rpms/selinux-policy/devel policy-20061016.patch, 1.15, 1.16 selinux-policy.spec, 1.329, 1.330
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Nov 3 21:27:49 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv27764
Modified Files:
policy-20061016.patch selinux-policy.spec
Log Message:
* Fri Nov 3 2006 Dan Walsh <dwalsh at redhat.com> 2.4.2-8
- Lots of fixes for ricci
policy-20061016.patch:
Rules.modular | 10
policy/flask/access_vectors | 2
policy/global_tunables | 44 ++
policy/modules/admin/acct.te | 1
policy/modules/admin/amanda.te | 3
policy/modules/admin/anaconda.te | 4
policy/modules/admin/bootloader.fc | 2
policy/modules/admin/consoletype.te | 8
policy/modules/admin/dmesg.te | 1
policy/modules/admin/logwatch.te | 1
policy/modules/admin/netutils.te | 6
policy/modules/admin/prelink.te | 10
policy/modules/admin/rpm.fc | 2
policy/modules/admin/rpm.if | 21 +
policy/modules/admin/rpm.te | 5
policy/modules/admin/su.if | 3
policy/modules/admin/usermanage.te | 5
policy/modules/apps/java.fc | 3
policy/modules/apps/java.te | 2
policy/modules/apps/mono.te | 3
policy/modules/kernel/corecommands.fc | 1
policy/modules/kernel/corecommands.if | 17 +
policy/modules/kernel/corenetwork.te.in | 6
policy/modules/kernel/devices.fc | 3
policy/modules/kernel/domain.te | 7
policy/modules/kernel/files.fc | 1
policy/modules/kernel/files.if | 48 ++-
policy/modules/kernel/filesystem.if | 22 +
policy/modules/kernel/filesystem.te | 6
policy/modules/kernel/kernel.if | 2
policy/modules/kernel/kernel.te | 1
policy/modules/kernel/storage.fc | 1
policy/modules/kernel/storage.if | 1
policy/modules/kernel/terminal.fc | 1
policy/modules/kernel/terminal.if | 20 +
policy/modules/kernel/terminal.te | 1
policy/modules/services/apache.fc | 9
policy/modules/services/apache.if | 2
policy/modules/services/apache.te | 9
policy/modules/services/automount.te | 4
policy/modules/services/bluetooth.te | 2
policy/modules/services/ccs.fc | 10
policy/modules/services/ccs.if | 83 +++++
policy/modules/services/ccs.te | 89 +++++
policy/modules/services/cron.if | 26 -
policy/modules/services/cron.te | 8
policy/modules/services/cups.fc | 6
policy/modules/services/cups.if | 21 +
policy/modules/services/cups.te | 18 +
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.if | 1
policy/modules/services/dovecot.te | 2
policy/modules/services/hal.te | 2
policy/modules/services/lpd.fc | 5
policy/modules/services/lpd.if | 72 ++--
policy/modules/services/mta.te | 1
policy/modules/services/networkmanager.te | 4
policy/modules/services/nscd.if | 20 +
policy/modules/services/nscd.te | 3
policy/modules/services/oddjob.te | 16 -
policy/modules/services/pegasus.if | 31 +
policy/modules/services/pegasus.te | 5
policy/modules/services/procmail.te | 26 +
policy/modules/services/rhgb.te | 24 +
policy/modules/services/ricci.fc | 20 +
policy/modules/services/ricci.if | 184 +++++++++++
policy/modules/services/ricci.te | 477 ++++++++++++++++++++++++++++++
policy/modules/services/rpc.te | 6
policy/modules/services/rsync.te | 1
policy/modules/services/samba.te | 10
policy/modules/services/sasl.te | 2
policy/modules/services/setroubleshoot.te | 2
policy/modules/services/snmp.te | 4
policy/modules/services/spamassassin.te | 5
policy/modules/services/squid.te | 7
policy/modules/services/ssh.te | 4
policy/modules/services/telnet.te | 1
policy/modules/services/xserver.if | 40 ++
policy/modules/services/xserver.te | 2
policy/modules/system/authlogin.fc | 1
policy/modules/system/authlogin.if | 4
policy/modules/system/clock.te | 3
policy/modules/system/fstools.fc | 1
policy/modules/system/fstools.te | 3
policy/modules/system/getty.te | 3
policy/modules/system/hostname.te | 6
policy/modules/system/init.fc | 3
policy/modules/system/init.te | 16 -
policy/modules/system/iscsi.fc | 9
policy/modules/system/iscsi.if | 24 +
policy/modules/system/iscsi.te | 94 +++++
policy/modules/system/libraries.fc | 8
policy/modules/system/locallogin.if | 37 ++
policy/modules/system/locallogin.te | 2
policy/modules/system/logging.te | 5
policy/modules/system/mount.fc | 1
policy/modules/system/mount.te | 13
policy/modules/system/raid.te | 11
policy/modules/system/selinuxutil.if | 6
policy/modules/system/selinuxutil.te | 8
policy/modules/system/setrans.te | 5
policy/modules/system/unconfined.if | 19 +
policy/modules/system/unconfined.te | 20 -
policy/modules/system/userdomain.if | 227 +++++++++++++-
policy/modules/system/userdomain.te | 14
policy/modules/system/xen.fc | 3
policy/modules/system/xen.te | 59 +++
107 files changed, 2006 insertions(+), 138 deletions(-)
Index: policy-20061016.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20061016.patch,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- policy-20061016.patch 1 Nov 2006 00:09:08 -0000 1.15
+++ policy-20061016.patch 3 Nov 2006 21:27:47 -0000 1.16
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.4.2/policy/flask/access_vectors
--- nsaserefpolicy/policy/flask/access_vectors 2006-10-23 16:14:53.000000000 -0400
-+++ serefpolicy-2.4.2/policy/flask/access_vectors 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/flask/access_vectors 2006-11-03 08:59:56.000000000 -0500
@@ -619,6 +619,8 @@
send
recv
@@ -12,7 +12,7 @@
class key
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.4.2/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.4.2/policy/global_tunables 2006-10-30 17:05:18.000000000 -0500
++++ serefpolicy-2.4.2/policy/global_tunables 2006-11-03 09:00:49.000000000 -0500
@@ -567,6 +567,13 @@
gen_tunable(xdm_sysadm_login,false)
')
@@ -41,9 +41,18 @@
## Allow mount to mount any file
## </p>
## </desc>
-@@ -594,3 +608,25 @@
+@@ -593,4 +607,34 @@
+ ## </p>
## </desc>
gen_tunable(spamd_enable_home_dirs,true)
++
++## <desc>
++## <p>
++## Allow xen to read/write physical disk devices
++## </p>
++## </desc>
++gen_tunable(xen_use_raw_disk,true)
++
')
+
+## <desc>
@@ -69,7 +78,7 @@
+gen_tunable(use_lpd_server,false)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.4.2/policy/modules/admin/acct.te
--- nsaserefpolicy/policy/modules/admin/acct.te 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/admin/acct.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/admin/acct.te 2006-11-03 08:59:56.000000000 -0500
@@ -9,6 +9,7 @@
type acct_t;
type acct_exec_t;
@@ -80,7 +89,7 @@
logging_log_file(acct_data_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.4.2/policy/modules/admin/amanda.te
--- nsaserefpolicy/policy/modules/admin/amanda.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/admin/amanda.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/admin/amanda.te 2006-11-03 08:59:56.000000000 -0500
@@ -97,7 +97,7 @@
allow amanda_t amanda_gnutarlists_t:lnk_file manage_file_perms;
@@ -100,7 +109,7 @@
dev_getattr_all_chr_files(amanda_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-2.4.2/policy/modules/admin/anaconda.te
--- nsaserefpolicy/policy/modules/admin/anaconda.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/admin/anaconda.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/admin/anaconda.te 2006-11-03 08:59:56.000000000 -0500
@@ -36,10 +36,6 @@
userdom_generic_user_home_dir_filetrans_generic_user_home_content(anaconda_t,{ dir file lnk_file fifo_file sock_file })
@@ -114,7 +123,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.4.2/policy/modules/admin/bootloader.fc
--- nsaserefpolicy/policy/modules/admin/bootloader.fc 2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/admin/bootloader.fc 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/admin/bootloader.fc 2006-11-03 08:59:56.000000000 -0500
@@ -7,8 +7,6 @@
/usr/sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0)
@@ -126,7 +135,7 @@
/sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.4.2/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/admin/consoletype.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/admin/consoletype.te 2006-11-03 08:59:56.000000000 -0500
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -151,7 +160,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.4.2/policy/modules/admin/dmesg.te
--- nsaserefpolicy/policy/modules/admin/dmesg.te 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/admin/dmesg.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/admin/dmesg.te 2006-11-03 08:59:56.000000000 -0500
@@ -10,6 +10,7 @@
type dmesg_t;
type dmesg_exec_t;
@@ -160,9 +169,20 @@
role system_r types dmesg_t;
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.4.2/policy/modules/admin/logwatch.te
+--- nsaserefpolicy/policy/modules/admin/logwatch.te 2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/admin/logwatch.te 2006-11-03 15:20:12.000000000 -0500
+@@ -53,6 +53,7 @@
+ corecmd_exec_ls(logwatch_t)
+
+ dev_read_urand(logwatch_t)
++dev_search_sysfs(logwatch_t)
+
+ # Read /proc/PID directories for all domains.
