rpms/selinux-policy/devel policy-20060915.patch,1.11,1.12

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Mon Sep 25 17:40:53 UTC 2006


Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv31786

Modified Files:
	policy-20060915.patch 
Log Message:
* Mon Sep 25 2006 Dan Walsh <dwalsh at redhat.com> 2.3.15-2
- mls fixes 


policy-20060915.patch:
 Rules.modular                                |   10 
 config/appconfig-strict-mcs/seusers          |    3 
 config/appconfig-strict-mls/initrc_context   |    2 
 config/appconfig-strict-mls/seusers          |    3 
 config/appconfig-strict/seusers              |    1 
 config/appconfig-targeted-mcs/seusers        |    3 
 config/appconfig-targeted-mls/initrc_context |    2 
 config/appconfig-targeted-mls/seusers        |    3 
 config/appconfig-targeted/seusers            |    1 
 local.te                                     |   16 +
 policy/global_tunables                       |    9 
 policy/mcs                                   |    6 
 policy/mls                                   |   36 +-
 policy/modules/admin/bootloader.fc           |    5 
 policy/modules/admin/bootloader.te           |    7 
 policy/modules/admin/consoletype.te          |    7 
 policy/modules/admin/firstboot.te            |    4 
 policy/modules/admin/prelink.if              |    2 
 policy/modules/admin/readahead.te            |    4 
 policy/modules/admin/rpm.fc                  |    2 
 policy/modules/apps/java.fc                  |    2 
 policy/modules/apps/slocate.te               |    1 
 policy/modules/kernel/corenetwork.te.in      |   15 -
 policy/modules/kernel/devices.fc             |    8 
 policy/modules/kernel/devices.if             |   39 ++
 policy/modules/kernel/files.fc               |   29 +-
 policy/modules/kernel/files.if               |   20 +
 policy/modules/kernel/filesystem.if          |    2 
 policy/modules/kernel/kernel.te              |   25 -
 policy/modules/kernel/mcs.te                 |   18 -
 policy/modules/kernel/mls.te                 |   12 
 policy/modules/kernel/selinux.te             |    2 
 policy/modules/kernel/storage.fc             |   48 +--
 policy/modules/kernel/storage.if             |    1 
 policy/modules/kernel/terminal.fc            |    2 
 policy/modules/services/apache.fc            |    9 
 policy/modules/services/automount.te         |    3 
 policy/modules/services/bind.te              |    1 
 policy/modules/services/bluetooth.fc         |    2 
 policy/modules/services/ccs.fc               |    8 
 policy/modules/services/ccs.if               |   65 ++++
 policy/modules/services/ccs.te               |   87 ++++++
 policy/modules/services/cron.fc              |    1 
 policy/modules/services/cron.te              |   19 +
 policy/modules/services/dbus.if              |    1 
 policy/modules/services/hal.te               |    6 
 policy/modules/services/lpd.fc               |    3 
 policy/modules/services/networkmanager.te    |    1 
 policy/modules/services/nscd.if              |   20 +
 policy/modules/services/nscd.te              |    2 
 policy/modules/services/oddjob.fc            |   10 
 policy/modules/services/oddjob.if            |   99 ++++++
 policy/modules/services/oddjob.te            |   95 ++++++
 policy/modules/services/pegasus.if           |   31 ++
 policy/modules/services/pegasus.te           |    5 
 policy/modules/services/postfix.fc           |    1 
 policy/modules/services/ricci.fc             |   20 +
 policy/modules/services/ricci.if             |  184 ++++++++++++
 policy/modules/services/ricci.te             |  386 +++++++++++++++++++++++++++
 policy/modules/services/sendmail.te          |    1 
 policy/modules/services/smartmon.te          |    8 
 policy/modules/services/ssh.te               |    6 
 policy/modules/system/hostname.te            |    5 
 policy/modules/system/init.fc                |    3 
 policy/modules/system/init.if                |    3 
 policy/modules/system/init.te                |   14 
 policy/modules/system/logging.fc             |    8 
 policy/modules/system/logging.te             |    2 
 policy/modules/system/raid.te                |    2 
 policy/modules/system/selinuxutil.fc         |    6 
 policy/modules/system/setrans.fc             |    2 
 policy/modules/system/udev.te                |    1 
 policy/modules/system/unconfined.if          |    1 
 policy/modules/system/userdomain.fc          |    2 
 policy/modules/system/userdomain.if          |   27 +
 policy/modules/system/userdomain.te          |   21 +
 policy/users                                 |   14 
 77 files changed, 1395 insertions(+), 140 deletions(-)

