rpms/selinux-policy/devel policy-20060829.patch, 1.5, 1.6 selinux-policy.spec, 1.267, 1.268
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Sep 1 14:58:40 UTC 2006
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv2701
Modified Files:
policy-20060829.patch selinux-policy.spec
Log Message:
* Fri Sep 1 2006 Dan Walsh <dwalsh at redhat.com> 2.3.10-7
- Fix suspend to disk problems
policy-20060829.patch:
admin/amanda.fc | 50 -----
admin/anaconda.te | 11 +
admin/bootloader.fc | 2
admin/bootloader.te | 2
admin/consoletype.te | 7
admin/firstboot.te | 10 -
admin/rpm.fc | 2
admin/rpm.if | 13 -
apps/java.fc | 2
apps/mono.te | 1
kernel/corecommands.fc | 2
kernel/corecommands.if | 1
kernel/corenetwork.te.in | 4
kernel/devices.fc | 2
kernel/files.fc | 1
kernel/filesystem.te | 2
kernel/kernel.if | 39 ++++
kernel/terminal.fc | 2
kernel/terminal.if | 2
services/amavis.te | 1
services/apache.te | 2
services/bluetooth.te | 5
services/ccs.fc | 8
services/ccs.if | 65 +++++++
services/ccs.te | 87 +++++++++
services/clamav.te | 1
services/cron.if | 8
services/cron.te | 1
services/cyrus.te | 1
services/dbus.if | 1
services/dovecot.te | 2
services/hal.te | 9 -
services/ldap.te | 2
services/networkmanager.te | 4
services/ntp.te | 6
services/oddjob.fc | 8
services/oddjob.if | 76 ++++++++
services/oddjob.te | 73 ++++++++
services/oddjob_mkhomedir.fc | 6
services/oddjob_mkhomedir.if | 24 ++
services/oddjob_mkhomedir.te | 29 +++
services/pegasus.if | 31 +++
services/pegasus.te | 5
services/postfix.te | 6
services/procmail.te | 1
services/pyzor.te | 9 -
services/rhgb.te | 1
services/ricci.fc | 20 ++
services/ricci.if | 184 ++++++++++++++++++++
services/ricci.te | 386 +++++++++++++++++++++++++++++++++++++++++++
services/rpc.te | 1
services/setroubleshoot.fc | 9 +
services/setroubleshoot.if | 3
services/setroubleshoot.te | 117 +++++++++++++
services/spamassassin.te | 1
services/ssh.if | 24 ++
services/stunnel.te | 2
services/xserver.if | 84 +++++++++
services/xserver.te | 4
system/fstools.te | 1
system/hostname.te | 5
system/hotplug.te | 2
system/init.te | 3
system/logging.fc | 1
system/lvm.te | 2
system/modutils.te | 1
system/mount.te | 4
system/selinuxutil.fc | 1
system/selinuxutil.te | 11 +
system/setrans.te | 2
system/udev.te | 5
system/unconfined.fc | 1
system/unconfined.if | 1
system/userdomain.if | 246 ++++++++++++++++++---------
system/userdomain.te | 48 ++---
75 files changed, 1602 insertions(+), 194 deletions(-)
Index: policy-20060829.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20060829.patch,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- policy-20060829.patch 31 Aug 2006 21:39:01 -0000 1.5
+++ policy-20060829.patch 1 Sep 2006 14:58:36 -0000 1.6
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.fc serefpolicy-2.3.10/policy/modules/admin/amanda.fc
--- nsaserefpolicy/policy/modules/admin/amanda.fc 2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/admin/amanda.fc 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/admin/amanda.fc 2006-08-31 17:15:03.000000000 -0400
@@ -11,61 +11,11 @@
/usr/lib(64)?/amanda -d gen_context(system_u:object_r:amanda_usr_lib_t,s0)
/usr/lib(64)?/amanda/.+ -- gen_context(system_u:object_r:amanda_exec_t,s0)
@@ -65,7 +65,7 @@
/var/lib/amanda/index gen_context(system_u:object_r:amanda_data_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-2.3.10/policy/modules/admin/anaconda.te
--- nsaserefpolicy/policy/modules/admin/anaconda.te 2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/admin/anaconda.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/admin/anaconda.te 2006-08-31 17:15:03.000000000 -0400
@@ -60,3 +60,14 @@
optional_policy(`
usermanage_domtrans_admin_passwd(anaconda_t)
@@ -83,16 +83,28 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.3.10/policy/modules/admin/bootloader.fc
--- nsaserefpolicy/policy/modules/admin/bootloader.fc 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/admin/bootloader.fc 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/admin/bootloader.fc 2006-08-31 17:15:03.000000000 -0400
@@ -10,3 +10,5 @@
/sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0)
/sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
+/boot/grup/.* -- gen_context(system_u:object_r:boot_runtime_t,s0)
+/boot/grup/slapsh.xpm.gz -- gen_context(system_u:object_r:boot_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.3.10/policy/modules/admin/bootloader.te
+--- nsaserefpolicy/policy/modules/admin/bootloader.te 2006-08-29 09:00:30.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/admin/bootloader.te 2006-09-01 06:23:48.000000000 -0400
+@@ -161,7 +161,7 @@
+ allow bootloader_t self:capability ipc_lock;
+
+ # new file system defaults to file_t, granting file_t access is still bad.
