rpms/selinux-policy-targeted/FC-3 policy-20050104.patch, 1.25, 1.26 selinux-policy-targeted.spec, 1.195, 1.196
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Mar 23 13:48:22 UTC 2005
- Previous message (by thread): rpms/pam/devel pam-0.78-console-alsa-init.patch, NONE, 1.1 pam-0.78-console-perms-dri.patch, NONE, 1.1 pam-0.78-console-wrong-log.patch, NONE, 1.1 pam.spec, 1.62, 1.63 pam-0.78-console-glib-dynamic.patch, 1.1, NONE
- Next message (by thread): rpms/qt/devel qt-3.3.3-gtkstyle.patch,NONE,1.1 qt.spec,1.66,1.67
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvs/dist/rpms/selinux-policy-targeted/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv5962
Modified Files:
policy-20050104.patch selinux-policy-targeted.spec
Log Message:
* Wed Mar 23 2005 Dan Walsh <dwalsh at redhat.com> 1.17.30-2.92
- Fix /var/lib/nfs/rpc_pipefs(/.*)?
- Better handling of logrotate
policy-20050104.patch:
Makefile | 47 ++++++---
attrib.te | 3
domains/program/crond.te | 7 +
domains/program/ldconfig.te | 21 +++-
domains/program/login.te | 2
domains/program/logrotate.te | 24 ++---
domains/program/mount.te | 2
domains/program/ssh.te | 7 -
domains/program/syslogd.te | 24 ++++-
domains/program/unused/acct.te | 6 +
domains/program/unused/apache.te | 113 ++++++++++++++++++-----
domains/program/unused/arpwatch.te | 26 +++++
domains/program/unused/cups.te | 55 ++++++++++-
domains/program/unused/dhcpc.te | 5 -
domains/program/unused/dhcpd.te | 16 +++
domains/program/unused/dovecot.te | 3
domains/program/unused/ftpd.te | 2
domains/program/unused/hald.te | 3
domains/program/unused/howl.te | 2
domains/program/unused/innd.te | 7 +
domains/program/unused/ipsec.te | 9 +
domains/program/unused/iptables.te | 3
domains/program/unused/mailman.te | 23 +++-
domains/program/unused/mdadm.te | 3
domains/program/unused/mta.te | 21 +++-
domains/program/unused/mysqld.te | 7 -
domains/program/unused/named.te | 24 ++---
domains/program/unused/nscd.te | 25 +++--
domains/program/unused/ntpd.te | 21 +++-
domains/program/unused/portmap.te | 3
domains/program/unused/postfix.te | 2
domains/program/unused/postgresql.te | 47 ++++++++-
domains/program/unused/procmail.te | 1
domains/program/unused/rpcd.te | 2
domains/program/unused/rpm.te | 5 -
domains/program/unused/rsync.te | 2
domains/program/unused/samba.te | 4
domains/program/unused/sendmail.te | 2
domains/program/unused/slrnpull.te | 1
domains/program/unused/snmpd.te | 10 +-
domains/program/unused/spamd.te | 2
domains/program/unused/squid.te | 21 ++--
domains/program/unused/udev.te | 5 -
domains/program/unused/updfstab.te | 1
domains/program/unused/winbind.te | 34 +++++++
domains/program/unused/xdm.te | 4
domains/program/unused/ypbind.te | 2
domains/program/unused/ypserv.te | 7 +
domains/user.te | 6 +
file_contexts/distros.fc | 76 +++++++++++-----
file_contexts/program/apache.fc | 14 ++
file_contexts/program/arpwatch.fc | 3
file_contexts/program/cups.fc | 5 -
file_contexts/program/dhcpd.fc | 2
file_contexts/program/ipsec.fc | 11 +-
file_contexts/program/mailman.fc | 15 +--
file_contexts/program/mta.fc | 5 +
file_contexts/program/mysqld.fc | 4
file_contexts/program/named.fc | 15 ++-
file_contexts/program/nscd.fc | 2
file_contexts/program/ntpd.fc | 2
file_contexts/program/postgresql.fc | 23 +---
file_contexts/program/sendmail.fc | 1
file_contexts/program/snmpd.fc | 3
file_contexts/program/squid.fc | 2
file_contexts/program/winbind.fc | 10 ++
file_contexts/types.fc | 161 +++++++++++-----------------------
macros/base_user_macros.te | 9 +
macros/core_macros.te | 2
macros/global_macros.te | 3
macros/program/apache_macros.te | 85 ++++++++++-------
macros/program/mount_macros.te | 2
macros/program/mozilla_macros.te | 2
macros/program/mta_macros.te | 5 -
macros/program/newrole_macros.te | 2
macros/program/spamassassin_macros.te | 5 -
macros/program/ssh_agent_macros.te | 2
macros/program/ssh_macros.te | 2
macros/program/su_macros.te | 2
macros/program/userhelper_macros.te | 3
macros/program/xauth_macros.te | 2
macros/program/xserver_macros.te | 4
macros/program/ypbind_macros.te | 24 +----
targeted/assert.te | 4
targeted/domains/program/hotplug.te | 4
targeted/domains/program/initrc.te | 2
targeted/domains/unconfined.te | 11 +-
tunables/distro.tun | 2
tunables/tunable.tun | 21 +---
types/device.te | 6 +
types/file.te | 19 ++--
types/network.te | 2
92 files changed, 812 insertions(+), 439 deletions(-)
Index: policy-20050104.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-3/policy-20050104.patch,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- policy-20050104.patch 22 Mar 2005 14:24:08 -0000 1.25
+++ policy-20050104.patch 23 Mar 2005 13:48:19 -0000 1.26
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicy/attrib.te policy-1.17.30/attrib.te
--- nsapolicy/attrib.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/attrib.te 2005-03-21 23:08:51.413950168 -0500
++++ policy-1.17.30/attrib.te 2005-03-21 23:08:51.000000000 -0500
@@ -400,4 +400,5 @@
# For clients of nscd that can use shmem interface.
attribute nscd_shmem_domain;
@@ -10,7 +10,7 @@
+attribute httpdcontent;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/crond.te policy-1.17.30/domains/program/crond.te
--- nsapolicy/domains/program/crond.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/crond.te 2005-03-21 23:08:51.414950016 -0500
++++ policy-1.17.30/domains/program/crond.te 2005-03-21 23:08:51.000000000 -0500
@@ -203,3 +203,10 @@
r_dir_file(system_crond_t, file_context_t)
can_getsecurity(system_crond_t)
@@ -24,7 +24,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ldconfig.te policy-1.17.30/domains/program/ldconfig.te
--- nsapolicy/domains/program/ldconfig.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/ldconfig.te 2005-03-21 23:08:51.414950016 -0500
++++ policy-1.17.30/domains/program/ldconfig.te 2005-03-21 23:08:51.000000000 -0500
@@ -8,7 +8,7 @@
#
# Rules for the ldconfig_t domain.
@@ -62,7 +62,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/login.te policy-1.17.30/domains/program/login.te
--- nsapolicy/domains/program/login.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/login.te 2005-03-21 23:08:51.415949864 -0500
++++ policy-1.17.30/domains/program/login.te 2005-03-21 23:08:51.000000000 -0500
@@ -76,9 +76,7 @@
# Set exec context.
can_setexec($1_login_t)
@@ -73,9 +73,97 @@
allow $1_login_t mnt_t:dir r_dir_perms;
ifdef(`nfs_home_dirs', `
+diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/logrotate.te policy-1.17.30/domains/program/logrotate.te
+--- nsapolicy/domains/program/logrotate.te 2004-10-09 21:07:28.000000000 -0400
++++ policy-1.17.30/domains/program/logrotate.te 2005-03-21 23:09:43.000000000 -0500
+@@ -13,20 +13,22 @@
+ # logrotate_t is the domain for the logrotate program.
