rpms/selinux-policy/devel policy-20060915.patch,1.11,1.12
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Sep 25 17:40:53 UTC 2006
- Previous message (by thread): rpms/glibc/devel .cvsignore, 1.177, 1.178 glibc-fedora.patch, 1.185, 1.186 glibc.spec, 1.272, 1.273 sources, 1.201, 1.202
- Next message (by thread): rpms/xorg-x11-xinit/devel xorg-x11-xinit.spec,1.30,1.31
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv31786
Modified Files:
policy-20060915.patch
Log Message:
* Mon Sep 25 2006 Dan Walsh <dwalsh at redhat.com> 2.3.15-2
- mls fixes
policy-20060915.patch:
Rules.modular | 10
config/appconfig-strict-mcs/seusers | 3
config/appconfig-strict-mls/initrc_context | 2
config/appconfig-strict-mls/seusers | 3
config/appconfig-strict/seusers | 1
config/appconfig-targeted-mcs/seusers | 3
config/appconfig-targeted-mls/initrc_context | 2
config/appconfig-targeted-mls/seusers | 3
config/appconfig-targeted/seusers | 1
local.te | 16 +
policy/global_tunables | 9
policy/mcs | 6
policy/mls | 36 +-
policy/modules/admin/bootloader.fc | 5
policy/modules/admin/bootloader.te | 7
policy/modules/admin/consoletype.te | 7
policy/modules/admin/firstboot.te | 4
policy/modules/admin/prelink.if | 2
policy/modules/admin/readahead.te | 4
policy/modules/admin/rpm.fc | 2
policy/modules/apps/java.fc | 2
policy/modules/apps/slocate.te | 1
policy/modules/kernel/corenetwork.te.in | 15 -
policy/modules/kernel/devices.fc | 8
policy/modules/kernel/devices.if | 39 ++
policy/modules/kernel/files.fc | 29 +-
policy/modules/kernel/files.if | 20 +
policy/modules/kernel/filesystem.if | 2
policy/modules/kernel/kernel.te | 25 -
policy/modules/kernel/mcs.te | 18 -
policy/modules/kernel/mls.te | 12
policy/modules/kernel/selinux.te | 2
policy/modules/kernel/storage.fc | 48 +--
policy/modules/kernel/storage.if | 1
policy/modules/kernel/terminal.fc | 2
policy/modules/services/apache.fc | 9
policy/modules/services/automount.te | 3
policy/modules/services/bind.te | 1
policy/modules/services/bluetooth.fc | 2
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.if | 65 ++++
policy/modules/services/ccs.te | 87 ++++++
policy/modules/services/cron.fc | 1
policy/modules/services/cron.te | 19 +
policy/modules/services/dbus.if | 1
policy/modules/services/hal.te | 6
policy/modules/services/lpd.fc | 3
policy/modules/services/networkmanager.te | 1
policy/modules/services/nscd.if | 20 +
policy/modules/services/nscd.te | 2
policy/modules/services/oddjob.fc | 10
policy/modules/services/oddjob.if | 99 ++++++
policy/modules/services/oddjob.te | 95 ++++++
policy/modules/services/pegasus.if | 31 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/postfix.fc | 1
policy/modules/services/ricci.fc | 20 +
policy/modules/services/ricci.if | 184 ++++++++++++
policy/modules/services/ricci.te | 386 +++++++++++++++++++++++++++
policy/modules/services/sendmail.te | 1
policy/modules/services/smartmon.te | 8
policy/modules/services/ssh.te | 6
policy/modules/system/hostname.te | 5
policy/modules/system/init.fc | 3
policy/modules/system/init.if | 3
policy/modules/system/init.te | 14
policy/modules/system/logging.fc | 8
policy/modules/system/logging.te | 2
policy/modules/system/raid.te | 2
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/setrans.fc | 2
policy/modules/system/udev.te | 1
policy/modules/system/unconfined.if | 1
policy/modules/system/userdomain.fc | 2
policy/modules/system/userdomain.if | 27 +
policy/modules/system/userdomain.te | 21 +
policy/users | 14
77 files changed, 1395 insertions(+), 140 deletions(-)
Index: policy-20060915.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060915.patch,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- policy-20060915.patch 25 Sep 2006 15:58:33 -0000 1.11
+++ policy-20060915.patch 25 Sep 2006 17:40:51 -0000 1.12
@@ -1,13 +1,13 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict/seusers serefpolicy-2.3.15/config/appconfig-strict/seusers
--- nsaserefpolicy/config/appconfig-strict/seusers 2006-07-14 17:04:47.000000000 -0400
-+++ serefpolicy-2.3.15/config/appconfig-strict/seusers 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/config/appconfig-strict/seusers 2006-09-25 13:31:59.000000000 -0400
@@ -1,2 +1,3 @@
+system_u:system_u
root:root
__default__:user_u
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mcs/seusers serefpolicy-2.3.15/config/appconfig-strict-mcs/seusers
--- nsaserefpolicy/config/appconfig-strict-mcs/seusers 2006-07-14 17:04:48.000000000 -0400
