rpms/selinux-policy/devel policy-20060829.patch,1.7,1.8

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Fri Sep 1 20:27:54 UTC 2006


Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv13819

Modified Files:
	policy-20060829.patch 
Log Message:
* Fri Sep 1 2006 Dan Walsh <dwalsh at redhat.com> 2.3.11-1
- Update to upstream


policy-20060829.patch:
 admin/amanda.fc              |   50 -----
 admin/amanda.te              |   12 -
 admin/anaconda.te            |    6 
 admin/bootloader.fc          |    1 
 admin/bootloader.te          |    2 
 admin/consoletype.te         |    7 
 admin/firstboot.te           |   13 -
 admin/rpm.fc                 |    2 
 admin/rpm.if                 |   13 -
 apps/java.fc                 |    2 
 kernel/corecommands.if       |    1 
 kernel/corenetwork.te.in     |    4 
 kernel/files.fc              |    1 
 kernel/terminal.if           |    2 
 services/amavis.te           |    1 
 services/apache.te           |    2 
 services/bluetooth.te        |    4 
 services/ccs.fc              |    8 
 services/ccs.if              |   65 +++++++
 services/ccs.te              |   87 +++++++++
 services/clamav.te           |    1 
 services/cron.if             |    9 +
 services/cron.te             |    4 
 services/cyrus.te            |    1 
 services/dbus.if             |    1 
 services/dbus.te             |    1 
 services/dovecot.te          |    2 
 services/ftp.te              |    1 
 services/hal.te              |    2 
 services/ldap.te             |    2 
 services/networkmanager.te   |    4 
 services/ntp.te              |    1 
 services/oddjob.fc           |    8 
 services/oddjob.if           |   76 ++++++++
 services/oddjob.te           |   73 ++++++++
 services/oddjob_mkhomedir.fc |    6 
 services/oddjob_mkhomedir.if |   24 ++
 services/oddjob_mkhomedir.te |   29 +++
 services/pegasus.if          |   31 +++
 services/pegasus.te          |    5 
 services/postfix.te          |    6 
 services/ricci.fc            |   20 ++
 services/ricci.if            |  184 ++++++++++++++++++++
 services/ricci.te            |  386 +++++++++++++++++++++++++++++++++++++++++++
 services/setroubleshoot.te   |    2 
 services/stunnel.te          |    3 
 services/xserver.if          |   22 ++
 system/hostname.te           |    5 
 system/init.te               |    3 
 system/selinuxutil.fc        |    1 
 system/selinuxutil.te        |    7 
 system/userdomain.if         |  246 ++++++++++++++++++---------
 system/userdomain.te         |   48 ++---
 53 files changed, 1292 insertions(+), 205 deletions(-)

Index: policy-20060829.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060829.patch,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- policy-20060829.patch	1 Sep 2006 19:45:39 -0000	1.7
+++ policy-20060829.patch	1 Sep 2006 20:27:51 -0000	1.8
@@ -1,6 +1,6 @@
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.fc serefpolicy-2.3.11/policy/modules/admin/amanda.fc
 --- nsaserefpolicy/policy/modules/admin/amanda.fc	2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/admin/amanda.fc	2006-09-01 15:33:55.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/admin/amanda.fc	2006-09-01 15:41:44.000000000 -0400
 @@ -11,61 +11,11 @@
  /usr/lib(64)?/amanda		-d	gen_context(system_u:object_r:amanda_usr_lib_t,s0)
  /usr/lib(64)?/amanda/.+		--	gen_context(system_u:object_r:amanda_exec_t,s0)
@@ -65,7 +65,7 @@
  /var/lib/amanda/index			gen_context(system_u:object_r:amanda_data_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.3.11/policy/modules/admin/amanda.te
 --- nsaserefpolicy/policy/modules/admin/amanda.te	2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/admin/amanda.te	2006-09-01 15:33:55.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/admin/amanda.te	2006-09-01 15:41:44.000000000 -0400
 @@ -33,18 +33,6 @@
  type amanda_gnutarlists_t;
  files_type(amanda_gnutarlists_t)
@@ -87,7 +87,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-2.3.11/policy/modules/admin/anaconda.te
 --- nsaserefpolicy/policy/modules/admin/anaconda.te	2006-09-01 14:10:19.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/admin/anaconda.te	2006-09-01 15:33:55.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/admin/anaconda.te	2006-09-01 15:41:44.000000000 -0400
 @@ -64,3 +64,9 @@
  optional_policy(`
  	usermanage_domtrans_admin_passwd(anaconda_t)
@@ -100,7 +100,7 @@
 +domain_dontaudit_use_interactive_fds(anaconda_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.3.11/policy/modules/admin/bootloader.fc
 --- nsaserefpolicy/policy/modules/admin/bootloader.fc	2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/admin/bootloader.fc	2006-09-01 15:33:55.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/admin/bootloader.fc	2006-09-01 15:41:44.000000000 -0400
 @@ -10,3 +10,4 @@
  /sbin/lilo.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
  /sbin/mkinitrd		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
@@ -108,7 +108,7 @@
 +/boot/grub/.*		--	gen_context(system_u:object_r:boot_runtime_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.3.11/policy/modules/admin/bootloader.te
 --- nsaserefpolicy/policy/modules/admin/bootloader.te	2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/admin/bootloader.te	2006-09-01 15:33:55.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/admin/bootloader.te	2006-09-01 15:41:44.000000000 -0400
 @@ -161,7 +161,7 @@
  	allow bootloader_t self:capability ipc_lock;
  
