rpms/selinux-policy/devel policy-20060915.patch, 1.23, 1.24 selinux-policy.spec, 1.303, 1.304
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Oct 3 18:45:20 UTC 2006
- Previous message (by thread): rpms/openssh/FC-5 openssh-3.9p1-cve-2006-5051.patch, NONE, 1.1 openssh-4.3p2-cve-2006-4924.patch, NONE, 1.1 openssh-4.3p2-gssapi-no-spnego.patch, 1.1, 1.2 openssh.spec, 1.91, 1.92
- Next message (by thread): rpms/selinux-policy/devel .cvsignore,1.90,1.91 sources,1.94,1.95
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv853
Modified Files:
policy-20060915.patch selinux-policy.spec
Log Message:
* Tue Oct 3 2006 Dan Walsh <dwalsh at redhat.com> 2.3.18-1
- Patch for labeled networking
policy-20060915.patch:
Rules.modular | 10
config/appconfig-strict-mcs/seusers | 3
config/appconfig-strict-mls/initrc_context | 2
config/appconfig-strict-mls/seusers | 3
config/appconfig-strict/seusers | 1
config/appconfig-targeted-mcs/seusers | 3
config/appconfig-targeted-mls/initrc_context | 2
config/appconfig-targeted-mls/seusers | 3
config/appconfig-targeted/seusers | 1
policy/global_tunables | 15 +
policy/mcs | 6
policy/mls | 36 +-
policy/modules/admin/acct.te | 1
policy/modules/admin/amanda.te | 2
policy/modules/admin/bootloader.te | 7
policy/modules/admin/consoletype.te | 8
policy/modules/admin/dmesg.te | 1
policy/modules/admin/netutils.te | 2
policy/modules/admin/prelink.te | 7
policy/modules/admin/rpm.fc | 2
policy/modules/admin/rpm.if | 21 +
policy/modules/admin/rpm.te | 5
policy/modules/admin/su.if | 2
policy/modules/admin/usermanage.te | 5
policy/modules/apps/java.fc | 2
policy/modules/apps/java.te | 2
policy/modules/apps/mono.te | 3
policy/modules/kernel/corecommands.fc | 1
policy/modules/kernel/corecommands.if | 17 +
policy/modules/kernel/corenetwork.te.in | 17 -
policy/modules/kernel/devices.fc | 8
policy/modules/kernel/files.fc | 27 -
policy/modules/kernel/filesystem.if | 22 +
policy/modules/kernel/filesystem.te | 1
policy/modules/kernel/kernel.if | 2
policy/modules/kernel/kernel.te | 25 -
policy/modules/kernel/mcs.te | 18 -
policy/modules/kernel/mls.te | 10
policy/modules/kernel/selinux.te | 2
policy/modules/kernel/storage.fc | 49 +--
policy/modules/kernel/storage.if | 1
policy/modules/kernel/terminal.fc | 2
policy/modules/kernel/terminal.if | 20 +
policy/modules/services/apache.fc | 9
policy/modules/services/automount.te | 4
policy/modules/services/ccs.fc | 8
policy/modules/services/ccs.if | 65 ++++
policy/modules/services/ccs.te | 87 ++++++
policy/modules/services/cron.if | 25 -
policy/modules/services/cron.te | 6
policy/modules/services/cups.te | 5
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.if | 1
policy/modules/services/dovecot.te | 2
policy/modules/services/hal.te | 1
policy/modules/services/lpd.fc | 5
policy/modules/services/mta.te | 1
policy/modules/services/nscd.if | 20 +
policy/modules/services/nscd.te | 3
policy/modules/services/pegasus.if | 31 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/procmail.te | 1
policy/modules/services/rhgb.te | 24 +
policy/modules/services/ricci.fc | 20 +
policy/modules/services/ricci.if | 184 ++++++++++++
policy/modules/services/ricci.te | 388 +++++++++++++++++++++++++++
policy/modules/services/rsync.te | 1
policy/modules/services/setroubleshoot.te | 2
policy/modules/services/spamassassin.te | 4
policy/modules/services/ssh.te | 2
policy/modules/services/xserver.if | 2
policy/modules/services/xserver.te | 2
policy/modules/system/authlogin.if | 2
policy/modules/system/fstools.te | 3
policy/modules/system/hostname.te | 6
policy/modules/system/init.fc | 3
policy/modules/system/init.te | 4
policy/modules/system/iscsi.fc | 7
policy/modules/system/iscsi.if | 24 +
policy/modules/system/iscsi.te | 74 +++++
policy/modules/system/libraries.fc | 1
policy/modules/system/locallogin.if | 37 ++
policy/modules/system/logging.fc | 8
policy/modules/system/logging.te | 4
policy/modules/system/mount.fc | 1
policy/modules/system/mount.te | 1
policy/modules/system/raid.te | 3
policy/modules/system/selinuxutil.fc | 6
policy/modules/system/selinuxutil.if | 4
policy/modules/system/selinuxutil.te | 5
policy/modules/system/setrans.fc | 2
policy/modules/system/setrans.te | 2
policy/modules/system/unconfined.if | 1
policy/modules/system/unconfined.te | 10
policy/modules/system/userdomain.if | 165 +++++++++++
policy/modules/system/userdomain.te | 6
policy/modules/system/xen.te | 1
policy/users | 14
98 files changed, 1502 insertions(+), 178 deletions(-)
Index: policy-20060915.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060915.patch,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- policy-20060915.patch 2 Oct 2006 19:45:00 -0000 1.23
+++ policy-20060915.patch 3 Oct 2006 18:45:18 -0000 1.24
@@ -1,64 +1,64 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict/seusers serefpolicy-2.3.17/config/appconfig-strict/seusers
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict/seusers serefpolicy-2.3.18/config/appconfig-strict/seusers
--- nsaserefpolicy/config/appconfig-strict/seusers 2006-07-14 17:04:47.000000000 -0400
-+++ serefpolicy-2.3.17/config/appconfig-strict/seusers 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/config/appconfig-strict/seusers 2006-10-03 12:02:36.000000000 -0400
@@ -1,2 +1,3 @@
+system_u:system_u
root:root
__default__:user_u
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mcs/seusers serefpolicy-2.3.17/config/appconfig-strict-mcs/seusers
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mcs/seusers serefpolicy-2.3.18/config/appconfig-strict-mcs/seusers
--- nsaserefpolicy/config/appconfig-strict-mcs/seusers 2006-07-14 17:04:48.000000000 -0400
-+++ serefpolicy-2.3.17/config/appconfig-strict-mcs/seusers 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/config/appconfig-strict-mcs/seusers 2006-10-03 12:02:36.000000000 -0400
@@ -1,2 +1,3 @@
-root:root:s0-s0:c0.c255
+system_u:system_u:s0-s0:c0.c1023
+root:root:s0-s0:c0.c1023
__default__:user_u:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/initrc_context serefpolicy-2.3.17/config/appconfig-strict-mls/initrc_context
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/initrc_context serefpolicy-2.3.18/config/appconfig-strict-mls/initrc_context
--- nsaserefpolicy/config/appconfig-strict-mls/initrc_context 2006-07-14 17:04:47.000000000 -0400
-+++ serefpolicy-2.3.17/config/appconfig-strict-mls/initrc_context 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/config/appconfig-strict-mls/initrc_context 2006-10-03 12:02:36.000000000 -0400
@@ -1 +1 @@
-system_u:system_r:initrc_t:s0-s15:c0.c255
+system_u:system_r:initrc_t:s0-s15:c0.c1023
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/seusers serefpolicy-2.3.17/config/appconfig-strict-mls/seusers
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/seusers serefpolicy-2.3.18/config/appconfig-strict-mls/seusers
--- nsaserefpolicy/config/appconfig-strict-mls/seusers 2006-07-14 17:04:47.000000000 -0400
-+++ serefpolicy-2.3.17/config/appconfig-strict-mls/seusers 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/config/appconfig-strict-mls/seusers 2006-10-03 12:02:36.000000000 -0400
@@ -1,2 +1,3 @@
-root:root:s0-s15:c0.c255
+system_u:system_u:s0-s15:c0.c1023
+root:root:s0-s15:c0.c1023
__default__:user_u:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted/seusers serefpolicy-2.3.17/config/appconfig-targeted/seusers
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted/seusers serefpolicy-2.3.18/config/appconfig-targeted/seusers
--- nsaserefpolicy/config/appconfig-targeted/seusers 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.17/config/appconfig-targeted/seusers 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/config/appconfig-targeted/seusers 2006-10-03 12:02:36.000000000 -0400
@@ -1,2 +1,3 @@
+system_u:system_u
root:root
__default__:user_u
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/seusers serefpolicy-2.3.17/config/appconfig-targeted-mcs/seusers
