rpms/selinux-policy-strict/FC-4 policy-20050916.patch, 1.5, 1.6 selinux-policy-strict.spec, 1.322, 1.323
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Oct 12 18:43:40 UTC 2005
- Previous message (by thread): rpms/selinux-policy-targeted/FC-4 policy-20050916.patch, 1.7, 1.8 selinux-policy-targeted.spec, 1.341, 1.342 policy-20050525.patch, 1.4, NONE policy-20050811.patch, 1.3, NONE
- Next message (by thread): rpms/gdb/devel gdb-6.3-attach-stop-20051011.patch, NONE, 1.1 gdb.spec, 1.160, 1.161
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy-strict/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv15913
Modified Files:
policy-20050916.patch selinux-policy-strict.spec
Log Message:
* Wed Oct 12 2005 Dan Walsh <dwalsh at redhat.com> 1.27.1-2.6
- Fixes for bluetooth and hal
policy-20050916.patch:
Makefile | 20 ++++----
attrib.te | 3 +
domains/program/crond.te | 2
domains/program/fsadm.te | 7 ++
domains/program/hostname.te | 2
domains/program/ifconfig.te | 5 +-
domains/program/initrc.te | 17 ++++++-
domains/program/ldconfig.te | 3 -
domains/program/load_policy.te | 7 +-
domains/program/login.te | 21 +++++---
domains/program/modutil.te | 14 +++--
domains/program/mount.te | 5 +-
domains/program/netutils.te | 3 -
domains/program/passwd.te | 1
domains/program/restorecon.te | 3 -
domains/program/setfiles.te | 4 -
domains/program/ssh.te | 6 ++
domains/program/su.te | 9 +++
domains/program/syslogd.te | 6 +-
domains/program/unused/NetworkManager.te | 3 -
domains/program/unused/alsa.te | 2
domains/program/unused/amanda.te | 74 +++++++------------------------
domains/program/unused/anaconda.te | 5 --
domains/program/unused/apache.te | 17 ++++---
domains/program/unused/apmd.te | 13 +++++
domains/program/unused/auditd.te | 2
domains/program/unused/automount.te | 4 +
domains/program/unused/bluetooth.te | 70 ++++++++++++++++++++++++++++-
domains/program/unused/cups.te | 18 +++++--
domains/program/unused/cvs.te | 3 +
domains/program/unused/cyrus.te | 2
domains/program/unused/dbusd.te | 4 +
domains/program/unused/dhcpc.te | 5 +-
domains/program/unused/dhcpd.te | 3 -
domains/program/unused/dovecot.te | 4 +
domains/program/unused/ftpd.te | 6 +-
domains/program/unused/hald.te | 5 +-
domains/program/unused/hotplug.te | 5 +-
domains/program/unused/hwclock.te | 2
domains/program/unused/ipsec.te | 2
domains/program/unused/kudzu.te | 5 +-
domains/program/unused/mta.te | 8 +++
domains/program/unused/mysqld.te | 6 +-
domains/program/unused/named.te | 29 ++++++++++--
domains/program/unused/nscd.te | 1
domains/program/unused/ntpd.te | 10 ++--
domains/program/unused/openct.te | 16 ++++++
domains/program/unused/pamconsole.te | 2
domains/program/unused/pegasus.te | 37 +++++++++++++++
domains/program/unused/ping.te | 3 -
domains/program/unused/postfix.te | 30 +++++++-----
domains/program/unused/pppd.te | 8 ++-
domains/program/unused/procmail.te | 11 +++-
domains/program/unused/readahead.te | 21 ++++++++
domains/program/unused/rlogind.te | 4 +
domains/program/unused/roundup.te | 29 ++++++++++++
domains/program/unused/rpcd.te | 13 ++++-
domains/program/unused/rsync.te | 3 -
domains/program/unused/samba.te | 12 ++++-
domains/program/unused/snmpd.te | 6 +-
domains/program/unused/squid.te | 3 -
domains/program/unused/udev.te | 10 +++-
domains/program/unused/utempter.te | 2
domains/program/unused/webalizer.te | 3 +
domains/program/unused/winbind.te | 1
domains/program/unused/xdm.te | 3 +
domains/program/unused/yppasswdd.te | 40 ++++++++++++++++
domains/program/unused/ypserv.te | 1
domains/program/useradd.te | 5 +-
file_contexts/distros.fc | 2
file_contexts/program/bluetooth.fc | 3 +
file_contexts/program/dhcpc.fc | 2
file_contexts/program/dhcpd.fc | 1
file_contexts/program/ftpd.fc | 5 +-
file_contexts/program/games.fc | 11 +++-
file_contexts/program/ipsec.fc | 1
file_contexts/program/openct.fc | 2
file_contexts/program/pegasus.fc | 11 ++++
file_contexts/program/pppd.fc | 2
file_contexts/program/readahead.fc | 1
file_contexts/program/roundup.fc | 2
file_contexts/program/rpm.fc | 4 +
file_contexts/program/rsync.fc | 2
file_contexts/program/xdm.fc | 2
file_contexts/program/yppasswdd.fc | 2
file_contexts/program/ypserv.fc | 1
file_contexts/types.fc | 2
genfs_contexts | 2
macros/base_user_macros.te | 6 ++
macros/core_macros.te | 3 +
macros/global_macros.te | 18 +++++--
macros/network_macros.te | 17 ++++++-
macros/program/apache_macros.te | 13 ++++-
macros/program/cdrecord_macros.te | 2
macros/program/i18n_input_macros.te | 21 ++++++++
macros/program/mta_macros.te | 4 -
macros/program/newrole_macros.te | 2
macros/program/pyzor_macros.te | 2
macros/program/razor_macros.te | 2
macros/program/su_macros.te | 4 -
macros/program/uml_macros.te | 2
macros/user_macros.te | 1
man/man8/ftpd_selinux.8 | 19 ++++---
man/man8/httpd_selinux.8 | 9 +++
man/man8/rsync_selinux.8 | 12 +++--
man/man8/samba_selinux.8 | 9 +++
mcs | 16 ++++++
net_contexts | 6 ++
targeted/appconfig/root_default_contexts | 4 +
targeted/assert.te | 2
targeted/domains/program/ssh.te | 3 +
targeted/domains/program/xdm.te | 4 +
targeted/domains/unconfined.te | 15 ++++++
tunables/distro.tun | 2
tunables/tunable.tun | 4 -
types/devpts.te | 4 +
types/file.te | 15 ++++--
types/network.te | 12 ++---
types/security.te | 5 ++
119 files changed, 774 insertions(+), 231 deletions(-)
Index: policy-20050916.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/FC-4/policy-20050916.patch,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- policy-20050916.patch 12 Oct 2005 01:13:03 -0000 1.5
+++ policy-20050916.patch 12 Oct 2005 18:43:32 -0000 1.6
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsapolicy/attrib.te policy-1.27.1/attrib.te
--- nsapolicy/attrib.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/attrib.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/attrib.te 2005-10-12 14:40:15.000000000 -0400
@@ -443,6 +443,9 @@
# Attribute to designate unrestricted access
attribute unrestricted;
@@ -13,7 +13,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/crond.te policy-1.27.1/domains/program/crond.te
--- nsapolicy/domains/program/crond.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/crond.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/crond.te 2005-10-12 14:40:15.000000000 -0400
