rpms/selinux-policy/devel policy-20060411.patch,1.4,1.5

[fedora-cvs-commits at redhat.com]

Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv29364

Modified Files:
	policy-20060411.patch 
Log Message:
* Fri Apr 14 2006 Dan Walsh <dwalsh at redhat.com> 2.2.32-1
- Update to latest from upstream


policy-20060411.patch:
 Rules.modular                           |    2 -
 policy/mcs                              |    6 ++-
 policy/modules/admin/amanda.te          |    9 ++++
 policy/modules/admin/bootloader.te      |    1 
 policy/modules/admin/rpm.fc             |    1 
 policy/modules/admin/su.fc              |    2 -
 policy/modules/admin/usermanage.te      |    1 
 policy/modules/apps/java.fc             |    9 +---
 policy/modules/apps/java.te             |    1 
 policy/modules/apps/mono.te             |    6 +++
 policy/modules/kernel/corecommands.fc   |   20 ++++++----
 policy/modules/kernel/devices.fc        |    3 +
 policy/modules/kernel/devices.if        |   24 +++++++++++-
 policy/modules/kernel/files.fc          |   37 ++++++++++++-------
 policy/modules/kernel/files.if          |   27 ++++++++++++++
 policy/modules/kernel/kernel.if         |    3 +
 policy/modules/kernel/mcs.te            |    4 ++
 policy/modules/kernel/mls.te            |    1 
 policy/modules/services/avahi.te        |    1 
 policy/modules/services/bind.fc         |    1 
 policy/modules/services/ftp.te          |    1 
 policy/modules/services/hal.te          |    1 
 policy/modules/services/kerberos.fc     |    4 +-
 policy/modules/services/mailman.if      |   38 ++++++++++++++++++++
 policy/modules/services/postfix.te      |    5 ++
 policy/modules/services/postgresql.if   |    4 +-
 policy/modules/services/rpc.te          |    4 +-
 policy/modules/services/samba.if        |    1 
 policy/modules/services/samba.te        |   12 +++++-
 policy/modules/services/spamassassin.fc |    2 -
 policy/modules/services/tftp.fc         |    3 +
 policy/modules/services/xserver.if      |   21 +++++++++++
 policy/modules/system/authlogin.fc      |    3 +
 policy/modules/system/authlogin.te      |    4 ++
 policy/modules/system/daemontools.fc    |    3 +
 policy/modules/system/fstools.te        |    1 
 policy/modules/system/init.te           |    1 
 policy/modules/system/libraries.fc      |   60 +++++++++++++++++++-------------
 policy/modules/system/miscfiles.fc      |    2 -
 policy/modules/system/modutils.fc       |    6 ++-
 policy/modules/system/selinuxutil.if    |    4 +-
 policy/modules/system/unconfined.te     |    3 +
 policy/modules/system/userdomain.if     |   28 ++++++++++----
 policy/modules/system/xen.te            |    5 ++
 44 files changed, 293 insertions(+), 82 deletions(-)

Index: policy-20060411.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060411.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- policy-20060411.patch	14 Apr 2006 19:50:03 -0000	1.4
+++ policy-20060411.patch	14 Apr 2006 20:35:12 -0000	1.5
@@ -23,7 +23,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.2.32/policy/modules/admin/amanda.te
 --- nsaserefpolicy/policy/modules/admin/amanda.te	2006-03-24 11:15:40.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/admin/amanda.te	2006-04-14 12:06:19.000000000 -0400
++++ serefpolicy-2.2.32/policy/modules/admin/amanda.te	2006-04-14 14:29:14.000000000 -0400
 @@ -9,6 +9,7 @@
  type amanda_t;
  type amanda_inetd_exec_t;
@@ -32,7 +32,18 @@
  role system_r types amanda_t;
  
  type amanda_exec_t;
-@@ -183,13 +184,15 @@
+@@ -141,6 +142,10 @@
+ corenet_non_ipsec_sendrecv(amanda_t)
+ corenet_tcp_bind_all_nodes(amanda_t)
+ corenet_udp_bind_all_nodes(amanda_t)
++corenet_tcp_bind_reserved_port(amanda_t)
++corenet_udp_bind_reserved_port(amanda_t)
++corenet_dontaudit_tcp_bind_all_reserved_ports(amanda_t)
++corenet_dontaudit_udp_bind_all_reserved_ports(amanda_t)
+ 
+ dev_getattr_all_blk_files(amanda_t)
+ dev_getattr_all_chr_files(amanda_t)
+@@ -183,13 +188,15 @@
  
  optional_policy(`
  	nscd_socket_use(amanda_t)
@@ -550,8 +561,24 @@
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.2.32/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2006-04-04 18:06:38.000000000 -0400
-+++ serefpolicy-2.2.32/policy/modules/services/postfix.te	2006-04-14 12:06:19.000000000 -0400
-@@ -408,6 +408,9 @@
++++ serefpolicy-2.2.32/policy/modules/services/postfix.te	2006-04-14 14:54:13.000000000 -0400
+@@ -305,6 +305,7 @@
+ 
+ kernel_read_kernel_sysctls(postfix_map_t)
+ kernel_dontaudit_list_proc(postfix_map_t)
++kernel_dontaudit_read_system_state(postfix_map_t)
+ 
+ corenet_tcp_sendrecv_all_if(postfix_map_t)
+ corenet_udp_sendrecv_all_if(postfix_map_t)
+@@ -350,6 +351,7 @@
+ ifdef(`targeted_policy',`
+ 	# FIXME: would be better to use a run interface
+ 	role system_r types postfix_map_t;
++	term_dontaudit_use_generic_ptys(postfix_map_t)
+ ')
+ 
+ tunable_policy(`read_default_t',`
+@@ -408,6 +410,9 @@
  
  optional_policy(`
  	mailman_domtrans_queue(postfix_pipe_t)
@@ -563,8 +590,15 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-2.2.32/policy/modules/services/postgresql.if
 --- nsaserefpolicy/policy/modules/services/postgresql.if	2006-02-10 17:05:19.000000000 -0500
-+++ serefpolicy-2.2.32/policy/modules/services/postgresql.if	2006-04-14 12:06:19.000000000 -0400
-@@ -119,4 +119,6 @@
++++ serefpolicy-2.2.32/policy/modules/services/postgresql.if	2006-04-14 16:09:39.000000000 -0400
+@@ -113,10 +113,12 @@
+ #
+ interface(`postgresql_stream_connect',`
+ 	gen_require(`
+-		type postgresql_t, postgresql_var_run_t;
++		type postgresql_t, postgresql_var_run_t, postgresql_tmp_t;
+ 	')
+ 
  	files_search_pids($1)
  	allow $1 postgresql_t:unix_stream_socket connectto;
  	allow $1 postgresql_var_run_t:sock_file write;