rpms/selinux-policy-targeted/FC-3 policy-20050104.patch, 1.40, 1.41 selinux-policy-targeted.spec, 1.208, 1.209
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Jun 10 10:53:52 UTC 2005
- Previous message (by thread): rpms/xerces-j2/devel xerces-j2-bz152255.patch, 1.2, 1.3 xerces-j2.spec, 1.26, 1.27
- Next message (by thread): rpms/iiimf/devel EIMIL-fix-uninitialized-value.patch, NONE, 1.1 iiimf.spec, 1.55, 1.56 xiiimp-xft.patch, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-targeted/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv28634
Modified Files:
policy-20050104.patch selinux-policy-targeted.spec
Log Message:
* Fri Jun 10 2005 Dan Walsh <dwalsh at redhat.com> 1.17.30-3.8
- Add daemon attribute to daemon_core_domain to make nscd work correctly
policy-20050104.patch:
Makefile | 50 +++--
attrib.te | 29 +++
domains/program/crond.te | 7
domains/program/ldconfig.te | 24 ++
domains/program/login.te | 2
domains/program/logrotate.te | 24 +-
domains/program/mount.te | 2
domains/program/ssh.te | 7
domains/program/syslogd.te | 40 ++--
domains/program/unused/acct.te | 6
domains/program/unused/apache.te | 307 ++++++++++++++++++++++------------
domains/program/unused/arpwatch.te | 26 ++
domains/program/unused/cups.te | 58 +++++-
domains/program/unused/dhcpc.te | 5
domains/program/unused/dhcpd.te | 20 +-
domains/program/unused/dovecot.te | 3
domains/program/unused/ftpd.te | 2
domains/program/unused/hald.te | 3
domains/program/unused/howl.te | 2
domains/program/unused/innd.te | 7
domains/program/unused/ipsec.te | 9
domains/program/unused/iptables.te | 3
domains/program/unused/mailman.te | 29 ++-
domains/program/unused/mdadm.te | 3
domains/program/unused/mta.te | 25 ++
domains/program/unused/mysqld.te | 26 +-
domains/program/unused/named.te | 39 ++--
domains/program/unused/nscd.te | 62 +++---
domains/program/unused/ntpd.te | 27 ++
domains/program/unused/portmap.te | 21 ++
domains/program/unused/postfix.te | 2
domains/program/unused/postgresql.te | 62 +++++-
domains/program/unused/procmail.te | 1
domains/program/unused/rpcd.te | 2
domains/program/unused/rpm.te | 5
domains/program/unused/rsync.te | 2
domains/program/unused/samba.te | 4
domains/program/unused/sendmail.te | 2
domains/program/unused/slrnpull.te | 1
domains/program/unused/snmpd.te | 31 ++-
domains/program/unused/spamd.te | 2
domains/program/unused/squid.te | 30 ++-
domains/program/unused/udev.te | 5
domains/program/unused/updfstab.te | 1
domains/program/unused/winbind.te | 35 +++
domains/program/unused/xdm.te | 4
domains/program/unused/ypbind.te | 15 -
domains/program/unused/ypserv.te | 7
domains/user.te | 6
file_contexts/distros.fc | 174 +++++++++++++++++--
file_contexts/program/apache.fc | 24 ++
file_contexts/program/arpwatch.fc | 3
file_contexts/program/cups.fc | 5
file_contexts/program/dhcpd.fc | 25 ++
file_contexts/program/ipsec.fc | 11 -
file_contexts/program/mailman.fc | 15 -
file_contexts/program/mta.fc | 5
file_contexts/program/mysqld.fc | 4
file_contexts/program/named.fc | 18 +
file_contexts/program/nscd.fc | 3
file_contexts/program/ntpd.fc | 10 -
file_contexts/program/portmap.fc | 9
file_contexts/program/postgresql.fc | 23 --
file_contexts/program/sendmail.fc | 1
file_contexts/program/snmpd.fc | 4
file_contexts/program/squid.fc | 2
file_contexts/program/syslogd.fc | 3
file_contexts/program/winbind.fc | 10 +
file_contexts/types.fc | 207 +++++++++-------------
flask/access_vectors | 31 +++
flask/security_classes | 6
genfs_contexts | 2
macros/base_user_macros.te | 9
macros/core_macros.te | 98 +++++++---
macros/global_macros.te | 95 +++-------
macros/network_macros.te | 172 +++++++++++++++++++
macros/program/apache_macros.te | 144 ++++++++-------
macros/program/kerberos_macros.te | 11 +
macros/program/mount_macros.te | 2
macros/program/mozilla_macros.te | 2
macros/program/mta_macros.te | 5
macros/program/newrole_macros.te | 2
macros/program/spamassassin_macros.te | 5
macros/program/ssh_agent_macros.te | 2
macros/program/ssh_macros.te | 2
macros/program/su_macros.te | 2
macros/program/userhelper_macros.te | 3
macros/program/xauth_macros.te | 2
macros/program/xserver_macros.te | 4
macros/program/ypbind_macros.te | 24 --
man/man8/httpd_selinux.8 | 114 ++++++++++++
man/man8/named_selinux.8 | 29 +++
net_contexts | 99 +++++++---
targeted/assert.te | 6
targeted/domains/program/hotplug.te | 4
targeted/domains/program/initrc.te | 2
targeted/domains/program/sendmail.te | 17 +
targeted/domains/unconfined.te | 64 ++++++-
targeted/types/apache.te | 5
tunables/distro.tun | 2
tunables/tunable.tun | 21 --
types/device.te | 9
types/file.te | 89 ++++++---
types/network.te | 56 ++++--
types/procfs.te | 4
105 files changed, 1972 insertions(+), 813 deletions(-)
Index: policy-20050104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-3/policy-20050104.patch,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -r1.40 -r1.41
--- policy-20050104.patch 9 Jun 2005 16:56:53 -0000 1.40
+++ policy-20050104.patch 10 Jun 2005 10:53:50 -0000 1.41
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicy/attrib.te policy-1.17.30/attrib.te
--- nsapolicy/attrib.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/attrib.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/attrib.te 2005-06-10 06:52:30.000000000 -0400
@@ -44,6 +44,10 @@
# init to kill all processes.
attribute domain;
@@ -65,7 +65,7 @@
+attribute customizable;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/crond.te policy-1.17.30/domains/program/crond.te
--- nsapolicy/domains/program/crond.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/crond.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/crond.te 2005-06-10 06:52:30.000000000 -0400
@@ -203,3 +203,10 @@
r_dir_file(system_crond_t, file_context_t)
can_getsecurity(system_crond_t)
@@ -79,7 +79,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ldconfig.te policy-1.17.30/domains/program/ldconfig.te
--- nsapolicy/domains/program/ldconfig.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/ldconfig.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/ldconfig.te 2005-06-10 06:52:30.000000000 -0400
