rpms/selinux-policy/devel policy-20061106.patch, 1.29, 1.30 selinux-policy.spec, 1.356, 1.357
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Dec 1 17:58:02 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv27750
Modified Files:
policy-20061106.patch selinux-policy.spec
Log Message:
* Fri Dec 1 2006 Dan Walsh <dwalsh at redhat.com> 2.4.6-4
- ncsd needs to use avahi sockets
Resolves: #217640
Resolves: #218014
policy-20061106.patch:
Rules.modular | 10
policy/flask/access_vectors | 2
policy/global_tunables | 38 +++
policy/modules/admin/acct.te | 1
policy/modules/admin/amanda.if | 17 +
policy/modules/admin/amanda.te | 1
policy/modules/admin/bootloader.te | 4
policy/modules/admin/consoletype.te | 10
policy/modules/admin/dmesg.te | 1
policy/modules/admin/firstboot.if | 6
policy/modules/admin/logwatch.te | 1
policy/modules/admin/netutils.te | 2
policy/modules/admin/prelink.te | 9
policy/modules/admin/quota.fc | 9
policy/modules/admin/quota.te | 18 +
policy/modules/admin/rpm.fc | 3
policy/modules/admin/rpm.if | 24 ++
policy/modules/admin/rpm.te | 41 +--
policy/modules/admin/usermanage.te | 3
policy/modules/apps/java.fc | 2
policy/modules/apps/loadkeys.if | 17 -
policy/modules/apps/slocate.te | 2
policy/modules/kernel/corecommands.fc | 2
policy/modules/kernel/corecommands.if | 17 +
policy/modules/kernel/corenetwork.if.in | 30 ++
policy/modules/kernel/corenetwork.te.in | 15 +
policy/modules/kernel/corenetwork.te.m4 | 4
policy/modules/kernel/devices.fc | 5
policy/modules/kernel/devices.te | 6
policy/modules/kernel/domain.te | 7
policy/modules/kernel/files.if | 108 +++++++++-
policy/modules/kernel/filesystem.te | 6
policy/modules/kernel/terminal.fc | 1
policy/modules/kernel/terminal.if | 2
policy/modules/kernel/terminal.te | 1
policy/modules/services/apache.fc | 10
policy/modules/services/apache.te | 16 +
policy/modules/services/automount.te | 1
policy/modules/services/avahi.if | 21 ++
policy/modules/services/bind.fc | 1
policy/modules/services/clamav.te | 2
policy/modules/services/cron.if | 26 --
policy/modules/services/cron.te | 7
policy/modules/services/cups.fc | 2
policy/modules/services/cups.te | 7
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.fc | 1
policy/modules/services/dbus.if | 1
policy/modules/services/ftp.te | 2
policy/modules/services/hal.fc | 4
policy/modules/services/hal.if | 20 +
policy/modules/services/hal.te | 8
policy/modules/services/kerberos.if | 1
policy/modules/services/kerberos.te | 11 -
policy/modules/services/lpd.if | 52 ++--
policy/modules/services/mta.if | 1
policy/modules/services/mta.te | 1
policy/modules/services/nis.fc | 1
policy/modules/services/nis.if | 5
policy/modules/services/nis.te | 10
policy/modules/services/nscd.if | 20 +
policy/modules/services/nscd.te | 15 -
policy/modules/services/oddjob.te | 3
policy/modules/services/pcscd.fc | 9
policy/modules/services/pcscd.if | 23 ++
policy/modules/services/pcscd.te | 58 +++++
policy/modules/services/pegasus.if | 31 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/postfix.te | 13 +
policy/modules/services/procmail.te | 16 +
policy/modules/services/rlogin.te | 10
policy/modules/services/rpc.te | 1
policy/modules/services/rsync.te | 1
policy/modules/services/samba.if | 2
policy/modules/services/samba.te | 8
policy/modules/services/sasl.te | 2
policy/modules/services/snmp.te | 4
policy/modules/services/spamassassin.te | 5
policy/modules/services/ssh.te | 3
policy/modules/services/telnet.te | 1
policy/modules/services/tftp.te | 2
policy/modules/services/uucp.fc | 1
policy/modules/services/uucp.if | 67 ++++++
policy/modules/services/uucp.te | 44 +++-
policy/modules/services/xserver.if | 40 +++
policy/modules/system/authlogin.if | 14 +
policy/modules/system/authlogin.te | 5
policy/modules/system/clock.te | 5
policy/modules/system/fstools.fc | 1
policy/modules/system/fstools.te | 2
policy/modules/system/getty.te | 3
policy/modules/system/hostname.te | 10
policy/modules/system/init.te | 17 +
policy/modules/system/iptables.te | 6
policy/modules/system/libraries.fc | 26 +-
policy/modules/system/libraries.te | 6
policy/modules/system/locallogin.if | 37 +++
policy/modules/system/logging.te | 1
policy/modules/system/lvm.fc | 1
policy/modules/system/lvm.te | 48 ++++
policy/modules/system/miscfiles.fc | 1
policy/modules/system/modutils.te | 5
policy/modules/system/mount.te | 20 -
policy/modules/system/raid.te | 7
policy/modules/system/selinuxutil.fc | 1
policy/modules/system/selinuxutil.if | 109 ++++++++++
policy/modules/system/selinuxutil.te | 105 ++--------
policy/modules/system/sysnetwork.te | 3
policy/modules/system/unconfined.fc | 4
policy/modules/system/unconfined.if | 19 +
policy/modules/system/unconfined.te | 15 +
policy/modules/system/userdomain.if | 336 +++++++++++++++++++++++++++-----
policy/modules/system/userdomain.te | 10
policy/modules/system/xen.fc | 1
policy/modules/system/xen.te | 35 +++
115 files changed, 1537 insertions(+), 337 deletions(-)
Index: policy-20061106.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20061106.patch,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- policy-20061106.patch 30 Nov 2006 22:06:22 -0000 1.29
+++ policy-20061106.patch 1 Dec 2006 17:58:00 -0000 1.30
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.4.6/policy/flask/access_vectors
--- nsaserefpolicy/policy/flask/access_vectors 2006-11-16 17:15:00.000000000 -0500
-+++ serefpolicy-2.4.6/policy/flask/access_vectors 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/flask/access_vectors 2006-11-30 17:03:20.000000000 -0500
@@ -619,6 +619,8 @@
send
recv
@@ -12,7 +12,7 @@
class key
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.4.6/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/global_tunables 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/global_tunables 2006-11-30 17:03:20.000000000 -0500
@@ -574,6 +574,13 @@
gen_tunable(xdm_sysadm_login,false)
')
@@ -75,7 +75,7 @@
+gen_tunable(use_lpd_server,false)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.4.6/policy/modules/admin/acct.te
--- nsaserefpolicy/policy/modules/admin/acct.te 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/acct.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/acct.te 2006-11-30 17:03:20.000000000 -0500
@@ -9,6 +9,7 @@
type acct_t;
type acct_exec_t;
@@ -86,7 +86,7 @@
logging_log_file(acct_data_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.if serefpolicy-2.4.6/policy/modules/admin/amanda.if