@@ -106,7 +106,7 @@
# Inherit and use descriptors from initrc for anacron.
@@ -25,7 +25,7 @@
allow system_crond_t self:capability { dac_read_search chown setgid setuid fowner net_bind_service fsetid };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/fsadm.te policy-1.27.1/domains/program/fsadm.te
--- nsapolicy/domains/program/fsadm.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/fsadm.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/fsadm.te 2005-10-12 14:40:15.000000000 -0400
@@ -102,10 +102,10 @@
allow fsadm_t kernel_t:system syslog_console;
@@ -48,7 +48,7 @@
+allow fsadm_t file_type:dir { getattr search };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/hostname.te policy-1.27.1/domains/program/hostname.te
--- nsapolicy/domains/program/hostname.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/hostname.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/hostname.te 2005-10-12 14:40:15.000000000 -0400
@@ -24,5 +24,5 @@
ifdef(`distro_redhat', `
allow hostname_t tmpfs_t:chr_file rw_file_perms;
@@ -58,7 +58,7 @@
allow hostname_t initrc_t:fd use;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ifconfig.te policy-1.27.1/domains/program/ifconfig.te
--- nsapolicy/domains/program/ifconfig.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/ifconfig.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/ifconfig.te 2005-10-12 14:40:15.000000000 -0400
@@ -52,7 +52,8 @@
allow ifconfig_t self:udp_socket create_socket_perms;
@@ -80,7 +80,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/initrc.te policy-1.27.1/domains/program/initrc.te
--- nsapolicy/domains/program/initrc.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/initrc.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/initrc.te 2005-10-12 14:40:15.000000000 -0400
@@ -56,6 +56,10 @@
can_create_pty(initrc)
@@ -118,7 +118,7 @@
+r_dir_file(initrc_t, cert_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ldconfig.te policy-1.27.1/domains/program/ldconfig.te
--- nsapolicy/domains/program/ldconfig.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/ldconfig.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/ldconfig.te 2005-10-12 14:40:15.000000000 -0400
@@ -16,7 +16,8 @@
domain_auto_trans({ sysadm_t initrc_t }, ldconfig_exec_t, ldconfig_t)
@@ -131,7 +131,7 @@
uses_shlib(ldconfig_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/load_policy.te policy-1.27.1/domains/program/load_policy.te
--- nsapolicy/domains/program/load_policy.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/load_policy.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/load_policy.te 2005-10-12 14:40:15.000000000 -0400
@@ -45,11 +45,12 @@
allow load_policy_t root_t:dir search;
allow load_policy_t etc_t:dir search;
@@ -150,7 +150,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/login.te policy-1.27.1/domains/program/login.te
--- nsapolicy/domains/program/login.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/login.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/login.te 2005-10-12 14:40:15.000000000 -0400
@@ -62,6 +62,11 @@
ifdef(`pamconsole.te', `
@@ -202,7 +202,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/modutil.te policy-1.27.1/domains/program/modutil.te
--- nsapolicy/domains/program/modutil.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/modutil.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/modutil.te 2005-10-12 14:40:15.000000000 -0400
@@ -59,7 +59,8 @@
allow depmod_t modules_object_t:file unlink;
@@ -255,7 +255,7 @@
allow update_modules_t urandom_device_t:chr_file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/mount.te policy-1.27.1/domains/program/mount.te
--- nsapolicy/domains/program/mount.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/mount.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/mount.te 2005-10-12 14:40:15.000000000 -0400
@@ -16,13 +16,14 @@
role sysadm_r types mount_t;
role system_r types mount_t;
@@ -275,7 +275,7 @@
allow mount_t file_type:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/netutils.te policy-1.27.1/domains/program/netutils.te
--- nsapolicy/domains/program/netutils.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/netutils.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/netutils.te 2005-10-12 14:40:15.000000000 -0400
@@ -55,7 +55,8 @@
# Access terminals.
@@ -288,7 +288,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/passwd.te policy-1.27.1/domains/program/passwd.te
--- nsapolicy/domains/program/passwd.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/passwd.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/passwd.te 2005-10-12 14:40:15.000000000 -0400
@@ -153,5 +153,4 @@
ifdef(`targeted_policy', `
@@ -297,7 +297,7 @@
')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/restorecon.te policy-1.27.1/domains/program/restorecon.te
--- nsapolicy/domains/program/restorecon.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/restorecon.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/restorecon.te 2005-10-12 14:40:15.000000000 -0400
@@ -19,7 +19,7 @@
role sysadm_r types restorecon_t;
role secadm_r types restorecon_t;
@@ -314,7 +314,7 @@
+allow restorecon_t autofs_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/setfiles.te policy-1.27.1/domains/program/setfiles.te
--- nsapolicy/domains/program/setfiles.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/setfiles.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/setfiles.te 2005-10-12 14:40:15.000000000 -0400
@@ -12,7 +12,7 @@
#
# needs auth_write attribute because it has relabelfrom/relabelto
@@ -335,7 +335,7 @@
allow setfiles_t self:unix_dgram_socket create_socket_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/ssh.te policy-1.27.1/domains/program/ssh.te
--- nsapolicy/domains/program/ssh.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/ssh.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/ssh.te 2005-10-12 14:40:15.000000000 -0400
@@ -153,6 +153,7 @@
#
sshd_program_domain(sshd)
@@ -362,7 +362,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/su.te policy-1.27.1/domains/program/su.te
--- nsapolicy/domains/program/su.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/su.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/su.te 2005-10-12 14:40:15.000000000 -0400
@@ -12,3 +12,12 @@
# Everything else is in the su_domain macro in
@@ -378,7 +378,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/syslogd.te policy-1.27.1/domains/program/syslogd.te
--- nsapolicy/domains/program/syslogd.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/syslogd.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/syslogd.te 2005-10-12 14:40:15.000000000 -0400
@@ -14,9 +14,9 @@
# by syslogd.
#
@@ -402,7 +402,7 @@
allow syslogd_t self:capability { dac_override net_admin net_bind_service sys_resource sys_tty_config };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/alsa.te policy-1.27.1/domains/program/unused/alsa.te
--- nsapolicy/domains/program/unused/alsa.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/alsa.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/alsa.te 2005-10-12 14:40:15.000000000 -0400
@@ -11,6 +11,8 @@
allow alsa_t self:unix_stream_socket create_stream_socket_perms;
allow alsa_t self:unix_dgram_socket create_socket_perms;
@@ -414,7 +414,7 @@
allow alsa_t self:capability { setgid setuid ipc_owner };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/amanda.te policy-1.27.1/domains/program/unused/amanda.te
--- nsapolicy/domains/program/unused/amanda.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/amanda.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/amanda.te 2005-10-12 14:40:15.000000000 -0400
@@ -84,7 +84,6 @@
# configuration files -> read only
@@ -576,7 +576,7 @@
+allow amanda_t file_type:fifo_file getattr;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/anaconda.te policy-1.27.1/domains/program/unused/anaconda.te
--- nsapolicy/domains/program/unused/anaconda.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/anaconda.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/anaconda.te 2005-10-12 14:40:15.000000000 -0400
@@ -17,11 +17,6 @@
role system_r types ldconfig_t;
domain_auto_trans(anaconda_t, ldconfig_exec_t, ldconfig_t)
