.systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
++ files_search_pids($1)
++ stream_connect_pattern($1, corosync_var_run_t, corosync_var_run_t, corosync_t)
++')
+
-+/var/lib/glpi/files(/.*)? gen_context(system_u:object_r:cron_var_lib_t,s0)
++#######################################
++## <summary>
++## Allow the specified domain to read corosync's log files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`corosync_read_log',`
++ gen_require(`
++ type corosync_var_log_t;
++ ')
+
-+/var/log/mcelog.* -- gen_context(system_u:object_r:cron_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.6.30/policy/modules/services/cron.if
---- nsaserefpolicy/policy/modules/services/cron.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/cron.if 2009-08-31 13:40:47.000000000 -0400
-@@ -12,6 +12,10 @@
- ## </param>
++ logging_search_logs($1)
++ list_dirs_pattern($1, corosync_var_log_t, corosync_var_log_t)
++ read_files_pattern($1, corosync_var_log_t, corosync_var_log_t)
++')
++
++######################################
++## <summary>
++## All of the rules required to administrate
++## an corosync environment
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## The role to be allowed to manage the corosyncd domain.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`corosyncd_admin',`
++ gen_require(`
++ type corosync_t, corosync_var_lib_t, corosync_var_log_t;
++ type corosync_var_run_t, corosync_tmp_t, corosync_tmpfs_t;
++ type corosync_initrc_exec_t;
++ ')
++
++ allow $1 corosync_t:process { ptrace signal_perms };
++ ps_process_pattern($1, corosync_t)
++
++ init_labeled_script_domtrans($1, corosync_initrc_exec_t)
++ domain_system_change_exemption($1)
++ role_transition $2 corosync_initrc_exec_t system_r;
++ allow $2 system_r;
++
++ files_search_var_lib($1)
++ admin_pattern($1, corosync_var_lib_t)
++
++ logging_search_logs($1)
++ admin_pattern($1, corosync_var_log_t)
++
++ files_search_pids($1)
++ admin_pattern($1, corosync_var_run_t)
++
++ files_search_tmp($1)
++ admin_pattern($1, corosync_tmp_t)
++
++ admin_pattern($1, corosync_tmpfs_t)
++')
++
++
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.te serefpolicy-3.6.30/policy/modules/services/corosync.te
+--- nsaserefpolicy/policy/modules/services/corosync.te 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.30/policy/modules/services/corosync.te 2009-09-08 19:26:20.000000000 -0400
+@@ -0,0 +1,109 @@
++
++policy_module(corosync,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type corosync_t;
++type corosync_exec_t;
++init_daemon_domain(corosync_t, corosync_exec_t)
++
++type corosync_initrc_exec_t;
++init_script_file(corosync_initrc_exec_t);
++
++# tmp files
++type corosync_tmp_t;
++files_tmp_file(corosync_tmp_t)
++
++type corosync_tmpfs_t;
++files_tmpfs_file(corosync_tmpfs_t)
++
++# log files
++type corosync_var_log_t;
++logging_log_file(corosync_var_log_t)
++
++# var/lib files
++type corosync_var_lib_t;
++files_type(corosync_var_lib_t)
++
++# pid files
++type corosync_var_run_t;
++files_pid_file(corosync_var_run_t)
++
++########################################
++#
++# corosync local policy
++#
++
++allow corosync_t self:capability { sys_nice sys_resource ipc_lock };
++allow corosync_t self:process { setsched signal };
++
++allow corosync_t self:fifo_file rw_fifo_file_perms;
++allow corosync_t self:sem create_sem_perms;
++allow corosync_t self:unix_stream_socket { create_stream_socket_perms connectto };
++allow corosync_t self:unix_dgram_socket create_socket_perms;
++allow corosync_t self:udp_socket create_socket_perms;
++
++# tmp files
++manage_dirs_pattern(corosync_t, corosync_tmp_t, corosync_tmp_t)
++manage_files_pattern(corosync_t, corosync_tmp_t, corosync_tmp_t)
++files_tmp_filetrans(corosync_t, corosync_tmp_t, { file dir })
++
++manage_dirs_pattern(corosync_t, corosync_tmpfs_t, corosync_tmpfs_t)
++manage_files_pattern(corosync_t, corosync_tmpfs_t, corosync_tmpfs_t)
++fs_tmpfs_filetrans(corosync_t, corosync_tmpfs_t,{ dir file })
++
++# var/lib files
++manage_files_pattern(corosync_t, corosync_var_lib_t,corosync_var_lib_t)
++manage_dirs_pattern(corosync_t, corosync_var_lib_t,corosync_var_lib_t)
++manage_sock_files_pattern(corosync_t, corosync_var_lib_t,corosync_var_lib_t)
++files_var_lib_filetrans(corosync_t,corosync_var_lib_t, { file dir sock_file })
++
++# log files
++manage_files_pattern(corosync_t, corosync_var_log_t,corosync_var_log_t)
++manage_sock_files_pattern(corosync_t, corosync_var_log_t,corosync_var_log_t)
++logging_log_filetrans(corosync_t,corosync_var_log_t,{ sock_file file })
++
++# pid file
++manage_files_pattern(corosync_t, corosync_var_run_t,corosync_var_run_t)
++manage_sock_files_pattern(corosync_t, corosync_var_run_t,corosync_var_run_t)
++files_pid_filetrans(corosync_t,corosync_var_run_t, { file sock_file })
++
++corenet_udp_bind_netsupport_port(corosync_t)
++
++corecmd_exec_bin(corosync_t)
++
++kernel_read_system_state(corosync_t)
++
++files_manage_mounttab(corosync_t)
++
++auth_use_nsswitch(corosync_t)
++
++dev_read_urand(corosync_t)
++
++libs_use_ld_so(corosync_t)
++libs_use_shared_libs(corosync_t)
++miscfiles_read_localization(corosync_t)
++
++init_rw_script_tmp_files(corosync_t)
++
++logging_send_syslog_msg(corosync_t)
++
++# to communication with RHCS
++dlm_controld_manage_tmpfs_files(corosync_t)
++dlm_controld_rw_semaphores(corosync_t)
++
++fenced_manage_tmpfs_files(corosync_t)
++fenced_rw_semaphores(corosync_t)
++
++gfs_controld_manage_tmpfs_files(corosync_t)
++gfs_controld_rw_semaphores(corosync_t)
++
++optional_policy(`
++ ccs_read_config(corosync_t)
++')
++
++permissive corosync_t;
++
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.6.30/policy/modules/services/courier.if
+--- nsaserefpolicy/policy/modules/services/courier.if 2009-07-14 14:19:57.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/services/courier.if 2009-08-31 13:40:47.000000000 -0400
+@@ -179,6 +179,24 @@
+
+ ########################################
+ ## <summary>
++## Read courier spool files.
