rpms/selinux-policy/devel policy-20070219.patch, 1.29, 1.30 selinux-policy.spec, 1.416, 1.417

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Mar 21 03:39:09 UTC 2007


Author: dwalsh

Update of /cvs/dist/rpms/selinux-policy/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv24586

Modified Files:
	policy-20070219.patch selinux-policy.spec 
Log Message:
* Tue Mar 20 2007 Dan Walsh <dwalsh at redhat.com> 2.5.9-4
- Fixes for logwatch


policy-20070219.patch:
 Rules.modular                             |   12 +
 man/man8/ftpd_selinux.8                   |    6 
 man/man8/httpd_selinux.8                  |   17 --
 man/man8/kerberos_selinux.8               |    9 -
 man/man8/named_selinux.8                  |    8 
 man/man8/nfs_selinux.8                    |    2 
 man/man8/rsync_selinux.8                  |    8 
 man/man8/samba_selinux.8                  |   12 -
 man/man8/ypbind_selinux.8                 |    2 
 policy/flask/access_vectors               |    4 
 policy/global_booleans                    |    2 
 policy/global_tunables                    |   92 ++++++++++-
 policy/mls                                |   31 ++-
 policy/modules/admin/acct.te              |    1 
 policy/modules/admin/amtu.fc              |    3 
 policy/modules/admin/amtu.if              |   53 ++++++
 policy/modules/admin/amtu.te              |   56 ++++++
 policy/modules/admin/consoletype.te       |    8 
 policy/modules/admin/dmesg.te             |    1 
 policy/modules/admin/firstboot.if         |   18 ++
 policy/modules/admin/kudzu.te             |    1 
 policy/modules/admin/logwatch.te          |    2 
 policy/modules/admin/netutils.te          |    3 
 policy/modules/admin/rpm.fc               |    3 
 policy/modules/admin/rpm.if               |   65 +++++++
 policy/modules/admin/rpm.te               |    2 
 policy/modules/admin/su.if                |    6 
 policy/modules/admin/sudo.te              |    5 
 policy/modules/admin/usermanage.te        |   40 +++-
 policy/modules/apps/games.fc              |    1 
 policy/modules/apps/gnome.if              |   26 +++
 policy/modules/apps/gpg.fc                |    2 
 policy/modules/apps/loadkeys.if           |   44 +----
 policy/modules/apps/mozilla.if            |    1 
 policy/modules/kernel/corecommands.fc     |    2 
 policy/modules/kernel/corecommands.if     |   59 ++++---
 policy/modules/kernel/corenetwork.if.in   |   54 ++++++
 policy/modules/kernel/corenetwork.te.in   |   13 +
 policy/modules/kernel/devices.if          |   36 ++++
 policy/modules/kernel/domain.if           |   18 ++
 policy/modules/kernel/domain.te           |   23 ++
 policy/modules/kernel/files.if            |   81 ++++++++-
 policy/modules/kernel/filesystem.if       |   39 ++++
 policy/modules/kernel/filesystem.te       |    5 
 policy/modules/kernel/kernel.if           |   23 ++
 policy/modules/kernel/kernel.te           |    2 
 policy/modules/kernel/mls.if              |   20 ++
 policy/modules/kernel/mls.te              |    3 
 policy/modules/kernel/selinux.if          |   38 ++++
 policy/modules/kernel/storage.fc          |    3 
 policy/modules/kernel/storage.if          |    2 
 policy/modules/kernel/terminal.if         |    2 
 policy/modules/kernel/terminal.te         |    1 
 policy/modules/services/apache.fc         |   23 ++
 policy/modules/services/apache.if         |  159 +++++++++++++++++++
 policy/modules/services/apache.te         |   53 +++++-
 policy/modules/services/automount.te      |    2 
 policy/modules/services/ccs.te            |   12 +
 policy/modules/services/consolekit.fc     |    1 
 policy/modules/services/consolekit.te     |   24 ++
 policy/modules/services/cpucontrol.te     |    1 
 policy/modules/services/cron.fc           |    1 
 policy/modules/services/cron.if           |   33 +--
 policy/modules/services/cron.te           |   43 ++++-
 policy/modules/services/cvs.te            |    1 
 policy/modules/services/cyrus.te          |    5 
 policy/modules/services/dbus.if           |   57 ++++++
 policy/modules/services/dhcp.te           |    2 
 policy/modules/services/djbdns.te         |    5 
 policy/modules/services/dovecot.te        |    5 
 policy/modules/services/fail2ban.fc       |    4 
 policy/modules/services/fail2ban.if       |   87 ++++++++++
 policy/modules/services/fail2ban.te       |   74 ++++++++
 policy/modules/services/ftp.te            |    5 
 policy/modules/services/hal.fc            |    6 
 policy/modules/services/hal.te            |   98 +++++++++++
 policy/modules/services/inetd.if          |   29 ---
 policy/modules/services/inetd.te          |    5 
 policy/modules/services/kerberos.if       |   21 ++
 policy/modules/services/kerberos.te       |    2 
 policy/modules/services/mta.te            |    2 
 policy/modules/services/networkmanager.te |    2 
 policy/modules/services/nis.if            |    5 
 policy/modules/services/ntp.te            |    1 
 policy/modules/services/pegasus.if        |   18 ++
 policy/modules/services/pegasus.te        |    5 
 policy/modules/services/postfix.te        |    2 
 policy/modules/services/ppp.te            |   17 --
 policy/modules/services/procmail.te       |    1 
 policy/modules/services/pyzor.te          |    3 
 policy/modules/services/radius.te         |    6 
 policy/modules/services/ricci.te          |    5 
 policy/modules/services/rpc.if            |    5 
 policy/modules/services/rpc.te            |    3 
 policy/modules/services/rsync.te          |    1 
 policy/modules/services/samba.if          |   44 +++++
 policy/modules/services/samba.te          |   24 ++
 policy/modules/services/sasl.te           |   12 +
 policy/modules/services/smartmon.te       |    1 
 policy/modules/services/spamassassin.te   |    5 
 policy/modules/services/squid.fc          |    2 
 policy/modules/services/squid.if          |   22 ++
 policy/modules/services/squid.te          |   12 +
 policy/modules/services/ssh.if            |   39 ++++
 policy/modules/services/ssh.te            |    5 
 policy/modules/services/zabbix.fc         |    4 
 policy/modules/services/zabbix.if         |   87 ++++++++++
 policy/modules/services/zabbix.te         |   64 +++++++
 policy/modules/system/application.fc      |    1 
 policy/modules/system/application.if      |  106 ++++++++++++
 policy/modules/system/application.te      |   14 +
 policy/modules/system/authlogin.if        |   84 ++++++++--
 policy/modules/system/authlogin.te        |    3 
 policy/modules/system/fstools.fc          |    1 
 policy/modules/system/fstools.te          |    1 
 policy/modules/system/fusermount.fc       |    6 
 policy/modules/system/fusermount.if       |   41 ++++
 policy/modules/system/fusermount.te       |   44 +++++
 policy/modules/system/getty.te            |    3 
 policy/modules/system/hostname.te         |   14 +
 policy/modules/system/init.if             |   22 --
 policy/modules/system/init.te             |   26 ++-
 policy/modules/system/ipsec.if            |  100 ++++++++++++
 policy/modules/system/ipsec.te            |    9 -
 policy/modules/system/iptables.te         |    9 -
 policy/modules/system/libraries.fc        |    6 
 policy/modules/system/libraries.te        |   20 ++
 policy/modules/system/locallogin.te       |   10 +
 policy/modules/system/logging.if          |   21 ++
 policy/modules/system/logging.te          |    4 
 policy/modules/system/lvm.te              |   10 +
 policy/modules/system/modutils.te         |    7 
 policy/modules/system/mount.fc            |    3 
 policy/modules/system/mount.if            |   37 ++++
 policy/modules/system/mount.te            |   51 +++++-
 policy/modules/system/netlabel.te         |    3 
 policy/modules/system/selinuxutil.fc      |    1 
 policy/modules/system/selinuxutil.if      |    7 
 policy/modules/system/selinuxutil.te      |   68 +++-----
 policy/modules/system/udev.te             |    6 
 policy/modules/system/unconfined.fc       |    1 
 policy/modules/system/unconfined.te       |   15 +
 policy/modules/system/userdomain.if       |  248 ++++++++++++++++--------------
 policy/modules/system/userdomain.te       |   40 +++-
 policy/modules/system/xen.te              |   26 +++
 policy/support/obj_perm_sets.spt          |    2 
 146 files changed, 2711 insertions(+), 484 deletions(-)

