rpms/selinux-policy/devel .cvsignore, 1.101, 1.102 policy-20070102.patch, 1.21, 1.22 selinux-policy.spec, 1.392, 1.393 sources, 1.105, 1.106
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Feb 12 16:27:44 UTC 2007
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv5917
Modified Files:
.cvsignore policy-20070102.patch selinux-policy.spec sources
Log Message:
* Sun Feb 11 2007 Dan Walsh <dwalsh at redhat.com> 2.5.3-7
-
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/.cvsignore,v
retrieving revision 1.101
retrieving revision 1.102
diff -u -r1.101 -r1.102
--- .cvsignore 25 Jan 2007 19:07:00 -0000 1.101
+++ .cvsignore 12 Feb 2007 16:27:42 -0000 1.102
@@ -103,3 +103,4 @@
serefpolicy-2.4.6.tgz
serefpolicy-2.5.1.tgz
serefpolicy-2.5.2.tgz
+serefpolicy-2.5.3.tgz
policy-20070102.patch:
Changelog | 0
Rules.modular | 10
config/appconfig-strict-mcs/seusers | 1
config/appconfig-strict-mls/seusers | 1
config/appconfig-strict/seusers | 1
man/man8/httpd_selinux.8 | 88 ++--
man/man8/kerberos_selinux.8 | 26 -
man/man8/named_selinux.8 | 21 -
man/man8/rsync_selinux.8 | 19 -
policy/flask/access_vectors | 4
policy/global_booleans | 2
policy/global_tunables | 128 ++++--
policy/mls | 31 +
policy/modules/admin/acct.te | 2
policy/modules/admin/bootloader.fc | 5
policy/modules/admin/bootloader.te | 5
policy/modules/admin/consoletype.te | 13
policy/modules/admin/dmesg.te | 1
policy/modules/admin/kudzu.te | 3
policy/modules/admin/logwatch.te | 5
policy/modules/admin/netutils.te | 1
policy/modules/admin/prelink.te | 8
policy/modules/admin/quota.fc | 7
policy/modules/admin/quota.te | 20 -
policy/modules/admin/rpm.fc | 3
policy/modules/admin/rpm.if | 24 +
policy/modules/admin/rpm.te | 18
policy/modules/admin/su.if | 28 +
policy/modules/admin/su.te | 2
policy/modules/admin/sudo.if | 11
policy/modules/admin/usermanage.te | 23 +
policy/modules/admin/vpn.te | 1
policy/modules/apps/ethereal.if | 4
policy/modules/apps/evolution.if | 136 ++++++-
policy/modules/apps/games.if | 4
policy/modules/apps/gnome.fc | 2
policy/modules/apps/gnome.if | 98 +++++
policy/modules/apps/gnome.te | 5
policy/modules/apps/gpg.fc | 2
policy/modules/apps/gpg.if | 1
policy/modules/apps/java.if | 33 +
policy/modules/apps/java.te | 2
policy/modules/apps/loadkeys.if | 44 --
policy/modules/apps/loadkeys.te | 13
policy/modules/apps/mozilla.if | 255 +++++++++++--
policy/modules/apps/mplayer.if | 83 ++++
policy/modules/apps/mplayer.te | 1
policy/modules/apps/slocate.if | 20 +
policy/modules/apps/slocate.te | 3
policy/modules/apps/thunderbird.if | 113 +++++
policy/modules/apps/tvtime.if | 3
policy/modules/apps/uml.if | 5
policy/modules/apps/userhelper.if | 19 -
policy/modules/apps/vmware.if | 4
policy/modules/apps/webalizer.te | 1
policy/modules/apps/wine.fc | 1
policy/modules/kernel/corecommands.fc | 10
policy/modules/kernel/corecommands.if | 72 +++
policy/modules/kernel/corenetwork.if.in | 81 ++++
policy/modules/kernel/corenetwork.te.in | 16
policy/modules/kernel/corenetwork.te.m4 | 4
policy/modules/kernel/devices.fc | 2
policy/modules/kernel/devices.if | 18
policy/modules/kernel/devices.te | 1
policy/modules/kernel/domain.if | 56 ++
policy/modules/kernel/domain.te | 22 +
policy/modules/kernel/files.if | 236 ++++++++++++
policy/modules/kernel/filesystem.if | 41 ++
policy/modules/kernel/filesystem.te | 3
policy/modules/kernel/kernel.if | 64 +++
policy/modules/kernel/kernel.te | 6
policy/modules/kernel/mls.if | 20 +
policy/modules/kernel/mls.te | 3
policy/modules/kernel/storage.fc | 1
policy/modules/kernel/storage.if | 2
policy/modules/kernel/terminal.if | 22 +
policy/modules/kernel/terminal.te | 5
policy/modules/services/apache.fc | 15
policy/modules/services/apache.if | 139 +++++++
policy/modules/services/apache.te | 12
policy/modules/services/apm.te | 3
policy/modules/services/automount.fc | 1
policy/modules/services/automount.te | 10
policy/modules/services/bind.te | 2
policy/modules/services/bluetooth.te | 4
policy/modules/services/ccs.fc | 1
policy/modules/services/ccs.te | 19 -
policy/modules/services/clamav.te | 2
policy/modules/services/cron.fc | 6
policy/modules/services/cron.if | 86 ++--
policy/modules/services/cron.te | 44 ++
policy/modules/services/cups.te | 7
policy/modules/services/cvs.te | 1
policy/modules/services/dbus.if | 64 +++
policy/modules/services/dbus.te | 1
policy/modules/services/dhcp.te | 2
policy/modules/services/dovecot.te | 1
policy/modules/services/ftp.if | 4
policy/modules/services/ftp.te | 14
policy/modules/services/gpm.te | 1
policy/modules/services/hal.fc | 2
policy/modules/services/hal.if | 38 ++
policy/modules/services/hal.te | 11
policy/modules/services/inetd.te | 31 +
policy/modules/services/irqbalance.te | 4
policy/modules/services/kerberos.if | 2
policy/modules/services/kerberos.te | 5
policy/modules/services/ktalk.fc | 3
policy/modules/services/ktalk.te | 5
policy/modules/services/lpd.if | 52 +-
policy/modules/services/mta.if | 9
policy/modules/services/mta.te | 2
policy/modules/services/networkmanager.te | 2
policy/modules/services/nis.fc | 2
policy/modules/services/nis.if | 5
policy/modules/services/nis.te | 24 +
policy/modules/services/nscd.if | 20 +
policy/modules/services/nscd.te | 16
policy/modules/services/ntp.te | 1
policy/modules/services/openca.if | 4
policy/modules/services/openca.te | 2
policy/modules/services/openvpn.te | 4
policy/modules/services/pcscd.fc | 9
policy/modules/services/pcscd.if | 58 +++
policy/modules/services/pcscd.te | 78 ++++
policy/modules/services/pegasus.if | 27 +
policy/modules/services/pegasus.te | 5
policy/modules/services/portmap.te | 1
policy/modules/services/postfix.fc | 1
policy/modules/services/postfix.te | 4
policy/modules/services/procmail.te | 8
policy/modules/services/pyzor.if | 4
policy/modules/services/pyzor.te | 4
policy/modules/services/radvd.te | 2
policy/modules/services/razor.if | 9
policy/modules/services/razor.te | 2
policy/modules/services/rdisc.te | 1
policy/modules/services/rhgb.if | 76 ++++
policy/modules/services/rhgb.te | 3
policy/modules/services/ricci.te | 26 +
policy/modules/services/rlogin.te | 10
policy/modules/services/rpc.fc | 1
policy/modules/services/rpc.te | 29 +
policy/modules/services/rsync.te | 1
policy/modules/services/samba.te | 6
policy/modules/services/sasl.te | 1
policy/modules/services/sendmail.te | 4
policy/modules/services/setroubleshoot.if | 20 +
policy/modules/services/setroubleshoot.te | 5
policy/modules/services/smartmon.te | 1
policy/modules/services/snmp.if | 17
policy/modules/services/snmp.te | 2
policy/modules/services/spamassassin.fc | 1
policy/modules/services/spamassassin.if | 48 ++
policy/modules/services/spamassassin.te | 18
policy/modules/services/squid.fc | 1
policy/modules/services/squid.if | 2
policy/modules/services/squid.te | 9
policy/modules/services/ssh.fc | 2
policy/modules/services/ssh.if | 79 +++-
policy/modules/services/ssh.te | 161 ++++----
policy/modules/services/uucp.te | 2
policy/modules/services/xfs.te | 1
policy/modules/services/xserver.fc | 2
policy/modules/services/xserver.if | 155 ++++++++
policy/modules/services/xserver.te | 20 -
policy/modules/system/authlogin.if | 91 ++++
policy/modules/system/authlogin.te | 3
policy/modules/system/clock.te | 3
policy/modules/system/fstools.fc | 1
policy/modules/system/fstools.te | 6
policy/modules/system/getty.te | 14
policy/modules/system/hostname.te | 14
policy/modules/system/hotplug.te | 1
policy/modules/system/init.if | 62 +++
policy/modules/system/init.te | 37 +
policy/modules/system/ipsec.fc | 6
policy/modules/system/ipsec.if | 100 +++++
policy/modules/system/ipsec.te | 105 +++++
policy/modules/system/iptables.te | 10
policy/modules/system/libraries.fc | 5
policy/modules/system/locallogin.te | 6
policy/modules/system/logging.te | 18
policy/modules/system/lvm.if | 23 +
policy/modules/system/lvm.te | 40 +-
policy/modules/system/miscfiles.fc | 2
policy/modules/system/miscfiles.if | 79 ++++
policy/modules/system/modutils.te | 14
policy/modules/system/mount.te | 10
policy/modules/system/raid.te | 4
policy/modules/system/selinuxutil.fc | 2
policy/modules/system/selinuxutil.if | 115 ++++++
policy/modules/system/selinuxutil.te | 140 ++-----
policy/modules/system/setrans.te | 1
policy/modules/system/sysnetwork.te | 3
policy/modules/system/tzdata.fc | 3
policy/modules/system/tzdata.if | 19 +
policy/modules/system/tzdata.te | 41 ++
policy/modules/system/unconfined.fc | 2
policy/modules/system/unconfined.if | 2
policy/modules/system/unconfined.te | 20 +
policy/modules/system/userdomain.fc | 7
policy/modules/system/userdomain.if | 567 ++++++++++++++++++++++++------
policy/modules/system/userdomain.te | 44 +-
policy/modules/system/xen.te | 26 +
policy/support/obj_perm_sets.spt | 2
206 files changed, 4505 insertions(+), 791 deletions(-)
Index: policy-20070102.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20070102.patch,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- policy-20070102.patch 12 Feb 2007 16:18:31 -0000 1.21
+++ policy-20070102.patch 12 Feb 2007 16:27:42 -0000 1.22
@@ -1,27 +1,35 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/Changelog serefpolicy-2.5.2/Changelog
+--- nsaserefpolicy/Changelog 2007-02-12 10:26:03.000000000 -0500
++++ serefpolicy-2.5.2/Changelog 2007-01-25 08:56:51.000000000 -0500
+@@ -1,4 +1,3 @@
+-- Fix explicit use of httpd_t in openca_domtrans().
