rpms/selinux-policy/devel policy-20070219.patch, 1.29, 1.30 selinux-policy.spec, 1.416, 1.417
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Mar 21 03:39:09 UTC 2007
Author: dwalsh
Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv24586
Modified Files:
policy-20070219.patch selinux-policy.spec
Log Message:
* Tue Mar 20 2007 Dan Walsh <dwalsh at redhat.com> 2.5.9-4
- Fixes for logwatch
policy-20070219.patch:
Rules.modular | 12 +
man/man8/ftpd_selinux.8 | 6
man/man8/httpd_selinux.8 | 17 --
man/man8/kerberos_selinux.8 | 9 -
man/man8/named_selinux.8 | 8
man/man8/nfs_selinux.8 | 2
man/man8/rsync_selinux.8 | 8
man/man8/samba_selinux.8 | 12 -
man/man8/ypbind_selinux.8 | 2
policy/flask/access_vectors | 4
policy/global_booleans | 2
policy/global_tunables | 92 ++++++++++-
policy/mls | 31 ++-
policy/modules/admin/acct.te | 1
policy/modules/admin/amtu.fc | 3
policy/modules/admin/amtu.if | 53 ++++++
policy/modules/admin/amtu.te | 56 ++++++
policy/modules/admin/consoletype.te | 8
policy/modules/admin/dmesg.te | 1
policy/modules/admin/firstboot.if | 18 ++
policy/modules/admin/kudzu.te | 1
policy/modules/admin/logwatch.te | 2
policy/modules/admin/netutils.te | 3
policy/modules/admin/rpm.fc | 3
policy/modules/admin/rpm.if | 65 +++++++
policy/modules/admin/rpm.te | 2
policy/modules/admin/su.if | 6
policy/modules/admin/sudo.te | 5
policy/modules/admin/usermanage.te | 40 +++-
policy/modules/apps/games.fc | 1
policy/modules/apps/gnome.if | 26 +++
policy/modules/apps/gpg.fc | 2
policy/modules/apps/loadkeys.if | 44 +----
policy/modules/apps/mozilla.if | 1
policy/modules/kernel/corecommands.fc | 2
policy/modules/kernel/corecommands.if | 59 ++++---
policy/modules/kernel/corenetwork.if.in | 54 ++++++
policy/modules/kernel/corenetwork.te.in | 13 +
policy/modules/kernel/devices.if | 36 ++++
policy/modules/kernel/domain.if | 18 ++
policy/modules/kernel/domain.te | 23 ++
policy/modules/kernel/files.if | 81 ++++++++-
policy/modules/kernel/filesystem.if | 39 ++++
policy/modules/kernel/filesystem.te | 5
policy/modules/kernel/kernel.if | 23 ++
policy/modules/kernel/kernel.te | 2
policy/modules/kernel/mls.if | 20 ++
policy/modules/kernel/mls.te | 3
policy/modules/kernel/selinux.if | 38 ++++
policy/modules/kernel/storage.fc | 3
policy/modules/kernel/storage.if | 2
policy/modules/kernel/terminal.if | 2
policy/modules/kernel/terminal.te | 1
policy/modules/services/apache.fc | 23 ++
policy/modules/services/apache.if | 159 +++++++++++++++++++
policy/modules/services/apache.te | 53 +++++-
policy/modules/services/automount.te | 2
policy/modules/services/ccs.te | 12 +
policy/modules/services/consolekit.fc | 1
policy/modules/services/consolekit.te | 24 ++
policy/modules/services/cpucontrol.te | 1
policy/modules/services/cron.fc | 1
policy/modules/services/cron.if | 33 +--
policy/modules/services/cron.te | 43 ++++-
policy/modules/services/cvs.te | 1
policy/modules/services/cyrus.te | 5
policy/modules/services/dbus.if | 57 ++++++
policy/modules/services/dhcp.te | 2
policy/modules/services/djbdns.te | 5
policy/modules/services/dovecot.te | 5
policy/modules/services/fail2ban.fc | 4
policy/modules/services/fail2ban.if | 87 ++++++++++
policy/modules/services/fail2ban.te | 74 ++++++++
policy/modules/services/ftp.te | 5
policy/modules/services/hal.fc | 6
policy/modules/services/hal.te | 98 +++++++++++
policy/modules/services/inetd.if | 29 ---
policy/modules/services/inetd.te | 5
policy/modules/services/kerberos.if | 21 ++
policy/modules/services/kerberos.te | 2
policy/modules/services/mta.te | 2
policy/modules/services/networkmanager.te | 2
policy/modules/services/nis.if | 5
policy/modules/services/ntp.te | 1
policy/modules/services/pegasus.if | 18 ++
policy/modules/services/pegasus.te | 5
policy/modules/services/postfix.te | 2
policy/modules/services/ppp.te | 17 --
policy/modules/services/procmail.te | 1
policy/modules/services/pyzor.te | 3
policy/modules/services/radius.te | 6
policy/modules/services/ricci.te | 5
policy/modules/services/rpc.if | 5
policy/modules/services/rpc.te | 3
policy/modules/services/rsync.te | 1
policy/modules/services/samba.if | 44 +++++
policy/modules/services/samba.te | 24 ++
policy/modules/services/sasl.te | 12 +
policy/modules/services/smartmon.te | 1
policy/modules/services/spamassassin.te | 5
policy/modules/services/squid.fc | 2
policy/modules/services/squid.if | 22 ++
policy/modules/services/squid.te | 12 +
policy/modules/services/ssh.if | 39 ++++
policy/modules/services/ssh.te | 5
policy/modules/services/zabbix.fc | 4
policy/modules/services/zabbix.if | 87 ++++++++++
policy/modules/services/zabbix.te | 64 +++++++
policy/modules/system/application.fc | 1
policy/modules/system/application.if | 106 ++++++++++++
policy/modules/system/application.te | 14 +
policy/modules/system/authlogin.if | 84 ++++++++--
policy/modules/system/authlogin.te | 3
policy/modules/system/fstools.fc | 1
policy/modules/system/fstools.te | 1
policy/modules/system/fusermount.fc | 6
policy/modules/system/fusermount.if | 41 ++++
policy/modules/system/fusermount.te | 44 +++++
policy/modules/system/getty.te | 3
policy/modules/system/hostname.te | 14 +
policy/modules/system/init.if | 22 --
policy/modules/system/init.te | 26 ++-
policy/modules/system/ipsec.if | 100 ++++++++++++
policy/modules/system/ipsec.te | 9 -
policy/modules/system/iptables.te | 9 -
policy/modules/system/libraries.fc | 6
policy/modules/system/libraries.te | 20 ++
policy/modules/system/locallogin.te | 10 +
policy/modules/system/logging.if | 21 ++
policy/modules/system/logging.te | 4
policy/modules/system/lvm.te | 10 +
policy/modules/system/modutils.te | 7
policy/modules/system/mount.fc | 3
policy/modules/system/mount.if | 37 ++++
policy/modules/system/mount.te | 51 +++++-
policy/modules/system/netlabel.te | 3
policy/modules/system/selinuxutil.fc | 1
policy/modules/system/selinuxutil.if | 7
policy/modules/system/selinuxutil.te | 68 +++-----
policy/modules/system/udev.te | 6
policy/modules/system/unconfined.fc | 1
policy/modules/system/unconfined.te | 15 +
policy/modules/system/userdomain.if | 248 ++++++++++++++++--------------
policy/modules/system/userdomain.te | 40 +++-
policy/modules/system/xen.te | 26 +++
policy/support/obj_perm_sets.spt | 2
146 files changed, 2711 insertions(+), 484 deletions(-)
Index: policy-20070219.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20070219.patch,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- policy-20070219.patch 20 Mar 2007 23:04:49 -0000 1.29
+++ policy-20070219.patch 21 Mar 2007 03:39:06 -0000 1.30
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-2.5.9/man/man8/ftpd_selinux.8
--- nsaserefpolicy/man/man8/ftpd_selinux.8 2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/ftpd_selinux.8 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/man/man8/ftpd_selinux.8 2007-03-20 19:03:51.000000000 -0400
@@ -39,14 +39,10 @@
ftpd can run either as a standalone daemon or as part of the xinetd domain. If you want to run ftpd as a daemon you must set the ftpd_is_daemon boolean.
