rpms/selinux-policy-strict/devel policy-20050425.patch, 1.1, 1.2 selinux-policy-strict.spec, 1.289, 1.290

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Tue Apr 26 01:40:48 UTC 2005 

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy-strict/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv20378

Modified Files:
	policy-20050425.patch selinux-policy-strict.spec 
Log Message:
* Mon Apr 25 2005 Dan Walsh <dwalsh at redhat.com> 1.23.13-2
- Small fixes for targeted policy
- Add updfstab


policy-20050425.patch:
 domains/misc/kernel.te                |    4 ++
 domains/program/fsadm.te              |    2 -
 domains/program/getty.te              |   14 ++--------
 domains/program/hostname.te           |    1 
 domains/program/init.te               |    3 --
 domains/program/initrc.te             |    1 
 domains/program/klogd.te              |    3 ++
 domains/program/load_policy.te        |    3 --
 domains/program/unused/amavis.te      |    7 -----
 domains/program/unused/apache.te      |   16 +++--------
 domains/program/unused/apmd.te        |    1 
 domains/program/unused/auditd.te      |   15 ++++++++--
 domains/program/unused/clamav.te      |    2 -
 domains/program/unused/consoletype.te |   13 ++++-----
 domains/program/unused/cups.te        |    2 +
 domains/program/unused/hald.te        |    4 ++
 domains/program/unused/hotplug.te     |    8 +----
 domains/program/unused/ntpd.te        |    3 --
 domains/program/unused/portmap.te     |    5 ++-
 domains/program/unused/samba.te       |    1 
 domains/program/unused/squid.te       |    4 --
 domains/program/unused/tinydns.te     |    2 -
 domains/program/unused/udev.te        |    6 ++--
 domains/program/unused/webalizer.te   |    2 -
 domains/user.te                       |    7 +++++
 file_contexts/distros.fc              |    1 
 file_contexts/program/compat.fc       |   17 ++++++++----
 file_contexts/program/getty.fc        |    2 +
 file_contexts/program/lvm.fc          |    1 
 file_contexts/program/portmap.fc      |    1 
 file_contexts/program/traceroute.fc   |    1 
 file_contexts/program/webalizer.fc    |    2 +
 file_contexts/types.fc                |    3 +-
 macros/base_user_macros.te            |    2 -
 macros/core_macros.te                 |    1 
 macros/global_macros.te               |   12 ++++++++
 macros/program/cdrecord_macros.te     |    2 -
 macros/program/mozilla_macros.te      |    2 -
 man/man8/httpd_selinux.8              |    6 ++++
 targeted/appconfig/default_contexts   |    1 
 targeted/domains/program/compat.te    |    2 -
 targeted/domains/program/crond.te     |    2 -
 targeted/domains/program/hotplug.te   |   17 ------------
 targeted/domains/program/sendmail.te  |    3 +-
 targeted/domains/program/udev.te      |   17 ------------
 targeted/domains/program/xdm.te       |    1 
 targeted/domains/unconfined.te        |    3 +-
 targeted/initial_sid_contexts         |   47 ----------------------------------
 tunables/distro.tun                   |    2 -
 tunables/tunable.tun                  |    6 ++--
 types/network.te                      |    1 
 51 files changed, 122 insertions(+), 162 deletions(-)

Index: policy-20050425.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/policy-20050425.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- policy-20050425.patch	25 Apr 2005 19:12:42 -0000	1.1
+++ policy-20050425.patch	26 Apr 2005 01:40:45 -0000	1.2
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/misc/kernel.te policy-1.23.12/domains/misc/kernel.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/misc/kernel.te policy-1.23.13/domains/misc/kernel.te
 --- nsapolicy/domains/misc/kernel.te	2005-04-14 15:01:53.000000000 -0400
-+++ policy-1.23.12/domains/misc/kernel.te	2005-04-22 10:14:15.000000000 -0400
++++ policy-1.23.13/domains/misc/kernel.te	2005-04-25 15:18:00.000000000 -0400
 @@ -63,4 +63,6 @@
  # /proc/sys/kernel/modprobe is set to /bin/true if not using modules.
  can_exec(kernel_t, bin_t)
@@ -9,9 +9,9 @@
 +ifdef(`targeted_policy', `
 +typeattribute kernel_t unrestricted;
 +')
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/fsadm.te policy-1.23.12/domains/program/fsadm.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/fsadm.te policy-1.23.13/domains/program/fsadm.te
 --- nsapolicy/domains/program/fsadm.te	2005-04-04 10:21:10.000000000 -0400
-+++ policy-1.23.12/domains/program/fsadm.te	2005-04-25 10:04:33.000000000 -0400
++++ policy-1.23.13/domains/program/fsadm.te	2005-04-25 15:18:00.000000000 -0400
 @@ -100,7 +100,7 @@
  allow fsadm_t kernel_t:system syslog_console;
  