@@ -8,7 +8,7 @@
#
# Rules for the ldconfig_t domain.
@@ -120,7 +120,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/login.te policy-1.17.30/domains/program/login.te
--- nsapolicy/domains/program/login.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/login.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/login.te 2005-06-10 06:52:30.000000000 -0400
@@ -76,9 +76,7 @@
# Set exec context.
can_setexec($1_login_t)
@@ -133,7 +133,7 @@
ifdef(`nfs_home_dirs', `
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/logrotate.te policy-1.17.30/domains/program/logrotate.te
--- nsapolicy/domains/program/logrotate.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/logrotate.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/logrotate.te 2005-06-10 06:52:30.000000000 -0400
@@ -13,20 +13,22 @@
# logrotate_t is the domain for the logrotate program.
# logrotate_exec_t is the type of the corresponding program.
@@ -221,7 +221,7 @@
+allow logrotate_t tmpfs_t:filesystem associate;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/mount.te policy-1.17.30/domains/program/mount.te
--- nsapolicy/domains/program/mount.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/mount.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/mount.te 2005-06-10 06:52:30.000000000 -0400
@@ -83,9 +83,7 @@
# for localization
@@ -234,7 +234,7 @@
# This rule needs to be generalized. Only admin, initrc should have it.
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ssh.te policy-1.17.30/domains/program/ssh.te
--- nsapolicy/domains/program/ssh.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/ssh.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/ssh.te 2005-06-10 06:52:30.000000000 -0400
@@ -73,10 +73,8 @@
allow $1_t self:capability { sys_chroot sys_resource chown dac_override fowner fsetid setgid setuid sys_tty_config };
allow $1_t { home_root_t home_dir_type }:dir { search getattr };
@@ -259,7 +259,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/syslogd.te policy-1.17.30/domains/program/syslogd.te
--- nsapolicy/domains/program/syslogd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/syslogd.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/syslogd.te 2005-06-10 06:52:30.000000000 -0400
@@ -14,13 +14,13 @@
# by syslogd.
#
@@ -346,7 +346,7 @@
+allow syslogd_t rsh_port_t:tcp_socket name_connect;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/acct.te policy-1.17.30/domains/program/unused/acct.te
--- nsapolicy/domains/program/unused/acct.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/acct.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/acct.te 2005-06-10 06:52:30.000000000 -0400
@@ -23,7 +23,7 @@
ifdef(`logrotate.te', `
@@ -366,7 +366,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apache.te policy-1.17.30/domains/program/unused/apache.te
--- nsapolicy/domains/program/unused/apache.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/apache.te 2005-06-09 12:52:49.000000000 -0400
++++ policy-1.17.30/domains/program/unused/apache.te 2005-06-10 06:52:30.000000000 -0400
@@ -19,7 +19,17 @@
# the user CGI scripts, then relabel rule for user_r should be removed.
#
@@ -791,7 +791,7 @@
')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/arpwatch.te policy-1.17.30/domains/program/unused/arpwatch.te
--- nsapolicy/domains/program/unused/arpwatch.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.17.30/domains/program/unused/arpwatch.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/arpwatch.te 2005-06-10 06:52:30.000000000 -0400
@@ -0,0 +1,26 @@
+#DESC arpwatch - keep track of ethernet/ip address pairings
+#
@@ -821,7 +821,7 @@
+allow arpwatch_t sbin_t:dir { search };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.17.30/domains/program/unused/cups.te
--- nsapolicy/domains/program/unused/cups.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/cups.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/cups.te 2005-06-10 06:52:30.000000000 -0400
@@ -20,10 +20,10 @@
can_network(cupsd_t)
@@ -911,7 +911,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dhcpc.te policy-1.17.30/domains/program/unused/dhcpc.te
--- nsapolicy/domains/program/unused/dhcpc.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/dhcpc.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/dhcpc.te 2005-06-10 06:52:30.000000000 -0400
@@ -36,7 +36,9 @@
ifdef(`consoletype.te', `
domain_auto_trans(dhcpc_t, consoletype_exec_t, consoletype_t)
@@ -930,7 +930,7 @@
+dontaudit dhcpc_t selinux_config_t:dir { search };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dhcpd.te policy-1.17.30/domains/program/unused/dhcpd.te
--- nsapolicy/domains/program/unused/dhcpd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/dhcpd.te 2005-06-09 12:35:24.000000000 -0400
++++ policy-1.17.30/domains/program/unused/dhcpd.te 2005-06-10 06:52:30.000000000 -0400
