[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/selinux-policy-strict/devel policy-20050404.patch, 1.9, 1.10 selinux-policy-strict.spec, 1.273, 1.274



Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv17517

Modified Files:
	policy-20050404.patch selinux-policy-strict.spec 
Log Message:
* Tue Apr 12 2005 Dan Walsh <dwalsh redhat com> 1.23.10-2
- Fix patch
- Remove unlimited tunables from strict


policy-20050404.patch:
 appconfig/default_type                   |    1 
 assert.te                                |    4 -
 attrib.te                                |   14 +++++
 domains/admin.te                         |   23 +++++----
 domains/misc/kernel.te                   |    2 
 domains/program/checkpolicy.te           |    5 -
 domains/program/crond.te                 |    2 
 domains/program/cvs.te                   |   16 ++++++
 domains/program/load_policy.te           |    4 -
 domains/program/login.te                 |    3 -
 domains/program/modutil.te               |    3 -
 domains/program/newrole.te               |    1 
 domains/program/restorecon.te            |    3 -
 domains/program/setfiles.te              |    3 -
 domains/program/ssh.te                   |    2 
 domains/program/unused/NetworkManager.te |    9 ++-
 domains/program/unused/apache.te         |    1 
 domains/program/unused/auditd.te         |    2 
 domains/program/unused/cups.te           |   12 +---
 domains/program/unused/dmidecode.te      |    1 
 domains/program/unused/ftpd.te           |    3 -
 domains/program/unused/howl.te           |    2 
 domains/program/unused/kudzu.te          |    1 
 domains/program/unused/named.te          |    3 +
 domains/program/unused/publicfile.te     |    6 --
 domains/program/unused/rsync.te          |    2 
 domains/program/unused/snmpd.te          |    3 +
 domains/program/unused/updfstab.te       |    1 
 domains/program/unused/xdm.te            |    2 
 domains/program/useradd.te               |    4 +
 domains/program/uucpd.te                 |   24 +++++++++
 domains/user.te                          |    2 
 file_contexts/distros.fc                 |   10 ++-
 file_contexts/program/apache.fc          |    1 
 file_contexts/program/auditd.fc          |    1 
 file_contexts/program/crack.fc           |    1 
 file_contexts/program/cvs.fc             |    2 
 file_contexts/program/ftpd.fc            |    1 
 file_contexts/program/inetd.fc           |    1 
 file_contexts/program/named.fc           |    1 
 file_contexts/program/rsync.fc           |    1 
 file_contexts/program/uucpd.fc           |    5 +
 file_contexts/types.fc                   |    6 ++
 macros/admin_macros.te                   |   75 ++++++++++++++++++-----------
 macros/base_user_macros.te               |    9 ---
 macros/program/apache_macros.te          |    2 
 macros/program/dbusd_macros.te           |    4 +
 macros/program/gift_macros.te            |    2 
 macros/program/mozilla_macros.te         |    5 +
 macros/program/mplayer_macros.te         |   10 ++-
 macros/user_macros.te                    |   78 +++++++++++++++++++++----------
 net_contexts                             |    9 ++-
 targeted/domains/unconfined.te           |    6 --
 tunables/distro.tun                      |    2 
 tunables/tunable.tun                     |    6 +-
 types/file.te                            |    3 -
 types/network.te                         |    9 +--
 users                                    |    2 
 58 files changed, 280 insertions(+), 136 deletions(-)

Index: policy-20050404.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20050404.patch,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- policy-20050404.patch	12 Apr 2005 14:00:40 -0000	1.9
+++ policy-20050404.patch	12 Apr 2005 14:40:31 -0000	1.10
@@ -1,14 +1,14 @@
-diff --exclude-from=exclude -N -u -r nsapolicy/appconfig/default_type policy-1.23.9/appconfig/default_type
+diff --exclude-from=exclude -N -u -r nsapolicy/appconfig/default_type policy-1.23.10/appconfig/default_type
 --- nsapolicy/appconfig/default_type	2005-02-24 14:51:10.000000000 -0500
-+++ policy-1.23.9/appconfig/default_type	2005-04-08 14:14:56.000000000 -0400
++++ policy-1.23.10/appconfig/default_type	2005-04-12 09:53:46.000000000 -0400
 @@ -1,3 +1,4 @@
 +secadm_r:secadm_t
  sysadm_r:sysadm_t
  staff_r:staff_t
  user_r:user_t
-diff --exclude-from=exclude -N -u -r nsapolicy/assert.te policy-1.23.9/assert.te
+diff --exclude-from=exclude -N -u -r nsapolicy/assert.te policy-1.23.10/assert.te
 --- nsapolicy/assert.te	2005-03-24 08:58:24.000000000 -0500
-+++ policy-1.23.9/assert.te	2005-04-08 13:18:44.000000000 -0400
++++ policy-1.23.10/assert.te	2005-04-12 09:53:46.000000000 -0400
 @@ -30,7 +30,7 @@
  # Verify that only the insmod_t and kernel_t domains 
  # have the sys_module capability.
@@ -27,9 +27,9 @@
  