@@ -21,9 +21,9 @@
  ifdef(`gnome-pty-helper.te', `allow fsadm_t sysadm_gph_t:fd use;')
  allow fsadm_t privfd:fd use;
  allow fsadm_t devpts_t:dir { getattr search };
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/getty.te policy-1.23.12/domains/program/getty.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/getty.te policy-1.23.13/domains/program/getty.te
 --- nsapolicy/domains/program/getty.te	2005-04-25 14:48:58.000000000 -0400
-+++ policy-1.23.12/domains/program/getty.te	2005-04-22 16:17:17.000000000 -0400
++++ policy-1.23.13/domains/program/getty.te	2005-04-25 15:18:00.000000000 -0400
 @@ -23,18 +23,9 @@
  allow getty_t self:unix_dgram_socket create_socket_perms;
  allow getty_t self:unix_stream_socket create_socket_perms;
@@ -58,9 +58,17 @@
 +# for mgetty
 +var_run_domain(getty)
 +allow getty_t self:capability { fowner fsetid };
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/initrc.te policy-1.23.12/domains/program/initrc.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/hostname.te policy-1.23.13/domains/program/hostname.te
+--- nsapolicy/domains/program/hostname.te	2005-04-25 14:48:58.000000000 -0400
++++ policy-1.23.13/domains/program/hostname.te	2005-04-25 15:48:24.000000000 -0400
+@@ -24,3 +24,4 @@
+ ifdef(`distro_redhat', `
+ allow hostname_t tmpfs_t:chr_file rw_file_perms;
+ ')
++allow hostname_t initrc_devpts_t:chr_file { read write };
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/initrc.te policy-1.23.13/domains/program/initrc.te
 --- nsapolicy/domains/program/initrc.te	2005-04-25 14:48:58.000000000 -0400
-+++ policy-1.23.12/domains/program/initrc.te	2005-04-22 15:07:04.000000000 -0400
++++ policy-1.23.13/domains/program/initrc.te	2005-04-25 15:18:00.000000000 -0400
 @@ -253,6 +253,7 @@
  allow unconfined_t initrc_t:dbus { acquire_svc send_msg };
  allow initrc_t unconfined_t:dbus { acquire_svc send_msg };
@@ -69,10 +77,10 @@
  ', `
  run_program(sysadm_t, sysadm_r, init, initrc_exec_t, initrc_t)
  ')
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/init.te policy-1.23.12/domains/program/init.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/init.te policy-1.23.13/domains/program/init.te
 --- nsapolicy/domains/program/init.te	2005-02-24 14:51:07.000000000 -0500
-+++ policy-1.23.12/domains/program/init.te	2005-04-22 14:07:40.000000000 -0400
-@@ -131,10 +131,8 @@
++++ policy-1.23.13/domains/program/init.te	2005-04-25 16:11:57.000000000 -0400
+@@ -131,10 +131,9 @@
  
  allow init_t lib_t:file { getattr read };
  
@@ -80,12 +88,13 @@
  allow init_t devtty_t:chr_file { read write };
  allow init_t ramfs_t:dir search;
 -')
++allow init_t ramfs_t:sock_file write;
  r_dir_file(init_t, sysfs_t)
  
  r_dir_file(init_t, selinux_config_t)
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/klogd.te policy-1.23.12/domains/program/klogd.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/klogd.te policy-1.23.13/domains/program/klogd.te
 --- nsapolicy/domains/program/klogd.te	2005-02-24 14:51:08.000000000 -0500
-+++ policy-1.23.12/domains/program/klogd.te	2005-04-22 14:10:06.000000000 -0400
++++ policy-1.23.13/domains/program/klogd.te	2005-04-25 15:18:00.000000000 -0400
 @@ -43,3 +43,6 @@
  # Read /boot/System.map*
  allow klogd_t system_map_t:file r_file_perms;
@@ -93,9 +102,9 @@
 +ifdef(`targeted_policy', `
 +allow klogd_t unconfined_t:system syslog_mod;
 +')
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/load_policy.te policy-1.23.12/domains/program/load_policy.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/load_policy.te policy-1.23.13/domains/program/load_policy.te
 --- nsapolicy/domains/program/load_policy.te	2005-04-20 15:40:34.000000000 -0400
-+++ policy-1.23.12/domains/program/load_policy.te	2005-04-21 08:37:13.000000000 -0400
++++ policy-1.23.13/domains/program/load_policy.te	2005-04-25 15:18:00.000000000 -0400
 @@ -39,6 +39,7 @@
  # only allow read of policy config files
  allow load_policy_t policy_src_t:dir search;
@@ -110,9 +119,9 @@
  read_locale(load_policy_t)
 -r_dir_file(load_policy_t, selinux_config_t)
 -allow load_policy_t proc_t:file { getattr read };
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/amavis.te policy-1.23.12/domains/program/unused/amavis.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/amavis.te policy-1.23.13/domains/program/unused/amavis.te
 --- nsapolicy/domains/program/unused/amavis.te	2005-04-06 06:57:44.000000000 -0400
-+++ policy-1.23.12/domains/program/unused/amavis.te	2005-04-22 07:09:19.000000000 -0400
++++ policy-1.23.13/domains/program/unused/amavis.te	2005-04-25 15:18:00.000000000 -0400
 @@ -13,7 +13,7 @@
  type amavisd_lib_t, file_type, sysadmfile;
  
@@ -131,9 +140,9 @@
 -allow tmpreaper_t amavisd_quarantine_t:dir { read search getattr setattr unlink };
 -allow tmpreaper_t amavisd_quarantine_t:file getattr;
 -')
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apache.te policy-1.23.12/domains/program/unused/apache.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apache.te policy-1.23.13/domains/program/unused/apache.te
 --- nsapolicy/domains/program/unused/apache.te	2005-04-25 14:48:58.000000000 -0400
-+++ policy-1.23.12/domains/program/unused/apache.te	2005-04-25 13:34:10.000000000 -0400
++++ policy-1.23.13/domains/program/unused/apache.te	2005-04-25 15:18:00.000000000 -0400
 @@ -290,7 +290,7 @@
  allow httpd_helper_t httpd_log_t:file { append };
  