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mcs/seusers serefpolicy-2.3.18/config/appconfig-targeted-mcs/seusers
--- nsaserefpolicy/config/appconfig-targeted-mcs/seusers 2006-07-14 17:04:47.000000000 -0400
-+++ serefpolicy-2.3.17/config/appconfig-targeted-mcs/seusers 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/config/appconfig-targeted-mcs/seusers 2006-10-03 12:02:36.000000000 -0400
@@ -1,2 +1,3 @@
-root:root:s0-s0:c0.c255
+system_u:system_u:s0-s0:c0.c1023
+root:root:s0-s0:c0.c1023
__default__:user_u:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mls/initrc_context serefpolicy-2.3.17/config/appconfig-targeted-mls/initrc_context
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mls/initrc_context serefpolicy-2.3.18/config/appconfig-targeted-mls/initrc_context
--- nsaserefpolicy/config/appconfig-targeted-mls/initrc_context 2006-07-14 17:04:48.000000000 -0400
-+++ serefpolicy-2.3.17/config/appconfig-targeted-mls/initrc_context 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/config/appconfig-targeted-mls/initrc_context 2006-10-03 12:02:36.000000000 -0400
@@ -1 +1 @@
-user_u:system_r:initrc_t:s0-s15:c0.c255
+user_u:system_r:initrc_t:s0-s15:c0.c1023
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mls/seusers serefpolicy-2.3.17/config/appconfig-targeted-mls/seusers
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-targeted-mls/seusers serefpolicy-2.3.18/config/appconfig-targeted-mls/seusers
--- nsaserefpolicy/config/appconfig-targeted-mls/seusers 2006-07-14 17:04:48.000000000 -0400
-+++ serefpolicy-2.3.17/config/appconfig-targeted-mls/seusers 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/config/appconfig-targeted-mls/seusers 2006-10-03 12:02:36.000000000 -0400
@@ -1,2 +1,3 @@
-root:root:s0-s15:c0.c255
+system_u:system_u:s0-s15:c0.c1023
+root:root:s0-s15:c0.c1023
__default__:user_u:s0
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.3.17/policy/global_tunables
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.3.18/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.17/policy/global_tunables 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/global_tunables 2006-10-03 12:02:36.000000000 -0400
@@ -594,3 +594,18 @@
## </desc>
gen_tunable(spamd_enable_home_dirs,true)
@@ -78,9 +78,9 @@
+## </p>
+## </desc>
+gen_tunable(allow_unconfined_execmem_dyntrans,false)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-2.3.17/policy/mcs
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-2.3.18/policy/mcs
--- nsaserefpolicy/policy/mcs 2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.3.17/policy/mcs 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/mcs 2006-10-03 12:02:36.000000000 -0400
@@ -20,14 +20,14 @@
# Each category has a name and zero or more aliases.
#
@@ -99,9 +99,9 @@
#
# Define the MCS policy
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.3.17/policy/mls
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.3.18/policy/mls
--- nsaserefpolicy/policy/mls 2006-09-22 09:35:45.000000000 -0400
-+++ serefpolicy-2.3.17/policy/mls 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/mls 2006-10-03 12:02:36.000000000 -0400
@@ -33,30 +33,30 @@
# Each category has a name and zero or more aliases.
#
@@ -151,9 +151,9 @@
#
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.3.17/policy/modules/admin/acct.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.3.18/policy/modules/admin/acct.te
--- nsaserefpolicy/policy/modules/admin/acct.te 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/admin/acct.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/admin/acct.te 2006-10-03 12:02:36.000000000 -0400
@@ -9,6 +9,7 @@
type acct_t;
type acct_exec_t;
@@ -162,9 +162,9 @@
type acct_data_t;
logging_log_file(acct_data_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.3.17/policy/modules/admin/amanda.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.3.18/policy/modules/admin/amanda.te
--- nsaserefpolicy/policy/modules/admin/amanda.te 2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/admin/amanda.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/admin/amanda.te 2006-10-03 12:02:36.000000000 -0400
@@ -97,7 +97,7 @@
allow amanda_t amanda_gnutarlists_t:lnk_file manage_file_perms;
@@ -174,17 +174,9 @@
logging_log_filetrans(amanda_t,amanda_log_t,{ file dir })
allow amanda_t amanda_tmp_t:dir create_dir_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.3.17/policy/modules/admin/bootloader.fc
---- nsaserefpolicy/policy/modules/admin/bootloader.fc 2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/admin/bootloader.fc 2006-10-02 13:20:14.000000000 -0400
-@@ -12,3 +12,4 @@
- /sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
- /sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0)
- /sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
-+/boot/grub/.* -- gen_context(system_u:object_r:boot_runtime_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.3.17/policy/modules/admin/bootloader.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.3.18/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/admin/bootloader.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/admin/bootloader.te 2006-10-03 12:02:36.000000000 -0400
@@ -21,6 +21,13 @@
type bootloader_exec_t;
domain_entry_file(bootloader_t,bootloader_exec_t)
@@ -199,9 +191,9 @@
#
# bootloader_etc_t is the configuration file,
# grub.conf, lilo.conf, etc.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.17/policy/modules/admin/consoletype.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.18/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/admin/consoletype.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/admin/consoletype.te 2006-10-03 12:02:36.000000000 -0400
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -224,9 +216,9 @@
########################################
#
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.3.17/policy/modules/admin/dmesg.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.3.18/policy/modules/admin/dmesg.te
--- nsaserefpolicy/policy/modules/admin/dmesg.te 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/admin/dmesg.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/admin/dmesg.te 2006-10-03 12:02:36.000000000 -0400
@@ -10,6 +10,7 @@
type dmesg_t;
type dmesg_exec_t;
@@ -235,9 +227,9 @@
role system_r types dmesg_t;
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.3.17/policy/modules/admin/netutils.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.3.18/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/admin/netutils.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/admin/netutils.te 2006-10-03 12:02:36.000000000 -0400
@@ -18,10 +18,12 @@
type ping_exec_t;
init_system_domain(ping_t,ping_exec_t)
@@ -251,9 +243,33 @@
role system_r types traceroute_t;
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.17/policy/modules/admin/rpm.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.3.18/policy/modules/admin/prelink.te
+--- nsaserefpolicy/policy/modules/admin/prelink.te 2006-09-29 14:28:02.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/admin/prelink.te 2006-10-03 12:02:36.000000000 -0400
+@@ -24,7 +24,7 @@
+ #
+
+ allow prelink_t self:capability { chown dac_override fowner fsetid };
+-allow prelink_t self:process { execheap execmem execstack };
++allow prelink_t self:process { execheap execmem execstack signal };
+ allow prelink_t self:fifo_file rw_file_perms;
+
+ allow prelink_t prelink_cache_t:file manage_file_perms;
+@@ -76,6 +76,11 @@
+
+ miscfiles_read_localization(prelink_t)
+
++ifdef(`targeted_policy',`
++ term_use_unallocated_ttys(prelink_t)
++ term_use_generic_ptys(prelink_t)
++')
++
+ optional_policy(`
+ cron_system_entry(prelink_t, prelink_exec_t)
+ ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.18/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/admin/rpm.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/admin/rpm.fc 2006-10-03 12:02:36.000000000 -0400
