[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rpms/selinux-policy/devel policy-20061016.patch, 1.4, 1.5 selinux-policy.spec, 1.318, 1.319



Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv300

Modified Files:
	policy-20061016.patch selinux-policy.spec 
Log Message:
* Fri Oct 20 2006 Dan Walsh <dwalsh redhat com> 2.4-2
- Allow procemail to look at autofs_t
- Allow xen_image_t to work as a fixed device


policy-20061016.patch:
 Rules.modular                             |   10 
 policy/flask/access_vectors               |    2 
 policy/global_tunables                    |   22 +
 policy/modules/admin/acct.te              |    1 
 policy/modules/admin/amanda.te            |    3 
 policy/modules/admin/anaconda.te          |    4 
 policy/modules/admin/bootloader.fc        |    2 
 policy/modules/admin/consoletype.te       |    8 
 policy/modules/admin/dmesg.te             |    1 
 policy/modules/admin/netutils.te          |    6 
 policy/modules/admin/prelink.te           |    8 
 policy/modules/admin/rpm.fc               |    2 
 policy/modules/admin/rpm.if               |   21 +
 policy/modules/admin/rpm.te               |    5 
 policy/modules/admin/su.if                |    3 
 policy/modules/admin/usermanage.te        |    5 
 policy/modules/apps/java.fc               |    3 
 policy/modules/apps/java.te               |    2 
 policy/modules/apps/mono.te               |    3 
 policy/modules/kernel/corecommands.fc     |    1 
 policy/modules/kernel/corecommands.if     |   17 +
 policy/modules/kernel/corenetwork.te.in   |    6 
 policy/modules/kernel/devices.fc          |    1 
 policy/modules/kernel/domain.te           |    7 
 policy/modules/kernel/files.fc            |    1 
 policy/modules/kernel/filesystem.if       |   22 +
 policy/modules/kernel/filesystem.te       |    3 
 policy/modules/kernel/kernel.if           |    2 
 policy/modules/kernel/kernel.te           |    1 
 policy/modules/kernel/storage.if          |    1 
 policy/modules/kernel/terminal.if         |   20 +
 policy/modules/kernel/terminal.te         |    1 
 policy/modules/services/apache.fc         |    9 
 policy/modules/services/apache.if         |    2 
 policy/modules/services/apache.te         |    3 
 policy/modules/services/automount.te      |    4 
 policy/modules/services/bluetooth.te      |    2 
 policy/modules/services/ccs.fc            |    8 
 policy/modules/services/ccs.if            |   65 ++++
 policy/modules/services/ccs.te            |   88 ++++++
 policy/modules/services/cron.if           |   25 -
 policy/modules/services/cron.te           |   10 
 policy/modules/services/cups.fc           |    6 
 policy/modules/services/cups.if           |   21 +
 policy/modules/services/cups.te           |   17 +
 policy/modules/services/cvs.te            |    1 
 policy/modules/services/dbus.if           |    1 
 policy/modules/services/dovecot.te        |    2 
 policy/modules/services/hal.te            |    1 
 policy/modules/services/lpd.fc            |    5 
 policy/modules/services/lpd.if            |   72 +++--
 policy/modules/services/mta.te            |    1 
 policy/modules/services/networkmanager.te |    4 
 policy/modules/services/nscd.if           |   20 +
 policy/modules/services/nscd.te           |    3 
 policy/modules/services/oddjob.te         |   12 
 policy/modules/services/pegasus.if        |   31 ++
 policy/modules/services/pegasus.te        |    5 
 policy/modules/services/procmail.te       |    2 
 policy/modules/services/rhgb.te           |   24 +
 policy/modules/services/ricci.fc          |   19 +
 policy/modules/services/ricci.if          |  184 +++++++++++++
 policy/modules/services/ricci.te          |  424 ++++++++++++++++++++++++++++++
 policy/modules/services/rpc.te            |    3 
 policy/modules/services/rsync.te          |    1 
 policy/modules/services/samba.te          |    4 
 policy/modules/services/setroubleshoot.te |    2 
 policy/modules/services/spamassassin.te   |    5 
 policy/modules/services/squid.te          |    7 
 policy/modules/services/ssh.te            |    4 
 policy/modules/services/xserver.if        |   40 ++
 policy/modules/services/xserver.te        |    2 
 policy/modules/system/authlogin.fc        |    1 
 policy/modules/system/authlogin.if        |    2 
 policy/modules/system/clock.te            |    3 
 policy/modules/system/fstools.te          |    3 
 policy/modules/system/getty.te            |    3 
 policy/modules/system/hostname.te         |    6 
 policy/modules/system/init.fc             |    3 
 policy/modules/system/init.te             |   10 
 policy/modules/system/iscsi.fc            |    9 
 policy/modules/system/iscsi.if            |   24 +
 policy/modules/system/iscsi.te            |   94 ++++++
 policy/modules/system/libraries.fc        |    8 
 policy/modules/system/locallogin.if       |   37 ++
 policy/modules/system/logging.te          |    4 
 policy/modules/system/mount.fc            |    1 
 policy/modules/system/mount.te            |    2 
 policy/modules/system/raid.te             |    5 
 policy/modules/system/selinuxutil.if      |    6 
 policy/modules/system/selinuxutil.te      |    8 
 policy/modules/system/setrans.te          |    2 
 policy/modules/system/unconfined.if       |   19 +
 policy/modules/system/unconfined.te       |   20 -
 policy/modules/system/userdomain.if       |  165 +++++++++++
 policy/modules/system/userdomain.te       |   14 
 policy/modules/system/xen.fc              |    2 
 policy/modules/system/xen.te              |   35 ++
 98 files changed, 1698 insertions(+), 121 deletions(-)

Index: policy-20061016.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20061016.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- policy-20061016.patch	19 Oct 2006 14:32:27 -0000	1.4
+++ policy-20061016.patch	20 Oct 2006 21:08:15 -0000	1.5
@@ -1,6 +1,6 @@
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.3.19/policy/flask/access_vectors
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.4/policy/flask/access_vectors
 --- nsaserefpolicy/policy/flask/access_vectors	2006-09-01 14:10:17.000000000 -0400
-+++ serefpolicy-2.3.19/policy/flask/access_vectors	2006-10-17 15:44:52.000000000 -0400
++++ serefpolicy-2.4/policy/flask/access_vectors	2006-10-19 12:29:40.000000000 -0400
 @@ -618,6 +618,8 @@
  	send
  	recv
@@ -10,9 +10,9 @@
  }
  
  class key
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.3.19/policy/global_tunables
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.4/policy/global_tunables
 --- nsaserefpolicy/policy/global_tunables	2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.19/policy/global_tunables	2006-10-19 09:11:53.000000000 -0400
++++ serefpolicy-2.4/policy/global_tunables	2006-10-19 12:29:40.000000000 -0400
 @@ -594,3 +594,25 @@
  ## </desc>
  gen_tunable(spamd_enable_home_dirs,true)
@@ -39,9 +39,9 @@
 +## </p>
 +## </desc>
 +gen_tunable(use_lpd_server,false)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.3.19/policy/modules/admin/acct.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.4/policy/modules/admin/acct.te
 --- nsaserefpolicy/policy/modules/admin/acct.te	2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/admin/acct.te	2006-10-17 15:44:52.000000000 -0400
++++ serefpolicy-2.4/policy/modules/admin/acct.te	2006-10-19 12:29:40.000000000 -0400
 @@ -9,6 +9,7 @@
  type acct_t;
  type acct_exec_t;
@@ -50,9 +50,9 @@
  
  type acct_data_t;
  logging_log_file(acct_data_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.3.19/policy/modules/admin/amanda.te
---- nsaserefpolicy/policy/modules/admin/amanda.te	2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/admin/amanda.te	2006-10-17 15:44:52.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.4/policy/modules/admin/amanda.te
+--- nsaserefpolicy/policy/modules/admin/amanda.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/admin/amanda.te	2006-10-19 12:29:40.000000000 -0400
 @@ -97,7 +97,7 @@
  allow amanda_t amanda_gnutarlists_t:lnk_file manage_file_perms;
  
