rpms/selinux-policy/devel policy-20060802.patch, 1.20, 1.21 selinux-policy.spec, 1.259, 1.260
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Aug 25 20:06:10 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv11115
Modified Files:
policy-20060802.patch selinux-policy.spec
Log Message:
* Fri Aug 25 2006 Dan Walsh <dwalsh at redhat.com> 2.3.9-5
- Allow setroubleshoot to getattr on all dirs to gather RPM data
policy-20060802.patch:
policy/modules/admin/amanda.fc | 51 -
policy/modules/admin/anaconda.te | 20
policy/modules/admin/bootloader.te | 4
policy/modules/admin/consoletype.te | 11
policy/modules/admin/firstboot.te | 2
policy/modules/admin/prelink.te | 2
policy/modules/admin/rpm.fc | 2
policy/modules/admin/rpm.if | 13
policy/modules/admin/usermanage.te | 5
policy/modules/apps/java.fc | 9
policy/modules/apps/mozilla.if | 2
policy/modules/apps/wine.te | 2
policy/modules/kernel/corecommands.fc | 1
policy/modules/kernel/corecommands.if | 1
policy/modules/kernel/corenetwork.te.in | 7
policy/modules/kernel/devices.fc | 4
policy/modules/kernel/devices.if | 36 +
policy/modules/kernel/devices.te | 8
policy/modules/kernel/files.if | 18
policy/modules/kernel/filesystem.te | 2
policy/modules/kernel/kernel.if | 75 ++
policy/modules/kernel/terminal.fc | 2
policy/modules/kernel/terminal.if | 19
policy/modules/services/amavis.te | 7
policy/modules/services/apache.te | 2
policy/modules/services/avahi.te | 2
policy/modules/services/bind.te | 1
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.if | 45 +
policy/modules/services/ccs.te | 84 +++
policy/modules/services/cpucontrol.te | 2
policy/modules/services/cron.if | 17
policy/modules/services/cron.te | 7
policy/modules/services/cups.te | 19
policy/modules/services/cyrus.te | 5
policy/modules/services/dbus.if | 6
policy/modules/services/dbus.te | 2
policy/modules/services/dovecot.te | 4
policy/modules/services/inn.te | 1
policy/modules/services/ldap.te | 2
policy/modules/services/mta.fc | 2
policy/modules/services/ntp.te | 6
policy/modules/services/oddjob.fc | 8
policy/modules/services/oddjob.if | 76 ++
policy/modules/services/oddjob.te | 70 ++
policy/modules/services/oddjob_mkhomedir.fc | 6
policy/modules/services/oddjob_mkhomedir.if | 24
policy/modules/services/oddjob_mkhomedir.te | 26
policy/modules/services/openvpn.te | 2
policy/modules/services/pegasus.if | 31 +
policy/modules/services/pegasus.te | 5
policy/modules/services/postfix.te | 7
policy/modules/services/postgresql.te | 1
policy/modules/services/procmail.te | 1
policy/modules/services/pyzor.te | 1
policy/modules/services/radius.te | 2
policy/modules/services/ricci.fc | 20
policy/modules/services/ricci.if | 184 ++++++
policy/modules/services/ricci.te | 373 ++++++++++++++
policy/modules/services/rpc.if | 2
policy/modules/services/rpc.te | 6
policy/modules/services/samba.te | 8
policy/modules/services/setroubleshoot.fc | 9
policy/modules/services/setroubleshoot.if | 3
policy/modules/services/setroubleshoot.te | 112 ++++
policy/modules/services/squid.te | 4
policy/modules/services/ssh.if | 24
policy/modules/services/stunnel.te | 2
policy/modules/services/sysstat.te | 3
policy/modules/services/xserver.if | 69 ++
policy/modules/services/xserver.te | 19
policy/modules/system/authlogin.te | 10
policy/modules/system/fstools.te | 1
policy/modules/system/hostname.te | 10
policy/modules/system/init.if | 7
policy/modules/system/init.te | 2
policy/modules/system/libraries.fc | 7
policy/modules/system/locallogin.te | 4
policy/modules/system/logging.fc | 3
policy/modules/system/logging.if | 21
policy/modules/system/logging.te | 3
policy/modules/system/lvm.fc | 2
policy/modules/system/lvm.te | 6
policy/modules/system/miscfiles.fc | 1
policy/modules/system/miscfiles.if | 18
policy/modules/system/modutils.te | 1
policy/modules/system/mount.te | 9
policy/modules/system/selinuxutil.te | 13
policy/modules/system/udev.fc | 1
policy/modules/system/udev.te | 5
policy/modules/system/unconfined.fc | 1
policy/modules/system/unconfined.if | 2
policy/modules/system/unconfined.te | 5
policy/modules/system/userdomain.if | 246 ++++++---
policy/modules/system/userdomain.te | 48 -
policy/modules/system/xen.if | 38 +
policy/modules/system/xen.te | 26
serefpolicy-2.3.9/policy/mls | 9
serefpolicy-2.3.9/policy/modules/services/spamassassin.te | 4
99 files changed, 1870 insertions(+), 249 deletions(-)
Index: policy-20060802.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060802.patch,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- policy-20060802.patch 25 Aug 2006 17:32:13 -0000 1.20
+++ policy-20060802.patch 25 Aug 2006 20:06:07 -0000 1.21
@@ -22,7 +22,6 @@
mlsconstrain dir { add_name remove_name reparent rmdir }
((( l1 dom l2 ) and ( l1 domby h2 )) or
(( t1 == mlsfilewritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.fc serefpolicy-2.3.9/policy/modules/admin/amanda.fc
--- nsaserefpolicy/policy/modules/admin/amanda.fc 2006-07-14 17:04:46.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/admin/amanda.fc 2006-08-24 08:04:23.000000000 -0400
@@ -9,62 +9,13 @@
@@ -89,7 +88,6 @@
/var/lib/amanda/disklist -- gen_context(system_u:object_r:amanda_data_t,s0)