--- nsaserefpolicy/policy/modules/admin/amanda.if 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/amanda.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/amanda.if 2006-11-30 17:03:20.000000000 -0500
@@ -127,4 +127,21 @@
allow $1 amanda_log_t:file ra_file_perms;
')
@@ -111,7 +111,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.4.6/policy/modules/admin/amanda.te
--- nsaserefpolicy/policy/modules/admin/amanda.te 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/amanda.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/amanda.te 2006-11-30 17:03:20.000000000 -0500
@@ -75,6 +75,7 @@
allow amanda_t self:unix_dgram_socket create_socket_perms;
allow amanda_t self:tcp_socket create_stream_socket_perms;
@@ -122,7 +122,7 @@
allow amanda_t amanda_amandates_t:file { getattr lock read write };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.4.6/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/bootloader.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/bootloader.te 2006-11-30 17:03:20.000000000 -0500
@@ -218,3 +218,7 @@
userdom_dontaudit_search_staff_home_dirs(bootloader_t)
userdom_dontaudit_search_sysadm_home_dirs(bootloader_t)
@@ -133,7 +133,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.4.6/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/consoletype.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/consoletype.te 2006-11-30 17:03:20.000000000 -0500
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -167,7 +167,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.4.6/policy/modules/admin/dmesg.te
--- nsaserefpolicy/policy/modules/admin/dmesg.te 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/dmesg.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/dmesg.te 2006-11-30 17:03:20.000000000 -0500
@@ -10,6 +10,7 @@
type dmesg_t;
type dmesg_exec_t;
@@ -178,7 +178,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.if serefpolicy-2.4.6/policy/modules/admin/firstboot.if
--- nsaserefpolicy/policy/modules/admin/firstboot.if 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/firstboot.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/firstboot.if 2006-11-30 17:03:20.000000000 -0500
@@ -96,7 +96,7 @@
########################################
@@ -203,7 +203,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.4.6/policy/modules/admin/logwatch.te
--- nsaserefpolicy/policy/modules/admin/logwatch.te 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/logwatch.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/logwatch.te 2006-11-30 17:03:20.000000000 -0500
@@ -53,6 +53,7 @@
corecmd_exec_ls(logwatch_t)
@@ -214,7 +214,7 @@
domain_read_all_domains_state(logwatch_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.4.6/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/netutils.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/netutils.te 2006-11-30 17:03:20.000000000 -0500
@@ -18,10 +18,12 @@
type ping_exec_t;
init_system_domain(ping_t,ping_exec_t)
@@ -230,7 +230,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.4.6/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/prelink.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/prelink.te 2006-11-30 17:03:20.000000000 -0500
@@ -57,6 +57,7 @@
files_write_non_security_dirs(prelink_t)
files_read_etc_files(prelink_t)
@@ -259,7 +259,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/quota.fc serefpolicy-2.4.6/policy/modules/admin/quota.fc
--- nsaserefpolicy/policy/modules/admin/quota.fc 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/quota.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/quota.fc 2006-11-30 17:03:20.000000000 -0500
@@ -7,8 +7,15 @@
/sbin/convertquota -- gen_context(system_u:object_r:quota_exec_t,s0)
')
@@ -279,7 +279,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/quota.te serefpolicy-2.4.6/policy/modules/admin/quota.te
--- nsaserefpolicy/policy/modules/admin/quota.te 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/quota.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/quota.te 2006-11-30 17:03:20.000000000 -0500
@@ -27,9 +27,12 @@
kernel_read_proc_symlinks(quota_t)
kernel_read_kernel_sysctls(quota_t)
@@ -315,7 +315,7 @@
-') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.4.6/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/rpm.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/rpm.fc 2006-11-30 17:03:20.000000000 -0500
@@ -21,6 +21,9 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -328,7 +328,7 @@
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.4.6/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/rpm.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/rpm.if 2006-11-30 17:03:20.000000000 -0500
@@ -278,3 +278,27 @@
dontaudit $1 rpm_var_lib_t:file create_file_perms;
dontaudit $1 rpm_var_lib_t:lnk_file create_lnk_perms;
@@ -359,7 +359,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.4.6/policy/modules/admin/rpm.te
--- nsaserefpolicy/policy/modules/admin/rpm.te 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/rpm.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/rpm.te 2006-11-30 17:03:20.000000000 -0500
@@ -9,6 +9,8 @@
type rpm_t;
type rpm_exec_t;
@@ -428,7 +428,7 @@
-') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.4.6/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/admin/usermanage.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/admin/usermanage.te 2006-11-30 17:03:20.000000000 -0500
@@ -189,7 +189,7 @@
#
@@ -448,7 +448,7 @@
allow useradd_t self:fd use;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.4.6/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2006-11-16 17:15:07.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/apps/java.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/apps/java.fc 2006-11-30 17:03:20.000000000 -0500
@@ -1,7 +1,7 @@
#
# /opt
@@ -460,7 +460,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.if serefpolicy-2.4.6/policy/modules/apps/loadkeys.if
--- nsaserefpolicy/policy/modules/apps/loadkeys.if 2006-11-16 17:15:07.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/apps/loadkeys.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/apps/loadkeys.if 2006-11-30 17:03:20.000000000 -0500
@@ -50,18 +50,13 @@
## <rolecap/>
#
@@ -488,7 +488,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-2.4.6/policy/modules/apps/slocate.te