@@ -21,6 +21,8 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -263,9 +279,9 @@
')
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.3.17/policy/modules/admin/rpm.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.3.18/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2006-09-15 13:14:27.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/admin/rpm.if 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/admin/rpm.if 2006-10-03 12:02:36.000000000 -0400
@@ -257,3 +257,24 @@
dontaudit $1 rpm_var_lib_t:file create_file_perms;
dontaudit $1 rpm_var_lib_t:lnk_file create_lnk_perms;
@@ -291,9 +307,9 @@
+ allow $1 rpm_t:dbus send_msg;
+ allow rpm_t $1:dbus send_msg;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.3.17/policy/modules/admin/rpm.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.3.18/policy/modules/admin/rpm.te
--- nsaserefpolicy/policy/modules/admin/rpm.te 2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/admin/rpm.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/admin/rpm.te 2006-10-03 12:02:36.000000000 -0400
@@ -9,6 +9,8 @@
type rpm_t;
type rpm_exec_t;
@@ -313,9 +329,9 @@
dev_list_sysfs(rpm_script_t)
# ideally we would not need this
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.3.17/policy/modules/admin/su.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.3.18/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if 2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/admin/su.if 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/admin/su.if 2006-10-03 12:02:36.000000000 -0400
@@ -266,7 +266,7 @@
')
')
@@ -325,9 +341,9 @@
fs_mount_xattr_fs($1_su_t)
fs_unmount_xattr_fs($1_su_t)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.3.17/policy/modules/admin/usermanage.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.3.18/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/admin/usermanage.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/admin/usermanage.te 2006-10-03 12:02:36.000000000 -0400
@@ -379,6 +379,7 @@
allow sysadm_passwd_t sysadm_passwd_tmp_t:file create_file_perms;
files_tmp_filetrans(sysadm_passwd_t, sysadm_passwd_tmp_t, { file dir })
@@ -361,9 +377,9 @@
userdom_manage_staff_home_dirs(useradd_t)
userdom_generic_user_home_dir_filetrans_generic_user_home_content(useradd_t,notdevfile_class_set)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.3.17/policy/modules/apps/java.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.3.18/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/apps/java.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/apps/java.fc 2006-10-03 12:02:36.000000000 -0400
@@ -1,7 +1,7 @@
#
# /opt
@@ -373,9 +389,9 @@
#
# /usr
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.3.17/policy/modules/apps/java.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.3.18/policy/modules/apps/java.te
--- nsaserefpolicy/policy/modules/apps/java.te 2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/apps/java.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/apps/java.te 2006-10-03 12:02:36.000000000 -0400
@@ -17,6 +17,8 @@
ifdef(`targeted_policy',`
@@ -385,9 +401,9 @@
unconfined_domain_noaudit(java_t)
role system_r types java_t;
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.3.17/policy/modules/apps/mono.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.3.18/policy/modules/apps/mono.te
--- nsaserefpolicy/policy/modules/apps/mono.te 2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/apps/mono.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/apps/mono.te 2006-10-03 12:02:36.000000000 -0400
@@ -44,4 +44,7 @@
optional_policy(`
unconfined_dbus_connect(mono_t)
@@ -396,9 +412,9 @@
+ rpm_dbus_chat(mono_t)
+ ')
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.3.17/policy/modules/kernel/corecommands.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.3.18/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/kernel/corecommands.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/corecommands.fc 2006-10-03 12:02:36.000000000 -0400
@@ -65,6 +65,7 @@
/etc/xen/qemu-ifup -- gen_context(system_u:object_r:bin_t,s0)
@@ -407,9 +423,9 @@
ifdef(`distro_debian',`
/etc/mysql/debian-start -- gen_context(system_u:object_r:bin_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.3.17/policy/modules/kernel/corecommands.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.3.18/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2006-09-15 13:14:21.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/kernel/corecommands.if 2006-10-02 15:04:13.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/corecommands.if 2006-10-03 12:02:36.000000000 -0400
@@ -928,7 +928,19 @@
type bin_t, sbin_t;
')
@@ -453,9 +469,9 @@
allow $1 exec_type:file { getattr read execute };
+ userdom_mmap_all_executables($1)
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.3.17/policy/modules/kernel/corenetwork.te.in
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.3.18/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-09-29 14:28:01.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/kernel/corenetwork.te.in 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/corenetwork.te.in 2006-10-03 12:02:36.000000000 -0400
@@ -67,6 +67,7 @@
network_port(clamd, tcp,3310,s0)
network_port(clockspeed, udp,4041,s0)
@@ -512,9 +528,9 @@
allow corenet_unconfined_type port_type:{ tcp_socket udp_socket } name_bind;
-allow corenet_unconfined_type node_type:{ tcp_socket udp_socket } node_bind;
+allow corenet_unconfined_type node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.3.17/policy/modules/kernel/devices.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.3.18/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/kernel/devices.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/devices.fc 2006-10-03 12:02:36.000000000 -0400
@@ -25,10 +25,10 @@
/dev/i915 -c gen_context(system_u:object_r:dri_device_t,s0)
/dev/irlpt[0-9]+ -c gen_context(system_u:object_r:printer_device_t,s0)
@@ -542,9 +558,9 @@
/dev/(misc/)?psaux -c gen_context(system_u:object_r:mouse_device_t,s0)
/dev/rmidi.* -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/radeon -c gen_context(system_u:object_r:dri_device_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.3.17/policy/modules/kernel/files.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.3.18/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2006-09-25 15:11:10.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/kernel/files.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/files.fc 2006-10-03 12:02:36.000000000 -0400
@@ -29,9 +29,10 @@
/boot -d gen_context(system_u:object_r:boot_t,s0)
/boot/.* gen_context(system_u:object_r:boot_t,s0)
@@ -639,9 +655,9 @@
+/var/tmp/lost\+found -d gen_context(system_u:object_r:lost_found_t,s15:c0.c1023)
/var/tmp/lost\+found/.* <<none>>
/var/tmp/vi\.recover -d gen_context(system_u:object_r:tmp_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.3.17/policy/modules/kernel/filesystem.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.3.18/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2006-09-25 15:11:10.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/kernel/filesystem.if 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/filesystem.if 2006-10-03 12:02:36.000000000 -0400
@@ -3381,3 +3381,25 @@
allow $1 noxattrfs:blk_file { getattr relabelfrom };
allow $1 noxattrfs:chr_file { getattr relabelfrom };
@@ -668,9 +684,9 @@
+ allow $1 autofs_t:lnk_file create_lnk_perms;
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.3.17/policy/modules/kernel/filesystem.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.3.18/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2006-09-25 15:11:10.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/kernel/filesystem.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/filesystem.te 2006-10-03 12:02:36.000000000 -0400