@@ -120,7 +120,7 @@
  	files_mountpoint(bootloader_tmp_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.11/policy/modules/admin/consoletype.te
 --- nsaserefpolicy/policy/modules/admin/consoletype.te	2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/admin/consoletype.te	2006-09-01 15:33:55.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/admin/consoletype.te	2006-09-01 15:41:44.000000000 -0400
 @@ -8,7 +8,12 @@
  
  type consoletype_t;
@@ -137,7 +137,7 @@
  role system_r types consoletype_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-2.3.11/policy/modules/admin/firstboot.te
 --- nsaserefpolicy/policy/modules/admin/firstboot.te	2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/admin/firstboot.te	2006-09-01 15:33:55.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/admin/firstboot.te	2006-09-01 15:41:44.000000000 -0400
 @@ -20,9 +20,6 @@
  type firstboot_etc_t;
  files_config_file(firstboot_etc_t)
@@ -174,7 +174,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.11/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/admin/rpm.fc	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/admin/rpm.fc	2006-09-01 15:41:44.000000000 -0400
 @@ -19,6 +19,8 @@
  /usr/sbin/pup			--	gen_context(system_u:object_r:rpm_exec_t,s0)
  /usr/sbin/rhn_check		--	gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -186,7 +186,7 @@
  /var/lib/alternatives(/.*)?		gen_context(system_u:object_r:rpm_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.3.11/policy/modules/admin/rpm.if
 --- nsaserefpolicy/policy/modules/admin/rpm.if	2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/admin/rpm.if	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/admin/rpm.if	2006-09-01 15:41:44.000000000 -0400
 @@ -75,12 +75,13 @@
  	')
  
@@ -209,7 +209,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.3.11/policy/modules/apps/java.fc
 --- nsaserefpolicy/policy/modules/apps/java.fc	2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/apps/java.fc	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/apps/java.fc	2006-09-01 15:41:44.000000000 -0400
 @@ -1,7 +1,7 @@
  #
  # /opt
@@ -221,7 +221,7 @@
  # /usr
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.3.11/policy/modules/kernel/corecommands.if
 --- nsaserefpolicy/policy/modules/kernel/corecommands.if	2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/kernel/corecommands.if	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/kernel/corecommands.if	2006-09-01 15:41:44.000000000 -0400
 @@ -950,6 +950,7 @@
  