Index: policy-20060915.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060915.patch,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- policy-20060915.patch	25 Sep 2006 15:58:33 -0000	1.11
+++ policy-20060915.patch	25 Sep 2006 17:40:51 -0000	1.12
@@ -1,13 +1,13 @@
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict/seusers serefpolicy-2.3.15/config/appconfig-strict/seusers
 --- nsaserefpolicy/config/appconfig-strict/seusers	2006-07-14 17:04:47.000000000 -0400
-+++ serefpolicy-2.3.15/config/appconfig-strict/seusers	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/config/appconfig-strict/seusers	2006-09-25 13:31:59.000000000 -0400
 @@ -1,2 +1,3 @@
 +system_u:system_u
  root:root
  __default__:user_u
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mcs/seusers serefpolicy-2.3.15/config/appconfig-strict-mcs/seusers
 --- nsaserefpolicy/config/appconfig-strict-mcs/seusers	2006-07-14 17:04:48.000000000 -0400
-+++ serefpolicy-2.3.15/config/appconfig-strict-mcs/seusers	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/config/appconfig-strict-mcs/seusers	2006-09-25 13:31:59.000000000 -0400
 @@ -1,2 +1,3 @@
 -root:root:s0-s0:c0.c255
 +system_u:system_u:s0-s0:c0.c1023
@@ -15,13 +15,13 @@
  __default__:user_u:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/initrc_context serefpolicy-2.3.15/config/appconfig-strict-mls/initrc_context
 --- nsaserefpolicy/config/appconfig-strict-mls/initrc_context	2006-07-14 17:04:47.000000000 -0400
-+++ serefpolicy-2.3.15/config/appconfig-strict-mls/initrc_context	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/config/appconfig-strict-mls/initrc_context	2006-09-25 13:31:59.000000000 -0400
 @@ -1 +1 @@
 -system_u:system_r:initrc_t:s0-s15:c0.c255
 +system_u:system_r:initrc_t:s0-s15:c0.c1023
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/seusers serefpolicy-2.3.15/config/appconfig-strict-mls/seusers
 --- nsaserefpolicy/config/appconfig-strict-mls/seusers	2006-07-14 17:04:47.000000000 -0400
-+++ serefpolicy-2.3.15/config/appconfig-strict-mls/seusers	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/config/appconfig-strict-mls/seusers	2006-09-25 13:31:59.000000000 -0400
 @@ -1,2 +1,3 @@
 -root:root:s0-s15:c0.c255
 +system_u:system_u:s0-s15:c0.c1023
@@ -29,14 +29,14 @@
  __default__:user_u:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted/seusers serefpolicy-2.3.15/config/appconfig-targeted/seusers
 --- nsaserefpolicy/config/appconfig-targeted/seusers	2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.15/config/appconfig-targeted/seusers	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/config/appconfig-targeted/seusers	2006-09-25 13:31:59.000000000 -0400
 @@ -1,2 +1,3 @@
 +system_u:system_u
  root:root
  __default__:user_u
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/seusers serefpolicy-2.3.15/config/appconfig-targeted-mcs/seusers
 --- nsaserefpolicy/config/appconfig-targeted-mcs/seusers	2006-07-14 17:04:47.000000000 -0400
-+++ serefpolicy-2.3.15/config/appconfig-targeted-mcs/seusers	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/config/appconfig-targeted-mcs/seusers	2006-09-25 13:31:59.000000000 -0400
 @@ -1,2 +1,3 @@
 -root:root:s0-s0:c0.c255
 +system_u:system_u:s0-s0:c0.c1023
@@ -44,23 +44,21 @@
  __default__:user_u:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mls/initrc_context serefpolicy-2.3.15/config/appconfig-targeted-mls/initrc_context
 --- nsaserefpolicy/config/appconfig-targeted-mls/initrc_context	2006-07-14 17:04:48.000000000 -0400
-+++ serefpolicy-2.3.15/config/appconfig-targeted-mls/initrc_context	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/config/appconfig-targeted-mls/initrc_context	2006-09-25 13:31:59.000000000 -0400
 @@ -1 +1 @@
 -user_u:system_r:initrc_t:s0-s15:c0.c255
 +user_u:system_r:initrc_t:s0-s15:c0.c1023
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mls/seusers serefpolicy-2.3.15/config/appconfig-targeted-mls/seusers
 --- nsaserefpolicy/config/appconfig-targeted-mls/seusers	2006-07-14 17:04:48.000000000 -0400
-+++ serefpolicy-2.3.15/config/appconfig-targeted-mls/seusers	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/config/appconfig-targeted-mls/seusers	2006-09-25 13:31:59.000000000 -0400
 @@ -1,2 +1,3 @@
 -root:root:s0-s15:c0.c255
 +system_u:system_u:s0-s15:c0.c1023
 +root:root:s0-s15:c0.c1023
  __default__:user_u:s0
-Binary files nsaserefpolicy/local.mod and serefpolicy-2.3.15/local.mod differ
-Binary files nsaserefpolicy/local.pp and serefpolicy-2.3.15/local.pp differ
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/local.te serefpolicy-2.3.15/local.te
 --- nsaserefpolicy/local.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/local.te	2006-09-23 07:02:40.000000000 -0400
++++ serefpolicy-2.3.15/local.te	2006-09-25 13:31:59.000000000 -0400
 @@ -0,0 +1,16 @@
 +module local 1.0;
 +
@@ -80,7 +78,7 @@
 +allow unlabeled_t self:association polmatch;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.3.15/policy/global_tunables
 --- nsaserefpolicy/policy/global_tunables	2006-09-15 13:14:28.000000000 -0400
-+++ serefpolicy-2.3.15/policy/global_tunables	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/global_tunables	2006-09-25 13:31:59.000000000 -0400
 @@ -587,3 +587,12 @@
  ## </desc>
  gen_tunable(spamd_enable_home_dirs,true)
@@ -96,7 +94,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-2.3.15/policy/mcs
 --- nsaserefpolicy/policy/mcs	2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.3.15/policy/mcs	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/mcs	2006-09-25 13:31:59.000000000 -0400
 @@ -20,14 +20,14 @@
  # Each category has a name and zero or more aliases.
  #
@@ -117,7 +115,7 @@
  # Define the MCS policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.3.15/policy/mls
 --- nsaserefpolicy/policy/mls	2006-09-22 09:35:45.000000000 -0400
-+++ serefpolicy-2.3.15/policy/mls	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/mls	2006-09-25 13:31:59.000000000 -0400
 @@ -33,30 +33,30 @@
  # Each category has a name and zero or more aliases.
  #
@@ -169,7 +167,7 @@
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.3.15/policy/modules/admin/bootloader.fc
 --- nsaserefpolicy/policy/modules/admin/bootloader.fc	2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/admin/bootloader.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/admin/bootloader.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -6,7 +6,10 @@
  