-+++ serefpolicy-2.3.15/config/appconfig-strict-mcs/seusers 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/config/appconfig-strict-mcs/seusers 2006-09-25 13:31:59.000000000 -0400
@@ -1,2 +1,3 @@
-root:root:s0-s0:c0.c255
+system_u:system_u:s0-s0:c0.c1023
@@ -15,13 +15,13 @@
__default__:user_u:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/initrc_context serefpolicy-2.3.15/config/appconfig-strict-mls/initrc_context
--- nsaserefpolicy/config/appconfig-strict-mls/initrc_context 2006-07-14 17:04:47.000000000 -0400
-+++ serefpolicy-2.3.15/config/appconfig-strict-mls/initrc_context 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/config/appconfig-strict-mls/initrc_context 2006-09-25 13:31:59.000000000 -0400
@@ -1 +1 @@
-system_u:system_r:initrc_t:s0-s15:c0.c255
+system_u:system_r:initrc_t:s0-s15:c0.c1023
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/seusers serefpolicy-2.3.15/config/appconfig-strict-mls/seusers
--- nsaserefpolicy/config/appconfig-strict-mls/seusers 2006-07-14 17:04:47.000000000 -0400
-+++ serefpolicy-2.3.15/config/appconfig-strict-mls/seusers 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/config/appconfig-strict-mls/seusers 2006-09-25 13:31:59.000000000 -0400
@@ -1,2 +1,3 @@
-root:root:s0-s15:c0.c255
+system_u:system_u:s0-s15:c0.c1023
@@ -29,14 +29,14 @@
__default__:user_u:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted/seusers serefpolicy-2.3.15/config/appconfig-targeted/seusers
--- nsaserefpolicy/config/appconfig-targeted/seusers 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.15/config/appconfig-targeted/seusers 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/config/appconfig-targeted/seusers 2006-09-25 13:31:59.000000000 -0400
@@ -1,2 +1,3 @@
+system_u:system_u
root:root
__default__:user_u
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/seusers serefpolicy-2.3.15/config/appconfig-targeted-mcs/seusers
--- nsaserefpolicy/config/appconfig-targeted-mcs/seusers 2006-07-14 17:04:47.000000000 -0400
-+++ serefpolicy-2.3.15/config/appconfig-targeted-mcs/seusers 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/config/appconfig-targeted-mcs/seusers 2006-09-25 13:31:59.000000000 -0400
@@ -1,2 +1,3 @@
-root:root:s0-s0:c0.c255
+system_u:system_u:s0-s0:c0.c1023
@@ -44,23 +44,21 @@
__default__:user_u:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mls/initrc_context serefpolicy-2.3.15/config/appconfig-targeted-mls/initrc_context
--- nsaserefpolicy/config/appconfig-targeted-mls/initrc_context 2006-07-14 17:04:48.000000000 -0400
-+++ serefpolicy-2.3.15/config/appconfig-targeted-mls/initrc_context 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/config/appconfig-targeted-mls/initrc_context 2006-09-25 13:31:59.000000000 -0400
@@ -1 +1 @@
-user_u:system_r:initrc_t:s0-s15:c0.c255
+user_u:system_r:initrc_t:s0-s15:c0.c1023
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mls/seusers serefpolicy-2.3.15/config/appconfig-targeted-mls/seusers
--- nsaserefpolicy/config/appconfig-targeted-mls/seusers 2006-07-14 17:04:48.000000000 -0400
-+++ serefpolicy-2.3.15/config/appconfig-targeted-mls/seusers 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/config/appconfig-targeted-mls/seusers 2006-09-25 13:31:59.000000000 -0400
@@ -1,2 +1,3 @@
-root:root:s0-s15:c0.c255
+system_u:system_u:s0-s15:c0.c1023
+root:root:s0-s15:c0.c1023
__default__:user_u:s0
-Binary files nsaserefpolicy/local.mod and serefpolicy-2.3.15/local.mod differ
-Binary files nsaserefpolicy/local.pp and serefpolicy-2.3.15/local.pp differ
diff --exclude-from=exclude -N -u -r nsaserefpolicy/local.te serefpolicy-2.3.15/local.te
--- nsaserefpolicy/local.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/local.te 2006-09-23 07:02:40.000000000 -0400
++++ serefpolicy-2.3.15/local.te 2006-09-25 13:31:59.000000000 -0400
@@ -0,0 +1,16 @@
+module local 1.0;
+
@@ -80,7 +78,7 @@
+allow unlabeled_t self:association polmatch;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.3.15/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2006-09-15 13:14:28.000000000 -0400
-+++ serefpolicy-2.3.15/policy/global_tunables 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/global_tunables 2006-09-25 13:31:59.000000000 -0400
@@ -587,3 +587,12 @@
## </desc>
gen_tunable(spamd_enable_home_dirs,true)
@@ -96,7 +94,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-2.3.15/policy/mcs
--- nsaserefpolicy/policy/mcs 2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.3.15/policy/mcs 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/mcs 2006-09-25 13:31:59.000000000 -0400