@@ -186,9 +195,20 @@
  ')
 -
 -allow httpd_t var_t:file read;
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/auditd.te policy-1.23.12/domains/program/unused/auditd.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apmd.te policy-1.23.13/domains/program/unused/apmd.te
+--- nsapolicy/domains/program/unused/apmd.te	2005-04-04 10:21:10.000000000 -0400
++++ policy-1.23.13/domains/program/unused/apmd.te	2005-04-25 16:03:20.000000000 -0400
+@@ -108,6 +108,7 @@
+ #
+ # Allow it to run killof5 and pidof
+ #
++typeattribute apmd_t unrestricted;
+ r_dir_file(apmd_t, domain)
+ 
+ # Same for apm/acpid scripts
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/auditd.te policy-1.23.13/domains/program/unused/auditd.te
 --- nsapolicy/domains/program/unused/auditd.te	2005-04-25 14:48:58.000000000 -0400
-+++ policy-1.23.12/domains/program/unused/auditd.te	2005-04-25 11:10:33.000000000 -0400
++++ policy-1.23.13/domains/program/unused/auditd.te	2005-04-25 15:18:00.000000000 -0400
 @@ -2,6 +2,8 @@
  #
  # Authors: Colin Walters <walters at verbum.org>
@@ -227,9 +247,9 @@
  allow auditctl_t sysctl_kernel_t:file read;
 +allow auditd_t self:process setsched;
 +dontaudit auditctl_t init_t:fd use; 
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/clamav.te policy-1.23.12/domains/program/unused/clamav.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/clamav.te policy-1.23.13/domains/program/unused/clamav.te
 --- nsapolicy/domains/program/unused/clamav.te	2005-04-06 06:57:44.000000000 -0400
-+++ policy-1.23.12/domains/program/unused/clamav.te	2005-04-22 07:01:47.000000000 -0400
++++ policy-1.23.13/domains/program/unused/clamav.te	2005-04-25 15:18:00.000000000 -0400
 @@ -22,7 +22,7 @@
  # Freshclam
  #
@@ -239,9 +259,9 @@
  read_locale(freshclam_t)
  
  # not sure why it needs this
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/consoletype.te policy-1.23.12/domains/program/unused/consoletype.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/consoletype.te policy-1.23.13/domains/program/unused/consoletype.te
 --- nsapolicy/domains/program/unused/consoletype.te	2005-03-21 22:32:18.000000000 -0500
-+++ policy-1.23.12/domains/program/unused/consoletype.te	2005-04-22 16:37:44.000000000 -0400
++++ policy-1.23.13/domains/program/unused/consoletype.te	2005-04-25 15:18:00.000000000 -0400
 @@ -19,29 +19,28 @@
  uses_shlib(consoletype_t)
  general_domain_access(consoletype_t)
@@ -278,9 +298,9 @@
  allow consoletype_t nfs_t:file write;
  allow consoletype_t sysadm_t:fifo_file rw_file_perms;
  
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.23.12/domains/program/unused/cups.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.23.13/domains/program/unused/cups.te
 --- nsapolicy/domains/program/unused/cups.te	2005-04-25 14:48:59.000000000 -0400
-+++ policy-1.23.12/domains/program/unused/cups.te	2005-04-21 13:13:45.000000000 -0400
++++ policy-1.23.13/domains/program/unused/cups.te	2005-04-25 15:18:00.000000000 -0400
 @@ -17,6 +17,7 @@
  type cupsd_rw_etc_t, file_type, sysadmfile, usercanread;
  
@@ -297,9 +317,9 @@
  allow cupsd_config_t port_type:tcp_socket name_connect;
  can_tcp_connect(cupsd_config_t, cupsd_t)
  allow cupsd_config_t self:fifo_file rw_file_perms;
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hald.te policy-1.23.12/domains/program/unused/hald.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hald.te policy-1.23.13/domains/program/unused/hald.te
 --- nsapolicy/domains/program/unused/hald.te	2005-04-07 22:22:55.000000000 -0400
-+++ policy-1.23.12/domains/program/unused/hald.te	2005-04-22 09:43:35.000000000 -0400
++++ policy-1.23.13/domains/program/unused/hald.te	2005-04-25 15:18:00.000000000 -0400
 @@ -93,3 +93,7 @@
  ifdef(`lvm.te', `
  allow hald_t lvm_control_t:chr_file r_file_perms;
@@ -308,9 +328,9 @@
 +allow unconfined_t hald_t:dbus send_msg;
 +allow hald_t unconfined_t:dbus send_msg;
 +')
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hotplug.te policy-1.23.12/domains/program/unused/hotplug.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hotplug.te policy-1.23.13/domains/program/unused/hotplug.te
 --- nsapolicy/domains/program/unused/hotplug.te	2005-03-11 15:31:06.000000000 -0500
-+++ policy-1.23.12/domains/program/unused/hotplug.te	2005-04-22 15:31:15.000000000 -0400
++++ policy-1.23.13/domains/program/unused/hotplug.te	2005-04-25 15:18:00.000000000 -0400
 @@ -83,7 +83,9 @@
  allow hotplug_t self:file getattr;
  
@@ -332,9 +352,9 @@
 -')
 -
  allow kernel_t hotplug_etc_t:dir search;
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ntpd.te policy-1.23.12/domains/program/unused/ntpd.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ntpd.te policy-1.23.13/domains/program/unused/ntpd.te
 --- nsapolicy/domains/program/unused/ntpd.te	2005-04-20 15:40:35.000000000 -0400
-+++ policy-1.23.12/domains/program/unused/ntpd.te	2005-04-22 11:42:46.000000000 -0400
++++ policy-1.23.13/domains/program/unused/ntpd.te	2005-04-25 15:18:00.000000000 -0400
 @@ -14,7 +14,6 @@
  