  /usr/sbin/mkinitrd	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
@@ -184,7 +182,7 @@
 +/boot/grub/.*		--	gen_context(system_u:object_r:boot_runtime_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.3.15/policy/modules/admin/bootloader.te
 --- nsaserefpolicy/policy/modules/admin/bootloader.te	2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/admin/bootloader.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/admin/bootloader.te	2006-09-25 13:31:59.000000000 -0400
 @@ -21,6 +21,13 @@
  type bootloader_exec_t;
  domain_entry_file(bootloader_t,bootloader_exec_t)
@@ -201,7 +199,7 @@
  # grub.conf, lilo.conf, etc.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.15/policy/modules/admin/consoletype.te
 --- nsaserefpolicy/policy/modules/admin/consoletype.te	2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/admin/consoletype.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/admin/consoletype.te	2006-09-25 13:31:59.000000000 -0400
 @@ -8,7 +8,12 @@
  
  type consoletype_t;
@@ -218,7 +216,7 @@
  role system_r types consoletype_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-2.3.15/policy/modules/admin/firstboot.te
 --- nsaserefpolicy/policy/modules/admin/firstboot.te	2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/admin/firstboot.te	2006-09-22 16:07:26.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/admin/firstboot.te	2006-09-25 13:31:59.000000000 -0400
 @@ -3,7 +3,11 @@
  
  gen_require(`
@@ -233,7 +231,7 @@
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.if serefpolicy-2.3.15/policy/modules/admin/prelink.if
 --- nsaserefpolicy/policy/modules/admin/prelink.if	2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/admin/prelink.if	2006-09-25 09:04:49.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/admin/prelink.if	2006-09-25 13:31:59.000000000 -0400
 @@ -76,7 +76,7 @@
  	gen_require(`
  		type prelink_cache_t;
@@ -245,7 +243,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.3.15/policy/modules/admin/readahead.te
 --- nsaserefpolicy/policy/modules/admin/readahead.te	2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/admin/readahead.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/admin/readahead.te	2006-09-25 13:31:59.000000000 -0400
 @@ -36,6 +36,8 @@
  dev_getattr_all_blk_files(readahead_t)
  dev_dontaudit_read_all_blk_files(readahead_t)
@@ -266,7 +264,7 @@
  auth_dontaudit_read_shadow(readahead_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.15/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/admin/rpm.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/admin/rpm.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -21,6 +21,8 @@
  /usr/sbin/pup			--	gen_context(system_u:object_r:rpm_exec_t,s0)
  /usr/sbin/rhn_check		--	gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -278,7 +276,7 @@
  /var/lib/alternatives(/.*)?		gen_context(system_u:object_r:rpm_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.3.15/policy/modules/apps/java.fc
 --- nsaserefpolicy/policy/modules/apps/java.fc	2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/apps/java.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/apps/java.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -1,7 +1,7 @@
  #
  # /opt
@@ -290,7 +288,7 @@
  # /usr
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-2.3.15/policy/modules/apps/slocate.te
 --- nsaserefpolicy/policy/modules/apps/slocate.te	2006-07-14 17:04:31.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/apps/slocate.te	2006-09-25 08:58:15.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/apps/slocate.te	2006-09-25 13:31:59.000000000 -0400
 @@ -45,6 +45,7 @@
  files_dontaudit_getattr_all_dirs(locate_t)
  