+ domain_read_all_domains_state(logwatch_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.4.2/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/admin/netutils.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/admin/netutils.te 2006-11-03 08:59:56.000000000 -0500
@@ -18,10 +18,12 @@
type ping_exec_t;
init_system_domain(ping_t,ping_exec_t)
@@ -189,7 +209,7 @@
# Ping local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.4.2/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/admin/prelink.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/admin/prelink.te 2006-11-03 08:59:56.000000000 -0500
@@ -24,7 +24,7 @@
#
@@ -199,7 +219,7 @@
allow prelink_t self:fifo_file rw_file_perms;
allow prelink_t prelink_cache_t:file manage_file_perms;
-@@ -76,6 +76,12 @@
+@@ -76,6 +76,14 @@
miscfiles_read_localization(prelink_t)
@@ -207,6 +227,8 @@
+ term_use_unallocated_ttys(prelink_t)
+ term_use_generic_ptys(prelink_t)
+ userdom_manage_generic_user_home_content_files(prelink_t)
++ userdom_execute_generic_user_home_content_files(prelink_t)
++ userdom_dontaudit_relabel_generic_user_home_content_files(prelink_t)
+')
+
optional_policy(`
@@ -214,7 +236,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.4.2/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/admin/rpm.fc 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/admin/rpm.fc 2006-11-03 08:59:56.000000000 -0500
@@ -21,6 +21,8 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -226,7 +248,7 @@
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.4.2/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2006-09-15 13:14:27.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/admin/rpm.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/admin/rpm.if 2006-11-03 08:59:56.000000000 -0500
@@ -257,3 +257,24 @@
dontaudit $1 rpm_var_lib_t:file create_file_perms;
dontaudit $1 rpm_var_lib_t:lnk_file create_lnk_perms;
@@ -254,7 +276,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.4.2/policy/modules/admin/rpm.te
--- nsaserefpolicy/policy/modules/admin/rpm.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/admin/rpm.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/admin/rpm.te 2006-11-03 08:59:56.000000000 -0500
@@ -9,6 +9,8 @@
type rpm_t;
type rpm_exec_t;
@@ -276,7 +298,7 @@
# ideally we would not need this
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.4.2/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if 2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/admin/su.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/admin/su.if 2006-11-03 08:59:56.000000000 -0500
@@ -79,6 +79,7 @@
auth_domtrans_chk_passwd($1_su_t)
auth_dontaudit_read_shadow($1_su_t)
@@ -296,7 +318,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.4.2/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/admin/usermanage.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/admin/usermanage.te 2006-11-03 08:59:56.000000000 -0500
@@ -379,6 +379,7 @@
allow sysadm_passwd_t sysadm_passwd_tmp_t:file create_file_perms;
files_tmp_filetrans(sysadm_passwd_t, sysadm_passwd_tmp_t, { file dir })
@@ -332,7 +354,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.4.2/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/apps/java.fc 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/apps/java.fc 2006-11-03 08:59:56.000000000 -0500
@@ -1,7 +1,8 @@
#
# /opt
@@ -345,7 +367,7 @@
# /usr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.4.2/policy/modules/apps/java.te
--- nsaserefpolicy/policy/modules/apps/java.te 2006-10-19 11:47:36.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/apps/java.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/apps/java.te 2006-11-03 08:59:56.000000000 -0500
@@ -17,6 +17,8 @@
ifdef(`targeted_policy',`
@@ -357,7 +379,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.4.2/policy/modules/apps/mono.te
--- nsaserefpolicy/policy/modules/apps/mono.te 2006-10-19 11:47:36.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/apps/mono.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/apps/mono.te 2006-11-03 08:59:56.000000000 -0500
@@ -44,4 +44,7 @@
optional_policy(`
unconfined_dbus_connect(mono_t)
@@ -368,7 +390,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.4.2/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/kernel/corecommands.fc 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/kernel/corecommands.fc 2006-11-03 08:59:56.000000000 -0500
@@ -65,6 +65,7 @@
/etc/xen/qemu-ifup -- gen_context(system_u:object_r:bin_t,s0)
@@ -379,7 +401,7 @@
/etc/mysql/debian-start -- gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.4.2/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2006-10-27 10:27:56.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/kernel/corecommands.if 2006-10-30 11:44:20.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/kernel/corecommands.if 2006-11-03 08:59:56.000000000 -0500
@@ -928,7 +928,19 @@
type bin_t, sbin_t;
')
@@ -425,7 +447,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.4.2/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-10-19 11:47:35.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/kernel/corenetwork.te.in 2006-10-30 13:33:26.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/kernel/corenetwork.te.in 2006-11-03 08:59:56.000000000 -0500
@@ -67,6 +67,7 @@
network_port(clamd, tcp,3310,s0)
network_port(clockspeed, udp,4041,s0)
@@ -459,7 +481,7 @@
+allow corenet_unconfined_type node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.4.2/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2006-10-16 12:20:16.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/kernel/devices.fc 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/kernel/devices.fc 2006-11-03 08:59:56.000000000 -0500
@@ -42,12 +42,12 @@
/dev/patmgr[01] -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/pmu -c gen_context(system_u:object_r:power_device_t,s0)
@@ -484,7 +506,7 @@
# used by udev init script as temporary mount point
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.4.2/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2006-10-19 11:47:35.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/kernel/domain.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/kernel/domain.te 2006-11-03 08:59:56.000000000 -0500
@@ -144,3 +144,10 @@
# act on all domains keys
@@ -498,7 +520,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.4.2/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2006-10-16 12:20:16.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/kernel/files.fc 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/kernel/files.fc 2006-11-03 08:59:56.000000000 -0500
@@ -123,6 +123,7 @@
/media(/[^/]*) -l gen_context(system_u:object_r:mnt_t,s0)
/media(/[^/]*)? -d gen_context(system_u:object_r:mnt_t,s0)
@@ -509,7 +531,7 @@
# /misc
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.4.2/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2006-09-29 14:28:01.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/kernel/files.if 2006-10-30 17:02:39.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/kernel/files.if 2006-11-03 08:59:56.000000000 -0500
@@ -353,8 +353,7 @@
########################################
@@ -583,7 +605,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.4.2/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2006-09-25 15:11:10.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/kernel/filesystem.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/kernel/filesystem.if 2006-11-03 08:59:56.000000000 -0500
@@ -3381,3 +3381,25 @@
allow $1 noxattrfs:blk_file { getattr relabelfrom };
allow $1 noxattrfs:chr_file { getattr relabelfrom };
@@ -612,7 +634,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.4.2/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2006-10-19 11:47:35.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/kernel/filesystem.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/kernel/filesystem.te 2006-11-03 08:59:56.000000000 -0500