@@ -20,14 +20,14 @@
# Each category has a name and zero or more aliases.
#
@@ -117,7 +115,7 @@
# Define the MCS policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.3.15/policy/mls
--- nsaserefpolicy/policy/mls 2006-09-22 09:35:45.000000000 -0400
-+++ serefpolicy-2.3.15/policy/mls 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/mls 2006-09-25 13:31:59.000000000 -0400
@@ -33,30 +33,30 @@
# Each category has a name and zero or more aliases.
#
@@ -169,7 +167,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.3.15/policy/modules/admin/bootloader.fc
--- nsaserefpolicy/policy/modules/admin/bootloader.fc 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/admin/bootloader.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/admin/bootloader.fc 2006-09-25 13:31:59.000000000 -0400
@@ -6,7 +6,10 @@
/usr/sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0)
@@ -184,7 +182,7 @@
+/boot/grub/.* -- gen_context(system_u:object_r:boot_runtime_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.3.15/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/admin/bootloader.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/admin/bootloader.te 2006-09-25 13:31:59.000000000 -0400
@@ -21,6 +21,13 @@
type bootloader_exec_t;
domain_entry_file(bootloader_t,bootloader_exec_t)
@@ -201,7 +199,7 @@
# grub.conf, lilo.conf, etc.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.15/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/admin/consoletype.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/admin/consoletype.te 2006-09-25 13:31:59.000000000 -0400
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -218,7 +216,7 @@
role system_r types consoletype_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-2.3.15/policy/modules/admin/firstboot.te
--- nsaserefpolicy/policy/modules/admin/firstboot.te 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/admin/firstboot.te 2006-09-22 16:07:26.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/admin/firstboot.te 2006-09-25 13:31:59.000000000 -0400
@@ -3,7 +3,11 @@
gen_require(`
@@ -233,7 +231,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.if serefpolicy-2.3.15/policy/modules/admin/prelink.if
--- nsaserefpolicy/policy/modules/admin/prelink.if 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/admin/prelink.if 2006-09-25 09:04:49.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/admin/prelink.if 2006-09-25 13:31:59.000000000 -0400
@@ -76,7 +76,7 @@
gen_require(`
type prelink_cache_t;
@@ -245,7 +243,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.3.15/policy/modules/admin/readahead.te
--- nsaserefpolicy/policy/modules/admin/readahead.te 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/admin/readahead.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/admin/readahead.te 2006-09-25 13:31:59.000000000 -0400
@@ -36,6 +36,8 @@
dev_getattr_all_blk_files(readahead_t)
dev_dontaudit_read_all_blk_files(readahead_t)
@@ -266,7 +264,7 @@
auth_dontaudit_read_shadow(readahead_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.15/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/admin/rpm.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/admin/rpm.fc 2006-09-25 13:31:59.000000000 -0400
@@ -21,6 +21,8 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -278,7 +276,7 @@
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.3.15/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/apps/java.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/apps/java.fc 2006-09-25 13:31:59.000000000 -0400
@@ -1,7 +1,7 @@
#
# /opt
@@ -290,7 +288,7 @@
# /usr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-2.3.15/policy/modules/apps/slocate.te
--- nsaserefpolicy/policy/modules/apps/slocate.te 2006-07-14 17:04:31.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/apps/slocate.te 2006-09-25 08:58:15.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/apps/slocate.te 2006-09-25 13:31:59.000000000 -0400
@@ -45,6 +45,7 @@
files_dontaudit_getattr_all_dirs(locate_t)
@@ -301,7 +299,7 @@
libs_use_ld_so(locate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.3.15/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-09-22 09:35:44.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/corenetwork.te.in 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/corenetwork.te.in 2006-09-25 13:31:59.000000000 -0400
@@ -67,6 +67,7 @@
network_port(clamd, tcp,3310,s0)
network_port(clockspeed, udp,4041,s0)
@@ -362,7 +360,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.3.15/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/devices.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/devices.fc 2006-09-25 13:31:59.000000000 -0400
@@ -25,10 +25,10 @@
/dev/i915 -c gen_context(system_u:object_r:dri_device_t,s0)