+ # logrotate_exec_t is the type of the corresponding program.
+ #
+-type logrotate_t, domain, privowner, privmail, priv_system_role;
++type logrotate_t, domain, privowner, privmail, priv_system_role, nscd_client_domain;
+ role system_r types logrotate_t;
+ role sysadm_r types logrotate_t;
+-uses_shlib(logrotate_t);
+-general_domain_access(logrotate_t);
++uses_shlib(logrotate_t)
++general_domain_access(logrotate_t)
+ type logrotate_exec_t, file_type, sysadmfile, exec_type;
+
+ system_crond_entry(logrotate_exec_t, logrotate_t)
++allow logrotate_t cron_spool_t:dir search;
+ allow crond_t logrotate_var_lib_t:dir search;
+ domain_auto_trans(sysadm_t, logrotate_exec_t, logrotate_t)
+ allow logrotate_t self:unix_stream_socket create_socket_perms;
+ allow logrotate_t devtty_t:chr_file rw_file_perms;
+
+ ifdef(`distro_debian', `
++allow logrotate_t logrotate_tmp_t:file { relabelfrom relabelto };
+ # for savelog
+ can_exec(logrotate_t, logrotate_exec_t)
+ ')
+@@ -41,8 +43,7 @@
+ allow logrotate_t etc_runtime_t:file r_file_perms;
+
+ # it should not require this
+-allow logrotate_t {staff_home_dir_t sysadm_home_dir_t}:dir { getattr search };
+-dontaudit logrotate_t {staff_home_dir_t sysadm_home_dir_t}:dir { read };
++allow logrotate_t {staff_home_dir_t sysadm_home_dir_t}:dir { getattr read search };
+
+ # create lock files
+ rw_dir_create_file(logrotate_t, var_lock_t)
+@@ -54,16 +55,15 @@
+ # Run helper programs.
+ allow logrotate_t { bin_t sbin_t }:dir r_dir_perms;
+ allow logrotate_t { bin_t sbin_t }:lnk_file read;
+-can_exec(logrotate_t, { bin_t sbin_t shell_exec_t ls_exec_t });
++can_exec(logrotate_t, { bin_t sbin_t shell_exec_t ls_exec_t })
+
+ # Read PID files.
+ allow logrotate_t pidfile:file r_file_perms;
+
+ # Read /proc/PID directories for all domains.
++read_sysctl(logrotate_t)
+ allow logrotate_t proc_t:dir r_dir_perms;
+ allow logrotate_t proc_t:{ file lnk_file } r_file_perms;
+-allow logrotate_t { sysctl_t sysctl_kernel_t }:dir search;
+-allow logrotate_t sysctl_kernel_t:file { getattr read };
+ allow logrotate_t domain:notdevfile_class_set r_file_perms;
+ allow logrotate_t domain:dir r_dir_perms;
+ allow logrotate_t exec_type:file getattr;
+@@ -86,7 +86,7 @@
+ ifdef(`squid.te', `
+ allow squid_t { system_crond_t crond_t }:fd use;
+ allow squid_t crond_t:fifo_file { read write };
+-allow squid_t system_crond_t:fifo_file { write };
++allow squid_t system_crond_t:fifo_file write;
+ allow squid_t self:capability kill;
+ ')
+
+@@ -128,7 +128,7 @@
+
+ allow logrotate_t fs_t:filesystem getattr;
+ can_exec(logrotate_t, shell_exec_t)
+-can_exec(logrotate_t, hostname_exec_t)
++ifdef(`hostname.te', `can_exec(logrotate_t, hostname_exec_t)')
+ can_exec(logrotate_t,logfile)
+ allow logrotate_t net_conf_t:file { getattr read };
+
+@@ -137,9 +137,9 @@
+ dontaudit consoletype_t logrotate_t:fd use;
+ ')
+
+-allow logrotate_t syslogd_t:unix_dgram_socket { sendto };
++allow logrotate_t syslogd_t:unix_dgram_socket sendto;
+
+ domain_auto_trans(logrotate_t, initrc_exec_t, initrc_t)
+
+ dontaudit logrotate_t selinux_config_t:dir search;
+-
++allow logrotate_t tmpfs_t:filesystem associate;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/mount.te policy-1.17.30/domains/program/mount.te
--- nsapolicy/domains/program/mount.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/mount.te 2005-03-21 23:08:51.415949864 -0500
++++ policy-1.17.30/domains/program/mount.te 2005-03-21 23:08:51.000000000 -0500
@@ -83,9 +83,7 @@
# for localization
@@ -88,7 +176,7 @@
# This rule needs to be generalized. Only admin, initrc should have it.
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ssh.te policy-1.17.30/domains/program/ssh.te
--- nsapolicy/domains/program/ssh.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/ssh.te 2005-03-21 23:08:51.416949712 -0500
++++ policy-1.17.30/domains/program/ssh.te 2005-03-21 23:08:51.000000000 -0500
@@ -73,10 +73,8 @@
allow $1_t self:capability { sys_chroot sys_resource chown dac_override fowner fsetid setgid setuid sys_tty_config };
allow $1_t { home_root_t home_dir_type }:dir { search getattr };
@@ -113,7 +201,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/syslogd.te policy-1.17.30/domains/program/syslogd.te
--- nsapolicy/domains/program/syslogd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/syslogd.te 2005-03-21 23:08:51.416949712 -0500
++++ policy-1.17.30/domains/program/syslogd.te 2005-03-21 23:08:51.000000000 -0500
@@ -36,19 +36,25 @@
allow syslogd_t etc_t:file r_file_perms;
@@ -163,7 +251,7 @@
+}
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/acct.te policy-1.17.30/domains/program/unused/acct.te
--- nsapolicy/domains/program/unused/acct.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/acct.te 2005-03-21 23:08:51.416949712 -0500
++++ policy-1.17.30/domains/program/unused/acct.te 2005-03-21 23:08:51.000000000 -0500
@@ -23,7 +23,7 @@
ifdef(`logrotate.te', `
@@ -183,7 +271,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apache.te policy-1.17.30/domains/program/unused/apache.te
--- nsapolicy/domains/program/unused/apache.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/apache.te 2005-03-21 23:08:51.417949560 -0500
++++ policy-1.17.30/domains/program/unused/apache.te 2005-03-21 23:08:51.000000000 -0500