  #
  # Verify that only the kernel and load_policy_t have load_policy.
-diff --exclude-from=exclude -N -u -r nsapolicy/attrib.te policy-1.23.9/attrib.te
+diff --exclude-from=exclude -N -u -r nsapolicy/attrib.te policy-1.23.10/attrib.te
 --- nsapolicy/attrib.te	2005-02-24 14:51:10.000000000 -0500
-+++ policy-1.23.9/attrib.te	2005-04-08 13:17:39.000000000 -0400
++++ policy-1.23.10/attrib.te	2005-04-12 09:53:46.000000000 -0400
 @@ -110,6 +110,10 @@
  # and an allow rule to permit it
  attribute privmodule;
@@ -65,9 +65,9 @@
  # The user_crond_domain attribute identifies every user_crond domain, presently
  # user_crond_t and sysadm_crond_t.  It is used in TE rules that should be
  # applied to all user domains.
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/admin.te policy-1.23.9/domains/admin.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/admin.te policy-1.23.10/domains/admin.te
 --- nsapolicy/domains/admin.te	2005-02-24 14:51:08.000000000 -0500
-+++ policy-1.23.9/domains/admin.te	2005-04-08 13:10:05.000000000 -0400
++++ policy-1.23.10/domains/admin.te	2005-04-12 09:53:46.000000000 -0400
 @@ -17,19 +17,22 @@
  # sysadm_t is also granted permissions specific to administrator domains.
  admin_domain(sysadm)
@@ -101,9 +101,9 @@
 +typeattribute secadm_tty_device_t admin_tty_type;
 +typeattribute secadm_devpts_t admin_tty_type;
 +
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/misc/kernel.te policy-1.23.9/domains/misc/kernel.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/misc/kernel.te policy-1.23.10/domains/misc/kernel.te
 --- nsapolicy/domains/misc/kernel.te	2005-02-24 14:51:08.000000000 -0500
-+++ policy-1.23.9/domains/misc/kernel.te	2005-04-08 13:24:08.000000000 -0400
++++ policy-1.23.10/domains/misc/kernel.te	2005-04-12 09:53:46.000000000 -0400
 @@ -11,7 +11,7 @@
  # kernel_t is the domain of kernel threads.
  # It is also the target type when checking permissions in the system class.
@@ -113,9 +113,9 @@
  role system_r types kernel_t;
  general_domain_access(kernel_t)
  general_proc_read_access(kernel_t)
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/checkpolicy.te policy-1.23.9/domains/program/checkpolicy.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/checkpolicy.te policy-1.23.10/domains/program/checkpolicy.te
 --- nsapolicy/domains/program/checkpolicy.te	2005-02-24 14:51:07.000000000 -0500
-+++ policy-1.23.9/domains/program/checkpolicy.te	2005-04-08 12:03:53.000000000 -0400
++++ policy-1.23.10/domains/program/checkpolicy.te	2005-04-12 09:53:46.000000000 -0400
 @@ -12,6 +12,7 @@
  type checkpolicy_t, domain;
  role sysadm_r types checkpolicy_t;
@@ -142,9 +142,9 @@
  ##########################
  # Allow users to execute checkpolicy without a domain transition
  # so it can be used without privilege to write real binary policy file
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/crond.te policy-1.23.9/domains/program/crond.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/crond.te policy-1.23.10/domains/program/crond.te
 --- nsapolicy/domains/program/crond.te	2005-03-21 22:32:18.000000000 -0500
-+++ policy-1.23.9/domains/program/crond.te	2005-04-11 11:35:05.000000000 -0400
++++ policy-1.23.10/domains/program/crond.te	2005-04-12 09:53:46.000000000 -0400
 @@ -210,6 +210,6 @@
  # Required for webalizer
  #
@@ -153,9 +153,9 @@
 +allow system_crond_t { httpd_log_t httpd_config_t }:file { getattr read };
  ')
  dontaudit crond_t self:capability sys_tty_config;
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/cvs.te policy-1.23.9/domains/program/cvs.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/cvs.te policy-1.23.10/domains/program/cvs.te
 --- nsapolicy/domains/program/cvs.te	1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.23.9/domains/program/cvs.te	2005-04-11 12:15:41.000000000 -0400
++++ policy-1.23.10/domains/program/cvs.te	2005-04-12 09:53:46.000000000 -0400
 @@ -0,0 +1,16 @@
 +#DESC cvs - Concurrent Versions System
 +#
@@ -173,9 +173,9 @@
 +inetd_child_domain(cvs, tcp)
 +type cvs_data_t, file_type, sysadmfile;
 +create_dir_file(cvs_t, cvs_data_t)
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/load_policy.te policy-1.23.9/domains/program/load_policy.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/load_policy.te policy-1.23.10/domains/program/load_policy.te
 --- nsapolicy/domains/program/load_policy.te	2005-04-04 10:21:10.000000000 -0400
-+++ policy-1.23.9/domains/program/load_policy.te	2005-04-08 12:03:53.000000000 -0400
++++ policy-1.23.10/domains/program/load_policy.te	2005-04-12 09:53:46.000000000 -0400
 @@ -11,6 +11,7 @@
  
  type load_policy_t, domain;
@@ -200,9 +200,9 @@
 -allow load_policy_t sysadm_tmp_t:file { getattr write } ;
  read_locale(load_policy_t)
  r_dir_file(load_policy_t, selinux_config_t)
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/login.te policy-1.23.9/domains/program/login.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/login.te policy-1.23.10/domains/program/login.te
 --- nsapolicy/domains/program/login.te	2005-04-04 10:21:10.000000000 -0400
-+++ policy-1.23.9/domains/program/login.te	2005-04-11 11:28:54.000000000 -0400
++++ policy-1.23.10/domains/program/login.te	2005-04-12 09:53:46.000000000 -0400
 @@ -57,6 +57,7 @@
  tmp_domain($1_login)
  
@@ -220,9 +220,9 @@
  allow $1_login_t self:process setrlimit;
  dontaudit $1_login_t sysfs_t:dir search;
  
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/modutil.te policy-1.23.9/domains/program/modutil.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/modutil.te policy-1.23.10/domains/program/modutil.te
 --- nsapolicy/domains/program/modutil.te	2005-03-11 15:31:06.000000000 -0500
-+++ policy-1.23.9/domains/program/modutil.te	2005-04-11 06:51:42.000000000 -0400
++++ policy-1.23.10/domains/program/modutil.te	2005-04-12 10:19:54.000000000 -0400
 @@ -54,6 +54,7 @@
  # Read module objects.
  allow depmod_t modules_object_t:dir r_dir_perms;
@@ -236,21 +236,21 @@
  #
  
 -type insmod_t, domain, privlog, sysctl_kernel_writer, privmem ifdef(`unlimitedUtils', `, admin, etc_writer, fs_domain, auth_write, privowner, privmodule' )
-+type insmod_t, domain, privlog, sysctl_kernel_writer, privmem ifdef(`unlimitedUtils', `, admin, etc_writer, fs_domain, auth_write, privowner, privmodule, privsysmod' )
++type insmod_t, domain, privlog, sysctl_kernel_writer, privmem, privsysmod ifdef(`unlimitedUtils', `, admin, etc_writer, fs_domain, auth_write, privowner, privmodule' )
  ;
  role system_r types insmod_t;
  role sysadm_r types insmod_t;
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/newrole.te policy-1.23.9/domains/program/newrole.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/newrole.te policy-1.23.10/domains/program/newrole.te
 --- nsapolicy/domains/program/newrole.te	2005-02-24 14:51:07.000000000 -0500
-+++ policy-1.23.9/domains/program/newrole.te	2005-04-08 12:03:53.000000000 -0400
++++ policy-1.23.10/domains/program/newrole.te	2005-04-12 09:53:46.000000000 -0400
 @@ -17,3 +17,4 @@
  allow newrole_t var_run_t:dir r_dir_perms;
  allow newrole_t initrc_var_run_t:file rw_file_perms;
  