++## </summary>
++## <param name="prefix">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`courier_read_spool',`
++ gen_require(`
++ type courier_spool_t;
++ ')
++
++ read_files_pattern($1, courier_spool_t, courier_spool_t)
++')
++
++########################################
++## <summary>
+ ## Read and write to courier spool pipes.
+ ## </summary>
+ ## <param name="domain">
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.6.30/policy/modules/services/courier.te
+--- nsaserefpolicy/policy/modules/services/courier.te 2009-08-14 16:14:31.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/services/courier.te 2009-08-31 13:40:47.000000000 -0400
+@@ -10,6 +10,7 @@
+
+ type courier_etc_t;
+ files_config_file(courier_etc_t)
++mta_system_content(courier_etc_t)
+
+ courier_domain_template(pcp)
+
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.6.30/policy/modules/services/cron.fc
+--- nsaserefpolicy/policy/modules/services/cron.fc 2009-07-14 14:19:57.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/services/cron.fc 2009-08-31 13:40:47.000000000 -0400
+@@ -1,3 +1,4 @@
++/etc/rc\.d/init\.d/atd -- gen_context(system_u:object_r:crond_initrc_exec_t,s0)
+
+ /etc/cron\.d(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0)
+ /etc/crontab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
+@@ -17,9 +18,9 @@
+ /var/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0)
+ /var/run/fcron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
+
+-/var/spool/at -d gen_context(system_u:object_r:cron_spool_t,s0)
+-/var/spool/at/spool -d gen_context(system_u:object_r:cron_spool_t,s0)
+-/var/spool/at/[^/]* -- <<none>>
++/var/spool/anacron(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0)
++
++/var/spool/at(/.*)? gen_context(system_u:object_r:user_cron_spool_t,s0)
+
+ /var/spool/cron -d gen_context(system_u:object_r:cron_spool_t,s0)
+ #/var/spool/cron/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0)
+@@ -41,7 +42,11 @@
+ #/var/spool/cron/crontabs/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0)
+
+ /var/spool/fcron -d gen_context(system_u:object_r:cron_spool_t,s0)
+-/var/spool/fcron/[^/]* <<none>>
++/var/spool/fcron/.* <<none>>
+ /var/spool/fcron/systab\.orig -- gen_context(system_u:object_r:system_cron_spool_t,s0)
+ /var/spool/fcron/systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
+ /var/spool/fcron/new\.systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
++
++/var/lib/glpi/files(/.*)? gen_context(system_u:object_r:cron_var_lib_t,s0)
++
++/var/log/mcelog.* -- gen_context(system_u:object_r:cron_log_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.6.30/policy/modules/services/cron.if
+--- nsaserefpolicy/policy/modules/services/cron.if 2009-07-14 14:19:57.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/services/cron.if 2009-08-31 13:40:47.000000000 -0400
+@@ -12,6 +12,10 @@
+ ## </param>
#
template(`cron_common_crontab_template',`
+ gen_require(`
@@ -10443,7 +10929,7 @@ diff -b -B --ignore-all-space --exclude-
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.6.30/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/cron.te 2009-09-04 10:32:17.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/services/cron.te 2009-09-08 18:12:58.000000000 -0400
@@ -38,6 +38,10 @@
type cron_var_lib_t;
files_type(cron_var_lib_t)
@@ -10768,17 +11254,18 @@ diff -b -B --ignore-all-space --exclude-
')
optional_policy(`
-@@ -461,8 +551,7 @@
+@@ -461,8 +551,8 @@
')
optional_policy(`
- # cjp: why?
- squid_domtrans(system_cronjob_t)
+ spamassassin_manage_lib_files(system_cronjob_t)
++ spamassassin_manage_home_client(system_cronjob_t)
')
optional_policy(`
-@@ -470,24 +559,17 @@
+@@ -470,24 +560,17 @@
')
optional_policy(`
@@ -10806,7 +11293,7 @@ diff -b -B --ignore-all-space --exclude-
allow cronjob_t self:process { signal_perms setsched };
allow cronjob_t self:fifo_file rw_fifo_file_perms;
allow cronjob_t self:unix_stream_socket create_stream_socket_perms;
-@@ -571,6 +653,9 @@
+@@ -571,6 +654,9 @@
userdom_manage_user_home_content_sockets(cronjob_t)
#userdom_user_home_dir_filetrans_user_home_content(cronjob_t, notdevfile_class_set)
@@ -10816,7 +11303,7 @@ diff -b -B --ignore-all-space --exclude-
tunable_policy(`fcron_crond', `
allow crond_t user_cron_spool_t:file manage_file_perms;
')
-@@ -590,13 +675,5 @@
+@@ -590,13 +676,5 @@
#
optional_policy(`
@@ -11824,7 +12311,7 @@ diff -b -B --ignore-all-space --exclude-
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.6.30/policy/modules/services/gpm.te
--- nsaserefpolicy/policy/modules/services/gpm.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/gpm.te 2009-08-31 13:40:47.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/services/gpm.te 2009-09-08 10:45:28.000000000 -0400
@@ -27,7 +27,8 @@
# Local policy
#
@@ -15376,92 +15863,788 @@ diff -b -B --ignore-all-space --exclude-
+')
+
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.6.30/policy/modules/services/ricci.te
---- nsaserefpolicy/policy/modules/services/ricci.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/ricci.te 2009-08-31 13:40:47.000000000 -0400
-@@ -264,6 +264,7 @@
- allow ricci_modclusterd_t self:socket create_socket_perms;
-
- allow ricci_modclusterd_t ricci_modcluster_t:unix_stream_socket connectto;
-+allow ricci_modclusterd_t ricci_modcluster_t:fifo_file rw_file_perms;
-
- # log files
- allow ricci_modclusterd_t ricci_modcluster_var_log_t:dir setattr;