@@ -15,7 +15,7 @@
# dhcpd_exec_t is the type of the dhcpdd executable.
# The dhcpd_t can be used for other DHCPC related files as well.
@@ -983,7 +983,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dovecot.te policy-1.17.30/domains/program/unused/dovecot.te
--- nsapolicy/domains/program/unused/dovecot.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/dovecot.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/dovecot.te 2005-06-10 06:52:30.000000000 -0400
@@ -44,3 +44,6 @@
allow dovecot_auth_t etc_t:file { getattr read };
allow dovecot_auth_t { self proc_t }:file { getattr read };
@@ -993,7 +993,7 @@
+allow dovecot_auth_t sysctl_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ftpd.te policy-1.17.30/domains/program/unused/ftpd.te
--- nsapolicy/domains/program/unused/ftpd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/ftpd.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/ftpd.te 2005-06-10 06:52:30.000000000 -0400
@@ -89,9 +89,7 @@
dontaudit ftpd_t krb5_conf_t:file { write };
dontaudit ftpd_t selinux_config_t:dir search;
@@ -1006,7 +1006,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hald.te policy-1.17.30/domains/program/unused/hald.te
--- nsapolicy/domains/program/unused/hald.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/hald.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/hald.te 2005-06-10 06:52:30.000000000 -0400
@@ -61,3 +61,6 @@
allow hald_t usbfs_t:file { getattr read };
allow hald_t bin_t:lnk_file read;
@@ -1016,7 +1016,7 @@
+allow hald_t etc_runtime_t:file rw_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/howl.te policy-1.17.30/domains/program/unused/howl.te
--- nsapolicy/domains/program/unused/howl.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/howl.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/howl.te 2005-06-10 06:52:30.000000000 -0400
@@ -2,7 +2,7 @@
allow howl_t proc_t:file { getattr read };
can_network(howl_t)
@@ -1028,7 +1028,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/innd.te policy-1.17.30/domains/program/unused/innd.te
--- nsapolicy/domains/program/unused/innd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/innd.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/innd.te 2005-06-10 06:52:30.000000000 -0400
@@ -21,7 +21,7 @@
r_dir_file(userdomain, { news_spool_t innd_var_lib_t innd_etc_t })
@@ -1049,7 +1049,7 @@
+allow innd_t sbin_t:lnk_file { read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ipsec.te policy-1.17.30/domains/program/unused/ipsec.te
--- nsapolicy/domains/program/unused/ipsec.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/ipsec.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/ipsec.te 2005-06-10 06:52:30.000000000 -0400
@@ -30,6 +30,7 @@
domain_auto_trans(ipsec_mgmt_t, ipsec_exec_t, ipsec_t)
file_type_auto_trans(ipsec_mgmt_t, var_run_t, ipsec_var_run_t, sock_file)
@@ -1086,7 +1086,7 @@
+rw_dir_create_file(ipsec_mgmt_t, ipsec_var_run_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/iptables.te policy-1.17.30/domains/program/unused/iptables.te
--- nsapolicy/domains/program/unused/iptables.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/iptables.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/iptables.te 2005-06-10 06:52:30.000000000 -0400
@@ -37,10 +37,11 @@
# for iptables -L
allow iptables_t self:unix_stream_socket create_socket_perms;
@@ -1102,7 +1102,7 @@
allow iptables_t etc_t:file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/mailman.te policy-1.17.30/domains/program/unused/mailman.te
--- nsapolicy/domains/program/unused/mailman.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/mailman.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/mailman.te 2005-06-10 06:52:30.000000000 -0400
@@ -15,12 +15,13 @@
role system_r types mailman_$1_t;
file_type_auto_trans(mailman_$1_t, var_log_t, mailman_log_t, file)
@@ -1180,7 +1180,7 @@
+can_exec(logrotate_t, mailman_mail_exec_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/mdadm.te policy-1.17.30/domains/program/unused/mdadm.te
--- nsapolicy/domains/program/unused/mdadm.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/mdadm.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/mdadm.te 2005-06-10 06:52:30.000000000 -0400
@@ -18,7 +18,7 @@
read_locale(mdadm_t)
@@ -1197,7 +1197,7 @@
+allow mdadm_t var_t:dir { getattr };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/mta.te policy-1.17.30/domains/program/unused/mta.te
--- nsapolicy/domains/program/unused/mta.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/mta.te 2005-06-09 12:36:06.000000000 -0400
++++ policy-1.17.30/domains/program/unused/mta.te 2005-06-10 06:52:30.000000000 -0400
@@ -13,13 +13,25 @@
ifdef(`sendmail.te', `', `
type sendmail_exec_t, file_type, exec_type, sysadmfile;
@@ -1259,7 +1259,7 @@
+allow system_mail_t { random_device_t urandom_device_t }:chr_file read;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/mysqld.te policy-1.17.30/domains/program/unused/mysqld.te
--- nsapolicy/domains/program/unused/mysqld.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/mysqld.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/mysqld.te 2005-06-10 06:52:30.000000000 -0400
@@ -18,7 +18,6 @@
allow mysqld_t mysqld_var_run_t:sock_file create_file_perms;
@@ -1331,7 +1331,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/named.te policy-1.17.30/domains/program/unused/named.te
--- nsapolicy/domains/program/unused/named.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/named.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/named.te 2005-06-10 06:52:30.000000000 -0400
@@ -15,11 +15,14 @@
daemon_domain(named, `, nscd_client_domain')
tmp_domain(named)
@@ -1444,7 +1444,7 @@
+dontaudit ndc_t sysadm_tty_device_t:chr_file { ioctl };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/nscd.te policy-1.17.30/domains/program/unused/nscd.te
--- nsapolicy/domains/program/unused/nscd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/nscd.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/nscd.te 2005-06-10 06:52:30.000000000 -0400
@@ -3,76 +3,74 @@
# Author: Russell Coker <russell at coker.com.au>
# X-Debian-Packages: nscd
@@ -1554,7 +1554,7 @@
+log_domain(nscd)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ntpd.te policy-1.17.30/domains/program/unused/ntpd.te
--- nsapolicy/domains/program/unused/ntpd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/ntpd.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/ntpd.te 2005-06-10 06:52:30.000000000 -0400
@@ -12,17 +12,23 @@
type ntp_drift_t, file_type, sysadmfile;
type ntp_port_t, port_type, reserved_port_type;
@@ -1634,7 +1634,7 @@
+allow ntpd_t device_t:lnk_file read;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/portmap.te policy-1.17.30/domains/program/unused/portmap.te
--- nsapolicy/domains/program/unused/portmap.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/portmap.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/portmap.te 2005-06-10 06:52:30.000000000 -0400
@@ -14,15 +14,15 @@
daemon_domain(portmap, `, nscd_client_domain')
@@ -1677,7 +1677,7 @@
+dontaudit portmap_helper_t reserved_port_type:{ tcp_socket udp_socket } name_bind;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/postfix.te policy-1.17.30/domains/program/unused/postfix.te
--- nsapolicy/domains/program/unused/postfix.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/postfix.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/postfix.te 2005-06-10 06:52:30.000000000 -0400
@@ -124,7 +124,7 @@
allow postfix_master_t postfix_spool_maildrop_t:file { unlink rename getattr };
allow postfix_master_t postfix_prng_t:file getattr;
@@ -1689,7 +1689,7 @@
allow postfix_smtpd_t saslauthd_var_run_t:dir { search getattr };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/postgresql.te policy-1.17.30/domains/program/unused/postgresql.te