/var/lib/amanda/gnutar-lists(/.*)? gen_context(system_u:object_r:amanda_gnutarlists_t,s0)
/var/lib/amanda/index gen_context(system_u:object_r:amanda_data_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-2.3.9/policy/modules/admin/anaconda.te
--- nsaserefpolicy/policy/modules/admin/anaconda.te 2006-07-14 17:04:46.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/admin/anaconda.te 2006-08-24 08:04:23.000000000 -0400
@@ -25,8 +25,12 @@
@@ -134,7 +132,6 @@
+dontaudit domain anaconda_t:fifo_file r_file_perms;
+dontaudit domain anaconda_t:unix_stream_socket connectto;
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.3.9/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2006-08-02 10:34:09.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/admin/bootloader.te 2006-08-24 08:04:23.000000000 -0400
@@ -83,8 +83,10 @@
@@ -149,7 +146,6 @@
fs_getattr_xattr_fs(bootloader_t)
fs_getattr_tmpfs(bootloader_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.9/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2006-07-14 17:04:46.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/admin/consoletype.te 2006-08-24 08:04:23.000000000 -0400
@@ -8,7 +8,12 @@
@@ -174,7 +170,6 @@
+optional_policy(`
+ xen_dontaudit_use_fds(consoletype_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-2.3.9/policy/modules/admin/firstboot.te
--- nsaserefpolicy/policy/modules/admin/firstboot.te 2006-08-02 10:34:09.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/admin/firstboot.te 2006-08-24 08:04:23.000000000 -0400
@@ -106,7 +106,7 @@
@@ -186,7 +181,6 @@
')
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.3.9/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2006-08-02 10:34:09.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/admin/prelink.te 2006-08-24 08:04:23.000000000 -0400
@@ -74,6 +74,8 @@
@@ -198,7 +192,6 @@
optional_policy(`
cron_system_entry(prelink_t, prelink_exec_t)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.9/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-07-14 17:04:46.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/admin/rpm.fc 2006-08-24 08:04:23.000000000 -0400
@@ -19,6 +19,8 @@
@@ -210,7 +203,6 @@
')
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.3.9/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2006-08-02 10:34:09.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/admin/rpm.if 2006-08-24 08:04:23.000000000 -0400
@@ -75,12 +75,13 @@
@@ -233,7 +225,6 @@
allow rpm_t $3:chr_file rw_term_perms;
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.3.9/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2006-08-23 12:14:56.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/admin/usermanage.te 2006-08-24 08:04:23.000000000 -0400
@@ -256,7 +256,7 @@
@@ -262,7 +253,6 @@
')
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.3.9/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2006-07-14 17:04:31.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/apps/java.fc 2006-08-24 08:04:23.000000000 -0400
@@ -1,7 +1,7 @@
@@ -285,7 +275,6 @@
+/usr/bin/grmic -- gen_context(system_u:object_r:java_exec_t,s0)
+/usr/bin/grmiregistry -- gen_context(system_u:object_r:java_exec_t,s0)
+/usr/bin/jv-convert -- gen_context(system_u:object_r:java_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-2.3.9/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2006-08-16 08:46:26.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/apps/mozilla.if 2006-08-24 08:04:23.000000000 -0400
@@ -63,6 +63,7 @@
@@ -304,7 +293,6 @@
# Browse the web, connect to printer
sysnet_dns_name_resolve($1_mozilla_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-2.3.9/policy/modules/apps/wine.te
--- nsaserefpolicy/policy/modules/apps/wine.te 2006-07-14 17:04:31.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/apps/wine.te 2006-08-24 08:04:23.000000000 -0400
@@ -18,7 +18,7 @@
@@ -316,7 +304,6 @@
unconfined_domain_noaudit(wine_t)
files_execmod_all_files(wine_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.3.9/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2006-08-20 10:55:49.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/kernel/corecommands.fc 2006-08-24 08:04:23.000000000 -0400
@@ -62,6 +62,7 @@
@@ -327,7 +314,6 @@
ifdef(`distro_debian',`
/etc/mysql/debian-start -- gen_context(system_u:object_r:bin_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.3.9/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2006-08-02 10:34:05.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/kernel/corecommands.if 2006-08-24 08:04:23.000000000 -0400
@@ -950,6 +950,7 @@
@@ -338,7 +324,6 @@
')
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.3.9/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-08-02 10:34:05.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/kernel/corenetwork.te.in 2006-08-24 08:04:23.000000000 -0400
@@ -67,12 +67,14 @@
@@ -381,7 +366,6 @@
network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0)
network_port(spamd, tcp,783,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.3.9/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2006-08-20 10:55:49.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/kernel/devices.fc 2006-08-25 10:04:00.000000000 -0400