.TP
@@ -19,7 +19,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-2.5.9/man/man8/httpd_selinux.8
--- nsaserefpolicy/man/man8/httpd_selinux.8 2007-02-19 11:32:55.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/httpd_selinux.8 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/man/man8/httpd_selinux.8 2007-03-20 19:03:51.000000000 -0400
@@ -110,22 +110,7 @@
.EE
@@ -46,7 +46,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/kerberos_selinux.8 serefpolicy-2.5.9/man/man8/kerberos_selinux.8
--- nsaserefpolicy/man/man8/kerberos_selinux.8 2007-02-26 14:42:44.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/kerberos_selinux.8 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/man/man8/kerberos_selinux.8 2007-03-20 19:03:51.000000000 -0400
@@ -18,16 +18,9 @@
You must set the allow_kerberos boolean to allow your system to work properly in a Kerberos environment.
.EX
@@ -67,7 +67,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/named_selinux.8 serefpolicy-2.5.9/man/man8/named_selinux.8
--- nsaserefpolicy/man/man8/named_selinux.8 2007-02-19 11:32:55.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/named_selinux.8 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/man/man8/named_selinux.8 2007-03-20 19:03:51.000000000 -0400
@@ -20,13 +20,7 @@
setsebool -P named_write_master_zones 1
.EE
@@ -85,7 +85,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/nfs_selinux.8 serefpolicy-2.5.9/man/man8/nfs_selinux.8
--- nsaserefpolicy/man/man8/nfs_selinux.8 2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/nfs_selinux.8 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/man/man8/nfs_selinux.8 2007-03-20 19:03:51.000000000 -0400
@@ -22,7 +22,7 @@
.TP
setsebool -P use_nfs_home_dirs 1
@@ -97,7 +97,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/rsync_selinux.8 serefpolicy-2.5.9/man/man8/rsync_selinux.8
--- nsaserefpolicy/man/man8/rsync_selinux.8 2007-02-19 11:32:55.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/rsync_selinux.8 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/man/man8/rsync_selinux.8 2007-03-20 19:03:51.000000000 -0400
@@ -36,13 +36,7 @@
.SH BOOLEANS
@@ -115,7 +115,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/samba_selinux.8 serefpolicy-2.5.9/man/man8/samba_selinux.8
--- nsaserefpolicy/man/man8/samba_selinux.8 2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/samba_selinux.8 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/man/man8/samba_selinux.8 2007-03-20 19:03:51.000000000 -0400
@@ -41,17 +41,7 @@
setsebool -P use_samba_home_dirs 1
@@ -137,7 +137,7 @@
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ypbind_selinux.8 serefpolicy-2.5.9/man/man8/ypbind_selinux.8
--- nsaserefpolicy/man/man8/ypbind_selinux.8 2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/ypbind_selinux.8 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/man/man8/ypbind_selinux.8 2007-03-20 19:03:51.000000000 -0400
@@ -11,7 +11,7 @@
.TP
setsebool -P allow_ypbind 1
@@ -149,7 +149,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.5.9/policy/flask/access_vectors
--- nsaserefpolicy/policy/flask/access_vectors 2007-02-26 09:43:33.000000000 -0500
-+++ serefpolicy-2.5.9/policy/flask/access_vectors 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/flask/access_vectors 2007-03-20 19:03:51.000000000 -0400
@@ -598,6 +598,8 @@
shmempwd
shmemgrp
@@ -170,7 +170,7 @@
class key
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans serefpolicy-2.5.9/policy/global_booleans
--- nsaserefpolicy/policy/global_booleans 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.5.9/policy/global_booleans 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/global_booleans 2007-03-20 19:03:51.000000000 -0400
@@ -4,7 +4,6 @@
# file should be used.
#
@@ -189,7 +189,7 @@
## <p>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.5.9/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2007-02-19 11:32:54.000000000 -0500
-+++ serefpolicy-2.5.9/policy/global_tunables 2007-03-20 16:11:08.000000000 -0400
++++ serefpolicy-2.5.9/policy/global_tunables 2007-03-20 19:03:51.000000000 -0400
@@ -278,6 +278,20 @@
## <desc>
@@ -337,7 +337,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.5.9/policy/mls
--- nsaserefpolicy/policy/mls 2007-03-09 13:02:20.000000000 -0500
-+++ serefpolicy-2.5.9/policy/mls 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/mls 2007-03-20 19:03:51.000000000 -0400
@@ -89,12 +89,14 @@
mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton }
(( l1 eq l2 ) or
@@ -411,7 +411,7 @@
mlsconstrain association { polmatch }
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.5.9/policy/modules/admin/acct.te
--- nsaserefpolicy/policy/modules/admin/acct.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/acct.te 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/acct.te 2007-03-20 19:03:51.000000000 -0400
@@ -9,6 +9,7 @@
type acct_t;
type acct_exec_t;
@@ -422,14 +422,14 @@
logging_log_file(acct_data_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.fc serefpolicy-2.5.9/policy/modules/admin/amtu.fc
--- nsaserefpolicy/policy/modules/admin/amtu.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/amtu.fc 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/amtu.fc 2007-03-20 19:03:51.000000000 -0400
@@ -0,0 +1,3 @@
+
+/usr/bin/amtu -- gen_context(system_u:object_r:amtu_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.if serefpolicy-2.5.9/policy/modules/admin/amtu.if
--- nsaserefpolicy/policy/modules/admin/amtu.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/amtu.if 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/amtu.if 2007-03-20 19:03:51.000000000 -0400
@@ -0,0 +1,53 @@
+## <summary>
+## abstract Machine Test Utility
@@ -486,7 +486,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.te serefpolicy-2.5.9/policy/modules/admin/amtu.te
--- nsaserefpolicy/policy/modules/admin/amtu.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/amtu.te 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/amtu.te 2007-03-20 19:03:51.000000000 -0400
@@ -0,0 +1,56 @@
+policy_module(amtu,1.0.23)
+
@@ -546,7 +546,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.5.9/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2007-02-19 11:32:54.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/consoletype.te 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/consoletype.te 2007-03-20 19:03:51.000000000 -0400
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -571,7 +571,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.5.9/policy/modules/admin/dmesg.te
--- nsaserefpolicy/policy/modules/admin/dmesg.te 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/dmesg.te 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/dmesg.te 2007-03-20 19:03:51.000000000 -0400
@@ -10,6 +10,7 @@
type dmesg_t;
type dmesg_exec_t;
@@ -582,7 +582,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.if serefpolicy-2.5.9/policy/modules/admin/firstboot.if
--- nsaserefpolicy/policy/modules/admin/firstboot.if 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/firstboot.if 2007-03-20 10:47:25.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/firstboot.if 2007-03-20 19:03:51.000000000 -0400
@@ -124,3 +124,21 @@
allow $1 firstboot_t:fifo_file { read write };
@@ -607,7 +607,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.5.9/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/kudzu.te 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/kudzu.te 2007-03-20 19:03:51.000000000 -0400
@@ -103,6 +103,7 @@
init_use_fds(kudzu_t)
init_use_script_ptys(kudzu_t)
@@ -616,9 +616,28 @@
libs_use_ld_so(kudzu_t)
libs_use_shared_libs(kudzu_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.5.9/policy/modules/admin/logwatch.te
+--- nsaserefpolicy/policy/modules/admin/logwatch.te 2007-02-19 11:32:54.000000000 -0500
++++ serefpolicy-2.5.9/policy/modules/admin/logwatch.te 2007-03-20 23:22:00.000000000 -0400
+@@ -30,6 +30,7 @@
+ allow logwatch_t self:process signal;
+ allow logwatch_t self:fifo_file rw_file_perms;
+ allow logwatch_t self:unix_stream_socket create_stream_socket_perms;
++allow logwatch_t self:netlink_route_socket r_netlink_socket_perms;
+
+ manage_dirs_pattern(logwatch_t,logwatch_cache_t,logwatch_cache_t)
+ manage_files_pattern(logwatch_t,logwatch_cache_t,logwatch_cache_t)
+@@ -80,6 +81,7 @@
+ libs_read_lib_files(logwatch_t)
+
+ logging_read_all_logs(logwatch_t)