--- nsaserefpolicy/policy/modules/apps/slocate.te 2006-11-16 17:15:07.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/apps/slocate.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/apps/slocate.te 2006-11-30 17:03:20.000000000 -0500
@@ -39,6 +39,8 @@
files_list_all(locate_t)
@@ -500,7 +500,7 @@
# mls Higher level directories will be refused, so dontaudit
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.4.6/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/kernel/corecommands.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/kernel/corecommands.fc 2006-11-30 17:03:20.000000000 -0500
@@ -73,6 +73,7 @@
ifdef(`targeted_policy',`
@@ -516,7 +516,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.4.6/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/kernel/corecommands.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/kernel/corecommands.if 2006-11-30 17:03:20.000000000 -0500
@@ -928,7 +928,19 @@
type bin_t, sbin_t;
')
@@ -562,7 +562,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-2.4.6/policy/modules/kernel/corenetwork.if.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/kernel/corenetwork.if.in 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/kernel/corenetwork.if.in 2006-11-30 17:03:20.000000000 -0500
@@ -998,9 +998,11 @@
interface(`corenet_tcp_sendrecv_reserved_port',`
gen_require(`
@@ -659,7 +659,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.4.6/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/kernel/corenetwork.te.in 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/kernel/corenetwork.te.in 2006-11-30 17:03:20.000000000 -0500
@@ -43,11 +43,16 @@
sid port gen_context(system_u:object_r:port_t,s0)
@@ -702,7 +702,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.m4 serefpolicy-2.4.6/policy/modules/kernel/corenetwork.te.m4
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.m4 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/kernel/corenetwork.te.m4 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/kernel/corenetwork.te.m4 2006-11-30 17:03:20.000000000 -0500
@@ -55,8 +55,8 @@
define(`declare_ports',`dnl
ifelse(eval($3 < 1024),1,`
@@ -716,7 +716,7 @@
ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.4.6/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/kernel/devices.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/kernel/devices.fc 2006-11-30 17:03:20.000000000 -0500
@@ -20,11 +20,13 @@
/dev/fb[0-9]* -c gen_context(system_u:object_r:framebuf_device_t,s0)
/dev/full -c gen_context(system_u:object_r:null_device_t,s0)
@@ -750,7 +750,7 @@
/dev/usbdev.* -c gen_context(system_u:object_r:usb_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-2.4.6/policy/modules/kernel/devices.te
--- nsaserefpolicy/policy/modules/kernel/devices.te 2006-11-29 09:27:46.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/kernel/devices.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/kernel/devices.te 2006-11-30 17:03:20.000000000 -0500
@@ -27,6 +27,12 @@
dev_node(agp_device_t)
@@ -766,7 +766,7 @@
type apm_bios_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.4.6/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/kernel/domain.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/kernel/domain.te 2006-11-30 17:03:20.000000000 -0500
@@ -144,3 +144,10 @@
# act on all domains keys
@@ -780,7 +780,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.4.6/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/kernel/files.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/kernel/files.if 2006-11-30 17:03:20.000000000 -0500
@@ -353,8 +353,7 @@
########################################
@@ -928,7 +928,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.4.6/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/kernel/filesystem.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/kernel/filesystem.te 2006-11-30 17:03:20.000000000 -0500
@@ -21,9 +21,11 @@
# Use xattrs for the following filesystem types.
@@ -958,7 +958,7 @@
+fs_associate_noxattr(noxattrfs)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-2.4.6/policy/modules/kernel/terminal.fc
--- nsaserefpolicy/policy/modules/kernel/terminal.fc 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/kernel/terminal.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/kernel/terminal.fc 2006-11-30 17:03:20.000000000 -0500
@@ -11,6 +11,7 @@
/dev/ircomm[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0)
/dev/ip2[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
@@ -969,7 +969,7 @@
/dev/tty -c gen_context(system_u:object_r:devtty_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.4.6/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2006-11-29 09:27:46.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/kernel/terminal.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/kernel/terminal.if 2006-11-30 17:03:20.000000000 -0500
@@ -636,6 +636,8 @@
attribute ptynode;
')
@@ -981,7 +981,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.te serefpolicy-2.4.6/policy/modules/kernel/terminal.te
--- nsaserefpolicy/policy/modules/kernel/terminal.te 2006-11-29 09:27:46.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/kernel/terminal.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/kernel/terminal.te 2006-11-30 17:03:20.000000000 -0500
@@ -28,6 +28,7 @@
type devpts_t;
files_mountpoint(devpts_t)
@@ -992,7 +992,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.4.6/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/apache.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/apache.fc 2006-11-30 17:03:20.000000000 -0500
@@ -45,6 +45,7 @@
/var/cache/httpd(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
/var/cache/mason(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
@@ -1016,7 +1016,7 @@
+/opt/fortitude/run(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.4.6/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2006-11-29 09:27:47.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/apache.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/apache.te 2006-11-30 17:03:20.000000000 -0500
@@ -143,6 +143,8 @@
allow httpd_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow httpd_t self:tcp_socket create_stream_socket_perms;
@@ -1085,7 +1085,7 @@
ifdef(`targeted_policy',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.4.6/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/automount.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/automount.te 2006-11-30 17:03:20.000000000 -0500
@@ -76,6 +76,7 @@