/dev/irlpt[0-9]+ -c gen_context(system_u:object_r:printer_device_t,s0)
@@ -392,7 +390,7 @@
/dev/radeon -c gen_context(system_u:object_r:dri_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.3.15/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2006-09-22 09:35:44.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/devices.if 2006-09-23 19:49:14.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/devices.if 2006-09-25 13:31:59.000000000 -0400
@@ -1998,6 +1998,25 @@
########################################
@@ -445,7 +443,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.3.15/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2006-09-05 07:41:00.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/files.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/files.fc 2006-09-25 13:31:59.000000000 -0400
@@ -29,9 +29,10 @@
/boot -d gen_context(system_u:object_r:boot_t,s0)
/boot/.* gen_context(system_u:object_r:boot_t,s0)
@@ -551,7 +549,7 @@
/var/tmp/vi\.recover -d gen_context(system_u:object_r:tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.3.15/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/files.if 2006-09-25 09:04:36.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/files.if 2006-09-25 13:31:59.000000000 -0400
@@ -4541,3 +4541,23 @@
typealias etc_runtime_t alias $1;
@@ -578,7 +576,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.3.15/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/filesystem.if 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/filesystem.if 2006-09-25 13:31:59.000000000 -0400
@@ -455,7 +455,7 @@
')
@@ -590,7 +588,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.3.15/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2006-09-22 09:35:44.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/kernel.te 2006-09-23 07:06:41.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/kernel.te 2006-09-25 13:31:59.000000000 -0400
@@ -39,7 +39,7 @@
domain_base_type(kernel_t)
mls_rangetrans_source(kernel_t)
@@ -662,7 +660,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.te serefpolicy-2.3.15/policy/modules/kernel/mcs.te
--- nsaserefpolicy/policy/modules/kernel/mcs.te 2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/mcs.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/mcs.te 2006-09-25 13:31:59.000000000 -0400
@@ -37,15 +37,15 @@
# default and have the daemons which need to run with all categories be
# exceptions. But while range_transitions have to be in the base module
@@ -690,7 +688,7 @@
range_transition unconfined_t initrc_exec_t s0;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.3.15/policy/modules/kernel/mls.te
--- nsaserefpolicy/policy/modules/kernel/mls.te 2006-09-22 09:35:44.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/mls.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/mls.te 2006-09-25 13:31:59.000000000 -0400
@@ -62,11 +62,13 @@
type lvm_exec_t;
type run_init_t;
@@ -712,7 +710,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.te serefpolicy-2.3.15/policy/modules/kernel/selinux.te
--- nsaserefpolicy/policy/modules/kernel/selinux.te 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/selinux.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/selinux.te 2006-09-25 13:31:59.000000000 -0400
@@ -19,7 +19,7 @@
type security_t;
fs_type(security_t)
@@ -724,7 +722,7 @@
neverallow ~{ selinux_unconfined_type can_load_policy } security_t:security load_policy;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-2.3.15/policy/modules/kernel/storage.fc
--- nsaserefpolicy/policy/modules/kernel/storage.fc 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/storage.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/storage.fc 2006-09-25 13:31:59.000000000 -0400
@@ -5,36 +5,36 @@
/dev/n?osst[0-3].* -c gen_context(system_u:object_r:tape_device_t,s0)
/dev/n?pt[0-9]+ -c gen_context(system_u:object_r:tape_device_t,s0)
@@ -814,7 +812,7 @@
/dev/usb/rio500 -c gen_context(system_u:object_r:removable_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-2.3.15/policy/modules/kernel/storage.if
--- nsaserefpolicy/policy/modules/kernel/storage.if 2006-07-14 17:04:29.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/storage.if 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/storage.if 2006-09-25 13:31:59.000000000 -0400
@@ -37,6 +37,7 @@
')
@@ -825,7 +823,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-2.3.15/policy/modules/kernel/terminal.fc
--- nsaserefpolicy/policy/modules/kernel/terminal.fc 2006-09-01 14:10:17.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/kernel/terminal.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/kernel/terminal.fc 2006-09-25 13:31:59.000000000 -0400
@@ -18,7 +18,7 @@