@@ -591,7 +591,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apache.te policy-1.27.1/domains/program/unused/apache.te
--- nsapolicy/domains/program/unused/apache.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/apache.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/apache.te 2005-10-12 14:40:15.000000000 -0400
@@ -113,9 +113,12 @@
can_network_server(httpd_t)
can_kerberos(httpd_t)
@@ -646,7 +646,7 @@
}
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/apmd.te policy-1.27.1/domains/program/unused/apmd.te
--- nsapolicy/domains/program/unused/apmd.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/apmd.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/apmd.te 2005-10-12 14:40:15.000000000 -0400
@@ -47,6 +47,7 @@
# acpid also has a logfile
@@ -673,7 +673,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/auditd.te policy-1.27.1/domains/program/unused/auditd.te
--- nsapolicy/domains/program/unused/auditd.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/auditd.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/auditd.te 2005-10-12 14:40:15.000000000 -0400
@@ -65,3 +65,5 @@
allow auditctl_t privfd:fd use;
@@ -682,7 +682,7 @@
+can_exec(auditd_t, sbin_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/automount.te policy-1.27.1/domains/program/unused/automount.te
--- nsapolicy/domains/program/unused/automount.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/automount.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/automount.te 2005-10-12 14:40:15.000000000 -0400
@@ -34,7 +34,9 @@
can_exec(automount_t, { etc_t automount_etc_t })
@@ -708,7 +708,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/bluetooth.te policy-1.27.1/domains/program/unused/bluetooth.te
--- nsapolicy/domains/program/unused/bluetooth.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/bluetooth.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/bluetooth.te 2005-10-12 14:41:20.000000000 -0400
@@ -11,16 +11,23 @@
daemon_domain(bluetooth)
@@ -742,14 +742,14 @@
# Read /etc/bluetooth
allow bluetooth_t bluetooth_conf_t:dir search;
-@@ -44,5 +52,56 @@
+@@ -44,5 +52,63 @@
allow bluetooth_t usbfs_t:dir r_dir_perms;
allow bluetooth_t usbfs_t:file rw_file_perms;
allow bluetooth_t bin_t:dir search;
-can_exec(bluetooth_t, bin_t)
+can_exec(bluetooth_t, { bin_t shell_exec_t })
+allow bluetooth_t bin_t:lnk_file read;
-+
+
+#Handle bluetooth serial devices
+allow bluetooth_t tty_device_t:chr_file rw_file_perms;
+allow bluetooth_t self:fifo_file rw_file_perms;
@@ -769,7 +769,7 @@
+allow bluetooth_helper_t bin_t:lnk_file read;
+allow bluetooth_helper_t self:capability sys_nice;
+allow bluetooth_helper_t self:fifo_file rw_file_perms;
-+allow bluetooth_helper_t self:process fork;
++allow bluetooth_helper_t self:process { fork getsched sigchld };
+allow bluetooth_helper_t self:shm create_shm_perms;
+allow bluetooth_helper_t self:unix_stream_socket create_stream_socket_perms;
+allow bluetooth_helper_t { etc_t etc_runtime_t }:file { getattr read };
@@ -797,12 +797,19 @@
+allow unpriv_userdomain bluetooth_t:dbus send_msg;
+')
+allow bluetooth_helper_t bluetooth_t:socket { read write };
-
++allow bluetooth_helper_t self:unix_dgram_socket create_socket_perms;
++allow bluetooth_helper_t self:unix_stream_socket connectto;
++tmp_domain(bluetooth_helper)
++allow bluetooth_helper_t urandom_device_t:chr_file r_file_perms;
++
+dontaudit bluetooth_helper_t default_t:dir { read search };
+dontaudit bluetooth_helper_t { devtty_t ttyfile }:chr_file { read write };
++dontaudit bluetooth_helper_t home_dir_type:dir r_dir_perms;
++allow bluetooth_helper_t xserver_log_t:dir search;
++allow bluetooth_helper_t xserver_log_t:file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cups.te policy-1.27.1/domains/program/unused/cups.te
--- nsapolicy/domains/program/unused/cups.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/cups.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/cups.te 2005-10-12 14:40:15.000000000 -0400
@@ -188,6 +188,7 @@
# Uses networking to talk to the daemons
allow hplip_t self:unix_dgram_socket create_socket_perms;
@@ -867,7 +874,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cvs.te policy-1.27.1/domains/program/unused/cvs.te
--- nsapolicy/domains/program/unused/cvs.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/cvs.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/cvs.te 2005-10-12 14:40:15.000000000 -0400
@@ -23,6 +23,9 @@
allow cvs_t etc_runtime_t:file { getattr read };
allow system_mail_t cvs_data_t:file { getattr read };
@@ -880,7 +887,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/cyrus.te policy-1.27.1/domains/program/unused/cyrus.te
--- nsapolicy/domains/program/unused/cyrus.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/cyrus.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/cyrus.te 2005-10-12 14:40:15.000000000 -0400
@@ -42,7 +42,7 @@
create_dir_file(cyrus_t, mail_spool_t)
allow cyrus_t var_spool_t:dir search;
@@ -892,7 +899,7 @@
allow cyrus_t saslauthd_t:unix_stream_socket { connectto };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dbusd.te policy-1.27.1/domains/program/unused/dbusd.te
--- nsapolicy/domains/program/unused/dbusd.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/dbusd.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/dbusd.te 2005-10-12 14:40:15.000000000 -0400
@@ -12,7 +12,7 @@
# dac_override: /var/run/dbus is owned by messagebus on Debian
@@ -910,7 +917,7 @@
+allow system_dbusd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dhcpc.te policy-1.27.1/domains/program/unused/dhcpc.te
--- nsapolicy/domains/program/unused/dhcpc.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/dhcpc.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/dhcpc.te 2005-10-12 14:40:15.000000000 -0400
@@ -120,6 +120,7 @@
allow dhcpc_t self:packet_socket create_socket_perms;
allow dhcpc_t var_lib_t:dir search;
@@ -944,7 +951,7 @@
')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dhcpd.te policy-1.27.1/domains/program/unused/dhcpd.te
--- nsapolicy/domains/program/unused/dhcpd.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/dhcpd.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/dhcpd.te 2005-10-12 14:40:15.000000000 -0400
@@ -17,8 +17,6 @@
#
daemon_domain(dhcpd, `, nscd_client_domain')
@@ -964,7 +971,7 @@
allow dhcpd_t self:unix_stream_socket create_socket_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/dovecot.te policy-1.27.1/domains/program/unused/dovecot.te
--- nsapolicy/domains/program/unused/dovecot.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/dovecot.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/dovecot.te 2005-10-12 14:40:15.000000000 -0400
@@ -43,7 +43,9 @@
can_kerberos(dovecot_t)
@@ -978,7 +985,7 @@
allow dovecot_t mail_spool_t:lnk_file read;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ftpd.te policy-1.27.1/domains/program/unused/ftpd.te
--- nsapolicy/domains/program/unused/ftpd.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/ftpd.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/ftpd.te 2005-10-12 14:40:15.000000000 -0400
@@ -99,9 +99,11 @@
if (ftp_home_dir) {
@@ -995,8 +1002,18 @@
r_dir_file(ftpd_t, nfs_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hald.te policy-1.27.1/domains/program/unused/hald.te
--- nsapolicy/domains/program/unused/hald.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/hald.te 2005-10-11 21:10:14.000000000 -0400
-@@ -100,4 +100,4 @@
++++ policy-1.27.1/domains/program/unused/hald.te 2005-10-12 14:40:15.000000000 -0400
+@@ -24,7 +24,8 @@
+ allow hald_t self:dbus send_msg;
+ ')
+
+-allow hald_t { self proc_t }:file { getattr read };
++allow hald_t self:file { getattr read };
++allow hald_t proc_t:file rw_file_perms;
+
+ allow hald_t { bin_t sbin_t }:dir search;
+ allow hald_t self:fifo_file rw_file_perms;
+@@ -100,4 +101,4 @@
ifdef(`mount.te', `
domain_auto_trans(hald_t, mount_exec_t, mount_t)
')
@@ -1004,7 +1021,7 @@
+r_dir_file(hald_t, hwdata_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hotplug.te policy-1.27.1/domains/program/unused/hotplug.te
--- nsapolicy/domains/program/unused/hotplug.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/hotplug.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/hotplug.te 2005-10-12 14:40:15.000000000 -0400