files_mounton_all_mountpoints(automount_t)
files_mount_all_file_type_fs(automount_t)
@@ -1096,7 +1096,7 @@
fs_unmount_all_fs(automount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-2.4.6/policy/modules/services/avahi.if
--- nsaserefpolicy/policy/modules/services/avahi.if 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/avahi.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/avahi.if 2006-11-30 17:03:20.000000000 -0500
@@ -20,3 +20,24 @@
allow $1 avahi_t:dbus send_msg;
allow avahi_t $1:dbus send_msg;
@@ -1124,7 +1124,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-2.4.6/policy/modules/services/bind.fc
--- nsaserefpolicy/policy/modules/services/bind.fc 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/bind.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/bind.fc 2006-11-30 17:03:20.000000000 -0500
@@ -29,6 +29,7 @@
ifdef(`distro_redhat',`
@@ -1135,7 +1135,7 @@
/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-2.4.6/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/clamav.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/clamav.te 2006-11-30 17:03:20.000000000 -0500
@@ -86,6 +86,8 @@
kernel_dontaudit_list_proc(clamd_t)
@@ -1147,7 +1147,7 @@
corenet_tcp_sendrecv_all_nodes(clamd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.4.6/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/cron.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/cron.if 2006-11-30 17:03:20.000000000 -0500
@@ -54,9 +54,6 @@
domain_entry_file($1_crontab_t,crontab_exec_t)
role $3 types $1_crontab_t;
@@ -1223,7 +1223,7 @@
# fcron wants an instant update of a crontab change for the administrator
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.4.6/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/cron.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/cron.te 2006-11-30 17:03:20.000000000 -0500
@@ -86,7 +86,7 @@
allow crond_t self:sem create_sem_perms;
allow crond_t self:msgq create_msgq_perms;
@@ -1247,7 +1247,7 @@
allow crond_t system_crond_tmp_t:file create_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-2.4.6/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/cups.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/cups.fc 2006-11-30 17:03:20.000000000 -0500
@@ -23,7 +23,7 @@
/usr/libexec/hal_lpadmin -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
@@ -1259,7 +1259,7 @@
/usr/sbin/printconf-backend -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.4.6/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/cups.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/cups.te 2006-11-30 17:03:20.000000000 -0500
@@ -118,6 +118,8 @@
allow cupsd_t cupsd_tmp_t:file create_file_perms;
allow cupsd_t cupsd_tmp_t:fifo_file create_file_perms;
@@ -1297,7 +1297,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.4.6/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/cvs.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/cvs.te 2006-11-30 17:03:20.000000000 -0500
@@ -9,6 +9,7 @@
type cvs_t;
type cvs_exec_t;
@@ -1308,7 +1308,7 @@
type cvs_data_t; # customizable
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-2.4.6/policy/modules/services/dbus.fc
--- nsaserefpolicy/policy/modules/services/dbus.fc 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/dbus.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/dbus.fc 2006-11-30 17:03:20.000000000 -0500
@@ -4,3 +4,4 @@
/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:system_dbusd_exec_t,s0)
/bin/dbus-daemon -- gen_context(system_u:object_r:system_dbusd_exec_t,s0)
@@ -1316,7 +1316,7 @@
+/var/named/chroot/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.4.6/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/dbus.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/dbus.if 2006-11-30 17:03:20.000000000 -0500
@@ -123,6 +123,7 @@
selinux_compute_relabel_context($1_dbusd_t)
selinux_compute_user_contexts($1_dbusd_t)
@@ -1327,8 +1327,16 @@
corecmd_read_bin_files($1_dbusd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.4.6/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/ftp.te 2006-11-30 17:02:33.000000000 -0500
-@@ -127,6 +127,7 @@
++++ serefpolicy-2.4.6/policy/modules/services/ftp.te 2006-12-01 11:58:00.000000000 -0500
+@@ -103,6 +103,7 @@
+ corenet_tcp_bind_ftp_port(ftpd_t)
+ corenet_tcp_bind_ftp_data_port(ftpd_t)
+ corenet_tcp_bind_generic_port(ftpd_t)
++corenet_dontaudit_tcp_bind_all_ports(ftpd_t)
+ corenet_tcp_connect_all_ports(ftpd_t)
+ corenet_sendrecv_ftp_server_packets(ftpd_t)
+
+@@ -127,6 +128,7 @@
init_use_fds(ftpd_t)
init_use_script_ptys(ftpd_t)
@@ -1338,7 +1346,7 @@
libs_use_shared_libs(ftpd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-2.4.6/policy/modules/services/hal.fc
--- nsaserefpolicy/policy/modules/services/hal.fc 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/hal.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/hal.fc 2006-11-30 17:03:20.000000000 -0500
@@ -7,3 +7,7 @@
/usr/sbin/hald -- gen_context(system_u:object_r:hald_exec_t,s0)
@@ -1349,7 +1357,7 @@
+/var/run/haldaemon.pid -- gen_context(system_u:object_r:hald_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-2.4.6/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/hal.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/hal.if 2006-11-30 17:03:20.000000000 -0500
@@ -157,3 +157,23 @@
files_search_pids($1)
allow $1 hald_var_run_t:file rw_file_perms;
@@ -1376,7 +1384,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.4.6/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/hal.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/hal.te 2006-11-30 17:03:20.000000000 -0500
@@ -16,6 +16,9 @@
type hald_var_run_t;
files_pid_file(hald_var_run_t)
@@ -1401,7 +1409,7 @@
files_pid_filetrans(hald_t,hald_var_run_t,file)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-2.4.6/policy/modules/services/kerberos.if
--- nsaserefpolicy/policy/modules/services/kerberos.if 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/kerberos.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/kerberos.if 2006-11-30 17:03:20.000000000 -0500
@@ -57,6 +57,7 @@
corenet_udp_bind_all_nodes($1)
corenet_tcp_connect_kerberos_port($1)
@@ -1412,7 +1420,7 @@
sysnet_dns_name_resolve($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-2.4.6/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/kerberos.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/kerberos.te 2006-11-30 17:03:20.000000000 -0500