Index: policy-20070219.patch
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/policy-20070219.patch,v
retrieving revision 1.29
retrieving revision 1.30
diff -u -r1.29 -r1.30
--- policy-20070219.patch	20 Mar 2007 23:04:49 -0000	1.29
+++ policy-20070219.patch	21 Mar 2007 03:39:06 -0000	1.30
@@ -1,6 +1,6 @@
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-2.5.9/man/man8/ftpd_selinux.8
 --- nsaserefpolicy/man/man8/ftpd_selinux.8	2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/ftpd_selinux.8	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/man/man8/ftpd_selinux.8	2007-03-20 19:03:51.000000000 -0400
 @@ -39,14 +39,10 @@
  ftpd can run either as a standalone daemon or as part of the xinetd domain.  If you want to run ftpd as a daemon you must set the ftpd_is_daemon boolean.
  .TP
@@ -19,7 +19,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-2.5.9/man/man8/httpd_selinux.8
 --- nsaserefpolicy/man/man8/httpd_selinux.8	2007-02-19 11:32:55.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/httpd_selinux.8	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/man/man8/httpd_selinux.8	2007-03-20 19:03:51.000000000 -0400
 @@ -110,22 +110,7 @@
  .EE
  
@@ -46,7 +46,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/kerberos_selinux.8 serefpolicy-2.5.9/man/man8/kerberos_selinux.8
 --- nsaserefpolicy/man/man8/kerberos_selinux.8	2007-02-26 14:42:44.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/kerberos_selinux.8	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/man/man8/kerberos_selinux.8	2007-03-20 19:03:51.000000000 -0400
 @@ -18,16 +18,9 @@
  You must set the allow_kerberos boolean to allow your system to work properly in a Kerberos environment.
  .EX
@@ -67,7 +67,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/named_selinux.8 serefpolicy-2.5.9/man/man8/named_selinux.8
 --- nsaserefpolicy/man/man8/named_selinux.8	2007-02-19 11:32:55.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/named_selinux.8	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/man/man8/named_selinux.8	2007-03-20 19:03:51.000000000 -0400
 @@ -20,13 +20,7 @@
  setsebool -P named_write_master_zones 1
  .EE
@@ -85,7 +85,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/nfs_selinux.8 serefpolicy-2.5.9/man/man8/nfs_selinux.8
 --- nsaserefpolicy/man/man8/nfs_selinux.8	2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/nfs_selinux.8	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/man/man8/nfs_selinux.8	2007-03-20 19:03:51.000000000 -0400
 @@ -22,7 +22,7 @@
  .TP
  setsebool -P use_nfs_home_dirs 1
@@ -97,7 +97,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/rsync_selinux.8 serefpolicy-2.5.9/man/man8/rsync_selinux.8
 --- nsaserefpolicy/man/man8/rsync_selinux.8	2007-02-19 11:32:55.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/rsync_selinux.8	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/man/man8/rsync_selinux.8	2007-03-20 19:03:51.000000000 -0400
 @@ -36,13 +36,7 @@
  
  .SH BOOLEANS
@@ -115,7 +115,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/samba_selinux.8 serefpolicy-2.5.9/man/man8/samba_selinux.8
 --- nsaserefpolicy/man/man8/samba_selinux.8	2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/samba_selinux.8	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/man/man8/samba_selinux.8	2007-03-20 19:03:51.000000000 -0400
 @@ -41,17 +41,7 @@
  
  setsebool -P use_samba_home_dirs 1
@@ -137,7 +137,7 @@
  This manual page was written by Dan Walsh <dwalsh at redhat.com>.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ypbind_selinux.8 serefpolicy-2.5.9/man/man8/ypbind_selinux.8
 --- nsaserefpolicy/man/man8/ypbind_selinux.8	2006-11-16 17:15:28.000000000 -0500
-+++ serefpolicy-2.5.9/man/man8/ypbind_selinux.8	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/man/man8/ypbind_selinux.8	2007-03-20 19:03:51.000000000 -0400
 @@ -11,7 +11,7 @@
  .TP
  setsebool -P allow_ypbind 1
@@ -149,7 +149,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.5.9/policy/flask/access_vectors
 --- nsaserefpolicy/policy/flask/access_vectors	2007-02-26 09:43:33.000000000 -0500
-+++ serefpolicy-2.5.9/policy/flask/access_vectors	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/flask/access_vectors	2007-03-20 19:03:51.000000000 -0400
 @@ -598,6 +598,8 @@
  	shmempwd
  	shmemgrp
@@ -170,7 +170,7 @@
  class key
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans serefpolicy-2.5.9/policy/global_booleans
 --- nsaserefpolicy/policy/global_booleans	2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.5.9/policy/global_booleans	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/global_booleans	2007-03-20 19:03:51.000000000 -0400
 @@ -4,7 +4,6 @@
  # file should be used.
  #
@@ -189,7 +189,7 @@
  ## <p>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.5.9/policy/global_tunables
 --- nsaserefpolicy/policy/global_tunables	2007-02-19 11:32:54.000000000 -0500
-+++ serefpolicy-2.5.9/policy/global_tunables	2007-03-20 16:11:08.000000000 -0400
++++ serefpolicy-2.5.9/policy/global_tunables	2007-03-20 19:03:51.000000000 -0400
 @@ -278,6 +278,20 @@
  
  ## <desc>
@@ -337,7 +337,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.5.9/policy/mls
 --- nsaserefpolicy/policy/mls	2007-03-09 13:02:20.000000000 -0500
-+++ serefpolicy-2.5.9/policy/mls	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/mls	2007-03-20 19:03:51.000000000 -0400
 @@ -89,12 +89,14 @@
  mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton }
  	(( l1 eq l2 ) or
@@ -411,7 +411,7 @@
  mlsconstrain association { polmatch }
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.5.9/policy/modules/admin/acct.te
 --- nsaserefpolicy/policy/modules/admin/acct.te	2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/acct.te	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/acct.te	2007-03-20 19:03:51.000000000 -0400
 @@ -9,6 +9,7 @@
  type acct_t;
  type acct_exec_t;
@@ -422,14 +422,14 @@
  logging_log_file(acct_data_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.fc serefpolicy-2.5.9/policy/modules/admin/amtu.fc
 --- nsaserefpolicy/policy/modules/admin/amtu.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/amtu.fc	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/amtu.fc	2007-03-20 19:03:51.000000000 -0400
 @@ -0,0 +1,3 @@
 +
 +/usr/bin/amtu    --    gen_context(system_u:object_r:amtu_exec_t,s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.if serefpolicy-2.5.9/policy/modules/admin/amtu.if
 --- nsaserefpolicy/policy/modules/admin/amtu.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/amtu.if	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/amtu.if	2007-03-20 19:03:51.000000000 -0400
 @@ -0,0 +1,53 @@
 +## <summary>
 +##	abstract Machine Test Utility 
@@ -486,7 +486,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.te serefpolicy-2.5.9/policy/modules/admin/amtu.te
 --- nsaserefpolicy/policy/modules/admin/amtu.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/amtu.te	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/amtu.te	2007-03-20 19:03:51.000000000 -0400
 @@ -0,0 +1,56 @@
 +policy_module(amtu,1.0.23)
 +
@@ -546,7 +546,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.5.9/policy/modules/admin/consoletype.te
 --- nsaserefpolicy/policy/modules/admin/consoletype.te	2007-02-19 11:32:54.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/consoletype.te	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/consoletype.te	2007-03-20 19:03:51.000000000 -0400
 @@ -8,7 +8,12 @@
  