+- allow bootloader_t boot_runtime_t:file { r_file_perms unlink };
++ allow bootloader_t boot_runtime_t:file { rw_file_perms unlink };
+
+ # mkinitrd mount initrd on bootloader temp dir
+ files_mountpoint(bootloader_tmp_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.3.10/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/admin/consoletype.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/admin/consoletype.te 2006-08-31 17:15:03.000000000 -0400
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -109,7 +121,7 @@
role system_r types consoletype_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-2.3.10/policy/modules/admin/firstboot.te
--- nsaserefpolicy/policy/modules/admin/firstboot.te 2006-08-29 09:00:30.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/admin/firstboot.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/admin/firstboot.te 2006-08-31 17:15:03.000000000 -0400
@@ -38,9 +38,8 @@
allow firstboot_t firstboot_etc_t:file { getattr read };
@@ -136,7 +148,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.3.10/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-07-14 17:04:46.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/admin/rpm.fc 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/admin/rpm.fc 2006-08-31 17:15:03.000000000 -0400
@@ -19,6 +19,8 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -148,7 +160,7 @@
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.3.10/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2006-08-02 10:34:09.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/admin/rpm.if 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/admin/rpm.if 2006-08-31 17:15:03.000000000 -0400
@@ -75,12 +75,13 @@
')
@@ -171,7 +183,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-2.3.10/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/apps/java.fc 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/apps/java.fc 2006-08-31 17:15:03.000000000 -0400
@@ -1,7 +1,7 @@
#
# /opt
@@ -183,7 +195,7 @@
# /usr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-2.3.10/policy/modules/apps/mono.te
--- nsaserefpolicy/policy/modules/apps/mono.te 2006-07-14 17:04:31.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/apps/mono.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/apps/mono.te 2006-08-31 17:15:03.000000000 -0400
@@ -21,6 +21,7 @@
allow mono_t self:process { execheap execmem };
unconfined_domain_noaudit(mono_t)
@@ -194,7 +206,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.3.10/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/kernel/corecommands.fc 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/kernel/corecommands.fc 2006-08-31 17:15:03.000000000 -0400
@@ -54,7 +54,9 @@
/etc/rc\.d/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0)
@@ -207,7 +219,7 @@
/etc/X11/xdm/TakeConsole -- gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.3.10/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/kernel/corecommands.if 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/kernel/corecommands.if 2006-08-31 17:15:03.000000000 -0400
@@ -950,6 +950,7 @@
allow $1 exec_type:file manage_file_perms;
@@ -218,7 +230,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.3.10/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/kernel/corenetwork.te.in 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/kernel/corenetwork.te.in 2006-08-31 17:15:03.000000000 -0400
@@ -67,12 +67,14 @@
network_port(clamd, tcp,3310,s0)
network_port(clockspeed, udp,4041,s0)
@@ -245,7 +257,7 @@
network_port(router, udp,520,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.3.10/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/kernel/devices.fc 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/kernel/devices.fc 2006-08-31 17:15:03.000000000 -0400
@@ -3,7 +3,7 @@
/dev/.* gen_context(system_u:object_r:device_t,s0)
@@ -257,7 +269,7 @@
/dev/amidi.* -c gen_context(system_u:object_r:sound_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.3.10/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2006-08-02 10:34:05.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/kernel/files.fc 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/kernel/files.fc 2006-08-31 17:15:03.000000000 -0400
@@ -57,6 +57,7 @@
/etc/motd -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/nohotplug -- gen_context(system_u:object_r:etc_runtime_t,s0)