  type ntpdate_exec_t, file_type, sysadmfile, exec_type;
@@ -356,9 +376,9 @@
  allow ntpd_t winbind_var_run_t:sock_file rw_file_perms;
  ')
 -allow sysadm_t ntp_port_t:udp_socket name_bind;
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/portmap.te policy-1.23.12/domains/program/unused/portmap.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/portmap.te policy-1.23.13/domains/program/unused/portmap.te
 --- nsapolicy/domains/program/unused/portmap.te	2005-03-24 08:58:27.000000000 -0500
-+++ policy-1.23.12/domains/program/unused/portmap.te	2005-04-25 10:04:05.000000000 -0400
++++ policy-1.23.13/domains/program/unused/portmap.te	2005-04-25 15:18:00.000000000 -0400
 @@ -58,13 +58,14 @@
  domain_auto_trans(initrc_t, portmap_helper_exec_t, portmap_helper_t)
  dontaudit portmap_helper_t self:capability { net_admin };
@@ -376,9 +396,20 @@
 +dontaudit portmap_helper_t { userdomain privfd }:fd use;
  allow portmap_helper_t reserved_port_t:{ tcp_socket udp_socket } name_bind;
  dontaudit portmap_helper_t reserved_port_type:{ tcp_socket udp_socket } name_bind;
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/squid.te policy-1.23.12/domains/program/unused/squid.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/samba.te policy-1.23.13/domains/program/unused/samba.te
+--- nsapolicy/domains/program/unused/samba.te	2005-04-14 15:01:53.000000000 -0400
++++ policy-1.23.13/domains/program/unused/samba.te	2005-04-25 15:18:58.000000000 -0400
+@@ -133,6 +133,7 @@
+ # Access samba config
+ allow smbmount_t samba_etc_t:file r_file_perms;
+ allow smbmount_t samba_etc_t:dir r_dir_perms;
++allow initrc_t samba_etc_t:file rw_file_perms;
+ 
+ # Write samba log
+ allow smbmount_t samba_log_t:file create_file_perms;
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/squid.te policy-1.23.13/domains/program/unused/squid.te
 --- nsapolicy/domains/program/unused/squid.te	2005-04-04 10:21:11.000000000 -0400
-+++ policy-1.23.12/domains/program/unused/squid.te	2005-04-22 06:58:24.000000000 -0400
++++ policy-1.23.13/domains/program/unused/squid.te	2005-04-25 15:18:00.000000000 -0400
 @@ -55,9 +55,7 @@
  can_network(squid_t)
  if (squid_connect_any) {
@@ -390,9 +421,9 @@
  can_ypbind(squid_t)
  can_tcp_connect(web_client_domain, squid_t)
  
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/tinydns.te policy-1.23.12/domains/program/unused/tinydns.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/tinydns.te policy-1.23.13/domains/program/unused/tinydns.te
 --- nsapolicy/domains/program/unused/tinydns.te	2005-02-24 14:51:08.000000000 -0500
-+++ policy-1.23.12/domains/program/unused/tinydns.te	2005-04-21 08:22:26.000000000 -0400
++++ policy-1.23.13/domains/program/unused/tinydns.te	2005-04-25 15:18:00.000000000 -0400
 @@ -36,7 +36,7 @@
  can_udp_send(domain, tinydns_t)
  can_udp_send(tinydns_t, domain)
@@ -402,9 +433,9 @@
  