/dev/pty/.* -c gen_context(system_u:object_r:bsdpty_device_t,s0)
@@ -837,7 +835,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.3.15/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/apache.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/apache.fc 2006-09-25 13:31:59.000000000 -0400
@@ -80,3 +80,12 @@
/var/www/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
/var/www/icons(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -853,7 +851,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.3.15/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2006-09-22 14:07:05.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/automount.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/automount.te 2006-09-25 13:31:59.000000000 -0400
@@ -36,6 +36,8 @@
allow automount_t self:unix_dgram_socket create_socket_perms;
allow automount_t self:tcp_socket create_stream_socket_perms;
@@ -873,7 +871,7 @@
fs_unmount_all_fs(automount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-2.3.15/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2006-08-29 09:00:27.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/bind.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/bind.te 2006-09-25 13:31:59.000000000 -0400
@@ -223,6 +223,7 @@
allow ndc_t named_t:unix_stream_socket connectto;
@@ -884,7 +882,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-2.3.15/policy/modules/services/bluetooth.fc
--- nsaserefpolicy/policy/modules/services/bluetooth.fc 2006-09-22 14:07:06.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/bluetooth.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/bluetooth.fc 2006-09-25 13:31:59.000000000 -0400
@@ -7,7 +7,7 @@
#
# /usr
@@ -896,7 +894,7 @@
/usr/bin/rfcomm -- gen_context(system_u:object_r:bluetooth_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-2.3.15/policy/modules/services/ccs.fc
--- nsaserefpolicy/policy/modules/services/ccs.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/ccs.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/ccs.fc 2006-09-25 13:31:59.000000000 -0400
@@ -0,0 +1,8 @@
+# ccs executable will have:
+# label: system_u:object_r:ccs_exec_t
@@ -908,7 +906,7 @@
+/etc/cluster(/.*)? gen_context(system_u:object_r:cluster_conf_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.if serefpolicy-2.3.15/policy/modules/services/ccs.if
--- nsaserefpolicy/policy/modules/services/ccs.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/ccs.if 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/ccs.if 2006-09-25 13:31:59.000000000 -0400
@@ -0,0 +1,65 @@
+## <summary>policy for ccs</summary>
+
@@ -977,7 +975,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.3.15/policy/modules/services/ccs.te
--- nsaserefpolicy/policy/modules/services/ccs.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/ccs.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/ccs.te 2006-09-25 13:31:59.000000000 -0400
@@ -0,0 +1,87 @@
+policy_module(ccs,1.0.0)
+
@@ -1068,7 +1066,7 @@
+allow ccs_t cluster_conf_t:file rw_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-2.3.15/policy/modules/services/cron.fc
--- nsaserefpolicy/policy/modules/services/cron.fc 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/cron.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/cron.fc 2006-09-25 13:31:59.000000000 -0400
@@ -11,6 +11,7 @@
/usr/sbin/fcron -- gen_context(system_u:object_r:crond_exec_t,s0)
@@ -1079,7 +1077,7 @@
/var/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.3.15/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2006-09-15 13:14:24.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/cron.te 2006-09-25 09:37:04.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/cron.te 2006-09-25 13:31:59.000000000 -0400
@@ -17,6 +17,14 @@
type cron_spool_t;
files_type(cron_spool_t)
@@ -1106,7 +1104,7 @@
+
+# This is to handle creation of files in /var/log directory. Used currently by rpm script
+# log files
-+allow system_crond_t crond_log_t:file create_file_perms;
++allow system_crond_t cron_log_t:file create_file_perms;
+logging_log_filetrans(system_crond_t,cron_log_t,{ file })
+
+
@@ -1115,7 +1113,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.3.15/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2006-09-15 13:14:24.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/dbus.if 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/dbus.if 2006-09-25 13:31:59.000000000 -0400
@@ -123,6 +123,7 @@
selinux_compute_relabel_context($1_dbusd_t)
selinux_compute_user_contexts($1_dbusd_t)
@@ -1126,7 +1124,7 @@
corecmd_read_bin_files($1_dbusd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.3.15/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/hal.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/hal.te 2006-09-25 13:31:59.000000000 -0400