+ - Clean up file context regexes in apache and java, from Eamon Walsh.
+
+ * Tue Dec 12 2006 Chris PeBenito <selinux at tresys.com> - 20061212
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict/seusers serefpolicy-2.5.2/config/appconfig-strict/seusers
--- nsaserefpolicy/config/appconfig-strict/seusers 2006-11-16 17:15:27.000000000 -0500
-+++ serefpolicy-2.5.2/config/appconfig-strict/seusers 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/config/appconfig-strict/seusers 2007-02-12 11:24:49.000000000 -0500
@@ -1,2 +1,3 @@
+system_u:system_u
root:root
__default__:user_u
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mcs/seusers serefpolicy-2.5.2/config/appconfig-strict-mcs/seusers
--- nsaserefpolicy/config/appconfig-strict-mcs/seusers 2006-11-16 17:15:27.000000000 -0500
-+++ serefpolicy-2.5.2/config/appconfig-strict-mcs/seusers 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/config/appconfig-strict-mcs/seusers 2007-02-12 11:24:49.000000000 -0500
@@ -1,2 +1,3 @@
+system_u:system_u:s0-mcs_systemhigh
root:root:s0-mcs_systemhigh
__default__:user_u:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-strict-mls/seusers serefpolicy-2.5.2/config/appconfig-strict-mls/seusers
--- nsaserefpolicy/config/appconfig-strict-mls/seusers 2006-11-16 17:15:27.000000000 -0500
-+++ serefpolicy-2.5.2/config/appconfig-strict-mls/seusers 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/config/appconfig-strict-mls/seusers 2007-02-12 11:24:49.000000000 -0500
@@ -1,2 +1,3 @@
+system_u:system_u:s0-mls_systemhigh
root:root:s0-mls_systemhigh
__default__:user_u:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-2.5.2/man/man8/httpd_selinux.8
--- nsaserefpolicy/man/man8/httpd_selinux.8 2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.2/man/man8/httpd_selinux.8 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/man/man8/httpd_selinux.8 2007-02-12 11:24:49.000000000 -0500
@@ -1,4 +1,12 @@
.TH "httpd_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "httpd Selinux Policy documentation"
+.de EX
@@ -190,7 +198,7 @@
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/kerberos_selinux.8 serefpolicy-2.5.2/man/man8/kerberos_selinux.8
--- nsaserefpolicy/man/man8/kerberos_selinux.8 2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.2/man/man8/kerberos_selinux.8 2007-02-12 10:44:24.000000000 -0500
++++ serefpolicy-2.5.2/man/man8/kerberos_selinux.8 2007-02-12 11:24:49.000000000 -0500
@@ -1,4 +1,12 @@
.TH "kerberos_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "kerberos Selinux Policy documentation"
+.de EX
@@ -237,7 +245,7 @@
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/named_selinux.8 serefpolicy-2.5.2/man/man8/named_selinux.8
--- nsaserefpolicy/man/man8/named_selinux.8 2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.2/man/man8/named_selinux.8 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/man/man8/named_selinux.8 2007-02-12 11:24:49.000000000 -0500
@@ -1,4 +1,12 @@
.TH "named_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "named Selinux Policy documentation"
+.de EX
@@ -277,7 +285,7 @@
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/rsync_selinux.8 serefpolicy-2.5.2/man/man8/rsync_selinux.8
--- nsaserefpolicy/man/man8/rsync_selinux.8 2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.2/man/man8/rsync_selinux.8 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/man/man8/rsync_selinux.8 2007-02-12 11:24:49.000000000 -0500
@@ -1,4 +1,12 @@
.TH "rsync_selinux" "8" "17 Jan 2005" "dwalsh at redhat.com" "rsync Selinux Policy documentation"
+.de EX
@@ -324,7 +332,7 @@
.SH AUTHOR
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.5.2/policy/flask/access_vectors
--- nsaserefpolicy/policy/flask/access_vectors 2006-11-16 17:15:00.000000000 -0500
-+++ serefpolicy-2.5.2/policy/flask/access_vectors 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/flask/access_vectors 2007-02-12 11:24:49.000000000 -0500
@@ -594,6 +594,8 @@
shmempwd
shmemgrp
@@ -345,7 +353,7 @@
class key
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans serefpolicy-2.5.2/policy/global_booleans
--- nsaserefpolicy/policy/global_booleans 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.5.2/policy/global_booleans 2007-01-26 15:43:48.000000000 -0500
++++ serefpolicy-2.5.2/policy/global_booleans 2007-02-12 11:24:49.000000000 -0500
@@ -4,7 +4,6 @@
# file should be used.
#
@@ -364,7 +372,7 @@
## <p>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.5.2/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/global_tunables 2007-01-26 16:58:30.000000000 -0500
++++ serefpolicy-2.5.2/policy/global_tunables 2007-02-12 11:24:49.000000000 -0500
@@ -82,6 +82,14 @@
## <desc>
@@ -579,7 +587,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.5.2/policy/mls
--- nsaserefpolicy/policy/mls 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.5.2/policy/mls 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/mls 2007-02-12 11:24:49.000000000 -0500
@@ -89,12 +89,14 @@
mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton }
(( l1 eq l2 ) or
@@ -653,7 +661,7 @@
mlsconstrain association { polmatch }
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.5.2/policy/modules/admin/acct.te
--- nsaserefpolicy/policy/modules/admin/acct.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/acct.te 2007-02-06 11:39:20.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/acct.te 2007-02-12 11:24:49.000000000 -0500
@@ -9,6 +9,7 @@
type acct_t;
type acct_exec_t;
@@ -672,7 +680,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.fc serefpolicy-2.5.2/policy/modules/admin/bootloader.fc
--- nsaserefpolicy/policy/modules/admin/bootloader.fc 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/bootloader.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/bootloader.fc 2007-02-12 11:24:49.000000000 -0500
@@ -2,11 +2,6 @@
/etc/lilo\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0)
/etc/yaboot\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0)
@@ -687,7 +695,7 @@
/sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.5.2/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/bootloader.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/bootloader.te 2007-02-12 11:24:49.000000000 -0500
@@ -93,6 +93,8 @@
fs_manage_dos_files(bootloader_t)
@@ -709,7 +717,7 @@
files_manage_isid_type_files(bootloader_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.5.2/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/consoletype.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/consoletype.te 2007-02-12 11:24:49.000000000 -0500
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -746,7 +754,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.5.2/policy/modules/admin/dmesg.te
--- nsaserefpolicy/policy/modules/admin/dmesg.te 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/dmesg.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/dmesg.te 2007-02-12 11:24:49.000000000 -0500
@@ -10,6 +10,7 @@
type dmesg_t;
type dmesg_exec_t;
@@ -757,7 +765,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.5.2/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/kudzu.te 2007-02-12 09:46:48.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/kudzu.te 2007-02-12 11:24:49.000000000 -0500
@@ -103,6 +103,9 @@
init_use_fds(kudzu_t)
init_use_script_ptys(kudzu_t)
@@ -770,7 +778,7 @@
libs_use_shared_libs(kudzu_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.5.2/policy/modules/admin/logwatch.te
--- nsaserefpolicy/policy/modules/admin/logwatch.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/logwatch.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/logwatch.te 2007-02-12 11:24:49.000000000 -0500