@@ -21,9 +21,11 @@
# Use xattrs for the following filesystem types.
@@ -642,7 +664,7 @@
+fs_associate_tmpfs(noxattrfs)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.4.2/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2006-10-17 13:47:44.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/kernel/kernel.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/kernel/kernel.if 2006-11-03 08:59:56.000000000 -0500
@@ -2167,7 +2167,7 @@
allow $1 unlabeled_t:association { sendto recvfrom };
@@ -654,7 +676,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.4.2/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2006-10-19 11:47:35.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/kernel/kernel.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/kernel/kernel.te 2006-11-03 08:59:56.000000000 -0500
@@ -326,6 +326,7 @@
ifdef(`targeted_policy',`
@@ -665,7 +687,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-2.4.2/policy/modules/kernel/storage.fc
--- nsaserefpolicy/policy/modules/kernel/storage.fc 2006-10-16 12:20:16.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/kernel/storage.fc 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/kernel/storage.fc 2006-11-03 08:59:56.000000000 -0500
@@ -50,6 +50,7 @@
/dev/cciss/[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
@@ -676,7 +698,7 @@
/dev/i2o/hd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-2.4.2/policy/modules/kernel/storage.if
--- nsaserefpolicy/policy/modules/kernel/storage.if 2006-07-14 17:04:29.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/kernel/storage.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/kernel/storage.if 2006-11-03 08:59:56.000000000 -0500
@@ -37,6 +37,7 @@
')
@@ -685,9 +707,20 @@
')
########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-2.4.2/policy/modules/kernel/terminal.fc
+--- nsaserefpolicy/policy/modules/kernel/terminal.fc 2006-10-16 12:20:16.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/kernel/terminal.fc 2006-11-03 08:59:56.000000000 -0500
+@@ -11,6 +11,7 @@
+ /dev/ircomm[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0)
+ /dev/ip2[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
+ /dev/isdn.* -c gen_context(system_u:object_r:tty_device_t,s0)
++/dev/xvc[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
+ /dev/ptmx -c gen_context(system_u:object_r:ptmx_t,s0)
+ /dev/rfcomm[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0)
+ /dev/tty -c gen_context(system_u:object_r:devtty_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.4.2/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2006-10-17 07:53:28.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/kernel/terminal.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/kernel/terminal.if 2006-11-03 08:59:56.000000000 -0500
@@ -480,6 +480,26 @@
########################################
@@ -717,7 +750,7 @@
## the targeted policy.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.te serefpolicy-2.4.2/policy/modules/kernel/terminal.te
--- nsaserefpolicy/policy/modules/kernel/terminal.te 2006-10-19 11:47:35.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/kernel/terminal.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/kernel/terminal.te 2006-11-03 08:59:56.000000000 -0500
@@ -28,6 +28,7 @@
type devpts_t;
files_mountpoint(devpts_t)
@@ -728,7 +761,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.4.2/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/apache.fc 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/apache.fc 2006-11-03 08:59:56.000000000 -0500
@@ -80,3 +80,12 @@
/var/www/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
/var/www/icons(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -744,7 +777,7 @@
+/opt/fortitude/run(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.4.2/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2006-09-15 13:14:25.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/apache.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/apache.if 2006-11-03 08:59:56.000000000 -0500
@@ -168,7 +168,7 @@
allow httpd_t httpd_$1_script_exec_t:dir r_dir_perms;
allow httpd_t httpd_$1_script_exec_t:file r_file_perms;
@@ -756,8 +789,17 @@
allow httpd_$1_script_t httpd_t:fd use;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.4.2/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/apache.te 2006-10-30 11:44:28.000000000 -0500
-@@ -204,6 +204,8 @@
++++ serefpolicy-2.4.2/policy/modules/services/apache.te 2006-11-03 09:01:43.000000000 -0500
+@@ -143,6 +143,8 @@
+ allow httpd_t self:unix_stream_socket { create_stream_socket_perms connectto };
+ allow httpd_t self:tcp_socket create_stream_socket_perms;
+ allow httpd_t self:udp_socket create_socket_perms;
++# Signal self for shutdown
++corenet_tcp_connect_http_port(httpd_t)
+
+ # Allow httpd_t to put files in /var/cache/httpd etc
+ allow httpd_t httpd_cache_t:dir create_dir_perms;
+@@ -204,6 +206,8 @@
allow httpd_t squirrelmail_spool_t:file create_file_perms;
allow httpd_t squirrelmail_spool_t:lnk_file create_lnk_perms;
@@ -766,7 +808,7 @@
kernel_read_kernel_sysctls(httpd_t)
# for modules that want to access /proc/meminfo
kernel_read_system_state(httpd_t)
-@@ -235,6 +237,7 @@
+@@ -235,6 +239,7 @@
# execute perl
corecmd_exec_bin(httpd_t)
corecmd_exec_sbin(httpd_t)
@@ -774,9 +816,27 @@
domain_use_interactive_fds(httpd_t)
+@@ -703,6 +708,8 @@
+
+ allow httpd_rotatelogs_t httpd_log_t:dir rw_dir_perms;
+ allow httpd_rotatelogs_t httpd_log_t:file manage_file_perms;
++# Apache-httpd needs to be able to send signals to the log rotate procs.