-@@ -440,6 +441,10 @@
- files_read_usr_files(ricci_modstorage_t)
- files_read_kernel_modules(ricci_modstorage_t)
-
-+files_create_default_dir(ricci_modstorage_t)
-+files_mounton_default(ricci_modstorage_t)
-+files_manage_default(ricci_modstorage_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.fc serefpolicy-3.6.30/policy/modules/services/rgmanager.fc
+--- nsaserefpolicy/policy/modules/services/rgmanager.fc 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.30/policy/modules/services/rgmanager.fc 2009-09-08 19:26:25.000000000 -0400
+@@ -0,0 +1,6 @@
++
++/usr/sbin/rgmanager -- gen_context(system_u:object_r:rgmanager_exec_t,s0)
++
++/var/log/cluster/rgmanager\.log -- gen_context(system_u:object_r:rgmanager_var_log_t,s0)
++
++/var/run/rgmanager\.pid -- gen_context(system_u:object_r:rgmanager_var_run_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.if serefpolicy-3.6.30/policy/modules/services/rgmanager.if
+--- nsaserefpolicy/policy/modules/services/rgmanager.if 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.30/policy/modules/services/rgmanager.if 2009-09-08 19:26:25.000000000 -0400
+@@ -0,0 +1,40 @@
++## <summary>SELinux policy for rgmanager</summary>
+
- storage_raw_read_fixed_disk(ricci_modstorage_t)
-
- term_dontaudit_use_console(ricci_modstorage_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.6.30/policy/modules/services/rpcbind.if
---- nsaserefpolicy/policy/modules/services/rpcbind.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/rpcbind.if 2009-08-31 13:40:47.000000000 -0400
-@@ -97,6 +97,26 @@
-
- ########################################
- ## <summary>
-+## Connect to rpcbindd over an unix stream socket.
++#######################################
++## <summary>
++## Execute a domain transition to run rgmanager.
+## </summary>
+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
++## <summary>
++## Domain allowed to transition.
++## </summary>
+## </param>
+#
-+interface(`rpcbind_stream_connect',`
-+ gen_require(`
-+ type rpcbind_t, rpcbind_var_run_t;
-+ ')
++interface(`rgmanager_domtrans',`
++ gen_require(`
++ type rgmanager_t, rgmanager_exec_t;
++ ')
++
++ corecmd_search_bin($1)
++ domrans_pattern($1,rgmanager_exec_t,rgmanager_t)
+
-+ files_search_pids($1)
-+ allow $1 rpcbind_var_run_t:sock_file write;
-+ allow $1 rpcbind_t:unix_stream_socket connectto;
+')
+
-+########################################
++#######################################
+## <summary>
- ## All of the rules required to administrate
- ## an rpcbind environment
- ## </summary>
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.6.30/policy/modules/services/rpc.if
---- nsaserefpolicy/policy/modules/services/rpc.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/rpc.if 2009-08-31 13:40:47.000000000 -0400
-@@ -54,7 +54,7 @@
- allow $1_t self:unix_dgram_socket create_socket_perms;
- allow $1_t self:unix_stream_socket create_stream_socket_perms;
- allow $1_t self:tcp_socket create_stream_socket_perms;
-- allow $1_t self:udp_socket create_socket_perms;
-+ allow $1_t self:udp_socket create_stream_socket_perms;
-
- manage_dirs_pattern($1_t, var_lib_nfs_t, var_lib_nfs_t)
- manage_files_pattern($1_t, var_lib_nfs_t, var_lib_nfs_t)
-@@ -109,6 +109,10 @@
- userdom_dontaudit_use_unpriv_user_fds($1_t)
-
- optional_policy(`
-+ rpcbind_stream_connect($1_t)
-+ ')
++## Allow read and write access to rgmanager semaphores.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`rgmanager_rw_semaphores',`
++ gen_require(`
++ type rgmanager_t;
++ ')
+
-+ optional_policy(`
- seutil_sigchld_newrole($1_t)
- ')
-
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.30/policy/modules/services/rpc.te
---- nsaserefpolicy/policy/modules/services/rpc.te 2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/rpc.te 2009-08-31 13:40:47.000000000 -0400
-@@ -91,6 +91,8 @@
-
- seutil_dontaudit_search_config(rpcd_t)
-
-+userdom_signal_unpriv_users(rpcd_t)
++ allow $1 rgmanager_t:sem { unix_read unix_write associate read write };
++')
+
- optional_policy(`
- automount_signal(rpcd_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.te serefpolicy-3.6.30/policy/modules/services/rgmanager.te
+--- nsaserefpolicy/policy/modules/services/rgmanager.te 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.30/policy/modules/services/rgmanager.te 2009-09-08 19:26:25.000000000 -0400
+@@ -0,0 +1,54 @@
++
++policy_module(rgmanager,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type rgmanager_t;
++type rgmanager_exec_t;
++domain_type(rgmanager_t)
++init_daemon_domain(rgmanager_t, rgmanager_exec_t)
++
++# log files
++type rgmanager_var_log_t;
++logging_log_file(rgmanager_var_log_t)
++
++# pid files
++type rgmanager_var_run_t;
++files_pid_file(rgmanager_var_run_t)
++
++########################################
++#
++# rgmanager local policy
++#
++
++allow rgmanager_t self:capability { sys_nice ipc_lock };
++allow rgmanager_t self:process setsched;
++
++allow rgmanager_t self:fifo_file rw_fifo_file_perms;
++allow rgmanager_t self:unix_stream_socket { create_stream_socket_perms };
++allow rgmanager_t self:unix_dgram_socket create_socket_perms;
++allow rgmanager_t self:tcp_socket create_stream_socket_perms;
++
++# log files
++manage_files_pattern(rgmanager_t, rgmanager_var_log_t,rgmanager_var_log_t)
++logging_log_filetrans(rgmanager_t,rgmanager_var_log_t,{ file })
++
++# pid file
++manage_files_pattern(rgmanager_t, rgmanager_var_run_t,rgmanager_var_run_t)