@@ -70,9 +70,9 @@
  
  dev_getattr_all_blk_files(amanda_t)
  dev_getattr_all_chr_files(amanda_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-2.3.19/policy/modules/admin/anaconda.te
---- nsaserefpolicy/policy/modules/admin/anaconda.te	2006-09-01 14:10:19.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/admin/anaconda.te	2006-10-17 15:44:52.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-2.4/policy/modules/admin/anaconda.te
+--- nsaserefpolicy/policy/modules/admin/anaconda.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/admin/anaconda.te	2006-10-19 12:29:40.000000000 -0400
 @@ -36,10 +36,6 @@
  
  userdom_generic_user_home_dir_filetrans_generic_user_home_content(anaconda_t,{ dir file lnk_file fifo_file sock_file })
@@ -84,9 +84,9 @@
  optional_policy(`
  	dmesg_domtrans(anaconda_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.3.19/policy/modules/admin/bootloader.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.4/policy/modules/admin/bootloader.fc
 --- nsaserefpolicy/policy/modules/admin/bootloader.fc	2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/admin/bootloader.fc	2006-10-17 15:44:52.000000000 -0400
++++ serefpolicy-2.4/policy/modules/admin/bootloader.fc	2006-10-19 12:29:40.000000000 -0400
 @@ -7,8 +7,6 @@
  /usr/sbin/mkinitrd	--	gen_context(system_u:object_r:bootloader_exec_t,s0)
  
@@ -96,9 +96,9 @@
  /sbin/lilo.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
  /sbin/mkinitrd		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
  /sbin/ybin.*		--	gen_context(system_u:object_r:bootloader_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.19/policy/modules/admin/consoletype.te
---- nsaserefpolicy/policy/modules/admin/consoletype.te	2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/admin/consoletype.te	2006-10-17 15:44:52.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.4/policy/modules/admin/consoletype.te
+--- nsaserefpolicy/policy/modules/admin/consoletype.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/admin/consoletype.te	2006-10-19 12:29:40.000000000 -0400
 @@ -8,7 +8,12 @@
  
  type consoletype_t;
@@ -121,9 +121,9 @@
  
  ########################################
  #
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.3.19/policy/modules/admin/dmesg.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.4/policy/modules/admin/dmesg.te
 --- nsaserefpolicy/policy/modules/admin/dmesg.te	2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/admin/dmesg.te	2006-10-17 15:44:52.000000000 -0400
++++ serefpolicy-2.4/policy/modules/admin/dmesg.te	2006-10-19 12:29:40.000000000 -0400
 @@ -10,6 +10,7 @@
  	type dmesg_t;
  	type dmesg_exec_t;
@@ -132,9 +132,9 @@
  	role system_r types dmesg_t;
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.3.19/policy/modules/admin/netutils.te
---- nsaserefpolicy/policy/modules/admin/netutils.te	2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/admin/netutils.te	2006-10-17 15:44:52.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.4/policy/modules/admin/netutils.te
+--- nsaserefpolicy/policy/modules/admin/netutils.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/admin/netutils.te	2006-10-19 12:29:40.000000000 -0400
 @@ -18,10 +18,12 @@
  type ping_exec_t;
  init_system_domain(ping_t,ping_exec_t)
@@ -159,9 +159,9 @@
  ########################################
  #
  # Ping local policy
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.3.19/policy/modules/admin/prelink.te
---- nsaserefpolicy/policy/modules/admin/prelink.te	2006-09-29 14:28:02.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/admin/prelink.te	2006-10-19 08:16:54.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.4/policy/modules/admin/prelink.te
+--- nsaserefpolicy/policy/modules/admin/prelink.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/admin/prelink.te	2006-10-19 12:29:40.000000000 -0400
 @@ -24,7 +24,7 @@
  #
  
@@ -184,9 +184,9 @@
  optional_policy(`
  	cron_system_entry(prelink_t, prelink_exec_t)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.19/policy/modules/admin/rpm.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.4/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/admin/rpm.fc	2006-10-17 15:44:52.000000000 -0400
++++ serefpolicy-2.4/policy/modules/admin/rpm.fc	2006-10-19 12:29:40.000000000 -0400
 @@ -21,6 +21,8 @@
  /usr/sbin/pup			--	gen_context(system_u:object_r:rpm_exec_t,s0)
  /usr/sbin/rhn_check		--	gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -196,9 +196,9 @@
  ')
  
  /var/lib/alternatives(/.*)?		gen_context(system_u:object_r:rpm_var_lib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.3.19/policy/modules/admin/rpm.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.4/policy/modules/admin/rpm.if
 --- nsaserefpolicy/policy/modules/admin/rpm.if	2006-09-15 13:14:27.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/admin/rpm.if	2006-10-17 15:44:52.000000000 -0400
++++ serefpolicy-2.4/policy/modules/admin/rpm.if	2006-10-19 12:29:40.000000000 -0400
 @@ -257,3 +257,24 @@
  	dontaudit $1 rpm_var_lib_t:file create_file_perms;
  	dontaudit $1 rpm_var_lib_t:lnk_file create_lnk_perms;
@@ -224,9 +224,9 @@
 +	allow $1 rpm_t:dbus send_msg;
 +	allow rpm_t $1:dbus send_msg;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.3.19/policy/modules/admin/rpm.te
---- nsaserefpolicy/policy/modules/admin/rpm.te	2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/admin/rpm.te	2006-10-17 15:44:52.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.4/policy/modules/admin/rpm.te
+--- nsaserefpolicy/policy/modules/admin/rpm.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/admin/rpm.te	2006-10-19 12:29:40.000000000 -0400
 @@ -9,6 +9,8 @@
  type rpm_t;
  type rpm_exec_t;
@@ -246,9 +246,9 @@
  dev_list_sysfs(rpm_script_t)
  
  # ideally we would not need this
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.3.19/policy/modules/admin/su.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.4/policy/modules/admin/su.if
 --- nsaserefpolicy/policy/modules/admin/su.if	2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/admin/su.if	2006-10-17 15:44:52.000000000 -0400
++++ serefpolicy-2.4/policy/modules/admin/su.if	2006-10-19 12:29:40.000000000 -0400
 @@ -79,6 +79,7 @@
  	auth_domtrans_chk_passwd($1_su_t)
  	auth_dontaudit_read_shadow($1_su_t)
@@ -266,9 +266,9 @@
  		fs_mount_xattr_fs($1_su_t)
  		fs_unmount_xattr_fs($1_su_t)
  	')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.3.19/policy/modules/admin/usermanage.te
---- nsaserefpolicy/policy/modules/admin/usermanage.te	2006-09-22 14:07:08.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/admin/usermanage.te	2006-10-17 15:44:52.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.4/policy/modules/admin/usermanage.te
+--- nsaserefpolicy/policy/modules/admin/usermanage.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/admin/usermanage.te	2006-10-19 12:29:40.000000000 -0400
 @@ -379,6 +379,7 @@
  allow sysadm_passwd_t sysadm_passwd_tmp_t:file create_file_perms;
  files_tmp_filetrans(sysadm_passwd_t, sysadm_passwd_tmp_t, { file dir })
@@ -302,9 +302,9 @@
  userdom_manage_staff_home_dirs(useradd_t)
  userdom_generic_user_home_dir_filetrans_generic_user_home_content(useradd_t,notdevfile_class_set)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.3.19/policy/modules/apps/java.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.4/policy/modules/apps/java.fc
 --- nsaserefpolicy/policy/modules/apps/java.fc	2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/apps/java.fc	2006-10-17 15:44:52.000000000 -0400
++++ serefpolicy-2.4/policy/modules/apps/java.fc	2006-10-19 12:29:40.000000000 -0400
 @@ -1,7 +1,8 @@
  #
  # /opt
@@ -315,9 +315,9 @@
  
  #
  # /usr
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.3.19/policy/modules/apps/java.te
---- nsaserefpolicy/policy/modules/apps/java.te	2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/apps/java.te	2006-10-17 15:44:52.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.4/policy/modules/apps/java.te
+--- nsaserefpolicy/policy/modules/apps/java.te	2006-10-19 11:47:36.000000000 -0400
++++ serefpolicy-2.4/policy/modules/apps/java.te	2006-10-19 12:29:40.000000000 -0400
 @@ -17,6 +17,8 @@
  
  ifdef(`targeted_policy',`
@@ -327,9 +327,9 @@
  	unconfined_domain_noaudit(java_t)
  	role system_r types java_t;
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.3.19/policy/modules/apps/mono.te
---- nsaserefpolicy/policy/modules/apps/mono.te	2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/apps/mono.te	2006-10-17 15:44:52.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.4/policy/modules/apps/mono.te
+--- nsaserefpolicy/policy/modules/apps/mono.te	2006-10-19 11:47:36.000000000 -0400
++++ serefpolicy-2.4/policy/modules/apps/mono.te	2006-10-19 12:29:40.000000000 -0400
 @@ -44,4 +44,7 @@
  	optional_policy(`
  		unconfined_dbus_connect(mono_t)
@@ -338,9 +338,9 @@
 +		rpm_dbus_chat(mono_t)
 +	')
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.3.19/policy/modules/kernel/corecommands.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.4/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2006-09-22 14:07:03.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/kernel/corecommands.fc	2006-10-17 15:44:52.000000000 -0400
++++ serefpolicy-2.4/policy/modules/kernel/corecommands.fc	2006-10-19 12:29:40.000000000 -0400
 @@ -65,6 +65,7 @@
  