  type consoletype_t;
@@ -571,7 +571,7 @@
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.5.9/policy/modules/admin/dmesg.te
 --- nsaserefpolicy/policy/modules/admin/dmesg.te	2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/dmesg.te	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/dmesg.te	2007-03-20 19:03:51.000000000 -0400
 @@ -10,6 +10,7 @@
  	type dmesg_t;
  	type dmesg_exec_t;
@@ -582,7 +582,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.if serefpolicy-2.5.9/policy/modules/admin/firstboot.if
 --- nsaserefpolicy/policy/modules/admin/firstboot.if	2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/firstboot.if	2007-03-20 10:47:25.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/firstboot.if	2007-03-20 19:03:51.000000000 -0400
 @@ -124,3 +124,21 @@
  
  	allow $1 firstboot_t:fifo_file { read write };
@@ -607,7 +607,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.5.9/policy/modules/admin/kudzu.te
 --- nsaserefpolicy/policy/modules/admin/kudzu.te	2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/kudzu.te	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/kudzu.te	2007-03-20 19:03:51.000000000 -0400
 @@ -103,6 +103,7 @@
  init_use_fds(kudzu_t)
  init_use_script_ptys(kudzu_t)
@@ -616,9 +616,28 @@
  
  libs_use_ld_so(kudzu_t)
  libs_use_shared_libs(kudzu_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.5.9/policy/modules/admin/logwatch.te
+--- nsaserefpolicy/policy/modules/admin/logwatch.te	2007-02-19 11:32:54.000000000 -0500
++++ serefpolicy-2.5.9/policy/modules/admin/logwatch.te	2007-03-20 23:22:00.000000000 -0400
+@@ -30,6 +30,7 @@
+ allow logwatch_t self:process signal;
+ allow logwatch_t self:fifo_file rw_file_perms;
+ allow logwatch_t self:unix_stream_socket create_stream_socket_perms;
++allow logwatch_t self:netlink_route_socket r_netlink_socket_perms; 
+ 
+ manage_dirs_pattern(logwatch_t,logwatch_cache_t,logwatch_cache_t)
+ manage_files_pattern(logwatch_t,logwatch_cache_t,logwatch_cache_t)
+@@ -80,6 +81,7 @@
+ libs_read_lib_files(logwatch_t)
+ 
+ logging_read_all_logs(logwatch_t)
++logging_send_syslog_msg(logwatch_t) 
+ 
+ miscfiles_read_localization(logwatch_t)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.5.9/policy/modules/admin/netutils.te
 --- nsaserefpolicy/policy/modules/admin/netutils.te	2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/netutils.te	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/netutils.te	2007-03-20 19:03:51.000000000 -0400
 @@ -22,6 +22,7 @@
  type traceroute_t;
  type traceroute_exec_t;
@@ -638,7 +657,7 @@
  corenet_non_ipsec_sendrecv(netutils_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.5.9/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2006-11-16 17:15:26.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/rpm.fc	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/rpm.fc	2007-03-20 19:03:51.000000000 -0400
 @@ -21,6 +21,9 @@
  /usr/sbin/pup			--	gen_context(system_u:object_r:rpm_exec_t,s0)
  /usr/sbin/rhn_check		--	gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -651,7 +670,7 @@
  /var/lib/alternatives(/.*)?		gen_context(system_u:object_r:rpm_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.5.9/policy/modules/admin/rpm.if
 --- nsaserefpolicy/policy/modules/admin/rpm.if	2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/rpm.if	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/rpm.if	2007-03-20 19:03:51.000000000 -0400
 @@ -270,3 +270,68 @@
  	dontaudit $1 rpm_var_lib_t:file manage_file_perms;
  	dontaudit $1 rpm_var_lib_t:lnk_file manage_lnk_file_perms;
@@ -723,7 +742,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.5.9/policy/modules/admin/rpm.te
 --- nsaserefpolicy/policy/modules/admin/rpm.te	2007-02-19 11:32:54.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/rpm.te	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/rpm.te	2007-03-20 19:03:51.000000000 -0400
 @@ -9,6 +9,8 @@
  type rpm_t;
  type rpm_exec_t;
@@ -735,7 +754,7 @@
  domain_system_change_exemption(rpm_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.te serefpolicy-2.5.9/policy/modules/admin/sudo.te
 --- nsaserefpolicy/policy/modules/admin/sudo.te	2007-03-20 09:23:14.000000000 -0400
-+++ serefpolicy-2.5.9/policy/modules/admin/sudo.te	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/sudo.te	2007-03-20 19:03:51.000000000 -0400
 @@ -1,11 +1,12 @@
  
 -policy_module(sudo,1.0.2)
@@ -753,7 +772,7 @@
  # Remaining policy in per user domain template.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.5.9/policy/modules/admin/su.if
 --- nsaserefpolicy/policy/modules/admin/su.if	2007-02-19 11:32:54.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/su.if	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/su.if	2007-03-20 19:03:51.000000000 -0400
 @@ -71,7 +71,7 @@
  	files_search_var_lib($1_su_t)
  	files_dontaudit_getattr_tmp_dirs($1_su_t)
@@ -783,7 +802,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.5.9/policy/modules/admin/usermanage.te
 --- nsaserefpolicy/policy/modules/admin/usermanage.te	2007-03-08 10:48:54.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/admin/usermanage.te	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/admin/usermanage.te	2007-03-20 19:03:51.000000000 -0400
 @@ -6,9 +6,6 @@
  # Declarations
  #
@@ -885,7 +904,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.fc serefpolicy-2.5.9/policy/modules/apps/games.fc
 --- nsaserefpolicy/policy/modules/apps/games.fc	2007-02-28 10:12:23.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/apps/games.fc	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/apps/games.fc	2007-03-20 19:03:51.000000000 -0400
 @@ -4,6 +4,7 @@
  /usr/games/powermanga	--	gen_context(system_u:object_r:games_exec_t,s0)
  /usr/games/nethack-3.4.3/nethack -- gen_context(system_u:object_r:games_exec_t,s0)
@@ -896,7 +915,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-2.5.9/policy/modules/apps/gnome.if
 --- nsaserefpolicy/policy/modules/apps/gnome.if	2007-02-19 11:32:52.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/apps/gnome.if	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/apps/gnome.if	2007-03-20 19:03:51.000000000 -0400
 @@ -35,6 +35,7 @@
  template(`gnome_per_role_template',`
  	gen_require(`
@@ -952,7 +971,7 @@
  ##	This is a templated interface, and should only
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-2.5.9/policy/modules/apps/gpg.fc
 --- nsaserefpolicy/policy/modules/apps/gpg.fc	2006-11-16 17:15:07.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/apps/gpg.fc	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/apps/gpg.fc	2007-03-20 19:03:51.000000000 -0400
 @@ -7,6 +7,4 @@
  /usr/lib/gnupg/.*	--	gen_context(system_u:object_r:gpg_exec_t,s0)
  /usr/lib/gnupg/gpgkeys.* --	gen_context(system_u:object_r:gpg_helper_exec_t,s0)
@@ -962,7 +981,7 @@
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.if serefpolicy-2.5.9/policy/modules/apps/loadkeys.if
 --- nsaserefpolicy/policy/modules/apps/loadkeys.if	2007-01-02 12:57:22.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/apps/loadkeys.if	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/apps/loadkeys.if	2007-03-20 19:03:51.000000000 -0400
 @@ -11,16 +11,12 @@
  ## </param>
  #
@@ -1031,7 +1050,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-2.5.9/policy/modules/apps/mozilla.if
 --- nsaserefpolicy/policy/modules/apps/mozilla.if	2007-02-19 11:32:52.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/apps/mozilla.if	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/apps/mozilla.if	2007-03-20 19:03:51.000000000 -0400
 @@ -147,6 +147,7 @@
  	corenet_dontaudit_tcp_bind_generic_port($1_mozilla_t)
  