@@ -268,7 +280,7 @@
/etc/cups/client\.conf -- gen_context(system_u:object_r:etc_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.3.10/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2006-08-25 13:29:57.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/kernel/filesystem.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/kernel/filesystem.te 2006-08-31 17:15:03.000000000 -0400
@@ -24,6 +24,7 @@
fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0);
fs_use_xattr ext3 gen_context(system_u:object_r:fs_t,s0);
@@ -287,7 +299,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.3.10/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/kernel/kernel.if 2006-08-31 13:53:01.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/kernel/kernel.if 2006-08-31 17:15:03.000000000 -0400
@@ -2122,3 +2122,42 @@
typeattribute $1 kern_unconfined;
@@ -333,7 +345,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-2.3.10/policy/modules/kernel/terminal.fc
--- nsaserefpolicy/policy/modules/kernel/terminal.fc 2006-08-20 10:55:49.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/kernel/terminal.fc 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/kernel/terminal.fc 2006-08-31 17:15:03.000000000 -0400
@@ -34,3 +34,5 @@
# used by init scripts to initally populate udev /dev
/lib/udev/devices/console -c gen_context(system_u:object_r:console_device_t,s0)
@@ -342,7 +354,7 @@
+/dev/xvc[0-9]* -c gen_context(system_u:object_r:tty_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.3.10/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2006-08-29 09:00:26.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/kernel/terminal.if 2006-08-31 17:07:22.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/kernel/terminal.if 2006-08-31 17:15:03.000000000 -0400
@@ -886,7 +886,7 @@
type tty_device_t;
')
@@ -354,7 +366,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-2.3.10/policy/modules/services/amavis.te
--- nsaserefpolicy/policy/modules/services/amavis.te 2006-08-29 09:00:27.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/amavis.te 2006-08-31 14:21:10.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/amavis.te 2006-08-31 17:15:03.000000000 -0400
@@ -155,6 +155,7 @@
ifdef(`targeted_policy',`
@@ -365,7 +377,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.3.10/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/apache.te 2006-08-31 14:21:37.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/apache.te 2006-08-31 17:15:03.000000000 -0400
@@ -268,6 +268,7 @@
seutil_dontaudit_search_config(httpd_t)
@@ -382,7 +394,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.3.10/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/bluetooth.te 2006-08-31 14:22:12.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/bluetooth.te 2006-08-31 17:15:03.000000000 -0400
@@ -217,14 +217,17 @@
fs_rw_tmpfs_files(bluetooth_helper_t)
@@ -404,7 +416,7 @@
xserver_rw_xdm_pipes(bluetooth_helper_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-2.3.10/policy/modules/services/ccs.fc
--- nsaserefpolicy/policy/modules/services/ccs.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.10/policy/modules/services/ccs.fc 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/ccs.fc 2006-08-31 17:15:03.000000000 -0400
@@ -0,0 +1,8 @@
+# ccs executable will have:
+# label: system_u:object_r:ccs_exec_t
@@ -416,7 +428,7 @@
+/etc/cluster(/.*)? gen_context(system_u:object_r:cluster_conf_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.if serefpolicy-2.3.10/policy/modules/services/ccs.if
--- nsaserefpolicy/policy/modules/services/ccs.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.10/policy/modules/services/ccs.if 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/ccs.if 2006-08-31 17:15:03.000000000 -0400
@@ -0,0 +1,65 @@
+## <summary>policy for ccs</summary>
+
@@ -485,7 +497,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.3.10/policy/modules/services/ccs.te
--- nsaserefpolicy/policy/modules/services/ccs.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.10/policy/modules/services/ccs.te 2006-08-31 14:30:14.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/ccs.te 2006-08-31 17:15:03.000000000 -0400
@@ -0,0 +1,87 @@
+policy_module(ccs,1.0.0)
+
@@ -576,7 +588,7 @@