 +role secadm_r types newrole_t;
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/restorecon.te policy-1.23.9/domains/program/restorecon.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/restorecon.te policy-1.23.10/domains/program/restorecon.te
 --- nsapolicy/domains/program/restorecon.te	2005-02-24 14:51:08.000000000 -0500
-+++ policy-1.23.9/domains/program/restorecon.te	2005-04-08 12:03:53.000000000 -0400
++++ policy-1.23.10/domains/program/restorecon.te	2005-04-12 09:53:46.000000000 -0400
 @@ -17,11 +17,12 @@
  
  role system_r types restorecon_t;
@@ -265,9 +265,9 @@
  allow restorecon_t { userdomain init_t privfd }:fd use;
  
  uses_shlib(restorecon_t)
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/setfiles.te policy-1.23.9/domains/program/setfiles.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/setfiles.te policy-1.23.10/domains/program/setfiles.te
 --- nsapolicy/domains/program/setfiles.te	2005-02-24 14:51:07.000000000 -0500
-+++ policy-1.23.9/domains/program/setfiles.te	2005-04-08 12:03:53.000000000 -0400
++++ policy-1.23.10/domains/program/setfiles.te	2005-04-12 09:53:46.000000000 -0400
 @@ -17,13 +17,14 @@
  
  role system_r types setfiles_t;
@@ -284,9 +284,9 @@
  allow setfiles_t { userdomain privfd initrc_t init_t }:fd use;
  
  uses_shlib(setfiles_t)
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ssh.te policy-1.23.9/domains/program/ssh.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ssh.te policy-1.23.10/domains/program/ssh.te
 --- nsapolicy/domains/program/ssh.te	2005-04-04 10:21:10.000000000 -0400
-+++ policy-1.23.9/domains/program/ssh.te	2005-04-11 11:26:47.000000000 -0400
++++ policy-1.23.10/domains/program/ssh.te	2005-04-12 09:53:46.000000000 -0400
 @@ -71,7 +71,7 @@
  can_network($1_t)
  allow $1_t port_type:tcp_socket name_connect;
@@ -296,26 +296,26 @@
  allow $1_t { home_root_t home_dir_type }:dir { search getattr };
  if (use_nfs_home_dirs) {
  allow $1_t autofs_t:dir { search getattr };
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apache.te policy-1.23.9/domains/program/unused/apache.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apache.te policy-1.23.10/domains/program/unused/apache.te
 --- nsapolicy/domains/program/unused/apache.te	2005-04-07 22:22:55.000000000 -0400
-+++ policy-1.23.9/domains/program/unused/apache.te	2005-04-11 07:08:15.000000000 -0400
++++ policy-1.23.10/domains/program/unused/apache.te	2005-04-12 09:53:46.000000000 -0400
 @@ -401,3 +401,4 @@
  dontaudit system_mail_t httpd_t:tcp_socket { read write };
  ')
  
 +allow httpd_t var_t:file read;
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/auditd.te policy-1.23.9/domains/program/unused/auditd.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/auditd.te policy-1.23.10/domains/program/unused/auditd.te
 --- nsapolicy/domains/program/unused/auditd.te	2005-02-24 14:51:07.000000000 -0500
-+++ policy-1.23.9/domains/program/unused/auditd.te	2005-04-11 11:28:05.000000000 -0400
++++ policy-1.23.10/domains/program/unused/auditd.te	2005-04-12 09:53:46.000000000 -0400
 @@ -9,4 +9,4 @@
  allow auditd_t sysadm_tty_device_t:chr_file rw_file_perms;
  allow auditd_t self:unix_dgram_socket create_socket_perms;
  allow auditd_t etc_t:file { getattr read };
 -log_domain(auditd)
 +logdir_domain(auditd)
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.23.9/domains/program/unused/cups.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.23.10/domains/program/unused/cups.te
 --- nsapolicy/domains/program/unused/cups.te	2005-04-04 10:21:10.000000000 -0400
-+++ policy-1.23.9/domains/program/unused/cups.te	2005-04-09 06:17:21.000000000 -0400
++++ policy-1.23.10/domains/program/unused/cups.te	2005-04-12 09:53:46.000000000 -0400
 @@ -168,7 +168,11 @@
  
  allow cupsd_t printconf_t:file { getattr read };
@@ -350,9 +350,9 @@
 -ifdef(`targeted_policy', `
 -allow cupsd_t unconfined_t:dbus send_msg;
 -')
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dmidecode.te policy-1.23.9/domains/program/unused/dmidecode.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dmidecode.te policy-1.23.10/domains/program/unused/dmidecode.te
 --- nsapolicy/domains/program/unused/dmidecode.te	2005-04-07 13:17:30.000000000 -0400
-+++ policy-1.23.9/domains/program/unused/dmidecode.te	2005-04-08 12:03:54.000000000 -0400
++++ policy-1.23.10/domains/program/unused/dmidecode.te	2005-04-12 09:53:46.000000000 -0400
 @@ -8,6 +8,7 @@
  
  # Allow execution by the sysadm
@@ -361,9 +361,9 @@
  domain_auto_trans(sysadm_t, dmidecode_exec_t, dmidecode_t)
  
  uses_shlib(dmidecode_t)
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ftpd.te policy-1.23.9/domains/program/unused/ftpd.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ftpd.te policy-1.23.10/domains/program/unused/ftpd.te
 --- nsapolicy/domains/program/unused/ftpd.te	2005-04-04 10:21:10.000000000 -0400
-+++ policy-1.23.9/domains/program/unused/ftpd.te	2005-04-11 07:15:00.000000000 -0400
++++ policy-1.23.10/domains/program/unused/ftpd.te	2005-04-12 09:53:46.000000000 -0400
 @@ -9,8 +9,6 @@
  #
  # Rules for the ftpd_t domain 
@@ -381,9 +381,9 @@
  r_dir_file(ftpd_t,ftpd_anon_t)
  type ftpd_anon_rw_t, file_type, sysadmfile, customizable;
  create_dir_file(ftpd_t,ftpd_anon_rw_t)
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/howl.te policy-1.23.9/domains/program/unused/howl.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/howl.te policy-1.23.10/domains/program/unused/howl.te
 --- nsapolicy/domains/program/unused/howl.te	2005-02-24 14:51:08.000000000 -0500
-+++ policy-1.23.9/domains/program/unused/howl.te	2005-04-08 13:20:47.000000000 -0400
++++ policy-1.23.10/domains/program/unused/howl.te	2005-04-12 09:53:46.000000000 -0400
 @@ -3,7 +3,7 @@
  # Author:  Russell Coker <rcoker redhat com>
  #
@@ -393,17 +393,30 @@
  r_dir_file(howl_t, proc_net_t)
  can_network_server(howl_t)
  can_ypbind(howl_t)
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/kudzu.te policy-1.23.9/domains/program/unused/kudzu.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/kudzu.te policy-1.23.10/domains/program/unused/kudzu.te
 --- nsapolicy/domains/program/unused/kudzu.te	2005-04-06 06:57:44.000000000 -0400
-+++ policy-1.23.9/domains/program/unused/kudzu.te	2005-04-08 12:03:54.000000000 -0400
++++ policy-1.23.10/domains/program/unused/kudzu.te	2005-04-12 09:53:46.000000000 -0400
 @@ -105,3 +105,4 @@
  domain_auto_trans(kudzu_t, userhelper_exec_t, sysadm_userhelper_t)
  ')
  