@@ -3,7 +3,7 @@
@@ -402,7 +386,6 @@
/dev/par.* -c gen_context(system_u:object_r:printer_device_t,s0)
/dev/patmgr[01] -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/pmu -c gen_context(system_u:object_r:power_device_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.3.9/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2006-08-23 12:14:51.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/kernel/devices.if 2006-08-24 08:04:23.000000000 -0400
@@ -3034,3 +3034,39 @@
@@ -445,7 +428,6 @@
+
+ allow $1 bios_device_t:chr_file write;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-2.3.9/policy/modules/kernel/devices.te
--- nsaserefpolicy/policy/modules/kernel/devices.te 2006-08-23 12:14:51.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/kernel/devices.te 2006-08-24 08:04:23.000000000 -0400
@@ -72,6 +72,12 @@
@@ -470,7 +452,6 @@
type xen_device_t;
dev_node(xen_device_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.3.9/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2006-08-02 10:34:05.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/kernel/files.if 2006-08-24 08:04:23.000000000 -0400
@@ -2934,6 +2934,24 @@
@@ -498,7 +479,6 @@
## Read the tmp directory (/tmp).
## </summary>
## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.3.9/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2006-08-02 10:34:05.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/kernel/filesystem.te 2006-08-24 08:04:23.000000000 -0400
@@ -24,6 +24,7 @@
@@ -517,7 +497,6 @@
########################################
#
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.3.9/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2006-08-16 08:46:26.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/kernel/kernel.if 2006-08-24 08:04:23.000000000 -0400
@@ -1443,6 +1443,42 @@
@@ -606,7 +585,6 @@
+ dontaudit $1 proc_type:file getattr;
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-2.3.9/policy/modules/kernel/terminal.fc
--- nsaserefpolicy/policy/modules/kernel/terminal.fc 2006-08-20 10:55:49.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/kernel/terminal.fc 2006-08-24 16:52:33.000000000 -0400
@@ -34,3 +34,5 @@
@@ -615,7 +593,6 @@
')
+
+/dev/xvc[0-9]* -c gen_context(system_u:object_r:tty_device_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.3.9/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2006-08-23 12:14:51.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/kernel/terminal.if 2006-08-24 08:04:23.000000000 -0400
@@ -329,6 +329,7 @@
@@ -648,7 +625,6 @@
+ allow $1 devpts_t:filesystem getattr;
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-2.3.9/policy/modules/services/amavis.te
--- nsaserefpolicy/policy/modules/services/amavis.te 2006-08-16 08:46:29.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/amavis.te 2006-08-24 08:04:23.000000000 -0400
@@ -62,10 +62,12 @@
@@ -680,7 +656,6 @@
+optional_policy(`
+ postfix_read_config(amavis_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.3.9/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2006-08-23 12:14:54.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/apache.te 2006-08-24 08:04:23.000000000 -0400
@@ -268,10 +268,10 @@
@@ -695,7 +670,6 @@
mta_send_mail(httpd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-2.3.9/policy/modules/services/avahi.te
--- nsaserefpolicy/policy/modules/services/avahi.te 2006-08-02 10:34:07.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/avahi.te 2006-08-24 08:04:23.000000000 -0400
@@ -63,6 +63,7 @@
@@ -714,7 +688,6 @@
userdom_dontaudit_use_unpriv_user_fds(avahi_t)
userdom_dontaudit_search_sysadm_home_dirs(avahi_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-2.3.9/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2006-08-16 08:46:29.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/bind.te 2006-08-24 08:04:23.000000000 -0400
@@ -218,6 +218,7 @@
@@ -725,7 +698,6 @@
allow ndc_t named_t:unix_stream_socket connectto;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-2.3.9/policy/modules/services/ccs.fc
--- nsaserefpolicy/policy/modules/services/ccs.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.3.9/policy/modules/services/ccs.fc 2006-08-24 08:04:23.000000000 -0400
@@ -0,0 +1,8 @@
@@ -737,7 +709,6 @@
+/sbin/ccsd -- gen_context(system_u:object_r:ccs_exec_t,s0)
+/var/run/cluster(/.*)? gen_context(system_u:object_r:ccs_var_run_t,s0)
+/etc/cluster(/.*)? gen_context(system_u:object_r:cluster_conf_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.if serefpolicy-2.3.9/policy/modules/services/ccs.if
--- nsaserefpolicy/policy/modules/services/ccs.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.3.9/policy/modules/services/ccs.if 2006-08-24 08:04:23.000000000 -0400
@@ -0,0 +1,45 @@
@@ -786,7 +757,6 @@
+ allow $1 ccs_var_run_t:sock_file write;
+ allow $1 ccs_t:unix_stream_socket connectto;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.3.9/policy/modules/services/ccs.te
--- nsaserefpolicy/policy/modules/services/ccs.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.3.9/policy/modules/services/ccs.te 2006-08-24 08:04:23.000000000 -0400