  /etc/xen/qemu-ifup		--	gen_context(system_u:object_r:bin_t,s0)
@@ -349,9 +349,9 @@
  
  ifdef(`distro_debian',`
  /etc/mysql/debian-start		--	gen_context(system_u:object_r:bin_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.3.19/policy/modules/kernel/corecommands.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.4/policy/modules/kernel/corecommands.if
 --- nsaserefpolicy/policy/modules/kernel/corecommands.if	2006-09-15 13:14:21.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/kernel/corecommands.if	2006-10-17 15:44:52.000000000 -0400
++++ serefpolicy-2.4/policy/modules/kernel/corecommands.if	2006-10-19 12:29:40.000000000 -0400
 @@ -928,7 +928,19 @@
  		type bin_t, sbin_t;
  	')
@@ -395,9 +395,9 @@
  	allow $1 exec_type:file { getattr read execute };
 +	userdom_mmap_all_executables($1)
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.3.19/policy/modules/kernel/corenetwork.te.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2006-10-17 13:47:44.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/kernel/corenetwork.te.in	2006-10-17 15:44:52.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.4/policy/modules/kernel/corenetwork.te.in
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2006-10-19 11:47:35.000000000 -0400
++++ serefpolicy-2.4/policy/modules/kernel/corenetwork.te.in	2006-10-19 12:29:40.000000000 -0400
 @@ -67,6 +67,7 @@
  network_port(clamd, tcp,3310,s0)
  network_port(clockspeed, udp,4041,s0)
@@ -429,9 +429,9 @@
  allow corenet_unconfined_type port_type:{ tcp_socket udp_socket } name_bind;
 -allow corenet_unconfined_type node_type:{ tcp_socket udp_socket } node_bind;
 +allow corenet_unconfined_type node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.3.19/policy/modules/kernel/devices.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.4/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2006-10-16 12:20:16.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/kernel/devices.fc	2006-10-17 15:44:52.000000000 -0400
++++ serefpolicy-2.4/policy/modules/kernel/devices.fc	2006-10-19 12:29:40.000000000 -0400
 @@ -99,6 +99,7 @@
  /dev/usb/scanner.*	-c	gen_context(system_u:object_r:scanner_device_t,s0)
  
@@ -440,9 +440,9 @@
  
  ifdef(`distro_debian',`
  # used by udev init script as temporary mount point
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.3.19/policy/modules/kernel/domain.te
---- nsaserefpolicy/policy/modules/kernel/domain.te	2006-07-14 17:04:30.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/kernel/domain.te	2006-10-17 15:44:52.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.4/policy/modules/kernel/domain.te
+--- nsaserefpolicy/policy/modules/kernel/domain.te	2006-10-19 11:47:35.000000000 -0400
++++ serefpolicy-2.4/policy/modules/kernel/domain.te	2006-10-19 12:29:40.000000000 -0400
 @@ -144,3 +144,10 @@
  
  # act on all domains keys
@@ -454,9 +454,9 @@
 +	xserver_dontaudit_use_xdm_fds(domain)
 +	xserver_dontaudit_rw_xdm_pipes(domain)
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.3.19/policy/modules/kernel/files.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.4/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2006-10-16 12:20:16.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/kernel/files.fc	2006-10-17 15:44:52.000000000 -0400
++++ serefpolicy-2.4/policy/modules/kernel/files.fc	2006-10-19 12:29:40.000000000 -0400
 @@ -123,6 +123,7 @@
  /media(/[^/]*)		-l	gen_context(system_u:object_r:mnt_t,s0)
  /media(/[^/]*)?		-d	gen_context(system_u:object_r:mnt_t,s0)
@@ -465,9 +465,9 @@
  
  #
  # /misc
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.3.19/policy/modules/kernel/filesystem.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.4/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2006-09-25 15:11:10.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/kernel/filesystem.if	2006-10-17 15:44:52.000000000 -0400
++++ serefpolicy-2.4/policy/modules/kernel/filesystem.if	2006-10-19 12:29:41.000000000 -0400
 @@ -3381,3 +3381,25 @@
  	allow $1 noxattrfs:blk_file { getattr relabelfrom };
  	allow $1 noxattrfs:chr_file { getattr relabelfrom };
@@ -494,9 +494,9 @@
 +	allow $1 autofs_t:lnk_file create_lnk_perms;
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.3.19/policy/modules/kernel/filesystem.te
---- nsaserefpolicy/policy/modules/kernel/filesystem.te	2006-09-25 15:11:10.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/kernel/filesystem.te	2006-10-17 15:44:52.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.4/policy/modules/kernel/filesystem.te
+--- nsaserefpolicy/policy/modules/kernel/filesystem.te	2006-10-19 11:47:35.000000000 -0400
++++ serefpolicy-2.4/policy/modules/kernel/filesystem.te	2006-10-19 12:29:41.000000000 -0400
 @@ -21,9 +21,11 @@
  
  # Use xattrs for the following filesystem types.
@@ -517,9 +517,9 @@
  
  ########################################
  #
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.3.19/policy/modules/kernel/kernel.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.4/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2006-10-17 13:47:44.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/kernel/kernel.if	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/kernel/kernel.if	2006-10-19 12:29:41.000000000 -0400
 @@ -2167,7 +2167,7 @@
  	allow $1 unlabeled_t:association { sendto recvfrom };
  
@@ -529,9 +529,9 @@
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.3.19/policy/modules/kernel/kernel.te
---- nsaserefpolicy/policy/modules/kernel/kernel.te	2006-10-17 13:47:44.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/kernel/kernel.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.4/policy/modules/kernel/kernel.te
+--- nsaserefpolicy/policy/modules/kernel/kernel.te	2006-10-19 11:47:35.000000000 -0400
++++ serefpolicy-2.4/policy/modules/kernel/kernel.te	2006-10-19 12:29:41.000000000 -0400
 @@ -326,6 +326,7 @@
  
  ifdef(`targeted_policy',`
@@ -540,9 +540,9 @@
  ')
  
  optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-2.3.19/policy/modules/kernel/storage.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-2.4/policy/modules/kernel/storage.if
 --- nsaserefpolicy/policy/modules/kernel/storage.if	2006-07-14 17:04:29.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/kernel/storage.if	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/kernel/storage.if	2006-10-19 12:29:41.000000000 -0400
 @@ -37,6 +37,7 @@
  	')
  
@@ -551,9 +551,9 @@
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.3.19/policy/modules/kernel/terminal.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.4/policy/modules/kernel/terminal.if
 --- nsaserefpolicy/policy/modules/kernel/terminal.if	2006-10-17 07:53:28.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/kernel/terminal.if	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/kernel/terminal.if	2006-10-19 12:29:41.000000000 -0400
 @@ -480,6 +480,26 @@
  
  ########################################
@@ -581,9 +581,9 @@
  ##	Read and write the generic pty
  ##	type.  This is generally only used in
  ##	the targeted policy.
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.te serefpolicy-2.3.19/policy/modules/kernel/terminal.te
---- nsaserefpolicy/policy/modules/kernel/terminal.te	2006-10-16 12:20:16.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/kernel/terminal.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.te serefpolicy-2.4/policy/modules/kernel/terminal.te
+--- nsaserefpolicy/policy/modules/kernel/terminal.te	2006-10-19 11:47:35.000000000 -0400
++++ serefpolicy-2.4/policy/modules/kernel/terminal.te	2006-10-19 12:29:41.000000000 -0400
 @@ -28,6 +28,7 @@
  type devpts_t;
  files_mountpoint(devpts_t)
@@ -592,9 +592,9 @@
  fs_type(devpts_t)
  fs_use_trans devpts gen_context(system_u:object_r:devpts_t,s0);
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.3.19/policy/modules/services/apache.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.4/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/apache.fc	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/apache.fc	2006-10-19 12:29:41.000000000 -0400
 @@ -80,3 +80,12 @@
  /var/www/cgi-bin(/.*)?			gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
  /var/www/icons(/.*)?			gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -608,9 +608,21 @@
 +/opt/fortitude/modules.local(/.*)?	gen_context(system_u:object_r:httpd_modules_t,s0)
 +/opt/fortitude/logs(/.*)?		gen_context(system_u:object_r:httpd_log_t,s0)
 +/opt/fortitude/run(/.*)?		gen_context(system_u:object_r:httpd_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.3.19/policy/modules/services/apache.te
---- nsaserefpolicy/policy/modules/services/apache.te	2006-09-22 14:07:06.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/apache.te	2006-10-18 12:42:43.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.4/policy/modules/services/apache.if
+--- nsaserefpolicy/policy/modules/services/apache.if	2006-09-15 13:14:25.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/apache.if	2006-10-19 14:18:20.000000000 -0400
+@@ -168,7 +168,7 @@
+ 		allow httpd_t httpd_$1_script_exec_t:dir r_dir_perms;
+ 		allow httpd_t httpd_$1_script_exec_t:file r_file_perms;
+ 
+-		allow httpd_$1_script_t self:process signal_perms;
++		allow httpd_$1_script_t self:process { setsched signal_perms };
+ 		allow httpd_$1_script_t self:unix_stream_socket create_stream_socket_perms;
+ 
+ 		allow httpd_$1_script_t httpd_t:fd use;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.4/policy/modules/services/apache.te
+--- nsaserefpolicy/policy/modules/services/apache.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/apache.te	2006-10-19 12:29:41.000000000 -0400
 @@ -204,6 +204,8 @@
  allow httpd_t squirrelmail_spool_t:file create_file_perms;
  allow httpd_t squirrelmail_spool_t:lnk_file create_lnk_perms;
@@ -628,9 +640,9 @@
  