 +allow kudzu_t initrc_t:unix_stream_socket connectto;
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/NetworkManager.te policy-1.23.9/domains/program/unused/NetworkManager.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/named.te policy-1.23.10/domains/program/unused/named.te
+--- nsapolicy/domains/program/unused/named.te	2005-04-04 10:21:10.000000000 -0400
++++ policy-1.23.10/domains/program/unused/named.te	2005-04-12 09:59:47.000000000 -0400
+@@ -15,6 +15,9 @@
+ daemon_domain(named, `, nscd_client_domain')
+ tmp_domain(named)
+ 
++type named_checkconf_exec_t, file_type, exec_type, sysadmfile;
++domain_auto_trans(initrc_t, named_checkconf_exec_t, named_t)
++
+ # For /var/run/ndc used in BIND 8
+ file_type_auto_trans(named_t, var_run_t, named_var_run_t, sock_file)
+ 
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/NetworkManager.te policy-1.23.10/domains/program/unused/NetworkManager.te
 --- nsapolicy/domains/program/unused/NetworkManager.te	2005-04-07 22:22:55.000000000 -0400
-+++ policy-1.23.9/domains/program/unused/NetworkManager.te	2005-04-09 10:46:20.000000000 -0400
++++ policy-1.23.10/domains/program/unused/NetworkManager.te	2005-04-12 09:53:46.000000000 -0400
 @@ -11,7 +11,7 @@
  # NetworkManager_t is the domain for the NetworkManager daemon. 
  # NetworkManager_exec_t is the type of the NetworkManager executable.
@@ -444,9 +457,9 @@
  
  allow NetworkManager_t { domain -unrestricted }:dir search;
  allow NetworkManager_t { domain -unrestricted }:file { getattr read };
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/publicfile.te policy-1.23.9/domains/program/unused/publicfile.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/publicfile.te policy-1.23.10/domains/program/unused/publicfile.te
 --- nsapolicy/domains/program/unused/publicfile.te	2005-04-06 06:57:44.000000000 -0400
-+++ policy-1.23.9/domains/program/unused/publicfile.te	2005-04-11 07:06:00.000000000 -0400
++++ policy-1.23.10/domains/program/unused/publicfile.te	2005-04-12 09:53:46.000000000 -0400
 @@ -6,12 +6,6 @@
  # this policy depends on ucspi-tcp
  #
@@ -460,9 +473,9 @@
  daemon_domain(publicfile)
  type publicfile_content_t, file_type, sysadmfile;
  domain_auto_trans(initrc_t, publicfile_exec_t, publicfile_t)
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rsync.te policy-1.23.9/domains/program/unused/rsync.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rsync.te policy-1.23.10/domains/program/unused/rsync.te
 --- nsapolicy/domains/program/unused/rsync.te	2005-02-24 14:51:08.000000000 -0500
-+++ policy-1.23.9/domains/program/unused/rsync.te	2005-04-11 07:14:57.000000000 -0400
++++ policy-1.23.10/domains/program/unused/rsync.te	2005-04-12 09:53:46.000000000 -0400
 @@ -14,6 +14,4 @@
  inetd_child_domain(rsync)
  type rsync_data_t, file_type, sysadmfile;
@@ -470,9 +483,9 @@
 -ifdef(`ftpd.te', `
  r_dir_file(rsync_t, ftpd_anon_t)
 -')
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/snmpd.te policy-1.23.9/domains/program/unused/snmpd.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/snmpd.te policy-1.23.10/domains/program/unused/snmpd.te
 --- nsapolicy/domains/program/unused/snmpd.te	2005-04-06 06:57:44.000000000 -0400
-+++ policy-1.23.9/domains/program/unused/snmpd.te	2005-04-08 12:03:54.000000000 -0400
++++ policy-1.23.10/domains/program/unused/snmpd.te	2005-04-12 09:53:46.000000000 -0400
 @@ -63,6 +63,9 @@
  dontaudit snmpd_t rpc_pipefs_t:dir getattr;
  allow snmpd_t rpc_pipefs_t:dir getattr;
@@ -483,17 +496,17 @@
  dontaudit snmpd_t { removable_device_t fixed_disk_device_t }:blk_file { getattr ioctl read };
  allow snmpd_t sysfs_t:dir { getattr read search };
  ifdef(`amanda.te', `
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/updfstab.te policy-1.23.9/domains/program/unused/updfstab.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/updfstab.te policy-1.23.10/domains/program/unused/updfstab.te
 --- nsapolicy/domains/program/unused/updfstab.te	2005-03-11 15:31:06.000000000 -0500
-+++ policy-1.23.9/domains/program/unused/updfstab.te	2005-04-08 12:03:54.000000000 -0400
++++ policy-1.23.10/domains/program/unused/updfstab.te	2005-04-12 09:53:46.000000000 -0400
 @@ -72,3 +72,4 @@
  dontaudit updfstab_t home_root_t:dir { getattr search };
  dontaudit updfstab_t { home_dir_type home_type }:dir search;
  allow updfstab_t fs_t:filesystem { getattr };
 +allow updfstab_t tmpfs_t:dir getattr;
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/xdm.te policy-1.23.9/domains/program/unused/xdm.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/xdm.te policy-1.23.10/domains/program/unused/xdm.te
 --- nsapolicy/domains/program/unused/xdm.te	2005-04-04 10:21:11.000000000 -0400
-+++ policy-1.23.9/domains/program/unused/xdm.te	2005-04-11 11:26:47.000000000 -0400
++++ policy-1.23.10/domains/program/unused/xdm.te	2005-04-12 09:53:46.000000000 -0400
 @@ -69,7 +69,7 @@
  