@@ -21,6 +21,7 @@
# Use xattrs for the following filesystem types.
@@ -679,9 +695,21 @@
fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr ext3 gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr gfs2 gen_context(system_u:object_r:fs_t,s0);
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.3.17/policy/modules/kernel/kernel.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.3.18/policy/modules/kernel/kernel.if
+--- nsaserefpolicy/policy/modules/kernel/kernel.if 2006-09-22 09:35:44.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/kernel.if 2006-10-03 12:02:36.000000000 -0400
+@@ -2128,7 +2128,7 @@
+ allow $1 unlabeled_t:association { sendto recvfrom };
+
+ # temporary hack until labeling on packets is supported
+- allow $1 unlabeled_t:packet { send recv };
++ allow $1 unlabeled_t:packet { send recv flow_in flow_out };
+ ')
+
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.3.18/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2006-09-22 09:35:44.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/kernel/kernel.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/kernel.te 2006-10-03 12:02:36.000000000 -0400
@@ -39,7 +39,7 @@
domain_base_type(kernel_t)
mls_rangetrans_source(kernel_t)
@@ -751,9 +779,9 @@
')
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.te serefpolicy-2.3.17/policy/modules/kernel/mcs.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.te serefpolicy-2.3.18/policy/modules/kernel/mcs.te
--- nsaserefpolicy/policy/modules/kernel/mcs.te 2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/kernel/mcs.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/mcs.te 2006-10-03 12:02:36.000000000 -0400
@@ -37,15 +37,15 @@
# default and have the daemons which need to run with all categories be
# exceptions. But while range_transitions have to be in the base module
@@ -779,9 +807,9 @@
# these might be targeted_policy only
range_transition unconfined_t initrc_exec_t s0;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.3.17/policy/modules/kernel/mls.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.3.18/policy/modules/kernel/mls.te
--- nsaserefpolicy/policy/modules/kernel/mls.te 2006-09-22 09:35:44.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/kernel/mls.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/mls.te 2006-10-03 12:02:36.000000000 -0400
@@ -64,9 +64,9 @@
type setrans_exec_t;
@@ -797,9 +825,9 @@
+#range_transition initrc_t setrans_exec_t s15:c0.c1023;
+range_transition run_init_t initrc_exec_t s0 - s15:c0.c1023;
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.te serefpolicy-2.3.17/policy/modules/kernel/selinux.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.te serefpolicy-2.3.18/policy/modules/kernel/selinux.te
--- nsaserefpolicy/policy/modules/kernel/selinux.te 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/kernel/selinux.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/selinux.te 2006-10-03 12:02:36.000000000 -0400
@@ -19,7 +19,7 @@
type security_t;
fs_type(security_t)
@@ -809,9 +837,9 @@
genfscon selinuxfs / gen_context(system_u:object_r:security_t,s0)
neverallow ~{ selinux_unconfined_type can_load_policy } security_t:security load_policy;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-2.3.17/policy/modules/kernel/storage.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-2.3.18/policy/modules/kernel/storage.fc
--- nsaserefpolicy/policy/modules/kernel/storage.fc 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/kernel/storage.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/storage.fc 2006-10-03 12:02:36.000000000 -0400
@@ -5,36 +5,37 @@
/dev/n?osst[0-3].* -c gen_context(system_u:object_r:tape_device_t,s0)
/dev/n?pt[0-9]+ -c gen_context(system_u:object_r:tape_device_t,s0)
@@ -900,9 +928,9 @@
+/dev/scramdisk/.* -b gen_context(system_u:object_r:fixed_disk_device_t,s15:c0.c1023)
/dev/usb/rio500 -c gen_context(system_u:object_r:removable_device_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-2.3.17/policy/modules/kernel/storage.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-2.3.18/policy/modules/kernel/storage.if
--- nsaserefpolicy/policy/modules/kernel/storage.if 2006-07-14 17:04:29.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/kernel/storage.if 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/storage.if 2006-10-03 12:02:36.000000000 -0400
@@ -37,6 +37,7 @@
')
@@ -911,9 +939,9 @@
')
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-2.3.17/policy/modules/kernel/terminal.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-2.3.18/policy/modules/kernel/terminal.fc
--- nsaserefpolicy/policy/modules/kernel/terminal.fc 2006-09-01 14:10:17.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/kernel/terminal.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/terminal.fc 2006-10-03 12:02:36.000000000 -0400
@@ -18,7 +18,7 @@
/dev/pty/.* -c gen_context(system_u:object_r:bsdpty_device_t,s0)
@@ -923,9 +951,9 @@
/dev/tts/[^/]* -c gen_context(system_u:object_r:tty_device_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.3.17/policy/modules/kernel/terminal.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.3.18/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/kernel/terminal.if 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/kernel/terminal.if 2006-10-03 12:02:36.000000000 -0400
@@ -458,6 +458,26 @@
########################################
@@ -953,9 +981,9 @@
## Read and write the generic pty
## type. This is generally only used in
## the targeted policy.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.3.17/policy/modules/services/apache.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.3.18/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/apache.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/apache.fc 2006-10-03 12:02:36.000000000 -0400
@@ -80,3 +80,12 @@
/var/www/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
/var/www/icons(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -969,9 +997,9 @@
+/opt/fortitude/modules.local(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
+/opt/fortitude/logs(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
+/opt/fortitude/run(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.3.17/policy/modules/services/automount.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.3.18/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2006-09-22 14:07:05.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/automount.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/automount.te 2006-10-03 12:02:36.000000000 -0400
@@ -36,6 +36,8 @@
allow automount_t self:unix_dgram_socket create_socket_perms;
allow automount_t self:tcp_socket create_stream_socket_perms;
@@ -997,9 +1025,9 @@
term_dontaudit_use_console(automount_t)
term_dontaudit_getattr_pty_dirs(automount_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-2.3.17/policy/modules/services/ccs.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-2.3.18/policy/modules/services/ccs.fc
--- nsaserefpolicy/policy/modules/services/ccs.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.17/policy/modules/services/ccs.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/ccs.fc 2006-10-03 12:02:36.000000000 -0400
@@ -0,0 +1,8 @@
+# ccs executable will have:
+# label: system_u:object_r:ccs_exec_t
@@ -1009,9 +1037,9 @@
+/sbin/ccsd -- gen_context(system_u:object_r:ccs_exec_t,s0)
+/var/run/cluster(/.*)? gen_context(system_u:object_r:ccs_var_run_t,s0)
+/etc/cluster(/.*)? gen_context(system_u:object_r:cluster_conf_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.if serefpolicy-2.3.17/policy/modules/services/ccs.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.if serefpolicy-2.3.18/policy/modules/services/ccs.if
--- nsaserefpolicy/policy/modules/services/ccs.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.17/policy/modules/services/ccs.if 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/ccs.if 2006-10-03 12:02:36.000000000 -0400
@@ -0,0 +1,65 @@
+## <summary>policy for ccs</summary>
+
@@ -1078,9 +1106,9 @@
+ allow $1 cluster_conf_t:file { getattr read };
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.3.17/policy/modules/services/ccs.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.3.18/policy/modules/services/ccs.te
--- nsaserefpolicy/policy/modules/services/ccs.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.17/policy/modules/services/ccs.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/ccs.te 2006-10-03 12:02:36.000000000 -0400
@@ -0,0 +1,87 @@
+policy_module(ccs,1.0.0)
+
@@ -1169,9 +1197,9 @@
+
+allow ccs_t cluster_conf_t:dir r_dir_perms;
+allow ccs_t cluster_conf_t:file rw_file_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.3.17/policy/modules/services/cron.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.3.18/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2006-09-15 13:14:25.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/cron.if 2006-10-02 13:43:32.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/cron.if 2006-10-03 12:02:36.000000000 -0400
@@ -54,9 +54,6 @@
domain_entry_file($1_crontab_t,crontab_exec_t)
role $3 types $1_crontab_t;