  domain_use_interactive_fds(httpd_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.3.19/policy/modules/services/automount.te
---- nsaserefpolicy/policy/modules/services/automount.te	2006-09-22 14:07:05.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/automount.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.4/policy/modules/services/automount.te
+--- nsaserefpolicy/policy/modules/services/automount.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/automount.te	2006-10-19 12:29:41.000000000 -0400
 @@ -36,6 +36,8 @@
  allow automount_t self:unix_dgram_socket create_socket_perms;
  allow automount_t self:tcp_socket create_stream_socket_perms;
@@ -656,9 +668,21 @@
  
  term_dontaudit_use_console(automount_t)
  term_dontaudit_getattr_pty_dirs(automount_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-2.3.19/policy/modules/services/ccs.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.4/policy/modules/services/bluetooth.te
+--- nsaserefpolicy/policy/modules/services/bluetooth.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/bluetooth.te	2006-10-19 12:31:08.000000000 -0400
+@@ -77,7 +77,7 @@
+ 
+ allow bluetooth_t bluetooth_var_lib_t:file create_file_perms;
+ allow bluetooth_t bluetooth_var_lib_t:dir create_dir_perms;
+-files_var_lib_filetrans(bluetooth_t,bluetooth_var_lib_t,file)
++files_var_lib_filetrans(bluetooth_t,bluetooth_var_lib_t,{ dir file } )
+ 
+ allow bluetooth_t bluetooth_var_run_t:dir rw_dir_perms;
+ allow bluetooth_t bluetooth_var_run_t:file create_file_perms;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-2.4/policy/modules/services/ccs.fc
 --- nsaserefpolicy/policy/modules/services/ccs.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.19/policy/modules/services/ccs.fc	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/ccs.fc	2006-10-19 12:29:41.000000000 -0400
 @@ -0,0 +1,8 @@
 +# ccs executable will have:
 +# label: system_u:object_r:ccs_exec_t
@@ -668,9 +692,9 @@
 +/sbin/ccsd		--	gen_context(system_u:object_r:ccs_exec_t,s0)
 +/var/run/cluster(/.*)?		gen_context(system_u:object_r:ccs_var_run_t,s0)
 +/etc/cluster(/.*)?		gen_context(system_u:object_r:cluster_conf_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.if serefpolicy-2.3.19/policy/modules/services/ccs.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.if serefpolicy-2.4/policy/modules/services/ccs.if
 --- nsaserefpolicy/policy/modules/services/ccs.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.19/policy/modules/services/ccs.if	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/ccs.if	2006-10-19 12:29:41.000000000 -0400
 @@ -0,0 +1,65 @@
 +## <summary>policy for ccs</summary>
 +
@@ -737,9 +761,9 @@
 +	allow $1 cluster_conf_t:file { getattr read };
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.3.19/policy/modules/services/ccs.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.4/policy/modules/services/ccs.te
 --- nsaserefpolicy/policy/modules/services/ccs.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.19/policy/modules/services/ccs.te	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/ccs.te	2006-10-19 12:29:41.000000000 -0400
 @@ -0,0 +1,88 @@
 +policy_module(ccs,1.0.0)
 +
@@ -829,9 +853,9 @@
 +
 +allow ccs_t cluster_conf_t:dir r_dir_perms;
 +allow ccs_t cluster_conf_t:file rw_file_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.3.19/policy/modules/services/cron.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.4/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2006-09-15 13:14:25.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/cron.if	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/cron.if	2006-10-19 12:29:41.000000000 -0400
 @@ -54,9 +54,6 @@
  	domain_entry_file($1_crontab_t,crontab_exec_t)
  	role $3 types $1_crontab_t;
@@ -898,9 +922,9 @@
  	# Access terminals.
  	userdom_use_user_terminals($1,$1_crontab_t)
  	# Read user crontabs
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.3.19/policy/modules/services/cron.te
---- nsaserefpolicy/policy/modules/services/cron.te	2006-10-16 12:20:18.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/cron.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.4/policy/modules/services/cron.te
+--- nsaserefpolicy/policy/modules/services/cron.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/cron.te	2006-10-19 12:29:41.000000000 -0400
 @@ -62,9 +62,9 @@
  	type sysadm_cron_spool_t;
  	files_type(sysadm_cron_spool_t)
@@ -933,9 +957,9 @@
  ifdef(`targeted_policy',`
  	allow crond_t system_crond_tmp_t:dir create_dir_perms;
  	allow crond_t system_crond_tmp_t:file create_file_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-2.3.19/policy/modules/services/cups.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-2.4/policy/modules/services/cups.fc
 --- nsaserefpolicy/policy/modules/services/cups.fc	2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/cups.fc	2006-10-19 09:05:11.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/cups.fc	2006-10-19 12:29:41.000000000 -0400
 @@ -23,7 +23,7 @@
  
  /usr/libexec/hal_lpadmin --	gen_context(system_u:object_r:cupsd_config_exec_t,s0)
@@ -960,9 +984,9 @@
  
 -/var/spool/cups(/.*)?		gen_context(system_u:object_r:print_spool_t,s0)
 +/var/spool/cups(/.*)?		gen_context(system_u:object_r:print_spool_t,mls_systemhigh)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-2.3.19/policy/modules/services/cups.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-2.4/policy/modules/services/cups.if
 --- nsaserefpolicy/policy/modules/services/cups.if	2006-09-15 13:14:25.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/cups.if	2006-10-19 08:54:37.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/cups.if	2006-10-19 12:29:41.000000000 -0400
 @@ -244,3 +244,24 @@
  	allow $1 ptal_var_run_t:sock_file write;
  	allow $1 ptal_t:unix_stream_socket connectto;
@@ -988,9 +1012,9 @@
 +')
 +
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.3.19/policy/modules/services/cups.te
---- nsaserefpolicy/policy/modules/services/cups.te	2006-10-16 12:20:18.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/cups.te	2006-10-19 09:03:28.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.4/policy/modules/services/cups.te
+--- nsaserefpolicy/policy/modules/services/cups.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/cups.te	2006-10-19 12:29:41.000000000 -0400
 @@ -124,6 +124,9 @@
  allow cupsd_t ptal_var_run_t:sock_file { write setattr };
  allow cupsd_t ptal_t:unix_stream_socket connectto;
@@ -1036,9 +1060,9 @@
  ')
  
  optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.3.19/policy/modules/services/cvs.te
---- nsaserefpolicy/policy/modules/services/cvs.te	2006-07-14 17:04:40.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/cvs.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.4/policy/modules/services/cvs.te
+--- nsaserefpolicy/policy/modules/services/cvs.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/cvs.te	2006-10-19 12:29:41.000000000 -0400
 @@ -9,6 +9,7 @@
  type cvs_t;
  type cvs_exec_t;
@@ -1047,9 +1071,9 @@
  role system_r types cvs_t;
  
  type cvs_data_t; # customizable
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.3.19/policy/modules/services/dbus.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.4/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2006-09-15 13:14:24.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/dbus.if	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/dbus.if	2006-10-19 12:29:41.000000000 -0400
 @@ -123,6 +123,7 @@
  	selinux_compute_relabel_context($1_dbusd_t)
  	selinux_compute_user_contexts($1_dbusd_t)
@@ -1058,9 +1082,9 @@
  	corecmd_list_bin($1_dbusd_t)
  	corecmd_read_bin_symlinks($1_dbusd_t)
  	corecmd_read_bin_files($1_dbusd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.3.19/policy/modules/services/dovecot.te
---- nsaserefpolicy/policy/modules/services/dovecot.te	2006-09-06 13:04:51.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/dovecot.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.4/policy/modules/services/dovecot.te
+--- nsaserefpolicy/policy/modules/services/dovecot.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/dovecot.te	2006-10-19 12:29:41.000000000 -0400
 @@ -171,6 +171,8 @@
  
  allow dovecot_auth_t dovecot_var_run_t:dir r_dir_perms;
@@ -1070,9 +1094,9 @@
  kernel_read_all_sysctls(dovecot_auth_t)
  kernel_read_system_state(dovecot_auth_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.3.19/policy/modules/services/hal.te
---- nsaserefpolicy/policy/modules/services/hal.te	2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/hal.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.4/policy/modules/services/hal.te
+--- nsaserefpolicy/policy/modules/services/hal.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/hal.te	2006-10-19 12:29:41.000000000 -0400
 @@ -85,6 +85,7 @@
  files_rw_etc_runtime_files(hald_t)
  files_manage_mnt_dirs(hald_t)
@@ -1081,9 +1105,9 @@
  files_search_var_lib(hald_t)
  files_read_usr_files(hald_t)
  # hal is now execing pm-suspend
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-2.3.19/policy/modules/services/lpd.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-2.4/policy/modules/services/lpd.fc
 --- nsaserefpolicy/policy/modules/services/lpd.fc	2006-09-29 14:28:02.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/lpd.fc	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/lpd.fc	2006-10-19 12:29:41.000000000 -0400
 @@ -7,15 +7,20 @@
  # /usr
  #
@@ -1105,9 +1129,9 @@
  