@@ -19,8 +19,17 @@
# the user CGI scripts, then relabel rule for user_r should be removed.
#
@@ -409,7 +497,7 @@
+dontaudit httpd_t selinux_config_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/arpwatch.te policy-1.17.30/domains/program/unused/arpwatch.te
--- nsapolicy/domains/program/unused/arpwatch.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.17.30/domains/program/unused/arpwatch.te 2005-03-21 23:08:51.418949408 -0500
++++ policy-1.17.30/domains/program/unused/arpwatch.te 2005-03-21 23:08:51.000000000 -0500
@@ -0,0 +1,26 @@
+#DESC arpwatch - keep track of ethernet/ip address pairings
+#
@@ -439,7 +527,7 @@
+allow arpwatch_t sbin_t:dir { search };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.17.30/domains/program/unused/cups.te
--- nsapolicy/domains/program/unused/cups.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/cups.te 2005-03-21 23:08:51.418949408 -0500
++++ policy-1.17.30/domains/program/unused/cups.te 2005-03-21 23:08:51.000000000 -0500
@@ -20,7 +20,6 @@
can_network(cupsd_t)
@@ -519,7 +607,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dhcpc.te policy-1.17.30/domains/program/unused/dhcpc.te
--- nsapolicy/domains/program/unused/dhcpc.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/dhcpc.te 2005-03-21 23:08:51.419949256 -0500
++++ policy-1.17.30/domains/program/unused/dhcpc.te 2005-03-21 23:08:51.000000000 -0500
@@ -36,7 +36,9 @@
ifdef(`consoletype.te', `
domain_auto_trans(dhcpc_t, consoletype_exec_t, consoletype_t)
@@ -538,7 +626,7 @@
+dontaudit dhcpc_t selinux_config_t:dir { search };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dhcpd.te policy-1.17.30/domains/program/unused/dhcpd.te
--- nsapolicy/domains/program/unused/dhcpd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/dhcpd.te 2005-03-21 23:08:51.419949256 -0500
++++ policy-1.17.30/domains/program/unused/dhcpd.te 2005-03-21 23:08:51.000000000 -0500
@@ -33,13 +33,15 @@
can_ypbind(dhcpd_t)
allow dhcpd_t self:unix_dgram_socket create_socket_perms;
@@ -574,7 +662,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dovecot.te policy-1.17.30/domains/program/unused/dovecot.te
--- nsapolicy/domains/program/unused/dovecot.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/dovecot.te 2005-03-21 23:08:51.420949104 -0500
++++ policy-1.17.30/domains/program/unused/dovecot.te 2005-03-21 23:08:51.000000000 -0500
@@ -44,3 +44,6 @@
allow dovecot_auth_t etc_t:file { getattr read };
allow dovecot_auth_t { self proc_t }:file { getattr read };
@@ -584,7 +672,7 @@
+allow dovecot_auth_t sysctl_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ftpd.te policy-1.17.30/domains/program/unused/ftpd.te
--- nsapolicy/domains/program/unused/ftpd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/ftpd.te 2005-03-21 23:08:51.420949104 -0500
++++ policy-1.17.30/domains/program/unused/ftpd.te 2005-03-21 23:08:51.000000000 -0500
@@ -89,9 +89,7 @@
dontaudit ftpd_t krb5_conf_t:file { write };
dontaudit ftpd_t selinux_config_t:dir search;
@@ -597,7 +685,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hald.te policy-1.17.30/domains/program/unused/hald.te
--- nsapolicy/domains/program/unused/hald.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/hald.te 2005-03-21 23:08:51.420949104 -0500
++++ policy-1.17.30/domains/program/unused/hald.te 2005-03-21 23:08:51.000000000 -0500
@@ -61,3 +61,6 @@
allow hald_t usbfs_t:file { getattr read };
allow hald_t bin_t:lnk_file read;
@@ -607,7 +695,7 @@
+allow hald_t etc_runtime_t:file rw_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/howl.te policy-1.17.30/domains/program/unused/howl.te
--- nsapolicy/domains/program/unused/howl.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/howl.te 2005-03-21 23:08:51.421948952 -0500
++++ policy-1.17.30/domains/program/unused/howl.te 2005-03-21 23:08:51.000000000 -0500
@@ -2,7 +2,7 @@
allow howl_t proc_t:file { getattr read };
can_network(howl_t)
@@ -619,7 +707,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/innd.te policy-1.17.30/domains/program/unused/innd.te
--- nsapolicy/domains/program/unused/innd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/innd.te 2005-03-21 23:08:51.421948952 -0500
++++ policy-1.17.30/domains/program/unused/innd.te 2005-03-21 23:08:51.000000000 -0500
@@ -21,7 +21,7 @@
r_dir_file(userdomain, { news_spool_t innd_var_lib_t innd_etc_t })
@@ -640,7 +728,7 @@
+allow innd_t sbin_t:lnk_file { read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ipsec.te policy-1.17.30/domains/program/unused/ipsec.te
--- nsapolicy/domains/program/unused/ipsec.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/ipsec.te 2005-03-21 23:08:51.422948800 -0500
++++ policy-1.17.30/domains/program/unused/ipsec.te 2005-03-21 23:08:51.000000000 -0500
@@ -30,6 +30,7 @@
domain_auto_trans(ipsec_mgmt_t, ipsec_exec_t, ipsec_t)
file_type_auto_trans(ipsec_mgmt_t, var_run_t, ipsec_var_run_t, sock_file)
@@ -677,7 +765,7 @@
+rw_dir_create_file(ipsec_mgmt_t, ipsec_var_run_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/iptables.te policy-1.17.30/domains/program/unused/iptables.te
--- nsapolicy/domains/program/unused/iptables.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/iptables.te 2005-03-21 23:08:51.422948800 -0500
++++ policy-1.17.30/domains/program/unused/iptables.te 2005-03-21 23:08:51.000000000 -0500
@@ -37,10 +37,11 @@
# for iptables -L
allow iptables_t self:unix_stream_socket create_socket_perms;
@@ -693,7 +781,7 @@
allow iptables_t etc_t:file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/mailman.te policy-1.17.30/domains/program/unused/mailman.te
--- nsapolicy/domains/program/unused/mailman.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/mailman.te 2005-03-21 23:08:51.423948648 -0500
++++ policy-1.17.30/domains/program/unused/mailman.te 2005-03-21 23:08:51.000000000 -0500
@@ -15,12 +15,12 @@
role system_r types mailman_$1_t;
file_type_auto_trans(mailman_$1_t, var_log_t, mailman_log_t, file)
@@ -766,7 +854,7 @@
+can_exec(logrotate_t, mailman_mail_exec_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/mdadm.te policy-1.17.30/domains/program/unused/mdadm.te
--- nsapolicy/domains/program/unused/mdadm.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/mdadm.te 2005-03-21 23:08:51.423948648 -0500
++++ policy-1.17.30/domains/program/unused/mdadm.te 2005-03-21 23:08:51.000000000 -0500
@@ -18,7 +18,7 @@
read_locale(mdadm_t)
@@ -783,7 +871,7 @@
+allow mdadm_t var_t:dir { getattr };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/mta.te policy-1.17.30/domains/program/unused/mta.te
--- nsapolicy/domains/program/unused/mta.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/mta.te 2005-03-21 23:08:51.424948496 -0500
++++ policy-1.17.30/domains/program/unused/mta.te 2005-03-21 23:08:51.000000000 -0500
@@ -20,6 +20,18 @@
# "mail user at domain"
mail_domain(system)
@@ -836,7 +924,7 @@
+allow system_mail_t { random_device_t urandom_device_t }:chr_file read;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/mysqld.te policy-1.17.30/domains/program/unused/mysqld.te
--- nsapolicy/domains/program/unused/mysqld.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/mysqld.te 2005-03-21 23:08:51.424948496 -0500
++++ policy-1.17.30/domains/program/unused/mysqld.te 2005-03-21 23:08:51.000000000 -0500
@@ -30,12 +30,12 @@
allow mysqld_t self:fifo_file { read write };
@@ -864,7 +952,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/named.te policy-1.17.30/domains/program/unused/named.te