  	allow $1 exec_type:file manage_file_perms;
@@ -232,7 +232,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.3.11/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2006-09-01 14:10:17.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/kernel/corenetwork.te.in	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/kernel/corenetwork.te.in	2006-09-01 15:41:44.000000000 -0400
 @@ -67,6 +67,7 @@
  network_port(clamd, tcp,3310,s0)
  network_port(clockspeed, udp,4041,s0)
@@ -258,7 +258,7 @@
  network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.3.11/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2006-09-01 14:10:17.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/kernel/files.fc	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/kernel/files.fc	2006-09-01 15:41:44.000000000 -0400
 @@ -32,6 +32,7 @@
  /boot/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,s15:c0.c255)
  /boot/lost\+found/.*		<<none>>
@@ -269,7 +269,7 @@
  # /emul
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.3.11/policy/modules/kernel/terminal.if
 --- nsaserefpolicy/policy/modules/kernel/terminal.if	2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/kernel/terminal.if	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/kernel/terminal.if	2006-09-01 15:41:44.000000000 -0400
 @@ -886,7 +886,7 @@
  		type tty_device_t;
  	')
@@ -281,7 +281,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-2.3.11/policy/modules/services/amavis.te
 --- nsaserefpolicy/policy/modules/services/amavis.te	2006-08-29 09:00:27.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/amavis.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/amavis.te	2006-09-01 15:41:44.000000000 -0400
 @@ -155,6 +155,7 @@
  
  ifdef(`targeted_policy',`
@@ -292,7 +292,7 @@
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.3.11/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/apache.te	2006-09-01 15:36:23.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/apache.te	2006-09-01 15:41:44.000000000 -0400
 @@ -141,7 +141,6 @@
  allow httpd_t self:msg { send receive };
  allow httpd_t self:unix_dgram_socket { create_socket_perms sendto };
@@ -309,7 +309,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.3.11/policy/modules/services/bluetooth.te
 --- nsaserefpolicy/policy/modules/services/bluetooth.te	2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/bluetooth.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/bluetooth.te	2006-09-01 15:41:44.000000000 -0400
 @@ -217,14 +217,16 @@
  	fs_rw_tmpfs_files(bluetooth_helper_t)
  
@@ -330,7 +330,7 @@
  		xserver_rw_xdm_pipes(bluetooth_helper_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-2.3.11/policy/modules/services/ccs.fc
 --- nsaserefpolicy/policy/modules/services/ccs.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.11/policy/modules/services/ccs.fc	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/ccs.fc	2006-09-01 15:41:44.000000000 -0400
 @@ -0,0 +1,8 @@
 +# ccs executable will have:
 +# label: system_u:object_r:ccs_exec_t
@@ -342,7 +342,7 @@
 +/etc/cluster(/.*)?		gen_context(system_u:object_r:cluster_conf_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.if serefpolicy-2.3.11/policy/modules/services/ccs.if
 --- nsaserefpolicy/policy/modules/services/ccs.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.11/policy/modules/services/ccs.if	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/ccs.if	2006-09-01 15:41:44.000000000 -0400
 @@ -0,0 +1,65 @@
 +## <summary>policy for ccs</summary>
 +
@@ -411,7 +411,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.3.11/policy/modules/services/ccs.te
 --- nsaserefpolicy/policy/modules/services/ccs.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.11/policy/modules/services/ccs.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/ccs.te	2006-09-01 15:41:44.000000000 -0400
 @@ -0,0 +1,87 @@
 +policy_module(ccs,1.0.0)
 +
@@ -502,7 +502,7 @@
 +allow ccs_t cluster_conf_t:file rw_file_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-2.3.11/policy/modules/services/clamav.te
 --- nsaserefpolicy/policy/modules/services/clamav.te	2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/clamav.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/clamav.te	2006-09-01 15:41:44.000000000 -0400
 @@ -121,6 +121,7 @@
  cron_rw_pipes(clamd_t)
  