@@ -11,9 +11,9 @@
# hotplug_exec_t is the type of the hotplug executable.
#
@@ -1027,7 +1044,7 @@
allow hotplug_t printer_device_t:chr_file setattr;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/hwclock.te policy-1.27.1/domains/program/unused/hwclock.te
--- nsapolicy/domains/program/unused/hwclock.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/hwclock.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/hwclock.te 2005-10-12 14:40:15.000000000 -0400
@@ -21,7 +21,6 @@
domain_auto_trans(sysadm_t, hwclock_exec_t, hwclock_t)
')
@@ -1043,7 +1060,7 @@
+r_dir_file(hwclock_t, etc_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ipsec.te policy-1.27.1/domains/program/unused/ipsec.te
--- nsapolicy/domains/program/unused/ipsec.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/ipsec.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/ipsec.te 2005-10-12 14:40:15.000000000 -0400
@@ -219,7 +219,7 @@
dontaudit ipsec_mgmt_t selinux_config_t:dir search;
dontaudit ipsec_t ttyfile:chr_file { read write };
@@ -1055,7 +1072,7 @@
allow ipsec_mgmt_t self:{ tcp_socket udp_socket } create_socket_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/kudzu.te policy-1.27.1/domains/program/unused/kudzu.te
--- nsapolicy/domains/program/unused/kudzu.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/kudzu.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/kudzu.te 2005-10-12 14:40:15.000000000 -0400
@@ -20,7 +20,7 @@
allow kudzu_t ramfs_t:dir search;
allow kudzu_t ramfs_t:sock_file write;
@@ -1084,7 +1101,7 @@
allow kudzu_t initrc_t:unix_stream_socket connectto;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/mta.te policy-1.27.1/domains/program/unused/mta.te
--- nsapolicy/domains/program/unused/mta.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/mta.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/mta.te 2005-10-12 14:40:15.000000000 -0400
@@ -31,6 +31,10 @@
create_dir_file(system_mail_t, mail_spool_t)
allow system_mail_t mail_spool_t:fifo_file rw_file_perms;
@@ -1106,7 +1123,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/mysqld.te policy-1.27.1/domains/program/unused/mysqld.te
--- nsapolicy/domains/program/unused/mysqld.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/mysqld.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/mysqld.te 2005-10-12 14:40:15.000000000 -0400
@@ -12,7 +12,7 @@
#
daemon_domain(mysqld, `, nscd_client_domain')
@@ -1136,7 +1153,7 @@
-allow mysqld_t self:netlink_route_socket r_netlink_socket_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/named.te policy-1.27.1/domains/program/unused/named.te
--- nsapolicy/domains/program/unused/named.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/named.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/named.te 2005-10-12 14:40:15.000000000 -0400
@@ -36,7 +36,7 @@
allow named_t self:process { setsched setcap setrlimit };
@@ -1198,7 +1215,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/NetworkManager.te policy-1.27.1/domains/program/unused/NetworkManager.te
--- nsapolicy/domains/program/unused/NetworkManager.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/NetworkManager.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/NetworkManager.te 2005-10-12 14:40:15.000000000 -0400
@@ -11,7 +11,7 @@
# NetworkManager_t is the domain for the NetworkManager daemon.
# NetworkManager_exec_t is the type of the NetworkManager executable.
@@ -1215,7 +1232,7 @@
+dontaudit NetworkManager_t security_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/nscd.te policy-1.27.1/domains/program/unused/nscd.te
--- nsapolicy/domains/program/unused/nscd.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/nscd.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/nscd.te 2005-10-12 14:40:15.000000000 -0400
@@ -76,3 +76,4 @@
log_domain(nscd)
r_dir_file(nscd_t, cert_t)
@@ -1223,7 +1240,7 @@
+allow nscd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ntpd.te policy-1.27.1/domains/program/unused/ntpd.te
--- nsapolicy/domains/program/unused/ntpd.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/ntpd.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/ntpd.te 2005-10-12 14:40:15.000000000 -0400
@@ -26,11 +26,11 @@
# for SSP
allow ntpd_t urandom_device_t:chr_file { getattr read };
@@ -1251,7 +1268,7 @@
can_exec(ntpd_t, initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/openct.te policy-1.27.1/domains/program/unused/openct.te
--- nsapolicy/domains/program/unused/openct.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.27.1/domains/program/unused/openct.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/openct.te 2005-10-12 14:40:15.000000000 -0400
@@ -0,0 +1,16 @@
+#DESC openct - read files in page cache
+#
@@ -1271,7 +1288,7 @@
+allow openct_t etc_t:file r_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/pamconsole.te policy-1.27.1/domains/program/unused/pamconsole.te
--- nsapolicy/domains/program/unused/pamconsole.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/pamconsole.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/pamconsole.te 2005-10-12 14:40:15.000000000 -0400
@@ -25,6 +25,7 @@
# for /var/run/console.lock checking
allow pam_console_t { var_t var_run_t }:dir search;
@@ -1287,7 +1304,7 @@
+nsswitch_domain(pam_console_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/pegasus.te policy-1.27.1/domains/program/unused/pegasus.te
--- nsapolicy/domains/program/unused/pegasus.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.27.1/domains/program/unused/pegasus.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/pegasus.te 2005-10-12 14:40:15.000000000 -0400
@@ -0,0 +1,37 @@
+#DESC pegasus - The Open Group Pegasus CIM/WBEM Server
+#
@@ -1328,7 +1345,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ping.te policy-1.27.1/domains/program/unused/ping.te
--- nsapolicy/domains/program/unused/ping.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/ping.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/ping.te 2005-10-12 14:40:15.000000000 -0400
@@ -37,6 +37,7 @@
uses_shlib(ping_t)
can_network_client(ping_t)
@@ -1347,7 +1364,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/postfix.te policy-1.27.1/domains/program/unused/postfix.te
--- nsapolicy/domains/program/unused/postfix.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/postfix.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/postfix.te 2005-10-12 14:40:15.000000000 -0400
@@ -54,6 +54,8 @@
allow postfix_$1_t proc_net_t:dir search;
allow postfix_$1_t proc_net_t:file { getattr read };
@@ -1481,7 +1498,7 @@
+can_exec(postfix_local_t, bin_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/pppd.te policy-1.27.1/domains/program/unused/pppd.te
--- nsapolicy/domains/program/unused/pppd.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/pppd.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/pppd.te 2005-10-12 14:40:15.000000000 -0400
@@ -14,7 +14,7 @@
#
bool pppd_for_user false;
@@ -1524,7 +1541,7 @@
+allow pppd_t initrc_t:process noatsecure;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/procmail.te policy-1.27.1/domains/program/unused/procmail.te
--- nsapolicy/domains/program/unused/procmail.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/procmail.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/procmail.te 2005-10-12 14:40:15.000000000 -0400
@@ -19,8 +19,7 @@
uses_shlib(procmail_t)
allow procmail_t device_t:dir search;
@@ -1552,7 +1569,7 @@
# Search /var/run.
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/readahead.te policy-1.27.1/domains/program/unused/readahead.te
--- nsapolicy/domains/program/unused/readahead.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.27.1/domains/program/unused/readahead.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/readahead.te 2005-10-12 14:40:15.000000000 -0400
@@ -0,0 +1,21 @@
+#DESC readahead - read files in page cache
+#
@@ -1577,7 +1594,7 @@
+dontaudit readahead_t device_type:blk_file read;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rlogind.te policy-1.27.1/domains/program/unused/rlogind.te
--- nsapolicy/domains/program/unused/rlogind.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/rlogind.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/rlogind.te 2005-10-12 14:40:15.000000000 -0400
@@ -35,4 +35,6 @@
allow rlogind_t default_t:dir search;
typealias rlogind_port_t alias rlogin_port_t;
@@ -1588,7 +1605,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/roundup.te policy-1.27.1/domains/program/unused/roundup.te
--- nsapolicy/domains/program/unused/roundup.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.27.1/domains/program/unused/roundup.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/roundup.te 2005-10-12 14:40:15.000000000 -0400
@@ -0,0 +1,29 @@
+# Roundup Issue Tracking System
+#
@@ -1621,7 +1638,7 @@
+allow roundup_t etc_t:file { getattr read };
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rpcd.te policy-1.27.1/domains/program/unused/rpcd.te
--- nsapolicy/domains/program/unused/rpcd.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/rpcd.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/rpcd.te 2005-10-12 14:40:15.000000000 -0400
@@ -19,7 +19,7 @@
can_network($1_t)
allow $1_t port_type:tcp_socket name_connect;
@@ -1650,7 +1667,7 @@
+}
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/rsync.te policy-1.27.1/domains/program/unused/rsync.te
--- nsapolicy/domains/program/unused/rsync.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/rsync.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/rsync.te 2005-10-12 14:40:15.000000000 -0400
@@ -15,5 +15,4 @@
type rsync_data_t, file_type, sysadmfile;
r_dir_file(rsync_t, rsync_data_t)
@@ -1660,7 +1677,7 @@
+allow rsync_t self:capability sys_chroot;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/samba.te policy-1.27.1/domains/program/unused/samba.te
--- nsapolicy/domains/program/unused/samba.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/samba.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/samba.te 2005-10-12 14:40:15.000000000 -0400
@@ -25,6 +25,9 @@
# not sure why it needs this
tmp_domain(smbd)