--- nsapolicy/domains/program/unused/postgresql.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/postgresql.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/postgresql.te 2005-06-10 06:52:30.000000000 -0400
@@ -13,6 +13,7 @@
type postgresql_port_t, port_type;
daemon_domain(postgresql)
@@ -1820,7 +1820,7 @@
+}
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/procmail.te policy-1.17.30/domains/program/unused/procmail.te
--- nsapolicy/domains/program/unused/procmail.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/procmail.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/procmail.te 2005-06-10 06:52:30.000000000 -0400
@@ -71,3 +71,4 @@
ifdef(`sendmail.te', `
r_dir_file(procmail_t, etc_mail_t)
@@ -1828,7 +1828,7 @@
+allow procmail_t mqueue_spool_t:file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rpcd.te policy-1.17.30/domains/program/unused/rpcd.te
--- nsapolicy/domains/program/unused/rpcd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/rpcd.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/rpcd.te 2005-06-10 06:52:30.000000000 -0400
@@ -122,4 +122,4 @@
r_dir_file(rpcd_t, rpc_pipefs_t)
@@ -1837,7 +1837,7 @@
+dontaudit rpcd_t selinux_config_t:dir { search };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rpm.te policy-1.17.30/domains/program/unused/rpm.te
--- nsapolicy/domains/program/unused/rpm.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/rpm.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/rpm.te 2005-06-10 06:52:30.000000000 -0400
@@ -80,11 +80,9 @@
# bash tries ioctl for some reason
dontaudit initrc_t pidfile:file ioctl;
@@ -1869,7 +1869,7 @@
unconfined_domain(rpm_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rsync.te policy-1.17.30/domains/program/unused/rsync.te
--- nsapolicy/domains/program/unused/rsync.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/rsync.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/rsync.te 2005-06-10 06:52:30.000000000 -0400
@@ -11,3 +11,5 @@
#
@@ -1878,7 +1878,7 @@
+r_dir_file(rsync_t, rsync_data_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/samba.te policy-1.17.30/domains/program/unused/samba.te
--- nsapolicy/domains/program/unused/samba.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/samba.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/samba.te 2005-06-10 06:52:30.000000000 -0400
@@ -113,4 +113,6 @@
allow nmbd_t samba_log_t:file { create ra_file_perms };
allow nmbd_t var_log_t:dir search;
@@ -1889,7 +1889,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/sendmail.te policy-1.17.30/domains/program/unused/sendmail.te
--- nsapolicy/domains/program/unused/sendmail.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/sendmail.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/sendmail.te 2005-06-10 06:52:30.000000000 -0400
@@ -99,3 +99,5 @@
allow system_mail_t sysctl_kernel_t:file read;
dontaudit system_mail_t system_crond_tmp_t:file { append };
@@ -1898,7 +1898,7 @@
+dontaudit sendmail_t initrc_var_run_t:file { lock write };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/slrnpull.te policy-1.17.30/domains/program/unused/slrnpull.te
--- nsapolicy/domains/program/unused/slrnpull.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/slrnpull.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/slrnpull.te 2005-06-10 06:52:30.000000000 -0400
@@ -21,3 +21,4 @@
allow userdomain slrnpull_spool_t:dir { search };
rw_dir_create_file(slrnpull_t, slrnpull_spool_t)
@@ -1906,7 +1906,7 @@
+allow slrnpull_t slrnpull_spool_t:dir create_dir_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/snmpd.te policy-1.17.30/domains/program/unused/snmpd.te
--- nsapolicy/domains/program/unused/snmpd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/snmpd.te 2005-06-09 12:36:51.000000000 -0400
++++ policy-1.17.30/domains/program/unused/snmpd.te 2005-06-10 06:52:30.000000000 -0400
@@ -8,25 +8,23 @@
#
# Rules for the snmpd_t domain.
@@ -1991,7 +1991,7 @@
+dontaudit snmpd_t selinux_config_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/spamd.te policy-1.17.30/domains/program/unused/spamd.te
--- nsapolicy/domains/program/unused/spamd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/spamd.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/spamd.te 2005-06-10 06:52:30.000000000 -0400
@@ -55,9 +55,7 @@
system_crond_entry(spamd_exec_t, spamd_t)
@@ -2004,7 +2004,7 @@
allow spamd_t nfs_t:file create_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/squid.te policy-1.17.30/domains/program/unused/squid.te
--- nsapolicy/domains/program/unused/squid.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/squid.te 2005-06-09 12:50:49.000000000 -0400
++++ policy-1.17.30/domains/program/unused/squid.te 2005-06-10 06:52:30.000000000 -0400
@@ -12,30 +12,30 @@
ifdef(`apache.te',`
can_tcp_connect(squid_t, httpd_t)
@@ -2076,7 +2076,7 @@
+r_dir_file(squid_t, cert_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/udev.te policy-1.17.30/domains/program/unused/udev.te
--- nsapolicy/domains/program/unused/udev.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/udev.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/udev.te 2005-06-10 06:52:30.000000000 -0400
@@ -106,7 +106,8 @@
allow udev_t device_t:dir { relabelfrom relabelto create_dir_perms };
@@ -2090,7 +2090,7 @@
+allow udev_t dev_fs:{ chr_file blk_file } { relabelfrom relabelto };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/updfstab.te policy-1.17.30/domains/program/unused/updfstab.te
--- nsapolicy/domains/program/unused/updfstab.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/updfstab.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/updfstab.te 2005-06-10 06:52:30.000000000 -0400
@@ -69,3 +69,4 @@
can_exec(updfstab_t, { sbin_t bin_t ls_exec_t } )
dontaudit updfstab_t home_root_t:dir { getattr search };
@@ -2098,7 +2098,7 @@
+allow updfstab_t fs_t:filesystem { getattr };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/winbind.te policy-1.17.30/domains/program/unused/winbind.te
--- nsapolicy/domains/program/unused/winbind.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.17.30/domains/program/unused/winbind.te 2005-06-09 12:34:50.000000000 -0400
++++ policy-1.17.30/domains/program/unused/winbind.te 2005-06-10 06:52:30.000000000 -0400
@@ -0,0 +1,35 @@
+#DESC winbind - Name Service Switch daemon for resolving names from NT servers
+#
@@ -2137,7 +2137,7 @@
+allow winbind_t winbind_var_run_t:sock_file create_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/xdm.te policy-1.17.30/domains/program/unused/xdm.te
--- nsapolicy/domains/program/unused/xdm.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/xdm.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/xdm.te 2005-06-10 06:52:30.000000000 -0400
@@ -277,9 +277,7 @@
allow xdm_xserver_t user_home_type:file { getattr read };
@@ -2159,7 +2159,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ypbind.te policy-1.17.30/domains/program/unused/ypbind.te
--- nsapolicy/domains/program/unused/ypbind.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/ypbind.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/ypbind.te 2005-06-10 06:52:30.000000000 -0400
@@ -15,16 +15,17 @@
tmp_domain(ypbind)
@@ -2194,7 +2194,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ypserv.te policy-1.17.30/domains/program/unused/ypserv.te
--- nsapolicy/domains/program/unused/ypserv.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/ypserv.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/program/unused/ypserv.te 2005-06-10 06:52:30.000000000 -0400
@@ -13,7 +13,7 @@
tmp_domain(ypserv)
@@ -2215,7 +2215,7 @@
+allow ypserv_t reserved_port_t:{ udp_socket tcp_socket } { name_bind };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/user.te policy-1.17.30/domains/user.te
--- nsapolicy/domains/user.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/user.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/domains/user.te 2005-06-10 06:52:30.000000000 -0400