@@ -142,10 +142,12 @@
userdom_dontaudit_use_unpriv_user_fds(hald_t)
userdom_dontaudit_search_sysadm_home_dirs(hald_t)
@@ -1142,9 +1140,27 @@
term_dontaudit_use_generic_ptys(hald_t)
files_dontaudit_read_root_files(hald_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-2.3.15/policy/modules/services/lpd.fc
+--- nsaserefpolicy/policy/modules/services/lpd.fc 2006-09-22 14:07:06.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/lpd.fc 2006-09-25 13:39:36.000000000 -0400
+@@ -8,11 +8,14 @@
+ #
+ /usr/sbin/checkpc -- gen_context(system_u:object_r:checkpc_exec_t,s0)
+ /usr/sbin/lpd -- gen_context(system_u:object_r:lpd_exec_t,s0)
++/usr/sbin/lpadmin -- gen_context(system_u:object_r:lpr_exec_t,s0)
++/usr/sbin/lpc(\.cups)? -- gen_context(system_u:object_r:lpr_exec_t,s0)
+ /usr/share/printconf/.* -- gen_context(system_u:object_r:printconf_t,s0)
+ /usr/bin/lp(\.cups)? -- gen_context(system_u:object_r:lpr_exec_t,s0)
+ /usr/bin/lpr(\.cups)? -- gen_context(system_u:object_r:lpr_exec_t,s0)
+ /usr/bin/lpq(\.cups)? -- gen_context(system_u:object_r:lpr_exec_t,s0)
+ /usr/bin/lprm(\.cups)? -- gen_context(system_u:object_r:lpr_exec_t,s0)
++/usr/bin/lpstat(\.cups)? -- gen_context(system_u:object_r:lpr_exec_t,s0)
+
+ #
+ # /var
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.3.15/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2006-09-22 14:07:06.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/networkmanager.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/networkmanager.te 2006-09-25 13:31:59.000000000 -0400
@@ -163,6 +163,7 @@
optional_policy(`
ppp_domtrans(NetworkManager_t)
@@ -1155,7 +1171,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-2.3.15/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2006-08-07 18:55:18.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/nscd.if 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/nscd.if 2006-09-25 13:31:59.000000000 -0400
@@ -181,3 +181,23 @@
allow $1 nscd_t:nscd *;
@@ -1182,7 +1198,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-2.3.15/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2006-08-07 18:55:18.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/nscd.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/nscd.te 2006-09-25 13:31:59.000000000 -0400
@@ -88,6 +88,8 @@
domain_use_interactive_fds(nscd_t)
@@ -1194,7 +1210,7 @@
init_use_fds(nscd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-2.3.15/policy/modules/services/oddjob.fc
--- nsaserefpolicy/policy/modules/services/oddjob.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/oddjob.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/oddjob.fc 2006-09-25 13:31:59.000000000 -0400
@@ -0,0 +1,10 @@
+# oddjob executable will have:
+# label: system_u:object_r:oddjob_exec_t
@@ -1208,7 +1224,7 @@
+/usr/lib/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-2.3.15/policy/modules/services/oddjob.if
--- nsaserefpolicy/policy/modules/services/oddjob.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/oddjob.if 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/oddjob.if 2006-09-25 13:31:59.000000000 -0400
@@ -0,0 +1,99 @@
+## <summary>policy for oddjob</summary>
+
@@ -1311,7 +1327,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-2.3.15/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/oddjob.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/oddjob.te 2006-09-25 13:31:59.000000000 -0400
@@ -0,0 +1,95 @@
+policy_module(oddjob,1.0.0)
+
@@ -1410,7 +1426,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.3.15/policy/modules/services/pegasus.if
--- nsaserefpolicy/policy/modules/services/pegasus.if 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/pegasus.if 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/pegasus.if 2006-09-25 13:31:59.000000000 -0400
@@ -1 +1,32 @@
## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
+
@@ -1446,7 +1462,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.3.15/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2006-08-23 12:14:54.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/pegasus.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/pegasus.te 2006-09-25 13:31:59.000000000 -0400
@@ -100,13 +100,12 @@
auth_use_nsswitch(pegasus_t)
@@ -1465,7 +1481,7 @@
hostname_exec(pegasus_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-2.3.15/policy/modules/services/postfix.fc
--- nsaserefpolicy/policy/modules/services/postfix.fc 2006-07-14 17:04:40.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/postfix.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/postfix.fc 2006-09-25 13:31:59.000000000 -0400
@@ -22,6 +22,7 @@
/usr/lib/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