+allow ccs_t cluster_conf_t:file rw_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-2.3.10/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/clamav.te 2006-08-31 14:23:12.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/clamav.te 2006-08-31 17:15:03.000000000 -0400
@@ -121,6 +121,7 @@
cron_rw_pipes(clamd_t)
@@ -587,7 +599,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.3.10/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/cron.if 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/cron.if 2006-08-31 17:15:03.000000000 -0400
@@ -181,6 +181,7 @@
allow $1_crontab_t $2:fd use;
allow $1_crontab_t $2:fifo_file rw_file_perms;
@@ -619,7 +631,7 @@
allow $1 system_crond_t:process sigchld;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.3.10/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/cron.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/cron.te 2006-08-31 17:15:03.000000000 -0400
@@ -175,6 +175,7 @@
allow crond_t crond_tmp_t:dir create_dir_perms;
allow crond_t crond_tmp_t:file create_file_perms;
@@ -628,9 +640,20 @@
')
tunable_policy(`fcron_crond', `
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-2.3.10/policy/modules/services/cyrus.te
+--- nsaserefpolicy/policy/modules/services/cyrus.te 2006-08-29 09:00:28.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/cyrus.te 2006-09-01 10:23:58.000000000 -0400
+@@ -93,6 +93,7 @@
+ files_list_var_lib(cyrus_t)
+ files_read_etc_files(cyrus_t)
+ files_read_etc_runtime_files(cyrus_t)
++files_read_usr_files(cyrus_t)
+
+ init_use_fds(cyrus_t)
+ init_use_script_ptys(cyrus_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.3.10/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/dbus.if 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/dbus.if 2006-08-31 17:15:03.000000000 -0400
@@ -123,6 +123,7 @@
selinux_compute_relabel_context($1_dbusd_t)
selinux_compute_user_contexts($1_dbusd_t)
@@ -641,7 +664,7 @@
corecmd_read_bin_files($1_dbusd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.3.10/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/dovecot.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/dovecot.te 2006-08-31 17:15:03.000000000 -0400
@@ -168,7 +168,7 @@
# Allow dovecot to create and read SSL parameters file
allow dovecot_t dovecot_var_lib_t:dir rw_dir_perms;
@@ -653,8 +676,16 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.3.10/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2006-08-23 12:14:53.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/hal.te 2006-08-31 14:24:22.000000000 -0400
-@@ -110,9 +110,11 @@
++++ serefpolicy-2.3.10/policy/modules/services/hal.te 2006-09-01 06:27:45.000000000 -0400
+@@ -78,6 +78,7 @@
+ dev_rw_sysfs(hald_t)
+
+ domain_use_interactive_fds(hald_t)
++domain_read_all_domains_state(hald_t)
+
+ files_exec_etc_files(hald_t)
+ files_read_etc_files(hald_t)
+@@ -110,9 +111,11 @@
storage_raw_read_fixed_disk(hald_t)
storage_raw_write_fixed_disk(hald_t)
@@ -671,7 +702,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-2.3.10/policy/modules/services/ldap.te
--- nsaserefpolicy/policy/modules/services/ldap.te 2006-08-16 08:46:30.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/ldap.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/ldap.te 2006-08-31 17:15:03.000000000 -0400
@@ -72,7 +72,7 @@
allow slapd_t slapd_var_run_t:file create_file_perms;
@@ -683,7 +714,7 @@
kernel_read_kernel_sysctls(slapd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.3.10/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/networkmanager.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/networkmanager.te 2006-08-31 17:15:03.000000000 -0400
@@ -18,9 +18,9 @@
# Local policy
#
@@ -698,7 +729,7 @@
allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.3.10/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2006-08-23 12:14:54.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/ntp.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/ntp.te 2006-08-31 17:15:03.000000000 -0400
@@ -32,7 +32,7 @@
# sys_resource and setrlimit is for locking memory
@@ -721,7 +752,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-2.3.10/policy/modules/services/oddjob.fc
--- nsaserefpolicy/policy/modules/services/oddjob.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.10/policy/modules/services/oddjob.fc 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/oddjob.fc 2006-08-31 17:15:03.000000000 -0400
@@ -0,0 +1,8 @@
+# oddjob executable will have:
+# label: system_u:object_r:oddjob_exec_t