  #read configuration files
  r_dir_file(tinydns_t, tinydns_conf_t)
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/udev.te policy-1.23.12/domains/program/unused/udev.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/udev.te policy-1.23.13/domains/program/unused/udev.te
 --- nsapolicy/domains/program/unused/udev.te	2005-04-25 14:48:59.000000000 -0400
-+++ policy-1.23.12/domains/program/unused/udev.te	2005-04-21 14:29:25.000000000 -0400
++++ policy-1.23.13/domains/program/unused/udev.te	2005-04-25 15:18:00.000000000 -0400
 @@ -76,7 +76,6 @@
  allow udev_t initrc_var_run_t:file r_file_perms;
  dontaudit udev_t initrc_var_run_t:file write;
@@ -429,9 +460,9 @@
 +ifdef(`unlimitedUtils', `
 +unconfined_domain(udev_t) 
 +')
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/webalizer.te policy-1.23.12/domains/program/unused/webalizer.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/webalizer.te policy-1.23.13/domains/program/unused/webalizer.te
 --- nsapolicy/domains/program/unused/webalizer.te	2005-02-24 14:51:07.000000000 -0500
-+++ policy-1.23.12/domains/program/unused/webalizer.te	2005-04-25 13:15:57.000000000 -0400
++++ policy-1.23.13/domains/program/unused/webalizer.te	2005-04-25 15:18:00.000000000 -0400
 @@ -4,7 +4,7 @@
  #
  # Depends: apache.te
@@ -441,9 +472,9 @@
  # to use from cron
  system_crond_entry(webalizer_exec_t,webalizer_t)
  role system_r types webalizer_t;
-diff --exclude-from=exclude -N -u -r nsapolicy/domains/user.te policy-1.23.12/domains/user.te
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/user.te policy-1.23.13/domains/user.te
 --- nsapolicy/domains/user.te	2005-04-14 15:01:53.000000000 -0400
-+++ policy-1.23.12/domains/user.te	2005-04-22 09:41:28.000000000 -0400
++++ policy-1.23.13/domains/user.te	2005-04-25 15:18:00.000000000 -0400
 @@ -132,3 +132,10 @@
  # "ps aux" and "ls -l /dev/pts" make too much noise without this
  dontaudit unpriv_userdomain ptyfile:chr_file getattr;
@@ -455,9 +486,9 @@
 +allow userdomain ttyfile:chr_file getattr;
 +}
 +
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/distros.fc policy-1.23.12/file_contexts/distros.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/distros.fc policy-1.23.13/file_contexts/distros.fc
 --- nsapolicy/file_contexts/distros.fc	2005-04-20 15:40:35.000000000 -0400
-+++ policy-1.23.12/file_contexts/distros.fc	2005-04-24 08:35:47.000000000 -0400
++++ policy-1.23.13/file_contexts/distros.fc	2005-04-25 15:18:00.000000000 -0400
 @@ -37,6 +37,7 @@
  /usr/share/texmf/web2c/mktexupd	--	system_u:object_r:bin_t
  /usr/share/ssl/certs(/.*)?		system_u:object_r:cert_t
@@ -466,9 +497,9 @@
  /usr/share/ssl/misc(/.*)?		system_u:object_r:bin_t
  #
  # /emul/ia32-linux/usr
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/compat.fc policy-1.23.12/file_contexts/program/compat.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/compat.fc policy-1.23.13/file_contexts/program/compat.fc
 --- nsapolicy/file_contexts/program/compat.fc	2005-04-20 08:58:41.000000000 -0400
-+++ policy-1.23.12/file_contexts/program/compat.fc	2005-04-24 08:15:01.000000000 -0400
++++ policy-1.23.13/file_contexts/program/compat.fc	2005-04-25 15:18:00.000000000 -0400
 @@ -1,19 +1,23 @@
 +ifdef(`setfiles.te', `', `
  # setfiles
@@ -508,26 +539,37 @@
  /usr/sbin/kudzu	--	system_u:object_r:kudzu_exec_t
  /sbin/kmodule	--	system_u:object_r:kudzu_exec_t
 +')
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/getty.fc policy-1.23.12/file_contexts/program/getty.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/getty.fc policy-1.23.13/file_contexts/program/getty.fc
 --- nsapolicy/file_contexts/program/getty.fc	2005-02-24 14:51:09.000000000 -0500
-+++ policy-1.23.12/file_contexts/program/getty.fc	2005-04-22 16:17:17.000000000 -0400
++++ policy-1.23.13/file_contexts/program/getty.fc	2005-04-25 15:18:00.000000000 -0400
 @@ -1,3 +1,5 @@
  # getty
  /sbin/.*getty		--	system_u:object_r:getty_exec_t
  /etc/mgetty(/.*)?		system_u:object_r:getty_etc_t
 +/var/run/mgetty\.pid.*	--	system_u:object_r:getty_var_run_t
 +/var/log/mgetty\.log.*	--	system_u:object_r:getty_log_t
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/portmap.fc policy-1.23.12/file_contexts/program/portmap.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/lvm.fc policy-1.23.13/file_contexts/program/lvm.fc
+--- nsapolicy/file_contexts/program/lvm.fc	2005-04-20 15:40:35.000000000 -0400
++++ policy-1.23.13/file_contexts/program/lvm.fc	2005-04-25 15:41:19.000000000 -0400
+@@ -12,7 +12,6 @@
+ /etc/lvm/lock(/.*)?		system_u:object_r:lvm_lock_t
+ /var/lock/lvm(/.*)?		system_u:object_r:lvm_lock_t
+ /dev/lvm		-c	system_u:object_r:fixed_disk_device_t
+-/dev/mapper/.*		-b	system_u:object_r:fixed_disk_device_t
+ /dev/mapper/control	-c	system_u:object_r:lvm_control_t
+ /lib/lvm-10/.*		--	system_u:object_r:lvm_exec_t
+ /lib/lvm-200/.*		--	system_u:object_r:lvm_exec_t
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/portmap.fc policy-1.23.13/file_contexts/program/portmap.fc
 --- nsapolicy/file_contexts/program/portmap.fc	2005-02-24 14:51:09.000000000 -0500
-+++ policy-1.23.12/file_contexts/program/portmap.fc	2005-04-25 10:03:52.000000000 -0400
++++ policy-1.23.13/file_contexts/program/portmap.fc	2005-04-25 15:18:00.000000000 -0400
 @@ -7,3 +7,4 @@
  /usr/sbin/pmap_dump	--	system_u:object_r:portmap_helper_exec_t
  /usr/sbin/pmap_set	--	system_u:object_r:portmap_helper_exec_t
  ')
 +/var/run/portmap.upgrade-state -- system_u:object_r:portmap_var_run_t
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/traceroute.fc policy-1.23.12/file_contexts/program/traceroute.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/traceroute.fc policy-1.23.13/file_contexts/program/traceroute.fc
 --- nsapolicy/file_contexts/program/traceroute.fc	2005-04-25 14:48:59.000000000 -0400
-+++ policy-1.23.12/file_contexts/program/traceroute.fc	2005-04-21 09:45:13.000000000 -0400
++++ policy-1.23.13/file_contexts/program/traceroute.fc	2005-04-25 15:18:00.000000000 -0400
 @@ -2,7 +2,6 @@
  /bin/traceroute.*	--	system_u:object_r:traceroute_exec_t
  /bin/tracepath.*	--	system_u:object_r:traceroute_exec_t
@@ -536,16 +578,16 @@
  /usr/(s)?bin/traceroute.* --	system_u:object_r:traceroute_exec_t
  /usr/bin/lft		--	system_u:object_r:traceroute_exec_t
  /usr/bin/nmap		--	system_u:object_r:traceroute_exec_t
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/webalizer.fc policy-1.23.12/file_contexts/program/webalizer.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/webalizer.fc policy-1.23.13/file_contexts/program/webalizer.fc
 --- nsapolicy/file_contexts/program/webalizer.fc	2005-02-24 14:51:08.000000000 -0500
-+++ policy-1.23.12/file_contexts/program/webalizer.fc	2005-04-25 13:16:17.000000000 -0400
++++ policy-1.23.13/file_contexts/program/webalizer.fc	2005-04-25 15:18:00.000000000 -0400
 @@ -1 +1,3 @@
  #
 +/usr/bin/webalizer	--	system_u:object_r:webalizer_exec_t
 +/var/lib/webalizer(/.*)		system_u:object_r:webalizer_var_lib_t
-diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/types.fc policy-1.23.12/file_contexts/types.fc
+diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/types.fc policy-1.23.13/file_contexts/types.fc
 --- nsapolicy/file_contexts/types.fc	2005-04-20 15:40:35.000000000 -0400
-+++ policy-1.23.12/file_contexts/types.fc	2005-04-21 08:22:16.000000000 -0400
++++ policy-1.23.13/file_contexts/types.fc	2005-04-25 15:41:29.000000000 -0400
 @@ -58,7 +58,7 @@
  