@@ -7,6 +7,12 @@
# Allow users to read system messages.
bool user_dmesg false;
@@ -2231,7 +2231,7 @@
# and may change other protocols
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/distros.fc policy-1.17.30/file_contexts/distros.fc
--- nsapolicy/file_contexts/distros.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/distros.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/distros.fc 2005-06-10 06:52:30.000000000 -0400
@@ -1,34 +1,168 @@
ifdef(`distro_redhat', `
-/usr/share/system-config-network(/netconfig)?/[^/]+.py -- system_u:object_r:bin_t
@@ -2423,7 +2423,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/apache.fc policy-1.17.30/file_contexts/program/apache.fc
--- nsapolicy/file_contexts/program/apache.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/apache.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/apache.fc 2005-06-10 06:52:30.000000000 -0400
@@ -1,6 +1,7 @@
# apache
HOME_DIR/((www)|(web)|(public_html))(/.+)? system_u:object_r:httpd_ROLE_content_t
@@ -2470,14 +2470,14 @@
')
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/arpwatch.fc policy-1.17.30/file_contexts/program/arpwatch.fc
--- nsapolicy/file_contexts/program/arpwatch.fc 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.17.30/file_contexts/program/arpwatch.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/arpwatch.fc 2005-06-10 06:52:30.000000000 -0400
@@ -0,0 +1,3 @@
+# arpwatch - keep track of ethernet/ip address pairings
+/usr/sbin/arpwatch -- system_u:object_r:arpwatch_exec_t
+/var/arpwatch(/.*)? system_u:object_r:arpwatch_data_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/cups.fc policy-1.17.30/file_contexts/program/cups.fc
--- nsapolicy/file_contexts/program/cups.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/cups.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/cups.fc 2005-06-10 06:52:30.000000000 -0400
@@ -18,8 +18,9 @@
/usr/lib(64)?/cups/backend/.* -- system_u:object_r:cupsd_exec_t
/usr/lib(64)?/cups/daemon/.* -- system_u:object_r:cupsd_exec_t
@@ -2492,7 +2492,7 @@
/var/run/cups/printcap -- system_u:object_r:cupsd_var_run_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/dhcpd.fc policy-1.17.30/file_contexts/program/dhcpd.fc
--- nsapolicy/file_contexts/program/dhcpd.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/dhcpd.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/dhcpd.fc 2005-06-10 06:52:30.000000000 -0400
@@ -1,5 +1,5 @@
# dhcpd
-/etc/dhcpd.conf -- system_u:object_r:dhcp_etc_t
@@ -2529,7 +2529,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/ipsec.fc policy-1.17.30/file_contexts/program/ipsec.fc
--- nsapolicy/file_contexts/program/ipsec.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/ipsec.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/ipsec.fc 2005-06-10 06:52:30.000000000 -0400
@@ -3,8 +3,10 @@
/etc/ipsec\.secrets -- system_u:object_r:ipsec_key_file_t
/etc/ipsec\.conf -- system_u:object_r:ipsec_conf_file_t
@@ -2557,7 +2557,7 @@
/usr/sbin/racoon -- system_u:object_r:ipsec_exec_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/mailman.fc policy-1.17.30/file_contexts/program/mailman.fc
--- nsapolicy/file_contexts/program/mailman.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/mailman.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/mailman.fc 2005-06-10 06:52:30.000000000 -0400
@@ -1,23 +1,24 @@
# mailman list server
+/var/lib/mailman(/.*)? system_u:object_r:mailman_data_t
@@ -2592,7 +2592,7 @@
')
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/mta.fc policy-1.17.30/file_contexts/program/mta.fc
--- nsapolicy/file_contexts/program/mta.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/mta.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/mta.fc 2005-06-10 06:52:30.000000000 -0400
@@ -5,3 +5,8 @@
/etc/aliases\.db -- system_u:object_r:etc_aliases_t
/var/spool/mail(/.*)? system_u:object_r:mail_spool_t
@@ -2604,7 +2604,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/mysqld.fc policy-1.17.30/file_contexts/program/mysqld.fc
--- nsapolicy/file_contexts/program/mysqld.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/mysqld.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/mysqld.fc 2005-06-10 06:52:30.000000000 -0400
@@ -1,10 +1,10 @@
# mysql database server
-/usr/sbin/mysqld -- system_u:object_r:mysqld_exec_t
@@ -2620,7 +2620,7 @@
ifdef(`distro_debian', `
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/named.fc policy-1.17.30/file_contexts/program/named.fc
--- nsapolicy/file_contexts/program/named.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/named.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/named.fc 2005-06-10 06:52:30.000000000 -0400
@@ -14,20 +14,24 @@
') dnl distro_debian
@@ -2663,7 +2663,7 @@
+') dnl distro_gentoo
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/nscd.fc policy-1.17.30/file_contexts/program/nscd.fc
--- nsapolicy/file_contexts/program/nscd.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/nscd.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/nscd.fc 2005-06-10 06:52:30.000000000 -0400
@@ -2,3 +2,6 @@
/usr/sbin/nscd -- system_u:object_r:nscd_exec_t
/var/run/\.nscd_socket -s system_u:object_r:nscd_var_run_t
@@ -2673,7 +2673,7 @@
+/var/log/nscd\.log.* -- system_u:object_r:nscd_log_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/ntpd.fc policy-1.17.30/file_contexts/program/ntpd.fc
--- nsapolicy/file_contexts/program/ntpd.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/ntpd.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/ntpd.fc 2005-06-10 06:52:30.000000000 -0400
@@ -1,12 +1,12 @@
/var/lib/ntp(/.*)? system_u:object_r:ntp_drift_t
/etc/ntp/data(/.*)? system_u:object_r:ntp_drift_t
@@ -2694,7 +2694,7 @@
/etc/cron\.(daily|weekly)/ntp-server -- system_u:object_r:ntpd_exec_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/portmap.fc policy-1.17.30/file_contexts/program/portmap.fc
--- nsapolicy/file_contexts/program/portmap.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/portmap.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/portmap.fc 2005-06-10 06:52:30.000000000 -0400
@@ -1,3 +1,10 @@
# portmap
/sbin/portmap -- system_u:object_r:portmap_exec_t
@@ -2709,7 +2709,7 @@