++logging_send_syslog_msg(logwatch_t)
+
+ miscfiles_read_localization(logwatch_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.5.9/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/netutils.te 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/netutils.te 2007-03-20 19:03:51.000000000 -0400
@@ -22,6 +22,7 @@
type traceroute_t;
type traceroute_exec_t;
@@ -638,7 +657,7 @@
corenet_non_ipsec_sendrecv(netutils_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.5.9/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/rpm.fc 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/rpm.fc 2007-03-20 19:03:51.000000000 -0400
@@ -21,6 +21,9 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -651,7 +670,7 @@
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.5.9/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/rpm.if 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/rpm.if 2007-03-20 19:03:51.000000000 -0400
@@ -270,3 +270,68 @@
dontaudit $1 rpm_var_lib_t:file manage_file_perms;
dontaudit $1 rpm_var_lib_t:lnk_file manage_lnk_file_perms;
@@ -723,7 +742,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.5.9/policy/modules/admin/rpm.te
--- nsaserefpolicy/policy/modules/admin/rpm.te 2007-02-19 11:32:54.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/rpm.te 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/rpm.te 2007-03-20 19:03:51.000000000 -0400
@@ -9,6 +9,8 @@
type rpm_t;
type rpm_exec_t;
@@ -735,7 +754,7 @@
domain_system_change_exemption(rpm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.te serefpolicy-2.5.9/policy/modules/admin/sudo.te
--- nsaserefpolicy/policy/modules/admin/sudo.te 2007-03-20 09:23:14.000000000 -0400
-+++ serefpolicy-2.5.9/policy/modules/admin/sudo.te 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/sudo.te 2007-03-20 19:03:51.000000000 -0400
@@ -1,11 +1,12 @@
-policy_module(sudo,1.0.2)
@@ -753,7 +772,7 @@
# Remaining policy in per user domain template.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.5.9/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if 2007-02-19 11:32:54.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/su.if 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/su.if 2007-03-20 19:03:51.000000000 -0400
@@ -71,7 +71,7 @@
files_search_var_lib($1_su_t)
files_dontaudit_getattr_tmp_dirs($1_su_t)
@@ -783,7 +802,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.5.9/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2007-03-08 10:48:54.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/usermanage.te 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/usermanage.te 2007-03-20 19:03:51.000000000 -0400
@@ -6,9 +6,6 @@
# Declarations
#
@@ -885,7 +904,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.fc serefpolicy-2.5.9/policy/modules/apps/games.fc
--- nsaserefpolicy/policy/modules/apps/games.fc 2007-02-28 10:12:23.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/apps/games.fc 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/apps/games.fc 2007-03-20 19:03:51.000000000 -0400
@@ -4,6 +4,7 @@
/usr/games/powermanga -- gen_context(system_u:object_r:games_exec_t,s0)
/usr/games/nethack-3.4.3/nethack -- gen_context(system_u:object_r:games_exec_t,s0)
@@ -896,7 +915,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-2.5.9/policy/modules/apps/gnome.if
--- nsaserefpolicy/policy/modules/apps/gnome.if 2007-02-19 11:32:52.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/apps/gnome.if 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/apps/gnome.if 2007-03-20 19:03:51.000000000 -0400
@@ -35,6 +35,7 @@
template(`gnome_per_role_template',`
gen_require(`
@@ -952,7 +971,7 @@
## This is a templated interface, and should only
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-2.5.9/policy/modules/apps/gpg.fc
--- nsaserefpolicy/policy/modules/apps/gpg.fc 2006-11-16 17:15:07.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/apps/gpg.fc 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/apps/gpg.fc 2007-03-20 19:03:51.000000000 -0400
@@ -7,6 +7,4 @@
/usr/lib/gnupg/.* -- gen_context(system_u:object_r:gpg_exec_t,s0)
/usr/lib/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
@@ -962,7 +981,7 @@
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.if serefpolicy-2.5.9/policy/modules/apps/loadkeys.if
--- nsaserefpolicy/policy/modules/apps/loadkeys.if 2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/apps/loadkeys.if 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/apps/loadkeys.if 2007-03-20 19:03:51.000000000 -0400
@@ -11,16 +11,12 @@
## </param>
#
@@ -1031,7 +1050,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-2.5.9/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2007-02-19 11:32:52.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/apps/mozilla.if 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/apps/mozilla.if 2007-03-20 19:03:51.000000000 -0400
@@ -147,6 +147,7 @@
corenet_dontaudit_tcp_bind_generic_port($1_mozilla_t)
@@ -1042,7 +1061,7 @@
dev_dontaudit_rw_dri($1_mozilla_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.5.9/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-03-01 10:01:48.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/corecommands.fc 2007-03-20 10:34:50.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/corecommands.fc 2007-03-20 19:03:51.000000000 -0400
@@ -190,6 +190,7 @@
ifdef(`distro_redhat', `
/usr/lib/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -1061,7 +1080,7 @@
/usr/share/system-config-keyboard/system-config-keyboard -- gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.5.9/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2007-03-20 09:23:13.000000000 -0400
-+++ serefpolicy-2.5.9/policy/modules/kernel/corecommands.if 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/corecommands.if 2007-03-20 19:03:51.000000000 -0400
@@ -913,27 +913,6 @@
########################################
@@ -1134,7 +1153,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-2.5.9/policy/modules/kernel/corenetwork.if.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in 2007-02-19 11:32:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/corenetwork.if.in 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/corenetwork.if.in 2007-03-20 19:03:51.000000000 -0400
@@ -1977,3 +1977,57 @@
typeattribute $1 corenet_unconfined_type;
@@ -1195,7 +1214,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.5.9/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-02-19 11:32:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/corenetwork.te.in 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/corenetwork.te.in 2007-03-20 19:03:51.000000000 -0400
@@ -48,6 +48,11 @@
type reserved_port_t, port_type, reserved_port_type;
@@ -1246,7 +1265,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.5.9/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/devices.if 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/devices.if 2007-03-20 19:03:51.000000000 -0400
@@ -2449,6 +2449,24 @@
########################################
@@ -1299,7 +1318,7 @@
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-2.5.9/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2007-02-19 11:32:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/domain.if 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/domain.if 2007-03-20 19:03:51.000000000 -0400
@@ -1254,3 +1254,21 @@
typeattribute $1 can_change_object_identity;
typeattribute $1 set_curr_context;
@@ -1324,7 +1343,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.5.9/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2007-02-19 11:32:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/domain.te 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/domain.te 2007-03-20 19:03:51.000000000 -0400
@@ -144,3 +144,26 @@
# act on all domains keys
@@ -1354,7 +1373,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.5.9/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-02-26 14:17:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/files.if 2007-03-20 16:19:14.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/files.if 2007-03-20 19:03:51.000000000 -0400
@@ -343,8 +343,7 @@
########################################