--- nsapolicy/domains/program/unused/named.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/named.te 2005-03-21 23:08:51.425948344 -0500
++++ policy-1.17.30/domains/program/unused/named.te 2005-03-21 23:08:51.000000000 -0500
@@ -19,7 +19,7 @@
file_type_auto_trans(named_t, var_run_t, named_var_run_t, sock_file)
@@ -941,7 +1029,7 @@
+dontaudit ndc_t sysadm_tty_device_t:chr_file { ioctl };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/nscd.te policy-1.17.30/domains/program/unused/nscd.te
--- nsapolicy/domains/program/unused/nscd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/nscd.te 2005-03-21 23:08:51.425948344 -0500
++++ policy-1.17.30/domains/program/unused/nscd.te 2005-03-21 23:08:51.000000000 -0500
@@ -26,21 +26,24 @@
allow domain nscd_var_run_t:sock_file rw_file_perms;
allow domain { var_run_t var_t }:dir search;
@@ -1007,7 +1095,7 @@
+r_dir_file(nscd_t, usr_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ntpd.te policy-1.17.30/domains/program/unused/ntpd.te
--- nsapolicy/domains/program/unused/ntpd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/ntpd.te 2005-03-21 23:08:51.426948192 -0500
++++ policy-1.17.30/domains/program/unused/ntpd.te 2005-03-21 23:08:51.000000000 -0500
@@ -12,10 +12,15 @@
type ntp_drift_t, file_type, sysadmfile;
type ntp_port_t, port_type, reserved_port_type;
@@ -1078,7 +1166,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/portmap.te policy-1.17.30/domains/program/unused/portmap.te
--- nsapolicy/domains/program/unused/portmap.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/portmap.te 2005-03-21 23:08:51.426948192 -0500
++++ policy-1.17.30/domains/program/unused/portmap.te 2005-03-21 23:08:51.000000000 -0500
@@ -23,6 +23,7 @@
tmp_domain(portmap)
@@ -1095,7 +1183,7 @@
+allow portmap_t self:netlink_route_socket r_netlink_socket_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/postfix.te policy-1.17.30/domains/program/unused/postfix.te
--- nsapolicy/domains/program/unused/postfix.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/postfix.te 2005-03-21 23:08:51.427948040 -0500
++++ policy-1.17.30/domains/program/unused/postfix.te 2005-03-21 23:08:51.000000000 -0500
@@ -124,7 +124,7 @@
allow postfix_master_t postfix_spool_maildrop_t:file { unlink rename getattr };
allow postfix_master_t postfix_prng_t:file getattr;
@@ -1107,7 +1195,7 @@
allow postfix_smtpd_t saslauthd_var_run_t:dir { search getattr };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/postgresql.te policy-1.17.30/domains/program/unused/postgresql.te
--- nsapolicy/domains/program/unused/postgresql.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/postgresql.te 2005-03-21 23:08:51.427948040 -0500
++++ policy-1.17.30/domains/program/unused/postgresql.te 2005-03-21 23:08:51.000000000 -0500
@@ -13,6 +13,7 @@
type postgresql_port_t, port_type;
daemon_domain(postgresql)
@@ -1217,7 +1305,7 @@
+allow postgresql_t urandom_device_t:chr_file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/procmail.te policy-1.17.30/domains/program/unused/procmail.te
--- nsapolicy/domains/program/unused/procmail.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/procmail.te 2005-03-21 23:08:51.428947888 -0500
++++ policy-1.17.30/domains/program/unused/procmail.te 2005-03-21 23:08:51.000000000 -0500
@@ -71,3 +71,4 @@
ifdef(`sendmail.te', `
r_dir_file(procmail_t, etc_mail_t)
@@ -1225,7 +1313,7 @@
+allow procmail_t mqueue_spool_t:file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rpcd.te policy-1.17.30/domains/program/unused/rpcd.te
--- nsapolicy/domains/program/unused/rpcd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/rpcd.te 2005-03-21 23:08:51.428947888 -0500
++++ policy-1.17.30/domains/program/unused/rpcd.te 2005-03-21 23:08:51.000000000 -0500
@@ -122,4 +122,4 @@
r_dir_file(rpcd_t, rpc_pipefs_t)
@@ -1234,7 +1322,7 @@
+dontaudit rpcd_t selinux_config_t:dir { search };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rpm.te policy-1.17.30/domains/program/unused/rpm.te
--- nsapolicy/domains/program/unused/rpm.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/rpm.te 2005-03-21 23:08:51.429947736 -0500
++++ policy-1.17.30/domains/program/unused/rpm.te 2005-03-21 23:08:51.000000000 -0500
@@ -80,11 +80,9 @@
# bash tries ioctl for some reason
dontaudit initrc_t pidfile:file ioctl;
@@ -1266,7 +1354,7 @@
unconfined_domain(rpm_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rsync.te policy-1.17.30/domains/program/unused/rsync.te
--- nsapolicy/domains/program/unused/rsync.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/rsync.te 2005-03-21 23:08:51.429947736 -0500
++++ policy-1.17.30/domains/program/unused/rsync.te 2005-03-21 23:08:51.000000000 -0500
@@ -11,3 +11,5 @@
#
@@ -1275,7 +1363,7 @@
+r_dir_file(rsync_t, rsync_data_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/samba.te policy-1.17.30/domains/program/unused/samba.te
--- nsapolicy/domains/program/unused/samba.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/samba.te 2005-03-21 23:08:51.430947584 -0500
++++ policy-1.17.30/domains/program/unused/samba.te 2005-03-21 23:08:51.000000000 -0500
@@ -113,4 +113,6 @@
allow nmbd_t samba_log_t:file { create ra_file_perms };
allow nmbd_t var_log_t:dir search;
@@ -1286,7 +1374,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/sendmail.te policy-1.17.30/domains/program/unused/sendmail.te
--- nsapolicy/domains/program/unused/sendmail.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/sendmail.te 2005-03-21 23:08:51.430947584 -0500
++++ policy-1.17.30/domains/program/unused/sendmail.te 2005-03-21 23:08:51.000000000 -0500
@@ -99,3 +99,5 @@
allow system_mail_t sysctl_kernel_t:file read;
dontaudit system_mail_t system_crond_tmp_t:file { append };
@@ -1295,7 +1383,7 @@
+dontaudit sendmail_t initrc_var_run_t:file { lock write };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/slrnpull.te policy-1.17.30/domains/program/unused/slrnpull.te
--- nsapolicy/domains/program/unused/slrnpull.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/slrnpull.te 2005-03-21 23:08:51.430947584 -0500
++++ policy-1.17.30/domains/program/unused/slrnpull.te 2005-03-21 23:08:51.000000000 -0500
@@ -21,3 +21,4 @@
allow userdomain slrnpull_spool_t:dir { search };
rw_dir_create_file(slrnpull_t, slrnpull_spool_t)
@@ -1303,7 +1391,7 @@
+allow slrnpull_t slrnpull_spool_t:dir create_dir_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/snmpd.te policy-1.17.30/domains/program/unused/snmpd.te
--- nsapolicy/domains/program/unused/snmpd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/snmpd.te 2005-03-21 23:08:51.431947432 -0500
++++ policy-1.17.30/domains/program/unused/snmpd.te 2005-03-21 23:08:51.000000000 -0500
@@ -38,7 +38,7 @@
allow snmpd_t self:unix_dgram_socket create_socket_perms;
allow snmpd_t self:unix_stream_socket create_socket_perms;
@@ -1341,7 +1429,7 @@
+dontaudit snmpd_t selinux_config_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/spamd.te policy-1.17.30/domains/program/unused/spamd.te
--- nsapolicy/domains/program/unused/spamd.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/spamd.te 2005-03-21 23:08:51.431947432 -0500
++++ policy-1.17.30/domains/program/unused/spamd.te 2005-03-21 23:08:51.000000000 -0500
@@ -55,9 +55,7 @@
system_crond_entry(spamd_exec_t, spamd_t)
@@ -1354,7 +1442,7 @@
allow spamd_t nfs_t:file create_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/squid.te policy-1.17.30/domains/program/unused/squid.te