@@ -0,0 +1,84 @@
@@ -874,7 +844,6 @@
+
+allow ccs_t cluster_conf_t:dir r_dir_perms;
+allow ccs_t cluster_conf_t:file rw_file_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cpucontrol.te serefpolicy-2.3.9/policy/modules/services/cpucontrol.te
--- nsaserefpolicy/policy/modules/services/cpucontrol.te 2006-07-14 17:04:41.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/cpucontrol.te 2006-08-24 08:04:23.000000000 -0400
@@ -25,7 +25,7 @@
@@ -886,7 +855,6 @@
dontaudit cpucontrol_t self:capability sys_tty_config;
allow cpucontrol_t self:process signal_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.3.9/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2006-08-18 07:32:40.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/cron.if 2006-08-24 08:04:23.000000000 -0400
@@ -181,6 +181,7 @@
@@ -939,7 +907,6 @@
allow $1 system_crond_t:fd use;
allow $1 system_crond_t:fifo_file rw_file_perms;
allow $1 system_crond_t:process sigchld;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.3.9/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2006-08-18 07:32:40.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/cron.te 2006-08-24 08:04:23.000000000 -0400
@@ -146,6 +146,8 @@
@@ -970,7 +937,6 @@
ifdef(`distro_redhat', `
# Run the rpm program in the rpm_t domain. Allow creation of RPM log files
# via redirection of standard out.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.3.9/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2006-08-16 08:46:30.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/cups.te 2006-08-24 08:04:23.000000000 -0400
@@ -74,13 +74,14 @@
@@ -1040,7 +1006,6 @@
fs_getattr_all_fs(hplip_t)
fs_search_auto_mountpoints(hplip_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-2.3.9/policy/modules/services/cyrus.te
--- nsaserefpolicy/policy/modules/services/cyrus.te 2006-08-02 10:34:07.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/cyrus.te 2006-08-24 08:04:23.000000000 -0400
@@ -69,6 +69,7 @@
@@ -1059,7 +1024,6 @@
+optional_policy(`
+ snmp_read_snmp_var_lib_files(cyrus_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.3.9/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2006-07-14 17:04:41.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/dbus.if 2006-08-24 08:04:23.000000000 -0400
@@ -123,6 +123,7 @@
@@ -1082,7 +1046,6 @@
')
#######################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-2.3.9/policy/modules/services/dbus.te
--- nsaserefpolicy/policy/modules/services/dbus.te 2006-08-23 12:14:54.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/dbus.te 2006-08-24 08:04:23.000000000 -0400
@@ -38,6 +38,7 @@
@@ -1101,7 +1064,6 @@
seutil_read_config(system_dbusd_t)
seutil_read_default_contexts(system_dbusd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.3.9/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2006-08-23 12:14:54.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/dovecot.te 2006-08-24 08:04:23.000000000 -0400
@@ -168,7 +168,7 @@
@@ -1122,7 +1084,6 @@
optional_policy(`
kerberos_use(dovecot_auth_t)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-2.3.9/policy/modules/services/inn.te
--- nsaserefpolicy/policy/modules/services/inn.te 2006-07-14 17:04:40.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/inn.te 2006-08-24 08:04:23.000000000 -0400
@@ -36,6 +36,7 @@
@@ -1133,7 +1094,6 @@
allow innd_t innd_etc_t:file r_file_perms;
allow innd_t innd_etc_t:dir r_dir_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-2.3.9/policy/modules/services/ldap.te
--- nsaserefpolicy/policy/modules/services/ldap.te 2006-08-16 08:46:30.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/ldap.te 2006-08-24 08:04:23.000000000 -0400
@@ -72,7 +72,7 @@
@@ -1145,7 +1105,6 @@
kernel_read_system_state(slapd_t)
kernel_read_kernel_sysctls(slapd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-2.3.9/policy/modules/services/mta.fc
--- nsaserefpolicy/policy/modules/services/mta.fc 2006-08-02 10:34:07.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/mta.fc 2006-08-24 08:04:23.000000000 -0400
@@ -2,6 +2,8 @@
@@ -1157,7 +1116,6 @@
ifdef(`distro_redhat',`
/etc/postfix/aliases.* gen_context(system_u:object_r:etc_aliases_t,s0)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.3.9/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2006-08-23 12:14:54.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/ntp.te 2006-08-24 08:04:23.000000000 -0400
@@ -32,7 +32,7 @@
@@ -1180,7 +1138,6 @@
seutil_sigchld_newrole(ntpd_t)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-2.3.9/policy/modules/services/oddjob.fc
--- nsaserefpolicy/policy/modules/services/oddjob.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.3.9/policy/modules/services/oddjob.fc 2006-08-24 08:04:23.000000000 -0400
@@ -0,0 +1,8 @@
@@ -1192,7 +1149,6 @@
+/usr/sbin/oddjobd -- gen_context(system_u:object_r:oddjob_exec_t,s0)
+/var/run/oddjobd.pid gen_context(system_u:object_r:oddjob_var_run_t,s0)
+/usr/lib/oddjobd gen_context(system_u:object_r:oddjob_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-2.3.9/policy/modules/services/oddjob.if