++manage_sock_files_pattern(rgmanager_t, rgmanager_var_run_t, rgmanager_var_run_t)
++files_pid_filetrans(rgmanager_t,rgmanager_var_run_t, { file })
++
++auth_use_nsswitch(rgmanager_t)
++
++libs_use_ld_so(rgmanager_t)
++libs_use_shared_libs(rgmanager_t)
++
++logging_send_syslog_msg(rgmanager_t)
++
++miscfiles_read_localization(rgmanager_t)
++
++permissive rgmanager_t;
++
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.fc serefpolicy-3.6.30/policy/modules/services/rhcs.fc
+--- nsaserefpolicy/policy/modules/services/rhcs.fc 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.30/policy/modules/services/rhcs.fc 2009-09-08 19:26:15.000000000 -0400
+@@ -0,0 +1,22 @@
++
++/usr/sbin/dlm_controld -- gen_context(system_u:object_r:dlm_controld_exec_t,s0)
++/var/log/cluster/dlm_controld\.log -- gen_context(system_u:object_r:dlm_controld_var_log_t,s0)
++/var/run/dlm_controld\.pid -- gen_context(system_u:object_r:dlm_controld_var_run_t,s0)
++
++/usr/sbin/fenced -- gen_context(system_u:object_r:fenced_exec_t,s0)
++/usr/sbin/fence_node -- gen_context(system_u:object_r:fenced_exec_t,s0)
++/var/log/cluster/fenced\.log -- gen_context(system_u:object_r:fenced_var_log_t,s0)
++/var/run/fenced\.pid -- gen_context(system_u:object_r:fenced_var_run_t,s0)
++
++/usr/sbin/gfs_controld -- gen_context(system_u:object_r:gfs_controld_exec_t,s0)
++/var/log/cluster/gfs_controld\.log -- gen_context(system_u:object_r:gfs_controld_var_log_t,s0)
++/var/run/gfs_controld\.pid -- gen_context(system_u:object_r:gfs_controld_var_run_t,s0)
++
++/usr/sbin/groupd -- gen_context(system_u:object_r:groupd_exec_t,s0)
++/var/run/groupd\.pid -- gen_context(system_u:object_r:groupd_var_run_t,s0)
++
++/usr/sbin/qdiskd -- gen_context(system_u:object_r:qdiskd_exec_t,s0)
++/var/lib/qdiskd(/.*)? gen_context(system_u:object_r:qdiskd_var_lib_t,s0)
++/var/log/cluster/qdiskd\.log -- gen_context(system_u:object_r:qdiskd_var_log_t,s0)
++/var/run/qdiskd\.pid -- gen_context(system_u:object_r:qdiskd_var_run_t,s0)
++
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.if serefpolicy-3.6.30/policy/modules/services/rhcs.if
+--- nsaserefpolicy/policy/modules/services/rhcs.if 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.30/policy/modules/services/rhcs.if 2009-09-08 19:26:15.000000000 -0400
+@@ -0,0 +1,214 @@
++## <summary>SELinux policy for RHCS - Red Hat Cluster Suite </summary>
++
++######################################
++## <summary>
++## Execute a domain transition to run dlm_controld.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`dlm_controld_domtrans',`
++ gen_require(`
++ type dlm_controld_t, dlm_controld_exec_t;
++ ')
++
++ corecmd_search_bin($1)
++ domain_trans_pattern($1,dlm_controld_exec_t,dlm_controld_t)
++
++')
++
++#####################################
++## <summary>
++## Connect to dlm_controld over a unix domain
++## stream socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`dlm_controld_stream_connect',`
++ gen_require(`
++ type dlm_controld_t, dlm_controld_var_run_t;
++ ')
++
++ files_search_pids($1)
++ stream_connect_pattern($1, dlm_controld_var_run_t, dlm_controld_var_run_t, dlm_controld_t)
++')
++
++#####################################
++## <summary>
++## Manage dlm_controld tmpfs files.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`dlm_controld_manage_tmpfs_files',`
++ gen_require(`
++ type dlm_controld_tmpfs_t;
++ ')
++
++ fs_search_tmpfs($1)
++ manage_files_pattern($1, dlm_controld_tmpfs_t, dlm_controld_tmpfs_t)
++ manage_lnk_files_pattern($1, dlm_controld_tmpfs_t, dlm_controld_tmpfs_t)
++')
++
++#####################################
++## <summary>
++## Allow read and write access to dlm_controld semaphores.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`dlm_controld_rw_semaphores',`
++ gen_require(`
++ type dlm_controld_t;
++ ')
++
++ allow $1 dlm_controld_t:sem { rw_sem_perms destroy };
++')
++
++######################################
++## <summary>
++## Execute a domain transition to run fenced.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`fenced_domtrans',`
++ gen_require(`
++ type fenced_t, fenced_exec_t;
++ ')
++
++ corecmd_search_bin($1)
++ domain_trans_pattern($1,fenced_exec_t,fenced_t)
++
++')
++
++######################################
++## <summary>
++## Connect to fenced over an unix domain stream socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`fenced_stream_connect',`
++ gen_require(`
++ type fenced_var_run_t, fenced_t;
++ ')
++
++ allow $1 fenced_t:unix_stream_socket connectto;
++ allow $1 fenced_var_run_t:sock_file { getattr write };
++ files_search_pids($1)
++')
++
++#####################################
++## <summary>
++## Managed fenced tmpfs files.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`fenced_manage_tmpfs_files',`
++ gen_require(`
++ type fenced_tmpfs_t;
++ ')
++
++ fs_search_tmpfs($1)
++ manage_files_pattern($1, fenced_tmpfs_t, fenced_tmpfs_t)
++ manage_lnk_files_pattern($1, fenced_tmpfs_t, fenced_tmpfs_t)
++')
++
++######################################
++## <summary>
++## Allow read and write access to fenced semaphores.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`fenced_rw_semaphores',`
++ gen_require(`
++ type fenced_t;
++ ')
++
++ allow $1 fenced_t:sem { rw_sem_perms destroy };
++')
++
++#####################################
++## <summary>
++## Execute a domain transition to run gfs_controld.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed to transition.