--- nsapolicy/domains/program/unused/squid.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/squid.te 2005-03-21 23:08:51.432947280 -0500
++++ policy-1.17.30/domains/program/unused/squid.te 2005-03-21 23:08:51.000000000 -0500
@@ -15,27 +15,27 @@
daemon_domain(squid, `, web_client_domain, nscd_client_domain')
@@ -1408,7 +1496,7 @@
+allow squid_t tmpfs_t:file { read write };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/udev.te policy-1.17.30/domains/program/unused/udev.te
--- nsapolicy/domains/program/unused/udev.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/udev.te 2005-03-21 23:08:51.432947280 -0500
++++ policy-1.17.30/domains/program/unused/udev.te 2005-03-21 23:08:51.000000000 -0500
@@ -106,7 +106,8 @@
allow udev_t device_t:dir { relabelfrom relabelto create_dir_perms };
@@ -1422,7 +1510,7 @@
+allow udev_t dev_fs:{ chr_file blk_file } { relabelfrom relabelto };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/updfstab.te policy-1.17.30/domains/program/unused/updfstab.te
--- nsapolicy/domains/program/unused/updfstab.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/updfstab.te 2005-03-21 23:08:51.432947280 -0500
++++ policy-1.17.30/domains/program/unused/updfstab.te 2005-03-21 23:08:51.000000000 -0500
@@ -69,3 +69,4 @@
can_exec(updfstab_t, { sbin_t bin_t ls_exec_t } )
dontaudit updfstab_t home_root_t:dir { getattr search };
@@ -1430,7 +1518,7 @@
+allow updfstab_t fs_t:filesystem { getattr };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/winbind.te policy-1.17.30/domains/program/unused/winbind.te
--- nsapolicy/domains/program/unused/winbind.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.17.30/domains/program/unused/winbind.te 2005-03-21 23:08:51.433947128 -0500
++++ policy-1.17.30/domains/program/unused/winbind.te 2005-03-21 23:08:51.000000000 -0500
@@ -0,0 +1,34 @@
+#DESC winbind - Name Service Switch daemon for resolving names from NT servers
+#
@@ -1468,7 +1556,7 @@
+allow winbind_t winbind_var_run_t:sock_file create_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/xdm.te policy-1.17.30/domains/program/unused/xdm.te
--- nsapolicy/domains/program/unused/xdm.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/xdm.te 2005-03-21 23:08:51.433947128 -0500
++++ policy-1.17.30/domains/program/unused/xdm.te 2005-03-21 23:08:51.000000000 -0500
@@ -277,9 +277,7 @@
allow xdm_xserver_t user_home_type:file { getattr read };
@@ -1490,7 +1578,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ypbind.te policy-1.17.30/domains/program/unused/ypbind.te
--- nsapolicy/domains/program/unused/ypbind.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/ypbind.te 2005-03-21 23:08:51.434946976 -0500
++++ policy-1.17.30/domains/program/unused/ypbind.te 2005-03-21 23:08:51.000000000 -0500
@@ -12,6 +12,8 @@
#
daemon_domain(ypbind)
@@ -1502,7 +1590,7 @@
# Use capabilities.
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ypserv.te policy-1.17.30/domains/program/unused/ypserv.te
--- nsapolicy/domains/program/unused/ypserv.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/program/unused/ypserv.te 2005-03-21 23:08:51.434946976 -0500
++++ policy-1.17.30/domains/program/unused/ypserv.te 2005-03-21 23:08:51.000000000 -0500
@@ -13,7 +13,7 @@
tmp_domain(ypserv)
@@ -1523,7 +1611,7 @@
+allow ypserv_t reserved_port_t:{ udp_socket tcp_socket } { name_bind };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/user.te policy-1.17.30/domains/user.te
--- nsapolicy/domains/user.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/domains/user.te 2005-03-21 23:08:51.435946824 -0500
++++ policy-1.17.30/domains/user.te 2005-03-21 23:08:51.000000000 -0500
@@ -7,6 +7,12 @@
# Allow users to read system messages.
bool user_dmesg false;
@@ -1539,7 +1627,7 @@
# and may change other protocols
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/distros.fc policy-1.17.30/file_contexts/distros.fc
--- nsapolicy/file_contexts/distros.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/distros.fc 2005-03-21 23:08:51.435946824 -0500
++++ policy-1.17.30/file_contexts/distros.fc 2005-03-21 23:08:51.000000000 -0500
@@ -1,34 +1,70 @@
ifdef(`distro_redhat', `
-/usr/share/system-config-network(/netconfig)?/[^/]+.py -- system_u:object_r:bin_t
@@ -1633,7 +1721,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/apache.fc policy-1.17.30/file_contexts/program/apache.fc
--- nsapolicy/file_contexts/program/apache.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/apache.fc 2005-03-21 23:08:51.436946672 -0500
++++ policy-1.17.30/file_contexts/program/apache.fc 2005-03-21 23:08:51.000000000 -0500
@@ -22,17 +22,25 @@
/usr/lib(64)?/apache(2)?/suexec(2)? -- system_u:object_r:httpd_suexec_exec_t
/var/log/httpd(/.*)? system_u:object_r:httpd_log_t
@@ -1665,14 +1753,14 @@
+/etc/htdig(/.*)? system_u:object_r:httpd_sys_content_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/arpwatch.fc policy-1.17.30/file_contexts/program/arpwatch.fc
--- nsapolicy/file_contexts/program/arpwatch.fc 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.17.30/file_contexts/program/arpwatch.fc 2005-03-21 23:08:51.436946672 -0500
++++ policy-1.17.30/file_contexts/program/arpwatch.fc 2005-03-21 23:08:51.000000000 -0500
@@ -0,0 +1,3 @@
+# arpwatch - keep track of ethernet/ip address pairings
+/usr/sbin/arpwatch -- system_u:object_r:arpwatch_exec_t
+/var/arpwatch(/.*)? system_u:object_r:arpwatch_data_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/cups.fc policy-1.17.30/file_contexts/program/cups.fc
--- nsapolicy/file_contexts/program/cups.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/cups.fc 2005-03-21 23:08:51.436946672 -0500
++++ policy-1.17.30/file_contexts/program/cups.fc 2005-03-21 23:08:51.000000000 -0500
@@ -18,8 +18,9 @@
/usr/lib(64)?/cups/backend/.* -- system_u:object_r:cupsd_exec_t
/usr/lib(64)?/cups/daemon/.* -- system_u:object_r:cupsd_exec_t
@@ -1687,7 +1775,7 @@
/var/run/cups/printcap -- system_u:object_r:cupsd_var_run_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/dhcpd.fc policy-1.17.30/file_contexts/program/dhcpd.fc
--- nsapolicy/file_contexts/program/dhcpd.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/dhcpd.fc 2005-03-21 23:08:51.437946520 -0500
++++ policy-1.17.30/file_contexts/program/dhcpd.fc 2005-03-21 23:08:51.000000000 -0500
@@ -1,5 +1,5 @@
# dhcpd
-/etc/dhcpd.conf -- system_u:object_r:dhcp_etc_t
@@ -1697,7 +1785,7 @@
/var/lib/dhcp(3)?/dhcpd\.leases.* -- system_u:object_r:dhcpd_state_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/ipsec.fc policy-1.17.30/file_contexts/program/ipsec.fc
--- nsapolicy/file_contexts/program/ipsec.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/ipsec.fc 2005-03-21 23:08:51.437946520 -0500
++++ policy-1.17.30/file_contexts/program/ipsec.fc 2005-03-21 23:08:51.000000000 -0500
@@ -3,8 +3,10 @@
/etc/ipsec\.secrets -- system_u:object_r:ipsec_key_file_t
/etc/ipsec\.conf -- system_u:object_r:ipsec_conf_file_t
@@ -1725,7 +1813,7 @@
/usr/sbin/racoon -- system_u:object_r:ipsec_exec_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/mailman.fc policy-1.17.30/file_contexts/program/mailman.fc
--- nsapolicy/file_contexts/program/mailman.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/mailman.fc 2005-03-21 23:08:51.438946368 -0500
++++ policy-1.17.30/file_contexts/program/mailman.fc 2005-03-21 23:08:51.000000000 -0500
@@ -1,23 +1,24 @@
# mailman list server
+/var/lib/mailman(/.*)? system_u:object_r:mailman_data_t