  #
@@ -555,9 +597,17 @@
  /mnt(/[^/]*)?		-d	system_u:object_r:mnt_t
  /mnt/[^/]*/.*			<<none>>
  /media(/[^/]*)?		-d	system_u:object_r:mnt_t
-diff --exclude-from=exclude -N -u -r nsapolicy/macros/base_user_macros.te policy-1.23.12/macros/base_user_macros.te
+@@ -157,6 +157,7 @@
+ /dev/i2o/hd[^/]*	-b	system_u:object_r:fixed_disk_device_t
+ /dev/ubd[^/]*		-b	system_u:object_r:fixed_disk_device_t
+ /dev/cciss/[^/]*	-b	system_u:object_r:fixed_disk_device_t
++/dev/mapper/.*		-b	system_u:object_r:fixed_disk_device_t
+ /dev/ida/[^/]*	-b	system_u:object_r:fixed_disk_device_t
+ /dev/dasd[^/]*	-b	system_u:object_r:fixed_disk_device_t
+ /dev/flash[^/]*	-b	system_u:object_r:fixed_disk_device_t
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/base_user_macros.te policy-1.23.13/macros/base_user_macros.te
 --- nsapolicy/macros/base_user_macros.te	2005-04-14 15:01:54.000000000 -0400
-+++ policy-1.23.12/macros/base_user_macros.te	2005-04-25 14:48:28.000000000 -0400
++++ policy-1.23.13/macros/base_user_macros.te	2005-04-25 15:18:00.000000000 -0400
 @@ -317,7 +317,7 @@
  allow $1_t devtty_t:chr_file rw_file_perms;
  allow $1_t null_device_t:chr_file rw_file_perms;
@@ -567,9 +617,9 @@
  #
  # Added to allow reading of cdrom
  #
-diff --exclude-from=exclude -N -u -r nsapolicy/macros/core_macros.te policy-1.23.12/macros/core_macros.te
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/core_macros.te policy-1.23.13/macros/core_macros.te
 --- nsapolicy/macros/core_macros.te	2005-04-06 06:57:44.000000000 -0400
-+++ policy-1.23.12/macros/core_macros.te	2005-04-21 08:36:01.000000000 -0400
++++ policy-1.23.13/macros/core_macros.te	2005-04-25 15:18:00.000000000 -0400
 @@ -361,6 +361,7 @@
  # Get the selinuxfs mount point via /proc/self/mounts.
  allow $1 proc_t:dir search;
@@ -578,9 +628,9 @@
  allow $1 self:dir search;
  allow $1 self:file { getattr read };
  # Access selinuxfs.
-diff --exclude-from=exclude -N -u -r nsapolicy/macros/global_macros.te policy-1.23.12/macros/global_macros.te
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/global_macros.te policy-1.23.13/macros/global_macros.te
 --- nsapolicy/macros/global_macros.te	2005-04-14 15:01:54.000000000 -0400
-+++ policy-1.23.12/macros/global_macros.te	2005-04-25 13:38:39.000000000 -0400
++++ policy-1.23.13/macros/global_macros.te	2005-04-25 15:18:00.000000000 -0400
 @@ -406,8 +406,19 @@
  
  role system_r types $2_t;
@@ -609,9 +659,9 @@
  }
  
  # Create/access any System V IPC objects.
-diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/cdrecord_macros.te policy-1.23.12/macros/program/cdrecord_macros.te
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/cdrecord_macros.te policy-1.23.13/macros/program/cdrecord_macros.te
 --- nsapolicy/macros/program/cdrecord_macros.te	2005-02-24 14:51:09.000000000 -0500
-+++ policy-1.23.12/macros/program/cdrecord_macros.te	2005-04-25 10:07:49.000000000 -0400
++++ policy-1.23.13/macros/program/cdrecord_macros.te	2005-04-25 15:18:00.000000000 -0400
 @@ -40,7 +40,7 @@
  allow $1_cdrecord_t etc_t:file { getattr read };
  
@@ -621,9 +671,9 @@
  allow $1_cdrecord_t device_t:lnk_file { getattr read };
  
  # allow cdrecord to write the CD
-diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mozilla_macros.te policy-1.23.12/macros/program/mozilla_macros.te
+diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mozilla_macros.te policy-1.23.13/macros/program/mozilla_macros.te
 --- nsapolicy/macros/program/mozilla_macros.te	2005-04-20 15:40:35.000000000 -0400
-+++ policy-1.23.12/macros/program/mozilla_macros.te	2005-04-22 06:57:46.000000000 -0400
++++ policy-1.23.13/macros/program/mozilla_macros.te	2005-04-25 15:18:00.000000000 -0400
 @@ -32,7 +32,7 @@
  file_browse_domain($1_mozilla_t)
  
@@ -633,9 +683,9 @@
  #allow $1_mozilla_t port_type:tcp_socket name_connect;
  
  uses_shlib($1_mozilla_t)
-diff --exclude-from=exclude -N -u -r nsapolicy/man/man8/httpd_selinux.8 policy-1.23.12/man/man8/httpd_selinux.8
+diff --exclude-from=exclude -N -u -r nsapolicy/man/man8/httpd_selinux.8 policy-1.23.13/man/man8/httpd_selinux.8
 --- nsapolicy/man/man8/httpd_selinux.8	2005-04-07 22:22:56.000000000 -0400
-+++ policy-1.23.12/man/man8/httpd_selinux.8	2005-04-25 13:37:04.000000000 -0400
++++ policy-1.23.13/man/man8/httpd_selinux.8	2005-04-25 15:18:00.000000000 -0400
 @@ -90,6 +90,12 @@
  setsebool -P httpd_can_network_connect 1
  