  #
@@ -503,9 +516,9 @@
  
  allow xdm_t { urandom_device_t random_device_t }:chr_file { getattr read ioctl };
  
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/useradd.te policy-1.23.9/domains/program/useradd.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/useradd.te policy-1.23.10/domains/program/useradd.te
 --- nsapolicy/domains/program/useradd.te	2005-03-11 15:31:06.000000000 -0500
-+++ policy-1.23.9/domains/program/useradd.te	2005-04-11 11:28:31.000000000 -0400
++++ policy-1.23.10/domains/program/useradd.te	2005-04-12 09:53:46.000000000 -0400
 @@ -98,3 +98,7 @@
  allow groupadd_t self:process setrlimit;
  allow groupadd_t initrc_var_run_t:file r_file_perms;
@@ -514,9 +527,9 @@
 +allow useradd_t default_context_t:dir search;
 +allow useradd_t file_context_t:dir search;
 +allow useradd_t file_context_t:file { getattr read };
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/uucpd.te policy-1.23.9/domains/program/uucpd.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/uucpd.te policy-1.23.10/domains/program/uucpd.te
 --- nsapolicy/domains/program/uucpd.te	1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.23.9/domains/program/uucpd.te	2005-04-11 12:15:41.000000000 -0400
++++ policy-1.23.10/domains/program/uucpd.te	2005-04-12 09:53:46.000000000 -0400
 @@ -0,0 +1,24 @@
 +#DESC uucpd - UUCP file transfer daemon
 +#
@@ -542,9 +555,9 @@
 +logdir_domain(uucpd)
 +allow uucpd_t var_spool_t:dir search;
 +create_dir_file(uucpd_t, uucpd_spool_t)
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/user.te policy-1.23.9/domains/user.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/user.te policy-1.23.10/domains/user.te
 --- nsapolicy/domains/user.te	2005-02-24 14:51:08.000000000 -0500
-+++ policy-1.23.9/domains/user.te	2005-04-08 12:03:54.000000000 -0400
++++ policy-1.23.10/domains/user.te	2005-04-12 09:53:46.000000000 -0400
 @@ -126,6 +126,8 @@
  role_tty_type_change(sysadm, user)
  role_tty_type_change(staff, sysadm)
@@ -554,9 +567,9 @@
  
  # "ps aux" and "ls -l /dev/pts" make too much noise without this
  dontaudit unpriv_userdomain ptyfile:chr_file getattr;
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/distros.fc policy-1.23.9/file_contexts/distros.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/distros.fc policy-1.23.10/file_contexts/distros.fc
 --- nsapolicy/file_contexts/distros.fc	2005-04-07 22:22:55.000000000 -0400
-+++ policy-1.23.9/file_contexts/distros.fc	2005-04-11 15:04:43.000000000 -0400
++++ policy-1.23.10/file_contexts/distros.fc	2005-04-12 09:53:46.000000000 -0400
 @@ -98,10 +98,12 @@
  /usr/lib/valgrind/vgskin_massif\.so		-- system_u:object_r:texrel_shlib_t
  /usr/lib/valgrind/vgskin_memcheck\.so		-- system_u:object_r:texrel_shlib_t
@@ -584,9 +597,9 @@
  
  ')
  