@@ -1760,7 +1848,7 @@
')
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/mta.fc policy-1.17.30/file_contexts/program/mta.fc
--- nsapolicy/file_contexts/program/mta.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/mta.fc 2005-03-21 23:08:51.438946368 -0500
++++ policy-1.17.30/file_contexts/program/mta.fc 2005-03-21 23:08:51.000000000 -0500
@@ -5,3 +5,8 @@
/etc/aliases\.db -- system_u:object_r:etc_aliases_t
/var/spool/mail(/.*)? system_u:object_r:mail_spool_t
@@ -1772,7 +1860,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/mysqld.fc policy-1.17.30/file_contexts/program/mysqld.fc
--- nsapolicy/file_contexts/program/mysqld.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/mysqld.fc 2005-03-21 23:08:51.438946368 -0500
++++ policy-1.17.30/file_contexts/program/mysqld.fc 2005-03-21 23:08:51.000000000 -0500
@@ -1,10 +1,10 @@
# mysql database server
-/usr/sbin/mysqld -- system_u:object_r:mysqld_exec_t
@@ -1788,7 +1876,7 @@
ifdef(`distro_debian', `
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/named.fc policy-1.17.30/file_contexts/program/named.fc
--- nsapolicy/file_contexts/program/named.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/named.fc 2005-03-21 23:08:51.439946216 -0500
++++ policy-1.17.30/file_contexts/program/named.fc 2005-03-21 23:08:51.000000000 -0500
@@ -14,11 +14,12 @@
') dnl distro_debian
@@ -1828,7 +1916,7 @@
+') dnl distro_gentoo
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/nscd.fc policy-1.17.30/file_contexts/program/nscd.fc
--- nsapolicy/file_contexts/program/nscd.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/nscd.fc 2005-03-21 23:08:51.439946216 -0500
++++ policy-1.17.30/file_contexts/program/nscd.fc 2005-03-21 23:08:51.000000000 -0500
@@ -2,3 +2,5 @@
/usr/sbin/nscd -- system_u:object_r:nscd_exec_t
/var/run/\.nscd_socket -s system_u:object_r:nscd_var_run_t
@@ -1837,7 +1925,7 @@
+/var/run/nscd(/.*)? system_u:object_r:nscd_var_run_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/ntpd.fc policy-1.17.30/file_contexts/program/ntpd.fc
--- nsapolicy/file_contexts/program/ntpd.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/ntpd.fc 2005-03-21 23:08:51.439946216 -0500
++++ policy-1.17.30/file_contexts/program/ntpd.fc 2005-03-21 23:08:51.000000000 -0500
@@ -3,7 +3,7 @@
/etc/ntp(d)?\.conf -- system_u:object_r:net_conf_t
/etc/ntp/step-tickers -- system_u:object_r:net_conf_t
@@ -1849,7 +1937,7 @@
/var/log/xntpd.* -- system_u:object_r:ntpd_log_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/postgresql.fc policy-1.17.30/file_contexts/program/postgresql.fc
--- nsapolicy/file_contexts/program/postgresql.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/postgresql.fc 2005-03-21 23:08:51.440946064 -0500
++++ policy-1.17.30/file_contexts/program/postgresql.fc 2005-03-21 23:08:51.000000000 -0500
@@ -1,21 +1,16 @@
-# postgresql - ldap server
+# postgresql - database server
@@ -1883,7 +1971,7 @@
+/usr/lib/pgsql/test/regress/pg_regress -- system_u:object_r:postgresql_exec_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/sendmail.fc policy-1.17.30/file_contexts/program/sendmail.fc
--- nsapolicy/file_contexts/program/sendmail.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/sendmail.fc 2005-03-21 23:08:51.440946064 -0500
++++ policy-1.17.30/file_contexts/program/sendmail.fc 2005-03-21 23:08:51.000000000 -0500
@@ -1,6 +1,5 @@
# sendmail
/etc/mail(/.*)? system_u:object_r:etc_mail_t
@@ -1893,7 +1981,7 @@
/var/run/sendmail.pid -- system_u:object_r:sendmail_var_run_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/snmpd.fc policy-1.17.30/file_contexts/program/snmpd.fc
--- nsapolicy/file_contexts/program/snmpd.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/snmpd.fc 2005-03-21 23:08:51.441945912 -0500
++++ policy-1.17.30/file_contexts/program/snmpd.fc 2005-03-21 23:08:51.000000000 -0500
@@ -5,4 +5,5 @@
/usr/share/snmp/mibs/\.index -- system_u:object_r:snmpd_var_lib_t
/var/run/snmpd\.pid -- system_u:object_r:snmpd_var_run_t
@@ -1903,7 +1991,7 @@
+/var/log/snmpd.log -- system_u:object_r:snmpd_log_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/squid.fc policy-1.17.30/file_contexts/program/squid.fc
--- nsapolicy/file_contexts/program/squid.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/program/squid.fc 2005-03-21 23:08:51.441945912 -0500
++++ policy-1.17.30/file_contexts/program/squid.fc 2005-03-21 23:08:51.000000000 -0500
@@ -3,6 +3,6 @@
/var/cache/squid(/.*)? system_u:object_r:squid_cache_t
/var/spool/squid(/.*)? system_u:object_r:squid_cache_t
@@ -1914,7 +2002,7 @@
/usr/share/squid(/.*)? system_u:object_r:squid_conf_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/winbind.fc policy-1.17.30/file_contexts/program/winbind.fc
--- nsapolicy/file_contexts/program/winbind.fc 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.17.30/file_contexts/program/winbind.fc 2005-03-21 23:08:51.441945912 -0500
++++ policy-1.17.30/file_contexts/program/winbind.fc 2005-03-21 23:08:51.000000000 -0500
@@ -0,0 +1,10 @@
+/usr/sbin/winbindd -- system_u:object_r:winbind_exec_t
+/var/run/winbindd(/.*)? system_u:object_r:winbind_var_run_t
@@ -1928,7 +2016,7 @@
+/var/cache/samba/winbindd_privileged(/.*)? system_u:object_r:winbind_var_run_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/types.fc policy-1.17.30/file_contexts/types.fc
--- nsapolicy/file_contexts/types.fc 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/file_contexts/types.fc 2005-03-21 23:08:51.443945608 -0500
++++ policy-1.17.30/file_contexts/types.fc 2005-03-23 08:40:43.000000000 -0500
@@ -54,7 +54,7 @@
HOME_DIR -d system_u:object_r:ROLE_home_dir_t
HOME_DIR/.+ system_u:object_r:ROLE_home_t
@@ -1938,6 +2026,15 @@
#
# Mount points; do not relabel subdirectories, since
+@@ -79,7 +79,7 @@
+ /var/tmp -d system_u:object_r:tmp_t
+ /var/tmp/.* <<none>>
+ /var/tmp/vi\.recover -d system_u:object_r:tmp_t
+-/var/lib/nfs/rpc_pipefs(/*)? <<none>>
++/var/lib/nfs/rpc_pipefs(/.*)? <<none>>
+ /var/mailman/bin(/.*)? system_u:object_r:bin_t
+ /var/mailman/pythonlib(/.*)?/.*\.so(\..*)? -- system_u:object_r:shlib_t
+
@@ -111,7 +111,6 @@
#
/boot(/.*)? system_u:object_r:boot_t
@@ -2219,7 +2316,7 @@
+/usr/lib(64)?/[^/]*thunderbird[^/]*/mozilla-xremote-client -- system_u:object_r:bin_t
diff --exclude-from=exclude -N -u -r nsapolicy/macros/base_user_macros.te policy-1.17.30/macros/base_user_macros.te
--- nsapolicy/macros/base_user_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/base_user_macros.te 2005-03-21 23:08:51.443945608 -0500
++++ policy-1.17.30/macros/base_user_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -43,6 +43,8 @@
# for eject
allow $1_t fixed_disk_device_t:blk_file { getattr };
@@ -2256,7 +2353,7 @@
allow $1_t devtty_t:chr_file rw_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/macros/core_macros.te policy-1.17.30/macros/core_macros.te
--- nsapolicy/macros/core_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/core_macros.te 2005-03-21 23:08:51.444945456 -0500
++++ policy-1.17.30/macros/core_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -647,7 +647,5 @@
# eventually this should become can_nsswitch
#
@@ -2267,7 +2364,7 @@
')dnl end general_domain_access
diff --exclude-from=exclude -N -u -r nsapolicy/macros/global_macros.te policy-1.17.30/macros/global_macros.te
--- nsapolicy/macros/global_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/global_macros.te 2005-03-21 23:08:51.444945456 -0500