@@ -301,7 +299,7 @@
  libs_use_ld_so(locate_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.3.15/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2006-09-22 09:35:44.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/corenetwork.te.in	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/corenetwork.te.in	2006-09-25 13:31:59.000000000 -0400
 @@ -67,6 +67,7 @@
  network_port(clamd, tcp,3310,s0)
  network_port(clockspeed, udp,4041,s0)
@@ -362,7 +360,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.3.15/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/devices.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/devices.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -25,10 +25,10 @@
  /dev/i915		-c	gen_context(system_u:object_r:dri_device_t,s0)
  /dev/irlpt[0-9]+	-c	gen_context(system_u:object_r:printer_device_t,s0)
@@ -392,7 +390,7 @@
  /dev/radeon		-c	gen_context(system_u:object_r:dri_device_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.3.15/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2006-09-22 09:35:44.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/devices.if	2006-09-23 19:49:14.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/devices.if	2006-09-25 13:31:59.000000000 -0400
 @@ -1998,6 +1998,25 @@
  
  ########################################
@@ -445,7 +443,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.3.15/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2006-09-05 07:41:00.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/files.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/files.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -29,9 +29,10 @@
  /boot			-d	gen_context(system_u:object_r:boot_t,s0)
  /boot/.*			gen_context(system_u:object_r:boot_t,s0)
@@ -551,7 +549,7 @@
  /var/tmp/vi\.recover	-d	gen_context(system_u:object_r:tmp_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.3.15/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/files.if	2006-09-25 09:04:36.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/files.if	2006-09-25 13:31:59.000000000 -0400
 @@ -4541,3 +4541,23 @@
  
  	typealias etc_runtime_t alias $1;
@@ -578,7 +576,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.3.15/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/filesystem.if	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/filesystem.if	2006-09-25 13:31:59.000000000 -0400
 @@ -455,7 +455,7 @@
  	')
  
@@ -590,7 +588,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.3.15/policy/modules/kernel/kernel.te
 --- nsaserefpolicy/policy/modules/kernel/kernel.te	2006-09-22 09:35:44.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/kernel.te	2006-09-23 07:06:41.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/kernel.te	2006-09-25 13:31:59.000000000 -0400
 @@ -39,7 +39,7 @@
  domain_base_type(kernel_t)
  mls_rangetrans_source(kernel_t)
@@ -662,7 +660,7 @@
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.te serefpolicy-2.3.15/policy/modules/kernel/mcs.te
 --- nsaserefpolicy/policy/modules/kernel/mcs.te	2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/mcs.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/mcs.te	2006-09-25 13:31:59.000000000 -0400
 @@ -37,15 +37,15 @@
  # default and have the daemons which need to run with all categories be
  # exceptions.  But while range_transitions have to be in the base module
@@ -690,7 +688,7 @@
  range_transition unconfined_t initrc_exec_t s0;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.3.15/policy/modules/kernel/mls.te
 --- nsaserefpolicy/policy/modules/kernel/mls.te	2006-09-22 09:35:44.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/mls.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/mls.te	2006-09-25 13:31:59.000000000 -0400
 @@ -62,11 +62,13 @@
  type lvm_exec_t;
  type run_init_t;
@@ -712,7 +710,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.te serefpolicy-2.3.15/policy/modules/kernel/selinux.te
 --- nsaserefpolicy/policy/modules/kernel/selinux.te	2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/selinux.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/selinux.te	2006-09-25 13:31:59.000000000 -0400
 @@ -19,7 +19,7 @@
  type security_t;
  fs_type(security_t)
@@ -724,7 +722,7 @@
  neverallow ~{ selinux_unconfined_type can_load_policy } security_t:security load_policy;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-2.3.15/policy/modules/kernel/storage.fc
 --- nsaserefpolicy/policy/modules/kernel/storage.fc	2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/storage.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/storage.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -5,36 +5,36 @@
  /dev/n?osst[0-3].*	-c	gen_context(system_u:object_r:tape_device_t,s0)
  /dev/n?pt[0-9]+		-c	gen_context(system_u:object_r:tape_device_t,s0)
@@ -814,7 +812,7 @@
  /dev/usb/rio500		-c	gen_context(system_u:object_r:removable_device_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-2.3.15/policy/modules/kernel/storage.if
 --- nsaserefpolicy/policy/modules/kernel/storage.if	2006-07-14 17:04:29.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/storage.if	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/storage.if	2006-09-25 13:31:59.000000000 -0400
 @@ -37,6 +37,7 @@
  	')
  