@@ -58,6 +58,7 @@
# Read /proc/PID directories for all domains.
domain_read_all_domains_state(logwatch_t)
@@ -789,7 +797,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.5.2/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/netutils.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/netutils.te 2007-02-12 11:24:49.000000000 -0500
@@ -22,6 +22,7 @@
type traceroute_t;
type traceroute_exec_t;
@@ -800,7 +808,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.5.2/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/prelink.te 2007-02-12 11:00:05.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/prelink.te 2007-02-12 11:24:49.000000000 -0500
@@ -18,6 +18,9 @@
type prelink_log_t;
logging_log_file(prelink_log_t)
@@ -825,7 +833,7 @@
allow prelink_t prelink_object:file { manage_file_perms execute relabelto relabelfrom };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/quota.fc serefpolicy-2.5.2/policy/modules/admin/quota.fc
--- nsaserefpolicy/policy/modules/admin/quota.fc 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/quota.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/quota.fc 2007-02-12 11:24:49.000000000 -0500
@@ -7,8 +7,13 @@
/sbin/convertquota -- gen_context(system_u:object_r:quota_exec_t,s0)
')
@@ -843,7 +851,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/quota.te serefpolicy-2.5.2/policy/modules/admin/quota.te
--- nsaserefpolicy/policy/modules/admin/quota.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/quota.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/quota.te 2007-02-12 11:24:49.000000000 -0500
@@ -26,15 +26,18 @@
allow quota_t self:process signal_perms;
@@ -886,7 +894,7 @@
-') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.5.2/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/rpm.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/rpm.fc 2007-02-12 11:24:49.000000000 -0500
@@ -21,6 +21,9 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -899,7 +907,7 @@
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.5.2/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/rpm.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/rpm.if 2007-02-12 11:24:49.000000000 -0500
@@ -270,3 +270,27 @@
dontaudit $1 rpm_var_lib_t:file manage_file_perms;
dontaudit $1 rpm_var_lib_t:lnk_file manage_lnk_file_perms;
@@ -930,7 +938,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.5.2/policy/modules/admin/rpm.te
--- nsaserefpolicy/policy/modules/admin/rpm.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/rpm.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/rpm.te 2007-02-12 11:24:49.000000000 -0500
@@ -9,6 +9,8 @@
type rpm_t;
type rpm_exec_t;
@@ -979,7 +987,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-2.5.2/policy/modules/admin/sudo.if
--- nsaserefpolicy/policy/modules/admin/sudo.if 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/sudo.if 2007-01-26 14:51:10.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/sudo.if 2007-02-12 11:24:49.000000000 -0500
@@ -37,7 +37,6 @@
gen_require(`
@@ -1029,7 +1037,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.5.2/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/su.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/su.if 2007-02-12 11:24:49.000000000 -0500
@@ -31,9 +31,10 @@
template(`su_restricted_domain_template', `
gen_require(`
@@ -1125,7 +1133,7 @@
allow $1_su_t $1_home_t:file manage_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.te serefpolicy-2.5.2/policy/modules/admin/su.te
--- nsaserefpolicy/policy/modules/admin/su.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/su.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/su.te 2007-02-12 11:24:49.000000000 -0500
@@ -8,3 +8,5 @@
type su_exec_t;
@@ -1134,7 +1142,7 @@
+attribute sudomain;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.5.2/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/usermanage.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/usermanage.te 2007-02-12 11:24:49.000000000 -0500
@@ -112,6 +112,7 @@
files_manage_etc_files(chfn_t)
files_read_etc_runtime_files(chfn_t)
@@ -1199,7 +1207,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-2.5.2/policy/modules/admin/vpn.te
--- nsaserefpolicy/policy/modules/admin/vpn.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/admin/vpn.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/admin/vpn.te 2007-02-12 11:24:49.000000000 -0500
@@ -95,6 +95,7 @@
miscfiles_read_localization(vpnc_t)
@@ -1210,7 +1218,7 @@
sysnet_etc_filetrans_config(vpnc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.if serefpolicy-2.5.2/policy/modules/apps/ethereal.if
--- nsaserefpolicy/policy/modules/apps/ethereal.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/ethereal.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/ethereal.if 2007-02-12 11:24:49.000000000 -0500
@@ -34,6 +34,10 @@
#
template(`ethereal_per_role_template',`
@@ -1224,7 +1232,7 @@
# Declarations
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/evolution.if serefpolicy-2.5.2/policy/modules/apps/evolution.if
--- nsaserefpolicy/policy/modules/apps/evolution.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/evolution.if 2007-02-05 15:26:51.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/evolution.if 2007-02-12 11:24:49.000000000 -0500
@@ -53,7 +53,7 @@
userdom_user_home_content($1,$1_evolution_home_t)
@@ -1532,7 +1540,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.if serefpolicy-2.5.2/policy/modules/apps/games.if
--- nsaserefpolicy/policy/modules/apps/games.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/games.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/games.if 2007-02-12 11:24:49.000000000 -0500
@@ -33,6 +33,10 @@
## </param>
#
@@ -1546,7 +1554,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-2.5.2/policy/modules/apps/gnome.fc
--- nsaserefpolicy/policy/modules/apps/gnome.fc 2006-11-16 17:15:07.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/gnome.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/gnome.fc 2007-02-12 11:24:49.000000000 -0500
@@ -7,3 +7,5 @@
/tmp/gconfd-USER/.* -- gen_context(system_u:object_r:ROLE_gconf_tmp_t,s0)
@@ -1555,7 +1563,7 @@
+HOME_DIR/\.config/gtk-.* gen_context(system_u:object_r:ROLE_gnome_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-2.5.2/policy/modules/apps/gnome.if
--- nsaserefpolicy/policy/modules/apps/gnome.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/gnome.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/gnome.if 2007-02-12 11:24:49.000000000 -0500
@@ -35,19 +35,24 @@
template(`gnome_per_role_template',`
gen_require(`
@@ -1694,7 +1702,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-2.5.2/policy/modules/apps/gnome.te
--- nsaserefpolicy/policy/modules/apps/gnome.te 2006-11-16 17:15:07.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/gnome.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/gnome.te 2007-02-12 11:24:49.000000000 -0500
@@ -6,8 +6,13 @@
# Declarations
#
@@ -1711,7 +1719,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-2.5.2/policy/modules/apps/gpg.fc
--- nsaserefpolicy/policy/modules/apps/gpg.fc 2006-11-16 17:15:07.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/gpg.fc 2007-01-26 13:44:09.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/gpg.fc 2007-02-12 11:24:49.000000000 -0500
@@ -7,6 +7,4 @@
/usr/lib/gnupg/.* -- gen_context(system_u:object_r:gpg_exec_t,s0)
/usr/lib/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
@@ -1721,7 +1729,7 @@
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-2.5.2/policy/modules/apps/gpg.if
--- nsaserefpolicy/policy/modules/apps/gpg.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/gpg.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/gpg.if 2007-02-12 11:24:49.000000000 -0500
@@ -89,6 +89,7 @@
manage_files_pattern($1_gpg_t,$1_gpg_secret_t,$1_gpg_secret_t)
@@ -1732,7 +1740,7 @@
domtrans_pattern($2,gpg_exec_t,$1_gpg_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-2.5.2/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/java.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/java.if 2007-02-12 11:24:49.000000000 -0500
@@ -191,3 +191,36 @@
refpolicywarn(`$0($1) has no effect in strict policy.')
')
@@ -1772,7 +1780,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.5.2/policy/modules/apps/java.te
--- nsaserefpolicy/policy/modules/apps/java.te 2007-01-25 08:13:58.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/java.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/java.te 2007-02-12 11:24:49.000000000 -0500
@@ -20,4 +20,6 @@
allow java_t self:process { execstack execmem execheap };
unconfined_domain_noaudit(java_t)
@@ -1782,7 +1790,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.if serefpolicy-2.5.2/policy/modules/apps/loadkeys.if
--- nsaserefpolicy/policy/modules/apps/loadkeys.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/loadkeys.if 2007-01-25 16:07:18.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/loadkeys.if 2007-02-12 11:24:49.000000000 -0500
@@ -11,16 +11,12 @@
## </param>
#
@@ -1851,7 +1859,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-2.5.2/policy/modules/apps/loadkeys.te
--- nsaserefpolicy/policy/modules/apps/loadkeys.te 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/loadkeys.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/loadkeys.te 2007-02-12 11:24:49.000000000 -0500
@@ -18,7 +18,7 @@
domain_type(loadkeys_t)
@@ -1893,7 +1901,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-2.5.2/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/mozilla.if 2007-02-05 15:26:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/mozilla.if 2007-02-12 11:24:49.000000000 -0500
@@ -60,7 +60,7 @@
allow $1_mozilla_t self:capability { sys_nice setgid setuid };
@@ -2246,7 +2254,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-2.5.2/policy/modules/apps/mplayer.if
--- nsaserefpolicy/policy/modules/apps/mplayer.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/mplayer.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/mplayer.if 2007-02-12 11:24:49.000000000 -0500
@@ -33,6 +33,10 @@
## </param>
#
@@ -2371,7 +2379,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.te serefpolicy-2.5.2/policy/modules/apps/mplayer.te
--- nsaserefpolicy/policy/modules/apps/mplayer.te 2006-11-16 17:15:07.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/mplayer.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/mplayer.te 2007-02-12 11:24:49.000000000 -0500
@@ -21,3 +21,4 @@
unconfined_execmem_alias_program(mencoder_exec_t)
unconfined_execmem_alias_program(mplayer_exec_t)
@@ -2379,7 +2387,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.if serefpolicy-2.5.2/policy/modules/apps/slocate.if
--- nsaserefpolicy/policy/modules/apps/slocate.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/slocate.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/slocate.if 2007-02-12 11:24:49.000000000 -0500
@@ -19,3 +19,23 @@
create_files_pattern($1,locate_log_t,locate_log_t)
append_files_pattern($1,locate_log_t,locate_log_t)
@@ -2406,7 +2414,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-2.5.2/policy/modules/apps/slocate.te
--- nsaserefpolicy/policy/modules/apps/slocate.te 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/slocate.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/slocate.te 2007-02-12 11:24:49.000000000 -0500
@@ -39,11 +39,14 @@
files_list_all(locate_t)
@@ -2424,7 +2432,7 @@
libs_use_ld_so(locate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.if serefpolicy-2.5.2/policy/modules/apps/thunderbird.if
--- nsaserefpolicy/policy/modules/apps/thunderbird.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/thunderbird.if 2007-02-05 15:27:06.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/thunderbird.if 2007-02-12 11:24:49.000000000 -0500
@@ -46,6 +46,7 @@
type $1_thunderbird_home_t alias $1_thunderbird_rw_t;
@@ -2643,7 +2651,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.if serefpolicy-2.5.2/policy/modules/apps/tvtime.if
--- nsaserefpolicy/policy/modules/apps/tvtime.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/tvtime.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/tvtime.if 2007-02-12 11:24:49.000000000 -0500
@@ -33,6 +33,9 @@
## </param>
#
@@ -2656,7 +2664,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.if serefpolicy-2.5.2/policy/modules/apps/uml.if
--- nsaserefpolicy/policy/modules/apps/uml.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/uml.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/uml.if 2007-02-12 11:24:49.000000000 -0500
@@ -34,6 +34,11 @@
#
template(`uml_per_role_template',`
@@ -2671,7 +2679,7 @@
# Declarations
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.if serefpolicy-2.5.2/policy/modules/apps/userhelper.if
--- nsaserefpolicy/policy/modules/apps/userhelper.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/userhelper.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/userhelper.if 2007-02-12 11:24:49.000000000 -0500
@@ -49,7 +49,7 @@
domain_obj_id_change_exemption($1_userhelper_t)
domain_interactive_fd($1_userhelper_t)