++++ policy-1.17.30/macros/global_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -291,9 +291,7 @@
r_dir_file($1_t, sysfs_t)
@@ -2288,7 +2385,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/apache_macros.te policy-1.17.30/macros/program/apache_macros.te
--- nsapolicy/macros/program/apache_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/apache_macros.te 2005-03-21 23:08:51.445945304 -0500
++++ policy-1.17.30/macros/program/apache_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -1,26 +1,9 @@
define(`apache_domain', `
@@ -2481,7 +2578,7 @@
')
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mount_macros.te policy-1.17.30/macros/program/mount_macros.te
--- nsapolicy/macros/program/mount_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/mount_macros.te 2005-03-21 23:08:51.446945152 -0500
++++ policy-1.17.30/macros/program/mount_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -56,6 +56,8 @@
allow $2_t home_root_t:dir { search };
allow $2_t $1_home_dir_t:dir { search };
@@ -2493,7 +2590,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mozilla_macros.te policy-1.17.30/macros/program/mozilla_macros.te
--- nsapolicy/macros/program/mozilla_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/mozilla_macros.te 2005-03-21 23:08:51.446945152 -0500
++++ policy-1.17.30/macros/program/mozilla_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -43,9 +43,7 @@
ifdef(`nfs_home_dirs', `
create_dir_file($1_mozilla_t, nfs_t)
@@ -2506,7 +2603,7 @@
allow $1_mozilla_t device_t:dir r_dir_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mta_macros.te policy-1.17.30/macros/program/mta_macros.te
--- nsapolicy/macros/program/mta_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/mta_macros.te 2005-03-21 23:08:51.447945000 -0500
++++ policy-1.17.30/macros/program/mta_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -20,7 +20,7 @@
undefine(`mail_domain')
define(`mail_domain',`
@@ -2534,7 +2631,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/newrole_macros.te policy-1.17.30/macros/program/newrole_macros.te
--- nsapolicy/macros/program/newrole_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/newrole_macros.te 2005-03-21 23:08:51.447945000 -0500
++++ policy-1.17.30/macros/program/newrole_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -52,9 +52,7 @@
can_setexec($1_t)
@@ -2547,7 +2644,7 @@
allow $1_t self:capability { setuid setgid net_bind_service dac_override };
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/spamassassin_macros.te policy-1.17.30/macros/program/spamassassin_macros.te
--- nsapolicy/macros/program/spamassassin_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/spamassassin_macros.te 2005-03-21 23:08:51.447945000 -0500
++++ policy-1.17.30/macros/program/spamassassin_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -90,9 +90,10 @@
# set tunable if you have spamassassin do DNS lookups
if (spamassasin_can_network) {
@@ -2563,7 +2660,7 @@
#
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/ssh_agent_macros.te policy-1.17.30/macros/program/ssh_agent_macros.te
--- nsapolicy/macros/program/ssh_agent_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/ssh_agent_macros.te 2005-03-21 23:08:51.448944848 -0500
++++ policy-1.17.30/macros/program/ssh_agent_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -38,9 +38,7 @@
can_ypbind($1_ssh_agent_t)
@@ -2576,7 +2673,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/ssh_macros.te policy-1.17.30/macros/program/ssh_macros.te
--- nsapolicy/macros/program/ssh_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/ssh_macros.te 2005-03-21 23:08:51.448944848 -0500
++++ policy-1.17.30/macros/program/ssh_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -28,9 +28,7 @@
type $1_ssh_t, domain, privlog;
type $1_home_ssh_t, file_type, homedirfile, sysadmfile;
@@ -2589,7 +2686,7 @@
')dnl end if nfs_home_dirs
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/su_macros.te policy-1.17.30/macros/program/su_macros.te
--- nsapolicy/macros/program/su_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/su_macros.te 2005-03-21 23:08:51.449944696 -0500
++++ policy-1.17.30/macros/program/su_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -134,9 +134,7 @@
dontaudit $1_su_t home_dir_type:dir { search write };
')
@@ -2602,7 +2699,7 @@
')dnl end if nfs_home_dirs
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/userhelper_macros.te policy-1.17.30/macros/program/userhelper_macros.te
--- nsapolicy/macros/program/userhelper_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/userhelper_macros.te 2005-03-21 23:08:51.449944696 -0500
++++ policy-1.17.30/macros/program/userhelper_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -121,9 +121,7 @@
allow $1_userhelper_t urandom_device_t:chr_file { getattr read };
@@ -2623,7 +2720,7 @@
')dnl end userhelper macro
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/xauth_macros.te policy-1.17.30/macros/program/xauth_macros.te
--- nsapolicy/macros/program/xauth_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/xauth_macros.te 2005-03-21 23:08:51.449944696 -0500
++++ policy-1.17.30/macros/program/xauth_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -88,9 +88,7 @@
allow $1_xauth_t $1_tmp_t:file { getattr ioctl read };
@@ -2636,7 +2733,7 @@
')dnl end ifdef single_userdomain
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/xserver_macros.te policy-1.17.30/macros/program/xserver_macros.te
--- nsapolicy/macros/program/xserver_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/xserver_macros.te 2005-03-21 23:08:51.450944544 -0500
++++ policy-1.17.30/macros/program/xserver_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -64,7 +64,7 @@
allow xdm_xserver_t init_t:fd use;
@@ -2657,7 +2754,7 @@
# memory_device_t access is needed if not using the frame buffer
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/ypbind_macros.te policy-1.17.30/macros/program/ypbind_macros.te
--- nsapolicy/macros/program/ypbind_macros.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/macros/program/ypbind_macros.te 2005-03-21 23:08:51.450944544 -0500
++++ policy-1.17.30/macros/program/ypbind_macros.te 2005-03-21 23:08:51.000000000 -0500
@@ -1,21 +1,13 @@
-define(`can_ypbind',`')
@@ -2690,7 +2787,7 @@
-')
diff --exclude-from=exclude -N -u -r nsapolicy/Makefile policy-1.17.30/Makefile
--- nsapolicy/Makefile 2005-01-26 13:54:41.000000000 -0500
-+++ policy-1.17.30/Makefile 2005-03-21 23:08:51.451944392 -0500
++++ policy-1.17.30/Makefile 2005-03-21 23:08:51.000000000 -0500
@@ -3,7 +3,7 @@
#
# Targets:
@@ -2808,7 +2905,7 @@
@grep "^/root" $@.tmp >> $@
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/assert.te policy-1.17.30/targeted/assert.te
--- nsapolicy/targeted/assert.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/targeted/assert.te 2005-03-21 23:08:51.451944392 -0500
++++ policy-1.17.30/targeted/assert.te 2005-03-21 23:08:51.000000000 -0500
@@ -22,10 +22,10 @@
# Confined domains must never touch an unconfined domain except to
@@ -2824,7 +2921,7 @@
# Verify that every type that can be entered by
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/hotplug.te policy-1.17.30/targeted/domains/program/hotplug.te
--- nsapolicy/targeted/domains/program/hotplug.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/targeted/domains/program/hotplug.te 2005-03-21 23:08:51.452944240 -0500
++++ policy-1.17.30/targeted/domains/program/hotplug.te 2005-03-21 23:08:51.000000000 -0500