@@ -825,7 +823,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-2.3.15/policy/modules/kernel/terminal.fc
 --- nsaserefpolicy/policy/modules/kernel/terminal.fc	2006-09-01 14:10:17.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/terminal.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/terminal.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -18,7 +18,7 @@
  
  /dev/pty/.*		-c	gen_context(system_u:object_r:bsdpty_device_t,s0)
@@ -837,7 +835,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.3.15/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/apache.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/apache.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -80,3 +80,12 @@
  /var/www/cgi-bin(/.*)?			gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
  /var/www/icons(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -853,7 +851,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.3.15/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2006-09-22 14:07:05.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/automount.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/automount.te	2006-09-25 13:31:59.000000000 -0400
 @@ -36,6 +36,8 @@
  allow automount_t self:unix_dgram_socket create_socket_perms;
  allow automount_t self:tcp_socket create_stream_socket_perms;
@@ -873,7 +871,7 @@
  fs_unmount_all_fs(automount_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-2.3.15/policy/modules/services/bind.te
 --- nsaserefpolicy/policy/modules/services/bind.te	2006-08-29 09:00:27.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/bind.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/bind.te	2006-09-25 13:31:59.000000000 -0400
 @@ -223,6 +223,7 @@
  allow ndc_t named_t:unix_stream_socket connectto;
  
@@ -884,7 +882,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-2.3.15/policy/modules/services/bluetooth.fc
 --- nsaserefpolicy/policy/modules/services/bluetooth.fc	2006-09-22 14:07:06.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/bluetooth.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/bluetooth.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -7,7 +7,7 @@
  #
  # /usr
@@ -896,7 +894,7 @@
  /usr/bin/rfcomm		--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-2.3.15/policy/modules/services/ccs.fc
 --- nsaserefpolicy/policy/modules/services/ccs.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/ccs.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/ccs.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -0,0 +1,8 @@
 +# ccs executable will have:
 +# label: system_u:object_r:ccs_exec_t
@@ -908,7 +906,7 @@
 +/etc/cluster(/.*)?		gen_context(system_u:object_r:cluster_conf_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.if serefpolicy-2.3.15/policy/modules/services/ccs.if
 --- nsaserefpolicy/policy/modules/services/ccs.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/ccs.if	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/ccs.if	2006-09-25 13:31:59.000000000 -0400
 @@ -0,0 +1,65 @@
 +## <summary>policy for ccs</summary>
 +
@@ -977,7 +975,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.3.15/policy/modules/services/ccs.te
 --- nsaserefpolicy/policy/modules/services/ccs.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/ccs.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/ccs.te	2006-09-25 13:31:59.000000000 -0400
 @@ -0,0 +1,87 @@
 +policy_module(ccs,1.0.0)
 +
@@ -1068,7 +1066,7 @@
 +allow ccs_t cluster_conf_t:file rw_file_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-2.3.15/policy/modules/services/cron.fc
 --- nsaserefpolicy/policy/modules/services/cron.fc	2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/cron.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/cron.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -11,6 +11,7 @@
  /usr/sbin/fcron			--	gen_context(system_u:object_r:crond_exec_t,s0)
  