@@ -2704,7 +2712,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.if serefpolicy-2.5.2/policy/modules/apps/vmware.if
--- nsaserefpolicy/policy/modules/apps/vmware.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/vmware.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/vmware.if 2007-02-12 11:24:49.000000000 -0500
@@ -33,6 +33,10 @@
## </param>
#
@@ -2718,7 +2726,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalizer.te serefpolicy-2.5.2/policy/modules/apps/webalizer.te
--- nsaserefpolicy/policy/modules/apps/webalizer.te 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/webalizer.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/webalizer.te 2007-02-12 11:24:49.000000000 -0500
@@ -67,6 +67,7 @@
corenet_tcp_sendrecv_all_ports(webalizer_t)
@@ -2729,14 +2737,14 @@
files_read_etc_runtime_files(webalizer_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-2.5.2/policy/modules/apps/wine.fc
--- nsaserefpolicy/policy/modules/apps/wine.fc 2006-11-16 17:15:07.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/apps/wine.fc 2007-02-06 10:34:42.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/apps/wine.fc 2007-02-12 11:24:49.000000000 -0500
@@ -1,2 +1,3 @@
/usr/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
/opt/picasa/wine/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
+/opt/cxoffice/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.5.2/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/corecommands.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/corecommands.fc 2007-02-12 11:24:49.000000000 -0500
@@ -1,4 +1,3 @@
-
#
@@ -2772,7 +2780,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.5.2/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/corecommands.if 2007-01-29 05:22:30.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/corecommands.if 2007-02-12 11:24:49.000000000 -0500
@@ -138,6 +138,26 @@
########################################
@@ -2880,7 +2888,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-2.5.2/policy/modules/kernel/corenetwork.if.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/corenetwork.if.in 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/corenetwork.if.in 2007-02-12 11:24:49.000000000 -0500
@@ -1016,9 +1016,11 @@
interface(`corenet_tcp_sendrecv_reserved_port',`
gen_require(`
@@ -3049,7 +3057,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.5.2/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/corenetwork.te.in 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/corenetwork.te.in 2007-02-12 11:24:49.000000000 -0500
@@ -43,11 +43,16 @@
sid port gen_context(system_u:object_r:port_t,s0)
@@ -3093,7 +3101,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.m4 serefpolicy-2.5.2/policy/modules/kernel/corenetwork.te.m4
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.m4 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/corenetwork.te.m4 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/corenetwork.te.m4 2007-02-12 11:24:49.000000000 -0500
@@ -55,8 +55,8 @@
define(`declare_ports',`dnl
ifelse(eval($3 < 1024),1,`
@@ -3107,7 +3115,7 @@
ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.5.2/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/devices.fc 2007-01-29 09:11:06.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/devices.fc 2007-02-12 11:24:49.000000000 -0500
@@ -28,9 +28,11 @@
/dev/js.* -c gen_context(system_u:object_r:mouse_device_t,s0)
/dev/kmem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
@@ -3122,7 +3130,7 @@
/dev/midi.* -c gen_context(system_u:object_r:sound_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.5.2/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/devices.if 2007-02-11 11:15:11.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/devices.if 2007-02-12 11:24:49.000000000 -0500
@@ -3173,3 +3173,21 @@
typeattribute $1 devices_unconfined_type;
@@ -3147,7 +3155,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-2.5.2/policy/modules/kernel/devices.te
--- nsaserefpolicy/policy/modules/kernel/devices.te 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/devices.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/devices.te 2007-02-12 11:24:49.000000000 -0500
@@ -70,6 +70,7 @@
#
type kmsg_device_t;
@@ -3158,7 +3166,7 @@
# Type for /dev/mapper/control
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-2.5.2/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/domain.if 2007-02-12 09:45:06.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/domain.if 2007-02-12 11:24:49.000000000 -0500
@@ -1217,3 +1217,59 @@
typeattribute $1 can_change_object_identity;
typeattribute $1 set_curr_context;
@@ -3221,7 +3229,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.5.2/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/domain.te 2007-01-26 16:57:48.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/domain.te 2007-02-12 11:24:49.000000000 -0500
@@ -144,3 +144,25 @@
# act on all domains keys
@@ -3250,7 +3258,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.5.2/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/files.if 2007-02-09 15:33:23.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/files.if 2007-02-12 11:24:49.000000000 -0500
@@ -350,8 +350,7 @@
########################################
@@ -3567,7 +3575,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.5.2/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/filesystem.if 2007-02-06 11:14:02.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/filesystem.if 2007-02-12 11:24:49.000000000 -0500
@@ -1110,11 +1110,31 @@
type dosfs_t;
')
@@ -3630,7 +3638,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.5.2/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/filesystem.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/filesystem.te 2007-02-12 11:24:49.000000000 -0500
@@ -103,6 +103,7 @@
type rpc_pipefs_t;
fs_type(rpc_pipefs_t)
@@ -3657,7 +3665,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.5.2/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/kernel.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/kernel.if 2007-02-12 11:24:49.000000000 -0500
@@ -2140,9 +2140,6 @@
')
@@ -3738,7 +3746,7 @@
## <desc>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.5.2/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/kernel.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/kernel.te 2007-02-12 11:24:49.000000000 -0500
@@ -138,6 +138,8 @@
type unlabeled_t;
sid unlabeled gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
@@ -3768,7 +3776,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if serefpolicy-2.5.2/policy/modules/kernel/mls.if
--- nsaserefpolicy/policy/modules/kernel/mls.if 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/mls.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/mls.if 2007-02-12 11:24:49.000000000 -0500
@@ -154,6 +154,26 @@
########################################
## <summary>
@@ -3798,7 +3806,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.5.2/policy/modules/kernel/mls.te
--- nsaserefpolicy/policy/modules/kernel/mls.te 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/mls.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/mls.te 2007-02-12 11:24:49.000000000 -0500
@@ -18,6 +18,7 @@
attribute mlsnetreadtoclr;
attribute mlsnetwrite;
@@ -3818,7 +3826,7 @@
attribute privrangetrans;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-2.5.2/policy/modules/kernel/storage.fc
--- nsaserefpolicy/policy/modules/kernel/storage.fc 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/storage.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/storage.fc 2007-02-12 11:24:49.000000000 -0500
@@ -42,6 +42,7 @@
/dev/sjcd -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/sonycd -b gen_context(system_u:object_r:removable_device_t,s0)
@@ -3829,7 +3837,7 @@
/dev/xvd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-2.5.2/policy/modules/kernel/storage.if
--- nsaserefpolicy/policy/modules/kernel/storage.if 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/storage.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/storage.if 2007-02-12 11:24:49.000000000 -0500
@@ -100,6 +100,7 @@
dev_list_all_dev_nodes($1)
@@ -3848,7 +3856,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.5.2/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/terminal.if 2007-02-11 14:54:34.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/terminal.if 2007-02-12 11:24:49.000000000 -0500
@@ -636,6 +636,8 @@
attribute ptynode;
')
@@ -3891,7 +3899,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.te serefpolicy-2.5.2/policy/modules/kernel/terminal.te
--- nsaserefpolicy/policy/modules/kernel/terminal.te 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/kernel/terminal.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/kernel/terminal.te 2007-02-12 11:24:49.000000000 -0500
@@ -9,6 +9,7 @@
attribute ptynode;
attribute server_ptynode;
@@ -3917,7 +3925,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.5.2/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2007-01-25 08:13:58.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/apache.fc 2007-01-26 13:42:27.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/apache.fc 2007-02-12 11:24:49.000000000 -0500
@@ -1,10 +1,5 @@
# temporary hack till genhomedircon is fixed
-ifdef(`targeted_policy',`
@@ -3952,7 +3960,7 @@
+/opt/fortitude/run(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.5.2/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/apache.if 2007-02-01 10:48:13.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/apache.if 2007-02-12 11:24:49.000000000 -0500
@@ -268,6 +268,9 @@
')
@@ -4119,7 +4127,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.5.2/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2007-01-25 08:13:58.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/apache.te 2007-02-06 11:29:43.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/apache.te 2007-02-12 11:24:49.000000000 -0500
@@ -171,6 +171,7 @@
allow httpd_t httpd_modules_t:dir list_dir_perms;
mmap_files_pattern(httpd_t,httpd_modules_t,httpd_modules_t)
@@ -4180,7 +4188,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-2.5.2/policy/modules/services/apm.te
--- nsaserefpolicy/policy/modules/services/apm.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/apm.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/apm.te 2007-02-12 11:24:49.000000000 -0500
@@ -109,6 +109,7 @@
corecmd_exec_all_executables(apmd_t)
@@ -4207,7 +4215,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.fc serefpolicy-2.5.2/policy/modules/services/automount.fc
--- nsaserefpolicy/policy/modules/services/automount.fc 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/automount.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/automount.fc 2007-02-12 11:24:49.000000000 -0500
@@ -2,7 +2,6 @@
# /etc
#
@@ -4218,7 +4226,7 @@
# /usr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.5.2/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/automount.te 2007-02-06 11:25:05.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/automount.te 2007-02-12 11:24:49.000000000 -0500
@@ -13,8 +13,7 @@
type automount_var_run_t;
files_pid_file(automount_var_run_t)
@@ -4266,7 +4274,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-2.5.2/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/bind.te 2007-02-06 11:32:59.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/bind.te 2007-02-12 11:24:49.000000000 -0500
@@ -147,6 +147,7 @@
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(named_t)
@@ -4285,7 +4293,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-2.5.2/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/bluetooth.te 2007-02-06 11:29:23.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/bluetooth.te 2007-02-12 11:24:49.000000000 -0500
@@ -41,7 +41,7 @@
# Bluetooth services local policy
#
@@ -4313,7 +4321,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.fc serefpolicy-2.5.2/policy/modules/services/ccs.fc
--- nsaserefpolicy/policy/modules/services/ccs.fc 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/ccs.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/ccs.fc 2007-02-12 11:24:49.000000000 -0500
@@ -6,3 +6,4 @@
/var/run/cluster(/.*)? gen_context(system_u:object_r:ccs_var_run_t,s0)
@@ -4321,7 +4329,7 @@
+/var/lib/openais(/.*)? gen_context(system_u:object_r:ccs_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.5.2/policy/modules/services/ccs.te
--- nsaserefpolicy/policy/modules/services/ccs.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/ccs.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/ccs.te 2007-02-12 11:24:49.000000000 -0500
@@ -18,6 +18,10 @@
type ccs_var_log_t;
logging_log_file(ccs_var_log_t)
@@ -4368,7 +4376,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-2.5.2/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/clamav.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/clamav.te 2007-02-12 11:24:49.000000000 -0500
@@ -86,6 +86,8 @@
kernel_dontaudit_list_proc(clamd_t)
kernel_read_sysctl(clamd_t)
@@ -4380,7 +4388,7 @@