@@ -733,7 +764,7 @@
+/usr/lib/oddjobd gen_context(system_u:object_r:oddjob_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-2.3.10/policy/modules/services/oddjob.if
--- nsaserefpolicy/policy/modules/services/oddjob.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.10/policy/modules/services/oddjob.if 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/oddjob.if 2006-08-31 17:15:03.000000000 -0400
@@ -0,0 +1,76 @@
+## <summary>policy for oddjob</summary>
+
@@ -813,7 +844,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.fc serefpolicy-2.3.10/policy/modules/services/oddjob_mkhomedir.fc
--- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.10/policy/modules/services/oddjob_mkhomedir.fc 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/oddjob_mkhomedir.fc 2006-08-31 17:15:03.000000000 -0400
@@ -0,0 +1,6 @@
+# oddjob_mkhomedir executable will have:
+# label: system_u:object_r:oddjob_mkhomedir_exec_t
@@ -823,7 +854,7 @@
+/usr/lib/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.if serefpolicy-2.3.10/policy/modules/services/oddjob_mkhomedir.if
--- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.10/policy/modules/services/oddjob_mkhomedir.if 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/oddjob_mkhomedir.if 2006-08-31 17:15:03.000000000 -0400
@@ -0,0 +1,24 @@
+## <summary>policy for oddjob_mkhomedir</summary>
+
@@ -851,7 +882,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.te serefpolicy-2.3.10/policy/modules/services/oddjob_mkhomedir.te
--- nsaserefpolicy/policy/modules/services/oddjob_mkhomedir.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.10/policy/modules/services/oddjob_mkhomedir.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/oddjob_mkhomedir.te 2006-08-31 17:15:03.000000000 -0400
@@ -0,0 +1,29 @@
+policy_module(oddjob_mkhomedir,1.0.0)
+
@@ -884,7 +915,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-2.3.10/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.10/policy/modules/services/oddjob.te 2006-08-31 14:25:14.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/oddjob.te 2006-08-31 17:15:03.000000000 -0400
@@ -0,0 +1,73 @@
+policy_module(oddjob,1.0.0)
+
@@ -961,7 +992,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.3.10/policy/modules/services/pegasus.if
--- nsaserefpolicy/policy/modules/services/pegasus.if 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/pegasus.if 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/pegasus.if 2006-08-31 17:15:03.000000000 -0400
@@ -1 +1,32 @@
## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
+
@@ -997,7 +1028,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.3.10/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2006-08-23 12:14:54.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/pegasus.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/pegasus.te 2006-08-31 17:15:03.000000000 -0400
@@ -100,13 +100,12 @@
auth_use_nsswitch(pegasus_t)
@@ -1016,7 +1047,7 @@
hostname_exec(pegasus_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.3.10/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/postfix.te 2006-08-31 17:09:24.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/postfix.te 2006-08-31 17:15:03.000000000 -0400
@@ -171,6 +171,11 @@
mta_rw_aliases(postfix_master_t)
mta_read_sendmail_bin(postfix_master_t)
@@ -1039,7 +1070,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.3.10/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2006-08-23 12:14:54.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/procmail.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/procmail.te 2006-08-31 17:15:03.000000000 -0400
@@ -29,6 +29,7 @@
kernel_read_kernel_sysctls(procmail_t)
@@ -1050,7 +1081,7 @@
corenet_tcp_sendrecv_all_nodes(procmail_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-2.3.10/policy/modules/services/pyzor.te
--- nsaserefpolicy/policy/modules/services/pyzor.te 2006-08-23 12:14:54.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/pyzor.te 2006-08-31 14:25:59.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/pyzor.te 2006-08-31 17:15:03.000000000 -0400
@@ -58,6 +58,8 @@
miscfiles_read_localization(pyzor_t)
@@ -1076,7 +1107,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-2.3.10/policy/modules/services/rhgb.te