@@ -1042,7 +1061,7 @@
  	dev_dontaudit_rw_dri($1_mozilla_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.5.9/policy/modules/kernel/corecommands.fc
 --- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2007-03-01 10:01:48.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/corecommands.fc	2007-03-20 10:34:50.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/corecommands.fc	2007-03-20 19:03:51.000000000 -0400
 @@ -190,6 +190,7 @@
  ifdef(`distro_redhat', `
  /usr/lib/.*/program(/.*)?		gen_context(system_u:object_r:bin_t,s0)
@@ -1061,7 +1080,7 @@
  /usr/share/system-config-keyboard/system-config-keyboard -- gen_context(system_u:object_r:bin_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.5.9/policy/modules/kernel/corecommands.if
 --- nsaserefpolicy/policy/modules/kernel/corecommands.if	2007-03-20 09:23:13.000000000 -0400
-+++ serefpolicy-2.5.9/policy/modules/kernel/corecommands.if	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/corecommands.if	2007-03-20 19:03:51.000000000 -0400
 @@ -913,27 +913,6 @@
  
  ########################################
@@ -1134,7 +1153,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-2.5.9/policy/modules/kernel/corenetwork.if.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in	2007-02-19 11:32:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/corenetwork.if.in	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/corenetwork.if.in	2007-03-20 19:03:51.000000000 -0400
 @@ -1977,3 +1977,57 @@
  
  	typeattribute $1 corenet_unconfined_type;
@@ -1195,7 +1214,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.5.9/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2007-02-19 11:32:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/corenetwork.te.in	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/corenetwork.te.in	2007-03-20 19:03:51.000000000 -0400
 @@ -48,6 +48,11 @@
  type reserved_port_t, port_type, reserved_port_type;
  
@@ -1246,7 +1265,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.5.9/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/devices.if	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/devices.if	2007-03-20 19:03:51.000000000 -0400
 @@ -2449,6 +2449,24 @@
  
  ########################################
@@ -1299,7 +1318,7 @@
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-2.5.9/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2007-02-19 11:32:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/domain.if	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/domain.if	2007-03-20 19:03:51.000000000 -0400
 @@ -1254,3 +1254,21 @@
  	typeattribute $1 can_change_object_identity;
  	typeattribute $1 set_curr_context;
@@ -1324,7 +1343,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.5.9/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2007-02-19 11:32:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/domain.te	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/domain.te	2007-03-20 19:03:51.000000000 -0400
 @@ -144,3 +144,26 @@
  
  # act on all domains keys
@@ -1354,7 +1373,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.5.9/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2007-02-26 14:17:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/files.if	2007-03-20 16:19:14.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/files.if	2007-03-20 19:03:51.000000000 -0400
 @@ -343,8 +343,7 @@
  
  ########################################
@@ -1524,7 +1543,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.5.9/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2007-02-19 11:32:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/filesystem.if	2007-03-20 16:07:29.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/filesystem.if	2007-03-20 19:03:51.000000000 -0400
 @@ -1110,11 +1110,31 @@
  		type dosfs_t;
  	')
@@ -1582,7 +1601,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.5.9/policy/modules/kernel/filesystem.te
 --- nsaserefpolicy/policy/modules/kernel/filesystem.te	2007-02-19 11:32:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/filesystem.te	2007-03-20 16:07:43.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/filesystem.te	2007-03-20 19:03:51.000000000 -0400
 @@ -65,6 +65,11 @@
  # change to task SID 20060628
  #genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0)
@@ -1597,7 +1616,7 @@
  genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.5.9/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2007-02-19 11:32:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/kernel.if	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/kernel.if	2007-03-20 19:03:51.000000000 -0400
 @@ -1830,6 +1830,26 @@
  
  ########################################
@@ -1637,7 +1656,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.5.9/policy/modules/kernel/kernel.te
 --- nsaserefpolicy/policy/modules/kernel/kernel.te	2007-03-20 09:23:13.000000000 -0400
-+++ serefpolicy-2.5.9/policy/modules/kernel/kernel.te	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/kernel.te	2007-03-20 19:03:51.000000000 -0400
 @@ -146,6 +146,8 @@
  type unlabeled_t;
  sid unlabeled gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
@@ -1649,7 +1668,7 @@
  sid file_labels		gen_context(system_u:object_r:unlabeled_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if serefpolicy-2.5.9/policy/modules/kernel/mls.if
 --- nsaserefpolicy/policy/modules/kernel/mls.if	2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/mls.if	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/mls.if	2007-03-20 19:03:51.000000000 -0400
 @@ -154,6 +154,26 @@
  ########################################
  ## <summary>
@@ -1679,7 +1698,7 @@
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.5.9/policy/modules/kernel/mls.te
 --- nsaserefpolicy/policy/modules/kernel/mls.te	2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/mls.te	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/mls.te	2007-03-20 19:03:51.000000000 -0400
 @@ -18,6 +18,7 @@
  attribute mlsnetreadtoclr;
  attribute mlsnetwrite;
@@ -1699,7 +1718,7 @@
  attribute privrangetrans;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-2.5.9/policy/modules/kernel/selinux.if
 --- nsaserefpolicy/policy/modules/kernel/selinux.if	2007-02-27 14:37:10.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/selinux.if	2007-03-20 10:20:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/selinux.if	2007-03-20 19:03:51.000000000 -0400
 @@ -51,6 +51,44 @@
  
  ########################################
@@ -1747,7 +1766,7 @@
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-2.5.9/policy/modules/kernel/storage.fc
 --- nsaserefpolicy/policy/modules/kernel/storage.fc	2006-11-16 17:15:04.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/storage.fc	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/storage.fc	2007-03-20 19:03:51.000000000 -0400
 @@ -42,7 +42,8 @@
  /dev/sjcd		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/sonycd		-b	gen_context(system_u:object_r:removable_device_t,s0)
@@ -1760,7 +1779,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-2.5.9/policy/modules/kernel/storage.if
 --- nsaserefpolicy/policy/modules/kernel/storage.if	2007-01-02 12:57:13.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/storage.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/storage.if	2007-03-20 19:03:51.000000000 -0400
 @@ -100,6 +100,7 @@
  
  	dev_list_all_dev_nodes($1)
@@ -1779,7 +1798,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.5.9/policy/modules/kernel/terminal.if
 --- nsaserefpolicy/policy/modules/kernel/terminal.if	2007-02-20 16:35:52.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/terminal.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/terminal.if	2007-03-20 19:03:51.000000000 -0400
 @@ -1052,7 +1052,7 @@
  	')
  