corenet_tcp_sendrecv_all_nodes(clamd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-2.5.2/policy/modules/services/cron.fc
--- nsaserefpolicy/policy/modules/services/cron.fc 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/cron.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/cron.fc 2007-02-12 11:24:49.000000000 -0500
@@ -5,11 +5,11 @@
/usr/bin/at -- gen_context(system_u:object_r:crontab_exec_t,s0)
/usr/bin/(f)?crontab -- gen_context(system_u:object_r:crontab_exec_t,s0)
@@ -4410,7 +4418,7 @@
+/var/lib/misc(/.*)? gen_context(system_u:object_r:crond_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.5.2/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/cron.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/cron.if 2007-02-12 11:24:49.000000000 -0500
@@ -35,6 +35,7 @@
#
template(`cron_per_role_template',`
@@ -4590,7 +4598,7 @@
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.5.2/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/cron.te 2007-02-01 15:59:18.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/cron.te 2007-02-12 11:24:49.000000000 -0500
@@ -11,9 +11,6 @@
#
attribute cron_spool_type;
@@ -4732,7 +4740,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.5.2/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/cups.te 2007-02-06 11:27:59.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/cups.te 2007-02-12 11:24:49.000000000 -0500
@@ -120,6 +120,8 @@
manage_files_pattern(cupsd_t,cupsd_tmp_t,cupsd_tmp_t)
manage_fifo_files_pattern(cupsd_t,cupsd_tmp_t,cupsd_tmp_t)
@@ -4770,7 +4778,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.5.2/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/cvs.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/cvs.te 2007-02-12 11:24:49.000000000 -0500
@@ -9,6 +9,7 @@
type cvs_t;
type cvs_exec_t;
@@ -4781,7 +4789,7 @@
type cvs_data_t; # customizable
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.5.2/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/dbus.if 2007-01-29 17:30:43.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/dbus.if 2007-02-12 11:24:49.000000000 -0500
@@ -69,13 +69,14 @@
# Local policy
#
@@ -4900,7 +4908,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-2.5.2/policy/modules/services/dbus.te
--- nsaserefpolicy/policy/modules/services/dbus.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/dbus.te 2007-02-06 11:32:13.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/dbus.te 2007-02-12 11:24:49.000000000 -0500
@@ -114,6 +114,7 @@
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(system_dbusd_t)
@@ -4911,7 +4919,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-2.5.2/policy/modules/services/dhcp.te
--- nsaserefpolicy/policy/modules/services/dhcp.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/dhcp.te 2007-01-29 17:31:09.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/dhcp.te 2007-02-12 11:24:49.000000000 -0500
@@ -125,6 +125,8 @@
dbus_system_bus_client_template(dhcpd,dhcpd_t)
dbus_connect_system_bus(dhcpd_t)
@@ -4923,7 +4931,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.5.2/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/dovecot.te 2007-02-06 11:28:22.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/dovecot.te 2007-02-12 11:24:49.000000000 -0500
@@ -125,6 +125,7 @@
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(dovecot_t)
@@ -4934,7 +4942,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.if serefpolicy-2.5.2/policy/modules/services/ftp.if
--- nsaserefpolicy/policy/modules/services/ftp.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/ftp.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/ftp.if 2007-02-12 11:24:49.000000000 -0500
@@ -24,6 +24,10 @@
## </param>
#
@@ -4948,7 +4956,7 @@
userdom_manage_user_home_content_symlinks($1,ftpd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.5.2/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/ftp.te 2007-02-06 11:43:23.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/ftp.te 2007-02-12 11:24:49.000000000 -0500
@@ -102,6 +102,8 @@
corenet_tcp_bind_ftp_port(ftpd_t)
corenet_tcp_bind_ftp_data_port(ftpd_t)
@@ -5004,7 +5012,7 @@
tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-2.5.2/policy/modules/services/gpm.te
--- nsaserefpolicy/policy/modules/services/gpm.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/gpm.te 2007-02-06 11:28:47.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/gpm.te 2007-02-12 11:24:49.000000000 -0500
@@ -78,6 +78,7 @@
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(gpm_t)
@@ -5015,7 +5023,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-2.5.2/policy/modules/services/hal.fc
--- nsaserefpolicy/policy/modules/services/hal.fc 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/hal.fc 2007-02-08 08:42:33.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/hal.fc 2007-02-12 11:24:49.000000000 -0500
@@ -8,4 +8,6 @@
/var/lib/hal(/.*)? gen_context(system_u:object_r:hald_var_lib_t,s0)
@@ -5025,7 +5033,7 @@
/var/run/haldaemon.pid -- gen_context(system_u:object_r:hald_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-2.5.2/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/hal.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/hal.if 2007-02-12 11:24:49.000000000 -0500
@@ -171,3 +171,41 @@
files_search_pids($1)
allow $1 hald_var_run_t:file rw_file_perms;
@@ -5070,7 +5078,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.5.2/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/hal.te 2007-02-11 11:15:43.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/hal.te 2007-02-12 11:24:49.000000000 -0500
@@ -16,6 +16,9 @@
type hald_var_run_t;
files_pid_file(hald_var_run_t)
@@ -5119,7 +5127,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.te serefpolicy-2.5.2/policy/modules/services/inetd.te
--- nsaserefpolicy/policy/modules/services/inetd.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/inetd.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/inetd.te 2007-02-12 11:24:49.000000000 -0500
@@ -37,10 +37,11 @@
allow inetd_t self:capability { setuid setgid };
@@ -5209,7 +5217,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/irqbalance.te serefpolicy-2.5.2/policy/modules/services/irqbalance.te
--- nsaserefpolicy/policy/modules/services/irqbalance.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/irqbalance.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/irqbalance.te 2007-02-12 11:24:49.000000000 -0500
@@ -18,12 +18,16 @@
# Local policy
#
@@ -5229,7 +5237,7 @@
kernel_rw_irq_sysctls(irqbalance_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-2.5.2/policy/modules/services/kerberos.if
--- nsaserefpolicy/policy/modules/services/kerberos.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/kerberos.if 2007-02-12 10:46:14.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/kerberos.if 2007-02-12 11:24:49.000000000 -0500
@@ -41,6 +41,7 @@
allow $1 krb5_conf_t:file { getattr read };
dontaudit $1 krb5_conf_t:file write;
@@ -5248,7 +5256,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-2.5.2/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/kerberos.te 2007-02-01 14:38:45.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/kerberos.te 2007-02-12 11:24:49.000000000 -0500
@@ -154,10 +154,11 @@
# Use capabilities. Surplus capabilities may be allowed.
allow krb5kdc_t self:capability { setuid setgid net_admin chown fowner dac_override sys_nice };
@@ -5277,7 +5285,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.fc serefpolicy-2.5.2/policy/modules/services/ktalk.fc
--- nsaserefpolicy/policy/modules/services/ktalk.fc 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/ktalk.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/ktalk.fc 2007-02-12 11:24:49.000000000 -0500
@@ -1,4 +1,5 @@
-/usr/bin/in\.talkd -- gen_context(system_u:object_r:ktalkd_exec_t,s0)
@@ -5287,7 +5295,7 @@
/var/log/talkd.* -- gen_context(system_u:object_r:ktalkd_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-2.5.2/policy/modules/services/ktalk.te
--- nsaserefpolicy/policy/modules/services/ktalk.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/ktalk.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/ktalk.te 2007-02-12 11:24:49.000000000 -0500
@@ -84,3 +84,8 @@
optional_policy(`
nscd_socket_use(ktalkd_t)
@@ -5299,7 +5307,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-2.5.2/policy/modules/services/lpd.if
--- nsaserefpolicy/policy/modules/services/lpd.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/lpd.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/lpd.if 2007-02-12 11:24:49.000000000 -0500
@@ -64,31 +64,33 @@
allow $1_lpr_t self:udp_socket create_socket_perms;
allow $1_lpr_t self:netlink_route_socket r_netlink_socket_perms;
@@ -5374,7 +5382,7 @@
userdom_read_all_untrusted_content($1_lpr_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-2.5.2/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/mta.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/mta.if 2007-02-12 11:24:49.000000000 -0500
@@ -40,6 +40,11 @@
#
template(`mta_base_mail_template',`
@@ -5400,7 +5408,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.5.2/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/mta.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/mta.te 2007-02-12 11:24:49.000000000 -0500
@@ -27,6 +27,7 @@
type sendmail_exec_t;
@@ -5419,7 +5427,7 @@
typealias system_mail_t alias sysadm_mail_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.5.2/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/networkmanager.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/networkmanager.te 2007-02-12 11:24:49.000000000 -0500
@@ -119,6 +119,8 @@
term_dontaudit_use_unallocated_ttys(NetworkManager_t)
term_dontaudit_use_generic_ptys(NetworkManager_t)
@@ -5431,7 +5439,7 @@
unconfined_rw_pipes(NetworkManager_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-2.5.2/policy/modules/services/nis.fc
--- nsaserefpolicy/policy/modules/services/nis.fc 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/nis.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/nis.fc 2007-02-12 11:24:49.000000000 -0500
@@ -6,7 +6,7 @@
/usr/lib/yp/ypxfr -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
@@ -5443,7 +5451,7 @@
/var/yp(/.*)? gen_context(system_u:object_r:var_yp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-2.5.2/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/nis.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/nis.if 2007-02-12 11:24:49.000000000 -0500
@@ -52,10 +52,13 @@
corenet_udp_bind_reserved_port($1)
corenet_dontaudit_tcp_bind_all_reserved_ports($1)
@@ -5469,7 +5477,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-2.5.2/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/nis.te 2007-02-05 15:59:38.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/nis.te 2007-02-12 11:24:49.000000000 -0500
@@ -285,6 +285,7 @@
domain_use_interactive_fds(ypserv_t)
@@ -5519,7 +5527,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-2.5.2/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/nscd.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/nscd.if 2007-02-12 11:24:49.000000000 -0500
@@ -173,3 +173,23 @@
allow $1 nscd_t:nscd *;
@@ -5546,7 +5554,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-2.5.2/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/nscd.te 2007-02-06 11:35:52.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/nscd.te 2007-02-12 11:24:49.000000000 -0500
@@ -35,7 +35,6 @@
allow nscd_t self:unix_stream_socket create_stream_socket_perms;
allow nscd_t self:unix_dgram_socket create_socket_perms;
@@ -5603,7 +5611,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.5.2/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/ntp.te 2007-02-06 11:36:07.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/ntp.te 2007-02-12 11:24:49.000000000 -0500
@@ -119,6 +119,7 @@
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(ntpd_t)
@@ -5612,9 +5620,33 @@
files_dontaudit_read_root_files(ntpd_t)
optional_policy(`
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openca.if serefpolicy-2.5.2/policy/modules/services/openca.if
+--- nsaserefpolicy/policy/modules/services/openca.if 2007-02-12 10:26:03.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/openca.if 2007-01-25 08:56:52.000000000 -0500
+@@ -17,8 +17,8 @@
+ ')
+
+ domtrans_pattern($1,openca_ca_exec_t,openca_ca_t)
+- allow $1 openca_usr_share_t:dir search_dir_perms;
+- files_search_usr($1)
++ allow httpd_t openca_usr_share_t:dir search_dir_perms;
++ files_search_usr(httpd_t)
+ ')
+
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openca.te serefpolicy-2.5.2/policy/modules/services/openca.te
+--- nsaserefpolicy/policy/modules/services/openca.te 2007-02-12 10:26:03.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/openca.te 2007-01-25 08:56:52.000000000 -0500
+@@ -1,5 +1,5 @@
+
+-policy_module(openca,1.0.1)
++policy_module(openca,1.0.0)
+
+ ########################################
+ #
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-2.5.2/policy/modules/services/openvpn.te