--- nsaserefpolicy/policy/modules/services/rhgb.te 2006-07-14 17:04:41.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/rhgb.te 2006-08-31 14:26:24.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/rhgb.te 2006-08-31 17:15:03.000000000 -0400
@@ -105,6 +105,7 @@
xserver_read_xkb_libs(rhgb_t)
@@ -1087,7 +1118,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-2.3.10/policy/modules/services/ricci.fc
--- nsaserefpolicy/policy/modules/services/ricci.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.10/policy/modules/services/ricci.fc 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/ricci.fc 2006-08-31 17:15:03.000000000 -0400
@@ -0,0 +1,20 @@
+# ricci executable will have:
+# label: system_u:object_r:ricci_exec_t
@@ -1111,7 +1142,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-2.3.10/policy/modules/services/ricci.if
--- nsaserefpolicy/policy/modules/services/ricci.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.10/policy/modules/services/ricci.if 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/ricci.if 2006-08-31 17:15:03.000000000 -0400
@@ -0,0 +1,184 @@
+## <summary>policy for ricci</summary>
+
@@ -1299,8 +1330,8 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.3.10/policy/modules/services/ricci.te
--- nsaserefpolicy/policy/modules/services/ricci.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.10/policy/modules/services/ricci.te 2006-08-31 14:26:48.000000000 -0400
-@@ -0,0 +1,384 @@
++++ serefpolicy-2.3.10/policy/modules/services/ricci.te 2006-09-01 09:18:14.000000000 -0400
+@@ -0,0 +1,386 @@
+policy_module(ricci,1.0.0)
+
+########################################
@@ -1522,6 +1553,8 @@
+
+locallogin_dontaudit_use_fds(ricci_modclusterd_t)
+
++fs_getattr_xattr_fs(ricci_modclusterd_t)
++
+kernel_read_kernel_sysctls(ricci_modclusterd_t)
+kernel_read_system_state(ricci_modclusterd_t)
+
@@ -1687,7 +1720,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.3.10/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/rpc.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/rpc.te 2006-08-31 17:15:03.000000000 -0400
@@ -39,6 +39,7 @@
allow rpcd_t self:capability { chown dac_override setgid setuid };
@@ -1698,7 +1731,7 @@
allow rpcd_t rpcd_var_run_t:dir { rw_dir_perms setattr };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-2.3.10/policy/modules/services/setroubleshoot.fc
--- nsaserefpolicy/policy/modules/services/setroubleshoot.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.10/policy/modules/services/setroubleshoot.fc 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/setroubleshoot.fc 2006-08-31 17:15:03.000000000 -0400
@@ -0,0 +1,9 @@
+# setroubleshoot executables
+
@@ -1711,14 +1744,14 @@
+/var/lib/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-2.3.10/policy/modules/services/setroubleshoot.if
--- nsaserefpolicy/policy/modules/services/setroubleshoot.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.10/policy/modules/services/setroubleshoot.if 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/setroubleshoot.if 2006-08-31 17:15:03.000000000 -0400
@@ -0,0 +1,3 @@
+## <summary>policy for setroubleshoot</summary>
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.3.10/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.3.10/policy/modules/services/setroubleshoot.te 2006-08-31 14:27:23.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/setroubleshoot.te 2006-08-31 17:15:03.000000000 -0400
@@ -0,0 +1,117 @@
+policy_module(setroubleshoot,1.0.0)
+
@@ -1839,7 +1872,7 @@
+files_getattr_all_dirs(setroubleshootd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.3.10/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/spamassassin.te 2006-08-31 13:51:36.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/spamassassin.te 2006-08-31 17:15:03.000000000 -0400
@@ -134,6 +134,7 @@
term_dontaudit_use_generic_ptys(spamd_t)
files_dontaudit_read_root_files(spamd_t)
@@ -1850,7 +1883,7 @@
userdom_manage_generic_user_home_content_symlinks(spamd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-2.3.10/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2006-08-16 08:46:30.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/ssh.if 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/ssh.if 2006-08-31 17:15:03.000000000 -0400
@@ -711,3 +711,27 @@
dontaudit $1 sshd_key_t:file { getattr read };
@@ -1881,7 +1914,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-2.3.10/policy/modules/services/stunnel.te