@@ -1524,7 +1543,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.5.9/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2007-02-19 11:32:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/filesystem.if 2007-03-20 16:07:29.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/filesystem.if 2007-03-20 19:03:51.000000000 -0400
@@ -1110,11 +1110,31 @@
type dosfs_t;
')
@@ -1582,7 +1601,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.5.9/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-02-19 11:32:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/filesystem.te 2007-03-20 16:07:43.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/filesystem.te 2007-03-20 19:03:51.000000000 -0400
@@ -65,6 +65,11 @@
# change to task SID 20060628
#genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0)
@@ -1597,7 +1616,7 @@
genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.5.9/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-02-19 11:32:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/kernel.if 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/kernel.if 2007-03-20 19:03:51.000000000 -0400
@@ -1830,6 +1830,26 @@
########################################
@@ -1637,7 +1656,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.5.9/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2007-03-20 09:23:13.000000000 -0400
-+++ serefpolicy-2.5.9/policy/modules/kernel/kernel.te 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/kernel.te 2007-03-20 19:03:51.000000000 -0400
@@ -146,6 +146,8 @@
type unlabeled_t;
sid unlabeled gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
@@ -1649,7 +1668,7 @@
sid file_labels gen_context(system_u:object_r:unlabeled_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if serefpolicy-2.5.9/policy/modules/kernel/mls.if
--- nsaserefpolicy/policy/modules/kernel/mls.if 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/mls.if 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/mls.if 2007-03-20 19:03:51.000000000 -0400
@@ -154,6 +154,26 @@
########################################
## <summary>
@@ -1679,7 +1698,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.5.9/policy/modules/kernel/mls.te
--- nsaserefpolicy/policy/modules/kernel/mls.te 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/mls.te 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/mls.te 2007-03-20 19:03:51.000000000 -0400
@@ -18,6 +18,7 @@
attribute mlsnetreadtoclr;
attribute mlsnetwrite;
@@ -1699,7 +1718,7 @@
attribute privrangetrans;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-2.5.9/policy/modules/kernel/selinux.if
--- nsaserefpolicy/policy/modules/kernel/selinux.if 2007-02-27 14:37:10.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/selinux.if 2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/selinux.if 2007-03-20 19:03:51.000000000 -0400
@@ -51,6 +51,44 @@
########################################
@@ -1747,7 +1766,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-2.5.9/policy/modules/kernel/storage.fc
--- nsaserefpolicy/policy/modules/kernel/storage.fc 2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/storage.fc 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/storage.fc 2007-03-20 19:03:51.000000000 -0400
@@ -42,7 +42,8 @@
/dev/sjcd -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/sonycd -b gen_context(system_u:object_r:removable_device_t,s0)
@@ -1760,7 +1779,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-2.5.9/policy/modules/kernel/storage.if
--- nsaserefpolicy/policy/modules/kernel/storage.if 2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/storage.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/storage.if 2007-03-20 19:03:51.000000000 -0400
@@ -100,6 +100,7 @@
dev_list_all_dev_nodes($1)
@@ -1779,7 +1798,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.5.9/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2007-02-20 16:35:52.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/terminal.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/terminal.if 2007-03-20 19:03:51.000000000 -0400
@@ -1052,7 +1052,7 @@
')
@@ -1791,7 +1810,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.te serefpolicy-2.5.9/policy/modules/kernel/terminal.te
--- nsaserefpolicy/policy/modules/kernel/terminal.te 2007-02-20 16:35:52.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/terminal.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/terminal.te 2007-03-20 19:03:51.000000000 -0400
@@ -28,6 +28,7 @@
type devpts_t;
files_mountpoint(devpts_t)
@@ -1802,7 +1821,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.5.9/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2007-02-23 16:50:01.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/apache.fc 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/apache.fc 2007-03-20 19:03:51.000000000 -0400
@@ -1,10 +1,5 @@
# temporary hack till genhomedircon is fixed
-ifdef(`targeted_policy',`
@@ -1850,7 +1869,7 @@
+/var/lib/bugzilla(/.*)? gen_context(system_u:object_r:httpd_bugzilla_script_rw_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.5.9/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/apache.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/apache.if 2007-03-20 19:03:51.000000000 -0400
@@ -268,6 +268,9 @@
')
@@ -2037,7 +2056,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.5.9/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2007-02-23 16:50:01.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/apache.te 2007-03-20 15:07:42.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/apache.te 2007-03-20 19:03:51.000000000 -0400
@@ -171,6 +171,7 @@
allow httpd_t httpd_modules_t:dir list_dir_perms;
mmap_files_pattern(httpd_t,httpd_modules_t,httpd_modules_t)
@@ -2156,7 +2175,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.5.9/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/automount.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/automount.te 2007-03-20 19:03:51.000000000 -0400
@@ -69,6 +69,7 @@
files_mounton_all_mountpoints(automount_t)
files_mount_all_file_type_fs(automount_t)
@@ -2175,7 +2194,7 @@
domain_use_interactive_fds(automount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.5.9/policy/modules/services/ccs.te
--- nsaserefpolicy/policy/modules/services/ccs.te 2007-03-06 12:47:39.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/ccs.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/ccs.te 2007-03-20 19:03:51.000000000 -0400
@@ -10,10 +10,14 @@
type ccs_exec_t;
init_daemon_domain(ccs_t, ccs_exec_t)
@@ -2207,13 +2226,13 @@
manage_sock_files_pattern(ccs_t,ccs_var_log_t,ccs_var_log_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-2.5.9/policy/modules/services/consolekit.fc
--- nsaserefpolicy/policy/modules/services/consolekit.fc 2007-03-20 09:23:13.000000000 -0400
-+++ serefpolicy-2.5.9/policy/modules/services/consolekit.fc 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/consolekit.fc 2007-03-20 19:03:51.000000000 -0400
@@ -1 +1,2 @@
/usr/sbin/console-kit-daemon -- gen_context(system_u:object_r:consolekit_exec_t,s0)
+/var/run/consolekit.pid -- gen_context(system_u:object_r:consolekit_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-2.5.9/policy/modules/services/consolekit.te
--- nsaserefpolicy/policy/modules/services/consolekit.te 2007-03-20 09:23:13.000000000 -0400
-+++ serefpolicy-2.5.9/policy/modules/services/consolekit.te 2007-03-20 16:20:01.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/consolekit.te 2007-03-20 19:03:51.000000000 -0400
@@ -10,13 +10,16 @@
type consolekit_exec_t;
init_daemon_domain(consolekit_t, consolekit_exec_t)
@@ -2270,7 +2289,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cpucontrol.te serefpolicy-2.5.9/policy/modules/services/cpucontrol.te
--- nsaserefpolicy/policy/modules/services/cpucontrol.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/cpucontrol.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/cpucontrol.te 2007-03-20 19:03:51.000000000 -0400
@@ -91,6 +91,7 @@
kernel_read_system_state(cpuspeed_t)
kernel_read_kernel_sysctls(cpuspeed_t)
@@ -2281,7 +2300,7 @@
domain_use_interactive_fds(cpuspeed_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-2.5.9/policy/modules/services/cron.fc
--- nsaserefpolicy/policy/modules/services/cron.fc 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/cron.fc 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/cron.fc 2007-03-20 19:03:51.000000000 -0400
@@ -45,3 +45,4 @@
/var/spool/fcron/systab\.orig -- gen_context(system_u:object_r:system_cron_spool_t,s0)