/usr/lib/postfix/showq -- gen_context(system_u:object_r:postfix_showq_exec_t,s0)
@@ -1476,7 +1492,7 @@
/usr/lib/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-2.3.15/policy/modules/services/ricci.fc
--- nsaserefpolicy/policy/modules/services/ricci.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/ricci.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/ricci.fc 2006-09-25 13:31:59.000000000 -0400
@@ -0,0 +1,20 @@
+# ricci executable will have:
+# label: system_u:object_r:ricci_exec_t
@@ -1500,7 +1516,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-2.3.15/policy/modules/services/ricci.if
--- nsaserefpolicy/policy/modules/services/ricci.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/ricci.if 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/ricci.if 2006-09-25 13:31:59.000000000 -0400
@@ -0,0 +1,184 @@
+## <summary>policy for ricci</summary>
+
@@ -1688,7 +1704,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.3.15/policy/modules/services/ricci.te
--- nsaserefpolicy/policy/modules/services/ricci.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.15/policy/modules/services/ricci.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/ricci.te 2006-09-25 13:31:59.000000000 -0400
@@ -0,0 +1,386 @@
+policy_module(ricci,1.0.0)
+
@@ -2078,7 +2094,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-2.3.15/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2006-09-22 14:07:06.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/sendmail.te 2006-09-25 09:21:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/sendmail.te 2006-09-25 13:31:59.000000000 -0400
@@ -32,6 +32,7 @@
allow sendmail_t self:unix_dgram_socket create_socket_perms;
allow sendmail_t self:tcp_socket create_stream_socket_perms;
@@ -2089,7 +2105,7 @@
allow sendmail_t sendmail_log_t:dir { rw_dir_perms setattr };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-2.3.15/policy/modules/services/smartmon.te
--- nsaserefpolicy/policy/modules/services/smartmon.te 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/smartmon.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/smartmon.te 2006-09-25 13:31:59.000000000 -0400
@@ -7,8 +7,13 @@
#
@@ -2115,7 +2131,7 @@
term_dontaudit_search_ptys(fsdaemon_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.3.15/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2006-09-22 09:35:44.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/services/ssh.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/services/ssh.te 2006-09-25 13:31:59.000000000 -0400
@@ -71,7 +71,7 @@
ifdef(`strict_policy',`
# so a tunnel can point to another ssh tunnel
@@ -2138,7 +2154,7 @@
# ioctl is necessary for logout() processing for utmp entry and for w to
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.3.15/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/hostname.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/hostname.te 2006-09-25 13:31:59.000000000 -0400
@@ -8,7 +8,10 @@
type hostname_t;
@@ -2153,7 +2169,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-2.3.15/policy/modules/system/init.fc
--- nsaserefpolicy/policy/modules/system/init.fc 2006-08-25 13:29:58.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/init.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/init.fc 2006-09-25 13:31:59.000000000 -0400
@@ -66,3 +66,6 @@
/var/run/sysconfig(/.*)? gen_context(system_u:object_r:initrc_var_run_t,s0)
')
@@ -2163,7 +2179,7 @@
+/var/run/pcscd\.pid -- gen_context(system_u:object_r:initrc_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.3.15/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2006-09-15 13:14:26.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/init.if 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/init.if 2006-09-25 13:31:59.000000000 -0400
@@ -63,8 +63,11 @@
attribute direct_run_init, direct_init, direct_init_entry;
type initrc_t;
@@ -2178,7 +2194,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.3.15/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2006-09-22 14:07:07.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/init.te 2006-09-25 09:48:06.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/init.te 2006-09-25 13:31:59.000000000 -0400
@@ -16,6 +16,9 @@
attribute direct_init;
attribute direct_init_entry;
@@ -2230,7 +2246,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-2.3.15/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2006-09-01 14:10:18.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/logging.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/logging.fc 2006-09-25 13:31:59.000000000 -0400
@@ -1,7 +1,7 @@
/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
@@ -2257,7 +2273,7 @@