--- nsaserefpolicy/policy/modules/services/oddjob.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.3.9/policy/modules/services/oddjob.if 2006-08-24 08:04:23.000000000 -0400
@@ -0,0 +1,76 @@
@@ -1272,7 +1228,6 @@
+ allow $1 oddjob_t:dbus send_msg;
+ allow oddjob_t $1:dbus send_msg;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.fc serefpolicy-2.3.9/policy/modules/services/oddjob_mkhomedir.fc
--- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.3.9/policy/modules/services/oddjob_mkhomedir.fc 2006-08-24 08:04:23.000000000 -0400
@@ -0,0 +1,6 @@
@@ -1282,7 +1237,6 @@
+# MCS categories: <none>
+
+/usr/lib/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.if serefpolicy-2.3.9/policy/modules/services/oddjob_mkhomedir.if
--- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.3.9/policy/modules/services/oddjob_mkhomedir.if 2006-08-24 08:04:23.000000000 -0400
@@ -0,0 +1,24 @@
@@ -1310,7 +1264,6 @@
+ allow oddjob_mkhomedir_t $1:fifo_file rw_file_perms;
+ allow oddjob_mkhomedir_t $1:process sigchld;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.te serefpolicy-2.3.9/policy/modules/services/oddjob_mkhomedir.te
--- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.3.9/policy/modules/services/oddjob_mkhomedir.te 2006-08-24 08:04:23.000000000 -0400
@@ -0,0 +1,26 @@
@@ -1340,7 +1293,6 @@
+## internal communication is often done using fifo and unix sockets.
+allow oddjob_mkhomedir_t self:fifo_file { read write };
+allow oddjob_mkhomedir_t self:unix_stream_socket create_stream_socket_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-2.3.9/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.3.9/policy/modules/services/oddjob.te 2006-08-24 08:04:23.000000000 -0400
@@ -0,0 +1,70 @@
@@ -1414,7 +1366,6 @@
+
+term_dontaudit_use_generic_ptys(oddjob_t)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-2.3.9/policy/modules/services/openvpn.te
--- nsaserefpolicy/policy/modules/services/openvpn.te 2006-08-02 10:34:07.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/openvpn.te 2006-08-24 08:04:23.000000000 -0400
@@ -33,7 +33,7 @@
@@ -1426,7 +1377,6 @@
allow openvpn_t openvpn_etc_t:dir r_dir_perms;
allow openvpn_t openvpn_etc_t:file r_file_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.3.9/policy/modules/services/pegasus.if
--- nsaserefpolicy/policy/modules/services/pegasus.if 2006-07-14 17:04:41.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/pegasus.if 2006-08-24 08:04:23.000000000 -0400
@@ -1 +1,32 @@
@@ -1462,7 +1412,6 @@
+ allow pegasus_t $1:fifo_file rw_file_perms;
+ allow pegasus_t $1:process sigchld;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.3.9/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2006-08-23 12:14:54.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/pegasus.te 2006-08-24 08:04:23.000000000 -0400
@@ -100,13 +100,12 @@
@@ -1481,7 +1430,6 @@
files_read_var_lib_symlinks(pegasus_t)
hostname_exec(pegasus_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.3.9/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2006-08-16 08:46:30.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/postfix.te 2006-08-24 08:04:23.000000000 -0400
@@ -250,6 +250,7 @@
@@ -1519,7 +1467,6 @@
optional_policy(`
postgrey_stream_connect(postfix_smtpd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-2.3.9/policy/modules/services/postgresql.te
--- nsaserefpolicy/policy/modules/services/postgresql.te 2006-08-16 08:46:30.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/postgresql.te 2006-08-24 08:04:23.000000000 -0400
@@ -134,6 +134,7 @@
@@ -1530,7 +1477,6 @@
userdom_dontaudit_search_sysadm_home_dirs(postgresql_t)
userdom_dontaudit_use_sysadm_ttys(postgresql_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.3.9/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2006-08-23 12:14:54.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/procmail.te 2006-08-24 08:04:23.000000000 -0400
@@ -29,6 +29,7 @@
@@ -1541,7 +1487,6 @@
corenet_tcp_sendrecv_all_if(procmail_t)
corenet_udp_sendrecv_all_if(procmail_t)
corenet_tcp_sendrecv_all_nodes(procmail_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-2.3.9/policy/modules/services/pyzor.te
--- nsaserefpolicy/policy/modules/services/pyzor.te 2006-08-23 12:14:54.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/pyzor.te 2006-08-24 08:04:23.000000000 -0400
@@ -126,3 +126,4 @@
@@ -1549,7 +1494,6 @@
logging_send_syslog_msg(pyzord_t)
')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-2.3.9/policy/modules/services/radius.te
--- nsaserefpolicy/policy/modules/services/radius.te 2006-08-16 08:46:30.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/radius.te 2006-08-24 08:04:23.000000000 -0400
@@ -31,7 +31,7 @@
@@ -1561,7 +1505,6 @@
allow radiusd_t self:fifo_file rw_file_perms;
allow radiusd_t self:unix_stream_socket create_stream_socket_perms;
allow radiusd_t self:tcp_socket create_stream_socket_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-2.3.9/policy/modules/services/ricci.fc
--- nsaserefpolicy/policy/modules/services/ricci.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.3.9/policy/modules/services/ricci.fc 2006-08-24 08:04:23.000000000 -0400