@@ -156,14 +156,21 @@
# Use capabilities. Surplus capabilities may be allowed.
allow krb5kdc_t self:capability { setuid setgid net_admin chown fowner dac_override sys_nice };
@@ -1439,7 +1447,7 @@
allow krb5kdc_t krb5kdc_conf_t:dir search;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-2.4.6/policy/modules/services/lpd.if
--- nsaserefpolicy/policy/modules/services/lpd.if 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/lpd.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/lpd.if 2006-11-30 17:03:20.000000000 -0500
@@ -64,33 +64,35 @@
allow $1_lpr_t self:udp_socket create_socket_perms;
allow $1_lpr_t self:netlink_route_socket r_netlink_socket_perms;
@@ -1503,7 +1511,7 @@
# Transition from the user domain to the derived domain.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-2.4.6/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/mta.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/mta.if 2006-11-30 17:03:20.000000000 -0500
@@ -820,6 +820,7 @@
type mqueue_spool_t;
')
@@ -1514,7 +1522,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.4.6/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/mta.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/mta.te 2006-11-30 17:03:20.000000000 -0500
@@ -27,6 +27,7 @@
type sendmail_exec_t;
@@ -1525,7 +1533,7 @@
role system_r types system_mail_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-2.4.6/policy/modules/services/nis.fc
--- nsaserefpolicy/policy/modules/services/nis.fc 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/nis.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/nis.fc 2006-11-30 17:03:20.000000000 -0500
@@ -8,3 +8,4 @@
/usr/sbin/ypserv -- gen_context(system_u:object_r:ypserv_exec_t,s0)
@@ -1533,7 +1541,7 @@
+/usr/lib/yp/ypxfr -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-2.4.6/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/nis.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/nis.if 2006-11-30 17:03:20.000000000 -0500
@@ -81,8 +81,6 @@
tunable_policy(`allow_ypbind',`
@@ -1557,7 +1565,7 @@
allow ypxfr_t $1:process sigchld;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-2.4.6/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/nis.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/nis.te 2006-11-30 17:03:20.000000000 -0500
@@ -329,6 +329,12 @@
# ypxfr local policy
#
@@ -1582,7 +1590,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-2.4.6/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/nscd.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/nscd.if 2006-11-30 17:03:20.000000000 -0500
@@ -181,3 +181,23 @@
allow $1 nscd_t:nscd *;
@@ -1609,11 +1617,50 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-2.4.6/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/nscd.te 2006-11-30 17:02:33.000000000 -0500
-@@ -120,6 +120,9 @@
++++ serefpolicy-2.4.6/policy/modules/services/nscd.te 2006-12-01 11:46:10.000000000 -0500
+@@ -35,7 +35,6 @@
+ allow nscd_t self:unix_stream_socket create_stream_socket_perms;
+ allow nscd_t self:unix_dgram_socket create_socket_perms;
+ allow nscd_t self:netlink_selinux_socket create_socket_perms;
+-allow nscd_t self:netlink_route_socket r_netlink_socket_perms;
+ allow nscd_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
+ allow nscd_t self:tcp_socket create_socket_perms;
+ allow nscd_t self:udp_socket create_socket_perms;
+@@ -67,6 +66,7 @@
+
+ # for when /etc/passwd has just been updated and has the wrong type
+ auth_getattr_shadow(nscd_t)
++auth_use_nsswitch(nscd_t)
+
+ corenet_non_ipsec_sendrecv(nscd_t)
+ corenet_tcp_sendrecv_all_if(nscd_t)
+@@ -100,14 +100,12 @@
+
+ logging_send_syslog_msg(nscd_t)
+
+-miscfiles_read_certs(nscd_t)
+ miscfiles_read_localization(nscd_t)
+
+ seutil_read_config(nscd_t)
+ seutil_read_default_contexts(nscd_t)
+ seutil_sigchld_newrole(nscd_t)
+
+-sysnet_dns_name_resolve(nscd_t)
+ sysnet_read_config(nscd_t)
+
+ userdom_dontaudit_use_unpriv_user_fds(nscd_t)
+@@ -120,14 +118,9 @@
term_dontaudit_use_unallocated_ttys(nscd_t)
term_dontaudit_use_generic_ptys(nscd_t)
files_dontaudit_read_root_files(nscd_t)
+-')
+-
+-optional_policy(`
+- nis_use_ypbind(nscd_t)
+-')
+-
+-optional_policy(`
+- samba_stream_connect_winbind(nscd_t)
+',`
+ userdom_dontaudit_use_sysadm_ttys(nscd_t)
+ userdom_dontaudit_use_sysadm_ptys(nscd_t)
@@ -1622,7 +1669,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-2.4.6/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/oddjob.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/oddjob.te 2006-11-30 17:03:20.000000000 -0500
@@ -10,6 +10,7 @@
type oddjob_exec_t;
domain_type(oddjob_t)
@@ -1642,7 +1689,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.fc serefpolicy-2.4.6/policy/modules/services/pcscd.fc
--- nsaserefpolicy/policy/modules/services/pcscd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/pcscd.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/pcscd.fc 2006-11-30 17:03:20.000000000 -0500
@@ -0,0 +1,9 @@
+# pcscd executable will have:
+# label: system_u:object_r:pcscd_exec_t
@@ -1655,7 +1702,7 @@
+/var/run/pcscd\.comm -s gen_context(system_u:object_r:pcscd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.if serefpolicy-2.4.6/policy/modules/services/pcscd.if
--- nsaserefpolicy/policy/modules/services/pcscd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/pcscd.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/pcscd.if 2006-11-30 17:03:20.000000000 -0500
@@ -0,0 +1,23 @@
+## <summary>policy for pcscd</summary>
+
@@ -1682,7 +1729,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-2.4.6/policy/modules/services/pcscd.te
--- nsaserefpolicy/policy/modules/services/pcscd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/pcscd.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/pcscd.te 2006-11-30 17:03:20.000000000 -0500
@@ -0,0 +1,58 @@
+policy_module(pcscd,1.0.0)
+
@@ -1744,7 +1791,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.4.6/policy/modules/services/pegasus.if
--- nsaserefpolicy/policy/modules/services/pegasus.if 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/pegasus.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/pegasus.if 2006-11-30 17:03:20.000000000 -0500
@@ -1 +1,32 @@
## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
+
@@ -1780,7 +1827,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.4.6/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/pegasus.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/pegasus.te 2006-11-30 17:03:20.000000000 -0500
@@ -100,13 +100,12 @@
auth_use_nsswitch(pegasus_t)
@@ -1799,7 +1846,7 @@
hostname_exec(pegasus_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.4.6/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/postfix.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/postfix.te 2006-11-30 17:03:20.000000000 -0500
@@ -382,6 +382,10 @@
locallogin_dontaudit_use_fds(postfix_map_t)
')
@@ -1839,7 +1886,7 @@
# Postfix smtpd local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.4.6/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/procmail.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/procmail.te 2006-11-30 17:03:20.000000000 -0500
@@ -10,6 +10,7 @@
type procmail_exec_t;
domain_type(procmail_t)