/var/spool/fcron/systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
@@ -2289,7 +2308,7 @@
+/var/lib/misc(/.*)? gen_context(system_u:object_r:crond_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.5.9/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/cron.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/cron.if 2007-03-20 19:03:51.000000000 -0400
@@ -35,6 +35,7 @@
#
template(`cron_per_role_template',`
@@ -2400,7 +2419,7 @@
# fcron wants an instant update of a crontab change for the administrator
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.5.9/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/cron.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/cron.te 2007-03-20 19:03:51.000000000 -0400
@@ -25,6 +25,9 @@
type cron_log_t;
logging_log_file(cron_log_t)
@@ -2516,7 +2535,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.5.9/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/cvs.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/cvs.te 2007-03-20 19:03:51.000000000 -0400
@@ -9,6 +9,7 @@
type cvs_t;
type cvs_exec_t;
@@ -2527,7 +2546,7 @@
type cvs_data_t; # customizable
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-2.5.9/policy/modules/services/cyrus.te
--- nsaserefpolicy/policy/modules/services/cyrus.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/cyrus.te 2007-03-20 11:37:37.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/cyrus.te 2007-03-20 19:03:51.000000000 -0400
@@ -116,6 +116,7 @@
userdom_use_sysadm_ptys(cyrus_t)
@@ -2549,7 +2568,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.5.9/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/dbus.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/dbus.if 2007-03-20 19:03:51.000000000 -0400
@@ -70,6 +70,7 @@
#
@@ -2634,7 +2653,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-2.5.9/policy/modules/services/dhcp.te
--- nsaserefpolicy/policy/modules/services/dhcp.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/dhcp.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/dhcp.te 2007-03-20 19:03:51.000000000 -0400
@@ -125,6 +125,8 @@
dbus_system_bus_client_template(dhcpd,dhcpd_t)
dbus_connect_system_bus(dhcpd_t)
@@ -2646,7 +2665,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbdns.te serefpolicy-2.5.9/policy/modules/services/djbdns.te
--- nsaserefpolicy/policy/modules/services/djbdns.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/djbdns.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/djbdns.te 2007-03-20 19:03:51.000000000 -0400
@@ -44,4 +44,7 @@
libs_use_ld_so(djbdns_axfrdns_t)
libs_use_shared_libs(djbdns_axfrdns_t)
@@ -2658,7 +2677,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.5.9/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/dovecot.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/dovecot.te 2007-03-20 19:03:51.000000000 -0400
@@ -89,6 +89,7 @@
term_dontaudit_use_console(dovecot_t)
@@ -2680,7 +2699,7 @@
# dovecot auth local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.fc serefpolicy-2.5.9/policy/modules/services/fail2ban.fc
--- nsaserefpolicy/policy/modules/services/fail2ban.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/fail2ban.fc 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/fail2ban.fc 2007-03-20 19:03:51.000000000 -0400
@@ -0,0 +1,4 @@
+
+/usr/bin/fail2ban -- gen_context(system_u:object_r:fail2ban_exec_t,s0)
@@ -2688,7 +2707,7 @@
+/var/run/fail2ban.pid -- gen_context(system_u:object_r:fail2ban_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-2.5.9/policy/modules/services/fail2ban.if
--- nsaserefpolicy/policy/modules/services/fail2ban.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/fail2ban.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/fail2ban.if 2007-03-20 19:03:51.000000000 -0400
@@ -0,0 +1,87 @@
+
+## <summary>policy for fail2ban</summary>
@@ -2779,7 +2798,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-2.5.9/policy/modules/services/fail2ban.te
--- nsaserefpolicy/policy/modules/services/fail2ban.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/fail2ban.te 2007-03-20 16:41:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/fail2ban.te 2007-03-20 19:03:51.000000000 -0400
@@ -0,0 +1,74 @@
+policy_module(fail2ban,1.0.0)
+
@@ -2857,7 +2876,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.5.9/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2007-02-28 14:03:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/ftp.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/ftp.te 2007-03-20 19:03:51.000000000 -0400
@@ -190,10 +190,15 @@
userdom_manage_all_users_home_content_dirs(ftpd_t)
userdom_manage_all_users_home_content_files(ftpd_t)
@@ -2876,7 +2895,7 @@
tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-2.5.9/policy/modules/services/hal.fc
--- nsaserefpolicy/policy/modules/services/hal.fc 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/hal.fc 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/hal.fc 2007-03-20 19:03:51.000000000 -0400
@@ -8,4 +8,10 @@
/var/lib/hal(/.*)? gen_context(system_u:object_r:hald_var_lib_t,s0)
@@ -2890,7 +2909,7 @@
+/usr/libexec/hald-addon-macbookpro-backlight -- gen_context(system_u:object_r:hald_mac_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.5.9/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/hal.te 2007-03-20 10:53:08.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/hal.te 2007-03-20 19:03:51.000000000 -0400
@@ -16,9 +16,24 @@
type hald_var_run_t;
files_pid_file(hald_var_run_t)
@@ -3053,7 +3072,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.if serefpolicy-2.5.9/policy/modules/services/inetd.if
--- nsaserefpolicy/policy/modules/services/inetd.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/inetd.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/inetd.if 2007-03-20 19:03:51.000000000 -0400
@@ -35,32 +35,9 @@
role system_r types $1;
@@ -3092,7 +3111,7 @@
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.te serefpolicy-2.5.9/policy/modules/services/inetd.te
--- nsaserefpolicy/policy/modules/services/inetd.te 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/inetd.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/inetd.te 2007-03-20 19:03:51.000000000 -0400
@@ -140,8 +140,8 @@
mls_fd_use_all_levels(inetd_t)
mls_fd_share_all_levels(inetd_t)
@@ -3115,7 +3134,7 @@
manage_dirs_pattern(inetd_child_t,inetd_child_tmp_t,inetd_child_tmp_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-2.5.9/policy/modules/services/kerberos.if
--- nsaserefpolicy/policy/modules/services/kerberos.if 2007-02-26 14:17:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/kerberos.if 2007-03-20 11:06:02.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/kerberos.if 2007-03-20 19:03:51.000000000 -0400
@@ -94,6 +94,27 @@
########################################
@@ -3146,7 +3165,7 @@
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-2.5.9/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2007-02-26 14:17:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/kerberos.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/kerberos.te 2007-03-20 19:03:51.000000000 -0400
@@ -68,7 +68,7 @@
dontaudit kadmind_t krb5_conf_t:file write;
@@ -3158,7 +3177,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.5.9/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/mta.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/mta.te 2007-03-20 19:03:51.000000000 -0400
@@ -27,6 +27,7 @@
type sendmail_exec_t;
@@ -3177,7 +3196,7 @@
apache_dontaudit_append_log(system_mail_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.5.9/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2007-03-01 10:01:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/networkmanager.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/networkmanager.te 2007-03-20 19:03:51.000000000 -0400
@@ -22,7 +22,7 @@
# and it receives a unexpected signal (rh bug #204161)
allow NetworkManager_t self:capability { kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service ipc_lock };
@@ -3189,7 +3208,7 @@
allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-2.5.9/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/nis.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/nis.if 2007-03-20 19:03:51.000000000 -0400
@@ -48,8 +48,8 @@
corenet_udp_bind_all_nodes($1)
corenet_tcp_bind_generic_port($1)