@@ -513,7 +513,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.3.11/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/cron.if	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/cron.if	2006-09-01 15:41:44.000000000 -0400
 @@ -54,6 +54,11 @@
  	domain_entry_file($1_crontab_t,crontab_exec_t)
  	role $3 types $1_crontab_t;
@@ -539,7 +539,7 @@
  	allow $1_crontab_t self:process signal_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.3.11/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/cron.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/cron.te	2006-09-01 15:41:44.000000000 -0400
 @@ -36,6 +36,9 @@
  type crontab_exec_t;
  corecmd_executable_file(crontab_exec_t)
@@ -560,7 +560,7 @@
  tunable_policy(`fcron_crond', `
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-2.3.11/policy/modules/services/cyrus.te
 --- nsaserefpolicy/policy/modules/services/cyrus.te	2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/cyrus.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/cyrus.te	2006-09-01 15:41:44.000000000 -0400
 @@ -93,6 +93,7 @@
  files_list_var_lib(cyrus_t)
  files_read_etc_files(cyrus_t)
@@ -571,7 +571,7 @@
  init_use_script_ptys(cyrus_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.3.11/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/dbus.if	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/dbus.if	2006-09-01 15:41:44.000000000 -0400
 @@ -123,6 +123,7 @@
  	selinux_compute_relabel_context($1_dbusd_t)
  	selinux_compute_user_contexts($1_dbusd_t)
@@ -582,7 +582,7 @@
  	corecmd_read_bin_files($1_dbusd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-2.3.11/policy/modules/services/dbus.te
 --- nsaserefpolicy/policy/modules/services/dbus.te	2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/dbus.te	2006-09-01 15:36:59.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/dbus.te	2006-09-01 15:41:44.000000000 -0400
 @@ -38,7 +38,6 @@
  allow system_dbusd_t self:unix_stream_socket { connectto create_stream_socket_perms connectto };
  allow system_dbusd_t self:unix_dgram_socket create_socket_perms;
@@ -593,7 +593,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.3.11/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2006-09-01 14:10:18.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/dovecot.te	2006-09-01 15:37:16.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/dovecot.te	2006-09-01 15:41:44.000000000 -0400
 @@ -46,8 +46,6 @@
  allow dovecot_t self:tcp_socket create_stream_socket_perms;
  allow dovecot_t self:unix_dgram_socket create_socket_perms;
@@ -605,7 +605,7 @@
  allow dovecot_auth_t dovecot_t:process sigchld;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.3.11/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2006-08-23 12:14:53.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/ftp.te	2006-09-01 15:37:26.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/ftp.te	2006-09-01 15:41:44.000000000 -0400
 @@ -50,7 +50,6 @@
  allow ftpd_t self:unix_stream_socket create_stream_socket_perms;
  allow ftpd_t self:tcp_socket create_stream_socket_perms;
@@ -616,7 +616,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.3.11/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2006-09-01 14:10:18.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/hal.te	2006-09-01 15:37:39.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/hal.te	2006-09-01 15:41:44.000000000 -0400
 @@ -28,7 +28,6 @@
  allow hald_t self:fifo_file rw_file_perms;
  allow hald_t self:unix_stream_socket { create_stream_socket_perms connectto };
@@ -635,7 +635,7 @@
  files_read_etc_files(hald_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-2.3.11/policy/modules/services/ldap.te
 --- nsaserefpolicy/policy/modules/services/ldap.te	2006-08-16 08:46:30.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/ldap.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/ldap.te	2006-09-01 15:41:44.000000000 -0400
 @@ -72,7 +72,7 @@
  