@@ -1791,7 +1810,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.te serefpolicy-2.5.9/policy/modules/kernel/terminal.te
 --- nsaserefpolicy/policy/modules/kernel/terminal.te	2007-02-20 16:35:52.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/kernel/terminal.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/kernel/terminal.te	2007-03-20 19:03:51.000000000 -0400
 @@ -28,6 +28,7 @@
  type devpts_t;
  files_mountpoint(devpts_t)
@@ -1802,7 +1821,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.5.9/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2007-02-23 16:50:01.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/apache.fc	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/apache.fc	2007-03-20 19:03:51.000000000 -0400
 @@ -1,10 +1,5 @@
  # temporary hack till genhomedircon is fixed
 -ifdef(`targeted_policy',`
@@ -1850,7 +1869,7 @@
 +/var/lib/bugzilla(/.*)?			gen_context(system_u:object_r:httpd_bugzilla_script_rw_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.5.9/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/apache.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/apache.if	2007-03-20 19:03:51.000000000 -0400
 @@ -268,6 +268,9 @@
  	')
  
@@ -2037,7 +2056,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.5.9/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2007-02-23 16:50:01.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/apache.te	2007-03-20 15:07:42.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/apache.te	2007-03-20 19:03:51.000000000 -0400
 @@ -171,6 +171,7 @@
  allow httpd_t httpd_modules_t:dir list_dir_perms;
  mmap_files_pattern(httpd_t,httpd_modules_t,httpd_modules_t)
@@ -2156,7 +2175,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.5.9/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/automount.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/automount.te	2007-03-20 19:03:51.000000000 -0400
 @@ -69,6 +69,7 @@
  files_mounton_all_mountpoints(automount_t)
  files_mount_all_file_type_fs(automount_t)
@@ -2175,7 +2194,7 @@
  domain_use_interactive_fds(automount_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-2.5.9/policy/modules/services/ccs.te
 --- nsaserefpolicy/policy/modules/services/ccs.te	2007-03-06 12:47:39.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/ccs.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/ccs.te	2007-03-20 19:03:51.000000000 -0400
 @@ -10,10 +10,14 @@
  type ccs_exec_t;
  init_daemon_domain(ccs_t, ccs_exec_t)
@@ -2207,13 +2226,13 @@
  manage_sock_files_pattern(ccs_t,ccs_var_log_t,ccs_var_log_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-2.5.9/policy/modules/services/consolekit.fc
 --- nsaserefpolicy/policy/modules/services/consolekit.fc	2007-03-20 09:23:13.000000000 -0400
-+++ serefpolicy-2.5.9/policy/modules/services/consolekit.fc	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/consolekit.fc	2007-03-20 19:03:51.000000000 -0400
 @@ -1 +1,2 @@
  /usr/sbin/console-kit-daemon	--	gen_context(system_u:object_r:consolekit_exec_t,s0)
 +/var/run/consolekit.pid		--	gen_context(system_u:object_r:consolekit_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-2.5.9/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2007-03-20 09:23:13.000000000 -0400
-+++ serefpolicy-2.5.9/policy/modules/services/consolekit.te	2007-03-20 16:20:01.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/consolekit.te	2007-03-20 19:03:51.000000000 -0400
 @@ -10,13 +10,16 @@
  type consolekit_exec_t;
  init_daemon_domain(consolekit_t, consolekit_exec_t)
@@ -2270,7 +2289,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cpucontrol.te serefpolicy-2.5.9/policy/modules/services/cpucontrol.te
 --- nsaserefpolicy/policy/modules/services/cpucontrol.te	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/cpucontrol.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/cpucontrol.te	2007-03-20 19:03:51.000000000 -0400
 @@ -91,6 +91,7 @@
  kernel_read_system_state(cpuspeed_t)
  kernel_read_kernel_sysctls(cpuspeed_t)
@@ -2281,7 +2300,7 @@
  domain_use_interactive_fds(cpuspeed_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-2.5.9/policy/modules/services/cron.fc
 --- nsaserefpolicy/policy/modules/services/cron.fc	2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/cron.fc	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/cron.fc	2007-03-20 19:03:51.000000000 -0400
 @@ -45,3 +45,4 @@
  /var/spool/fcron/systab\.orig	--	gen_context(system_u:object_r:system_cron_spool_t,s0)
  /var/spool/fcron/systab		--	gen_context(system_u:object_r:system_cron_spool_t,s0)
@@ -2289,7 +2308,7 @@
 +/var/lib/misc(/.*)?			gen_context(system_u:object_r:crond_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.5.9/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/cron.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/cron.if	2007-03-20 19:03:51.000000000 -0400
 @@ -35,6 +35,7 @@
  #
  template(`cron_per_role_template',`
@@ -2400,7 +2419,7 @@
  		# fcron wants an instant update of a crontab change for the administrator
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.5.9/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/cron.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/cron.te	2007-03-20 19:03:51.000000000 -0400
 @@ -25,6 +25,9 @@
  type cron_log_t;
  logging_log_file(cron_log_t)
@@ -2516,7 +2535,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.5.9/policy/modules/services/cvs.te
 --- nsaserefpolicy/policy/modules/services/cvs.te	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/cvs.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/cvs.te	2007-03-20 19:03:51.000000000 -0400
 @@ -9,6 +9,7 @@
  type cvs_t;
  type cvs_exec_t;
@@ -2527,7 +2546,7 @@
  type cvs_data_t; # customizable
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-2.5.9/policy/modules/services/cyrus.te
 --- nsaserefpolicy/policy/modules/services/cyrus.te	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/cyrus.te	2007-03-20 11:37:37.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/cyrus.te	2007-03-20 19:03:51.000000000 -0400
 @@ -116,6 +116,7 @@
  userdom_use_sysadm_ptys(cyrus_t)
  
@@ -2549,7 +2568,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.5.9/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/dbus.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/dbus.if	2007-03-20 19:03:51.000000000 -0400
 @@ -70,6 +70,7 @@
  	#
  
@@ -2634,7 +2653,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-2.5.9/policy/modules/services/dhcp.te
 --- nsaserefpolicy/policy/modules/services/dhcp.te	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/dhcp.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/dhcp.te	2007-03-20 19:03:51.000000000 -0400
 @@ -125,6 +125,8 @@
  	dbus_system_bus_client_template(dhcpd,dhcpd_t)
  	dbus_connect_system_bus(dhcpd_t)
@@ -2646,7 +2665,7 @@
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbdns.te serefpolicy-2.5.9/policy/modules/services/djbdns.te
 --- nsaserefpolicy/policy/modules/services/djbdns.te	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/djbdns.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/djbdns.te	2007-03-20 19:03:51.000000000 -0400
 @@ -44,4 +44,7 @@
  libs_use_ld_so(djbdns_axfrdns_t)
  libs_use_shared_libs(djbdns_axfrdns_t)
@@ -2658,7 +2677,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.5.9/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/dovecot.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/dovecot.te	2007-03-20 19:03:51.000000000 -0400
 @@ -89,6 +89,7 @@
  
  term_dontaudit_use_console(dovecot_t)
@@ -2680,7 +2699,7 @@
  # dovecot auth local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.fc serefpolicy-2.5.9/policy/modules/services/fail2ban.fc
 --- nsaserefpolicy/policy/modules/services/fail2ban.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/fail2ban.fc	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/fail2ban.fc	2007-03-20 19:03:51.000000000 -0400
 @@ -0,0 +1,4 @@
 +
 +/usr/bin/fail2ban		--	gen_context(system_u:object_r:fail2ban_exec_t,s0)
@@ -2688,7 +2707,7 @@
 +/var/run/fail2ban.pid		--	gen_context(system_u:object_r:fail2ban_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-2.5.9/policy/modules/services/fail2ban.if
 --- nsaserefpolicy/policy/modules/services/fail2ban.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/fail2ban.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/fail2ban.if	2007-03-20 19:03:51.000000000 -0400
 @@ -0,0 +1,87 @@
 +
 +## <summary>policy for fail2ban</summary>
@@ -2779,7 +2798,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-2.5.9/policy/modules/services/fail2ban.te
 --- nsaserefpolicy/policy/modules/services/fail2ban.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/fail2ban.te	2007-03-20 16:41:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/fail2ban.te	2007-03-20 19:03:51.000000000 -0400
 @@ -0,0 +1,74 @@
 +policy_module(fail2ban,1.0.0)
 +
@@ -2857,7 +2876,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.5.9/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2007-02-28 14:03:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/ftp.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/ftp.te	2007-03-20 19:03:51.000000000 -0400
 @@ -190,10 +190,15 @@
  	userdom_manage_all_users_home_content_dirs(ftpd_t)
  	userdom_manage_all_users_home_content_files(ftpd_t)
@@ -2876,7 +2895,7 @@
  tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-2.5.9/policy/modules/services/hal.fc
 --- nsaserefpolicy/policy/modules/services/hal.fc	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/hal.fc	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/hal.fc	2007-03-20 19:03:51.000000000 -0400
 @@ -8,4 +8,10 @@
  