+/var/run/portmap.upgrade-state -- system_u:object_r:portmap_var_run_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/postgresql.fc policy-1.17.30/file_contexts/program/postgresql.fc
--- nsapolicy/file_contexts/program/postgresql.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/postgresql.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/postgresql.fc 2005-06-10 06:52:30.000000000 -0400
@@ -1,21 +1,16 @@
-# postgresql - ldap server
+# postgresql - database server
@@ -2743,7 +2743,7 @@
+/usr/lib/pgsql/test/regress/pg_regress -- system_u:object_r:postgresql_exec_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/sendmail.fc policy-1.17.30/file_contexts/program/sendmail.fc
--- nsapolicy/file_contexts/program/sendmail.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/sendmail.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/sendmail.fc 2005-06-10 06:52:30.000000000 -0400
@@ -1,6 +1,5 @@
# sendmail
/etc/mail(/.*)? system_u:object_r:etc_mail_t
@@ -2753,7 +2753,7 @@
/var/run/sendmail.pid -- system_u:object_r:sendmail_var_run_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/snmpd.fc policy-1.17.30/file_contexts/program/snmpd.fc
--- nsapolicy/file_contexts/program/snmpd.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/snmpd.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/snmpd.fc 2005-06-10 06:52:30.000000000 -0400
@@ -1,8 +1,10 @@
# snmpd
/usr/sbin/snmp(trap)?d -- system_u:object_r:snmpd_exec_t
@@ -2768,7 +2768,7 @@
+/var/log/snmpd\.log -- system_u:object_r:snmpd_log_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/squid.fc policy-1.17.30/file_contexts/program/squid.fc
--- nsapolicy/file_contexts/program/squid.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/squid.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/squid.fc 2005-06-10 06:52:30.000000000 -0400
@@ -3,6 +3,6 @@
/var/cache/squid(/.*)? system_u:object_r:squid_cache_t
/var/spool/squid(/.*)? system_u:object_r:squid_cache_t
@@ -2779,7 +2779,7 @@
/usr/share/squid(/.*)? system_u:object_r:squid_conf_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/syslogd.fc policy-1.17.30/file_contexts/program/syslogd.fc
--- nsapolicy/file_contexts/program/syslogd.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/syslogd.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/syslogd.fc 2005-06-10 06:52:30.000000000 -0400
@@ -5,4 +5,7 @@
/sbin/syslog-ng -- system_u:object_r:syslogd_exec_t
/dev/log -s system_u:object_r:devlog_t
@@ -2790,7 +2790,7 @@
/var/run/syslogd\.pid -- system_u:object_r:syslogd_var_run_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/winbind.fc policy-1.17.30/file_contexts/program/winbind.fc
--- nsapolicy/file_contexts/program/winbind.fc 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.17.30/file_contexts/program/winbind.fc 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/file_contexts/program/winbind.fc 2005-06-10 06:52:30.000000000 -0400
@@ -0,0 +1,10 @@
+/usr/sbin/winbindd -- system_u:object_r:winbind_exec_t
+/var/run/winbindd(/.*)? system_u:object_r:winbind_var_run_t
@@ -2804,7 +2804,7 @@
+/var/cache/samba/winbindd_privileged(/.*)? system_u:object_r:winbind_var_run_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/types.fc policy-1.17.30/file_contexts/types.fc
--- nsapolicy/file_contexts/types.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/types.fc 2005-06-09 12:41:17.000000000 -0400
++++ policy-1.17.30/file_contexts/types.fc 2005-06-10 06:52:30.000000000 -0400
@@ -54,11 +54,11 @@
HOME_DIR -d system_u:object_r:ROLE_home_dir_t
HOME_DIR/.+ system_u:object_r:ROLE_home_t
@@ -3175,7 +3175,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/flask/access_vectors policy-1.17.30/flask/access_vectors
--- nsapolicy/flask/access_vectors 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/flask/access_vectors 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/flask/access_vectors 2005-06-10 06:52:30.000000000 -0400
@@ -118,6 +118,7 @@
{
execute_no_trans
@@ -3262,7 +3262,7 @@
+inherits socket
diff --exclude-from=exclude -N -u -r nsapolicy/flask/security_classes policy-1.17.30/flask/security_classes
--- nsapolicy/flask/security_classes 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/flask/security_classes 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/flask/security_classes 2005-06-10 06:52:30.000000000 -0400
@@ -77,4 +77,10 @@
class dbus
class nscd
@@ -3276,7 +3276,7 @@
# FLASK
diff --exclude-from=exclude -N -u -r nsapolicy/genfs_contexts policy-1.17.30/genfs_contexts
--- nsapolicy/genfs_contexts 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/genfs_contexts 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/genfs_contexts 2005-06-10 06:52:30.000000000 -0400
@@ -36,6 +36,7 @@
genfscon proc /kcore system_u:object_r:proc_kcore_t
genfscon proc /mdstat system_u:object_r:proc_mdstat_t
@@ -3295,7 +3295,7 @@
genfscon reiserfs / system_u:object_r:nfs_t
diff --exclude-from=exclude -N -u -r nsapolicy/macros/base_user_macros.te policy-1.17.30/macros/base_user_macros.te
--- nsapolicy/macros/base_user_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/base_user_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/base_user_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -43,6 +43,8 @@
# for eject
allow $1_t fixed_disk_device_t:blk_file { getattr };
@@ -3332,7 +3332,7 @@
allow $1_t devtty_t:chr_file rw_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/macros/core_macros.te policy-1.17.30/macros/core_macros.te
--- nsapolicy/macros/core_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/core_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/core_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -39,7 +39,7 @@
#
# All socket classes.
@@ -3522,7 +3522,7 @@
')dnl end general_domain_access
diff --exclude-from=exclude -N -u -r nsapolicy/macros/global_macros.te policy-1.17.30/macros/global_macros.te
--- nsapolicy/macros/global_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/global_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/global_macros.te 2005-06-10 06:52:59.000000000 -0400
@@ -89,9 +89,10 @@
allow $1 ld_so_t:file rx_file_perms;
#allow $1 ld_so_t:file execute_no_trans;