++## </summary>
++## </param>
++#
++interface(`gfs_controld_domtrans',`
++ gen_require(`
++ type gfs_controld_t, gfs_controld_exec_t;
++ ')
++
++ corecmd_search_bin($1)
++ domain_trans_pattern($1,gfs_controld_exec_t,gfs_controld_t)
++')
++
++###################################
++## <summary>
++## Manage gfs_controld tmpfs files.
++## </summary>
++## <param name="domain">
++## <summary>
++## The type of the process performing this action.
++## </summary>
++## </param>
++#
++interface(`gfs_controld_manage_tmpfs_files',`
++ gen_require(`
++ type gfs_controld_tmpfs_t;
++ ')
++
++ fs_search_tmpfs($1)
++ manage_files_pattern($1, gfs_controld_tmpfs_t, gfs_controld_tmpfs_t)
++ manage_lnk_files_pattern($1, gfs_controld_tmpfs_t, gfs_controld_tmpfs_t)
++')
++
++####################################
++## <summary>
++## Allow read and write access to gfs_controld semaphores.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`gfs_controld_rw_semaphores',`
++ gen_require(`
++ type gfs_controld_t;
++ ')
++
++ allow $1 gfs_controld_t:sem { rw_sem_perms destroy };
++')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.te serefpolicy-3.6.30/policy/modules/services/rhcs.te
+--- nsaserefpolicy/policy/modules/services/rhcs.te 1969-12-31 19:00:00.000000000 -0500
++++ serefpolicy-3.6.30/policy/modules/services/rhcs.te 2009-09-08 19:26:15.000000000 -0400
+@@ -0,0 +1,336 @@
++
++policy_module(rhcs,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type dlm_controld_t;
++type dlm_controld_exec_t;
++init_daemon_domain(dlm_controld_t, dlm_controld_exec_t)
++
++# log files
++type dlm_controld_var_log_t;
++logging_log_file(dlm_controld_var_log_t)
++
++# pid files
++type dlm_controld_var_run_t;
++files_pid_file(dlm_controld_var_run_t)
++
++type dlm_controld_tmpfs_t;
++files_tmpfs_file(dlm_controld_tmpfs_t)
++
++
++type fenced_t;
++type fenced_exec_t;
++init_daemon_domain(fenced_t, fenced_exec_t)
++
++# tmp files
++type fenced_tmp_t;
++files_tmp_file(fenced_tmp_t)
++
++type fenced_tmpfs_t;
++files_tmpfs_file(fenced_tmpfs_t)
++
++# log files
++type fenced_var_log_t;
++logging_log_file(fenced_var_log_t)
++
++# pid files
++type fenced_var_run_t;
++files_pid_file(fenced_var_run_t)
++
++
++type gfs_controld_t;
++type gfs_controld_exec_t;
++init_daemon_domain(gfs_controld_t, gfs_controld_exec_t)
++
++# log files
++type gfs_controld_var_log_t;
++logging_log_file(gfs_controld_var_log_t)
++
++# pid files
++type gfs_controld_var_run_t;
++files_pid_file(gfs_controld_var_run_t)
++
++type gfs_controld_tmpfs_t;
++files_tmpfs_file(gfs_controld_tmpfs_t)
++
++
++type groupd_t;
++type groupd_exec_t;
++init_daemon_domain(groupd_t, groupd_exec_t)
++
++# log files
++type groupd_var_log_t;
++logging_log_file(groupd_var_log_t)
++
++# pid files
++type groupd_var_run_t;
++files_pid_file(groupd_var_run_t)
++
++type groupd_tmpfs_t;
++files_tmpfs_file(groupd_tmpfs_t)
++
++
++type qdiskd_t;
++type qdiskd_exec_t;
++init_daemon_domain(qdiskd_t, qdiskd_exec_t)
++
++type qdiskd_tmpfs_t;
++files_tmpfs_file(qdiskd_tmpfs_t)
++
++# var/lib files
++type qdiskd_var_lib_t;
++files_type(qdiskd_var_lib_t)
++
++# log files
++type qdiskd_var_log_t;
++logging_log_file(qdiskd_var_log_t)
++
++# pid files
++type qdiskd_var_run_t;
++files_pid_file(qdiskd_var_run_t)
++
++#####################################
++#
++# dlm_controld local policy
++#
++
++allow dlm_controld_t self:capability { net_admin sys_nice sys_resource };
++allow dlm_controld_t self:process setsched;
++
++allow dlm_controld_t self:sem create_sem_perms;
++allow dlm_controld_t self:fifo_file rw_fifo_file_perms;
++allow dlm_controld_t self:unix_stream_socket { create_stream_socket_perms };
++allow dlm_controld_t self:unix_dgram_socket { create_socket_perms };
++allow dlm_controld_t self:netlink_kobject_uevent_socket create_socket_perms;
++
++manage_dirs_pattern(dlm_controld_t, dlm_controld_tmpfs_t, dlm_controld_tmpfs_t)
++manage_files_pattern(dlm_controld_t, dlm_controld_tmpfs_t, dlm_controld_tmpfs_t)
++fs_tmpfs_filetrans(dlm_controld_t, dlm_controld_tmpfs_t,{ dir file })
++
++# log files
++manage_files_pattern(dlm_controld_t, dlm_controld_var_log_t,dlm_controld_var_log_t)
++logging_log_filetrans(dlm_controld_t,dlm_controld_var_log_t,{ file })
++
++# pid files
++manage_files_pattern(dlm_controld_t, dlm_controld_var_run_t, dlm_controld_var_run_t)
++manage_sock_files_pattern(dlm_controld_t, dlm_controld_var_run_t, dlm_controld_var_run_t)
++files_pid_filetrans(dlm_controld_t,dlm_controld_var_run_t, { file })
++
++stream_connect_pattern(dlm_controld_t, fenced_var_run_t, fenced_var_run_t, fenced_t)
++corosync_stream_connect(dlm_controld_t)
++
++kernel_read_system_state(dlm_controld_t)
++
++dev_rw_sysfs(dlm_controld_t)
++
++fs_manage_configfs_files(dlm_controld_t)