@@ -12,5 +12,5 @@
# strict policy.
#
@@ -2835,7 +2932,7 @@
+typealias etc_t alias hotplug_etc_t;
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/initrc.te policy-1.17.30/targeted/domains/program/initrc.te
--- nsapolicy/targeted/domains/program/initrc.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/targeted/domains/program/initrc.te 2005-03-21 23:08:51.452944240 -0500
++++ policy-1.17.30/targeted/domains/program/initrc.te 2005-03-21 23:08:51.000000000 -0500
@@ -13,4 +13,4 @@
#
type initrc_exec_t, file_type, sysadmfile, exec_type;
@@ -2844,7 +2941,7 @@
+typealias var_run_t alias initrc_var_run_t;
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/unconfined.te policy-1.17.30/targeted/domains/unconfined.te
--- nsapolicy/targeted/domains/unconfined.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/targeted/domains/unconfined.te 2005-03-21 23:08:51.453944088 -0500
++++ policy-1.17.30/targeted/domains/unconfined.te 2005-03-21 23:08:51.000000000 -0500
@@ -4,7 +4,7 @@
# is not explicitly confined. It has no restrictions.
# It needs to be carefully protected from the confined domains.
@@ -2869,7 +2966,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/tunables/distro.tun policy-1.17.30/tunables/distro.tun
--- nsapolicy/tunables/distro.tun 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/tunables/distro.tun 2005-03-21 23:08:51.453944088 -0500
++++ policy-1.17.30/tunables/distro.tun 2005-03-21 23:08:51.000000000 -0500
@@ -5,7 +5,7 @@
# appropriate ifdefs.
@@ -2881,7 +2978,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/tunables/tunable.tun policy-1.17.30/tunables/tunable.tun
--- nsapolicy/tunables/tunable.tun 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/tunables/tunable.tun 2005-03-21 23:08:51.921872952 -0500
++++ policy-1.17.30/tunables/tunable.tun 2005-03-21 23:08:51.000000000 -0500
@@ -1,42 +1,39 @@
# Allow all domains to connect to nscd
-dnl define(`nscd_all_connect')
@@ -2936,7 +3033,7 @@
# that do not have a domain transition explicitly defined.
diff --exclude-from=exclude -N -u -r nsapolicy/types/device.te policy-1.17.30/types/device.te
--- nsapolicy/types/device.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/types/device.te 2005-03-21 23:08:51.929871736 -0500
++++ policy-1.17.30/types/device.te 2005-03-21 23:08:51.000000000 -0500
@@ -28,6 +28,10 @@
type console_device_t, device_type, dev_fs;
@@ -2959,7 +3056,7 @@
type apm_bios_t, device_type, dev_fs;
diff --exclude-from=exclude -N -u -r nsapolicy/types/file.te policy-1.17.30/types/file.te
--- nsapolicy/types/file.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/types/file.te 2005-03-21 23:08:51.937870520 -0500
++++ policy-1.17.30/types/file.te 2005-03-22 09:18:12.000000000 -0500
@@ -128,7 +128,11 @@
# shlib_t is the type of shared objects in the system lib
# directories.
@@ -2972,6 +3069,26 @@
#
# ld_so_t is the type of the system dynamic loaders.
+@@ -258,15 +262,15 @@
+ # the default file system type.
+ #
+ allow { file_type device_type } fs_t:filesystem associate;
+-ifdef(`distro_redhat', `
+-allow { dev_fs ttyfile } tmpfs_t:filesystem associate;
+-')
+
+ # Allow the pty to be associated with the file system.
+ allow devpts_t devpts_t:filesystem associate;
+
+ type tmpfs_t, file_type, sysadmfile, fs_type, root_dir_type;
+-allow { tmpfs_t tmp_t } tmpfs_t:filesystem associate;
++allow { tmpfs_t tmpfile } tmpfs_t:filesystem associate;
++ifdef(`distro_redhat', `
++allow { dev_fs ttyfile logfile } tmpfs_t:filesystem associate;
++')
+
+ type autofs_t, fs_type, root_dir_type, noexattrfile, sysadmfile;
+ allow autofs_t autofs_t:filesystem associate;
@@ -287,7 +291,7 @@
allow ramfs_t ramfs_t:filesystem associate;
@@ -2996,7 +3113,7 @@
+allow file_type noexattrfile:filesystem associate;
diff --exclude-from=exclude -N -u -r nsapolicy/types/network.te policy-1.17.30/types/network.te
--- nsapolicy/types/network.te 2004-10-09 21:07:28.000000000 -0400
-+++ policy-1.17.30/types/network.te 2005-03-21 23:08:51.943869608 -0500
++++ policy-1.17.30/types/network.te 2005-03-21 23:08:51.000000000 -0500
@@ -42,7 +42,7 @@
ifdef(`dovecot.te', `define(`use_pop')')
ifdef(`uwimapd.te', `define(`use_pop')')
Index: selinux-policy-targeted.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-targeted/FC-3/selinux-policy-targeted.spec,v
retrieving revision 1.195
retrieving revision 1.196
diff -u -r1.195 -r1.196
--- selinux-policy-targeted.spec 22 Mar 2005 14:24:08 -0000 1.195
+++ selinux-policy-targeted.spec 23 Mar 2005 13:48:19 -0000 1.196
@@ -8,7 +8,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.17.30
-Release: 2.91
+Release: 2.92
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -210,6 +210,10 @@
exit 0
%changelog
+* Wed Mar 23 2005 Dan Walsh <dwalsh at redhat.com> 1.17.30-2.92
+- Fix /var/lib/nfs/rpc_pipefs(/.*)?
+- Better handling of logrotate
+
* Tue Mar 16 2005 Dan Walsh <dwalsh at redhat.com> 1.17.30-2.91
- Allow logrotate to handle tmpfs /tmp
- Previous message (by thread): rpms/pam/devel pam-0.78-console-alsa-init.patch, NONE, 1.1 pam-0.78-console-perms-dri.patch, NONE, 1.1 pam-0.78-console-wrong-log.patch, NONE, 1.1 pam.spec, 1.62, 1.63 pam-0.78-console-glib-dynamic.patch, 1.1, NONE
- Next message (by thread): rpms/qt/devel qt-3.3.3-gtkstyle.patch,NONE,1.1 qt.spec,1.66,1.67
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list