@@ -3600,6 +3600,15 @@
# can_sysctl(domain)
#
# Permissions for modifying sysctl parameters.
+@@ -269,7 +212,7 @@
+ # Author: Russell Coker <russell at coker.com.au>
+ #
+ define(`daemon_core_rules', `
+-type $1_t, domain, privlog $2;
++type $1_t, domain, privlog, daemon $2;
+ type $1_exec_t, file_type, sysadmfile, exec_type;
+
+ role system_r types $1_t;
@@ -291,9 +234,7 @@
r_dir_file($1_t, sysfs_t)
@@ -3689,7 +3698,7 @@
allow $1 domain:msg { send receive };
diff --exclude-from=exclude -N -u -r nsapolicy/macros/network_macros.te policy-1.17.30/macros/network_macros.te
--- nsapolicy/macros/network_macros.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.17.30/macros/network_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/network_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -0,0 +1,172 @@
+#################################
+#
@@ -3865,7 +3874,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/apache_macros.te policy-1.17.30/macros/program/apache_macros.te
--- nsapolicy/macros/program/apache_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/apache_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/program/apache_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -1,39 +1,23 @@
define(`apache_domain', `
@@ -4111,7 +4120,7 @@
')
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/kerberos_macros.te policy-1.17.30/macros/program/kerberos_macros.te
--- nsapolicy/macros/program/kerberos_macros.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.17.30/macros/program/kerberos_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/program/kerberos_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -0,0 +1,11 @@
+define(`can_kerberos',`
+ifdef(`kerberos.te',`
@@ -4126,7 +4135,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mount_macros.te policy-1.17.30/macros/program/mount_macros.te
--- nsapolicy/macros/program/mount_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/mount_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/program/mount_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -56,6 +56,8 @@
allow $2_t home_root_t:dir { search };
allow $2_t $1_home_dir_t:dir { search };
@@ -4138,7 +4147,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mozilla_macros.te policy-1.17.30/macros/program/mozilla_macros.te
--- nsapolicy/macros/program/mozilla_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/mozilla_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/program/mozilla_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -43,9 +43,7 @@
ifdef(`nfs_home_dirs', `
create_dir_file($1_mozilla_t, nfs_t)
@@ -4151,7 +4160,7 @@
allow $1_mozilla_t device_t:dir r_dir_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mta_macros.te policy-1.17.30/macros/program/mta_macros.te
--- nsapolicy/macros/program/mta_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/mta_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/program/mta_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -20,7 +20,7 @@
undefine(`mail_domain')
define(`mail_domain',`
@@ -4179,7 +4188,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/newrole_macros.te policy-1.17.30/macros/program/newrole_macros.te
--- nsapolicy/macros/program/newrole_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/newrole_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/program/newrole_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -52,9 +52,7 @@
can_setexec($1_t)
@@ -4192,7 +4201,7 @@
allow $1_t self:capability { setuid setgid net_bind_service dac_override };
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/spamassassin_macros.te policy-1.17.30/macros/program/spamassassin_macros.te
--- nsapolicy/macros/program/spamassassin_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/spamassassin_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/program/spamassassin_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -90,9 +90,10 @@
# set tunable if you have spamassassin do DNS lookups
if (spamassasin_can_network) {
@@ -4208,7 +4217,7 @@
#
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/ssh_agent_macros.te policy-1.17.30/macros/program/ssh_agent_macros.te
--- nsapolicy/macros/program/ssh_agent_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/ssh_agent_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/program/ssh_agent_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -38,9 +38,7 @@
can_ypbind($1_ssh_agent_t)
@@ -4221,7 +4230,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/ssh_macros.te policy-1.17.30/macros/program/ssh_macros.te
--- nsapolicy/macros/program/ssh_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/ssh_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/program/ssh_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -28,9 +28,7 @@
type $1_ssh_t, domain, privlog;
type $1_home_ssh_t, file_type, homedirfile, sysadmfile;
@@ -4234,7 +4243,7 @@
')dnl end if nfs_home_dirs
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/su_macros.te policy-1.17.30/macros/program/su_macros.te
--- nsapolicy/macros/program/su_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/su_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/program/su_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -134,9 +134,7 @@
dontaudit $1_su_t home_dir_type:dir { search write };
')
@@ -4247,7 +4256,7 @@
')dnl end if nfs_home_dirs
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/userhelper_macros.te policy-1.17.30/macros/program/userhelper_macros.te
--- nsapolicy/macros/program/userhelper_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/userhelper_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/program/userhelper_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -121,9 +121,7 @@
allow $1_userhelper_t urandom_device_t:chr_file { getattr read };
@@ -4268,7 +4277,7 @@
')dnl end userhelper macro
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/xauth_macros.te policy-1.17.30/macros/program/xauth_macros.te
--- nsapolicy/macros/program/xauth_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/xauth_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/program/xauth_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -88,9 +88,7 @@
allow $1_xauth_t $1_tmp_t:file { getattr ioctl read };
@@ -4281,7 +4290,7 @@
')dnl end ifdef single_userdomain
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/xserver_macros.te policy-1.17.30/macros/program/xserver_macros.te
--- nsapolicy/macros/program/xserver_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/xserver_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/program/xserver_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -64,7 +64,7 @@
allow xdm_xserver_t init_t:fd use;
@@ -4302,7 +4311,7 @@
# memory_device_t access is needed if not using the frame buffer
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/ypbind_macros.te policy-1.17.30/macros/program/ypbind_macros.te
--- nsapolicy/macros/program/ypbind_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/ypbind_macros.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/macros/program/ypbind_macros.te 2005-06-10 06:52:30.000000000 -0400
@@ -1,21 +1,13 @@
-define(`can_ypbind',`')
@@ -4335,7 +4344,7 @@
-')
diff --exclude-from=exclude -N -u -r nsapolicy/Makefile policy-1.17.30/Makefile
--- nsapolicy/Makefile 2005-01-26 13:54:41.000000000 -0500
-+++ policy-1.17.30/Makefile 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/Makefile 2005-06-10 06:52:30.000000000 -0400
@@ -3,7 +3,7 @@
#
# Targets:
@@ -4463,7 +4472,7 @@
@grep "^/root" $@.tmp >> $@
diff --exclude-from=exclude -N -u -r nsapolicy/man/man8/httpd_selinux.8 policy-1.17.30/man/man8/httpd_selinux.8
--- nsapolicy/man/man8/httpd_selinux.8 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.17.30/man/man8/httpd_selinux.8 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/man/man8/httpd_selinux.8 2005-06-10 06:52:30.000000000 -0400
@@ -0,0 +1,114 @@
+.TH "httpd_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "httpd Selinux Policy documentation"
+.SH "NAME"
@@ -4581,7 +4590,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/man/man8/named_selinux.8 policy-1.17.30/man/man8/named_selinux.8
--- nsapolicy/man/man8/named_selinux.8 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.17.30/man/man8/named_selinux.8 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/man/man8/named_selinux.8 2005-06-10 06:52:30.000000000 -0400
@@ -0,0 +1,29 @@
+.TH "named_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "named Selinux Policy documentation"
+.SH "NAME"
@@ -4614,7 +4623,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/net_contexts policy-1.17.30/net_contexts
--- nsapolicy/net_contexts 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/net_contexts 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/net_contexts 2005-06-10 06:52:30.000000000 -0400
@@ -38,41 +38,37 @@
portcon udp 892 system_u:object_r:inetd_child_port_t
portcon tcp 2105 system_u:object_r:inetd_child_port_t
@@ -4823,7 +4832,7 @@
nodecon :: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff system_u:object_r:node_unspec_t
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/assert.te policy-1.17.30/targeted/assert.te
--- nsapolicy/targeted/assert.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/targeted/assert.te 2005-06-09 12:54:33.000000000 -0400
++++ policy-1.17.30/targeted/assert.te 2005-06-10 06:52:30.000000000 -0400
@@ -22,16 +22,16 @@
# Confined domains must never touch an unconfined domain except to
@@ -4846,7 +4855,7 @@
neverallow domain domain:dir ~r_dir_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/hotplug.te policy-1.17.30/targeted/domains/program/hotplug.te
--- nsapolicy/targeted/domains/program/hotplug.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/targeted/domains/program/hotplug.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/targeted/domains/program/hotplug.te 2005-06-10 06:52:30.000000000 -0400