  /usr/share/printconf/.* --	gen_context(system_u:object_r:printconf_t,s0)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-2.3.19/policy/modules/services/lpd.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-2.4/policy/modules/services/lpd.if
 --- nsaserefpolicy/policy/modules/services/lpd.if	2006-09-15 13:14:25.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/lpd.if	2006-10-19 09:11:02.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/lpd.if	2006-10-19 12:29:41.000000000 -0400
 @@ -64,33 +64,35 @@
  	allow $1_lpr_t self:udp_socket create_socket_perms;
  	allow $1_lpr_t self:netlink_route_socket r_netlink_socket_perms;
@@ -1203,9 +1227,9 @@
  ##	List the contents of the printer spool directories.
  ## </summary>
  ## <param name="domain">
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.3.19/policy/modules/services/mta.te
---- nsaserefpolicy/policy/modules/services/mta.te	2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/mta.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.4/policy/modules/services/mta.te
+--- nsaserefpolicy/policy/modules/services/mta.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/mta.te	2006-10-19 12:29:41.000000000 -0400
 @@ -27,6 +27,7 @@
  
  type sendmail_exec_t;
@@ -1214,9 +1238,9 @@
  
  mta_base_mail_template(system)
  role system_r types system_mail_t;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.3.19/policy/modules/services/networkmanager.te
---- nsaserefpolicy/policy/modules/services/networkmanager.te	2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/networkmanager.te	2006-10-18 09:19:30.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.4/policy/modules/services/networkmanager.te
+--- nsaserefpolicy/policy/modules/services/networkmanager.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/networkmanager.te	2006-10-19 12:29:41.000000000 -0400
 @@ -119,6 +119,9 @@
  	term_dontaudit_use_unallocated_ttys(NetworkManager_t)
  	term_dontaudit_use_generic_ptys(NetworkManager_t)
@@ -1232,9 +1256,9 @@
  	vpn_signal(NetworkManager_t)
  ')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-2.3.19/policy/modules/services/nscd.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-2.4/policy/modules/services/nscd.if
 --- nsaserefpolicy/policy/modules/services/nscd.if	2006-08-07 18:55:18.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/nscd.if	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/nscd.if	2006-10-19 12:29:41.000000000 -0400
 @@ -181,3 +181,23 @@
  
  	allow $1 nscd_t:nscd *;
@@ -1259,9 +1283,9 @@
 +	role $1 types nscd_t;
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-2.3.19/policy/modules/services/nscd.te
---- nsaserefpolicy/policy/modules/services/nscd.te	2006-09-25 15:11:11.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/nscd.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-2.4/policy/modules/services/nscd.te
+--- nsaserefpolicy/policy/modules/services/nscd.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/nscd.te	2006-10-19 12:29:41.000000000 -0400
 @@ -120,6 +120,9 @@
  	term_dontaudit_use_unallocated_ttys(nscd_t)
  	term_dontaudit_use_generic_ptys(nscd_t)
@@ -1272,9 +1296,9 @@
  ')
  
  optional_policy(`
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-2.3.19/policy/modules/services/oddjob.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-2.4/policy/modules/services/oddjob.te
 --- nsaserefpolicy/policy/modules/services/oddjob.te	2006-09-29 14:28:02.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/oddjob.te	2006-10-18 16:55:20.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/oddjob.te	2006-10-19 12:29:41.000000000 -0400
 @@ -54,7 +54,10 @@
  
  locallogin_dontaudit_use_fds(oddjob_t)
@@ -1299,9 +1323,9 @@
 +userdom_manage_staff_home_dirs(oddjob_mkhomedir_t)
 +userdom_generic_user_home_dir_filetrans_generic_user_home_content(oddjob_mkhomedir_t,notdevfile_class_set)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.3.19/policy/modules/services/pegasus.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.4/policy/modules/services/pegasus.if
 --- nsaserefpolicy/policy/modules/services/pegasus.if	2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/pegasus.if	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/pegasus.if	2006-10-19 12:29:41.000000000 -0400
 @@ -1 +1,32 @@
  ## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
 +
@@ -1335,9 +1359,9 @@
 +	allow pegasus_t $1:fifo_file rw_file_perms;
 +	allow pegasus_t $1:process sigchld;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.3.19/policy/modules/services/pegasus.te
---- nsaserefpolicy/policy/modules/services/pegasus.te	2006-08-23 12:14:54.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/pegasus.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.4/policy/modules/services/pegasus.te
+--- nsaserefpolicy/policy/modules/services/pegasus.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/pegasus.te	2006-10-19 12:29:41.000000000 -0400
 @@ -100,13 +100,12 @@
  
  auth_use_nsswitch(pegasus_t)
@@ -1354,9 +1378,9 @@
  files_read_var_lib_symlinks(pegasus_t)
  
  hostname_exec(pegasus_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.3.19/policy/modules/services/procmail.te
---- nsaserefpolicy/policy/modules/services/procmail.te	2006-09-15 13:14:25.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/procmail.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.4/policy/modules/services/procmail.te
+--- nsaserefpolicy/policy/modules/services/procmail.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/procmail.te	2006-10-20 14:11:39.000000000 -0400
 @@ -10,6 +10,7 @@
  type procmail_exec_t;
  domain_type(procmail_t)
@@ -1365,9 +1389,17 @@
  role system_r types procmail_t;
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-2.3.19/policy/modules/services/rhgb.te
---- nsaserefpolicy/policy/modules/services/rhgb.te	2006-09-06 13:04:51.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/rhgb.te	2006-10-17 15:44:53.000000000 -0400
+@@ -43,6 +44,7 @@
+ dev_read_urand(procmail_t)
+ 
+ fs_getattr_xattr_fs(procmail_t)
++fs_search_auto_mountpoints(procmail_t)
+ 
+ auth_use_nsswitch(procmail_t)
+ 
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-2.4/policy/modules/services/rhgb.te
+--- nsaserefpolicy/policy/modules/services/rhgb.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/rhgb.te	2006-10-19 12:29:41.000000000 -0400
 @@ -13,10 +13,8 @@
  type rhgb_tmpfs_t;
  files_tmpfs_file(rhgb_tmpfs_t)
@@ -1429,9 +1461,9 @@
  	allow initrc_t rhgb_gph_t:fd use;
  ')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-2.3.19/policy/modules/services/ricci.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-2.4/policy/modules/services/ricci.fc
 --- nsaserefpolicy/policy/modules/services/ricci.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.19/policy/modules/services/ricci.fc	2006-10-18 16:15:51.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/ricci.fc	2006-10-19 12:29:41.000000000 -0400
 @@ -0,0 +1,19 @@
 +# ricci executable will have:
 +# label: system_u:object_r:ricci_exec_t
@@ -1452,9 +1484,9 @@
 +/usr/libexec/ricci-modservice	--	gen_context(system_u:object_r:ricci_modservice_exec_t,s0)
 +/usr/libexec/ricci-modstorage	--	gen_context(system_u:object_r:ricci_modstorage_exec_t,s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-2.3.19/policy/modules/services/ricci.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-2.4/policy/modules/services/ricci.if
 --- nsaserefpolicy/policy/modules/services/ricci.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.19/policy/modules/services/ricci.if	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/ricci.if	2006-10-19 12:29:41.000000000 -0400
 @@ -0,0 +1,184 @@
 +## <summary>policy for ricci</summary>
 +
@@ -1640,9 +1672,9 @@
 +	allow $1 ricci_modcluster_var_run_t:sock_file write;
 +	allow $1 ricci_modclusterd_t:unix_stream_socket connectto;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.3.19/policy/modules/services/ricci.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.4/policy/modules/services/ricci.te
 --- nsaserefpolicy/policy/modules/services/ricci.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.19/policy/modules/services/ricci.te	2006-10-18 16:33:51.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/ricci.te	2006-10-19 12:29:41.000000000 -0400
 @@ -0,0 +1,424 @@
 +policy_module(ricci,1.0.0)
 +
@@ -2068,9 +2100,9 @@
 +')
 +
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.3.19/policy/modules/services/rpc.te
---- nsaserefpolicy/policy/modules/services/rpc.te	2006-09-22 14:07:06.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/rpc.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.4/policy/modules/services/rpc.te
+--- nsaserefpolicy/policy/modules/services/rpc.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/rpc.te	2006-10-19 12:29:41.000000000 -0400
 @@ -117,6 +117,7 @@
  # GSSD local policy
  #
@@ -2088,9 +2120,9 @@
  tunable_policy(`allow_gssd_read_tmp',`
  	userdom_list_unpriv_users_tmp(gssd_t) 
  	userdom_read_unpriv_users_tmp_files(gssd_t) 
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-2.3.19/policy/modules/services/rsync.te
---- nsaserefpolicy/policy/modules/services/rsync.te	2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/rsync.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-2.4/policy/modules/services/rsync.te
+--- nsaserefpolicy/policy/modules/services/rsync.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/rsync.te	2006-10-19 12:29:41.000000000 -0400
 @@ -9,6 +9,7 @@
  type rsync_t;
  type rsync_exec_t;
@@ -2099,9 +2131,9 @@
  role system_r types rsync_t;
  