@@ -1697,7 +1714,7 @@
# Access Samba shares.
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/snmpd.te policy-1.27.1/domains/program/unused/snmpd.te
--- nsapolicy/domains/program/unused/snmpd.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/snmpd.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/snmpd.te 2005-10-12 14:40:15.000000000 -0400
@@ -22,8 +22,9 @@
# for the .index file
@@ -1727,7 +1744,7 @@
dontaudit snmpd_t selinux_config_t:dir search;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/squid.te policy-1.27.1/domains/program/unused/squid.te
--- nsapolicy/domains/program/unused/squid.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/squid.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/squid.te 2005-10-12 14:40:15.000000000 -0400
@@ -60,7 +60,7 @@
can_tcp_connect(web_client_domain, squid_t)
@@ -1745,7 +1762,7 @@
')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/udev.te policy-1.27.1/domains/program/unused/udev.te
--- nsapolicy/domains/program/unused/udev.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/udev.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/udev.te 2005-10-12 14:40:15.000000000 -0400
@@ -28,12 +28,12 @@
type udev_tdb_t, file_type, sysadmfile, dev_fs;
typealias udev_tdb_t alias udev_tbl_t;
@@ -1777,7 +1794,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/utempter.te policy-1.27.1/domains/program/unused/utempter.te
--- nsapolicy/domains/program/unused/utempter.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/utempter.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/utempter.te 2005-10-12 14:40:15.000000000 -0400
@@ -19,6 +19,8 @@
type utempter_exec_t, file_type, sysadmfile, exec_type;
domain_auto_trans(userdomain, utempter_exec_t, utempter_t)
@@ -1789,7 +1806,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/webalizer.te policy-1.27.1/domains/program/unused/webalizer.te
--- nsapolicy/domains/program/unused/webalizer.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/webalizer.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/webalizer.te 2005-10-12 14:40:15.000000000 -0400
@@ -20,6 +20,9 @@
#read apache log
allow webalizer_t var_log_t:dir r_dir_perms;
@@ -1802,7 +1819,7 @@
var_lib_domain(webalizer)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/winbind.te policy-1.27.1/domains/program/unused/winbind.te
--- nsapolicy/domains/program/unused/winbind.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/winbind.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/winbind.te 2005-10-12 14:40:15.000000000 -0400
@@ -44,6 +44,7 @@
r_dir_file(winbind_t, samba_etc_t)
allow winbind_helper_t self:unix_dgram_socket create_socket_perms;
@@ -1813,7 +1830,7 @@
allow winbind_helper_t privfd:fd use;
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/xdm.te policy-1.27.1/domains/program/unused/xdm.te
--- nsapolicy/domains/program/unused/xdm.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/xdm.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/xdm.te 2005-10-12 14:40:15.000000000 -0400
@@ -371,3 +371,6 @@
dontaudit xdm_t ice_tmp_t:dir { getattr setattr };
@@ -1823,7 +1840,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/yppasswdd.te policy-1.27.1/domains/program/unused/yppasswdd.te
--- nsapolicy/domains/program/unused/yppasswdd.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.27.1/domains/program/unused/yppasswdd.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/yppasswdd.te 2005-10-12 14:40:15.000000000 -0400
@@ -0,0 +1,40 @@
+#DESC yppassdd - NIS password update daemon
+#
@@ -1867,7 +1884,7 @@
+rw_dir_create_file(yppasswdd_t, var_yp_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/unused/ypserv.te policy-1.27.1/domains/program/unused/ypserv.te
--- nsapolicy/domains/program/unused/ypserv.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/unused/ypserv.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/unused/ypserv.te 2005-10-12 14:40:15.000000000 -0400
@@ -39,3 +39,4 @@
')
allow ypserv_t reserved_port_t:{ udp_socket tcp_socket } name_bind;
@@ -1875,7 +1892,7 @@
+can_exec(ypserv_t, bin_t)
diff --exclude-from=exclude -N -u -r nsapolicy/domains/program/useradd.te policy-1.27.1/domains/program/useradd.te
--- nsapolicy/domains/program/useradd.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/domains/program/useradd.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/domains/program/useradd.te 2005-10-12 14:40:15.000000000 -0400
@@ -55,7 +55,6 @@
# useradd/userdel request read/write for /var/log/lastlog, and read of /dev,
# but will operate without them.
@@ -1899,7 +1916,7 @@
read_sysctl(useradd_t)
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/distros.fc policy-1.27.1/file_contexts/distros.fc
--- nsapolicy/file_contexts/distros.fc 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/file_contexts/distros.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/distros.fc 2005-10-12 14:40:15.000000000 -0400
@@ -89,6 +89,7 @@
/usr/lib/valgrind/hp2ps -- system_u:object_r:texrel_shlib_t
/usr/lib/valgrind/stage2 -- system_u:object_r:texrel_shlib_t
@@ -1918,7 +1935,7 @@
/usr/lib/ladspa/analogue_osc_1416\.so -- system_u:object_r:texrel_shlib_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/bluetooth.fc policy-1.27.1/file_contexts/program/bluetooth.fc
--- nsapolicy/file_contexts/program/bluetooth.fc 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/file_contexts/program/bluetooth.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/program/bluetooth.fc 2005-10-12 14:40:15.000000000 -0400
@@ -1,8 +1,11 @@
# bluetooth
/etc/bluetooth(/.*)? system_u:object_r:bluetooth_conf_t
@@ -1933,7 +1950,7 @@
+/var/lib/bluetooth(/.*)? system_u:object_r:bluetooth_var_lib_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/dhcpc.fc policy-1.27.1/file_contexts/program/dhcpc.fc
--- nsapolicy/file_contexts/program/dhcpc.fc 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/file_contexts/program/dhcpc.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/program/dhcpc.fc 2005-10-12 14:40:15.000000000 -0400
@@ -4,9 +4,11 @@
/etc/dhclient.*conf -- system_u:object_r:dhcp_etc_t
/etc/dhclient-script -- system_u:object_r:dhcp_etc_t
@@ -1948,7 +1965,7 @@
# pump
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/dhcpd.fc policy-1.27.1/file_contexts/program/dhcpd.fc
--- nsapolicy/file_contexts/program/dhcpd.fc 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/file_contexts/program/dhcpd.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/program/dhcpd.fc 2005-10-12 14:40:15.000000000 -0400
@@ -13,6 +13,7 @@
/etc/dhcp -d system_u:object_r:dhcp_etc_t
/etc/dhcp(/.*)? -- system_u:object_r:dhcp_etc_t
@@ -1959,7 +1976,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/ftpd.fc policy-1.27.1/file_contexts/program/ftpd.fc
--- nsapolicy/file_contexts/program/ftpd.fc 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/file_contexts/program/ftpd.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/program/ftpd.fc 2005-10-12 14:40:15.000000000 -0400
@@ -10,7 +10,8 @@
/var/run/proftpd/proftpd\.scoreboard -- system_u:object_r:ftpd_var_run_t
/var/log/muddleftpd\.log.* -- system_u:object_r:xferlog_t
@@ -1973,7 +1990,7 @@
+/srv/([^/]*/)?ftp(/.*)? system_u:object_r:public_content_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/games.fc policy-1.27.1/file_contexts/program/games.fc
--- nsapolicy/file_contexts/program/games.fc 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/file_contexts/program/games.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/program/games.fc 2005-10-12 14:40:15.000000000 -0400