@@ -0,0 +1,20 @@
@@ -1585,7 +1528,6 @@
+/usr/sbin/ricci-modservice -- gen_context(system_u:object_r:ricci_modservice_exec_t,s0)
+/usr/sbin/ricci-modstorage -- gen_context(system_u:object_r:ricci_modstorage_exec_t,s0)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-2.3.9/policy/modules/services/ricci.if
--- nsaserefpolicy/policy/modules/services/ricci.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.3.9/policy/modules/services/ricci.if 2006-08-24 08:04:23.000000000 -0400
@@ -0,0 +1,184 @@
@@ -1773,7 +1715,6 @@
+ allow $1 ricci_modcluster_var_run_t:sock_file write;
+ allow $1 ricci_modclusterd_t:unix_stream_socket connectto;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.3.9/policy/modules/services/ricci.te
--- nsaserefpolicy/policy/modules/services/ricci.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.3.9/policy/modules/services/ricci.te 2006-08-24 08:04:23.000000000 -0400
@@ -0,0 +1,373 @@
@@ -2150,7 +2091,6 @@
+')
+
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-2.3.9/policy/modules/services/rpc.if
--- nsaserefpolicy/policy/modules/services/rpc.if 2006-08-16 08:46:30.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/rpc.if 2006-08-24 08:04:23.000000000 -0400
@@ -51,6 +51,8 @@
@@ -2162,7 +2102,6 @@
corenet_non_ipsec_sendrecv($1_t)
corenet_tcp_sendrecv_all_if($1_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.3.9/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2006-08-23 12:14:54.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/rpc.te 2006-08-24 08:04:23.000000000 -0400
@@ -39,6 +39,7 @@
@@ -2192,7 +2131,6 @@
fs_list_rpc(gssd_t)
fs_read_rpc_sockets(gssd_t)
fs_read_rpc_files(gssd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.3.9/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2006-08-23 12:14:54.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/samba.te 2006-08-24 08:04:23.000000000 -0400
@@ -171,7 +171,7 @@
@@ -2231,7 +2169,6 @@
allow winbind_t samba_log_t:file create_file_perms;
allow winbind_t samba_log_t:lnk_file create_lnk_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-2.3.9/policy/modules/services/setroubleshoot.fc
--- nsaserefpolicy/policy/modules/services/setroubleshoot.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.3.9/policy/modules/services/setroubleshoot.fc 2006-08-24 08:04:23.000000000 -0400
@@ -0,0 +1,9 @@
@@ -2244,17 +2181,15 @@
+/var/log/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_log_t,s0)
+
+/var/lib/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-2.3.9/policy/modules/services/setroubleshoot.if
--- nsaserefpolicy/policy/modules/services/setroubleshoot.if 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.3.9/policy/modules/services/setroubleshoot.if 2006-08-24 08:04:23.000000000 -0400
@@ -0,0 +1,3 @@
+## <summary>policy for setroubleshoot</summary>
+
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.3.9/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.3.9/policy/modules/services/setroubleshoot.te 2006-08-24 15:59:58.000000000 -0400
-@@ -0,0 +1,111 @@
+@@ -0,0 +1,112 @@
+policy_module(setroubleshoot,1.0.0)
+
+########################################
@@ -2366,6 +2301,7 @@
+
+files_dontaudit_search_tmp(setroubleshootd_t)
+files_dontaudit_search_src(setroubleshootd_t)
++files_getattr_all_dirs(setroubleshootd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.3.9/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2006-08-16 08:46:30.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/spamassassin.te 2006-08-24 08:04:23.000000000 -0400
@@ -2377,7 +2313,6 @@
+optional_policy(`
+ postfix_read_config(spamd_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-2.3.9/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2006-08-16 08:46:30.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/squid.te 2006-08-24 08:04:23.000000000 -0400
@@ -28,9 +28,9 @@
@@ -2392,7 +2327,6 @@
allow squid_t self:fifo_file rw_file_perms;
allow squid_t self:sock_file r_file_perms;
allow squid_t self:fd use;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-2.3.9/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2006-08-16 08:46:30.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/ssh.if 2006-08-24 08:04:23.000000000 -0400
@@ -711,3 +711,27 @@
@@ -2423,7 +2357,6 @@
+ allow ssh_keygen_t $1:fifo_file rw_file_perms;
+ allow ssh_keygen_t $1:process sigchld;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-2.3.9/policy/modules/services/stunnel.te
--- nsaserefpolicy/policy/modules/services/stunnel.te 2006-08-02 10:34:07.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/stunnel.te 2006-08-24 08:04:23.000000000 -0400
@@ -38,6 +38,7 @@
@@ -2442,7 +2375,6 @@
fs_getattr_all_fs(stunnel_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-2.3.9/policy/modules/services/sysstat.te
--- nsaserefpolicy/policy/modules/services/sysstat.te 2006-07-14 17:04:41.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/sysstat.te 2006-08-24 08:04:23.000000000 -0400
@@ -36,6 +36,8 @@
@@ -2462,7 +2394,6 @@
init_use_fds(sysstat_t)