@@ -1079,7 +1077,7 @@
  /var/run/fcron\.fifo		-s	gen_context(system_u:object_r:crond_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.3.15/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2006-09-15 13:14:24.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/cron.te	2006-09-25 09:37:04.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/cron.te	2006-09-25 13:31:59.000000000 -0400
 @@ -17,6 +17,14 @@
  type cron_spool_t;
  files_type(cron_spool_t)
@@ -1106,7 +1104,7 @@
 +
 +# This is to handle creation of files in /var/log directory.  Used currently by rpm script
 +# log files
-+allow system_crond_t crond_log_t:file create_file_perms;
++allow system_crond_t cron_log_t:file create_file_perms;
 +logging_log_filetrans(system_crond_t,cron_log_t,{ file })
 +
 +
@@ -1115,7 +1113,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.3.15/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2006-09-15 13:14:24.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/dbus.if	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/dbus.if	2006-09-25 13:31:59.000000000 -0400
 @@ -123,6 +123,7 @@
  	selinux_compute_relabel_context($1_dbusd_t)
  	selinux_compute_user_contexts($1_dbusd_t)
@@ -1126,7 +1124,7 @@
  	corecmd_read_bin_files($1_dbusd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.3.15/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/hal.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/hal.te	2006-09-25 13:31:59.000000000 -0400
 @@ -142,10 +142,12 @@
  userdom_dontaudit_use_unpriv_user_fds(hald_t)
  userdom_dontaudit_search_sysadm_home_dirs(hald_t)
@@ -1142,9 +1140,27 @@
  	term_dontaudit_use_generic_ptys(hald_t)
  	files_dontaudit_read_root_files(hald_t)
  ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-2.3.15/policy/modules/services/lpd.fc
+--- nsaserefpolicy/policy/modules/services/lpd.fc	2006-09-22 14:07:06.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/lpd.fc	2006-09-25 13:39:36.000000000 -0400
+@@ -8,11 +8,14 @@
+ #
+ /usr/sbin/checkpc	--	gen_context(system_u:object_r:checkpc_exec_t,s0)
+ /usr/sbin/lpd		--	gen_context(system_u:object_r:lpd_exec_t,s0)
++/usr/sbin/lpadmin	--	gen_context(system_u:object_r:lpr_exec_t,s0)
++/usr/sbin/lpc(\.cups)?	--	gen_context(system_u:object_r:lpr_exec_t,s0)
+ /usr/share/printconf/.* --	gen_context(system_u:object_r:printconf_t,s0)
+ /usr/bin/lp(\.cups)?	--	gen_context(system_u:object_r:lpr_exec_t,s0)
+ /usr/bin/lpr(\.cups)?	--	gen_context(system_u:object_r:lpr_exec_t,s0)
+ /usr/bin/lpq(\.cups)?	--	gen_context(system_u:object_r:lpr_exec_t,s0)
+ /usr/bin/lprm(\.cups)?	--	gen_context(system_u:object_r:lpr_exec_t,s0)
++/usr/bin/lpstat(\.cups)? --	gen_context(system_u:object_r:lpr_exec_t,s0)
+ 
+ #
+ # /var
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.3.15/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2006-09-22 14:07:06.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/networkmanager.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/networkmanager.te	2006-09-25 13:31:59.000000000 -0400
 @@ -163,6 +163,7 @@
  optional_policy(`
  	ppp_domtrans(NetworkManager_t)
@@ -1155,7 +1171,7 @@
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-2.3.15/policy/modules/services/nscd.if
 --- nsaserefpolicy/policy/modules/services/nscd.if	2006-08-07 18:55:18.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/nscd.if	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/nscd.if	2006-09-25 13:31:59.000000000 -0400
 @@ -181,3 +181,23 @@
  
  	allow $1 nscd_t:nscd *;
@@ -1182,7 +1198,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-2.3.15/policy/modules/services/nscd.te
 --- nsaserefpolicy/policy/modules/services/nscd.te	2006-08-07 18:55:18.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/nscd.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/nscd.te	2006-09-25 13:31:59.000000000 -0400
 @@ -88,6 +88,8 @@
  domain_use_interactive_fds(nscd_t)
  
@@ -1194,7 +1210,7 @@
  init_use_fds(nscd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-2.3.15/policy/modules/services/oddjob.fc
 --- nsaserefpolicy/policy/modules/services/oddjob.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/oddjob.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/oddjob.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -0,0 +1,10 @@
 +# oddjob executable will have:
 +# label: system_u:object_r:oddjob_exec_t
@@ -1208,7 +1224,7 @@
 +/usr/lib/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-2.3.15/policy/modules/services/oddjob.if
 --- nsaserefpolicy/policy/modules/services/oddjob.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/oddjob.if	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/oddjob.if	2006-09-25 13:31:59.000000000 -0400
 @@ -0,0 +1,99 @@
 +## <summary>policy for oddjob</summary>
 +
@@ -1311,7 +1327,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-2.3.15/policy/modules/services/oddjob.te
 --- nsaserefpolicy/policy/modules/services/oddjob.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/oddjob.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/oddjob.te	2006-09-25 13:31:59.000000000 -0400
 @@ -0,0 +1,95 @@
 +policy_module(oddjob,1.0.0)
 +
@@ -1410,7 +1426,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.3.15/policy/modules/services/pegasus.if
 --- nsaserefpolicy/policy/modules/services/pegasus.if	2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/pegasus.if	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/pegasus.if	2006-09-25 13:31:59.000000000 -0400
 @@ -1 +1,32 @@
  ## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
 +
@@ -1446,7 +1462,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.3.15/policy/modules/services/pegasus.te
 --- nsaserefpolicy/policy/modules/services/pegasus.te	2006-08-23 12:14:54.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/pegasus.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/pegasus.te	2006-09-25 13:31:59.000000000 -0400
 @@ -100,13 +100,12 @@
  