  type rsync_data_t;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.3.19/policy/modules/services/samba.te
---- nsaserefpolicy/policy/modules/services/samba.te	2006-10-16 12:20:18.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/samba.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.4/policy/modules/services/samba.te
+--- nsaserefpolicy/policy/modules/services/samba.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/samba.te	2006-10-19 12:29:41.000000000 -0400
 @@ -502,6 +502,10 @@
  userdom_use_sysadm_ttys(smbmount_t)
  
@@ -2113,9 +2145,9 @@
  	nis_use_ypbind(smbmount_t)
  ')
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.3.19/policy/modules/services/setroubleshoot.te
---- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2006-09-22 14:07:05.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/setroubleshoot.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.4/policy/modules/services/setroubleshoot.te
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/setroubleshoot.te	2006-10-19 12:29:41.000000000 -0400
 @@ -28,7 +28,7 @@
  #
  
@@ -2125,9 +2157,9 @@
  allow setroubleshootd_t self:fifo_file rw_file_perms;
  allow setroubleshootd_t self:tcp_socket create_stream_socket_perms;
  allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.3.19/policy/modules/services/spamassassin.te
---- nsaserefpolicy/policy/modules/services/spamassassin.te	2006-09-01 14:10:18.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/spamassassin.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.4/policy/modules/services/spamassassin.te
+--- nsaserefpolicy/policy/modules/services/spamassassin.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/spamassassin.te	2006-10-19 12:29:41.000000000 -0400
 @@ -8,7 +8,7 @@
  
  # spamassassin client executable
@@ -2154,9 +2186,9 @@
  
  allow spamd_t spamd_spool_t:file create_file_perms;
  allow spamd_t spamd_spool_t:dir create_dir_perms;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-2.3.19/policy/modules/services/squid.te
---- nsaserefpolicy/policy/modules/services/squid.te	2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/squid.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-2.4/policy/modules/services/squid.te
+--- nsaserefpolicy/policy/modules/services/squid.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/squid.te	2006-10-19 12:29:41.000000000 -0400
 @@ -98,6 +98,9 @@
  
  fs_getattr_all_fs(squid_t)
@@ -2175,9 +2207,9 @@
 -#squid requires the following when run in diskd mode, the recommended setting
 -allow squid_t tmpfs_t:file { read write };
 -') dnl end TODO
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.3.19/policy/modules/services/ssh.te
---- nsaserefpolicy/policy/modules/services/ssh.te	2006-10-16 12:20:18.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/ssh.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.4/policy/modules/services/ssh.te
+--- nsaserefpolicy/policy/modules/services/ssh.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/ssh.te	2006-10-19 12:29:41.000000000 -0400
 @@ -10,7 +10,7 @@
  
  # ssh client executable.
@@ -2196,9 +2228,9 @@
  	# for X forwarding
  	corenet_tcp_bind_xserver_port(sshd_t)
  	corenet_sendrecv_xserver_server_packets(sshd_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.3.19/policy/modules/services/xserver.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.4/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2006-09-15 13:14:25.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/xserver.if	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/xserver.if	2006-10-19 12:29:41.000000000 -0400
 @@ -898,10 +898,12 @@
  
  	domain_auto_trans($1,xserver_exec_t,xdm_xserver_t)
@@ -2254,9 +2286,9 @@
 +	dontaudit $1 xdm_t:fifo_file { getattr read write }; 
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.3.19/policy/modules/services/xserver.te
---- nsaserefpolicy/policy/modules/services/xserver.te	2006-10-16 12:20:18.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/services/xserver.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.4/policy/modules/services/xserver.te
+--- nsaserefpolicy/policy/modules/services/xserver.te	2006-10-19 11:47:39.000000000 -0400
++++ serefpolicy-2.4/policy/modules/services/xserver.te	2006-10-19 12:29:41.000000000 -0400
 @@ -463,7 +463,7 @@
  allow rhgb_t xdm_xserver_t:process signal;
  ')
@@ -2266,9 +2298,9 @@
  # xdm needs access for linking .X11-unix to poly /tmp
  allow xdm_t polymember:dir { add_name remove_name write };
  allow xdm_t polymember:lnk_file { create unlink };
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-2.3.19/policy/modules/system/authlogin.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-2.4/policy/modules/system/authlogin.fc
 --- nsaserefpolicy/policy/modules/system/authlogin.fc	2006-07-14 17:04:43.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/authlogin.fc	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/authlogin.fc	2006-10-19 12:29:41.000000000 -0400
 @@ -32,6 +32,7 @@
  /var/log/btmp.*		--	gen_context(system_u:object_r:faillog_t,s0)
  /var/log/dmesg		--	gen_context(system_u:object_r:var_log_t,s0)
@@ -2277,9 +2309,9 @@
  /var/log/lastlog	--	gen_context(system_u:object_r:lastlog_t,s0)
  /var/log/syslog		--	gen_context(system_u:object_r:var_log_t,s0)
  /var/log/wtmp.*		--	gen_context(system_u:object_r:wtmp_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.3.19/policy/modules/system/authlogin.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.4/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2006-10-16 12:20:19.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/authlogin.if	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/authlogin.if	2006-10-19 12:29:41.000000000 -0400
 @@ -230,7 +230,7 @@
  	seutil_read_config($1)
  	seutil_read_default_contexts($1)
@@ -2289,9 +2321,9 @@
  		files_polyinstantiate_all($1)
  	')
  ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/clock.te serefpolicy-2.3.19/policy/modules/system/clock.te
---- nsaserefpolicy/policy/modules/system/clock.te	2006-08-28 16:22:32.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/clock.te	2006-10-18 15:40:33.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/clock.te serefpolicy-2.4/policy/modules/system/clock.te
+--- nsaserefpolicy/policy/modules/system/clock.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/clock.te	2006-10-19 12:29:41.000000000 -0400
 @@ -25,10 +25,13 @@
  dontaudit hwclock_t self:capability sys_tty_config;
  allow hwclock_t self:process signal_perms;
@@ -2306,9 +2338,9 @@
  kernel_read_kernel_sysctls(hwclock_t)
  kernel_list_proc(hwclock_t)
  kernel_read_proc_symlinks(hwclock_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.3.19/policy/modules/system/fstools.te
---- nsaserefpolicy/policy/modules/system/fstools.te	2006-09-22 14:07:06.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/fstools.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.4/policy/modules/system/fstools.te
+--- nsaserefpolicy/policy/modules/system/fstools.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/fstools.te	2006-10-19 12:29:41.000000000 -0400
 @@ -9,7 +9,7 @@
  type fsadm_t;
  type fsadm_exec_t;
@@ -2326,9 +2358,9 @@
  mls_file_write_down(fsadm_t)
  
  storage_raw_read_fixed_disk(fsadm_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-2.3.19/policy/modules/system/getty.te
---- nsaserefpolicy/policy/modules/system/getty.te	2006-10-16 12:20:19.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/getty.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-2.4/policy/modules/system/getty.te
+--- nsaserefpolicy/policy/modules/system/getty.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/getty.te	2006-10-19 12:29:41.000000000 -0400
 @@ -33,7 +33,8 @@
  #
  