init_use_script_ptys(sysstat_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.3.9/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2006-08-16 08:46:30.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/xserver.if 2006-08-24 08:04:23.000000000 -0400
@@ -45,7 +45,6 @@
@@ -2569,7 +2500,6 @@
+ allow $1 ice_tmp_t:dir ra_dir_perms;
+ allow $1 ice_tmp_t:sock_file create_file_perms;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.3.9/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2006-08-16 08:46:30.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/services/xserver.te 2006-08-24 08:04:23.000000000 -0400
@@ -81,15 +81,19 @@
@@ -2647,7 +2577,6 @@
unconfined_domain_noaudit(xdm_xserver_t)
unconfined_domtrans(xdm_xserver_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.3.9/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2006-08-23 12:14:55.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/authlogin.te 2006-08-24 08:04:23.000000000 -0400
@@ -215,12 +215,19 @@
@@ -2679,7 +2608,6 @@
userdom_dontaudit_use_unpriv_users_ttys(system_chkpwd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.3.9/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2006-08-02 10:34:08.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/fstools.te 2006-08-24 08:04:23.000000000 -0400
@@ -111,6 +111,7 @@
@@ -2690,7 +2618,6 @@
domain_use_interactive_fds(fsadm_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.3.9/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2006-07-14 17:04:44.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/hostname.te 2006-08-24 08:04:23.000000000 -0400
@@ -8,7 +8,10 @@
@@ -2715,7 +2642,6 @@
+ xen_dontaudit_use_fds(hostname_t)
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.3.9/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2006-08-16 08:46:31.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/init.if 2006-08-24 08:04:23.000000000 -0400
@@ -158,13 +158,6 @@
@@ -2732,7 +2658,6 @@
')
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.3.9/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2006-08-23 12:14:55.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/init.te 2006-08-24 08:04:23.000000000 -0400
@@ -361,6 +361,8 @@
@@ -2744,7 +2669,6 @@
# slapd needs to read cert files from its initscript
miscfiles_read_certs(initrc_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.3.9/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-08-20 10:55:49.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/libraries.fc 2006-08-24 08:04:23.000000000 -0400
@@ -109,6 +109,8 @@
@@ -2775,7 +2699,6 @@
/usr/lib(64)?/libxvidcore\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/xine/plugins/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/libgsm\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.3.9/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2006-08-02 10:34:08.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/locallogin.te 2006-08-24 08:04:23.000000000 -0400
@@ -47,7 +47,7 @@
@@ -2796,7 +2719,6 @@
dev_setattr_mouse_dev(local_login_t)
dev_getattr_mouse_dev(local_login_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-2.3.9/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2006-08-02 10:34:08.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/logging.fc 2006-08-24 08:04:23.000000000 -0400
@@ -38,3 +38,6 @@
@@ -2806,7 +2728,6 @@
+
+/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,s0)
+/var/run/auditd_sock -s gen_context(system_u:object_r:auditd_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-2.3.9/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2006-08-02 10:34:08.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/logging.if 2006-08-24 08:04:23.000000000 -0400
@@ -553,3 +553,24 @@
@@ -2834,7 +2755,6 @@
+ allow $1 auditd_var_run_t:sock_file rw_file_perms;
+ allow $1 auditd_t:unix_stream_socket connectto;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.3.9/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2006-08-20 10:55:49.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/logging.te 2006-08-24 08:04:23.000000000 -0400
@@ -120,9 +120,10 @@
@@ -2849,7 +2769,6 @@
kernel_read_kernel_sysctls(auditd_t)
# Needs to be able to run dispatcher. see /etc/audit/auditd.conf
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-2.3.9/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2006-07-14 17:04:44.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/lvm.fc 2006-08-24 08:04:23.000000000 -0400
@@ -14,7 +14,6 @@
@@ -2865,7 +2784,6 @@
/var/cache/multipathd(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
+/var/run/multipathd.sock -s gen_context(system_u:object_r:lvm_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.3.9/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2006-08-02 10:34:08.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/lvm.te 2006-08-24 08:04:23.000000000 -0400
@@ -125,7 +125,7 @@
@@ -2895,7 +2813,6 @@
allow lvm_t lvm_etc_t:file r_file_perms;
allow lvm_t lvm_etc_t:lnk_file r_file_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-2.3.9/policy/modules/system/miscfiles.fc
--- nsaserefpolicy/policy/modules/system/miscfiles.fc 2006-07-14 17:04:43.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/miscfiles.fc 2006-08-24 08:04:23.000000000 -0400