--- nsaserefpolicy/policy/modules/services/stunnel.te 2006-08-02 10:34:07.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/stunnel.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/stunnel.te 2006-08-31 17:15:03.000000000 -0400
@@ -38,6 +38,7 @@
allow stunnel_t self:fifo_file rw_file_perms;
allow stunnel_t self:tcp_socket create_stream_socket_perms;
@@ -1900,7 +1933,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.3.10/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/xserver.if 2006-08-31 13:46:39.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/xserver.if 2006-08-31 17:15:03.000000000 -0400
@@ -45,7 +45,6 @@
allow $1_xserver_t self:capability { dac_override fsetid setgid setuid ipc_owner sys_rawio sys_admin sys_nice sys_tty_config mknod net_bind_service };
dontaudit $1_xserver_t self:capability chown;
@@ -2015,7 +2048,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.3.10/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2006-08-29 09:00:28.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/services/xserver.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/services/xserver.te 2006-08-31 17:15:03.000000000 -0400
@@ -292,7 +292,7 @@
')
@@ -2036,7 +2069,7 @@
unconfined_domtrans(xdm_xserver_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.3.10/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/system/fstools.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/system/fstools.te 2006-08-31 17:15:03.000000000 -0400
@@ -111,6 +111,7 @@
corecmd_read_sbin_files(fsadm_t)
corecmd_read_sbin_pipes(fsadm_t)
@@ -2047,7 +2080,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.3.10/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/system/hostname.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/system/hostname.te 2006-08-31 17:15:03.000000000 -0400
@@ -8,7 +8,10 @@
type hostname_t;
@@ -2062,7 +2095,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplug.te serefpolicy-2.3.10/policy/modules/system/hotplug.te
--- nsaserefpolicy/policy/modules/system/hotplug.te 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/system/hotplug.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/system/hotplug.te 2006-08-31 17:15:03.000000000 -0400
@@ -27,7 +27,7 @@
dontaudit hotplug_t self:capability { sys_module sys_admin sys_tty_config };
# for access("/etc/bashrc", X_OK) on Red Hat
@@ -2074,7 +2107,7 @@
allow hotplug_t self:udp_socket create_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.3.10/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2006-08-28 16:22:32.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/system/init.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/system/init.te 2006-08-31 17:15:03.000000000 -0400
@@ -361,7 +361,8 @@
logging_append_all_logs(initrc_t)
logging_read_audit_config(initrc_t)
@@ -2087,7 +2120,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-2.3.10/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/system/logging.fc 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/system/logging.fc 2006-08-31 17:15:03.000000000 -0400
@@ -31,6 +31,7 @@
/var/log/audit(/.*)? gen_context(system_u:object_r:auditd_log_t,s15:c0.c255)
@@ -2098,7 +2131,7 @@
/var/run/log -s gen_context(system_u:object_r:devlog_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.3.10/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/system/lvm.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/system/lvm.te 2006-08-31 17:15:03.000000000 -0400
@@ -125,7 +125,7 @@
# DAC overrides and mknod for modifying /dev entries (vgmknodes)
@@ -2110,7 +2143,7 @@
# LVM will complain a lot if it cannot set its priority.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-2.3.10/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2006-08-23 12:14:55.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/system/modutils.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/system/modutils.te 2006-08-31 17:15:03.000000000 -0400
@@ -183,6 +183,7 @@
fs_getattr_xattr_fs(depmod_t)
@@ -2121,7 +2154,7 @@
corecmd_search_sbin(depmod_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.3.10/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/system/mount.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/system/mount.te 2006-08-31 17:15:03.000000000 -0400
@@ -14,6 +14,9 @@
type mount_tmp_t;
files_tmp_file(mount_tmp_t)
@@ -2140,9 +2173,20 @@
allow mount_t mount_tmp_t:file create_file_perms;