@@ -1238,9 +1266,9 @@
# Access terminals.
userdom_use_user_terminals($1,$1_crontab_t)
# Read user crontabs
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.3.17/policy/modules/services/cron.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.3.18/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2006-09-29 14:28:01.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/cron.te 2006-10-02 13:42:20.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/cron.te 2006-10-03 12:02:36.000000000 -0400
@@ -72,6 +72,7 @@
# Cron Local policy
#
@@ -1261,9 +1289,9 @@
ifdef(`targeted_policy',`
allow crond_t system_crond_tmp_t:dir create_dir_perms;
allow crond_t system_crond_tmp_t:file create_file_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.3.17/policy/modules/services/cups.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.3.18/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2006-09-22 14:07:06.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/cups.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/cups.te 2006-10-03 12:02:36.000000000 -0400
@@ -124,6 +124,9 @@
allow cupsd_t ptal_var_run_t:sock_file { write setattr };
allow cupsd_t ptal_t:unix_stream_socket connectto;
@@ -1274,9 +1302,18 @@
kernel_read_system_state(cupsd_t)
kernel_read_network_state(cupsd_t)
kernel_read_all_sysctls(cupsd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.3.17/policy/modules/services/cvs.te
+@@ -271,6 +274,8 @@
+ optional_policy(`
+ samba_read_config(cupsd_t)
+ samba_rw_var_files(cupsd_t)
++ # cups execs smbtool which reads samba_etc_t files
++ samba_read_config(cupsd_t)
+ ')
+
+ optional_policy(`
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.3.18/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2006-07-14 17:04:40.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/cvs.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/cvs.te 2006-10-03 12:02:36.000000000 -0400
@@ -9,6 +9,7 @@
type cvs_t;
type cvs_exec_t;
@@ -1285,9 +1322,9 @@
role system_r types cvs_t;
type cvs_data_t; # customizable
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.3.17/policy/modules/services/dbus.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.3.18/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2006-09-15 13:14:24.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/dbus.if 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/dbus.if 2006-10-03 12:02:36.000000000 -0400
@@ -123,6 +123,7 @@
selinux_compute_relabel_context($1_dbusd_t)
selinux_compute_user_contexts($1_dbusd_t)
@@ -1296,9 +1333,9 @@
corecmd_list_bin($1_dbusd_t)
corecmd_read_bin_symlinks($1_dbusd_t)
corecmd_read_bin_files($1_dbusd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.3.17/policy/modules/services/dovecot.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.3.18/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2006-09-06 13:04:51.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/dovecot.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/dovecot.te 2006-10-03 12:02:36.000000000 -0400
@@ -171,6 +171,8 @@
allow dovecot_auth_t dovecot_var_run_t:dir r_dir_perms;
@@ -1308,9 +1345,9 @@
kernel_read_all_sysctls(dovecot_auth_t)
kernel_read_system_state(dovecot_auth_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.3.17/policy/modules/services/hal.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.3.18/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/hal.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/hal.te 2006-10-03 12:02:36.000000000 -0400
@@ -85,6 +85,7 @@
files_rw_etc_runtime_files(hald_t)
files_manage_mnt_dirs(hald_t)
@@ -1319,9 +1356,9 @@
files_search_var_lib(hald_t)
files_read_usr_files(hald_t)
# hal is now execing pm-suspend
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-2.3.17/policy/modules/services/lpd.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-2.3.18/policy/modules/services/lpd.fc
--- nsaserefpolicy/policy/modules/services/lpd.fc 2006-09-29 14:28:02.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/lpd.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/lpd.fc 2006-10-03 12:02:36.000000000 -0400
@@ -7,15 +7,20 @@
# /usr
#
@@ -1343,9 +1380,9 @@
/usr/share/printconf/.* -- gen_context(system_u:object_r:printconf_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.3.17/policy/modules/services/mta.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.3.18/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/mta.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/mta.te 2006-10-03 12:02:36.000000000 -0400
@@ -27,6 +27,7 @@
type sendmail_exec_t;
@@ -1354,9 +1391,9 @@
mta_base_mail_template(system)
role system_r types system_mail_t;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-2.3.17/policy/modules/services/nscd.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-2.3.18/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2006-08-07 18:55:18.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/nscd.if 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/nscd.if 2006-10-03 12:02:36.000000000 -0400
@@ -181,3 +181,23 @@
allow $1 nscd_t:nscd *;
@@ -1381,9 +1418,9 @@
+ role $1 types nscd_t;
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-2.3.17/policy/modules/services/nscd.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-2.3.18/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/nscd.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/nscd.te 2006-10-03 12:02:36.000000000 -0400
@@ -120,6 +120,9 @@
term_dontaudit_use_unallocated_ttys(nscd_t)
term_dontaudit_use_generic_ptys(nscd_t)
@@ -1394,9 +1431,9 @@
')
optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.3.17/policy/modules/services/pegasus.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.3.18/policy/modules/services/pegasus.if
--- nsaserefpolicy/policy/modules/services/pegasus.if 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/pegasus.if 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/pegasus.if 2006-10-03 12:02:36.000000000 -0400
@@ -1 +1,32 @@
## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
+
@@ -1430,9 +1467,9 @@
+ allow pegasus_t $1:fifo_file rw_file_perms;
+ allow pegasus_t $1:process sigchld;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.3.17/policy/modules/services/pegasus.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.3.18/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2006-08-23 12:14:54.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/pegasus.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/pegasus.te 2006-10-03 12:02:36.000000000 -0400
@@ -100,13 +100,12 @@
auth_use_nsswitch(pegasus_t)
@@ -1449,9 +1486,9 @@
files_read_var_lib_symlinks(pegasus_t)
hostname_exec(pegasus_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.3.17/policy/modules/services/procmail.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.3.18/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2006-09-15 13:14:25.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/procmail.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/procmail.te 2006-10-03 12:02:36.000000000 -0400
@@ -10,6 +10,7 @@
type procmail_exec_t;
domain_type(procmail_t)
@@ -1460,9 +1497,9 @@
role system_r types procmail_t;
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-2.3.17/policy/modules/services/rhgb.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-2.3.18/policy/modules/services/rhgb.te
--- nsaserefpolicy/policy/modules/services/rhgb.te 2006-09-06 13:04:51.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/rhgb.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/rhgb.te 2006-10-03 12:02:36.000000000 -0400
@@ -13,10 +13,8 @@
type rhgb_tmpfs_t;