@@ -3208,7 +3227,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.5.9/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/ntp.te 2007-03-20 10:47:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/ntp.te 2007-03-20 19:03:51.000000000 -0400
@@ -135,6 +135,7 @@
optional_policy(`
@@ -3219,7 +3238,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.5.9/policy/modules/services/pegasus.if
--- nsaserefpolicy/policy/modules/services/pegasus.if 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/pegasus.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/pegasus.if 2007-03-20 19:03:51.000000000 -0400
@@ -1 +1,19 @@
## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
+
@@ -3242,7 +3261,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.5.9/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/pegasus.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/pegasus.te 2007-03-20 19:03:51.000000000 -0400
@@ -99,13 +99,12 @@
auth_use_nsswitch(pegasus_t)
@@ -3261,7 +3280,7 @@
hostname_exec(pegasus_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.5.9/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2007-03-01 16:15:29.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/postfix.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/postfix.te 2007-03-20 19:03:51.000000000 -0400
@@ -173,6 +173,8 @@
mta_rw_aliases(postfix_master_t)
mta_read_sendmail_bin(postfix_master_t)
@@ -3273,7 +3292,7 @@
term_dontaudit_use_generic_ptys(postfix_master_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-2.5.9/policy/modules/services/ppp.te
--- nsaserefpolicy/policy/modules/services/ppp.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/ppp.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/ppp.te 2007-03-20 19:03:51.000000000 -0400
@@ -177,19 +177,10 @@
term_dontaudit_use_generic_ptys(pppd_t)
files_dontaudit_read_root_files(pppd_t)
@@ -3300,7 +3319,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.5.9/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2007-03-08 08:26:59.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/procmail.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/procmail.te 2007-03-20 19:03:51.000000000 -0400
@@ -10,6 +10,7 @@
type procmail_exec_t;
domain_type(procmail_t)
@@ -3311,7 +3330,7 @@
type procmail_tmp_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-2.5.9/policy/modules/services/pyzor.te
--- nsaserefpolicy/policy/modules/services/pyzor.te 2007-03-08 13:52:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/pyzor.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/pyzor.te 2007-03-20 19:03:52.000000000 -0400
@@ -44,6 +44,8 @@
manage_dirs_pattern(pyzor_t,pyzor_tmp_t,pyzor_tmp_t)
files_tmp_filetrans(pyzor_t, pyzor_tmp_t, { file dir })
@@ -3331,7 +3350,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-2.5.9/policy/modules/services/radius.te
--- nsaserefpolicy/policy/modules/services/radius.te 2007-03-20 09:23:13.000000000 -0400
-+++ serefpolicy-2.5.9/policy/modules/services/radius.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/radius.te 2007-03-20 19:03:52.000000000 -0400
@@ -1,5 +1,5 @@
-policy_module(radius,1.2.1)
@@ -3349,7 +3368,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.5.9/policy/modules/services/ricci.te
--- nsaserefpolicy/policy/modules/services/ricci.te 2007-03-06 09:53:20.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/ricci.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/ricci.te 2007-03-20 19:03:52.000000000 -0400
@@ -449,6 +449,7 @@
#
@@ -3371,7 +3390,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-2.5.9/policy/modules/services/rpc.if
--- nsaserefpolicy/policy/modules/services/rpc.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/rpc.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/rpc.if 2007-03-20 19:03:52.000000000 -0400
@@ -89,8 +89,11 @@
# bind to arbitary unused ports
corenet_tcp_bind_generic_port($1_t)
@@ -3387,7 +3406,7 @@
fs_search_auto_mountpoints($1_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.5.9/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2007-03-06 10:32:18.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/rpc.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/rpc.te 2007-03-20 19:03:52.000000000 -0400
@@ -80,9 +80,6 @@
kernel_read_system_state(nfsd_t)
kernel_read_network_state(nfsd_t)
@@ -3400,7 +3419,7 @@
fs_getattr_all_fs(nfsd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-2.5.9/policy/modules/services/rsync.te
--- nsaserefpolicy/policy/modules/services/rsync.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/rsync.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/rsync.te 2007-03-20 19:03:52.000000000 -0400
@@ -9,6 +9,7 @@
type rsync_t;
type rsync_exec_t;
@@ -3411,7 +3430,7 @@
type rsync_data_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-2.5.9/policy/modules/services/samba.if
--- nsaserefpolicy/policy/modules/services/samba.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/samba.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/samba.if 2007-03-20 19:03:52.000000000 -0400
@@ -177,6 +177,27 @@
########################################
@@ -3484,7 +3503,7 @@
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.5.9/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2007-02-23 16:50:01.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/samba.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/samba.te 2007-03-20 19:03:52.000000000 -0400
@@ -278,6 +278,10 @@
userdom_dontaudit_use_unpriv_user_fds(smbd_t)
userdom_use_unpriv_users_fds(smbd_t)
@@ -3537,7 +3556,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-2.5.9/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/sasl.te 2007-03-20 11:30:06.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/sasl.te 2007-03-20 19:03:52.000000000 -0400
@@ -10,6 +10,9 @@
type saslauthd_exec_t;
init_daemon_domain(saslauthd_t,saslauthd_exec_t)
@@ -3577,7 +3596,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-2.5.9/policy/modules/services/smartmon.te
--- nsaserefpolicy/policy/modules/services/smartmon.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/smartmon.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/smartmon.te 2007-03-20 19:03:52.000000000 -0400
@@ -60,6 +60,7 @@
fs_search_auto_mountpoints(fsdaemon_t)
@@ -3588,7 +3607,7 @@
storage_raw_write_fixed_disk(fsdaemon_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.5.9/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2007-03-08 13:52:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/spamassassin.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/spamassassin.te 2007-03-20 19:03:52.000000000 -0400
@@ -8,7 +8,7 @@
# spamassassin client executable
@@ -3617,7 +3636,7 @@
# spamassassin 3.1 needs this for its
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-2.5.9/policy/modules/services/squid.fc
--- nsaserefpolicy/policy/modules/services/squid.fc 2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/squid.fc 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/squid.fc 2007-03-20 19:03:52.000000000 -0400
@@ -12,3 +12,5 @@
/var/run/squid\.pid -- gen_context(system_u:object_r:squid_var_run_t,s0)
@@ -3626,7 +3645,7 @@
+/usr/lib64/squid/cachemgr\.cgi -- gen_context(system_u:object_r:httpd_squid_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-2.5.9/policy/modules/services/squid.if
--- nsaserefpolicy/policy/modules/services/squid.if 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/squid.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/squid.if 2007-03-20 19:03:52.000000000 -0400
@@ -36,7 +36,7 @@
')
@@ -3662,7 +3681,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-2.5.9/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/squid.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/squid.te 2007-03-20 19:03:52.000000000 -0400
@@ -81,6 +81,8 @@
corenet_tcp_bind_ftp_port(squid_t)
corenet_tcp_bind_gopher_port(squid_t)
@@ -3695,7 +3714,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-2.5.9/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/ssh.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/ssh.if 2007-03-20 19:03:52.000000000 -0400
@@ -728,3 +728,42 @@
dontaudit $1 sshd_key_t:file { getattr read };
@@ -3741,7 +3760,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.5.9/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/ssh.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/ssh.te 2007-03-20 19:03:52.000000000 -0400