++allow httpd_t httpd_rotatelogs_t:process signal_perms;
+
+ kernel_read_kernel_sysctls(httpd_rotatelogs_t)
+ kernel_dontaudit_list_proc(httpd_rotatelogs_t)
+@@ -713,6 +720,8 @@
+ libs_use_ld_so(httpd_rotatelogs_t)
+ libs_use_shared_libs(httpd_rotatelogs_t)
+
++logging_search_logs(httpd_rotatelogs_t)
++
+ miscfiles_read_localization(httpd_rotatelogs_t)
+
+ ifdef(`targeted_policy',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.4.2/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/automount.te 2006-10-30 13:33:05.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/services/automount.te 2006-11-03 08:59:56.000000000 -0500
@@ -36,6 +36,8 @@
allow automount_t self:unix_dgram_socket create_socket_perms;
allow automount_t self:tcp_socket create_stream_socket_perms;
@@ -804,7 +864,7 @@
term_dontaudit_getattr_pty_dirs(automount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.4.2/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/bluetooth.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/bluetooth.te 2006-11-03 08:59:56.000000000 -0500
@@ -77,7 +77,7 @@
allow bluetooth_t bluetooth_var_lib_t:file create_file_perms;
@@ -816,7 +876,7 @@
allow bluetooth_t bluetooth_var_run_t:file create_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-2.4.2/policy/modules/services/ccs.fc
--- nsaserefpolicy/policy/modules/services/ccs.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.4.2/policy/modules/services/ccs.fc 2006-10-31 11:36:23.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/services/ccs.fc 2006-11-03 08:59:56.000000000 -0500
@@ -0,0 +1,10 @@
+# ccs executable will have:
+# label: system_u:object_r:ccs_exec_t
@@ -830,8 +890,8 @@
+/var/run/cman_.* -s gen_context(system_u:object_r:ccs_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.if serefpolicy-2.4.2/policy/modules/services/ccs.if
--- nsaserefpolicy/policy/modules/services/ccs.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.4.2/policy/modules/services/ccs.if 2006-10-27 16:16:14.000000000 -0400
-@@ -0,0 +1,65 @@
++++ serefpolicy-2.4.2/policy/modules/services/ccs.if 2006-11-03 15:44:27.000000000 -0500
+@@ -0,0 +1,83 @@
+## <summary>policy for ccs</summary>
+
+########################################
@@ -896,11 +956,29 @@
+ allow $1 cluster_conf_t:dir search_dir_perms;
+ allow $1 cluster_conf_t:file { getattr read };
+')
++########################################
++## <summary>
++## Manage cluster configuration files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`ccs_manage_config',`
++ gen_require(`
++ type cluster_conf_t;
++ ')
++
++ allow $1 cluster_conf_t:dir manage_dir_perms;
++ allow $1 cluster_conf_t:file manage_file_perms;
++')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.4.2/policy/modules/services/ccs.te
--- nsaserefpolicy/policy/modules/services/ccs.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.4.2/policy/modules/services/ccs.te 2006-10-31 11:07:12.000000000 -0500
-@@ -0,0 +1,88 @@
++++ serefpolicy-2.4.2/policy/modules/services/ccs.te 2006-11-03 15:45:14.000000000 -0500
+@@ -0,0 +1,89 @@
+policy_module(ccs,1.0.0)
+
+########################################
@@ -949,6 +1027,7 @@
+corenet_tcp_bind_all_nodes(ccs_t)
+corenet_udp_bind_all_nodes(ccs_t)
+corenet_tcp_bind_cluster_port(ccs_t)
++corenet_udp_bind_cluster_port(ccs_t)
+
+# Some common macros (you might be able to remove some)
+files_read_etc_files(ccs_t)
@@ -986,12 +1065,12 @@
+ term_dontaudit_use_unallocated_ttys(ccs_t)
+')
+
-+allow ccs_t cluster_conf_t:dir r_dir_perms;
-+allow ccs_t cluster_conf_t:file rw_file_perms;
++allow ccs_t cluster_conf_t:dir rw_dir_perms;
++allow ccs_t cluster_conf_t:file manage_file_perms;
+dev_read_urand(ccs_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.4.2/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2006-09-15 13:14:25.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/cron.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/cron.if 2006-11-03 08:59:56.000000000 -0500
@@ -54,9 +54,6 @@
domain_entry_file($1_crontab_t,crontab_exec_t)
role $3 types $1_crontab_t;
@@ -1067,7 +1146,7 @@
# fcron wants an instant update of a crontab change for the administrator
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.4.2/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/cron.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/cron.te 2006-11-03 08:59:56.000000000 -0500
@@ -72,6 +72,7 @@
# Cron Local policy
#
@@ -1099,7 +1178,7 @@
allow crond_t system_crond_tmp_t:file create_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-2.4.2/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/cups.fc 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/cups.fc 2006-11-03 08:59:56.000000000 -0500
@@ -23,7 +23,7 @@
/usr/libexec/hal_lpadmin -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
@@ -1126,7 +1205,7 @@
+/var/spool/cups(/.*)? gen_context(system_u:object_r:print_spool_t,mls_systemhigh)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-2.4.2/policy/modules/services/cups.if
--- nsaserefpolicy/policy/modules/services/cups.if 2006-09-15 13:14:25.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/cups.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/cups.if 2006-11-03 08:59:56.000000000 -0500
@@ -244,3 +244,24 @@
allow $1 ptal_var_run_t:sock_file write;
allow $1 ptal_t:unix_stream_socket connectto;
@@ -1154,7 +1233,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.4.2/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/cups.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/cups.te 2006-11-03 08:59:56.000000000 -0500
@@ -124,6 +124,9 @@
allow cupsd_t ptal_var_run_t:sock_file { write setattr };
allow cupsd_t ptal_t:unix_stream_socket connectto;
@@ -1203,7 +1282,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.4.2/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/cvs.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/cvs.te 2006-11-03 08:59:56.000000000 -0500
@@ -9,6 +9,7 @@
type cvs_t;
type cvs_exec_t;
@@ -1214,7 +1293,7 @@
type cvs_data_t; # customizable
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.4.2/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2006-09-15 13:14:24.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/dbus.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/dbus.if 2006-11-03 08:59:56.000000000 -0500
@@ -123,6 +123,7 @@
selinux_compute_relabel_context($1_dbusd_t)
selinux_compute_user_contexts($1_dbusd_t)
@@ -1225,7 +1304,7 @@
corecmd_read_bin_files($1_dbusd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.4.2/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/dovecot.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/dovecot.te 2006-11-03 08:59:56.000000000 -0500
@@ -171,6 +171,8 @@
allow dovecot_auth_t dovecot_var_run_t:dir r_dir_perms;
@@ -1237,7 +1316,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.4.2/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/hal.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/hal.te 2006-11-03 08:59:56.000000000 -0500
@@ -74,6 +74,7 @@
dev_rw_generic_usb_dev(hald_t)
dev_setattr_generic_usb_dev(hald_t)
@@ -1256,7 +1335,7 @@
# hal is now execing pm-suspend
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-2.4.2/policy/modules/services/lpd.fc
--- nsaserefpolicy/policy/modules/services/lpd.fc 2006-09-29 14:28:02.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/lpd.fc 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/lpd.fc 2006-11-03 08:59:56.000000000 -0500
@@ -7,15 +7,20 @@