files_tmpfs_file(rhgb_tmpfs_t)
@@ -1524,9 +1561,9 @@
allow initrc_t rhgb_gph_t:fd use;
')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-2.3.17/policy/modules/services/ricci.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-2.3.18/policy/modules/services/ricci.fc
--- nsaserefpolicy/policy/modules/services/ricci.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.17/policy/modules/services/ricci.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/ricci.fc 2006-10-03 12:02:36.000000000 -0400
@@ -0,0 +1,20 @@
+# ricci executable will have:
+# label: system_u:object_r:ricci_exec_t
@@ -1548,9 +1585,9 @@
+/usr/sbin/ricci-modservice -- gen_context(system_u:object_r:ricci_modservice_exec_t,s0)
+/usr/sbin/ricci-modstorage -- gen_context(system_u:object_r:ricci_modstorage_exec_t,s0)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-2.3.17/policy/modules/services/ricci.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-2.3.18/policy/modules/services/ricci.if
--- nsaserefpolicy/policy/modules/services/ricci.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.17/policy/modules/services/ricci.if 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/ricci.if 2006-10-03 12:02:36.000000000 -0400
@@ -0,0 +1,184 @@
+## <summary>policy for ricci</summary>
+
@@ -1736,9 +1773,9 @@
+ allow $1 ricci_modcluster_var_run_t:sock_file write;
+ allow $1 ricci_modclusterd_t:unix_stream_socket connectto;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.3.17/policy/modules/services/ricci.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.3.18/policy/modules/services/ricci.te
--- nsaserefpolicy/policy/modules/services/ricci.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.17/policy/modules/services/ricci.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/ricci.te 2006-10-03 12:02:36.000000000 -0400
@@ -0,0 +1,388 @@
+policy_module(ricci,1.0.0)
+
@@ -2128,9 +2165,9 @@
+')
+
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-2.3.17/policy/modules/services/rsync.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-2.3.18/policy/modules/services/rsync.te
--- nsaserefpolicy/policy/modules/services/rsync.te 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/rsync.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/rsync.te 2006-10-03 12:02:36.000000000 -0400
@@ -9,6 +9,7 @@
type rsync_t;
type rsync_exec_t;
@@ -2139,9 +2176,9 @@
role system_r types rsync_t;
type rsync_data_t;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.3.17/policy/modules/services/setroubleshoot.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.3.18/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2006-09-22 14:07:05.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/setroubleshoot.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/setroubleshoot.te 2006-10-03 12:02:36.000000000 -0400
@@ -28,7 +28,7 @@
#
@@ -2151,9 +2188,9 @@
allow setroubleshootd_t self:fifo_file rw_file_perms;
allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.3.17/policy/modules/services/spamassassin.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.3.18/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2006-09-01 14:10:18.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/spamassassin.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/spamassassin.te 2006-10-03 12:02:36.000000000 -0400
@@ -8,7 +8,7 @@
# spamassassin client executable
@@ -2172,9 +2209,9 @@
########################################
#
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.3.17/policy/modules/services/ssh.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.3.18/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/ssh.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/ssh.te 2006-10-03 12:02:36.000000000 -0400
@@ -10,7 +10,7 @@
# ssh client executable.
@@ -2184,9 +2221,9 @@
type ssh_keygen_t;
type ssh_keygen_exec_t;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.3.17/policy/modules/services/xserver.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.3.18/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2006-09-15 13:14:25.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/xserver.if 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/xserver.if 2006-10-03 12:02:36.000000000 -0400
@@ -898,10 +898,12 @@
domain_auto_trans($1,xserver_exec_t,xdm_xserver_t)
@@ -2200,9 +2237,9 @@
')
########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.3.17/policy/modules/services/xserver.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.3.18/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2006-09-06 13:04:51.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/services/xserver.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/services/xserver.te 2006-10-03 12:02:36.000000000 -0400
@@ -462,7 +462,7 @@
allow rhgb_t xdm_xserver_t:process signal;
')
@@ -2212,9 +2249,9 @@
# xdm needs access for linking .X11-unix to poly /tmp
allow xdm_t polymember:dir { add_name remove_name write };
allow xdm_t polymember:lnk_file { create unlink };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.3.17/policy/modules/system/authlogin.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.3.18/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2006-09-15 13:14:27.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/authlogin.if 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/authlogin.if 2006-10-03 12:02:36.000000000 -0400
@@ -230,7 +230,7 @@
seutil_read_config($1)
seutil_read_default_contexts($1)
@@ -2224,9 +2261,9 @@
files_polyinstantiate_all($1)
')
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.3.17/policy/modules/system/fstools.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.3.18/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2006-09-22 14:07:06.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/fstools.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/fstools.te 2006-10-03 12:02:36.000000000 -0400
@@ -9,7 +9,7 @@
type fsadm_t;
type fsadm_exec_t;
@@ -2244,9 +2281,9 @@
mls_file_write_down(fsadm_t)
storage_raw_read_fixed_disk(fsadm_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.3.17/policy/modules/system/hostname.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.3.18/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/hostname.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/hostname.te 2006-10-03 12:02:36.000000000 -0400
@@ -8,8 +8,12 @@
type hostname_t;
@@ -2261,9 +2298,9 @@
########################################
#
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-2.3.17/policy/modules/system/init.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-2.3.18/policy/modules/system/init.fc
--- nsaserefpolicy/policy/modules/system/init.fc 2006-08-25 13:29:58.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/init.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/init.fc 2006-10-03 12:02:36.000000000 -0400
@@ -66,3 +66,6 @@
/var/run/sysconfig(/.*)? gen_context(system_u:object_r:initrc_var_run_t,s0)
')
@@ -2271,9 +2308,9 @@
+# Until their is a policy for pcscd we need these
+/var/run/pcscd\.pub -- gen_context(system_u:object_r:initrc_var_run_t,s0)
+/var/run/pcscd\.pid -- gen_context(system_u:object_r:initrc_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.3.17/policy/modules/system/init.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.3.18/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2006-09-29 14:28:02.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/init.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/init.te 2006-10-03 12:02:36.000000000 -0400
@@ -151,6 +151,7 @@
mcs_process_set_categories(init_t)
@@ -2292,9 +2329,9 @@