@@ -1870,9 +1917,39 @@
# Do not audit attempts to access /root.
userdom_dontaudit_search_sysadm_home_dirs(procmail_t)
userdom_dontaudit_search_staff_home_dirs(procmail_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-2.4.6/policy/modules/services/rlogin.te
+--- nsaserefpolicy/policy/modules/services/rlogin.te 2006-11-16 17:15:21.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/rlogin.te 2006-12-01 12:44:56.000000000 -0500
+@@ -62,6 +62,7 @@
+ dev_read_urand(rlogind_t)
+
+ fs_getattr_xattr_fs(rlogind_t)
++fs_search_auto_mountpoints(rlogind_t)
+
+ auth_domtrans_chk_passwd(rlogind_t)
+ auth_rw_login_records(rlogind_t)
+@@ -92,17 +93,10 @@
+
+ optional_policy(`
+ kerberos_read_keytab(rlogind_t)
+-
+- # for identd; cjp: this should probably only be inetd_child rules?
+- kerberos_use(rlogind_t)
+-')
+-
+-optional_policy(`
+- nis_use_ypbind(rlogind_t)
+ ')
+
+ optional_policy(`
+- nscd_socket_use(rlogind_t)
++ auth_use_nsswitch(rlogind_t)
+ ')
+
+ ifdef(`TODO',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.4.6/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/rpc.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/rpc.te 2006-11-30 17:03:20.000000000 -0500
@@ -121,6 +121,7 @@
#
@@ -1883,7 +1960,7 @@
allow gssd_t gssd_tmp_t:dir create_dir_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-2.4.6/policy/modules/services/rsync.te
--- nsaserefpolicy/policy/modules/services/rsync.te 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/rsync.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/rsync.te 2006-11-30 17:03:20.000000000 -0500
@@ -9,6 +9,7 @@
type rsync_t;
type rsync_exec_t;
@@ -1894,7 +1971,7 @@
type rsync_data_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-2.4.6/policy/modules/services/samba.if
--- nsaserefpolicy/policy/modules/services/samba.if 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/samba.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/samba.if 2006-11-30 17:03:20.000000000 -0500
@@ -140,6 +140,7 @@
')
@@ -1913,7 +1990,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.4.6/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/samba.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/samba.te 2006-11-30 17:03:20.000000000 -0500
@@ -349,7 +349,7 @@
allow nmbd_t samba_etc_t:file { getattr read };
@@ -1952,7 +2029,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-2.4.6/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/sasl.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/sasl.te 2006-11-30 17:03:20.000000000 -0500
@@ -47,6 +47,8 @@
fs_getattr_all_fs(saslauthd_t)
fs_search_auto_mountpoints(saslauthd_t)
@@ -1964,7 +2041,7 @@
auth_domtrans_chk_passwd(saslauthd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-2.4.6/policy/modules/services/snmp.te
--- nsaserefpolicy/policy/modules/services/snmp.te 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/snmp.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/snmp.te 2006-11-30 17:03:20.000000000 -0500
@@ -77,6 +77,7 @@
dev_read_sysfs(snmpd_t)
dev_read_urand(snmpd_t)
@@ -1987,7 +2064,7 @@
storage_dontaudit_read_fixed_disk(snmpd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.4.6/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/spamassassin.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/spamassassin.te 2006-11-30 17:03:20.000000000 -0500
@@ -8,7 +8,7 @@
# spamassassin client executable
@@ -2016,7 +2093,7 @@
corenet_sendrecv_generic_server_packets(spamd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.4.6/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/ssh.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/ssh.te 2006-11-30 17:03:20.000000000 -0500
@@ -10,7 +10,7 @@
# ssh client executable.
@@ -2033,7 +2110,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-2.4.6/policy/modules/services/telnet.te
--- nsaserefpolicy/policy/modules/services/telnet.te 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/telnet.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/telnet.te 2006-11-30 17:03:20.000000000 -0500
@@ -32,6 +32,7 @@
allow telnetd_t self:udp_socket create_socket_perms;