  /var/lib/hal(/.*)?				gen_context(system_u:object_r:hald_var_lib_t,s0)
@@ -2890,7 +2909,7 @@
 +/usr/libexec/hald-addon-macbookpro-backlight --	gen_context(system_u:object_r:hald_mac_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.5.9/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/hal.te	2007-03-20 10:53:08.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/hal.te	2007-03-20 19:03:51.000000000 -0400
 @@ -16,9 +16,24 @@
  type hald_var_run_t;
  files_pid_file(hald_var_run_t)
@@ -3053,7 +3072,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.if serefpolicy-2.5.9/policy/modules/services/inetd.if
 --- nsaserefpolicy/policy/modules/services/inetd.if	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/inetd.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/inetd.if	2007-03-20 19:03:51.000000000 -0400
 @@ -35,32 +35,9 @@
  
  	role system_r types $1;
@@ -3092,7 +3111,7 @@
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.te serefpolicy-2.5.9/policy/modules/services/inetd.te
 --- nsaserefpolicy/policy/modules/services/inetd.te	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/inetd.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/inetd.te	2007-03-20 19:03:51.000000000 -0400
 @@ -140,8 +140,8 @@
  mls_fd_use_all_levels(inetd_t)
  mls_fd_share_all_levels(inetd_t)
@@ -3115,7 +3134,7 @@
  manage_dirs_pattern(inetd_child_t,inetd_child_tmp_t,inetd_child_tmp_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-2.5.9/policy/modules/services/kerberos.if
 --- nsaserefpolicy/policy/modules/services/kerberos.if	2007-02-26 14:17:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/kerberos.if	2007-03-20 11:06:02.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/kerberos.if	2007-03-20 19:03:51.000000000 -0400
 @@ -94,6 +94,27 @@
  
  ########################################
@@ -3146,7 +3165,7 @@
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-2.5.9/policy/modules/services/kerberos.te
 --- nsaserefpolicy/policy/modules/services/kerberos.te	2007-02-26 14:17:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/kerberos.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/kerberos.te	2007-03-20 19:03:51.000000000 -0400
 @@ -68,7 +68,7 @@
  dontaudit kadmind_t krb5_conf_t:file write;
  
@@ -3158,7 +3177,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.5.9/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/mta.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/mta.te	2007-03-20 19:03:51.000000000 -0400
 @@ -27,6 +27,7 @@
  
  type sendmail_exec_t;
@@ -3177,7 +3196,7 @@
  	apache_dontaudit_append_log(system_mail_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.5.9/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2007-03-01 10:01:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/networkmanager.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/networkmanager.te	2007-03-20 19:03:51.000000000 -0400
 @@ -22,7 +22,7 @@
  # and it receives a unexpected signal (rh bug #204161) 
  allow NetworkManager_t self:capability { kill setgid setuid sys_nice dac_override net_admin net_raw net_bind_service ipc_lock };
@@ -3189,7 +3208,7 @@
  allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-2.5.9/policy/modules/services/nis.if
 --- nsaserefpolicy/policy/modules/services/nis.if	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/nis.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/nis.if	2007-03-20 19:03:51.000000000 -0400
 @@ -48,8 +48,8 @@
  	corenet_udp_bind_all_nodes($1)
  	corenet_tcp_bind_generic_port($1)
@@ -3208,7 +3227,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.5.9/policy/modules/services/ntp.te
 --- nsaserefpolicy/policy/modules/services/ntp.te	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/ntp.te	2007-03-20 10:47:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/ntp.te	2007-03-20 19:03:51.000000000 -0400
 @@ -135,6 +135,7 @@
  
  optional_policy(`
@@ -3219,7 +3238,7 @@
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.5.9/policy/modules/services/pegasus.if
 --- nsaserefpolicy/policy/modules/services/pegasus.if	2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/pegasus.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/pegasus.if	2007-03-20 19:03:51.000000000 -0400
 @@ -1 +1,19 @@
  ## <summary>The Open Group Pegasus CIM/WBEM Server.</summary>
 +
@@ -3242,7 +3261,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.5.9/policy/modules/services/pegasus.te
 --- nsaserefpolicy/policy/modules/services/pegasus.te	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/pegasus.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/pegasus.te	2007-03-20 19:03:51.000000000 -0400
 @@ -99,13 +99,12 @@
  
  auth_use_nsswitch(pegasus_t)
@@ -3261,7 +3280,7 @@
  hostname_exec(pegasus_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.5.9/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2007-03-01 16:15:29.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/postfix.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/postfix.te	2007-03-20 19:03:51.000000000 -0400
 @@ -173,6 +173,8 @@
  mta_rw_aliases(postfix_master_t)
  mta_read_sendmail_bin(postfix_master_t)
@@ -3273,7 +3292,7 @@
  	term_dontaudit_use_generic_ptys(postfix_master_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-2.5.9/policy/modules/services/ppp.te
 --- nsaserefpolicy/policy/modules/services/ppp.te	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/ppp.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/ppp.te	2007-03-20 19:03:51.000000000 -0400
 @@ -177,19 +177,10 @@
  	term_dontaudit_use_generic_ptys(pppd_t)
  	files_dontaudit_read_root_files(pppd_t)
@@ -3300,7 +3319,7 @@
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.5.9/policy/modules/services/procmail.te
 --- nsaserefpolicy/policy/modules/services/procmail.te	2007-03-08 08:26:59.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/procmail.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/procmail.te	2007-03-20 19:03:51.000000000 -0400
 @@ -10,6 +10,7 @@
  type procmail_exec_t;
  domain_type(procmail_t)
@@ -3311,7 +3330,7 @@
  type procmail_tmp_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-2.5.9/policy/modules/services/pyzor.te
 --- nsaserefpolicy/policy/modules/services/pyzor.te	2007-03-08 13:52:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/pyzor.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/pyzor.te	2007-03-20 19:03:52.000000000 -0400
 @@ -44,6 +44,8 @@
  manage_dirs_pattern(pyzor_t,pyzor_tmp_t,pyzor_tmp_t)
  files_tmp_filetrans(pyzor_t, pyzor_tmp_t, { file dir })
@@ -3331,7 +3350,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-2.5.9/policy/modules/services/radius.te
 --- nsaserefpolicy/policy/modules/services/radius.te	2007-03-20 09:23:13.000000000 -0400
-+++ serefpolicy-2.5.9/policy/modules/services/radius.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/radius.te	2007-03-20 19:03:52.000000000 -0400
 @@ -1,5 +1,5 @@
  