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/apache.fc policy-1.23.9/file_contexts/program/apache.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/apache.fc policy-1.23.10/file_contexts/program/apache.fc
 --- nsapolicy/file_contexts/program/apache.fc	2005-04-04 10:21:11.000000000 -0400
-+++ policy-1.23.9/file_contexts/program/apache.fc	2005-04-11 07:22:07.000000000 -0400
++++ policy-1.23.10/file_contexts/program/apache.fc	2005-04-12 09:53:46.000000000 -0400
 @@ -1,6 +1,7 @@
  # apache
  HOME_DIR/((www)|(web)|(public_html))(/.+)? system_u:object_r:httpd_ROLE_content_t
@@ -595,31 +608,39 @@
  /var/www/cgi-bin(/.*)?		system_u:object_r:httpd_sys_script_exec_t
  /usr/lib/cgi-bin(/.*)?		system_u:object_r:httpd_sys_script_exec_t
  /var/www/perl(/.*)?		system_u:object_r:httpd_sys_script_exec_t
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/crack.fc policy-1.23.9/file_contexts/program/crack.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/auditd.fc policy-1.23.10/file_contexts/program/auditd.fc
+--- nsapolicy/file_contexts/program/auditd.fc	2005-02-24 14:51:08.000000000 -0500
++++ policy-1.23.10/file_contexts/program/auditd.fc	2005-04-12 10:00:44.000000000 -0400
+@@ -1,3 +1,4 @@
+ # auditd
+ /sbin/auditd		--	system_u:object_r:auditd_exec_t
+ /var/log/audit.log 	-- 	system_u:object_r:auditd_log_t
++/var/log/audit(/.*)?  	 	system_u:object_r:auditd_log_t
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/crack.fc policy-1.23.10/file_contexts/program/crack.fc
 --- nsapolicy/file_contexts/program/crack.fc	2005-02-24 14:51:09.000000000 -0500
-+++ policy-1.23.9/file_contexts/program/crack.fc	2005-04-11 11:30:58.000000000 -0400
++++ policy-1.23.10/file_contexts/program/crack.fc	2005-04-12 09:53:46.000000000 -0400
 @@ -2,3 +2,4 @@
  /usr/sbin/crack_[a-z]*	--	system_u:object_r:crack_exec_t
  /var/cache/cracklib(/.*)?	system_u:object_r:crack_db_t
  /usr/lib(64)?/cracklib_dict.* --	system_u:object_r:crack_db_t
 +/usr/share/cracklib(/.*)?	system_u:object_r:crack_db_t
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/cvs.fc policy-1.23.9/file_contexts/program/cvs.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/cvs.fc policy-1.23.10/file_contexts/program/cvs.fc
 --- nsapolicy/file_contexts/program/cvs.fc	1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.23.9/file_contexts/program/cvs.fc	2005-04-11 12:18:13.000000000 -0400
++++ policy-1.23.10/file_contexts/program/cvs.fc	2005-04-12 09:53:46.000000000 -0400
 @@ -0,0 +1,2 @@
 +# cvs program
 +/usr/bin/cvs	--	system_u:object_r:cvs_exec_t
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/ftpd.fc policy-1.23.9/file_contexts/program/ftpd.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/ftpd.fc policy-1.23.10/file_contexts/program/ftpd.fc
 --- nsapolicy/file_contexts/program/ftpd.fc	2005-02-24 14:51:09.000000000 -0500
-+++ policy-1.23.9/file_contexts/program/ftpd.fc	2005-04-11 07:22:20.000000000 -0400
++++ policy-1.23.10/file_contexts/program/ftpd.fc	2005-04-12 09:53:46.000000000 -0400
 @@ -13,3 +13,4 @@
  /var/log/xferreport.*	--	system_u:object_r:xferlog_t
  /etc/cron\.monthly/proftpd --	system_u:object_r:ftpd_exec_t
  /var/ftp(/.*)?			system_u:object_r:ftpd_anon_t
 +/srv/([^/]*/)?ftp(/.*)?		system_u:object_r:ftpd_anon_t
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/inetd.fc policy-1.23.9/file_contexts/program/inetd.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/inetd.fc policy-1.23.10/file_contexts/program/inetd.fc
 --- nsapolicy/file_contexts/program/inetd.fc	2005-02-24 14:51:09.000000000 -0500
-+++ policy-1.23.9/file_contexts/program/inetd.fc	2005-04-11 11:51:15.000000000 -0400
++++ policy-1.23.10/file_contexts/program/inetd.fc	2005-04-12 09:53:46.000000000 -0400
 @@ -3,6 +3,7 @@
  /usr/sbin/xinetd	--	system_u:object_r:inetd_exec_t
  /usr/sbin/rlinetd	--	system_u:object_r:inetd_exec_t
@@ -628,25 +649,36 @@
  /usr/sbin/in\..*d	--	system_u:object_r:inetd_child_exec_t
  /var/log/(x)?inetd\.log	--	system_u:object_r:inetd_log_t
  /var/run/inetd\.pid	--	system_u:object_r:inetd_var_run_t
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/rsync.fc policy-1.23.9/file_contexts/program/rsync.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/named.fc policy-1.23.10/file_contexts/program/named.fc
+--- nsapolicy/file_contexts/program/named.fc	2005-04-04 10:21:11.000000000 -0400
++++ policy-1.23.10/file_contexts/program/named.fc	2005-04-12 09:58:09.000000000 -0400
+@@ -16,6 +16,7 @@
+ /etc/rndc.*		--	system_u:object_r:named_conf_t
+ /etc/rndc.key  		-- 	system_u:object_r:dnssec_t
+ /usr/sbin/named      	--	system_u:object_r:named_exec_t
++/usr/sbin/named-checkconf --	system_u:object_r:named_checkconf_exec_t
+ /usr/sbin/r?ndc		--	system_u:object_r:ndc_exec_t
+ /var/run/ndc		-s	system_u:object_r:named_var_run_t
+ /var/run/bind(/.*)?		system_u:object_r:named_var_run_t
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/rsync.fc policy-1.23.10/file_contexts/program/rsync.fc
 --- nsapolicy/file_contexts/program/rsync.fc	2005-02-24 14:51:09.000000000 -0500
-+++ policy-1.23.9/file_contexts/program/rsync.fc	2005-04-11 07:22:26.000000000 -0400
++++ policy-1.23.10/file_contexts/program/rsync.fc	2005-04-12 09:53:46.000000000 -0400
 @@ -1,2 +1,3 @@
  # rsync program
  /usr/bin/rsync	--	system_u:object_r:rsync_exec_t
 +/srv/([^/]*/)?rsync(/.*)?	system_u:object_r:ftpd_anon_t
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/uucpd.fc policy-1.23.9/file_contexts/program/uucpd.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/uucpd.fc policy-1.23.10/file_contexts/program/uucpd.fc
 --- nsapolicy/file_contexts/program/uucpd.fc	1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.23.9/file_contexts/program/uucpd.fc	2005-04-11 12:18:37.000000000 -0400
++++ policy-1.23.10/file_contexts/program/uucpd.fc	2005-04-12 09:53:46.000000000 -0400
 @@ -0,0 +1,5 @@
 +# uucico program
 +/usr/sbin/uucico	--	system_u:object_r:uucpd_exec_t
 +/var/spool/uucp(/.*)?		system_u:object_r:uucpd_spool_t
 +/var/spool/uucppublic(/.*)?	system_u:object_r:uucpd_spool_t
 +/var/log/uucp(/.*)?		system_u:object_r:uucpd_log_t
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/types.fc policy-1.23.9/file_contexts/types.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/types.fc policy-1.23.10/file_contexts/types.fc
 --- nsapolicy/file_contexts/types.fc	2005-03-11 15:31:06.000000000 -0500
-+++ policy-1.23.9/file_contexts/types.fc	2005-04-11 10:55:50.000000000 -0400
++++ policy-1.23.10/file_contexts/types.fc	2005-04-12 09:53:46.000000000 -0400
 @@ -478,3 +478,9 @@
  /usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- system_u:object_r:bin_t
  /usr/lib(64)?/[^/]*thunderbird[^/]*/run-mozilla\.sh -- system_u:object_r:bin_t
@@ -657,9 +689,9 @@
 +#
 +/srv(/.*)?			system_u:object_r:var_t
 +
-diff --exclude-from=exclude -N -u -r nsapolicy/macros/admin_macros.te policy-1.23.9/macros/admin_macros.te
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/admin_macros.te policy-1.23.10/macros/admin_macros.te
 --- nsapolicy/macros/admin_macros.te	2005-03-11 15:31:07.000000000 -0500
-+++ policy-1.23.9/macros/admin_macros.te	2005-04-08 13:14:02.000000000 -0400
++++ policy-1.23.10/macros/admin_macros.te	2005-04-12 09:53:46.000000000 -0400
 @@ -20,12 +20,12 @@
  type $1_home_t, file_type, sysadmfile, home_type, $1_file_type;
  