# for identd; cjp: this should probably only be inetd_child rules?
@@ -2044,7 +2121,7 @@
allow telnetd_t telnetd_devpts_t:chr_file { rw_file_perms setattr };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-2.4.6/policy/modules/services/tftp.te
--- nsaserefpolicy/policy/modules/services/tftp.te 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/tftp.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/tftp.te 2006-11-30 17:03:20.000000000 -0500
@@ -54,6 +54,8 @@
dev_read_sysfs(tftpd_t)
@@ -2056,7 +2133,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.fc serefpolicy-2.4.6/policy/modules/services/uucp.fc
--- nsaserefpolicy/policy/modules/services/uucp.fc 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/uucp.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/uucp.fc 2006-11-30 17:03:20.000000000 -0500
@@ -1,5 +1,6 @@
/usr/sbin/uucico -- gen_context(system_u:object_r:uucpd_exec_t,s0)
@@ -2066,7 +2143,7 @@
/var/spool/uucppublic(/.*)? gen_context(system_u:object_r:uucpd_spool_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.if serefpolicy-2.4.6/policy/modules/services/uucp.if
--- nsaserefpolicy/policy/modules/services/uucp.if 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/uucp.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/uucp.if 2006-11-30 17:03:20.000000000 -0500
@@ -1 +1,68 @@
## <summary>Unix to Unix Copy</summary>
+
@@ -2138,7 +2215,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-2.4.6/policy/modules/services/uucp.te
--- nsaserefpolicy/policy/modules/services/uucp.te 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/uucp.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/uucp.te 2006-11-30 17:03:20.000000000 -0500
@@ -10,6 +10,12 @@
inetd_tcp_service_domain(uucpd_t,uucpd_exec_t)
role system_r types uucpd_t;
@@ -2203,7 +2280,7 @@
+logging_search_logs(uux_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.4.6/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2006-11-29 09:27:47.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/services/xserver.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/services/xserver.if 2006-11-30 17:03:20.000000000 -0500
@@ -906,10 +906,12 @@
domain_auto_trans($1,xserver_exec_t,xdm_xserver_t)
@@ -2261,7 +2338,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.4.6/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/authlogin.if 2006-11-30 17:02:52.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/authlogin.if 2006-12-01 12:43:26.000000000 -0500
@@ -232,6 +232,14 @@
tunable_policy(`allow_polyinstantiation',`
@@ -2299,7 +2376,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.4.6/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/authlogin.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/authlogin.te 2006-11-30 17:03:20.000000000 -0500
@@ -141,6 +141,7 @@
allow pam_console_t pam_var_console_t:lnk_file { getattr read };
allow pam_console_t pam_var_console_t:file r_file_perms;
@@ -2335,7 +2412,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/clock.te serefpolicy-2.4.6/policy/modules/system/clock.te
--- nsaserefpolicy/policy/modules/system/clock.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/clock.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/clock.te 2006-11-30 17:03:20.000000000 -0500
@@ -25,7 +25,7 @@
dontaudit hwclock_t self:capability sys_tty_config;
allow hwclock_t self:process signal_perms;
@@ -2357,7 +2434,7 @@
dev_rw_realtime_clock(hwclock_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-2.4.6/policy/modules/system/fstools.fc
--- nsaserefpolicy/policy/modules/system/fstools.fc 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/fstools.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/fstools.fc 2006-11-30 17:03:20.000000000 -0500
@@ -19,7 +19,6 @@
/sbin/mkfs.* -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/mkraid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -2368,7 +2445,7 @@
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.4.6/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/fstools.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/fstools.te 2006-11-30 17:03:20.000000000 -0500
@@ -9,7 +9,7 @@
type fsadm_t;
type fsadm_exec_t;
@@ -2380,7 +2457,7 @@
type fsadm_log_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-2.4.6/policy/modules/system/getty.te
--- nsaserefpolicy/policy/modules/system/getty.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/getty.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/getty.te 2006-11-30 17:03:20.000000000 -0500
@@ -33,7 +33,8 @@
#
@@ -2393,7 +2470,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.4.6/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/hostname.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/hostname.te 2006-11-30 17:03:20.000000000 -0500
@@ -8,8 +8,12 @@
type hostname_t;
@@ -2418,7 +2495,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.4.6/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/init.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/init.te 2006-11-30 17:03:20.000000000 -0500
@@ -205,6 +205,9 @@
allow initrc_t initrc_devpts_t:chr_file rw_term_perms;
term_create_pty(initrc_t,initrc_devpts_t)
@@ -2466,7 +2543,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-2.4.6/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/iptables.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/iptables.te 2006-11-30 17:03:20.000000000 -0500
@@ -85,7 +85,7 @@
optional_policy(`
@@ -2486,7 +2563,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.4.6/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/libraries.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/libraries.fc 2006-11-30 17:03:20.000000000 -0500
@@ -131,6 +131,7 @@
/usr/lib/win32/.* -- gen_context(system_u:object_r:shlib_t,s0)
@@ -2562,7 +2639,7 @@
/usr/(local/)?Adobe/(.*/)?intellinux/sidecars/* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-2.4.6/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/libraries.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/libraries.te 2006-11-30 17:03:20.000000000 -0500
@@ -81,12 +81,6 @@
userdom_use_all_users_fds(ldconfig_t)
@@ -2578,7 +2655,7 @@
unconfined_domain(ldconfig_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.if serefpolicy-2.4.6/policy/modules/system/locallogin.if
--- nsaserefpolicy/policy/modules/system/locallogin.if 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/locallogin.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/locallogin.if 2006-11-30 17:03:20.000000000 -0500
@@ -75,3 +75,40 @@
allow $1 local_login_t:process signull;
@@ -2622,7 +2699,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.4.6/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/logging.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/logging.te 2006-11-30 17:03:20.000000000 -0500
@@ -53,6 +53,7 @@
type var_log_t;
@@ -2633,7 +2710,7 @@
init_ranged_daemon_domain(auditd_t,auditd_exec_t,mls_systemhigh)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-2.4.6/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/lvm.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/lvm.fc 2006-11-30 17:03:20.000000000 -0500