 -policy_module(radius,1.2.1)
@@ -3349,7 +3368,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.5.9/policy/modules/services/ricci.te
 --- nsaserefpolicy/policy/modules/services/ricci.te	2007-03-06 09:53:20.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/ricci.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/ricci.te	2007-03-20 19:03:52.000000000 -0400
 @@ -449,6 +449,7 @@
  #
  
@@ -3371,7 +3390,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-2.5.9/policy/modules/services/rpc.if
 --- nsaserefpolicy/policy/modules/services/rpc.if	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/rpc.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/rpc.if	2007-03-20 19:03:52.000000000 -0400
 @@ -89,8 +89,11 @@
  	# bind to arbitary unused ports
  	corenet_tcp_bind_generic_port($1_t)
@@ -3387,7 +3406,7 @@
  	fs_search_auto_mountpoints($1_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.5.9/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2007-03-06 10:32:18.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/rpc.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/rpc.te	2007-03-20 19:03:52.000000000 -0400
 @@ -80,9 +80,6 @@
  kernel_read_system_state(nfsd_t) 
  kernel_read_network_state(nfsd_t) 
@@ -3400,7 +3419,7 @@
  fs_getattr_all_fs(nfsd_t) 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-2.5.9/policy/modules/services/rsync.te
 --- nsaserefpolicy/policy/modules/services/rsync.te	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/rsync.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/rsync.te	2007-03-20 19:03:52.000000000 -0400
 @@ -9,6 +9,7 @@
  type rsync_t;
  type rsync_exec_t;
@@ -3411,7 +3430,7 @@
  type rsync_data_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-2.5.9/policy/modules/services/samba.if
 --- nsaserefpolicy/policy/modules/services/samba.if	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/samba.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/samba.if	2007-03-20 19:03:52.000000000 -0400
 @@ -177,6 +177,27 @@
  
  ########################################
@@ -3484,7 +3503,7 @@
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.5.9/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2007-02-23 16:50:01.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/samba.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/samba.te	2007-03-20 19:03:52.000000000 -0400
 @@ -278,6 +278,10 @@
  userdom_dontaudit_use_unpriv_user_fds(smbd_t)
  userdom_use_unpriv_users_fds(smbd_t)
@@ -3537,7 +3556,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-2.5.9/policy/modules/services/sasl.te
 --- nsaserefpolicy/policy/modules/services/sasl.te	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/sasl.te	2007-03-20 11:30:06.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/sasl.te	2007-03-20 19:03:52.000000000 -0400
 @@ -10,6 +10,9 @@
  type saslauthd_exec_t;
  init_daemon_domain(saslauthd_t,saslauthd_exec_t)
@@ -3577,7 +3596,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-2.5.9/policy/modules/services/smartmon.te
 --- nsaserefpolicy/policy/modules/services/smartmon.te	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/smartmon.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/smartmon.te	2007-03-20 19:03:52.000000000 -0400
 @@ -60,6 +60,7 @@
  fs_search_auto_mountpoints(fsdaemon_t)
  
@@ -3588,7 +3607,7 @@
  storage_raw_write_fixed_disk(fsdaemon_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.5.9/policy/modules/services/spamassassin.te
 --- nsaserefpolicy/policy/modules/services/spamassassin.te	2007-03-08 13:52:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/spamassassin.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/spamassassin.te	2007-03-20 19:03:52.000000000 -0400
 @@ -8,7 +8,7 @@
  
  # spamassassin client executable
@@ -3617,7 +3636,7 @@
  # spamassassin 3.1 needs this for its
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-2.5.9/policy/modules/services/squid.fc
 --- nsaserefpolicy/policy/modules/services/squid.fc	2006-11-16 17:15:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/squid.fc	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/squid.fc	2007-03-20 19:03:52.000000000 -0400
 @@ -12,3 +12,5 @@
  /var/run/squid\.pid	--	gen_context(system_u:object_r:squid_var_run_t,s0)
  
@@ -3626,7 +3645,7 @@
 +/usr/lib64/squid/cachemgr\.cgi	--	gen_context(system_u:object_r:httpd_squid_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-2.5.9/policy/modules/services/squid.if
 --- nsaserefpolicy/policy/modules/services/squid.if	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/squid.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/squid.if	2007-03-20 19:03:52.000000000 -0400
 @@ -36,7 +36,7 @@
  	')
  
@@ -3662,7 +3681,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-2.5.9/policy/modules/services/squid.te
 --- nsaserefpolicy/policy/modules/services/squid.te	2007-01-02 12:57:43.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/squid.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/squid.te	2007-03-20 19:03:52.000000000 -0400
 @@ -81,6 +81,8 @@
  corenet_tcp_bind_ftp_port(squid_t)
  corenet_tcp_bind_gopher_port(squid_t)
@@ -3695,7 +3714,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-2.5.9/policy/modules/services/ssh.if
 --- nsaserefpolicy/policy/modules/services/ssh.if	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/ssh.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/ssh.if	2007-03-20 19:03:52.000000000 -0400
 @@ -728,3 +728,42 @@
  
  	dontaudit $1 sshd_key_t:file { getattr read };
@@ -3741,7 +3760,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.5.9/policy/modules/services/ssh.te
 --- nsaserefpolicy/policy/modules/services/ssh.te	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/ssh.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/ssh.te	2007-03-20 19:03:52.000000000 -0400
 @@ -10,11 +10,11 @@
  