@@ -10,11 +10,11 @@
# Type for the ssh-agent executable.
@@ -3766,7 +3785,7 @@
tunable_policy(`ssh_sysadm_login',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.fc serefpolicy-2.5.9/policy/modules/services/zabbix.fc
--- nsaserefpolicy/policy/modules/services/zabbix.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/zabbix.fc 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/zabbix.fc 2007-03-20 19:03:52.000000000 -0400
@@ -0,0 +1,4 @@
+
+/usr/bin/zabbix_server -- gen_context(system_u:object_r:zabbix_exec_t,s0)
@@ -3774,7 +3793,7 @@
+/var/log/zabbix(/.*)? gen_context(system_u:object_r:zabbix_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.if serefpolicy-2.5.9/policy/modules/services/zabbix.if
--- nsaserefpolicy/policy/modules/services/zabbix.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/zabbix.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/zabbix.if 2007-03-20 19:03:52.000000000 -0400
@@ -0,0 +1,87 @@
+
+## <summary>policy for zabbix</summary>
@@ -3865,7 +3884,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.te serefpolicy-2.5.9/policy/modules/services/zabbix.te
--- nsaserefpolicy/policy/modules/services/zabbix.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/zabbix.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/zabbix.te 2007-03-20 19:03:52.000000000 -0400
@@ -0,0 +1,64 @@
+policy_module(zabbix,1.0.0)
+
@@ -3933,12 +3952,12 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.fc serefpolicy-2.5.9/policy/modules/system/application.fc
--- nsaserefpolicy/policy/modules/system/application.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/application.fc 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/application.fc 2007-03-20 19:03:52.000000000 -0400
@@ -0,0 +1 @@
+# No application file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.if serefpolicy-2.5.9/policy/modules/system/application.if
--- nsaserefpolicy/policy/modules/system/application.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/application.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/application.if 2007-03-20 19:03:52.000000000 -0400
@@ -0,0 +1,106 @@
+## <summary>Policy for application domains</summary>
+
@@ -4048,7 +4067,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-2.5.9/policy/modules/system/application.te
--- nsaserefpolicy/policy/modules/system/application.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/application.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/application.te 2007-03-20 19:03:52.000000000 -0400
@@ -0,0 +1,14 @@
+
+policy_module(application,1.0.0)
@@ -4066,7 +4085,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.5.9/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/authlogin.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/authlogin.if 2007-03-20 19:03:52.000000000 -0400
@@ -152,21 +152,12 @@
## </param>
#
@@ -4193,7 +4212,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.5.9/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/authlogin.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/authlogin.te 2007-03-20 19:03:52.000000000 -0400
@@ -9,6 +9,7 @@
attribute can_read_shadow_passwords;
attribute can_write_shadow_passwords;
@@ -4213,7 +4232,7 @@
corecmd_search_sbin(system_chkpwd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-2.5.9/policy/modules/system/fstools.fc
--- nsaserefpolicy/policy/modules/system/fstools.fc 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/fstools.fc 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/fstools.fc 2007-03-20 19:03:52.000000000 -0400
@@ -19,7 +19,6 @@
/sbin/mkfs.* -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/mkraid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -4224,7 +4243,7 @@
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.5.9/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/fstools.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/fstools.te 2007-03-20 19:03:52.000000000 -0400
@@ -9,6 +9,7 @@
type fsadm_t;
type fsadm_exec_t;
@@ -4235,7 +4254,7 @@
type fsadm_log_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.fc serefpolicy-2.5.9/policy/modules/system/fusermount.fc
--- nsaserefpolicy/policy/modules/system/fusermount.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/fusermount.fc 2007-03-20 15:51:53.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/fusermount.fc 2007-03-20 19:03:52.000000000 -0400
@@ -0,0 +1,6 @@
+# fusermount executable will have:
+# label: system_u:object_r:fusermount_exec_t
@@ -4245,7 +4264,7 @@
+/usr/bin/fusermount -- gen_context(system_u:object_r:fusermount_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.if serefpolicy-2.5.9/policy/modules/system/fusermount.if
--- nsaserefpolicy/policy/modules/system/fusermount.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/fusermount.if 2007-03-20 15:51:24.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/fusermount.if 2007-03-20 19:03:52.000000000 -0400
@@ -0,0 +1,41 @@
+## <summary>policy for fusermount</summary>
+
@@ -4291,7 +4310,7 @@
\ No newline at end of file
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.te serefpolicy-2.5.9/policy/modules/system/fusermount.te
--- nsaserefpolicy/policy/modules/system/fusermount.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/fusermount.te 2007-03-20 15:59:21.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/fusermount.te 2007-03-20 19:03:52.000000000 -0400
@@ -0,0 +1,44 @@
+policy_module(fusermount,1.0.0)
+
@@ -4339,7 +4358,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-2.5.9/policy/modules/system/getty.te
--- nsaserefpolicy/policy/modules/system/getty.te 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/getty.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/getty.te 2007-03-20 19:03:52.000000000 -0400
@@ -33,7 +33,8 @@
#
@@ -4352,7 +4371,7 @@
allow getty_t self:fifo_file rw_fifo_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.5.9/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/hostname.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/hostname.te 2007-03-20 19:03:52.000000000 -0400
@@ -8,8 +8,12 @@
type hostname_t;
@@ -4381,7 +4400,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.5.9/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2007-02-26 14:17:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/init.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/init.if 2007-03-20 19:03:52.000000000 -0400
@@ -121,24 +121,7 @@
')
')
@@ -4425,7 +4444,7 @@
domtrans_pattern(initrc_t,$2,$1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.5.9/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2007-02-26 14:17:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/init.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/init.te 2007-03-20 19:03:52.000000000 -0400
@@ -205,8 +205,7 @@
allow initrc_t initrc_devpts_t:chr_file rw_term_perms;
term_create_pty(initrc_t,initrc_devpts_t)
@@ -4485,7 +4504,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-2.5.9/policy/modules/system/ipsec.if
--- nsaserefpolicy/policy/modules/system/ipsec.if 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/ipsec.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/ipsec.if 2007-03-20 19:03:52.000000000 -0400
@@ -111,3 +111,103 @@
files_search_pids($1)
manage_files_pattern($1,ipsec_var_run_t,ipsec_var_run_t)
@@ -4592,7 +4611,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-2.5.9/policy/modules/system/ipsec.te
--- nsaserefpolicy/policy/modules/system/ipsec.te 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/ipsec.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/ipsec.te 2007-03-20 19:03:52.000000000 -0400
@@ -325,14 +325,14 @@
libs_use_ld_so(racoon_t)
libs_use_shared_libs(racoon_t)
@@ -4630,7 +4649,7 @@
libs_use_ld_so(setkey_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-2.5.9/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/iptables.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/iptables.te 2007-03-20 19:03:52.000000000 -0400
@@ -77,9 +77,10 @@
userdom_use_all_users_fds(iptables_t)
@@ -4654,7 +4673,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.5.9/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-03-01 10:01:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/libraries.fc 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/libraries.fc 2007-03-20 19:03:52.000000000 -0400
@@ -202,12 +202,6 @@
/usr/lib(64)?/.*/program/libsoffice\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(.*/)?pcsc/drivers(/.*)?/lib(cm2020|cm4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -4670,7 +4689,7 @@
/usr/lib(64)?/ladspa/bandpass_a_iir_1893\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-2.5.9/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2007-03-01 10:01:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/libraries.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/libraries.te 2007-03-20 19:03:52.000000000 -0400
@@ -51,6 +51,11 @@
init_system_domain(ldconfig_t,ldconfig_exec_t)
role system_r types ldconfig_t;
@@ -4717,7 +4736,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.5.9/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/locallogin.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/locallogin.te 2007-03-20 19:03:52.000000000 -0400
@@ -48,6 +48,8 @@
allow local_login_t self:msgq create_msgq_perms;
allow local_login_t self:msg { send receive };
@@ -4758,7 +4777,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-2.5.9/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/logging.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/logging.if 2007-03-20 19:03:52.000000000 -0400
@@ -480,6 +480,8 @@
files_search_var($1)
manage_files_pattern($1,logfile,logfile)
@@ -4793,7 +4812,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.5.9/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2007-02-23 16:50:01.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/logging.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/logging.te 2007-03-20 19:03:52.000000000 -0400
@@ -11,6 +11,7 @@
type auditctl_t;
type auditctl_exec_t;
@@ -4814,7 +4833,7 @@
corenet_sendrecv_syslogd_client_packets(syslogd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.5.9/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2007-03-06 09:53:20.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/lvm.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/lvm.te 2007-03-20 19:03:52.000000000 -0400
@@ -16,6 +16,7 @@
type lvm_t;
type lvm_exec_t;
@@ -4855,7 +4874,7 @@
# LVM will complain a lot if it cannot set its priority.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-2.5.9/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/modutils.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/modutils.te 2007-03-20 19:03:52.000000000 -0400