# slapd needs to read cert files from its initscript
miscfiles_read_certs(initrc_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.fc serefpolicy-2.3.17/policy/modules/system/iscsi.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.fc serefpolicy-2.3.18/policy/modules/system/iscsi.fc
--- nsaserefpolicy/policy/modules/system/iscsi.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.17/policy/modules/system/iscsi.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/iscsi.fc 2006-10-03 12:02:36.000000000 -0400
@@ -0,0 +1,7 @@
+# iscsid executable will have:
+# label: system_u:object_r:iscsid_exec_t
@@ -2303,9 +2340,9 @@
+
+/sbin/iscsid -- gen_context(system_u:object_r:iscsid_exec_t,s0)
+/var/run/iscsid.pid -- gen_context(system_u:object_r:iscsi_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-2.3.17/policy/modules/system/iscsi.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-2.3.18/policy/modules/system/iscsi.if
--- nsaserefpolicy/policy/modules/system/iscsi.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.17/policy/modules/system/iscsi.if 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/iscsi.if 2006-10-03 12:02:36.000000000 -0400
@@ -0,0 +1,24 @@
+## <summary>policy for iscsid</summary>
+
@@ -2331,9 +2368,9 @@
+ allow iscsid_t $1:fifo_file rw_file_perms;
+ allow iscsid_t $1:process sigchld;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-2.3.17/policy/modules/system/iscsi.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-2.3.18/policy/modules/system/iscsi.te
--- nsaserefpolicy/policy/modules/system/iscsi.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.17/policy/modules/system/iscsi.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/iscsi.te 2006-10-03 12:02:36.000000000 -0400
@@ -0,0 +1,74 @@
+policy_module(iscsid,1.0.0)
+
@@ -2409,9 +2446,9 @@
+allow iscsid_t iscsi_tmp_t:file create_file_perms;
+fs_tmpfs_filetrans(iscsid_t, iscsi_tmp_t, file )
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.3.17/policy/modules/system/libraries.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.3.18/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2006-09-22 14:07:07.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/libraries.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/libraries.fc 2006-10-03 12:02:36.000000000 -0400
@@ -255,6 +255,7 @@
/usr/(.*/)?jre.*/libdeploy\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(local/)?(.*/)?jre.*/libjvm\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -2420,9 +2457,9 @@
/usr/(local/)?Adobe/(.*/)?intellinux/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(local/)?Adobe/(.*/)?intellinux/sidecars/* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.if serefpolicy-2.3.17/policy/modules/system/locallogin.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.if serefpolicy-2.3.18/policy/modules/system/locallogin.if
--- nsaserefpolicy/policy/modules/system/locallogin.if 2006-07-14 17:04:43.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/locallogin.if 2006-10-02 13:40:54.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/locallogin.if 2006-10-03 12:02:36.000000000 -0400
@@ -71,3 +71,40 @@
allow $1 local_login_t:process signull;
@@ -2464,9 +2501,9 @@
+
+ allow $1 local_login_t:key link;
+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-2.3.17/policy/modules/system/logging.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-2.3.18/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2006-09-01 14:10:18.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/logging.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/logging.fc 2006-10-03 12:02:36.000000000 -0400
@@ -1,7 +1,7 @@
/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
@@ -2491,9 +2528,9 @@
/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,s0)
/var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.3.17/policy/modules/system/logging.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.3.18/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2006-09-29 14:28:02.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/logging.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/logging.te 2006-10-03 12:02:36.000000000 -0400
@@ -75,6 +75,7 @@
allow auditctl_t auditd_etc_t:file r_file_perms;
@@ -2519,18 +2556,18 @@
seutil_dontaudit_read_config(auditd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-2.3.17/policy/modules/system/mount.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-2.3.18/policy/modules/system/mount.fc
--- nsaserefpolicy/policy/modules/system/mount.fc 2006-07-14 17:04:43.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/mount.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/mount.fc 2006-10-03 12:02:36.000000000 -0400
@@ -4,4 +4,5 @@
# mount file contexts
#
/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
+/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.3.17/policy/modules/system/mount.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.3.18/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2006-09-15 13:14:27.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/mount.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/mount.te 2006-10-03 12:02:36.000000000 -0400
@@ -9,6 +9,7 @@
type mount_t;
type mount_exec_t;
@@ -2539,9 +2576,9 @@
role system_r types mount_t;
type mount_loopback_t; # customizable
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-2.3.17/policy/modules/system/raid.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-2.3.18/policy/modules/system/raid.te
--- nsaserefpolicy/policy/modules/system/raid.te 2006-09-29 14:28:02.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/raid.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/raid.te 2006-10-03 12:02:36.000000000 -0400
@@ -23,6 +23,7 @@
dontaudit mdadm_t self:capability sys_tty_config;
allow mdadm_t self:process { sigchld sigkill sigstop signull signal };
@@ -2559,9 +2596,9 @@
fs_search_auto_mountpoints(mdadm_t)
fs_dontaudit_list_tmpfs(mdadm_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.3.17/policy/modules/system/selinuxutil.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.3.18/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2006-09-05 07:41:01.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/selinuxutil.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/selinuxutil.fc 2006-10-03 12:02:36.000000000 -0400
@@ -6,12 +6,12 @@
/etc/selinux(/.*)? gen_context(system_u:object_r:selinux_config_t,s0)
/etc/selinux/([^/]*/)?contexts(/.*)? gen_context(system_u:object_r:default_context_t,s0)
@@ -2578,9 +2615,23 @@
#
# /root
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.3.17/policy/modules/system/selinuxutil.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.3.18/policy/modules/system/selinuxutil.if
+--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2006-09-15 13:14:26.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/selinuxutil.if 2006-10-03 14:41:55.000000000 -0400
+@@ -755,8 +755,8 @@
+
+ files_search_etc($1)
+ allow $1 selinux_config_t:dir search_dir_perms;
+- allow $1 default_context_t:dir rw_dir_perms;
+- allow $1 default_context_t:file manage_file_perms;
++ allow $1 default_context_t:dir create_dir_perms;
++ allow $1 default_context_t:file create_file_perms;
+ ')
+
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.3.18/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-09-22 14:07:07.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/selinuxutil.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/selinuxutil.te 2006-10-03 12:02:36.000000000 -0400
@@ -274,6 +274,7 @@
mls_file_upgrade(newrole_t)
mls_file_downgrade(newrole_t)
@@ -2589,7 +2640,17 @@
selinux_get_fs_mount(newrole_t)