  allow slapd_t slapd_var_run_t:file create_file_perms;
@@ -647,7 +647,7 @@
  kernel_read_kernel_sysctls(slapd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.3.11/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/networkmanager.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/networkmanager.te	2006-09-01 15:41:44.000000000 -0400
 @@ -18,9 +18,9 @@
  # Local policy
  #
@@ -662,7 +662,7 @@
  allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.3.11/policy/modules/services/ntp.te
 --- nsaserefpolicy/policy/modules/services/ntp.te	2006-08-23 12:14:54.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/ntp.te	2006-09-01 15:38:01.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/ntp.te	2006-09-01 15:41:44.000000000 -0400
 @@ -38,7 +38,6 @@
  allow ntpd_t self:fifo_file { read write getattr };
  allow ntpd_t self:unix_dgram_socket create_socket_perms;
@@ -673,7 +673,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-2.3.11/policy/modules/services/oddjob.fc
 --- nsaserefpolicy/policy/modules/services/oddjob.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.11/policy/modules/services/oddjob.fc	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/oddjob.fc	2006-09-01 15:41:44.000000000 -0400
 @@ -0,0 +1,8 @@
 +# oddjob executable will have:
 +# label: system_u:object_r:oddjob_exec_t
@@ -685,7 +685,7 @@
 +/usr/lib/oddjobd			gen_context(system_u:object_r:oddjob_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-2.3.11/policy/modules/services/oddjob.if
 --- nsaserefpolicy/policy/modules/services/oddjob.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.11/policy/modules/services/oddjob.if	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/oddjob.if	2006-09-01 15:41:44.000000000 -0400
 @@ -0,0 +1,76 @@
 +## <summary>policy for oddjob</summary>
 +
@@ -765,7 +765,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.fc serefpolicy-2.3.11/policy/modules/services/oddjob_mkhomedir.fc
 --- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.11/policy/modules/services/oddjob_mkhomedir.fc	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/oddjob_mkhomedir.fc	2006-09-01 15:41:44.000000000 -0400
 @@ -0,0 +1,6 @@
 +# oddjob_mkhomedir executable will have:
 +# label: system_u:object_r:oddjob_mkhomedir_exec_t
@@ -775,7 +775,7 @@
 +/usr/lib/oddjob/mkhomedir		--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.if serefpolicy-2.3.11/policy/modules/services/oddjob_mkhomedir.if
 --- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.11/policy/modules/services/oddjob_mkhomedir.if	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/oddjob_mkhomedir.if	2006-09-01 15:41:44.000000000 -0400
 @@ -0,0 +1,24 @@
 +## <summary>policy for oddjob_mkhomedir</summary>
 +
@@ -803,7 +803,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.te serefpolicy-2.3.11/policy/modules/services/oddjob_mkhomedir.te
 --- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.11/policy/modules/services/oddjob_mkhomedir.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/oddjob_mkhomedir.te	2006-09-01 15:41:44.000000000 -0400
 @@ -0,0 +1,29 @@
 +policy_module(oddjob_mkhomedir,1.0.0)
 +
@@ -836,7 +836,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-2.3.11/policy/modules/services/oddjob.te
 --- nsaserefpolicy/policy/modules/services/oddjob.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.11/policy/modules/services/oddjob.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/oddjob.te	2006-09-01 15:41:44.000000000 -0400
 @@ -0,0 +1,73 @@
 +policy_module(oddjob,1.0.0)
 +
@@ -913,7 +913,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.3.11/policy/modules/services/pegasus.if
 --- nsaserefpolicy/policy/modules/services/pegasus.if	2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/pegasus.if	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/pegasus.if	2006-09-01 15:41:44.000000000 -0400
 @@ -1 +1,32 @@
  ## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
 +
@@ -949,7 +949,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.3.11/policy/modules/services/pegasus.te
 --- nsaserefpolicy/policy/modules/services/pegasus.te	2006-08-23 12:14:54.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/pegasus.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/pegasus.te	2006-09-01 15:41:44.000000000 -0400
 @@ -100,13 +100,12 @@
  