--- nsaserefpolicy/policy/modules/services/openvpn.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/openvpn.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/openvpn.te 2007-02-12 11:24:49.000000000 -0500
@@ -28,11 +28,11 @@
# openvpn local policy
#
@@ -5631,7 +5663,7 @@
allow openvpn_t openvpn_etc_t:dir list_dir_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.fc serefpolicy-2.5.2/policy/modules/services/pcscd.fc
--- nsaserefpolicy/policy/modules/services/pcscd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/pcscd.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/pcscd.fc 2007-02-12 11:24:49.000000000 -0500
@@ -0,0 +1,9 @@
+# pcscd executable will have:
+# label: system_u:object_r:pcscd_exec_t
@@ -5644,7 +5676,7 @@
+/var/run/pcscd\.comm -s gen_context(system_u:object_r:pcscd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.if serefpolicy-2.5.2/policy/modules/services/pcscd.if
--- nsaserefpolicy/policy/modules/services/pcscd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/pcscd.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/pcscd.if 2007-02-12 11:24:49.000000000 -0500
@@ -0,0 +1,58 @@
+## <summary>policy for pcscd</summary>
+
@@ -5706,7 +5738,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-2.5.2/policy/modules/services/pcscd.te
--- nsaserefpolicy/policy/modules/services/pcscd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/pcscd.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/pcscd.te 2007-02-12 11:24:49.000000000 -0500
@@ -0,0 +1,78 @@
+policy_module(pcscd,1.0.0)
+
@@ -5788,7 +5820,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.5.2/policy/modules/services/pegasus.if
--- nsaserefpolicy/policy/modules/services/pegasus.if 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/pegasus.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/pegasus.if 2007-02-12 11:24:49.000000000 -0500
@@ -1 +1,28 @@
## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
+
@@ -5820,7 +5852,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.5.2/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/pegasus.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/pegasus.te 2007-02-12 11:24:49.000000000 -0500
@@ -99,13 +99,12 @@
auth_use_nsswitch(pegasus_t)
@@ -5839,7 +5871,7 @@
hostname_exec(pegasus_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portmap.te serefpolicy-2.5.2/policy/modules/services/portmap.te
--- nsaserefpolicy/policy/modules/services/portmap.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/portmap.te 2007-02-06 11:36:25.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/portmap.te 2007-02-12 11:24:49.000000000 -0500
@@ -96,6 +96,7 @@
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(portmap_t)
@@ -5850,7 +5882,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-2.5.2/policy/modules/services/postfix.fc
--- nsaserefpolicy/policy/modules/services/postfix.fc 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/postfix.fc 2007-01-25 09:49:55.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/postfix.fc 2007-02-12 11:24:49.000000000 -0500
@@ -9,6 +9,7 @@
/usr/libexec/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
/usr/libexec/postfix/showq -- gen_context(system_u:object_r:postfix_showq_exec_t,s0)
@@ -5861,7 +5893,7 @@
/usr/libexec/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.5.2/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/postfix.te 2007-02-08 08:48:06.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/postfix.te 2007-02-12 11:24:49.000000000 -0500
@@ -173,9 +173,12 @@
mta_rw_aliases(postfix_master_t)
mta_read_sendmail_bin(postfix_master_t)
@@ -5885,7 +5917,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.5.2/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/procmail.te 2007-02-12 09:06:52.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/procmail.te 2007-02-12 11:24:49.000000000 -0500
@@ -10,6 +10,7 @@
type procmail_exec_t;
domain_type(procmail_t)
@@ -5921,7 +5953,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-2.5.2/policy/modules/services/pyzor.if
--- nsaserefpolicy/policy/modules/services/pyzor.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/pyzor.if 2007-01-25 10:09:40.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/pyzor.if 2007-02-12 11:24:49.000000000 -0500
@@ -64,6 +64,10 @@
## </param>
#
@@ -5935,7 +5967,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-2.5.2/policy/modules/services/pyzor.te
--- nsaserefpolicy/policy/modules/services/pyzor.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/pyzor.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/pyzor.te 2007-02-12 11:24:49.000000000 -0500
@@ -65,6 +65,10 @@
amavis_manage_spool_files(pyzor_t)
')
@@ -5949,7 +5981,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-2.5.2/policy/modules/services/radvd.te
--- nsaserefpolicy/policy/modules/services/radvd.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/radvd.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/radvd.te 2007-02-12 11:24:49.000000000 -0500
@@ -28,7 +28,7 @@
allow radvd_t self:tcp_socket create_stream_socket_perms;
allow radvd_t self:udp_socket create_socket_perms;
@@ -5961,7 +5993,7 @@
files_pid_filetrans(radvd_t,radvd_var_run_t,file)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-2.5.2/policy/modules/services/razor.if
--- nsaserefpolicy/policy/modules/services/razor.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/razor.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/razor.if 2007-02-12 11:24:49.000000000 -0500
@@ -23,6 +23,12 @@
## </param>
#
@@ -5987,7 +6019,7 @@
domain_type($1_razor_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-2.5.2/policy/modules/services/razor.te
--- nsaserefpolicy/policy/modules/services/razor.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/razor.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/razor.te 2007-02-12 11:24:49.000000000 -0500
@@ -10,7 +10,6 @@
type razor_exec_t;
domain_type(razor_t)
@@ -6006,7 +6038,7 @@
# Local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rdisc.te serefpolicy-2.5.2/policy/modules/services/rdisc.te
--- nsaserefpolicy/policy/modules/services/rdisc.te 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/rdisc.te 2007-02-06 11:38:55.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/rdisc.te 2007-02-12 11:24:49.000000000 -0500
@@ -58,6 +58,7 @@
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(rdisc_t)
@@ -6017,7 +6049,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.if serefpolicy-2.5.2/policy/modules/services/rhgb.if
--- nsaserefpolicy/policy/modules/services/rhgb.if 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/rhgb.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/rhgb.if 2007-02-12 11:24:49.000000000 -0500
@@ -124,3 +124,79 @@
allow $1 rhgb_tmpfs_t:file { read write };
@@ -6100,7 +6132,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-2.5.2/policy/modules/services/rhgb.te
--- nsaserefpolicy/policy/modules/services/rhgb.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/rhgb.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/rhgb.te 2007-02-12 11:24:49.000000000 -0500
@@ -114,6 +114,8 @@
xserver_kill_xdm_xserver(rhgb_t)
# for running setxkbmap
@@ -6120,7 +6152,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.5.2/policy/modules/services/ricci.te
--- nsaserefpolicy/policy/modules/services/ricci.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/ricci.te 2007-02-01 15:33:53.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/ricci.te 2007-02-12 11:24:49.000000000 -0500
@@ -74,6 +74,9 @@
domain_entry_file(ricci_modstorage_t, ricci_modstorage_exec_t)
role system_r types ricci_modstorage_t;
@@ -6212,7 +6244,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-2.5.2/policy/modules/services/rlogin.te
--- nsaserefpolicy/policy/modules/services/rlogin.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/rlogin.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/rlogin.te 2007-02-12 11:24:49.000000000 -0500
@@ -61,6 +61,7 @@
dev_read_urand(rlogind_t)
@@ -6242,7 +6274,7 @@
ifdef(`TODO',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.fc serefpolicy-2.5.2/policy/modules/services/rpc.fc
--- nsaserefpolicy/policy/modules/services/rpc.fc 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/rpc.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/rpc.fc 2007-02-12 11:24:49.000000000 -0500
@@ -11,7 +11,6 @@
#
# /usr
@@ -6253,7 +6285,7 @@
/usr/sbin/rpc\.mountd -- gen_context(system_u:object_r:nfsd_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.5.2/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/rpc.te 2007-02-06 11:35:20.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/rpc.te 2007-02-12 11:24:49.000000000 -0500
@@ -54,6 +54,7 @@
fs_read_rpc_symlinks(rpcd_t)
fs_read_rpc_sockets(rpcd_t)
@@ -6330,7 +6362,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-2.5.2/policy/modules/services/rsync.te
--- nsaserefpolicy/policy/modules/services/rsync.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/rsync.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/rsync.te 2007-02-12 11:24:49.000000000 -0500
@@ -9,6 +9,7 @@
type rsync_t;
type rsync_exec_t;
@@ -6341,7 +6373,7 @@
type rsync_data_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.5.2/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/samba.te 2007-02-06 11:44:08.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/samba.te 2007-02-12 11:24:49.000000000 -0500
@@ -288,6 +288,7 @@
files_dontaudit_read_root_files(smbd_t)
term_dontaudit_use_generic_ptys(smbd_t)
@@ -6378,7 +6410,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-2.5.2/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/sasl.te 2007-02-06 11:40:41.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/sasl.te 2007-02-12 11:24:49.000000000 -0500
@@ -83,6 +83,7 @@
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(saslauthd_t)
@@ -6389,7 +6421,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-2.5.2/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/sendmail.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/sendmail.te 2007-02-12 11:24:49.000000000 -0500
@@ -140,6 +140,10 @@
udev_read_db(sendmail_t)
')
@@ -6403,7 +6435,7 @@
allow sendmail_t etc_mail_t:file manage_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-2.5.2/policy/modules/services/setroubleshoot.if
--- nsaserefpolicy/policy/modules/services/setroubleshoot.if 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/setroubleshoot.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/setroubleshoot.if 2007-02-12 11:24:49.000000000 -0500
@@ -1 +1,21 @@
## <summary>SELinux troubleshooting service</summary>
+
@@ -6428,7 +6460,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.5.2/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/setroubleshoot.te 2007-02-11 14:52:46.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/setroubleshoot.te 2007-02-12 11:24:49.000000000 -0500
@@ -53,6 +53,7 @@
kernel_read_kernel_sysctls(setroubleshootd_t)
@@ -6457,7 +6489,7 @@
term_dontaudit_use_generic_ptys(setroubleshootd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-2.5.2/policy/modules/services/smartmon.te
--- nsaserefpolicy/policy/modules/services/smartmon.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/smartmon.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/smartmon.te 2007-02-12 11:24:49.000000000 -0500
@@ -60,6 +60,7 @@
fs_search_auto_mountpoints(fsdaemon_t)
@@ -6468,7 +6500,7 @@
storage_raw_write_fixed_disk(fsdaemon_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-2.5.2/policy/modules/services/snmp.if
--- nsaserefpolicy/policy/modules/services/snmp.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/snmp.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/snmp.if 2007-02-12 11:24:49.000000000 -0500
@@ -66,3 +66,20 @@
dontaudit $1 snmpd_var_lib_t:file read_file_perms;
dontaudit $1 snmpd_var_lib_t:lnk_file { getattr read };
@@ -6492,7 +6524,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-2.5.2/policy/modules/services/snmp.te
--- nsaserefpolicy/policy/modules/services/snmp.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/snmp.te 2007-02-06 11:42:13.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/snmp.te 2007-02-12 11:24:49.000000000 -0500
@@ -127,6 +127,7 @@
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(snmpd_t)
@@ -6508,7 +6540,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-2.5.2/policy/modules/services/spamassassin.fc
--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/spamassassin.fc 2007-02-01 15:50:05.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/spamassassin.fc 2007-02-12 11:24:49.000000000 -0500
@@ -7,6 +7,7 @@
/usr/sbin/spamd -- gen_context(system_u:object_r:spamd_exec_t,s0)
@@ -6519,7 +6551,7 @@
HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:ROLE_spamassassin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-2.5.2/policy/modules/services/spamassassin.if
--- nsaserefpolicy/policy/modules/services/spamassassin.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/spamassassin.if 2007-02-12 09:06:28.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/spamassassin.if 2007-02-12 11:24:49.000000000 -0500