# /usr
#
@@ -1280,7 +1359,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-2.4.2/policy/modules/services/lpd.if
--- nsaserefpolicy/policy/modules/services/lpd.if 2006-09-15 13:14:25.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/lpd.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/lpd.if 2006-11-03 08:59:56.000000000 -0500
@@ -64,33 +64,35 @@
allow $1_lpr_t self:udp_socket create_socket_perms;
allow $1_lpr_t self:netlink_route_socket r_netlink_socket_perms;
@@ -1378,7 +1457,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.4.2/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/mta.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/mta.te 2006-11-03 08:59:56.000000000 -0500
@@ -27,6 +27,7 @@
type sendmail_exec_t;
@@ -1389,7 +1468,7 @@
role system_r types system_mail_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.4.2/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/networkmanager.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/networkmanager.te 2006-11-03 08:59:56.000000000 -0500
@@ -119,6 +119,9 @@
term_dontaudit_use_unallocated_ttys(NetworkManager_t)
term_dontaudit_use_generic_ptys(NetworkManager_t)
@@ -1407,7 +1486,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-2.4.2/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2006-08-07 18:55:18.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/nscd.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/nscd.if 2006-11-03 08:59:56.000000000 -0500
@@ -181,3 +181,23 @@
allow $1 nscd_t:nscd *;
@@ -1434,7 +1513,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-2.4.2/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/nscd.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/nscd.te 2006-11-03 08:59:56.000000000 -0500
@@ -120,6 +120,9 @@
term_dontaudit_use_unallocated_ttys(nscd_t)
term_dontaudit_use_generic_ptys(nscd_t)
@@ -1447,7 +1526,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-2.4.2/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 2006-09-29 14:28:02.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/oddjob.te 2006-10-27 15:56:17.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/oddjob.te 2006-11-03 08:59:56.000000000 -0500
@@ -10,6 +10,7 @@
type oddjob_exec_t;
domain_type(oddjob_t)
@@ -1492,7 +1571,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.4.2/policy/modules/services/pegasus.if
--- nsaserefpolicy/policy/modules/services/pegasus.if 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/pegasus.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/pegasus.if 2006-11-03 08:59:56.000000000 -0500
@@ -1 +1,32 @@
## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
+
@@ -1528,7 +1607,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.4.2/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/pegasus.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/pegasus.te 2006-11-03 08:59:56.000000000 -0500
@@ -100,13 +100,12 @@
auth_use_nsswitch(pegasus_t)
@@ -1547,7 +1626,7 @@
hostname_exec(pegasus_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.4.2/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/procmail.te 2006-10-30 10:51:13.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/services/procmail.te 2006-11-03 10:02:37.000000000 -0500
@@ -10,6 +10,7 @@
type procmail_exec_t;
domain_type(procmail_t)
@@ -1564,10 +1643,13 @@
auth_use_nsswitch(procmail_t)
-@@ -63,21 +65,29 @@
+@@ -63,21 +65,32 @@
# only works until we define a different type for maildir
userdom_priveleged_home_dir_manager(procmail_t)
++
++fs_search_auto_mountpoints(procmail_t)
++
+tunable_policy(`use_nfs_home_dirs',`
+ fs_manage_nfs_dirs(procmail_t)
+ fs_manage_nfs_files(procmail_t)
@@ -1599,7 +1681,7 @@
optional_policy(`
clamav_domtrans_clamscan(procmail_t)
clamav_search_lib(procmail_t)
-@@ -112,3 +122,6 @@
+@@ -112,3 +125,6 @@
spamassassin_exec(procmail_t)
spamassassin_exec_client(procmail_t)
')
@@ -1608,7 +1690,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-2.4.2/policy/modules/services/rhgb.te
--- nsaserefpolicy/policy/modules/services/rhgb.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/rhgb.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/rhgb.te 2006-11-03 08:59:56.000000000 -0500
@@ -13,10 +13,8 @@
type rhgb_tmpfs_t;
files_tmpfs_file(rhgb_tmpfs_t)
@@ -1672,7 +1754,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-2.4.2/policy/modules/services/ricci.fc
--- nsaserefpolicy/policy/modules/services/ricci.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.4.2/policy/modules/services/ricci.fc 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/ricci.fc 2006-11-03 08:59:56.000000000 -0500
@@ -0,0 +1,20 @@
+# ricci executable will have:
+# label: system_u:object_r:ricci_exec_t
@@ -1696,7 +1778,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-2.4.2/policy/modules/services/ricci.if
--- nsaserefpolicy/policy/modules/services/ricci.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.4.2/policy/modules/services/ricci.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/ricci.if 2006-11-03 08:59:56.000000000 -0500
@@ -0,0 +1,184 @@
+## <summary>policy for ricci</summary>
+
@@ -1884,8 +1966,8 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.4.2/policy/modules/services/ricci.te
--- nsaserefpolicy/policy/modules/services/ricci.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.4.2/policy/modules/services/ricci.te 2006-10-31 11:38:04.000000000 -0500
-@@ -0,0 +1,454 @@
++++ serefpolicy-2.4.2/policy/modules/services/ricci.te 2006-11-03 15:49:09.000000000 -0500
+@@ -0,0 +1,477 @@
+policy_module(ricci,1.0.0)
+
+########################################
@@ -2053,6 +2135,12 @@
+
+corecmd_exec_bin(ricci_t)
+corecmd_exec_sbin(ricci_t)
++# Needed so oddjob can run halt/reboot on behalf of ricci
++corecmd_sbin_entry_type(ricci_t)
++term_dontaudit_search_ptys(ricci_t)
++init_exec(ricci_t)
++init_telinit(ricci_t)
++init_write_utmp(ricci_t)
+
+dev_read_urand(ricci_t)
+
@@ -2275,6 +2363,8 @@
+libs_use_shared_libs(ricci_modstorage_t)
+miscfiles_read_localization(ricci_modstorage_t)
+
++logging_send_syslog_msg(ricci_modstorage_t)
++
+lvm_domtrans(ricci_modstorage_t)
+lvm_read_config(ricci_modstorage_t)
+
@@ -2283,9 +2373,12 @@
+dev_read_urand(ricci_modstorage_t)
+dev_manage_generic_blk_files(ricci_modstorage_t)
+
++kernel_read_system_state(ricci_modstorage_t)
++
+modutils_read_module_deps(ricci_modstorage_t)
+
+files_read_usr_files(ricci_modstorage_t)
++storage_raw_read_fixed_disk(ricci_modstorage_t)
+
+optional_policy(`
+ ccs_read_config(ricci_modstorage_t)
@@ -2310,6 +2403,11 @@
+domain_auto_trans(ricci_t,ricci_modcluster_exec_t,ricci_modcluster_t)
+domain_dontaudit_read_all_domains_state(ricci_modcluster_t)
+
++corecmd_exec_shell(ricci_modcluster_t)
++init_exec(ricci_modcluster_t)
++files_search_locks(ricci_modcluster_t)
++
++logging_send_syslog_msg(ricci_modcluster_t)
+files_read_etc_runtime_files(ricci_modcluster_t)
+files_read_etc_files(ricci_modcluster_t)
+
@@ -2317,11 +2415,13 @@
+libs_use_shared_libs(ricci_modcluster_t)
+
+miscfiles_read_localization(ricci_modcluster_t)
++mount_domtrans(ricci_modcluster_t)
+
+nscd_socket_use(ricci_modcluster_t)
+
+allow ricci_modcluster_t self:capability sys_nice;
+allow ricci_modcluster_t self:process setsched;
++allow ricci_modcluster_t self:fifo_file rw_file_perms;
+
+corecmd_exec_sbin(ricci_modcluster_t)
+corecmd_exec_bin(ricci_modcluster_t)
@@ -2332,17 +2432,22 @@
+files_search_usr(ricci_modcluster_t)
+
+ricci_modclusterd_stream_connect(ricci_modcluster_t)
++modutils_domtrans_insmod(ricci_modcluster_t)
+