  auth_use_nsswitch(pegasus_t)
@@ -968,7 +968,7 @@
  hostname_exec(pegasus_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.3.11/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/postfix.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/postfix.te	2006-09-01 15:41:44.000000000 -0400
 @@ -171,6 +171,11 @@
  mta_rw_aliases(postfix_master_t)
  mta_read_sendmail_bin(postfix_master_t)
@@ -991,7 +991,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-2.3.11/policy/modules/services/ricci.fc
 --- nsaserefpolicy/policy/modules/services/ricci.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.11/policy/modules/services/ricci.fc	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/ricci.fc	2006-09-01 15:41:44.000000000 -0400
 @@ -0,0 +1,20 @@
 +# ricci executable will have:
 +# label: system_u:object_r:ricci_exec_t
@@ -1015,7 +1015,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-2.3.11/policy/modules/services/ricci.if
 --- nsaserefpolicy/policy/modules/services/ricci.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.11/policy/modules/services/ricci.if	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/ricci.if	2006-09-01 15:41:44.000000000 -0400
 @@ -0,0 +1,184 @@
 +## <summary>policy for ricci</summary>
 +
@@ -1203,7 +1203,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.3.11/policy/modules/services/ricci.te
 --- nsaserefpolicy/policy/modules/services/ricci.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.11/policy/modules/services/ricci.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/ricci.te	2006-09-01 15:41:44.000000000 -0400
 @@ -0,0 +1,386 @@
 +policy_module(ricci,1.0.0)
 +
@@ -1591,9 +1591,22 @@
 +')
 +
 +
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.3.11/policy/modules/services/setroubleshoot.te
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2006-09-01 14:10:18.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/setroubleshoot.te	2006-09-01 16:22:41.000000000 -0400
+@@ -64,9 +64,7 @@
+ corenet_tcp_sendrecv_all_nodes(setroubleshootd_t)
+ corenet_tcp_sendrecv_all_ports(setroubleshootd_t)
+ corenet_tcp_bind_all_nodes(setroubleshootd_t)
+-corenet_tcp_bind_setroubleshoot_port(setroubleshootd_t)
+ corenet_tcp_connect_smtp_port(setroubleshootd_t)
+-corenet_sendrecv_setroubleshoot_server_packets(setroubleshootd_t)
+ corenet_sendrecv_smtp_client_packets(setroubleshootd_t)
+ 
+ dev_read_urand(setroubleshootd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-2.3.11/policy/modules/services/stunnel.te
 --- nsaserefpolicy/policy/modules/services/stunnel.te	2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/stunnel.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/stunnel.te	2006-09-01 15:41:44.000000000 -0400
 @@ -38,6 +38,7 @@
  allow stunnel_t self:fifo_file rw_file_perms;
  allow stunnel_t self:tcp_socket create_stream_socket_perms;
@@ -1613,7 +1626,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.3.11/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2006-09-01 14:10:18.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/services/xserver.if	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/services/xserver.if	2006-09-01 15:41:44.000000000 -0400
 @@ -1133,3 +1133,25 @@
  	allow $1 xdm_xserver_tmp_t:sock_file write;
  	allow $1 xdm_xserver_t:unix_stream_socket connectto;
@@ -1642,7 +1655,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.3.11/policy/modules/system/hostname.te
 --- nsaserefpolicy/policy/modules/system/hostname.te	2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/system/hostname.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/system/hostname.te	2006-09-01 15:41:44.000000000 -0400
 @@ -8,7 +8,10 @@
  
  type hostname_t;
@@ -1657,7 +1670,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.3.11/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2006-08-28 16:22:32.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/system/init.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/system/init.te	2006-09-01 15:41:44.000000000 -0400
 @@ -361,7 +361,8 @@
  logging_append_all_logs(initrc_t)
  logging_read_audit_config(initrc_t)
@@ -1670,7 +1683,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.3.11/policy/modules/system/selinuxutil.fc
 --- nsaserefpolicy/policy/modules/system/selinuxutil.fc	2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/system/selinuxutil.fc	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/system/selinuxutil.fc	2006-09-01 15:41:44.000000000 -0400
 @@ -36,6 +36,7 @@
  /usr/sbin/restorecond		--	gen_context(system_u:object_r:restorecond_exec_t,s0)
  /usr/sbin/run_init		--	gen_context(system_u:object_r:run_init_exec_t,s0)
@@ -1681,7 +1694,7 @@
  /usr/sbin/semodule		--	gen_context(system_u:object_r:semanage_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.3.11/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te	2006-09-01 14:10:18.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/system/selinuxutil.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/system/selinuxutil.te	2006-09-01 15:41:44.000000000 -0400
 @@ -450,6 +450,7 @@
  selinux_compute_user_contexts(restorecond_t)
  
@@ -1705,7 +1718,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.3.11/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2006-08-16 08:46:31.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/system/userdomain.if	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/system/userdomain.if	2006-09-01 15:41:44.000000000 -0400
 @@ -8,11 +8,10 @@
  ## <desc>
  ##	<p>
@@ -2180,7 +2193,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.3.11/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2006-08-16 08:46:31.000000000 -0400
-+++ serefpolicy-2.3.11/policy/modules/system/userdomain.te	2006-09-01 15:33:56.000000000 -0400
++++ serefpolicy-2.3.11/policy/modules/system/userdomain.te	2006-09-01 15:41:44.000000000 -0400
 @@ -56,14 +56,6 @@
  # Local policy
  #




More information about the fedora-cvs-commits mailing list