allow mount_t mount_tmp_t:dir create_dir_perms;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.3.10/policy/modules/system/selinuxutil.fc
+--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2006-08-02 10:34:08.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/system/selinuxutil.fc 2006-09-01 10:54:33.000000000 -0400
+@@ -36,6 +36,7 @@
+ /usr/sbin/restorecond -- gen_context(system_u:object_r:restorecond_exec_t,s0)
+ /usr/sbin/run_init -- gen_context(system_u:object_r:run_init_exec_t,s0)
+ /usr/sbin/setfiles.* -- gen_context(system_u:object_r:setfiles_exec_t,s0)
++/sbin/setfiles.* -- gen_context(system_u:object_r:setfiles_exec_t,s0)
+ /usr/sbin/setsebool -- gen_context(system_u:object_r:semanage_exec_t,s0)
+ /usr/sbin/semanage -- gen_context(system_u:object_r:semanage_exec_t,s0)
+ /usr/sbin/semodule -- gen_context(system_u:object_r:semanage_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.3.10/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/system/selinuxutil.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/system/selinuxutil.te 2006-08-31 17:15:03.000000000 -0400
@@ -355,6 +355,8 @@
kernel_relabelfrom_unlabeled_symlinks(restorecon_t)
kernel_relabelfrom_unlabeled_pipes(restorecon_t)
@@ -2184,7 +2228,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-2.3.10/policy/modules/system/setrans.te
--- nsaserefpolicy/policy/modules/system/setrans.te 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/system/setrans.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/system/setrans.te 2006-08-31 17:15:03.000000000 -0400
@@ -56,6 +56,8 @@
selinux_compute_access_vector(setrans_t)
@@ -2196,7 +2240,7 @@
init_dontaudit_use_script_ptys(setrans_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.3.10/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/system/udev.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/system/udev.te 2006-08-31 17:15:03.000000000 -0400
@@ -131,6 +131,7 @@
mls_file_upgrade(udev_t)
mls_file_downgrade(udev_t)
@@ -2217,7 +2261,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-2.3.10/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2006-08-02 10:34:08.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/system/unconfined.fc 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/system/unconfined.fc 2006-08-31 17:15:03.000000000 -0400
@@ -10,4 +10,5 @@
/usr/local/RealPlay/realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/bin/mplayer -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
@@ -2226,7 +2270,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.3.10/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2006-08-29 09:00:29.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/system/unconfined.if 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/system/unconfined.if 2006-08-31 17:15:03.000000000 -0400
@@ -20,6 +20,7 @@
# Use any Linux capability.
allow $1 self:capability *;
@@ -2237,7 +2281,7 @@
allow $1 self:process transition;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.3.10/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2006-08-16 08:46:31.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/system/userdomain.if 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/system/userdomain.if 2006-08-31 17:15:03.000000000 -0400
@@ -8,11 +8,10 @@
## <desc>
## <p>
@@ -2712,7 +2756,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.3.10/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2006-08-16 08:46:31.000000000 -0400
-+++ serefpolicy-2.3.10/policy/modules/system/userdomain.te 2006-08-31 13:24:00.000000000 -0400
++++ serefpolicy-2.3.10/policy/modules/system/userdomain.te 2006-08-31 17:15:03.000000000 -0400
@@ -56,14 +56,6 @@
# Local policy
#
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.267
retrieving revision 1.268
diff -u -r1.267 -r1.268
--- selinux-policy.spec 31 Aug 2006 21:39:01 -0000 1.267
+++ selinux-policy.spec 1 Sep 2006 14:58:36 -0000 1.268
@@ -16,7 +16,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.3.10
-Release: 6
+Release: 7
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -347,6 +347,9 @@
%endif
%changelog
+* Fri Sep 1 2006 Dan Walsh <dwalsh at redhat.com> 2.3.10-7
+- Fix suspend to disk problems
+
* Thu Aug 31 2006 Dan Walsh <dwalsh at redhat.com> 2.3.10-6
- Lots of fixes for restarting daemons at the console.
More information about the fedora-cvs-commits
mailing list