++fs_manage_configfs_dirs(dlm_controld_t)
++
++init_rw_script_tmp_files(dlm_controld_t)
++
++libs_use_ld_so(dlm_controld_t)
++libs_use_shared_libs(dlm_controld_t)
++
++logging_send_syslog_msg(dlm_controld_t)
++
++miscfiles_read_localization(dlm_controld_t)
++
++permissive dlm_controld_t;
++
++#######################################
++#
++# fenced local policy
++#
++
++allow fenced_t self:capability { sys_nice sys_resource };
++allow fenced_t self:process { setsched getsched };
++
++allow fenced_t self:fifo_file rw_fifo_file_perms;
++allow fenced_t self:sem create_sem_perms;
++allow fenced_t self:unix_stream_socket { create_stream_socket_perms connectto };
++allow fenced_t self:unix_dgram_socket create_socket_perms;
++allow fenced_t self:tcp_socket create_stream_socket_perms;
++allow fenced_t self:udp_socket create_socket_perms;
++
++can_exec(fenced_t,fenced_exec_t)
++
++# tmp files
++manage_dirs_pattern(fenced_t, fenced_tmp_t, fenced_tmp_t)
++manage_files_pattern(fenced_t, fenced_tmp_t, fenced_tmp_t)
++files_tmp_filetrans(fenced_t, fenced_tmp_t, { file dir })
++
++manage_dirs_pattern(fenced_t, fenced_tmpfs_t, fenced_tmpfs_t)
++manage_files_pattern(fenced_t, fenced_tmpfs_t, fenced_tmpfs_t)
++fs_tmpfs_filetrans(fenced_t, fenced_tmpfs_t,{ dir file })
++
++# log files
++manage_files_pattern(fenced_t, fenced_var_log_t,fenced_var_log_t)
++logging_log_filetrans(fenced_t,fenced_var_log_t,{ file })
++
++# pid file
++manage_files_pattern(fenced_t, fenced_var_run_t,fenced_var_run_t)
++manage_sock_files_pattern(fenced_t, fenced_var_run_t, fenced_var_run_t)
++manage_fifo_files_pattern(fenced_t, fenced_var_run_t, fenced_var_run_t)
++files_pid_filetrans(fenced_t,fenced_var_run_t, { file })
++
++corosync_stream_connect(fenced_t)
++
++corecmd_exec_bin(fenced_t)
++
++dev_list_sysfs(fenced_t)
++dev_read_urand(fenced_t)
++
++auth_use_nsswitch(fenced_t)
++
++files_read_usr_symlinks(fenced_t)
++
++libs_use_ld_so(fenced_t)
++libs_use_shared_libs(fenced_t)
++
++logging_send_syslog_msg(fenced_t)
++
++miscfiles_read_localization(fenced_t)
++
++permissive fenced_t;
++
++######################################
++#
++# gfs_controld local policy
++#
++allow gfs_controld_t self:capability { sys_nice sys_resource };
++allow gfs_controld_t self:process setsched;
++
++allow gfs_controld_t self:sem create_sem_perms;
++allow gfs_controld_t self:fifo_file rw_fifo_file_perms;
++allow gfs_controld_t self:unix_stream_socket { create_stream_socket_perms };
++allow gfs_controld_t self:unix_dgram_socket { create_socket_perms };
++allow gfs_controld_t self:netlink_kobject_uevent_socket create_socket_perms;
++
++manage_dirs_pattern(gfs_controld_t, gfs_controld_tmpfs_t, gfs_controld_tmpfs_t)
++manage_files_pattern(gfs_controld_t, gfs_controld_tmpfs_t, gfs_controld_tmpfs_t)
++fs_tmpfs_filetrans(gfs_controld_t, gfs_controld_tmpfs_t,{ dir file })
++
++# log files
++manage_files_pattern(gfs_controld_t, gfs_controld_var_log_t,gfs_controld_var_log_t)
++logging_log_filetrans(gfs_controld_t,gfs_controld_var_log_t,{ file })
++
++# pid files
++manage_files_pattern(gfs_controld_t, gfs_controld_var_run_t, gfs_controld_var_run_t)
++manage_sock_files_pattern(gfs_controld_t, gfs_controld_var_run_t, gfs_controld_var_run_t)
++files_pid_filetrans(gfs_controld_t,gfs_controld_var_run_t, { file })
++
++stream_connect_pattern(dlm_controld_t, fenced_var_run_t, fenced_var_run_t, fenced_t)
++stream_connect_pattern(gfs_controld_t, dlm_controld_var_run_t, dlm_controld_var_run_t, dlm_controld_t)
++corosync_stream_connect(gfs_controld_t)
++
++kernel_read_system_state(gfs_controld_t)
++
++dev_manage_generic_chr_files(gfs_controld_t)
++dev_read_sysfs(gfs_controld_t)
++
++init_rw_script_tmp_files(gfs_controld_t)
++
++libs_use_ld_so(gfs_controld_t)
++libs_use_shared_libs(gfs_controld_t)
++
++logging_send_syslog_msg(gfs_controld_t)
++
++miscfiles_read_localization(gfs_controld_t)
++
++permissive gfs_controld_t;
++
++#######################################
++#
++# groupd local policy
++#
++
++allow groupd_t self:capability { sys_nice sys_resource };
++allow groupd_t self:process setsched;
++
++allow groupd_t self:sem create_sem_perms;
++allow groupd_t self:fifo_file rw_fifo_file_perms;
++allow groupd_t self:unix_stream_socket create_stream_socket_perms;
++allow groupd_t self:unix_dgram_socket create_socket_perms;
++
++manage_dirs_pattern(groupd_t, groupd_tmpfs_t, groupd_tmpfs_t)
++manage_files_pattern(groupd_t, groupd_tmpfs_t, groupd_tmpfs_t)
++fs_tmpfs_filetrans(groupd_t, groupd_tmpfs_t,{ dir file })
++
++# log files
++manage_files_pattern(groupd_t, groupd_var_log_t,groupd_var_log_t)
++logging_log_filetrans(groupd_t,groupd_var_log_t,{ file })
++
++# pid files
++manage_files_pattern(groupd_t, groupd_var_run_t,groupd_var_run_t)
++manage_sock_files_pattern(groupd_t, groupd_var_run_t,groupd_var_run_t)