@@ -2339,9 +2371,9 @@
  dontaudit getty_t self:capability sys_tty_config;
  allow getty_t self:process { getpgid getsession signal_perms };
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.3.19/policy/modules/system/hostname.te
---- nsaserefpolicy/policy/modules/system/hostname.te	2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/hostname.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.4/policy/modules/system/hostname.te
+--- nsaserefpolicy/policy/modules/system/hostname.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/hostname.te	2006-10-19 12:29:41.000000000 -0400
 @@ -8,8 +8,12 @@
  
  type hostname_t;
@@ -2356,9 +2388,9 @@
  
  ########################################
  #
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-2.3.19/policy/modules/system/init.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-2.4/policy/modules/system/init.fc
 --- nsaserefpolicy/policy/modules/system/init.fc	2006-08-25 13:29:58.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/init.fc	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/init.fc	2006-10-19 12:29:41.000000000 -0400
 @@ -66,3 +66,6 @@
  /var/run/sysconfig(/.*)?	gen_context(system_u:object_r:initrc_var_run_t,s0)
  ')
@@ -2366,9 +2398,9 @@
 +# Until their is a policy for pcscd we need these
 +/var/run/pcscd\.pub	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
 +/var/run/pcscd\.pid	--	gen_context(system_u:object_r:initrc_var_run_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.3.19/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te	2006-10-16 12:20:18.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/init.te	2006-10-18 11:05:11.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.4/policy/modules/system/init.te
+--- nsaserefpolicy/policy/modules/system/init.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/init.te	2006-10-19 12:29:41.000000000 -0400
 @@ -132,6 +132,7 @@
  mcs_process_set_categories(init_t)
  
@@ -2407,9 +2439,9 @@
  ',`
  	# cjp: require doesnt work in the else of optionals :\
  	# this also would result in a type transition
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.fc serefpolicy-2.3.19/policy/modules/system/iscsi.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.fc serefpolicy-2.4/policy/modules/system/iscsi.fc
 --- nsaserefpolicy/policy/modules/system/iscsi.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.19/policy/modules/system/iscsi.fc	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/iscsi.fc	2006-10-19 12:29:41.000000000 -0400
 @@ -0,0 +1,9 @@
 +# iscsid executable will have:
 +# label: system_u:object_r:iscsid_exec_t
@@ -2420,9 +2452,9 @@
 +/var/run/iscsid.pid	--	gen_context(system_u:object_r:iscsi_var_run_t,s0)
 +/var/lib/iscsi(/.*)?	--	gen_context(system_u:object_r:iscsi_var_lib_t,s0)
 +/var/lock/iscsi(/.*)?	--	gen_context(system_u:object_r:iscsi_lock_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-2.3.19/policy/modules/system/iscsi.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-2.4/policy/modules/system/iscsi.if
 --- nsaserefpolicy/policy/modules/system/iscsi.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.19/policy/modules/system/iscsi.if	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/iscsi.if	2006-10-19 12:29:41.000000000 -0400
 @@ -0,0 +1,24 @@
 +## <summary>policy for iscsid</summary>
 +
@@ -2448,9 +2480,9 @@
 +	allow iscsid_t $1:fifo_file rw_file_perms;
 +	allow iscsid_t $1:process sigchld;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-2.3.19/policy/modules/system/iscsi.te
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-2.4/policy/modules/system/iscsi.te
 --- nsaserefpolicy/policy/modules/system/iscsi.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.19/policy/modules/system/iscsi.te	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/iscsi.te	2006-10-19 12:29:41.000000000 -0400
 @@ -0,0 +1,94 @@
 +policy_module(iscsid,1.0.0)
 +
@@ -2546,9 +2578,9 @@
 +
 +# I hope this is ok - ~J
 +allow iscsid_t self:capability dac_override;
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.3.19/policy/modules/system/libraries.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.4/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2006-10-16 12:20:18.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/libraries.fc	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/libraries.fc	2006-10-19 12:29:41.000000000 -0400
 @@ -74,11 +74,12 @@
  /opt/(.*/)?lib64(/.*)?				gen_context(system_u:object_r:lib_t,s0)
  /opt/(.*/)?lib64/.+\.so			--	gen_context(system_u:object_r:shlib_t,s0)
@@ -2573,9 +2605,9 @@
  
  /usr/(local/)?Adobe/(.*/)?intellinux/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/(local/)?Adobe/(.*/)?intellinux/sidecars/* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.if serefpolicy-2.3.19/policy/modules/system/locallogin.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.if serefpolicy-2.4/policy/modules/system/locallogin.if
 --- nsaserefpolicy/policy/modules/system/locallogin.if	2006-10-16 12:20:18.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/locallogin.if	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/locallogin.if	2006-10-19 12:29:41.000000000 -0400
 @@ -75,3 +75,40 @@
  
  	allow $1 local_login_t:process signull;
@@ -2617,9 +2649,9 @@
 +
 +	allow $1 local_login_t:key link;
 +')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.3.19/policy/modules/system/logging.te
---- nsaserefpolicy/policy/modules/system/logging.te	2006-10-16 12:20:18.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/logging.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.4/policy/modules/system/logging.te
+--- nsaserefpolicy/policy/modules/system/logging.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/logging.te	2006-10-19 12:29:41.000000000 -0400
 @@ -135,6 +135,7 @@
  
  fs_getattr_all_fs(auditd_t)
@@ -2645,18 +2677,18 @@
  
  seutil_dontaudit_read_config(auditd_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-2.3.19/policy/modules/system/mount.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-2.4/policy/modules/system/mount.fc
 --- nsaserefpolicy/policy/modules/system/mount.fc	2006-07-14 17:04:43.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/mount.fc	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/mount.fc	2006-10-19 12:29:41.000000000 -0400
 @@ -4,4 +4,5 @@
  # mount file contexts
  #
  /bin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
 +/usr/bin/fusermount		--	gen_context(system_u:object_r:mount_exec_t,s0)
  /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.3.19/policy/modules/system/mount.te
---- nsaserefpolicy/policy/modules/system/mount.te	2006-09-15 13:14:27.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/mount.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.4/policy/modules/system/mount.te
+--- nsaserefpolicy/policy/modules/system/mount.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/mount.te	2006-10-19 12:29:41.000000000 -0400
 @@ -9,6 +9,7 @@
  type mount_t;
  type mount_exec_t;
@@ -2673,9 +2705,9 @@
  
  userdom_use_all_users_fds(mount_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-2.3.19/policy/modules/system/raid.te
---- nsaserefpolicy/policy/modules/system/raid.te	2006-09-29 14:28:02.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/raid.te	2006-10-18 11:38:01.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-2.4/policy/modules/system/raid.te
+--- nsaserefpolicy/policy/modules/system/raid.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/raid.te	2006-10-19 12:29:41.000000000 -0400
 @@ -22,7 +22,9 @@
  allow mdadm_t self:capability { dac_override sys_admin ipc_lock };
  dontaudit mdadm_t self:capability sys_tty_config;
@@ -2703,9 +2735,9 @@
  
  domain_use_interactive_fds(mdadm_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.3.19/policy/modules/system/selinuxutil.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.4/policy/modules/system/selinuxutil.if
 --- nsaserefpolicy/policy/modules/system/selinuxutil.if	2006-09-15 13:14:26.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/selinuxutil.if	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/selinuxutil.if	2006-10-19 12:29:41.000000000 -0400
 @@ -692,7 +692,7 @@
  	')
  
@@ -2726,9 +2758,9 @@
  ')
  
  ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.3.19/policy/modules/system/selinuxutil.te
---- nsaserefpolicy/policy/modules/system/selinuxutil.te	2006-10-16 12:20:19.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/selinuxutil.te	2006-10-19 08:31:52.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.4/policy/modules/system/selinuxutil.te
+--- nsaserefpolicy/policy/modules/system/selinuxutil.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/selinuxutil.te	2006-10-19 12:29:41.000000000 -0400
 @@ -270,6 +270,7 @@
  mls_file_upgrade(newrole_t)
  mls_file_downgrade(newrole_t)
@@ -2772,9 +2804,9 @@
  selinux_get_enforce_mode(semanage_t)
  # for setsebool:
  selinux_set_boolean(semanage_t)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-2.3.19/policy/modules/system/setrans.te
---- nsaserefpolicy/policy/modules/system/setrans.te	2006-10-16 12:20:18.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/setrans.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-2.4/policy/modules/system/setrans.te
+--- nsaserefpolicy/policy/modules/system/setrans.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/setrans.te	2006-10-19 12:29:41.000000000 -0400
 @@ -56,7 +56,9 @@
  mls_file_read_up(setrans_t)
  mls_file_write_down(setrans_t)
@@ -2785,9 +2817,9 @@
  
  selinux_compute_access_vector(setrans_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.3.19/policy/modules/system/unconfined.if
---- nsaserefpolicy/policy/modules/system/unconfined.if	2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/unconfined.if	2006-10-18 11:03:32.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.4/policy/modules/system/unconfined.if
+--- nsaserefpolicy/policy/modules/system/unconfined.if	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/unconfined.if	2006-10-19 12:29:41.000000000 -0400
 @@ -31,6 +31,7 @@
  	allow $1 self:nscd *;
  	allow $1 self:dbus *;
@@ -2821,9 +2853,9 @@
  ##	Connect to the unconfined domain using
  ##	a unix domain stream socket.
  ## </summary>
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.3.19/policy/modules/system/unconfined.te
---- nsaserefpolicy/policy/modules/system/unconfined.te	2006-10-16 12:20:19.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/unconfined.te	2006-10-17 15:44:53.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.4/policy/modules/system/unconfined.te
+--- nsaserefpolicy/policy/modules/system/unconfined.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/unconfined.te	2006-10-19 12:29:41.000000000 -0400
 @@ -59,13 +59,9 @@
  		bind_domtrans_ndc(unconfined_t)
  	')
@@ -2872,9 +2904,9 @@
  	allow unconfined_execmem_t self:process { execstack execmem };
  	unconfined_domain_noaudit(unconfined_execmem_t)
  