@@ -35,6 +35,12 @@
# toggled on activation of spamc, and similarly for spamd.
template(`spamassassin_per_role_template',`
@@ -6581,7 +6613,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.5.2/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/spamassassin.te 2007-02-06 11:42:29.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/spamassassin.te 2007-02-12 11:24:49.000000000 -0500
@@ -8,7 +8,7 @@
# spamassassin client executable
@@ -6649,7 +6681,7 @@
userdom_manage_generic_user_home_content_symlinks(spamd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-2.5.2/policy/modules/services/squid.fc
--- nsaserefpolicy/policy/modules/services/squid.fc 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/squid.fc 2007-01-25 14:49:22.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/squid.fc 2007-02-12 11:24:49.000000000 -0500
@@ -12,3 +12,4 @@
/var/run/squid\.pid -- gen_context(system_u:object_r:squid_var_run_t,s0)
@@ -6657,7 +6689,7 @@
+/usr/lib/squid/cachemgr\.cgi -- gen_context(system_u:object_r:httpd_squid_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-2.5.2/policy/modules/services/squid.if
--- nsaserefpolicy/policy/modules/services/squid.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/squid.if 2007-01-25 14:47:00.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/squid.if 2007-02-12 11:24:49.000000000 -0500
@@ -36,7 +36,7 @@
')
@@ -6669,7 +6701,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-2.5.2/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/squid.te 2007-01-25 14:48:22.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/squid.te 2007-02-12 11:24:49.000000000 -0500
@@ -178,3 +178,12 @@
#squid requires the following when run in diskd mode, the recommended setting
allow squid_t tmpfs_t:file { read write };
@@ -6685,7 +6717,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-2.5.2/policy/modules/services/ssh.fc
--- nsaserefpolicy/policy/modules/services/ssh.fc 2006-11-16 17:15:20.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/ssh.fc 2007-01-26 13:44:51.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/ssh.fc 2007-02-12 11:24:49.000000000 -0500
@@ -12,8 +12,6 @@
/var/run/sshd\.init\.pid -- gen_context(system_u:object_r:sshd_var_run_t,s0)
@@ -6697,7 +6729,7 @@
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-2.5.2/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/ssh.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/ssh.if 2007-02-12 11:24:49.000000000 -0500
@@ -37,9 +37,7 @@
attribute ssh_server;
type ssh_exec_t, sshd_key_t;
@@ -6818,7 +6850,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.5.2/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/ssh.te 2007-02-03 18:25:02.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/ssh.te 2007-02-12 11:24:49.000000000 -0500
@@ -10,7 +10,7 @@
# ssh client executable.
@@ -7022,7 +7054,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-2.5.2/policy/modules/services/uucp.te
--- nsaserefpolicy/policy/modules/services/uucp.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/uucp.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/uucp.te 2007-02-12 11:24:49.000000000 -0500
@@ -120,6 +120,7 @@
uucp_append_log(uux_t)
uucp_manage_spool(uux_t)
@@ -7038,7 +7070,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xfs.te serefpolicy-2.5.2/policy/modules/services/xfs.te
--- nsaserefpolicy/policy/modules/services/xfs.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/xfs.te 2007-02-06 11:44:30.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/xfs.te 2007-02-12 11:24:49.000000000 -0500
@@ -81,6 +81,7 @@
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(xfs_t)
@@ -7049,7 +7081,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-2.5.2/policy/modules/services/xserver.fc
--- nsaserefpolicy/policy/modules/services/xserver.fc 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/xserver.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/xserver.fc 2007-02-12 11:24:49.000000000 -0500
@@ -44,7 +44,7 @@
# /tmp
#
@@ -7061,7 +7093,7 @@
/tmp/\.X11-unix/.* -s <<none>>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.5.2/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/xserver.if 2007-02-12 08:06:40.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/xserver.if 2007-02-12 11:24:49.000000000 -0500
@@ -45,7 +45,7 @@
# execheap needed until the X module loader is fixed.
# NVIDIA Needs execstack
@@ -7308,7 +7340,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.5.2/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/services/xserver.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/services/xserver.te 2007-02-12 11:24:49.000000000 -0500
@@ -10,9 +10,6 @@
attribute fonts_cache_type;
attribute fonts_config_type;
@@ -7387,7 +7419,7 @@
unconfined_domain_noaudit(xdm_xserver_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.5.2/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/authlogin.if 2007-01-26 15:54:21.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/authlogin.if 2007-02-12 11:24:49.000000000 -0500
@@ -152,21 +152,12 @@
## </param>
#
@@ -7528,7 +7560,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.5.2/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/authlogin.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/authlogin.te 2007-02-12 11:24:49.000000000 -0500
@@ -9,6 +9,7 @@
attribute can_read_shadow_passwords;
attribute can_write_shadow_passwords;
@@ -7548,7 +7580,7 @@
corecmd_search_sbin(system_chkpwd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/clock.te serefpolicy-2.5.2/policy/modules/system/clock.te
--- nsaserefpolicy/policy/modules/system/clock.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/clock.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/clock.te 2007-02-12 11:24:49.000000000 -0500
@@ -32,8 +32,7 @@
allow hwclock_t adjtime_t:file { rw_file_perms setattr };
@@ -7561,7 +7593,7 @@
corecmd_exec_shell(hwclock_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-2.5.2/policy/modules/system/fstools.fc
--- nsaserefpolicy/policy/modules/system/fstools.fc 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/fstools.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/fstools.fc 2007-02-12 11:24:49.000000000 -0500
@@ -19,7 +19,6 @@
/sbin/mkfs.* -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/mkraid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -7572,7 +7604,7 @@
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.5.2/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/fstools.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/fstools.te 2007-02-12 11:24:49.000000000 -0500
@@ -9,7 +9,7 @@
type fsadm_t;
type fsadm_exec_t;
@@ -7602,7 +7634,7 @@
kernel_read_kernel_sysctls(fsadm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-2.5.2/policy/modules/system/getty.te
--- nsaserefpolicy/policy/modules/system/getty.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/getty.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/getty.te 2007-02-12 11:24:49.000000000 -0500
@@ -33,9 +33,11 @@
#
@@ -7638,7 +7670,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.5.2/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/hostname.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/hostname.te 2007-02-12 11:24:49.000000000 -0500
@@ -8,8 +8,12 @@
type hostname_t;
@@ -7667,7 +7699,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplug.te serefpolicy-2.5.2/policy/modules/system/hotplug.te
--- nsaserefpolicy/policy/modules/system/hotplug.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/hotplug.te 2007-02-06 11:33:22.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/hotplug.te 2007-02-12 11:24:49.000000000 -0500
@@ -133,6 +133,7 @@
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(hotplug_t)
@@ -7678,7 +7710,7 @@
consoletype_exec(hotplug_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.5.2/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/init.if 2007-02-12 09:46:01.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/init.if 2007-02-12 11:25:43.000000000 -0500
@@ -202,11 +202,14 @@
gen_require(`
type initrc_t;
@@ -7694,7 +7726,7 @@
role system_r types $1;
domtrans_pattern(initrc_t,$2,$1)
-@@ -1275,3 +1278,83 @@
+@@ -1275,3 +1278,62 @@
files_search_pids($1)
allow $1 initrc_var_run_t:file manage_file_perms;
')
@@ -7721,27 +7753,6 @@
+
+########################################
+## <summary>
-+##
-+## </summary>
-+## <param name="domain">
-+## <summary>
-+## Domain allowed access.
-+## </summary>
-+## </param>
-+#
-+interface(`init_use_fds',`
-+ gen_require(`
-+ type init_t;
-+
-+ # cjp: remove this when init_t decl is moved back to this module
-+ attribute direct_run_init;
-+ ')
-+
-+ allow $1 init_t:fd use;
-+')
-+
-+########################################
-+## <summary>
+## Read the process state (/proc/pid) of init.