@@ -68,7 +68,7 @@
# for locking: (cjp: ????)
files_write_kernel_modules(insmod_t)
@@ -4893,7 +4912,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-2.5.9/policy/modules/system/mount.fc
--- nsaserefpolicy/policy/modules/system/mount.fc 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/mount.fc 2007-03-20 15:54:47.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/mount.fc 2007-03-20 19:03:52.000000000 -0400
@@ -1,4 +1,3 @@
/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
@@ -4902,7 +4921,7 @@
+/sbin/mount.ntfs-3g -- gen_context(system_u:object_r:mount_ntfs_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-2.5.9/policy/modules/system/mount.if
--- nsaserefpolicy/policy/modules/system/mount.if 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/mount.if 2007-03-20 15:56:09.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/mount.if 2007-03-20 19:03:52.000000000 -0400
@@ -143,3 +143,40 @@
mount_domtrans($1)
')
@@ -4946,7 +4965,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.5.9/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/mount.te 2007-03-20 15:54:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/mount.te 2007-03-20 19:03:52.000000000 -0400
@@ -9,8 +9,13 @@
type mount_t;
type mount_exec_t;
@@ -5030,7 +5049,7 @@
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlabel.te serefpolicy-2.5.9/policy/modules/system/netlabel.te
--- nsaserefpolicy/policy/modules/system/netlabel.te 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/netlabel.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/netlabel.te 2007-03-20 19:03:52.000000000 -0400
@@ -8,8 +8,7 @@
type netlabel_mgmt_t;
@@ -5043,7 +5062,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.5.9/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/selinuxutil.fc 2007-03-20 10:22:02.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/selinuxutil.fc 2007-03-20 19:03:52.000000000 -0400
@@ -40,6 +40,7 @@
/usr/sbin/setfiles.* -- gen_context(system_u:object_r:setfiles_exec_t,s0)
/usr/sbin/setsebool -- gen_context(system_u:object_r:semanage_exec_t,s0)
@@ -5054,7 +5073,7 @@
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.5.9/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/selinuxutil.if 2007-03-20 10:21:19.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/selinuxutil.if 2007-03-20 19:03:52.000000000 -0400
@@ -616,7 +616,7 @@
gen_require(`
type selinux_config_t;
@@ -5092,7 +5111,7 @@
## <summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.5.9/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/selinuxutil.te 2007-03-20 10:34:20.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/selinuxutil.te 2007-03-20 19:03:52.000000000 -0400
@@ -1,10 +1,8 @@
policy_module(selinuxutil,1.4.1)
@@ -5246,7 +5265,7 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.5.9/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/udev.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/udev.te 2007-03-20 19:03:52.000000000 -0400
@@ -89,6 +89,7 @@
dev_manage_all_dev_nodes(udev_t)
dev_rw_generic_files(udev_t)
@@ -5274,7 +5293,7 @@
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-2.5.9/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/unconfined.fc 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/unconfined.fc 2007-03-20 19:03:52.000000000 -0400
@@ -10,4 +10,5 @@
/usr/bin/valgrind -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/local/RealPlayer/realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
@@ -5283,7 +5302,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.5.9/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2007-03-20 09:23:14.000000000 -0400
-+++ serefpolicy-2.5.9/policy/modules/system/unconfined.te 2007-03-20 10:24:41.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/unconfined.te 2007-03-20 19:03:52.000000000 -0400
@@ -50,6 +50,8 @@
userdom_unconfined(unconfined_t)
userdom_priveleged_home_dir_manager(unconfined_t)
@@ -5333,7 +5352,7 @@
init_dbus_chat_script(unconfined_execmem_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.5.9/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/userdomain.if 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/userdomain.if 2007-03-20 19:03:52.000000000 -0400
@@ -115,6 +115,10 @@
# Allow making the stack executable via mprotect.
allow $1_t self:process execstack;
@@ -5755,7 +5774,7 @@
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.5.9/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/userdomain.te 2007-03-20 11:11:08.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/userdomain.te 2007-03-20 19:03:52.000000000 -0400
@@ -24,6 +24,9 @@
# users home directory contents
attribute home_type;
@@ -5848,7 +5867,7 @@
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.5.9/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/xen.te 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/xen.te 2007-03-20 19:03:52.000000000 -0400
@@ -166,8 +166,13 @@
files_manage_etc_runtime_files(xend_t)
files_etc_filetrans_etc_runtime(xend_t,file)
@@ -5903,7 +5922,7 @@
+fs_read_dos_files(xend_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-2.5.9/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/support/obj_perm_sets.spt 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/support/obj_perm_sets.spt 2007-03-20 19:03:52.000000000 -0400
@@ -215,7 +215,7 @@
define(`getattr_file_perms',`{ getattr }')
define(`setattr_file_perms',`{ setattr }')
@@ -5915,7 +5934,7 @@
define(`write_file_perms',`{ getattr write append lock ioctl }')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.5.9/Rules.modular
--- nsaserefpolicy/Rules.modular 2006-11-16 17:15:29.000000000 -0500
-+++ serefpolicy-2.5.9/Rules.modular 2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/Rules.modular 2007-03-20 19:03:52.000000000 -0400
@@ -167,7 +167,7 @@
# these have to run individually because order matters:
$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true
Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.416
retrieving revision 1.417
diff -u -r1.416 -r1.417
--- selinux-policy.spec 20 Mar 2007 20:21:08 -0000 1.416
+++ selinux-policy.spec 21 Mar 2007 03:39:06 -0000 1.417
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 2.5.9
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPL
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -356,6 +356,9 @@
%endif
%changelog
+* Tue Mar 20 2007 Dan Walsh <dwalsh at redhat.com> 2.5.9-4
+- Fixes for logwatch
+
* Tue Mar 20 2007 Dan Walsh <dwalsh at redhat.com> 2.5.9-3
- Add fusermount and mount_ntfs policy
More information about the fedora-cvs-commits
mailing list