@@ -778,9 +810,9 @@
 +
 +') 
 +
-diff --exclude-from=exclude -N -u -r nsapolicy/macros/base_user_macros.te policy-1.23.9/macros/base_user_macros.te
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/base_user_macros.te policy-1.23.10/macros/base_user_macros.te
 --- nsapolicy/macros/base_user_macros.te	2005-04-07 22:22:55.000000000 -0400
-+++ policy-1.23.9/macros/base_user_macros.te	2005-04-08 12:03:54.000000000 -0400
++++ policy-1.23.10/macros/base_user_macros.te	2005-04-12 09:53:46.000000000 -0400
 @@ -103,16 +103,9 @@
  # Bind to a Unix domain socket in /tmp.
  allow $1_t $1_tmp_t:unix_stream_socket name_bind;
@@ -807,9 +839,9 @@
  ifdef(`cardmgr.te', `
  # to allow monitoring of pcmcia status
  allow $1_t cardmgr_var_run_t:file { getattr read };
-diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/apache_macros.te policy-1.23.9/macros/program/apache_macros.te
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/apache_macros.te policy-1.23.10/macros/program/apache_macros.te
 --- nsapolicy/macros/program/apache_macros.te	2005-04-07 22:22:55.000000000 -0400
-+++ policy-1.23.9/macros/program/apache_macros.te	2005-04-11 11:23:21.000000000 -0400
++++ policy-1.23.10/macros/program/apache_macros.te	2005-04-12 09:53:46.000000000 -0400
 @@ -39,7 +39,7 @@
  allow httpd_$1_script_t fs_t:filesystem getattr;
  allow httpd_$1_script_t self:unix_stream_socket create_stream_socket_perms;
@@ -819,9 +851,9 @@
  allow httpd_$1_script_t { self proc_t }:dir r_dir_perms;
  allow httpd_$1_script_t { self proc_t }:lnk_file read;
  
-diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/dbusd_macros.te policy-1.23.9/macros/program/dbusd_macros.te
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/dbusd_macros.te policy-1.23.10/macros/program/dbusd_macros.te
 --- nsapolicy/macros/program/dbusd_macros.te	2005-02-24 14:51:09.000000000 -0500
-+++ policy-1.23.9/macros/program/dbusd_macros.te	2005-04-08 12:03:54.000000000 -0400
++++ policy-1.23.10/macros/program/dbusd_macros.te	2005-04-12 09:53:46.000000000 -0400
 @@ -41,6 +41,10 @@
  allow $1_dbusd_t self:file { getattr read };
  allow $1_dbusd_t proc_t:file read;
@@ -833,9 +865,9 @@
  ifdef(`pamconsole.te', `
  r_dir_file($1_dbusd_t, pam_var_console_t)
  ')
-diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/gift_macros.te policy-1.23.9/macros/program/gift_macros.te
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/gift_macros.te policy-1.23.10/macros/program/gift_macros.te
 --- nsapolicy/macros/program/gift_macros.te	2005-04-07 22:22:55.000000000 -0400
-+++ policy-1.23.9/macros/program/gift_macros.te	2005-04-08 12:03:54.000000000 -0400
++++ policy-1.23.10/macros/program/gift_macros.te	2005-04-12 09:53:46.000000000 -0400
 @@ -95,7 +95,7 @@
  
  # Read /proc/meminfo
@@ -845,9 +877,9 @@
  
  # Read /etc/mtab
  allow $1_giftd_t etc_runtime_t:file { getattr read };
-diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mozilla_macros.te policy-1.23.9/macros/program/mozilla_macros.te
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mozilla_macros.te policy-1.23.10/macros/program/mozilla_macros.te
 --- nsapolicy/macros/program/mozilla_macros.te	2005-04-07 22:22:55.000000000 -0400
-+++ policy-1.23.9/macros/program/mozilla_macros.te	2005-04-11 14:43:24.000000000 -0400
++++ policy-1.23.10/macros/program/mozilla_macros.te	2005-04-12 09:53:46.000000000 -0400
 @@ -31,7 +31,10 @@
  # Browse files
  file_browse_domain($1_mozilla_t)
@@ -860,9 +892,9 @@
  uses_shlib($1_mozilla_t)
  read_locale($1_mozilla_t)
  read_sysctl($1_mozilla_t)
-diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mplayer_macros.te policy-1.23.9/macros/program/mplayer_macros.te
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mplayer_macros.te policy-1.23.10/macros/program/mplayer_macros.te
 --- nsapolicy/macros/program/mplayer_macros.te	2005-04-07 22:22:55.000000000 -0400
-+++ policy-1.23.9/macros/program/mplayer_macros.te	2005-04-08 12:03:54.000000000 -0400
++++ policy-1.23.10/macros/program/mplayer_macros.te	2005-04-12 09:53:46.000000000 -0400
 @@ -82,16 +82,18 @@
  # Mplayer common stuff
  mplayer_common($1, mplayer)
@@ -886,9 +918,9 @@
  r_dir_file($1_mplayer_t, removable_t);
  
  # Legacy domain issues
-diff --exclude-from=exclude -N -u -r nsapolicy/macros/user_macros.te policy-1.23.9/macros/user_macros.te
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/user_macros.te policy-1.23.10/macros/user_macros.te
 --- nsapolicy/macros/user_macros.te	2005-04-06 06:57:44.000000000 -0400
-+++ policy-1.23.9/macros/user_macros.te	2005-04-08 12:03:54.000000000 -0400
++++ policy-1.23.10/macros/user_macros.te	2005-04-12 09:53:46.000000000 -0400
 @@ -23,12 +23,6 @@
  
  tmp_domain($1, `, user_tmpfile, $1_file_type', `{ file lnk_file dir sock_file fifo_file }')
@@ -1006,9 +1038,9 @@
  # $1_t is also granted permissions specific to user domains.
  user_domain($1)
  