+optional_policy(`
+ ccs_stream_connect(ricci_modcluster_t)
-+ ccs_read_config(ricci_modcluster_t)
+ ccs_domtrans(ricci_modcluster_t)
++ ccs_manage_config(ricci_modcluster_t)
+')
+
+
++
++optional_policy(`
++ consoletype_exec(ricci_modcluster_t)
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.4.2/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/rpc.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/rpc.te 2006-11-03 08:59:56.000000000 -0500
@@ -76,6 +76,9 @@
allow nfsd_t exports_t:file { getattr read };
allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir r_dir_perms;
@@ -2372,7 +2477,7 @@
userdom_read_unpriv_users_tmp_files(gssd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-2.4.2/policy/modules/services/rsync.te
--- nsaserefpolicy/policy/modules/services/rsync.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/rsync.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/rsync.te 2006-11-03 08:59:56.000000000 -0500
@@ -9,6 +9,7 @@
type rsync_t;
type rsync_exec_t;
@@ -2383,7 +2488,7 @@
type rsync_data_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.4.2/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/samba.te 2006-10-31 10:18:17.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/services/samba.te 2006-11-03 08:59:56.000000000 -0500
@@ -502,6 +502,10 @@
userdom_use_sysadm_ttys(smbmount_t)
@@ -2424,7 +2529,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-2.4.2/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/sasl.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/sasl.te 2006-11-03 08:59:56.000000000 -0500
@@ -47,6 +47,8 @@
fs_getattr_all_fs(saslauthd_t)
fs_search_auto_mountpoints(saslauthd_t)
@@ -2436,7 +2541,7 @@
auth_domtrans_chk_passwd(saslauthd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.4.2/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/setroubleshoot.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/setroubleshoot.te 2006-11-03 08:59:56.000000000 -0500
@@ -28,7 +28,7 @@
#
@@ -2448,7 +2553,7 @@
allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-2.4.2/policy/modules/services/snmp.te
--- nsaserefpolicy/policy/modules/services/snmp.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/snmp.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/snmp.te 2006-11-03 08:59:56.000000000 -0500
@@ -85,7 +85,9 @@
files_read_etc_files(snmpd_t)
files_read_usr_files(snmpd_t)
@@ -2462,7 +2567,7 @@
fs_getattr_rpc_dirs(snmpd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.4.2/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/spamassassin.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/spamassassin.te 2006-11-03 08:59:56.000000000 -0500
@@ -8,7 +8,7 @@
# spamassassin client executable
@@ -2491,7 +2596,7 @@
allow spamd_t spamd_spool_t:dir create_dir_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-2.4.2/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/squid.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/squid.te 2006-11-03 08:59:56.000000000 -0500
@@ -98,6 +98,9 @@
fs_getattr_all_fs(squid_t)
@@ -2512,7 +2617,7 @@
-') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.4.2/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/ssh.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/ssh.te 2006-11-03 08:59:56.000000000 -0500
@@ -10,7 +10,7 @@
# ssh client executable.
@@ -2533,7 +2638,7 @@
corenet_sendrecv_xserver_server_packets(sshd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-2.4.2/policy/modules/services/telnet.te
--- nsaserefpolicy/policy/modules/services/telnet.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/telnet.te 2006-10-31 08:58:09.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/services/telnet.te 2006-11-03 08:59:56.000000000 -0500
@@ -32,6 +32,7 @@
allow telnetd_t self:udp_socket create_socket_perms;
# for identd; cjp: this should probably only be inetd_child rules?
@@ -2544,7 +2649,7 @@
allow telnetd_t telnetd_devpts_t:chr_file { rw_file_perms setattr };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.4.2/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2006-09-15 13:14:25.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/xserver.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/xserver.if 2006-11-03 08:59:56.000000000 -0500
@@ -898,10 +898,12 @@
domain_auto_trans($1,xserver_exec_t,xdm_xserver_t)
@@ -2602,7 +2707,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.4.2/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2006-10-19 11:47:39.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/services/xserver.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/services/xserver.te 2006-11-03 08:59:56.000000000 -0500
@@ -463,7 +463,7 @@
allow rhgb_t xdm_xserver_t:process signal;
')
@@ -2614,7 +2719,7 @@
allow xdm_t polymember:lnk_file { create unlink };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-2.4.2/policy/modules/system/authlogin.fc
--- nsaserefpolicy/policy/modules/system/authlogin.fc 2006-07-14 17:04:43.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/authlogin.fc 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/authlogin.fc 2006-11-03 08:59:56.000000000 -0500
@@ -32,6 +32,7 @@
/var/log/btmp.* -- gen_context(system_u:object_r:faillog_t,s0)
/var/log/dmesg -- gen_context(system_u:object_r:var_log_t,s0)
@@ -2625,7 +2730,7 @@
/var/log/wtmp.* -- gen_context(system_u:object_r:wtmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.4.2/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2006-10-16 12:20:19.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/authlogin.if 2006-10-31 11:16:51.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/system/authlogin.if 2006-11-03 08:59:56.000000000 -0500
@@ -230,7 +230,7 @@
seutil_read_config($1)
seutil_read_default_contexts($1)
@@ -2646,7 +2751,7 @@
#######################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/clock.te serefpolicy-2.4.2/policy/modules/system/clock.te
--- nsaserefpolicy/policy/modules/system/clock.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/clock.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/clock.te 2006-11-03 08:59:56.000000000 -0500
@@ -25,10 +25,13 @@
dontaudit hwclock_t self:capability sys_tty_config;
allow hwclock_t self:process signal_perms;
@@ -2663,7 +2768,7 @@
kernel_read_proc_symlinks(hwclock_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-2.4.2/policy/modules/system/fstools.fc
--- nsaserefpolicy/policy/modules/system/fstools.fc 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/fstools.fc 2006-10-30 10:45:52.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/system/fstools.fc 2006-11-03 08:59:56.000000000 -0500
@@ -19,7 +19,6 @@
/sbin/mkfs.* -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/mkraid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -2674,7 +2779,7 @@
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.4.2/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/fstools.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/fstools.te 2006-11-03 08:59:56.000000000 -0500
@@ -9,7 +9,7 @@
type fsadm_t;
type fsadm_exec_t;
@@ -2694,7 +2799,7 @@
storage_raw_read_fixed_disk(fsadm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-2.4.2/policy/modules/system/getty.te
--- nsaserefpolicy/policy/modules/system/getty.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/getty.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/getty.te 2006-11-03 08:59:56.000000000 -0500
@@ -33,7 +33,8 @@