@@ -9,6 +9,7 @@
@@ -2906,7 +2823,6 @@
/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
#
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-2.3.9/policy/modules/system/miscfiles.if
--- nsaserefpolicy/policy/modules/system/miscfiles.if 2006-07-14 17:04:44.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/miscfiles.if 2006-08-24 08:04:23.000000000 -0400
@@ -116,6 +116,24 @@
@@ -2934,7 +2850,6 @@
## Allow process to read legacy time localization info
## </summary>
## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-2.3.9/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2006-08-23 12:14:55.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/modutils.te 2006-08-24 08:04:23.000000000 -0400
@@ -183,6 +183,7 @@
@@ -2945,7 +2860,6 @@
corecmd_search_bin(depmod_t)
corecmd_search_sbin(depmod_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.3.9/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2006-08-16 08:46:31.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/mount.te 2006-08-24 08:04:23.000000000 -0400
@@ -80,6 +80,7 @@
@@ -2982,7 +2896,6 @@
')
+
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.3.9/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-08-23 12:14:55.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/selinuxutil.te 2006-08-24 08:04:23.000000000 -0400
@@ -355,6 +355,8 @@
@@ -3026,7 +2939,6 @@
')
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-2.3.9/policy/modules/system/udev.fc
--- nsaserefpolicy/policy/modules/system/udev.fc 2006-07-14 17:04:44.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/udev.fc 2006-08-24 08:04:23.000000000 -0400
@@ -1,5 +1,6 @@
@@ -3036,7 +2948,6 @@
/dev/\.udevdb -- gen_context(system_u:object_r:udev_tbl_t,s0)
/dev/udev\.tbl -- gen_context(system_u:object_r:udev_tbl_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.3.9/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2006-08-23 12:14:55.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/udev.te 2006-08-24 08:04:23.000000000 -0400
@@ -131,6 +131,7 @@
@@ -3057,7 +2968,6 @@
+optional_policy(`
xserver_read_xdm_pid(udev_t)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-2.3.9/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2006-08-02 10:34:08.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/unconfined.fc 2006-08-25 13:25:45.000000000 -0400
@@ -10,4 +10,5 @@
@@ -3066,7 +2976,6 @@
/usr/bin/xine -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+/usr/lib/ia32el/ia32x_loader -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.3.9/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-08-02 10:34:09.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/unconfined.if 2006-08-24 08:04:23.000000000 -0400
@@ -20,6 +20,7 @@
@@ -3085,7 +2994,6 @@
files_unconfined($1)
fs_unconfined($1)
selinux_unconfined($1)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.3.9/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-08-02 10:34:09.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/unconfined.te 2006-08-24 08:04:23.000000000 -0400
@@ -195,4 +195,9 @@
@@ -3098,7 +3006,6 @@
+ unconfined_dbus_chat(unconfined_execmem_t)
+ ')
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.3.9/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-08-16 08:46:31.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/userdomain.if 2006-08-24 08:04:23.000000000 -0400
@@ -8,11 +8,10 @@
@@ -3573,7 +3480,6 @@
+ dontaudit $1_t { $2_devpts_t $2_tty_device_t }:chr_file ioctl;
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.3.9/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-08-16 08:46:31.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/userdomain.te 2006-08-24 08:04:23.000000000 -0400
@@ -56,14 +56,6 @@
@@ -3675,7 +3581,6 @@
', `
selinux_set_enforce_mode(sysadm_t)
selinux_set_boolean(sysadm_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.3.9/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2006-07-14 17:04:43.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/xen.if 2006-08-24 08:04:23.000000000 -0400
@@ -127,3 +127,41 @@
@@ -3720,7 +3625,6 @@
+
+ dontaudit $1 xend_t:fd use;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.3.9/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2006-08-02 10:34:08.000000000 -0400
+++ serefpolicy-2.3.9/policy/modules/system/xen.te 2006-08-24 08:04:23.000000000 -0400
@@ -69,7 +69,10 @@
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.259
retrieving revision 1.260
diff -u -r1.259 -r1.260
--- selinux-policy.spec 25 Aug 2006 17:32:13 -0000 1.259
+++ selinux-policy.spec 25 Aug 2006 20:06:07 -0000 1.260
@@ -16,7 +16,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.3.9
-Release: 4
+Release: 5
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -347,6 +347,9 @@
%endif
%changelog
+* Fri Aug 25 2006 Dan Walsh <dwalsh at redhat.com> 2.3.9-5
+- Allow setroubleshoot to getattr on all dirs to gather RPM data
+
* Thu Aug 24 2006 Dan Walsh <dwalsh at redhat.com> 2.3.9-4
- Set /usr/lib/ia32el/ia32x_loader to unconfined_execmem_exec_t for ia32 platform
- Fix spec for /dev/adsp
More information about the fedora-cvs-commits
mailing list