-diff --exclude-from=exclude -N -u -r nsapolicy/net_contexts policy-1.23.9/net_contexts
+diff --exclude-from=exclude -N -u -r nsapolicy/net_contexts policy-1.23.10/net_contexts
 --- nsapolicy/net_contexts	2005-04-06 06:57:43.000000000 -0400
-+++ policy-1.23.9/net_contexts	2005-04-11 12:17:00.000000000 -0400
++++ policy-1.23.10/net_contexts	2005-04-12 09:53:46.000000000 -0400
 @@ -38,10 +38,8 @@
  portcon udp 892 system_u:object_r:inetd_child_port_t
  portcon tcp 2105 system_u:object_r:inetd_child_port_t
@@ -1034,9 +1066,25 @@
  ifdef(`rsync.te', `
  portcon tcp 873 system_u:object_r:rsync_port_t
  portcon udp 873 system_u:object_r:rsync_port_t
-diff --exclude-from=exclude -N -u -r nsapolicy/tunables/distro.tun policy-1.23.9/tunables/distro.tun
+diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/unconfined.te policy-1.23.10/targeted/domains/unconfined.te
+--- nsapolicy/targeted/domains/unconfined.te	2005-02-24 14:51:10.000000000 -0500
++++ policy-1.23.10/targeted/domains/unconfined.te	2005-04-12 10:04:41.000000000 -0400
+@@ -16,10 +16,8 @@
+ # macros and domains from the "strict" policy.
+ typealias bin_t alias su_exec_t;
+ typealias unconfined_t alias { kernel_t logrotate_t sendmail_t sshd_t sysadm_t rpm_t rpm_script_t xdm_t };
+-define(`admin_tty_type', `{ tty_device_t devpts_t }')
+-
+-#type of rundir to communicate with dbus
+-type system_dbusd_var_run_t, file_type, sysadmfile;
++typeattribute tty_device_t admin_tty_type;
++typeattribute devpts_t admin_tty_type;
+ 
+ # User home directory type.
+ type user_home_t, file_type, sysadmfile, home_type;
+diff --exclude-from=exclude -N -u -r nsapolicy/tunables/distro.tun policy-1.23.10/tunables/distro.tun
 --- nsapolicy/tunables/distro.tun	2005-02-24 14:51:09.000000000 -0500
-+++ policy-1.23.9/tunables/distro.tun	2005-04-08 12:03:54.000000000 -0400
++++ policy-1.23.10/tunables/distro.tun	2005-04-12 09:53:46.000000000 -0400
 @@ -5,7 +5,7 @@
  # appropriate ifdefs.
  
@@ -1046,30 +1094,19 @@
  
  dnl define(`distro_suse')
  
-diff --exclude-from=exclude -N -u -r nsapolicy/tunables/tunable.tun policy-1.23.9/tunables/tunable.tun
+diff --exclude-from=exclude -N -u -r nsapolicy/tunables/tunable.tun policy-1.23.10/tunables/tunable.tun
 --- nsapolicy/tunables/tunable.tun	2005-02-24 14:51:09.000000000 -0500
-+++ policy-1.23.9/tunables/tunable.tun	2005-04-08 12:03:54.000000000 -0400
-@@ -1,27 +1,27 @@
- # Allow users to execute the mount command
--dnl define(`user_can_mount')
-+define(`user_can_mount')
++++ policy-1.23.10/tunables/tunable.tun	2005-04-12 10:13:08.000000000 -0400
+@@ -2,7 +2,7 @@
+ dnl define(`user_can_mount')
  
  # Allow rpm to run unconfined.
 -dnl define(`unlimitedRPM')
 +define(`unlimitedRPM')
  
  # Allow privileged utilities like hotplug and insmod to run unconfined.
--dnl define(`unlimitedUtils')
-+define(`unlimitedUtils')
- 
- # Allow rc scripts to run unconfined, including any daemon
- # started by an rc script that does not have a domain transition
- # explicitly defined.
--dnl define(`unlimitedRC')
-+define(`unlimitedRC')
- 
- # Allow sysadm_t to directly start daemons
- define(`direct_sysadm_daemon')
+ dnl define(`unlimitedUtils')
+@@ -17,11 +17,11 @@
  
  # Do not audit things that we know to be broken but which
  # are not security risks
@@ -1083,9 +1120,9 @@
  
  # Allow xinetd to run unconfined, including any services it starts
  # that do not have a domain transition explicitly defined.
-diff --exclude-from=exclude -N -u -r nsapolicy/types/file.te policy-1.23.9/types/file.te
+diff --exclude-from=exclude -N -u -r nsapolicy/types/file.te policy-1.23.10/types/file.te
 --- nsapolicy/types/file.te	2005-04-04 10:21:11.000000000 -0400
-+++ policy-1.23.9/types/file.te	2005-04-11 07:15:32.000000000 -0400
++++ policy-1.23.10/types/file.te	2005-04-12 09:53:46.000000000 -0400
 @@ -319,4 +319,5 @@
  allow file_type removable_t:filesystem associate;
  allow file_type noexattrfile:filesystem associate;
@@ -1093,9 +1130,9 @@
 -
 +# Type for anonymous FTP data, used by ftp and rsync
 +type ftpd_anon_t, file_type, sysadmfile, customizable;
-diff --exclude-from=exclude -N -u -r nsapolicy/types/network.te policy-1.23.9/types/network.te
+diff --exclude-from=exclude -N -u -r nsapolicy/types/network.te policy-1.23.10/types/network.te
 --- nsapolicy/types/network.te	2005-04-06 06:57:44.000000000 -0400
-+++ policy-1.23.9/types/network.te	2005-04-11 07:05:23.000000000 -0400
++++ policy-1.23.10/types/network.te	2005-04-12 09:53:46.000000000 -0400
 @@ -39,12 +39,9 @@
  ifdef(`use_pop', `
  type pop_port_t, port_type, reserved_port_type;
@@ -1112,9 +1149,9 @@
  
  ifdef(`dhcpd.te', `define(`use_pxe')')
  ifdef(`pxe.te', `define(`use_pxe')')
-diff --exclude-from=exclude -N -u -r nsapolicy/users policy-1.23.9/users
+diff --exclude-from=exclude -N -u -r nsapolicy/users policy-1.23.10/users
 --- nsapolicy/users	2005-03-17 10:18:56.000000000 -0500
-+++ policy-1.23.9/users	2005-04-08 12:05:58.000000000 -0400
++++ policy-1.23.10/users	2005-04-12 09:53:46.000000000 -0400
 @@ -41,7 +41,7 @@
  
  # The sysadm_r user also needs to be permitted system_r if we are to allow


Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.273
retrieving revision 1.274
diff -u -r1.273 -r1.274
--- selinux-policy-strict.spec	12 Apr 2005 14:00:40 -0000	1.273
+++ selinux-policy-strict.spec	12 Apr 2005 14:40:31 -0000	1.274
@@ -11,7 +11,7 @@
 Summary: SELinux %{type} policy configuration
 Name: selinux-policy-%{type}
 Version: 1.23.10
-Release: 1
+Release: 2
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -220,6 +220,10 @@
 exit 0
 
 %changelog
+* Tue Apr 12 2005 Dan Walsh <dwalsh redhat com> 1.23.10-2
+- Fix patch
+- Remove unlimited tunables from strict
+
 * Tue Apr 12 2005 Dan Walsh <dwalsh redhat com> 1.23.10-1
 - Add dbusd.te
 - Fix adobe


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]