#
@@ -2707,7 +2812,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.4.2/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/hostname.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/hostname.te 2006-11-03 08:59:56.000000000 -0500
@@ -8,8 +8,12 @@
type hostname_t;
@@ -2724,7 +2829,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-2.4.2/policy/modules/system/init.fc
--- nsaserefpolicy/policy/modules/system/init.fc 2006-08-25 13:29:58.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/init.fc 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/init.fc 2006-11-03 08:59:56.000000000 -0500
@@ -66,3 +66,6 @@
/var/run/sysconfig(/.*)? gen_context(system_u:object_r:initrc_var_run_t,s0)
')
@@ -2734,7 +2839,7 @@
+/var/run/pcscd\.pid -- gen_context(system_u:object_r:initrc_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.4.2/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/init.te 2006-10-30 14:11:05.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/system/init.te 2006-11-03 08:59:56.000000000 -0500
@@ -132,6 +132,7 @@
mcs_process_set_categories(init_t)
@@ -2785,7 +2890,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.fc serefpolicy-2.4.2/policy/modules/system/iscsi.fc
--- nsaserefpolicy/policy/modules/system/iscsi.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.4.2/policy/modules/system/iscsi.fc 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/iscsi.fc 2006-11-03 08:59:56.000000000 -0500
@@ -0,0 +1,9 @@
+# iscsid executable will have:
+# label: system_u:object_r:iscsid_exec_t
@@ -2798,7 +2903,7 @@
+/var/lock/iscsi(/.*)? -- gen_context(system_u:object_r:iscsi_lock_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-2.4.2/policy/modules/system/iscsi.if
--- nsaserefpolicy/policy/modules/system/iscsi.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.4.2/policy/modules/system/iscsi.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/iscsi.if 2006-11-03 08:59:56.000000000 -0500
@@ -0,0 +1,24 @@
+## <summary>policy for iscsid</summary>
+
@@ -2826,7 +2931,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-2.4.2/policy/modules/system/iscsi.te
--- nsaserefpolicy/policy/modules/system/iscsi.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.4.2/policy/modules/system/iscsi.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/iscsi.te 2006-11-03 08:59:56.000000000 -0500
@@ -0,0 +1,94 @@
+policy_module(iscsid,1.0.0)
+
@@ -2924,7 +3029,7 @@
+allow iscsid_t self:capability dac_override;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.4.2/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-10-16 12:20:18.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/libraries.fc 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/libraries.fc 2006-11-03 08:59:56.000000000 -0500
@@ -74,11 +74,12 @@
/opt/(.*/)?lib64(/.*)? gen_context(system_u:object_r:lib_t,s0)
/opt/(.*/)?lib64/.+\.so -- gen_context(system_u:object_r:shlib_t,s0)
@@ -2951,7 +3056,7 @@
/usr/(local/)?Adobe/(.*/)?intellinux/sidecars/* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.if serefpolicy-2.4.2/policy/modules/system/locallogin.if
--- nsaserefpolicy/policy/modules/system/locallogin.if 2006-10-16 12:20:18.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/locallogin.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/locallogin.if 2006-11-03 08:59:56.000000000 -0500
@@ -75,3 +75,40 @@
allow $1 local_login_t:process signull;
@@ -2995,7 +3100,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.4.2/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/locallogin.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/locallogin.te 2006-11-03 08:59:56.000000000 -0500
@@ -47,7 +47,7 @@
allow local_login_t self:sem create_sem_perms;
allow local_login_t self:msgq create_msgq_perms;
@@ -3007,7 +3112,7 @@
files_lock_filetrans(local_login_t,local_login_lock_t,file)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.4.2/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/logging.te 2006-10-30 16:49:24.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/system/logging.te 2006-11-03 08:59:56.000000000 -0500
@@ -53,6 +53,7 @@
type var_log_t;
@@ -3043,7 +3148,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-2.4.2/policy/modules/system/mount.fc
--- nsaserefpolicy/policy/modules/system/mount.fc 2006-07-14 17:04:43.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/mount.fc 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/mount.fc 2006-11-03 08:59:56.000000000 -0500
@@ -4,4 +4,5 @@
# mount file contexts
#
@@ -3052,7 +3157,7 @@
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.4.2/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/mount.te 2006-10-30 17:04:22.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/system/mount.te 2006-11-03 08:59:56.000000000 -0500
@@ -9,6 +9,7 @@
type mount_t;
type mount_exec_t;
@@ -3106,7 +3211,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-2.4.2/policy/modules/system/raid.te
--- nsaserefpolicy/policy/modules/system/raid.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/raid.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/raid.te 2006-11-03 15:27:42.000000000 -0500
@@ -22,7 +22,9 @@
allow mdadm_t self:capability { dac_override sys_admin ipc_lock };
dontaudit mdadm_t self:capability sys_tty_config;
@@ -3117,16 +3222,25 @@
allow mdadm_t mdadm_var_run_t:file create_file_perms;
files_pid_filetrans(mdadm_t,mdadm_var_run_t,file)
-@@ -36,6 +38,8 @@
+@@ -35,13 +37,17 @@
+ # Ignore attempts to read every device file
dev_dontaudit_getattr_all_blk_files(mdadm_t)
dev_dontaudit_getattr_all_chr_files(mdadm_t)
++dev_dontaudit_getattr_all_sock_files(mdadm_t)
dev_dontaudit_getattr_generic_files(mdadm_t)
+dev_dontaudit_getattr_generic_chr_files(mdadm_t)
+dev_dontaudit_getattr_generic_blk_files(mdadm_t)
fs_search_auto_mountpoints(mdadm_t)
fs_dontaudit_list_tmpfs(mdadm_t)
-@@ -49,6 +53,7 @@
+
+ # RAID block device access
+ storage_manage_fixed_disk(mdadm_t)
++storage_dev_filetrans_fixed_disk(mdadm_t)
+
+ term_dontaudit_use_console(mdadm_t)
+ term_dontaudit_list_ptys(mdadm_t)
+@@ -49,6 +55,7 @@
# Helper program access
corecmd_exec_bin(mdadm_t)
corecmd_exec_sbin(mdadm_t)
@@ -3134,9 +3248,17 @@
domain_use_interactive_fds(mdadm_t)
+@@ -84,3 +91,7 @@
+ optional_policy(`
+ udev_read_db(mdadm_t)
+ ')
++
++optional_policy(`
++ gpm_dontaudit_getattr_gpmctl(mdadm_t)
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.4.2/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2006-10-27 10:27:56.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/selinuxutil.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/selinuxutil.if 2006-11-03 08:59:56.000000000 -0500
@@ -713,7 +713,7 @@
')
@@ -3159,7 +3281,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.4.2/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-10-27 10:27:56.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/selinuxutil.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/selinuxutil.te 2006-11-03 08:59:56.000000000 -0500
@@ -270,6 +270,7 @@
mls_file_upgrade(newrole_t)
mls_file_downgrade(newrole_t)
@@ -3205,7 +3327,7 @@
selinux_set_boolean(semanage_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-2.4.2/policy/modules/system/setrans.te
--- nsaserefpolicy/policy/modules/system/setrans.te 2006-10-23 16:14:54.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/setrans.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/setrans.te 2006-11-03 08:59:56.000000000 -0500
@@ -55,9 +55,12 @@
mls_file_read_up(setrans_t)