  auth_use_nsswitch(pegasus_t)
@@ -1465,7 +1481,7 @@
  hostname_exec(pegasus_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-2.3.15/policy/modules/services/postfix.fc
 --- nsaserefpolicy/policy/modules/services/postfix.fc	2006-07-14 17:04:40.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/postfix.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/postfix.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -22,6 +22,7 @@
  /usr/lib/postfix/(n)?qmgr --	gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
  /usr/lib/postfix/showq	--	gen_context(system_u:object_r:postfix_showq_exec_t,s0)
@@ -1476,7 +1492,7 @@
  /usr/lib/postfix/bounce	--	gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-2.3.15/policy/modules/services/ricci.fc
 --- nsaserefpolicy/policy/modules/services/ricci.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/ricci.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/ricci.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -0,0 +1,20 @@
 +# ricci executable will have:
 +# label: system_u:object_r:ricci_exec_t
@@ -1500,7 +1516,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-2.3.15/policy/modules/services/ricci.if
 --- nsaserefpolicy/policy/modules/services/ricci.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/ricci.if	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/ricci.if	2006-09-25 13:31:59.000000000 -0400
 @@ -0,0 +1,184 @@
 +## <summary>policy for ricci</summary>
 +
@@ -1688,7 +1704,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.3.15/policy/modules/services/ricci.te
 --- nsaserefpolicy/policy/modules/services/ricci.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/ricci.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/ricci.te	2006-09-25 13:31:59.000000000 -0400
 @@ -0,0 +1,386 @@
 +policy_module(ricci,1.0.0)
 +
@@ -2078,7 +2094,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-2.3.15/policy/modules/services/sendmail.te
 --- nsaserefpolicy/policy/modules/services/sendmail.te	2006-09-22 14:07:06.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/sendmail.te	2006-09-25 09:21:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/sendmail.te	2006-09-25 13:31:59.000000000 -0400
 @@ -32,6 +32,7 @@
  allow sendmail_t self:unix_dgram_socket create_socket_perms;
  allow sendmail_t self:tcp_socket create_stream_socket_perms;
@@ -2089,7 +2105,7 @@
  allow sendmail_t sendmail_log_t:dir { rw_dir_perms setattr };
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-2.3.15/policy/modules/services/smartmon.te
 --- nsaserefpolicy/policy/modules/services/smartmon.te	2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/smartmon.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/smartmon.te	2006-09-25 13:31:59.000000000 -0400
 @@ -7,8 +7,13 @@
  #
  
@@ -2115,7 +2131,7 @@
  term_dontaudit_search_ptys(fsdaemon_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.3.15/policy/modules/services/ssh.te
 --- nsaserefpolicy/policy/modules/services/ssh.te	2006-09-22 09:35:44.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/ssh.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/ssh.te	2006-09-25 13:31:59.000000000 -0400
 @@ -71,7 +71,7 @@
  ifdef(`strict_policy',`
  	# so a tunnel can point to another ssh tunnel
@@ -2138,7 +2154,7 @@
  		# ioctl is necessary for logout() processing for utmp entry and for w to
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.3.15/policy/modules/system/hostname.te
 --- nsaserefpolicy/policy/modules/system/hostname.te	2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/hostname.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/hostname.te	2006-09-25 13:31:59.000000000 -0400
 @@ -8,7 +8,10 @@
  
  type hostname_t;
@@ -2153,7 +2169,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-2.3.15/policy/modules/system/init.fc
 --- nsaserefpolicy/policy/modules/system/init.fc	2006-08-25 13:29:58.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/init.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/init.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -66,3 +66,6 @@
  /var/run/sysconfig(/.*)?	gen_context(system_u:object_r:initrc_var_run_t,s0)
  ')
@@ -2163,7 +2179,7 @@
 +/var/run/pcscd\.pid	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.3.15/policy/modules/system/init.if
 --- nsaserefpolicy/policy/modules/system/init.if	2006-09-15 13:14:26.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/init.if	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/init.if	2006-09-25 13:31:59.000000000 -0400
 @@ -63,8 +63,11 @@
  		attribute direct_run_init, direct_init, direct_init_entry;
  		type initrc_t;
@@ -2178,7 +2194,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.3.15/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2006-09-22 14:07:07.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/init.te	2006-09-25 09:48:06.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/init.te	2006-09-25 13:31:59.000000000 -0400
 @@ -16,6 +16,9 @@
  attribute direct_init;
  attribute direct_init_entry;
@@ -2230,7 +2246,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-2.3.15/policy/modules/system/logging.fc
 --- nsaserefpolicy/policy/modules/system/logging.fc	2006-09-01 14:10:18.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/logging.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/logging.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -1,7 +1,7 @@
  