@@ -649,9 +699,9 @@
  You can disable SELinux protection for the httpd daemon by executing:
  .br
  
-diff --exclude-from=exclude -N -u -r nsapolicy/targeted/appconfig/default_contexts policy-1.23.12/targeted/appconfig/default_contexts
+diff --exclude-from=exclude -N -u -r nsapolicy/targeted/appconfig/default_contexts policy-1.23.13/targeted/appconfig/default_contexts
 --- nsapolicy/targeted/appconfig/default_contexts	2005-02-24 14:51:10.000000000 -0500
-+++ policy-1.23.12/targeted/appconfig/default_contexts	2005-04-22 14:41:39.000000000 -0400
++++ policy-1.23.13/targeted/appconfig/default_contexts	2005-04-25 15:18:00.000000000 -0400
 @@ -1,5 +1,6 @@
  system_r:unconfined_t	system_r:unconfined_t
  system_r:initrc_t	system_r:unconfined_t
@@ -659,9 +709,9 @@
  system_r:remote_login_t system_r:unconfined_t
  system_r:rshd_t		system_r:unconfined_t
  system_r:crond_t	system_r:unconfined_t
-diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/compat.te policy-1.23.12/targeted/domains/program/compat.te
+diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/compat.te policy-1.23.13/targeted/domains/program/compat.te
 --- nsapolicy/targeted/domains/program/compat.te	2005-04-25 14:48:59.000000000 -0400
-+++ policy-1.23.12/targeted/domains/program/compat.te	2005-04-21 14:12:14.000000000 -0400
++++ policy-1.23.13/targeted/domains/program/compat.te	2005-04-25 15:18:00.000000000 -0400
 @@ -1,7 +1,5 @@
  typealias sbin_t alias setfiles_exec_t;
  typealias bin_t alias mount_exec_t;
@@ -670,9 +720,25 @@
  typealias bin_t alias loadkeys_exec_t;
  typealias bin_t alias dmesg_exec_t;
  typealias sbin_t alias fsadm_exec_t;
-diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/hotplug.te policy-1.23.12/targeted/domains/program/hotplug.te
+diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/crond.te policy-1.23.13/targeted/domains/program/crond.te
+--- nsapolicy/targeted/domains/program/crond.te	2005-03-11 15:31:07.000000000 -0500
++++ policy-1.23.13/targeted/domains/program/crond.te	2005-04-25 16:05:04.000000000 -0400
+@@ -18,7 +18,6 @@
+ type system_cron_spool_t, file_type, sysadmfile;
+ type sysadm_cron_spool_t, file_type, sysadmfile;
+ type crond_log_t, file_type, sysadmfile;
+-type crond_var_run_t, file_type, sysadmfile;
+ role system_r types crond_t;
+ domain_auto_trans(initrc_t, crond_exec_t, crond_t)
+ domain_auto_trans(initrc_t, anacron_exec_t, crond_t)
+@@ -30,3 +29,4 @@
+ allow crond_t initrc_t:dbus send_msg;
+ allow crond_t unconfined_t:dbus send_msg;
+ allow crond_t unconfined_t:process transition;
++var_run_domain(crond_t)
+diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/hotplug.te policy-1.23.13/targeted/domains/program/hotplug.te
 --- nsapolicy/targeted/domains/program/hotplug.te	2005-03-11 15:31:07.000000000 -0500
-+++ policy-1.23.12/targeted/domains/program/hotplug.te	1969-12-31 19:00:00.000000000 -0500
++++ policy-1.23.13/targeted/domains/program/hotplug.te	1969-12-31 19:00:00.000000000 -0500
 @@ -1,17 +0,0 @@
 -#DESC Hotplug - Hardware event manager
 -#
@@ -691,9 +757,21 @@
 -type hotplug_exec_t, file_type, sysadmfile, exec_type;
 -typealias var_run_t alias hotplug_var_run_t;
 -typealias etc_t alias hotplug_etc_t;
-diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/udev.te policy-1.23.12/targeted/domains/program/udev.te
+diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/sendmail.te policy-1.23.13/targeted/domains/program/sendmail.te
+--- nsapolicy/targeted/domains/program/sendmail.te	2005-02-24 14:51:10.000000000 -0500
++++ policy-1.23.13/targeted/domains/program/sendmail.te	2005-04-25 16:05:32.000000000 -0400
+@@ -12,6 +12,7 @@
+ #
+ type sendmail_exec_t, file_type, sysadmfile, exec_type;
+ type sendmail_log_t, file_type, sysadmfile;
+-type sendmail_var_run_t, file_type, sysadmfile;
+ type etc_mail_t, file_type, sysadmfile;
+ domain_auto_trans(initrc_t, sendmail_exec_t, sendmail_t)
++var_run_domain(sendmail)
++
+diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/udev.te policy-1.23.13/targeted/domains/program/udev.te
 --- nsapolicy/targeted/domains/program/udev.te	2005-02-24 14:51:10.000000000 -0500
-+++ policy-1.23.12/targeted/domains/program/udev.te	1969-12-31 19:00:00.000000000 -0500
++++ policy-1.23.13/targeted/domains/program/udev.te	1969-12-31 19:00:00.000000000 -0500
 @@ -1,17 +0,0 @@
 -#DESC udev - Linux configurable dynamic device naming support
 -#
@@ -712,17 +790,17 @@
 -type udev_helper_exec_t, file_type, sysadmfile, exec_type;
 -type udev_tdb_t, file_type, sysadmfile, dev_fs;
 -typealias udev_tdb_t alias udev_tbl_t;
-diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/xdm.te policy-1.23.12/targeted/domains/program/xdm.te
+diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/xdm.te policy-1.23.13/targeted/domains/program/xdm.te
 --- nsapolicy/targeted/domains/program/xdm.te	2005-03-15 08:02:24.000000000 -0500
-+++ policy-1.23.12/targeted/domains/program/xdm.te	2005-04-22 09:43:08.000000000 -0400
++++ policy-1.23.13/targeted/domains/program/xdm.te	2005-04-25 15:18:00.000000000 -0400
 @@ -20,3 +20,4 @@
  type xdm_var_lib_t, file_type, sysadmfile;
  type xdm_tmp_t, file_type, sysadmfile;
  domain_auto_trans(initrc_t, xdm_exec_t, xdm_t)
 +domain_auto_trans(init_t, xdm_exec_t, xdm_t)
-diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/unconfined.te policy-1.23.12/targeted/domains/unconfined.te
+diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/unconfined.te policy-1.23.13/targeted/domains/unconfined.te
 --- nsapolicy/targeted/domains/unconfined.te	2005-04-20 15:40:35.000000000 -0400
-+++ policy-1.23.12/targeted/domains/unconfined.te	2005-04-22 14:08:54.000000000 -0400
++++ policy-1.23.13/targeted/domains/unconfined.te	2005-04-25 15:18:00.000000000 -0400
 @@ -15,7 +15,7 @@
  # Define some type aliases to help with compatibility with
  # macros and domains from the "strict" policy.
@@ -740,9 +818,9 @@
  allow unlabeled_t self:filesystem associate;
  