@@ -3222,7 +3344,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.4.2/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/unconfined.if 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/unconfined.if 2006-11-03 08:59:56.000000000 -0500
@@ -31,6 +31,7 @@
allow $1 self:nscd *;
allow $1 self:dbus *;
@@ -3258,7 +3380,7 @@
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.4.2/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/unconfined.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/unconfined.te 2006-11-03 08:59:56.000000000 -0500
@@ -59,13 +59,9 @@
bind_domtrans_ndc(unconfined_t)
')
@@ -3309,7 +3431,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.4.2/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-10-17 13:47:44.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/userdomain.if 2006-10-30 11:07:15.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/system/userdomain.if 2006-11-03 08:59:56.000000000 -0500
@@ -22,6 +22,10 @@
## <rolebase/>
#
@@ -3397,7 +3519,7 @@
',`
gen_require(`
type staff_home_dir_t;
-@@ -5437,3 +5454,161 @@
+@@ -5437,3 +5454,201 @@
allow $1 user_home_dir_t:dir create_dir_perms;
files_home_filetrans($1,user_home_dir_t,dir)
')
@@ -3559,9 +3681,49 @@
+ allow $1 user_exec_type:file { relabelfrom relabelto };
+')
+
++########################################
++## <summary>
++## dontaudit relabel of generic user
++## home files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`userdom_dontaudit_relabel_generic_user_home_content_files',`
++ gen_require(`
++ type user_home_t;
++ ')
++
++ files_search_home($1)
++ dontaudit $1 user_home_t:file { relabelto relabelfrom };
++')
++
++########################################
++## <summary>
++## allow execute of generic user
++## home files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`userdom_execute_generic_user_home_content_files',`
++ gen_require(`
++ type user_home_t;
++ ')
++
++ files_search_home($1)
++ allow $1 user_home_t:file execute;
++')
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.4.2/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/userdomain.te 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/policy/modules/system/userdomain.te 2006-11-03 08:59:56.000000000 -0500
@@ -24,6 +24,9 @@
# users home directory contents
attribute home_type;
@@ -3619,7 +3781,7 @@
usermanage_run_useradd(sysadm_t,sysadm_r,admin_terminal)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.4.2/policy/modules/system/xen.fc
--- nsaserefpolicy/policy/modules/system/xen.fc 2006-09-22 14:07:07.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/xen.fc 2006-10-30 14:31:23.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/system/xen.fc 2006-11-03 08:59:56.000000000 -0500
@@ -2,8 +2,10 @@
/usr/sbin/xend -- gen_context(system_u:object_r:xend_exec_t,s0)
/usr/sbin/xenstored -- gen_context(system_u:object_r:xenstored_exec_t,s0)
@@ -3638,7 +3800,7 @@
+/dev/xen/tapctrl.* -p gen_context(system_u:object_r:xenctl_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.4.2/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2006-10-19 11:47:40.000000000 -0400
-+++ serefpolicy-2.4.2/policy/modules/system/xen.te 2006-10-30 10:34:47.000000000 -0500
++++ serefpolicy-2.4.2/policy/modules/system/xen.te 2006-11-03 12:01:27.000000000 -0500
@@ -14,6 +14,8 @@
# Xen Image files
type xen_image_t; # customizable
@@ -3681,7 +3843,28 @@
corenet_sendrecv_xen_server_packets(xend_t)
corenet_sendrecv_soundd_server_packets(xend_t)
corenet_rw_tun_tap_dev(xend_t)
-@@ -176,6 +183,7 @@
+@@ -140,6 +147,7 @@
+ dev_manage_xen(xend_t)
+ dev_filetrans_xen(xend_t)
+ dev_rw_sysfs(xend_t)
++dev_rw_xen(xend_t)
+
+ domain_read_all_domains_state(xend_t)
+ domain_dontaudit_read_all_domains_state(xend_t)
+@@ -152,7 +160,11 @@
+ files_etc_filetrans_etc_runtime(xend_t,file)
+ files_read_usr_files(xend_t)
+
+-storage_raw_read_fixed_disk(xend_t)
++#tunable_policy(`xen_use_raw_disk',`
++ storage_raw_read_fixed_disk(xend_t)
++ storage_raw_write_fixed_disk(xend_t)
++#')
++
+ storage_raw_read_removable_device(xend_t)
+
+ term_getattr_all_user_ptys(xend_t)
+@@ -176,6 +188,7 @@
sysnet_dns_name_resolve(xend_t)
sysnet_delete_dhcpc_pid(xend_t)
sysnet_read_dhcpc_pid(xend_t)
@@ -3689,7 +3872,7 @@
userdom_dontaudit_search_sysadm_home_dirs(xend_t)
-@@ -187,6 +195,18 @@
+@@ -187,6 +200,18 @@
consoletype_exec(xend_t)
')
@@ -3708,7 +3891,7 @@
########################################
#
# Xen console local policy
-@@ -195,7 +215,6 @@
+@@ -195,7 +220,6 @@
allow xenconsoled_t self:capability { dac_override fsetid ipc_lock };
allow xenconsoled_t self:unix_stream_socket create_stream_socket_perms;
allow xenconsoled_t self:fifo_file { read write };
@@ -3716,7 +3899,7 @@
allow xenconsoled_t xen_devpts_t:chr_file rw_term_perms;
# pid file
-@@ -203,11 +222,16 @@
+@@ -203,11 +227,16 @@
allow xenconsoled_t xenconsoled_var_run_t:sock_file manage_file_perms;
allow xenconsoled_t xenconsoled_var_run_t:dir rw_dir_perms;
files_pid_filetrans(xenconsoled_t,xenconsoled_var_run_t, { file sock_file })
@@ -3733,7 +3916,7 @@
domain_dontaudit_ptrace_all_domains(xenconsoled_t)
term_create_pty(xenconsoled_t,xen_devpts_t);
-@@ -245,14 +269,16 @@
+@@ -245,14 +274,22 @@
allow xenstored_t xenstored_var_lib_t:sock_file create_file_perms;
allow xenstored_t xenstored_var_lib_t:dir create_dir_perms;
files_var_lib_filetrans(xenstored_t,xenstored_var_lib_t,{ file dir sock_file })
@@ -3748,10 +3931,16 @@
dev_filetrans_xen(xenstored_t)
dev_rw_xen(xenstored_t)
+dev_read_sysfs(xenstored_t)
++storage_raw_read_removable_device(xenstored_t)
++
++#tunable_policy(`xen_use_raw_disk',`
++ storage_raw_read_fixed_disk(xenstored_t)
++ storage_raw_write_fixed_disk(xenstored_t)
++#')
term_use_generic_ptys(xenstored_t)
term_use_console(xenconsoled_t)
-@@ -278,7 +304,14 @@
+@@ -278,7 +315,14 @@
# internal communication is often done using fifo and unix sockets.
allow xm_t self:fifo_file { read write };
@@ -3767,7 +3956,7 @@
allow xm_t xend_var_lib_t:dir rw_dir_perms;
allow xm_t xend_var_lib_t:fifo_file create_file_perms;
-@@ -317,3 +350,8 @@
+@@ -317,3 +361,8 @@
xen_append_log(xm_t)
xen_stream_connect(xm_t)
xen_stream_connect_xenstore(xm_t)
@@ -3778,7 +3967,7 @@
+fs_read_nfs_files(xend_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.4.2/Rules.modular
--- nsaserefpolicy/Rules.modular 2006-10-16 12:20:19.000000000 -0400
-+++ serefpolicy-2.4.2/Rules.modular 2006-10-27 15:42:12.000000000 -0400
++++ serefpolicy-2.4.2/Rules.modular 2006-11-03 08:59:56.000000000 -0500
@@ -219,6 +219,16 @@
########################################
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.329
retrieving revision 1.330
diff -u -r1.329 -r1.330
--- selinux-policy.spec 1 Nov 2006 00:09:08 -0000 1.329
+++ selinux-policy.spec 3 Nov 2006 21:27:47 -0000 1.330
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.4.2
-Release: 4
+Release: 8
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -353,6 +353,21 @@
%endif
%changelog
+* Fri Nov 3 2006 Dan Walsh <dwalsh at redhat.com> 2.4.2-8
+- Lots of fixes for ricci
+
+* Fri Nov 3 2006 Dan Walsh <dwalsh at redhat.com> 2.4.2-7
+- Allow xen to read/write fixed devices with a boolean
+- Allow apache to search /var/log
+
+* Thu Nov 2 2006 James Antill <james.antill at redhat.com> 2.4.2-6
+- Fix policygentool specfile problem.
+- Allow apache to send signals to it's logging helpers.
+- Resolves: rhbz#212731
+
+* Wed Nov 1 2006 Dan Walsh <dwalsh at redhat.com> 2.4.2-5
+- Add perms for swat
+
* Tue Oct 31 2006 Dan Walsh <dwalsh at redhat.com> 2.4.2-4
- Add perms for swat
More information about the fedora-cvs-commits
mailing list