@@ -12,5 +12,5 @@
# strict policy.
#
@@ -4857,7 +4866,7 @@
+typealias etc_t alias hotplug_etc_t;
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/initrc.te policy-1.17.30/targeted/domains/program/initrc.te
--- nsapolicy/targeted/domains/program/initrc.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/targeted/domains/program/initrc.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/targeted/domains/program/initrc.te 2005-06-10 06:52:30.000000000 -0400
@@ -13,4 +13,4 @@
#
type initrc_exec_t, file_type, sysadmfile, exec_type;
@@ -4866,7 +4875,7 @@
+typealias var_run_t alias initrc_var_run_t;
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/sendmail.te policy-1.17.30/targeted/domains/program/sendmail.te
--- nsapolicy/targeted/domains/program/sendmail.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.17.30/targeted/domains/program/sendmail.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/targeted/domains/program/sendmail.te 2005-06-10 06:52:30.000000000 -0400
@@ -0,0 +1,17 @@
+#DESC sendmail
+#
@@ -4887,7 +4896,7 @@
+domain_auto_trans(initrc_t, sendmail_exec_t, sendmail_t)
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/unconfined.te policy-1.17.30/targeted/domains/unconfined.te
--- nsapolicy/targeted/domains/unconfined.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/targeted/domains/unconfined.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/targeted/domains/unconfined.te 2005-06-10 06:52:30.000000000 -0400
@@ -4,25 +4,27 @@
# is not explicitly confined. It has no restrictions.
# It needs to be carefully protected from the confined domains.
@@ -4987,7 +4996,7 @@
-
diff --exclude-from=exclude -N -u -r nsapolicy/tunables/distro.tun policy-1.17.30/tunables/distro.tun
--- nsapolicy/tunables/distro.tun 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/tunables/distro.tun 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/tunables/distro.tun 2005-06-10 06:52:30.000000000 -0400
@@ -5,7 +5,7 @@
# appropriate ifdefs.
@@ -4999,7 +5008,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/tunables/tunable.tun policy-1.17.30/tunables/tunable.tun
--- nsapolicy/tunables/tunable.tun 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/tunables/tunable.tun 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/tunables/tunable.tun 2005-06-10 06:52:30.000000000 -0400
@@ -1,42 +1,39 @@
# Allow all domains to connect to nscd
-dnl define(`nscd_all_connect')
@@ -5054,7 +5063,7 @@
# that do not have a domain transition explicitly defined.
diff --exclude-from=exclude -N -u -r nsapolicy/types/device.te policy-1.17.30/types/device.te
--- nsapolicy/types/device.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/types/device.te 2005-06-09 12:40:50.000000000 -0400
++++ policy-1.17.30/types/device.te 2005-06-10 06:52:30.000000000 -0400
@@ -28,6 +28,10 @@
type console_device_t, device_type, dev_fs;
@@ -5084,7 +5093,7 @@
+type crypt_device_t, device_type, dev_fs;
diff --exclude-from=exclude -N -u -r nsapolicy/types/file.te policy-1.17.30/types/file.te
--- nsapolicy/types/file.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/types/file.te 2005-06-09 12:39:31.000000000 -0400
++++ policy-1.17.30/types/file.te 2005-06-10 06:52:30.000000000 -0400
@@ -33,12 +33,12 @@
# assigned an extended attribute (EA) value (when using a filesystem
# that supports EAs).
@@ -5277,7 +5286,7 @@
+type ftpd_anon_t, file_type, sysadmfile, customizable;
diff --exclude-from=exclude -N -u -r nsapolicy/types/network.te policy-1.17.30/types/network.te
--- nsapolicy/types/network.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/types/network.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/types/network.te 2005-06-10 06:52:30.000000000 -0400
@@ -22,34 +22,30 @@
#
# Defines used by the te files need to be defined outside of net_constraints
@@ -5359,7 +5368,7 @@
# numbers in net_contexts or net_contexts.mls.
diff --exclude-from=exclude -N -u -r nsapolicy/types/procfs.te policy-1.17.30/types/procfs.te
--- nsapolicy/types/procfs.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/types/procfs.te 2005-06-09 12:29:18.000000000 -0400
++++ policy-1.17.30/types/procfs.te 2005-06-10 06:52:30.000000000 -0400
@@ -12,11 +12,13 @@
# proc_kmsg_t is the type of /proc/kmsg.
# proc_kcore_t is the type of /proc/kcore.
Index: selinux-policy-targeted.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-3/selinux-policy-targeted.spec,v
retrieving revision 1.208
retrieving revision 1.209
diff -u -r1.208 -r1.209
--- selinux-policy-targeted.spec 9 Jun 2005 16:45:01 -0000 1.208
+++ selinux-policy-targeted.spec 10 Jun 2005 10:53:50 -0000 1.209
@@ -8,7 +8,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.17.30
-Release: 3.7
+Release: 3.8
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -214,6 +214,9 @@
exit 0
%changelog
+* Fri Jun 10 2005 Dan Walsh <dwalsh at redhat.com> 1.17.30-3.8
+- Add daemon attribute to daemon_core_domain to make nscd work correctly
+
* Thu Jun 9 2005 Dan Walsh <dwalsh at redhat.com> 1.17.30-3.7
- Merge to upstream release
- Previous message (by thread): rpms/xerces-j2/devel xerces-j2-bz152255.patch, 1.2, 1.3 xerces-j2.spec, 1.26, 1.27
- Next message (by thread): rpms/iiimf/devel EIMIL-fix-uninitialized-value.patch, NONE, 1.1 iiimf.spec, 1.55, 1.56 xiiimp-xft.patch, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list