/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.3.15/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/logging.te 2006-09-23 19:46:15.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/logging.te 2006-09-25 13:31:59.000000000 -0400
@@ -18,6 +18,7 @@
type auditd_log_t;
@@ -2276,7 +2292,7 @@
seutil_dontaudit_read_config(auditd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-2.3.15/policy/modules/system/raid.te
--- nsaserefpolicy/policy/modules/system/raid.te 2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/raid.te 2006-09-23 19:48:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/raid.te 2006-09-25 13:31:59.000000000 -0400
@@ -29,11 +29,13 @@
kernel_read_system_state(mdadm_t)
kernel_read_kernel_sysctls(mdadm_t)
@@ -2293,7 +2309,7 @@
fs_dontaudit_list_tmpfs(mdadm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.3.15/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/selinuxutil.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/selinuxutil.fc 2006-09-25 13:31:59.000000000 -0400
@@ -6,12 +6,12 @@
/etc/selinux(/.*)? gen_context(system_u:object_r:selinux_config_t,s0)
/etc/selinux/([^/]*/)?contexts(/.*)? gen_context(system_u:object_r:default_context_t,s0)
@@ -2312,7 +2328,7 @@
# /root
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.fc serefpolicy-2.3.15/policy/modules/system/setrans.fc
--- nsaserefpolicy/policy/modules/system/setrans.fc 2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/setrans.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/setrans.fc 2006-09-25 13:31:59.000000000 -0400
@@ -1,3 +1,3 @@
/sbin/mcstransd -- gen_context(system_u:object_r:setrans_exec_t,s0)
@@ -2320,7 +2336,7 @@
+/var/run/setrans(/.*)? gen_context(system_u:object_r:setrans_var_run_t,s15:c0.c1023)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.3.15/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2006-09-01 14:10:18.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/udev.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/udev.te 2006-09-25 13:31:59.000000000 -0400
@@ -92,6 +92,7 @@
dev_delete_generic_files(udev_t)
@@ -2331,7 +2347,7 @@
files_read_etc_files(udev_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.3.15/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/unconfined.if 2006-09-23 07:08:23.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/unconfined.if 2006-09-25 13:31:59.000000000 -0400
@@ -31,6 +31,7 @@
allow $1 self:nscd *;
allow $1 self:dbus *;
@@ -2342,7 +2358,7 @@
corenet_unconfined($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-2.3.15/policy/modules/system/userdomain.fc
--- nsaserefpolicy/policy/modules/system/userdomain.fc 2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/userdomain.fc 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/userdomain.fc 2006-09-25 13:31:59.000000000 -0400
@@ -4,6 +4,6 @@
HOME_DIR -d gen_context(system_u:object_r:user_home_dir_t,s0)
HOME_DIR/.+ gen_context(system_u:object_r:user_home_t,s0)
@@ -2353,7 +2369,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.3.15/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-09-22 09:35:45.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/userdomain.if 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/userdomain.if 2006-09-25 13:31:59.000000000 -0400
@@ -4317,6 +4317,7 @@
')
@@ -2404,7 +2420,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.3.15/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-09-22 09:35:45.000000000 -0400
-+++ serefpolicy-2.3.15/policy/modules/system/userdomain.te 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/modules/system/userdomain.te 2006-09-25 13:31:59.000000000 -0400
@@ -58,6 +58,10 @@
ifdef(`strict_policy',`
@@ -2468,7 +2484,7 @@
usermanage_run_useradd(sysadm_t,sysadm_r,admin_terminal)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.3.15/policy/users
--- nsaserefpolicy/policy/users 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.15/policy/users 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/policy/users 2006-09-25 13:31:59.000000000 -0400
@@ -16,7 +16,7 @@
# and a user process should never be assigned the system user
# identity.
@@ -2510,7 +2526,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.3.15/Rules.modular
--- nsaserefpolicy/Rules.modular 2006-09-15 13:14:28.000000000 -0400
-+++ serefpolicy-2.3.15/Rules.modular 2006-09-22 16:06:31.000000000 -0400
++++ serefpolicy-2.3.15/Rules.modular 2006-09-25 13:31:59.000000000 -0400
@@ -212,6 +212,16 @@
########################################
- Previous message (by thread): rpms/glibc/devel .cvsignore, 1.177, 1.178 glibc-fedora.patch, 1.185, 1.186 glibc.spec, 1.272, 1.273 sources, 1.201, 1.202
- Next message (by thread): rpms/xorg-x11-xinit/devel xorg-x11-xinit.spec,1.30,1.31
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list