@@ -1,8 +1,10 @@
# games
-/usr/lib(64)?/games/.* -- system_u:object_r:games_exec_t
@@ -1998,7 +2015,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/ipsec.fc policy-1.27.1/file_contexts/program/ipsec.fc
--- nsapolicy/file_contexts/program/ipsec.fc 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/file_contexts/program/ipsec.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/program/ipsec.fc 2005-10-12 14:40:15.000000000 -0400
@@ -21,6 +21,7 @@
/usr/lib(64)?/ipsec/spi -- system_u:object_r:ipsec_exec_t
/usr/local/lib(64)?/ipsec/spi -- system_u:object_r:ipsec_exec_t
@@ -2009,13 +2026,13 @@
/usr/sbin/racoon -- system_u:object_r:ipsec_exec_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/openct.fc policy-1.27.1/file_contexts/program/openct.fc
--- nsapolicy/file_contexts/program/openct.fc 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.27.1/file_contexts/program/openct.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/program/openct.fc 2005-10-12 14:40:15.000000000 -0400
@@ -0,0 +1,2 @@
+/usr/sbin/openct-control -- system_u:object_r:openct_exec_t
+/var/run/openct(/.*)? system_u:object_r:openct_var_run_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/pegasus.fc policy-1.27.1/file_contexts/program/pegasus.fc
--- nsapolicy/file_contexts/program/pegasus.fc 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.27.1/file_contexts/program/pegasus.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/program/pegasus.fc 2005-10-12 14:40:15.000000000 -0400
@@ -0,0 +1,11 @@
+# File Contexts for The Open Group Pegasus (tog-pegasus) cimserver
+/usr/sbin/cimserver -- system_u:object_r:pegasus_exec_t
@@ -2030,7 +2047,7 @@
+/usr/share/Pegasus/mof(/.*)?/.*\.mof system_u:object_r:pegasus_mof_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/pppd.fc policy-1.27.1/file_contexts/program/pppd.fc
--- nsapolicy/file_contexts/program/pppd.fc 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/file_contexts/program/pppd.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/program/pppd.fc 2005-10-12 14:40:15.000000000 -0400
@@ -20,6 +20,6 @@
/etc/ppp/plugins/rp-pppoe\.so -- system_u:object_r:shlib_t
/etc/ppp/resolv\.conf -- system_u:object_r:pppd_etc_rw_t
@@ -2041,18 +2058,18 @@
/etc/ppp/(auth|ip(v6|x)?)-(up|down) -- system_u:object_r:pppd_script_exec_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/readahead.fc policy-1.27.1/file_contexts/program/readahead.fc
--- nsapolicy/file_contexts/program/readahead.fc 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.27.1/file_contexts/program/readahead.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/program/readahead.fc 2005-10-12 14:40:15.000000000 -0400
@@ -0,0 +1 @@
+/usr/sbin/readahead -- system_u:object_r:readahead_exec_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/roundup.fc policy-1.27.1/file_contexts/program/roundup.fc
--- nsapolicy/file_contexts/program/roundup.fc 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.27.1/file_contexts/program/roundup.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/program/roundup.fc 2005-10-12 14:40:15.000000000 -0400
@@ -0,0 +1,2 @@
+/usr/bin/roundup-server -- system_u:object_r:roundup_exec_t
+/var/lib/roundup(/.*)? -- system_u:object_r:roundup_var_lib_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/rpm.fc policy-1.27.1/file_contexts/program/rpm.fc
--- nsapolicy/file_contexts/program/rpm.fc 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/file_contexts/program/rpm.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/program/rpm.fc 2005-10-12 14:40:15.000000000 -0400
@@ -23,3 +23,7 @@
/var/lib/YaST2(/.*)? system_u:object_r:rpm_var_lib_t
/var/log/YaST2(/.*)? system_u:object_r:rpm_log_t
@@ -2063,7 +2080,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/rsync.fc policy-1.27.1/file_contexts/program/rsync.fc
--- nsapolicy/file_contexts/program/rsync.fc 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/file_contexts/program/rsync.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/program/rsync.fc 2005-10-12 14:40:15.000000000 -0400
@@ -1,3 +1,3 @@
# rsync program
/usr/bin/rsync -- system_u:object_r:rsync_exec_t
@@ -2071,7 +2088,7 @@
+/srv/([^/]*/)?rsync(/.*)? system_u:object_r:public_content_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/xdm.fc policy-1.27.1/file_contexts/program/xdm.fc
--- nsapolicy/file_contexts/program/xdm.fc 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/file_contexts/program/xdm.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/program/xdm.fc 2005-10-12 14:40:15.000000000 -0400
@@ -3,7 +3,7 @@
/usr/X11R6/bin/[xgkw]dm -- system_u:object_r:xdm_exec_t
/opt/kde3/bin/kdm -- system_u:object_r:xdm_exec_t
@@ -2083,13 +2100,13 @@
/var/log/[kw]dm\.log -- system_u:object_r:xserver_log_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/yppasswdd.fc policy-1.27.1/file_contexts/program/yppasswdd.fc
--- nsapolicy/file_contexts/program/yppasswdd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.27.1/file_contexts/program/yppasswdd.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/program/yppasswdd.fc 2005-10-12 14:40:15.000000000 -0400
@@ -0,0 +1,2 @@
+# yppasswd
+/usr/sbin/rpc.yppasswdd -- system_u:object_r:yppasswdd_exec_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/program/ypserv.fc policy-1.27.1/file_contexts/program/ypserv.fc
--- nsapolicy/file_contexts/program/ypserv.fc 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/file_contexts/program/ypserv.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/program/ypserv.fc 2005-10-12 14:40:15.000000000 -0400
@@ -1,3 +1,4 @@
# ypserv
/usr/sbin/ypserv -- system_u:object_r:ypserv_exec_t
@@ -2097,7 +2114,7 @@
/etc/ypserv\.conf -- system_u:object_r:ypserv_conf_t
diff --exclude-from=exclude -N -u -r nsapolicy/file_contexts/types.fc policy-1.27.1/file_contexts/types.fc
--- nsapolicy/file_contexts/types.fc 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/file_contexts/types.fc 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/file_contexts/types.fc 2005-10-12 14:40:15.000000000 -0400
@@ -133,6 +133,7 @@
/dev/dcbri[0-9]+ -c system_u:object_r:tty_device_t
/dev/irlpt[0-9]+ -c system_u:object_r:printer_device_t
@@ -2116,7 +2133,7 @@
# initrd mount point, only used during boot
diff --exclude-from=exclude -N -u -r nsapolicy/genfs_contexts policy-1.27.1/genfs_contexts
--- nsapolicy/genfs_contexts 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/genfs_contexts 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/genfs_contexts 2005-10-12 14:40:15.000000000 -0400
@@ -94,7 +94,7 @@
genfscon debugfs / system_u:object_r:debugfs_t
genfscon inotifyfs / system_u:object_r:inotifyfs_t
@@ -2128,7 +2145,7 @@
genfscon eventpollfs / system_u:object_r:eventpollfs_t
diff --exclude-from=exclude -N -u -r nsapolicy/macros/base_user_macros.te policy-1.27.1/macros/base_user_macros.te
--- nsapolicy/macros/base_user_macros.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/macros/base_user_macros.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/macros/base_user_macros.te 2005-10-12 14:40:15.000000000 -0400
@@ -40,6 +40,12 @@
allow $1_t $1_home_t:{ notdevfile_class_set dir } { relabelfrom relabelto };
can_setfscreate($1_t)
@@ -2144,7 +2161,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/macros/core_macros.te policy-1.27.1/macros/core_macros.te
--- nsapolicy/macros/core_macros.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/macros/core_macros.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/macros/core_macros.te 2005-10-12 14:40:15.000000000 -0400