+## </summary>
+## <param name="domain">
@@ -7780,7 +7791,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.5.2/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/init.te 2007-01-29 17:40:17.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/init.te 2007-02-12 11:24:49.000000000 -0500
@@ -125,6 +125,7 @@
# file descriptors inherited from the rootfs:
files_dontaudit_rw_root_files(init_t)
@@ -7886,7 +7897,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-2.5.2/policy/modules/system/ipsec.fc
--- nsaserefpolicy/policy/modules/system/ipsec.fc 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/ipsec.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/ipsec.fc 2007-02-12 11:24:49.000000000 -0500
@@ -7,7 +7,8 @@
/etc/ipsec\.d(/.*)? gen_context(system_u:object_r:ipsec_key_file_t,s0)
@@ -7909,7 +7920,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-2.5.2/policy/modules/system/ipsec.if
--- nsaserefpolicy/policy/modules/system/ipsec.if 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/ipsec.if 2007-01-26 17:00:37.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/ipsec.if 2007-02-12 11:24:49.000000000 -0500
@@ -111,3 +111,103 @@
files_search_pids($1)
manage_files_pattern($1,ipsec_var_run_t,ipsec_var_run_t)
@@ -8016,7 +8027,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-2.5.2/policy/modules/system/ipsec.te
--- nsaserefpolicy/policy/modules/system/ipsec.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/ipsec.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/ipsec.te 2007-02-12 11:24:49.000000000 -0500
@@ -6,6 +6,16 @@
# Declarations
#
@@ -8142,7 +8153,7 @@
+kernel_read_network_state(racoon_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-2.5.2/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/iptables.te 2007-02-06 11:30:20.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/iptables.te 2007-02-12 11:24:49.000000000 -0500
@@ -79,7 +79,13 @@
ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_ttys(iptables_t)
@@ -8167,7 +8178,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.5.2/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/libraries.fc 2007-02-06 10:34:29.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/libraries.fc 2007-02-12 11:24:49.000000000 -0500
@@ -79,6 +79,8 @@
/opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/opt/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:shlib_t,s0)
@@ -8193,7 +8204,7 @@
+/usr/lib64/python2.4/site-packages/M2Crypto/__m2crypto.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.5.2/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/locallogin.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/locallogin.te 2007-02-12 11:24:49.000000000 -0500
@@ -48,6 +48,8 @@
allow local_login_t self:msgq create_msgq_perms;
allow local_login_t self:msg { send receive };
@@ -8223,7 +8234,7 @@
corecmd_read_sbin_symlinks(local_login_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.5.2/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/logging.te 2007-02-08 08:45:47.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/logging.te 2007-02-12 11:24:49.000000000 -0500
@@ -104,7 +104,7 @@
# Auditd local policy
#
@@ -8276,7 +8287,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.if serefpolicy-2.5.2/policy/modules/system/lvm.if
--- nsaserefpolicy/policy/modules/system/lvm.if 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/lvm.if 2007-01-26 11:17:17.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/lvm.if 2007-02-12 11:24:49.000000000 -0500
@@ -63,10 +63,31 @@
#
interface(`lvm_read_config',`
@@ -8312,7 +8323,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.5.2/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/lvm.te 2007-02-06 11:30:46.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/lvm.te 2007-02-12 11:24:49.000000000 -0500
@@ -44,14 +44,20 @@
# Cluster LVM daemon local policy
#
@@ -8449,7 +8460,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-2.5.2/policy/modules/system/miscfiles.fc
--- nsaserefpolicy/policy/modules/system/miscfiles.fc 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/miscfiles.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/miscfiles.fc 2007-02-12 11:24:49.000000000 -0500
@@ -74,3 +74,5 @@
/var/lib/msttcorefonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
/var/lib/usbutils(/.*)? gen_context(system_u:object_r:hwdata_t,s0)
@@ -8458,7 +8469,7 @@
+/var/empty/sshd/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-2.5.2/policy/modules/system/miscfiles.if
--- nsaserefpolicy/policy/modules/system/miscfiles.if 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/miscfiles.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/miscfiles.if 2007-02-12 11:24:49.000000000 -0500
@@ -138,6 +138,44 @@
########################################
@@ -8551,7 +8562,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-2.5.2/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/modutils.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/modutils.te 2007-02-12 11:24:49.000000000 -0500
@@ -54,6 +54,8 @@
can_exec(insmod_t, insmod_exec_t)
@@ -8599,7 +8610,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.5.2/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/mount.te 2007-01-25 14:14:26.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/mount.te 2007-02-12 11:24:49.000000000 -0500
@@ -9,6 +9,7 @@
type mount_t;
type mount_exec_t;
@@ -8636,7 +8647,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-2.5.2/policy/modules/system/raid.te
--- nsaserefpolicy/policy/modules/system/raid.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/raid.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/raid.te 2007-02-12 11:24:49.000000000 -0500
@@ -93,3 +93,7 @@
optional_policy(`
udev_read_db(mdadm_t)
@@ -8647,7 +8658,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.5.2/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/selinuxutil.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/selinuxutil.fc 2007-02-12 11:24:49.000000000 -0500
@@ -40,7 +40,9 @@
/usr/sbin/setfiles.* -- gen_context(system_u:object_r:setfiles_exec_t,s0)
/usr/sbin/setsebool -- gen_context(system_u:object_r:semanage_exec_t,s0)
@@ -8660,7 +8671,7 @@
# /var/run
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.5.2/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/selinuxutil.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/selinuxutil.if 2007-02-12 11:24:49.000000000 -0500
@@ -682,6 +682,7 @@
')
@@ -8789,7 +8800,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.5.2/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/selinuxutil.te 2007-02-08 09:32:54.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/selinuxutil.te 2007-02-12 11:24:49.000000000 -0500
@@ -1,10 +1,8 @@
policy_module(selinuxutil,1.4.0)
@@ -9023,7 +9034,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-2.5.2/policy/modules/system/setrans.te
--- nsaserefpolicy/policy/modules/system/setrans.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/setrans.te 2007-02-06 11:31:35.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/setrans.te 2007-02-12 11:24:49.000000000 -0500
@@ -65,6 +65,7 @@
term_dontaudit_use_generic_ptys(setrans_t)
@@ -9034,7 +9045,7 @@
init_dontaudit_use_script_ptys(setrans_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.5.2/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/sysnetwork.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/sysnetwork.te 2007-02-12 11:24:49.000000000 -0500
@@ -326,6 +326,9 @@
ifdef(`targeted_policy',`
term_use_generic_ptys(ifconfig_t)
@@ -9047,14 +9058,14 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/tzdata.fc serefpolicy-2.5.2/policy/modules/system/tzdata.fc
--- nsaserefpolicy/policy/modules/system/tzdata.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/tzdata.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/tzdata.fc 2007-02-12 11:24:49.000000000 -0500
@@ -0,0 +1,3 @@
+# tzdata executable will have:
+
+/usr/sbin/tzdata-update -- gen_context(system_u:object_r:tzdata_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/tzdata.if serefpolicy-2.5.2/policy/modules/system/tzdata.if
--- nsaserefpolicy/policy/modules/system/tzdata.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/tzdata.if 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/tzdata.if 2007-02-12 11:24:49.000000000 -0500
@@ -0,0 +1,19 @@
+## <summary>policy for tzdata</summary>
+
@@ -9077,7 +9088,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/tzdata.te serefpolicy-2.5.2/policy/modules/system/tzdata.te
--- nsaserefpolicy/policy/modules/system/tzdata.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/tzdata.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/tzdata.te 2007-02-12 11:24:49.000000000 -0500
@@ -0,0 +1,41 @@
+policy_module(tzdata,1.0.0)
+
@@ -9122,7 +9133,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-2.5.2/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/unconfined.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/unconfined.fc 2007-02-12 11:24:49.000000000 -0500
@@ -9,4 +9,6 @@
/usr/bin/valgrind -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/local/RealPlayer/realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
@@ -9132,7 +9143,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.5.2/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/unconfined.if 2007-01-25 13:56:01.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/unconfined.if 2007-02-12 11:24:49.000000000 -0500
@@ -31,6 +31,7 @@
allow $1 self:nscd *;
allow $1 self:dbus *;
@@ -9151,7 +9162,7 @@
# Allow making the stack executable via mprotect.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.5.2/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/unconfined.te 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/unconfined.te 2007-02-12 11:24:49.000000000 -0500
@@ -63,6 +63,10 @@
')
@@ -9206,7 +9217,7 @@
init_dbus_chat_script(unconfined_execmem_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-2.5.2/policy/modules/system/userdomain.fc
--- nsaserefpolicy/policy/modules/system/userdomain.fc 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/userdomain.fc 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/userdomain.fc 2007-02-12 11:24:49.000000000 -0500
@@ -1,11 +1,4 @@
-ifdef(`strict_policy',`
HOME_DIR -d gen_context(system_u:object_r:ROLE_home_dir_t,s0-mls_systemhigh)
@@ -9221,7 +9232,7 @@
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.5.2/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/userdomain.if 2007-01-26 16:18:45.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/userdomain.if 2007-02-12 11:24:49.000000000 -0500
@@ -102,6 +102,9 @@
libs_exec_ld_so($1_t)
@@ -10042,7 +10053,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.5.2/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/userdomain.te 2007-01-25 11:54:40.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/userdomain.te 2007-02-12 11:24:49.000000000 -0500
@@ -24,6 +24,9 @@
# users home directory contents
attribute home_type;
@@ -10148,7 +10159,7 @@
usermanage_run_useradd(sysadm_t,sysadm_r,admin_terminal)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.5.2/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.2/policy/modules/system/xen.te 2007-02-06 11:15:27.000000000 -0500
++++ serefpolicy-2.5.2/policy/modules/system/xen.te 2007-02-12 11:24:49.000000000 -0500
@@ -166,8 +166,13 @@
files_manage_etc_runtime_files(xend_t)
files_etc_filetrans_etc_runtime(xend_t,file)
@@ -10203,7 +10214,7 @@
+fs_read_dos_files(xend_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-2.5.2/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.2/policy/support/obj_perm_sets.spt 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/policy/support/obj_perm_sets.spt 2007-02-12 11:24:49.000000000 -0500
@@ -215,7 +215,7 @@
define(`getattr_file_perms',`{ getattr }')
define(`setattr_file_perms',`{ setattr }')
@@ -10215,7 +10226,7 @@
define(`write_file_perms',`{ getattr write append lock ioctl }')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.5.2/Rules.modular
--- nsaserefpolicy/Rules.modular 2006-11-16 17:15:29.000000000 -0500
-+++ serefpolicy-2.5.2/Rules.modular 2007-01-25 09:00:58.000000000 -0500
++++ serefpolicy-2.5.2/Rules.modular 2007-02-12 11:24:49.000000000 -0500
@@ -219,6 +219,16 @@
########################################
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.392
retrieving revision 1.393
diff -u -r1.392 -r1.393
--- selinux-policy.spec 12 Feb 2007 16:18:31 -0000 1.392
+++ selinux-policy.spec 12 Feb 2007 16:27:42 -0000 1.393
@@ -16,8 +16,8 @@
%define CHECKPOLICYVER 1.30.11-1
Summary: SELinux policy configuration
Name: selinux-policy
-Version: 2.5.2
-Release: 7%{?dist}
+Version: 2.5.3
+Release: 1%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -165,7 +165,7 @@
%description
SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision 2178.
+Based off of reference policy: Checked out revision 2180.
%prep
%setup -q -n serefpolicy-%{version}
@@ -356,7 +356,7 @@
%endif
%changelog
-* Sun Feb 11 2007 Dan Walsh <dwalsh at redhat.com> 2.5.2-7
+* Sun Feb 11 2007 Dan Walsh <dwalsh at redhat.com> 2.5.3-7
-
* Mon Feb 5 2007 Dan Walsh <dwalsh at redhat.com> 2.5.2-6
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/sources,v
retrieving revision 1.105
retrieving revision 1.106
diff -u -r1.105 -r1.106
--- sources 25 Jan 2007 19:07:00 -0000 1.105
+++ sources 12 Feb 2007 16:27:42 -0000 1.106
@@ -1 +1 @@
-feb68b3e3bbddea9f941385d5347dc42 serefpolicy-2.5.2.tgz
+48cd04544a015cab7204e526f0293649 serefpolicy-2.5.3.tgz
More information about the fedora-cvs-commits
mailing list