  /dev/log		-s	gen_context(system_u:object_r:devlog_t,s0)
@@ -2257,7 +2273,7 @@
  /var/run/auditd\.pid	--	gen_context(system_u:object_r:auditd_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.3.15/policy/modules/system/logging.te
 --- nsaserefpolicy/policy/modules/system/logging.te	2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/logging.te	2006-09-23 19:46:15.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/logging.te	2006-09-25 13:31:59.000000000 -0400
 @@ -18,6 +18,7 @@
  
  type auditd_log_t;
@@ -2276,7 +2292,7 @@
  seutil_dontaudit_read_config(auditd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-2.3.15/policy/modules/system/raid.te
 --- nsaserefpolicy/policy/modules/system/raid.te	2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/raid.te	2006-09-23 19:48:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/raid.te	2006-09-25 13:31:59.000000000 -0400
 @@ -29,11 +29,13 @@
  kernel_read_system_state(mdadm_t)
  kernel_read_kernel_sysctls(mdadm_t)
@@ -2293,7 +2309,7 @@
  fs_dontaudit_list_tmpfs(mdadm_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.3.15/policy/modules/system/selinuxutil.fc
 --- nsaserefpolicy/policy/modules/system/selinuxutil.fc	2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/selinuxutil.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/selinuxutil.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -6,12 +6,12 @@
  /etc/selinux(/.*)?			gen_context(system_u:object_r:selinux_config_t,s0)
  /etc/selinux/([^/]*/)?contexts(/.*)?	gen_context(system_u:object_r:default_context_t,s0)
@@ -2312,7 +2328,7 @@
  # /root
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.fc serefpolicy-2.3.15/policy/modules/system/setrans.fc
 --- nsaserefpolicy/policy/modules/system/setrans.fc	2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/setrans.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/setrans.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -1,3 +1,3 @@
  /sbin/mcstransd	--	gen_context(system_u:object_r:setrans_exec_t,s0)
  
@@ -2320,7 +2336,7 @@
 +/var/run/setrans(/.*)?	gen_context(system_u:object_r:setrans_var_run_t,s15:c0.c1023)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.3.15/policy/modules/system/udev.te
 --- nsaserefpolicy/policy/modules/system/udev.te	2006-09-01 14:10:18.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/udev.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/udev.te	2006-09-25 13:31:59.000000000 -0400
 @@ -92,6 +92,7 @@
  dev_delete_generic_files(udev_t)
  
@@ -2331,7 +2347,7 @@
  files_read_etc_files(udev_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.3.15/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/unconfined.if	2006-09-23 07:08:23.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/unconfined.if	2006-09-25 13:31:59.000000000 -0400
 @@ -31,6 +31,7 @@
  	allow $1 self:nscd *;
  	allow $1 self:dbus *;
@@ -2342,7 +2358,7 @@
  	corenet_unconfined($1)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-2.3.15/policy/modules/system/userdomain.fc
 --- nsaserefpolicy/policy/modules/system/userdomain.fc	2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/userdomain.fc	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/userdomain.fc	2006-09-25 13:31:59.000000000 -0400
 @@ -4,6 +4,6 @@
  HOME_DIR		-d	gen_context(system_u:object_r:user_home_dir_t,s0)
  HOME_DIR/.+		gen_context(system_u:object_r:user_home_t,s0)
@@ -2353,7 +2369,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.3.15/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2006-09-22 09:35:45.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/userdomain.if	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/userdomain.if	2006-09-25 13:31:59.000000000 -0400
 @@ -4317,6 +4317,7 @@
  		')
  
@@ -2404,7 +2420,7 @@
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.3.15/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2006-09-22 09:35:45.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/userdomain.te	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/userdomain.te	2006-09-25 13:31:59.000000000 -0400
 @@ -58,6 +58,10 @@
  
  ifdef(`strict_policy',`
@@ -2468,7 +2484,7 @@
  		usermanage_run_useradd(sysadm_t,sysadm_r,admin_terminal)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.3.15/policy/users
 --- nsaserefpolicy/policy/users	2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.15/policy/users	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/users	2006-09-25 13:31:59.000000000 -0400
 @@ -16,7 +16,7 @@
  # and a user process should never be assigned the system user
  # identity.
@@ -2510,7 +2526,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.3.15/Rules.modular
 --- nsaserefpolicy/Rules.modular	2006-09-15 13:14:28.000000000 -0400
-+++ serefpolicy-2.3.15/Rules.modular	2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/Rules.modular	2006-09-25 13:31:59.000000000 -0400
 @@ -212,6 +212,16 @@
  
  ########################################




More information about the fedora-cvs-commits mailing list