++files_pid_filetrans(groupd_t, groupd_var_run_t, { file })
++
++corosync_stream_connect(groupd_t)
++
++files_read_etc_files(groupd_t)
++
++libs_use_ld_so(groupd_t)
++libs_use_shared_libs(groupd_t)
++
++logging_send_syslog_msg(groupd_t)
++
++miscfiles_read_localization(groupd_t)
++
++init_rw_script_tmp_files(groupd_t)
++
++logging_send_syslog_msg(groupd_t)
++
++permissive groupd_t;
++
++######################################
++#
++# qdiskd local policy
++#
++
++allow qdiskd_t self:capability { sys_nice ipc_lock };
++allow qdiskd_t self:process setsched;
++
++allow qdiskd_t self:sem create_sem_perms;
++allow qdiskd_t self:unix_dgram_socket create_socket_perms;
++allow qdiskd_t self:fifo_file rw_fifo_file_perms;
++allow qdiskd_t self:unix_stream_socket create_stream_socket_perms;
++
++manage_files_pattern(qdiskd_t, qdiskd_var_lib_t,qdiskd_var_lib_t)
++manage_dirs_pattern(qdiskd_t, qdiskd_var_lib_t,qdiskd_var_lib_t)
++manage_sock_files_pattern(qdiskd_t, qdiskd_var_lib_t,qdiskd_var_lib_t)
++files_var_lib_filetrans(qdiskd_t,qdiskd_var_lib_t, { file dir sock_file })
++
++# log files
++manage_files_pattern(qdiskd_t, qdiskd_var_log_t,qdiskd_var_log_t)
++manage_sock_files_pattern(qdiskd_t, qdiskd_var_log_t,qdiskd_var_log_t)
++logging_log_filetrans(qdiskd_t,qdiskd_var_log_t,{ sock_file file })
++
++manage_dirs_pattern(qdiskd_t, qdiskd_tmpfs_t, qdiskd_tmpfs_t)
++manage_files_pattern(qdiskd_t, qdiskd_tmpfs_t, qdiskd_tmpfs_t)
++fs_tmpfs_filetrans(qdiskd_t, qdiskd_tmpfs_t,{ dir file })
++
++# pid files
++manage_files_pattern(qdiskd_t, qdiskd_var_run_t,qdiskd_var_run_t)
++manage_sock_files_pattern(qdiskd_t, qdiskd_var_run_t,qdiskd_var_run_t)
++files_pid_filetrans(qdiskd_t,qdiskd_var_run_t, { file })
++
++corosync_stream_connect(qdiskd_t)
++
++kernel_read_system_state(qdiskd_t)
++
++storage_raw_rw_fixed_disk(qdiskd_t)
++
++files_read_etc_files(qdiskd_t)
++
++libs_use_ld_so(qdiskd_t)
++libs_use_shared_libs(qdiskd_t)
++
++logging_send_syslog_msg(qdiskd_t)
++
++miscfiles_read_localization(qdiskd_t)
++
++permissive qdiskd_t;
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.6.30/policy/modules/services/ricci.te
+--- nsaserefpolicy/policy/modules/services/ricci.te 2009-08-14 16:14:31.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/services/ricci.te 2009-08-31 13:40:47.000000000 -0400
+@@ -264,6 +264,7 @@
+ allow ricci_modclusterd_t self:socket create_socket_perms;
+
+ allow ricci_modclusterd_t ricci_modcluster_t:unix_stream_socket connectto;
++allow ricci_modclusterd_t ricci_modcluster_t:fifo_file rw_file_perms;
+
+ # log files
+ allow ricci_modclusterd_t ricci_modcluster_var_log_t:dir setattr;
+@@ -440,6 +441,10 @@
+ files_read_usr_files(ricci_modstorage_t)
+ files_read_kernel_modules(ricci_modstorage_t)
+
++files_create_default_dir(ricci_modstorage_t)
++files_mounton_default(ricci_modstorage_t)
++files_manage_default(ricci_modstorage_t)
++
+ storage_raw_read_fixed_disk(ricci_modstorage_t)
+
+ term_dontaudit_use_console(ricci_modstorage_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.6.30/policy/modules/services/rpcbind.if
+--- nsaserefpolicy/policy/modules/services/rpcbind.if 2009-07-14 14:19:57.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/services/rpcbind.if 2009-08-31 13:40:47.000000000 -0400
+@@ -97,6 +97,26 @@
+
+ ########################################
+ ## <summary>
++## Connect to rpcbindd over an unix stream socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`rpcbind_stream_connect',`
++ gen_require(`
++ type rpcbind_t, rpcbind_var_run_t;
++ ')
++
++ files_search_pids($1)
++ allow $1 rpcbind_var_run_t:sock_file write;
++ allow $1 rpcbind_t:unix_stream_socket connectto;
++')
++
++########################################
++## <summary>
+ ## All of the rules required to administrate
+ ## an rpcbind environment
+ ## </summary>
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.6.30/policy/modules/services/rpc.if
+--- nsaserefpolicy/policy/modules/services/rpc.if 2009-07-14 14:19:57.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/services/rpc.if 2009-08-31 13:40:47.000000000 -0400
+@@ -54,7 +54,7 @@
+ allow $1_t self:unix_dgram_socket create_socket_perms;
+ allow $1_t self:unix_stream_socket create_stream_socket_perms;
+ allow $1_t self:tcp_socket create_stream_socket_perms;
+- allow $1_t self:udp_socket create_socket_perms;
++ allow $1_t self:udp_socket create_stream_socket_perms;
+
+ manage_dirs_pattern($1_t, var_lib_nfs_t, var_lib_nfs_t)
+ manage_files_pattern($1_t, var_lib_nfs_t, var_lib_nfs_t)
+@@ -109,6 +109,10 @@
+ userdom_dontaudit_use_unpriv_user_fds($1_t)
+
+ optional_policy(`
++ rpcbind_stream_connect($1_t)
++ ')
++
++ optional_policy(`
+ seutil_sigchld_newrole($1_t)
+ ')
+