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.3.19/policy/modules/system/userdomain.if
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.4/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2006-10-17 13:47:44.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/userdomain.if	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/userdomain.if	2006-10-19 12:29:41.000000000 -0400
 @@ -3995,12 +3995,7 @@
  #
  interface(`userdom_manage_staff_home_dirs',`
@@ -3051,9 +3083,9 @@
 +	allow $1 user_exec_type:file { relabelfrom relabelto };
 +')
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.3.19/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te	2006-10-17 13:47:44.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/userdomain.te	2006-10-19 08:21:37.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.4/policy/modules/system/userdomain.te
+--- nsaserefpolicy/policy/modules/system/userdomain.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/userdomain.te	2006-10-19 12:29:41.000000000 -0400
 @@ -24,6 +24,9 @@
  # users home directory contents
  attribute home_type;
@@ -3109,9 +3141,9 @@
  		usermanage_run_admin_passwd(sysadm_t,sysadm_r,admin_terminal)
  		usermanage_run_groupadd(sysadm_t,sysadm_r,admin_terminal)
  		usermanage_run_useradd(sysadm_t,sysadm_r,admin_terminal)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.3.19/policy/modules/system/xen.fc
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-2.4/policy/modules/system/xen.fc
 --- nsaserefpolicy/policy/modules/system/xen.fc	2006-09-22 14:07:07.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/xen.fc	2006-10-18 16:14:25.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/xen.fc	2006-10-19 12:29:41.000000000 -0400
 @@ -2,6 +2,7 @@
  /usr/sbin/xend		--	gen_context(system_u:object_r:xend_exec_t,s0)
  /usr/sbin/xenstored	--	gen_context(system_u:object_r:xenstored_exec_t,s0)
@@ -3125,10 +3157,19 @@
  
  /xen(/.*)?			gen_context(system_u:object_r:xen_image_t,s0)
 +/dev/xen/tapctrl.*	-p	gen_context(system_u:object_r:xenctl_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.3.19/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te	2006-09-22 14:07:07.000000000 -0400
-+++ serefpolicy-2.3.19/policy/modules/system/xen.te	2006-10-18 16:30:40.000000000 -0400
-@@ -63,12 +63,15 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.4/policy/modules/system/xen.te
+--- nsaserefpolicy/policy/modules/system/xen.te	2006-10-19 11:47:40.000000000 -0400
++++ serefpolicy-2.4/policy/modules/system/xen.te	2006-10-20 17:06:47.000000000 -0400
+@@ -14,6 +14,8 @@
+ # Xen Image files
+ type xen_image_t; # customizable
+ files_type(xen_image_t)
++# xen_image_t can be assigned to blk devices
++dev_node(xen_image_t)
+ 
+ type xend_t;
+ type xend_exec_t;
+@@ -63,12 +65,15 @@
  domain_type(xm_t)
  init_daemon_domain(xm_t, xm_exec_t)
  
@@ -3145,7 +3186,15 @@
  dontaudit xend_t self:capability { sys_ptrace };
  allow xend_t self:process { signal sigkill };
  dontaudit xend_t self:process ptrace;
-@@ -132,6 +135,7 @@
+@@ -82,6 +87,7 @@
+ 
+ allow xend_t xen_image_t:dir r_dir_perms;
+ allow xend_t xen_image_t:file rw_file_perms;
++allow xend_t xen_image_t:blk_file rw_file_perms;
+ 
+ # pid file
+ allow xend_t xend_var_run_t:file manage_file_perms;
+@@ -132,6 +138,7 @@
  corenet_tcp_bind_soundd_port(xend_t)
  corenet_tcp_bind_generic_port(xend_t)
  corenet_tcp_bind_vnc_port(xend_t)
@@ -3153,7 +3202,7 @@
  corenet_sendrecv_xen_server_packets(xend_t)
  corenet_sendrecv_soundd_server_packets(xend_t)
  corenet_rw_tun_tap_dev(xend_t)
-@@ -176,6 +180,7 @@
+@@ -176,6 +183,7 @@
  sysnet_dns_name_resolve(xend_t)
  sysnet_delete_dhcpc_pid(xend_t)
  sysnet_read_dhcpc_pid(xend_t)
@@ -3161,7 +3210,7 @@
  
  userdom_dontaudit_search_sysadm_home_dirs(xend_t)
  
-@@ -187,6 +192,18 @@
+@@ -187,6 +195,18 @@
  	consoletype_exec(xend_t)
  ')
  
@@ -3180,7 +3229,7 @@
  ########################################
  #
  # Xen console local policy
-@@ -195,7 +212,6 @@
+@@ -195,7 +215,6 @@
  allow xenconsoled_t self:capability { dac_override fsetid ipc_lock };
  allow xenconsoled_t self:unix_stream_socket create_stream_socket_perms;
  allow xenconsoled_t self:fifo_file { read write };
@@ -3188,7 +3237,7 @@
  allow xenconsoled_t xen_devpts_t:chr_file rw_term_perms;
  
  # pid file
-@@ -203,6 +219,7 @@
+@@ -203,6 +222,7 @@
  allow xenconsoled_t xenconsoled_var_run_t:sock_file manage_file_perms;
  allow xenconsoled_t xenconsoled_var_run_t:dir rw_dir_perms;
  files_pid_filetrans(xenconsoled_t,xenconsoled_var_run_t, { file sock_file })
@@ -3196,7 +3245,7 @@
  
  kernel_read_kernel_sysctls(xenconsoled_t)
  kernel_write_xen_state(xenconsoled_t)
-@@ -245,6 +262,7 @@
+@@ -245,6 +265,7 @@
  allow xenstored_t xenstored_var_lib_t:sock_file create_file_perms;
  allow xenstored_t xenstored_var_lib_t:dir create_dir_perms;
  files_var_lib_filetrans(xenstored_t,xenstored_var_lib_t,{ file dir sock_file })
@@ -3204,7 +3253,7 @@
  
  kernel_write_xen_state(xenstored_t)
  kernel_read_xen_state(xenstored_t)
-@@ -278,7 +296,14 @@
+@@ -278,7 +299,14 @@
  
  # internal communication is often done using fifo and unix sockets.
  allow xm_t self:fifo_file { read write };
@@ -3220,14 +3269,14 @@
  
  allow xm_t xend_var_lib_t:dir rw_dir_perms;
  allow xm_t xend_var_lib_t:fifo_file create_file_perms;
-@@ -317,3 +342,4 @@
+@@ -317,3 +345,4 @@
  xen_append_log(xm_t)
  xen_stream_connect(xm_t)
  xen_stream_connect_xenstore(xm_t)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.3.19/Rules.modular
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.4/Rules.modular
 --- nsaserefpolicy/Rules.modular	2006-10-16 12:20:19.000000000 -0400
-+++ serefpolicy-2.3.19/Rules.modular	2006-10-17 15:44:53.000000000 -0400
++++ serefpolicy-2.4/Rules.modular	2006-10-19 12:29:41.000000000 -0400
 @@ -219,6 +219,16 @@
  
  ########################################


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.318
retrieving revision 1.319
diff -u -r1.318 -r1.319
--- selinux-policy.spec	19 Oct 2006 15:52:02 -0000	1.318
+++ selinux-policy.spec	20 Oct 2006 21:08:15 -0000	1.319
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.4
-Release: 1
+Release: 2
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -351,6 +351,10 @@
 %endif
 
 %changelog
+* Fri Oct 20 2006 Dan Walsh <dwalsh redhat com> 2.4-2
+- Allow procemail to look at autofs_t
+- Allow xen_image_t to work as a fixed device
+
 * Thu Oct 19 2006 Dan Walsh <dwalsh redhat com> 2.4-1
 - Refupdate from upstream
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]