@@ -620,6 +620,9 @@
# Label pty files with a derived type.
type_transition $1_t devpts_t:chr_file $1_devpts_t;
@@ -2157,7 +2174,7 @@
')
diff --exclude-from=exclude -N -u -r nsapolicy/macros/global_macros.te policy-1.27.1/macros/global_macros.te
--- nsapolicy/macros/global_macros.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/macros/global_macros.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/macros/global_macros.te 2005-10-12 14:40:15.000000000 -0400
@@ -157,6 +157,11 @@
r_dir_file($1, locale_t)
')
@@ -2222,7 +2239,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/macros/network_macros.te policy-1.27.1/macros/network_macros.te
--- nsapolicy/macros/network_macros.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/macros/network_macros.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/macros/network_macros.te 2005-10-12 14:40:15.000000000 -0400
@@ -153,7 +153,8 @@
')dnl end can_network definition
@@ -2253,7 +2270,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/apache_macros.te policy-1.27.1/macros/program/apache_macros.te
--- nsapolicy/macros/program/apache_macros.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/macros/program/apache_macros.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/macros/program/apache_macros.te 2005-10-12 14:40:15.000000000 -0400
@@ -38,7 +38,7 @@
allow httpd_$1_script_t etc_runtime_t:file { getattr read };
read_locale(httpd_$1_script_t)
@@ -2296,7 +2313,7 @@
')
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/cdrecord_macros.te policy-1.27.1/macros/program/cdrecord_macros.te
--- nsapolicy/macros/program/cdrecord_macros.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/macros/program/cdrecord_macros.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/macros/program/cdrecord_macros.te 2005-10-12 14:40:15.000000000 -0400
@@ -41,7 +41,7 @@
allow $1_cdrecord_t self:capability { ipc_lock sys_nice setuid dac_override sys_rawio };
@@ -2308,7 +2325,7 @@
allow $1_cdrecord_t $1_home_t:file r_file_perms;
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/i18n_input_macros.te policy-1.27.1/macros/program/i18n_input_macros.te
--- nsapolicy/macros/program/i18n_input_macros.te 1969-12-31 19:00:00.000000000 -0500
-+++ policy-1.27.1/macros/program/i18n_input_macros.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/macros/program/i18n_input_macros.te 2005-10-12 14:40:15.000000000 -0400
@@ -0,0 +1,21 @@
+#
+# Macros for i18n_input
@@ -2333,7 +2350,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/mta_macros.te policy-1.27.1/macros/program/mta_macros.te
--- nsapolicy/macros/program/mta_macros.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/macros/program/mta_macros.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/macros/program/mta_macros.te 2005-10-12 14:40:15.000000000 -0400
@@ -34,7 +34,7 @@
uses_shlib($1_mail_t)
@@ -2354,7 +2371,7 @@
# For when the user wants to send mail via port 25 localhost
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/newrole_macros.te policy-1.27.1/macros/program/newrole_macros.te
--- nsapolicy/macros/program/newrole_macros.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/macros/program/newrole_macros.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/macros/program/newrole_macros.te 2005-10-12 14:40:15.000000000 -0400
@@ -20,6 +20,8 @@
read_locale($1_t)
read_sysctl($1_t)
@@ -2366,7 +2383,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/pyzor_macros.te policy-1.27.1/macros/program/pyzor_macros.te
--- nsapolicy/macros/program/pyzor_macros.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/macros/program/pyzor_macros.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/macros/program/pyzor_macros.te 2005-10-12 14:40:15.000000000 -0400
@@ -64,6 +64,6 @@
# Allow pyzor to be run by hand. Needed by any action other than
@@ -2377,7 +2394,7 @@
')
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/razor_macros.te policy-1.27.1/macros/program/razor_macros.te
--- nsapolicy/macros/program/razor_macros.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/macros/program/razor_macros.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/macros/program/razor_macros.te 2005-10-12 14:40:15.000000000 -0400
@@ -70,6 +70,6 @@
# Allow razor to be run by hand. Needed by any action other than
@@ -2388,7 +2405,7 @@
')
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/su_macros.te policy-1.27.1/macros/program/su_macros.te
--- nsapolicy/macros/program/su_macros.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/macros/program/su_macros.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/macros/program/su_macros.te 2005-10-12 14:40:15.000000000 -0400
@@ -54,7 +54,7 @@
allow $1_su_t self:process { setsched setrlimit };
allow $1_su_t device_t:dir search;
@@ -2409,7 +2426,7 @@
# Caused by su - init scripts
diff --exclude-from=exclude -N -u -r nsapolicy/macros/program/uml_macros.te policy-1.27.1/macros/program/uml_macros.te
--- nsapolicy/macros/program/uml_macros.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/macros/program/uml_macros.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/macros/program/uml_macros.te 2005-10-12 14:40:15.000000000 -0400
@@ -81,7 +81,7 @@
allow uml_net_t $1_uml_t:unix_stream_socket { read write };
allow uml_net_t $1_uml_t:unix_dgram_socket { read write };
@@ -2421,7 +2438,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/macros/user_macros.te policy-1.27.1/macros/user_macros.te
--- nsapolicy/macros/user_macros.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/macros/user_macros.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/macros/user_macros.te 2005-10-12 14:40:15.000000000 -0400
@@ -121,6 +121,7 @@
# user domains.
ifelse($1, sysadm, `',`
@@ -2432,7 +2449,7 @@
ifdef(`lockdev.te', `lockdev_domain($1)')
diff --exclude-from=exclude -N -u -r nsapolicy/Makefile policy-1.27.1/Makefile
--- nsapolicy/Makefile 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/Makefile 2005-10-11 21:10:29.000000000 -0400
++++ policy-1.27.1/Makefile 2005-10-12 14:41:32.000000000 -0400
@@ -29,15 +29,10 @@
VERS := $(shell $(CHECKPOLICY) $(POLICYCOMPAT) -V |cut -f 1 -d ' ')
PREVERS := 19
@@ -2499,7 +2516,7 @@
@mv Makefile.new Makefile
diff --exclude-from=exclude -N -u -r nsapolicy/man/man8/ftpd_selinux.8 policy-1.27.1/man/man8/ftpd_selinux.8
--- nsapolicy/man/man8/ftpd_selinux.8 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/man/man8/ftpd_selinux.8 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/man/man8/ftpd_selinux.8 2005-10-12 14:40:15.000000000 -0400
@@ -8,23 +8,24 @@
.SH FILE_CONTEXTS
SELinux requires files to have an extended attribute to define the file type.
@@ -2536,7 +2553,7 @@
SELinux ftp daemon policy is customizable based on least access required. So by
diff --exclude-from=exclude -N -u -r nsapolicy/man/man8/httpd_selinux.8 policy-1.27.1/man/man8/httpd_selinux.8
--- nsapolicy/man/man8/httpd_selinux.8 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/man/man8/httpd_selinux.8 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/man/man8/httpd_selinux.8 2005-10-12 14:40:15.000000000 -0400
@@ -45,6 +45,15 @@
.SH NOTE
With certain policies you can define addional file contexts based on roles like user or staff. httpd_user_script_exec_t can be defined where it would only have access to "user" contexts.
@@ -2555,7 +2572,7 @@
default SElinux prevents certain http scripts from working. httpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run httpd with the tightest access possible.
diff --exclude-from=exclude -N -u -r nsapolicy/man/man8/rsync_selinux.8 policy-1.27.1/man/man8/rsync_selinux.8
--- nsapolicy/man/man8/rsync_selinux.8 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/man/man8/rsync_selinux.8 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/man/man8/rsync_selinux.8 2005-10-12 14:40:15.000000000 -0400
@@ -8,16 +8,22 @@
.SH FILE_CONTEXTS
SELinux requires files to have an extended attribute to define the file type.