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.30/policy/modules/services/rpc.te
+--- nsaserefpolicy/policy/modules/services/rpc.te 2009-08-14 16:14:31.000000000 -0400
++++ serefpolicy-3.6.30/policy/modules/services/rpc.te 2009-09-08 19:48:58.000000000 -0400
+@@ -91,6 +91,8 @@
+
+ seutil_dontaudit_search_config(rpcd_t)
+
++userdom_signal_unpriv_users(rpcd_t)
++
+ optional_policy(`
+ automount_signal(rpcd_t)
')
@@ -99,6 +101,10 @@
nis_read_ypserv_config(rpcd_t)
@@ -15474,7 +16657,15 @@ diff -b -B --ignore-all-space --exclude-
########################################
#
# NFSD local policy
-@@ -135,6 +141,7 @@
+@@ -127,6 +133,7 @@
+ files_getattr_tmp_dirs(nfsd_t)
+ # cjp: this should really have its own type
+ files_manage_mounttab(nfsd_t)
++files_read_etc_runtime_files(nfsd_t)
+
+ fs_mount_nfsd_fs(nfsd_t)
+ fs_search_nfsd_fs(nfsd_t)
+@@ -135,6 +142,7 @@
fs_rw_nfsd_fs(nfsd_t)
storage_dontaudit_read_fixed_disk(nfsd_t)
@@ -15482,7 +16673,7 @@ diff -b -B --ignore-all-space --exclude-
# Read access to public_content_t and public_content_rw_t
miscfiles_read_public_files(nfsd_t)
-@@ -151,6 +158,7 @@
+@@ -151,6 +159,7 @@
fs_read_noxattr_fs_files(nfsd_t)
auth_manage_all_files_except_shadow(nfsd_t)
')
@@ -15490,7 +16681,15 @@ diff -b -B --ignore-all-space --exclude-
tunable_policy(`nfs_export_all_ro',`
dev_getattr_all_blk_files(nfsd_t)
-@@ -189,8 +197,10 @@
+@@ -182,6 +191,7 @@
+ kernel_read_network_state(gssd_t)
+ kernel_read_network_state_symlinks(gssd_t)
+ kernel_search_network_sysctl(gssd_t)
++kernel_signal(gssd_t)
+
+ corecmd_exec_bin(gssd_t)
+
+@@ -189,8 +199,10 @@
fs_rw_rpc_sockets(gssd_t)
fs_read_rpc_files(gssd_t)
@@ -15501,7 +16700,7 @@ diff -b -B --ignore-all-space --exclude-
auth_use_nsswitch(gssd_t)
auth_manage_cache(gssd_t)
-@@ -199,6 +209,8 @@
+@@ -199,6 +211,8 @@
mount_signal(gssd_t)
@@ -17129,16 +18328,36 @@ diff -b -B --ignore-all-space --exclude-
+/var/spool/MIMEDefang(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.6.30/policy/modules/services/spamassassin.if
--- nsaserefpolicy/policy/modules/services/spamassassin.if 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/spamassassin.if 2009-08-31 13:40:47.000000000 -0400
-@@ -111,6 +111,7 @@
++++ serefpolicy-3.6.30/policy/modules/services/spamassassin.if 2009-09-08 18:13:29.000000000 -0400
+@@ -111,6 +111,27 @@
')
domtrans_pattern($1, spamc_exec_t, spamc_t)
+ allow $1 spamc_exec_t:file ioctl;
++')
++
++########################################
++## <summary>
++## Manage spamc home files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`spamassassin_manage_home_client',`
++ gen_require(`
++ type spamc_home_t;
++ ')
++
++ manage_dirs_pattern($1, spamc_home_t, spamc_home_t)
++ manage_files_pattern($1, spamc_home_t, spamc_home_t)
++ manage_lnk_files_pattern($1, spamc_home_t, spamc_home_t)
')
########################################
-@@ -166,6 +167,7 @@
+@@ -166,6 +187,7 @@
')
files_search_var_lib($1)
@@ -17146,7 +18365,7 @@ diff -b -B --ignore-all-space --exclude-
read_files_pattern($1, spamd_var_lib_t, spamd_var_lib_t)
')
-@@ -225,3 +227,69 @@
+@@ -225,3 +247,69 @@
dontaudit $1 spamd_tmp_t:sock_file getattr;
')
@@ -18178,13 +19397,14 @@ diff -b -B --ignore-all-space --exclude-
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.6.30/policy/modules/services/virt.fc
--- nsaserefpolicy/policy/modules/services/virt.fc 2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.30/policy/modules/services/virt.fc 2009-08-31 13:40:47.000000000 -0400
-@@ -8,5 +8,16 @@
++++ serefpolicy-3.6.30/policy/modules/services/virt.fc 2009-09-08 18:45:04.000000000 -0400
+@@ -8,5 +8,17 @@
/var/lib/libvirt(/.*)? gen_context(system_u:object_r:virt_var_lib_t,s0)
/var/lib/libvirt/images(/.*)? gen_context(system_u:object_r:virt_image_t,s0)
+/var/lib/libvirt/isos(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
+/var/lib/libvirt/boot(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
++/var/lib/libvirt/qemu(/.*)? gen_context(system_u:object_r:svirt_var_run_t,s0)
+
/var/log/libvirt(/.*)? gen_context(system_u:object_r:virt_log_t,s0)
/var/run/libvirt(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0)
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.913
retrieving revision 1.914
diff -u -p -r1.913 -r1.914
--- selinux-policy.spec 8 Sep 2009 14:30:36 -0000 1.913
+++ selinux-policy.spec 8 Sep 2009 23:55:31 -0000 1.914
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.30
-Release: 5%{?dist}
+Release: 6%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -443,6 +443,9 @@ exit 0
%endif
%changelog
+* Tue Sep 8 2009 Dan Walsh <dwalsh at redhat.com> 3.6.30-6
+- More fixes
+
* Tue Sep 8 2009 Dan Walsh <dwalsh at redhat.com> 3.6.30-5
- Lots of fixes for initrc and other unconfined domains
More information about the fedora-extras-commits
mailing list