  # Support NFS home directories
-diff --exclude-from=exclude -N -u -r nsapolicy/targeted/initial_sid_contexts policy-1.23.12/targeted/initial_sid_contexts
+diff --exclude-from=exclude -N -u -r nsapolicy/targeted/initial_sid_contexts policy-1.23.13/targeted/initial_sid_contexts
 --- nsapolicy/targeted/initial_sid_contexts	2005-02-24 14:51:10.000000000 -0500
-+++ policy-1.23.12/targeted/initial_sid_contexts	1969-12-31 19:00:00.000000000 -0500
++++ policy-1.23.13/targeted/initial_sid_contexts	1969-12-31 19:00:00.000000000 -0500
 @@ -1,47 +0,0 @@
 -# FLASK
 -
@@ -791,9 +869,9 @@
 -sid devnull	system_u:object_r:null_device_t
 -
 -# FLASK
-diff --exclude-from=exclude -N -u -r nsapolicy/tunables/distro.tun policy-1.23.12/tunables/distro.tun
+diff --exclude-from=exclude -N -u -r nsapolicy/tunables/distro.tun policy-1.23.13/tunables/distro.tun
 --- nsapolicy/tunables/distro.tun	2005-02-24 14:51:09.000000000 -0500
-+++ policy-1.23.12/tunables/distro.tun	2005-04-21 08:05:17.000000000 -0400
++++ policy-1.23.13/tunables/distro.tun	2005-04-25 15:18:00.000000000 -0400
 @@ -5,7 +5,7 @@
  # appropriate ifdefs.
  
@@ -803,9 +881,9 @@
  
  dnl define(`distro_suse')
  
-diff --exclude-from=exclude -N -u -r nsapolicy/tunables/tunable.tun policy-1.23.12/tunables/tunable.tun
+diff --exclude-from=exclude -N -u -r nsapolicy/tunables/tunable.tun policy-1.23.13/tunables/tunable.tun
 --- nsapolicy/tunables/tunable.tun	2005-04-14 15:01:54.000000000 -0400
-+++ policy-1.23.12/tunables/tunable.tun	2005-04-21 08:05:17.000000000 -0400
++++ policy-1.23.13/tunables/tunable.tun	2005-04-25 15:18:00.000000000 -0400
 @@ -2,7 +2,7 @@
  dnl define(`user_can_mount')
  
@@ -829,9 +907,9 @@
  
  # Allow xinetd to run unconfined, including any services it starts
  # that do not have a domain transition explicitly defined.
-diff --exclude-from=exclude -N -u -r nsapolicy/types/network.te policy-1.23.12/types/network.te
+diff --exclude-from=exclude -N -u -r nsapolicy/types/network.te policy-1.23.13/types/network.te
 --- nsapolicy/types/network.te	2005-04-20 15:40:35.000000000 -0400
-+++ policy-1.23.12/types/network.te	2005-04-22 06:57:20.000000000 -0400
++++ policy-1.23.13/types/network.te	2005-04-25 15:18:00.000000000 -0400
 @@ -31,6 +31,7 @@
  type http_cache_port_t, port_type, reserved_port_type;
  type http_port_t, port_type, reserved_port_type;


Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/devel/selinux-policy-strict.spec,v
retrieving revision 1.289
retrieving revision 1.290
diff -u -r1.289 -r1.290
--- selinux-policy-strict.spec	25 Apr 2005 19:19:20 -0000	1.289
+++ selinux-policy-strict.spec	26 Apr 2005 01:40:45 -0000	1.290
@@ -11,7 +11,7 @@
 Summary: SELinux %{type} policy configuration
 Name: selinux-policy-%{type}
 Version: 1.23.13
-Release: 1
+Release: 2
 License: GPL
 Group: System Environment/Base
 Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -220,6 +220,10 @@
 exit 0
 
 %changelog
+* Mon Apr 25 2005 Dan Walsh <dwalsh at redhat.com> 1.23.13-2
+- Small fixes for targeted policy
+- Add updfstab
+
 * Mon Apr 25 2005 Dan Walsh <dwalsh at redhat.com> 1.23.13-1
 - Update to latest from NSA 
 	* Merged more changes from Dan Walsh to initrc_t for removal of

More information about the fedora-cvs-commits mailing list