@@ -2584,7 +2601,7 @@
.TP
diff --exclude-from=exclude -N -u -r nsapolicy/man/man8/samba_selinux.8 policy-1.27.1/man/man8/samba_selinux.8
--- nsapolicy/man/man8/samba_selinux.8 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/man/man8/samba_selinux.8 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/man/man8/samba_selinux.8 2005-10-12 14:40:15.000000000 -0400
@@ -20,6 +20,11 @@
.br
/var/eng(/.*)? system_u:object_r:samba_share_t
@@ -2610,7 +2627,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/mcs policy-1.27.1/mcs
--- nsapolicy/mcs 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/mcs 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/mcs 2005-10-12 14:40:15.000000000 -0400
@@ -200,9 +200,23 @@
#
# Only files are constrained by MCS at this stage.
@@ -2638,7 +2655,7 @@
#
diff --exclude-from=exclude -N -u -r nsapolicy/net_contexts policy-1.27.1/net_contexts
--- nsapolicy/net_contexts 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/net_contexts 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/net_contexts 2005-10-12 14:40:15.000000000 -0400
@@ -50,6 +50,10 @@
portcon tcp 53 system_u:object_r:dns_port_t
@@ -2661,7 +2678,7 @@
portcon tcp 6002 system_u:object_r:xserver_port_t
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/appconfig/root_default_contexts policy-1.27.1/targeted/appconfig/root_default_contexts
--- nsapolicy/targeted/appconfig/root_default_contexts 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/targeted/appconfig/root_default_contexts 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/targeted/appconfig/root_default_contexts 2005-10-12 14:40:15.000000000 -0400
@@ -1,2 +1,6 @@
system_r:unconfined_t system_r:unconfined_t
system_r:initrc_t system_r:unconfined_t
@@ -2671,7 +2688,7 @@
+system_r:crond_t system_r:unconfined_t
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/assert.te policy-1.27.1/targeted/assert.te
--- nsapolicy/targeted/assert.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/targeted/assert.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/targeted/assert.te 2005-10-12 14:40:15.000000000 -0400
@@ -22,7 +22,7 @@
# Confined domains must never touch an unconfined domain except to
@@ -2683,7 +2700,7 @@
neverallow { domain -unrestricted -snmpd_t } unconfined_t:dir { getattr search };
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/ssh.te policy-1.27.1/targeted/domains/program/ssh.te
--- nsapolicy/targeted/domains/program/ssh.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/targeted/domains/program/ssh.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/targeted/domains/program/ssh.te 2005-10-12 14:40:15.000000000 -0400
@@ -17,3 +17,6 @@
type sshd_key_t, file_type, sysadmfile;
type sshd_var_run_t, file_type, sysadmfile;
@@ -2693,7 +2710,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/program/xdm.te policy-1.27.1/targeted/domains/program/xdm.te
--- nsapolicy/targeted/domains/program/xdm.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/targeted/domains/program/xdm.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/targeted/domains/program/xdm.te 2005-10-12 14:40:15.000000000 -0400
@@ -20,3 +20,7 @@
type xdm_tmp_t, file_type, sysadmfile;
domain_auto_trans(initrc_t, xdm_exec_t, xdm_t)
@@ -2704,7 +2721,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/targeted/domains/unconfined.te policy-1.27.1/targeted/domains/unconfined.te
--- nsapolicy/targeted/domains/unconfined.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/targeted/domains/unconfined.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/targeted/domains/unconfined.te 2005-10-12 14:40:15.000000000 -0400
@@ -63,6 +63,7 @@
bool use_samba_home_dirs false;
@@ -2733,7 +2750,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/tunables/distro.tun policy-1.27.1/tunables/distro.tun
--- nsapolicy/tunables/distro.tun 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/tunables/distro.tun 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/tunables/distro.tun 2005-10-12 14:40:15.000000000 -0400
@@ -5,7 +5,7 @@
# appropriate ifdefs.
@@ -2745,7 +2762,7 @@
diff --exclude-from=exclude -N -u -r nsapolicy/tunables/tunable.tun policy-1.27.1/tunables/tunable.tun
--- nsapolicy/tunables/tunable.tun 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/tunables/tunable.tun 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/tunables/tunable.tun 2005-10-12 14:40:15.000000000 -0400
@@ -1,5 +1,5 @@
# Allow rpm to run unconfined.
-dnl define(`unlimitedRPM')
@@ -2764,7 +2781,7 @@
# Otherwise, only staff_r can do so.
diff --exclude-from=exclude -N -u -r nsapolicy/types/devpts.te policy-1.27.1/types/devpts.te
--- nsapolicy/types/devpts.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/types/devpts.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/types/devpts.te 2005-10-12 14:40:15.000000000 -0400
@@ -18,4 +18,6 @@
#
type devpts_t, mount_point, fs_type;
@@ -2775,7 +2792,7 @@
+')
diff --exclude-from=exclude -N -u -r nsapolicy/types/file.te policy-1.27.1/types/file.te
--- nsapolicy/types/file.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/types/file.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/types/file.te 2005-10-12 14:40:15.000000000 -0400
@@ -307,8 +307,7 @@
type hugetlbfs_t, mount_point, fs_type, sysadmfile;
allow hugetlbfs_t self:filesystem associate;
@@ -2817,7 +2834,7 @@
+
diff --exclude-from=exclude -N -u -r nsapolicy/types/network.te policy-1.27.1/types/network.te
--- nsapolicy/types/network.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/types/network.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/types/network.te 2005-10-12 14:40:15.000000000 -0400
@@ -18,7 +18,7 @@
type dhcpd_port_t, port_type, reserved_port_type;
type smbd_port_t, port_type, reserved_port_type;
@@ -2863,7 +2880,7 @@
type rsync_port_t, port_type, reserved_port_type;
diff --exclude-from=exclude -N -u -r nsapolicy/types/security.te policy-1.27.1/types/security.te
--- nsapolicy/types/security.te 2005-09-16 11:17:27.000000000 -0400
-+++ policy-1.27.1/types/security.te 2005-10-11 21:10:14.000000000 -0400
++++ policy-1.27.1/types/security.te 2005-10-12 14:40:15.000000000 -0400
@@ -13,12 +13,17 @@
# applied to selinuxfs inodes.
#
Index: selinux-policy-strict.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy-strict/FC-4/selinux-policy-strict.spec,v
retrieving revision 1.322
retrieving revision 1.323
diff -u -r1.322 -r1.323
--- selinux-policy-strict.spec 11 Oct 2005 21:10:38 -0000 1.322
+++ selinux-policy-strict.spec 12 Oct 2005 18:43:32 -0000 1.323
@@ -11,7 +11,7 @@
Summary: SELinux %{type} policy configuration
Name: selinux-policy-%{type}
Version: 1.27.1
-Release: 2.5
+Release: 2.6
License: GPL
Group: System Environment/Base
Source: http://www.nsa.gov/selinux/archives/policy-%{version}.tgz
@@ -229,6 +229,9 @@
exit 0
%changelog
+* Wed Oct 12 2005 Dan Walsh <dwalsh at redhat.com> 1.27.1-2.6
+- Fixes for bluetooth and hal
+
* Tue Oct 11 2005 Dan Walsh <dwalsh at redhat.com> 1.27.1-2.5
- Update Amanda, pegusus, ftpd, apache to match upstream version
- Update Bluetooth, rsync
- Previous message (by thread): rpms/selinux-policy-targeted/FC-4 policy-20050916.patch, 1.7, 1.8 selinux-policy-targeted.spec, 1.341, 1.342 policy-20050525.patch, 1.4, NONE policy-20050811.patch, 1.3, NONE
- Next message (by thread): rpms/gdb/devel gdb-6.3-attach-stop-20051011.patch, NONE, 1.1 gdb.spec, 1.160, 1.161
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list