selinux_validate_context(newrole_t)
-@@ -587,6 +588,7 @@
+@@ -415,6 +416,9 @@
+ optional_policy(`
+ udev_dontaudit_rw_dgram_sockets(restorecon_t)
+ ')
++ optional_policy(`
++ xserver_use_xdm_fds(restorecon_t)
++ ')
+ ')
+
+ optional_policy(`
+@@ -587,6 +591,7 @@
mls_rangetrans_target(semanage_t)
mls_file_read_up(semanage_t)
@@ -2597,17 +2658,17 @@
selinux_get_enforce_mode(semanage_t)
# for setsebool:
selinux_set_boolean(semanage_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.fc serefpolicy-2.3.17/policy/modules/system/setrans.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.fc serefpolicy-2.3.18/policy/modules/system/setrans.fc
--- nsaserefpolicy/policy/modules/system/setrans.fc 2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/setrans.fc 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/setrans.fc 2006-10-03 12:02:36.000000000 -0400
@@ -1,3 +1,3 @@
/sbin/mcstransd -- gen_context(system_u:object_r:setrans_exec_t,s0)
-/var/run/setrans(/.*)? gen_context(system_u:object_r:setrans_var_run_t,s15:c0.c255)
+/var/run/setrans(/.*)? gen_context(system_u:object_r:setrans_var_run_t,s15:c0.c1023)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-2.3.17/policy/modules/system/setrans.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-2.3.18/policy/modules/system/setrans.te
--- nsaserefpolicy/policy/modules/system/setrans.te 2006-09-22 14:07:07.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/setrans.te 2006-10-02 13:38:09.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/setrans.te 2006-10-03 12:02:36.000000000 -0400
@@ -52,7 +52,9 @@
mls_file_read_up(setrans_t)
mls_file_write_down(setrans_t)
@@ -2618,9 +2679,9 @@
selinux_compute_access_vector(setrans_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.3.17/policy/modules/system/unconfined.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.3.18/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/unconfined.if 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/unconfined.if 2006-10-03 12:02:36.000000000 -0400
@@ -31,6 +31,7 @@
allow $1 self:nscd *;
allow $1 self:dbus *;
@@ -2629,9 +2690,9 @@
kernel_unconfined($1)
corenet_unconfined($1)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.3.17/policy/modules/system/unconfined.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.3.18/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2006-09-29 14:28:02.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/unconfined.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/unconfined.te 2006-10-03 12:02:36.000000000 -0400
@@ -64,10 +64,6 @@
')
@@ -2663,21 +2724,10 @@
allow unconfined_execmem_t self:process { execstack execmem };
unconfined_domain_noaudit(unconfined_execmem_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-2.3.17/policy/modules/system/userdomain.fc
---- nsaserefpolicy/policy/modules/system/userdomain.fc 2006-07-14 17:04:44.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/userdomain.fc 2006-10-02 13:20:14.000000000 -0400
-@@ -4,6 +4,6 @@
- HOME_DIR -d gen_context(system_u:object_r:user_home_dir_t,s0)
- HOME_DIR/.+ gen_context(system_u:object_r:user_home_t,s0)
- ',`
--HOME_DIR -d gen_context(system_u:object_r:ROLE_home_dir_t,s0-s15:c0.c255)
-+HOME_DIR -d gen_context(system_u:object_r:ROLE_home_dir_t,s0-s15:c0.c1023)
- HOME_DIR/.+ gen_context(system_u:object_r:ROLE_home_t,s0)
- ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.3.17/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if 2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/userdomain.if 2006-10-02 15:04:03.000000000 -0400
-@@ -3896,12 +3896,7 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.3.18/policy/modules/system/userdomain.if
+--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-10-03 11:50:42.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/userdomain.if 2006-10-03 12:02:36.000000000 -0400
+@@ -3989,12 +3989,7 @@
#
interface(`userdom_manage_staff_home_dirs',`
ifdef(`targeted_policy',`
@@ -2691,7 +2741,7 @@
',`
gen_require(`
type staff_home_dir_t;
-@@ -5338,3 +5333,161 @@
+@@ -5431,3 +5426,161 @@
allow $1 user_home_dir_t:dir create_dir_perms;
files_home_filetrans($1,user_home_dir_t,dir)
')
@@ -2853,9 +2903,9 @@
+ allow $1 user_exec_type:file { relabelfrom relabelto };
+')
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.3.17/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te 2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/userdomain.te 2006-10-02 13:20:14.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.3.18/policy/modules/system/userdomain.te
+--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-10-03 11:50:42.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/userdomain.te 2006-10-03 12:02:36.000000000 -0400
@@ -24,6 +24,9 @@
# users home directory contents
attribute home_type;
@@ -2876,9 +2926,9 @@
usermanage_run_admin_passwd(sysadm_t,sysadm_r,admin_terminal)
usermanage_run_groupadd(sysadm_t,sysadm_r,admin_terminal)
usermanage_run_useradd(sysadm_t,sysadm_r,admin_terminal)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.3.17/policy/modules/system/xen.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.3.18/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2006-09-22 14:07:07.000000000 -0400
-+++ serefpolicy-2.3.17/policy/modules/system/xen.te 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/modules/system/xen.te 2006-10-03 12:02:36.000000000 -0400
@@ -132,6 +132,7 @@
corenet_tcp_bind_soundd_port(xend_t)
corenet_tcp_bind_generic_port(xend_t)
@@ -2887,9 +2937,9 @@
corenet_sendrecv_xen_server_packets(xend_t)
corenet_sendrecv_soundd_server_packets(xend_t)
corenet_rw_tun_tap_dev(xend_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.3.17/policy/users
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-2.3.18/policy/users
--- nsaserefpolicy/policy/users 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.17/policy/users 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/policy/users 2006-10-03 12:02:36.000000000 -0400
@@ -16,7 +16,7 @@
# and a user process should never be assigned the system user
# identity.
@@ -2929,9 +2979,9 @@
+ gen_user(root, sysadm, sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r'), s0, s0 - s15:c0.c1023, c0.c1023)
')
')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.3.17/Rules.modular
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.3.18/Rules.modular
--- nsaserefpolicy/Rules.modular 2006-09-15 13:14:28.000000000 -0400
-+++ serefpolicy-2.3.17/Rules.modular 2006-10-02 13:20:14.000000000 -0400
++++ serefpolicy-2.3.18/Rules.modular 2006-10-03 12:02:36.000000000 -0400
@@ -212,6 +212,16 @@
########################################
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.303
retrieving revision 1.304
diff -u -r1.303 -r1.304
--- selinux-policy.spec 2 Oct 2006 19:45:00 -0000 1.303
+++ selinux-policy.spec 3 Oct 2006 18:45:18 -0000 1.304
@@ -16,8 +16,8 @@
%define CHECKPOLICYVER 1.30.11-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.3.17
-Release: 2
+Version: 2.3.18
+Release: 1
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -349,6 +349,9 @@
%endif
%changelog
+* Tue Oct 3 2006 Dan Walsh <dwalsh at redhat.com> 2.3.18-1
+- Patch for labeled networking
+
* Mon Oct 2 2006 Dan Walsh <dwalsh at redhat.com> 2.3.17-2
- Fix crond handling for mls
- Previous message (by thread): rpms/openssh/FC-5 openssh-3.9p1-cve-2006-5051.patch, NONE, 1.1 openssh-4.3p2-cve-2006-4924.patch, NONE, 1.1 openssh-4.3p2-gssapi-no-spnego.patch, 1.1, 1.2 openssh.spec, 1.91, 1.92
- Next message (by thread): rpms/selinux-policy/devel .cvsignore,1.90,1.91 sources,1.94,1.95
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list