@@ -95,3 +95,4 @@
/var/cache/multipathd(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
/var/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
@@ -2641,7 +2718,7 @@
+/var/lib/multipath(/.*)? gen_context(system_u:object_r:lvm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.4.6/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/lvm.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/lvm.te 2006-11-30 17:03:20.000000000 -0500
@@ -13,6 +13,9 @@
type clvmd_var_run_t;
files_pid_file(clvmd_var_run_t)
@@ -2772,7 +2849,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-2.4.6/policy/modules/system/miscfiles.fc
--- nsaserefpolicy/policy/modules/system/miscfiles.fc 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/miscfiles.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/miscfiles.fc 2006-11-30 17:03:20.000000000 -0500
@@ -39,6 +39,7 @@
/usr/share/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
/usr/share/ghostscript/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
@@ -2783,7 +2860,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-2.4.6/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/modutils.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/modutils.te 2006-11-30 17:03:20.000000000 -0500
@@ -117,10 +117,6 @@
kernel_domtrans_to(insmod_t,insmod_exec_t)
}
@@ -2805,7 +2882,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.4.6/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/mount.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/mount.te 2006-11-30 17:03:20.000000000 -0500
@@ -9,6 +9,7 @@
type mount_t;
type mount_exec_t;
@@ -2866,7 +2943,7 @@
rpm_rw_pipes(mount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-2.4.6/policy/modules/system/raid.te
--- nsaserefpolicy/policy/modules/system/raid.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/raid.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/raid.te 2006-11-30 17:03:20.000000000 -0500
@@ -38,12 +38,15 @@
dev_dontaudit_getattr_all_blk_files(mdadm_t)
dev_dontaudit_getattr_all_chr_files(mdadm_t)
@@ -2893,7 +2970,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.4.6/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/selinuxutil.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/selinuxutil.fc 2006-11-30 17:03:20.000000000 -0500
@@ -41,6 +41,7 @@
/usr/sbin/setsebool -- gen_context(system_u:object_r:semanage_exec_t,s0)
/usr/sbin/semanage -- gen_context(system_u:object_r:semanage_exec_t,s0)
@@ -2904,7 +2981,7 @@
# /var/run
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.4.6/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/selinuxutil.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/selinuxutil.if 2006-11-30 17:03:20.000000000 -0500
@@ -713,7 +713,7 @@
')
@@ -3034,7 +3111,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.4.6/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/selinuxutil.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/selinuxutil.te 2006-11-30 17:03:20.000000000 -0500
@@ -107,6 +107,19 @@
type semanage_exec_t;
domain_entry_file(semanage_t, semanage_exec_t)
@@ -3213,7 +3290,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.4.6/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/sysnetwork.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/sysnetwork.te 2006-11-30 17:03:20.000000000 -0500
@@ -333,6 +333,9 @@
ifdef(`targeted_policy',`
term_use_generic_ptys(ifconfig_t)
@@ -3226,7 +3303,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-2.4.6/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/unconfined.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/unconfined.fc 2006-11-30 17:03:20.000000000 -0500
@@ -7,6 +7,8 @@
ifdef(`targeted_policy',`
/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
@@ -3239,7 +3316,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.4.6/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/unconfined.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/unconfined.if 2006-11-30 17:03:20.000000000 -0500
@@ -31,6 +31,7 @@
allow $1 self:nscd *;
allow $1 self:dbus *;
@@ -3275,7 +3352,7 @@
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.4.6/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/unconfined.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/unconfined.te 2006-11-30 17:03:20.000000000 -0500
@@ -83,6 +83,9 @@
optional_policy(`
networkmanager_dbus_chat(unconfined_t)
@@ -3325,7 +3402,7 @@
init_dbus_chat_script(unconfined_execmem_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.4.6/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-11-29 09:27:47.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/userdomain.if 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/userdomain.if 2006-11-30 17:03:20.000000000 -0500
@@ -22,9 +22,9 @@
## <rolebase/>
#
@@ -3805,7 +3882,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.4.6/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/userdomain.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/userdomain.te 2006-11-30 17:03:20.000000000 -0500
@@ -24,6 +24,9 @@
# users home directory contents
attribute home_type;
@@ -3844,7 +3921,7 @@
usermanage_run_useradd(sysadm_t,sysadm_r,admin_terminal)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.4.6/policy/modules/system/xen.fc
--- nsaserefpolicy/policy/modules/system/xen.fc 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/xen.fc 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/xen.fc 2006-11-30 17:03:20.000000000 -0500
@@ -8,6 +8,7 @@
/usr/sbin/xm -- gen_context(system_u:object_r:xm_exec_t,s0)
@@ -3855,7 +3932,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.4.6/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.4.6/policy/modules/system/xen.te 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/policy/modules/system/xen.te 2006-11-30 17:03:20.000000000 -0500
@@ -86,8 +86,8 @@
allow xend_t self:tcp_socket create_stream_socket_perms;
allow xend_t self:packet_socket create_socket_perms;
@@ -3947,7 +4024,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.4.6/Rules.modular
--- nsaserefpolicy/Rules.modular 2006-11-16 17:15:29.000000000 -0500
-+++ serefpolicy-2.4.6/Rules.modular 2006-11-30 17:02:33.000000000 -0500
++++ serefpolicy-2.4.6/Rules.modular 2006-11-30 17:03:20.000000000 -0500
@@ -219,6 +219,16 @@
########################################
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.356
retrieving revision 1.357
diff -u -r1.356 -r1.357
--- selinux-policy.spec 30 Nov 2006 22:06:22 -0000 1.356
+++ selinux-policy.spec 1 Dec 2006 17:58:00 -0000 1.357
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.4.6
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -351,6 +351,11 @@
%endif
%changelog
+* Fri Dec 1 2006 Dan Walsh <dwalsh at redhat.com> 2.4.6-4
+- ncsd needs to use avahi sockets
+Resolves: #217640
+Resolves: #218014
+
* Thu Nov 28 2006 Dan Walsh <dwalsh at redhat.com> 2.4.6-3
- Allow login programs to polyinstatiate homedirs
Resolves: #216184
More information about the fedora-cvs-commits
mailing list