  # Type for the ssh-agent executable.
@@ -3766,7 +3785,7 @@
  tunable_policy(`ssh_sysadm_login',`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.fc serefpolicy-2.5.9/policy/modules/services/zabbix.fc
 --- nsaserefpolicy/policy/modules/services/zabbix.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/zabbix.fc	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/zabbix.fc	2007-03-20 19:03:52.000000000 -0400
 @@ -0,0 +1,4 @@
 +
 +/usr/bin/zabbix_server		--	gen_context(system_u:object_r:zabbix_exec_t,s0)
@@ -3774,7 +3793,7 @@
 +/var/log/zabbix(/.*)?			gen_context(system_u:object_r:zabbix_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.if serefpolicy-2.5.9/policy/modules/services/zabbix.if
 --- nsaserefpolicy/policy/modules/services/zabbix.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/zabbix.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/zabbix.if	2007-03-20 19:03:52.000000000 -0400
 @@ -0,0 +1,87 @@
 +
 +## <summary>policy for zabbix</summary>
@@ -3865,7 +3884,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.te serefpolicy-2.5.9/policy/modules/services/zabbix.te
 --- nsaserefpolicy/policy/modules/services/zabbix.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/services/zabbix.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/services/zabbix.te	2007-03-20 19:03:52.000000000 -0400
 @@ -0,0 +1,64 @@
 +policy_module(zabbix,1.0.0)
 +
@@ -3933,12 +3952,12 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.fc serefpolicy-2.5.9/policy/modules/system/application.fc
 --- nsaserefpolicy/policy/modules/system/application.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/application.fc	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/application.fc	2007-03-20 19:03:52.000000000 -0400
 @@ -0,0 +1 @@
 +# No application file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.if serefpolicy-2.5.9/policy/modules/system/application.if
 --- nsaserefpolicy/policy/modules/system/application.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/application.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/application.if	2007-03-20 19:03:52.000000000 -0400
 @@ -0,0 +1,106 @@
 +## <summary>Policy for application domains</summary>
 +
@@ -4048,7 +4067,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-2.5.9/policy/modules/system/application.te
 --- nsaserefpolicy/policy/modules/system/application.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/application.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/application.te	2007-03-20 19:03:52.000000000 -0400
 @@ -0,0 +1,14 @@
 +
 +policy_module(application,1.0.0)
@@ -4066,7 +4085,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.5.9/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/authlogin.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/authlogin.if	2007-03-20 19:03:52.000000000 -0400
 @@ -152,21 +152,12 @@
  ## </param>
  #
@@ -4193,7 +4212,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.5.9/policy/modules/system/authlogin.te
 --- nsaserefpolicy/policy/modules/system/authlogin.te	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/authlogin.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/authlogin.te	2007-03-20 19:03:52.000000000 -0400
 @@ -9,6 +9,7 @@
  attribute can_read_shadow_passwords;
  attribute can_write_shadow_passwords;
@@ -4213,7 +4232,7 @@
  corecmd_search_sbin(system_chkpwd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-2.5.9/policy/modules/system/fstools.fc
 --- nsaserefpolicy/policy/modules/system/fstools.fc	2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/fstools.fc	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/fstools.fc	2007-03-20 19:03:52.000000000 -0400
 @@ -19,7 +19,6 @@
  /sbin/mkfs.*		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/mkraid		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -4224,7 +4243,7 @@
  /sbin/partx		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.5.9/policy/modules/system/fstools.te
 --- nsaserefpolicy/policy/modules/system/fstools.te	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/fstools.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/fstools.te	2007-03-20 19:03:52.000000000 -0400
 @@ -9,6 +9,7 @@
  type fsadm_t;
  type fsadm_exec_t;
@@ -4235,7 +4254,7 @@
  type fsadm_log_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.fc serefpolicy-2.5.9/policy/modules/system/fusermount.fc
 --- nsaserefpolicy/policy/modules/system/fusermount.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/fusermount.fc	2007-03-20 15:51:53.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/fusermount.fc	2007-03-20 19:03:52.000000000 -0400
 @@ -0,0 +1,6 @@
 +# fusermount executable will have:
 +# label: system_u:object_r:fusermount_exec_t
@@ -4245,7 +4264,7 @@
 +/usr/bin/fusermount		--	gen_context(system_u:object_r:fusermount_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.if serefpolicy-2.5.9/policy/modules/system/fusermount.if
 --- nsaserefpolicy/policy/modules/system/fusermount.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/fusermount.if	2007-03-20 15:51:24.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/fusermount.if	2007-03-20 19:03:52.000000000 -0400
 @@ -0,0 +1,41 @@
 +## <summary>policy for fusermount</summary>
 +
@@ -4291,7 +4310,7 @@
 \ No newline at end of file
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.te serefpolicy-2.5.9/policy/modules/system/fusermount.te
 --- nsaserefpolicy/policy/modules/system/fusermount.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/fusermount.te	2007-03-20 15:59:21.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/fusermount.te	2007-03-20 19:03:52.000000000 -0400
 @@ -0,0 +1,44 @@
 +policy_module(fusermount,1.0.0)
 +
@@ -4339,7 +4358,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-2.5.9/policy/modules/system/getty.te
 --- nsaserefpolicy/policy/modules/system/getty.te	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/getty.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/getty.te	2007-03-20 19:03:52.000000000 -0400
 @@ -33,7 +33,8 @@
  #
  
@@ -4352,7 +4371,7 @@
  allow getty_t self:fifo_file rw_fifo_file_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.5.9/policy/modules/system/hostname.te
 --- nsaserefpolicy/policy/modules/system/hostname.te	2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/hostname.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/hostname.te	2007-03-20 19:03:52.000000000 -0400
 @@ -8,8 +8,12 @@
  
  type hostname_t;
@@ -4381,7 +4400,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.5.9/policy/modules/system/init.if
 --- nsaserefpolicy/policy/modules/system/init.if	2007-02-26 14:17:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/init.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/init.if	2007-03-20 19:03:52.000000000 -0400
 @@ -121,24 +121,7 @@
  		')
  	')
@@ -4425,7 +4444,7 @@
  	domtrans_pattern(initrc_t,$2,$1)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.5.9/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2007-02-26 14:17:21.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/init.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/init.te	2007-03-20 19:03:52.000000000 -0400
 @@ -205,8 +205,7 @@
  allow initrc_t initrc_devpts_t:chr_file rw_term_perms;
  term_create_pty(initrc_t,initrc_devpts_t)
@@ -4485,7 +4504,7 @@
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-2.5.9/policy/modules/system/ipsec.if
 --- nsaserefpolicy/policy/modules/system/ipsec.if	2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/ipsec.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/ipsec.if	2007-03-20 19:03:52.000000000 -0400
 @@ -111,3 +111,103 @@
  	files_search_pids($1)
  	manage_files_pattern($1,ipsec_var_run_t,ipsec_var_run_t)
@@ -4592,7 +4611,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-2.5.9/policy/modules/system/ipsec.te
 --- nsaserefpolicy/policy/modules/system/ipsec.te	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/ipsec.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/ipsec.te	2007-03-20 19:03:52.000000000 -0400
 @@ -325,14 +325,14 @@
  libs_use_ld_so(racoon_t)
  libs_use_shared_libs(racoon_t)
@@ -4630,7 +4649,7 @@
  libs_use_ld_so(setkey_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-2.5.9/policy/modules/system/iptables.te
 --- nsaserefpolicy/policy/modules/system/iptables.te	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/iptables.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/iptables.te	2007-03-20 19:03:52.000000000 -0400
 @@ -77,9 +77,10 @@
  userdom_use_all_users_fds(iptables_t)
  
@@ -4654,7 +4673,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.5.9/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2007-03-01 10:01:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/libraries.fc	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/libraries.fc	2007-03-20 19:03:52.000000000 -0400
 @@ -202,12 +202,6 @@
  /usr/lib(64)?/.*/program/libsoffice\.so  --	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/(.*/)?pcsc/drivers(/.*)?/lib(cm2020|cm4000|SCR24x)\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -4670,7 +4689,7 @@
  /usr/lib(64)?/ladspa/bandpass_a_iir_1893\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-2.5.9/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2007-03-01 10:01:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/libraries.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/libraries.te	2007-03-20 19:03:52.000000000 -0400
 @@ -51,6 +51,11 @@
  init_system_domain(ldconfig_t,ldconfig_exec_t)
  role system_r types ldconfig_t;
@@ -4717,7 +4736,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.5.9/policy/modules/system/locallogin.te
 --- nsaserefpolicy/policy/modules/system/locallogin.te	2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/locallogin.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/locallogin.te	2007-03-20 19:03:52.000000000 -0400
 @@ -48,6 +48,8 @@
  allow local_login_t self:msgq create_msgq_perms;
  allow local_login_t self:msg { send receive };
@@ -4758,7 +4777,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-2.5.9/policy/modules/system/logging.if
 --- nsaserefpolicy/policy/modules/system/logging.if	2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/logging.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/logging.if	2007-03-20 19:03:52.000000000 -0400
 @@ -480,6 +480,8 @@
  	files_search_var($1)
  	manage_files_pattern($1,logfile,logfile)
@@ -4793,7 +4812,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.5.9/policy/modules/system/logging.te
 --- nsaserefpolicy/policy/modules/system/logging.te	2007-02-23 16:50:01.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/logging.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/logging.te	2007-03-20 19:03:52.000000000 -0400
 @@ -11,6 +11,7 @@
  type auditctl_t;
  type auditctl_exec_t;
@@ -4814,7 +4833,7 @@
  corenet_sendrecv_syslogd_client_packets(syslogd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.5.9/policy/modules/system/lvm.te
 --- nsaserefpolicy/policy/modules/system/lvm.te	2007-03-06 09:53:20.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/lvm.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/lvm.te	2007-03-20 19:03:52.000000000 -0400
 @@ -16,6 +16,7 @@
  type lvm_t;
  type lvm_exec_t;
@@ -4855,7 +4874,7 @@
  # LVM will complain a lot if it cannot set its priority.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-2.5.9/policy/modules/system/modutils.te
 --- nsaserefpolicy/policy/modules/system/modutils.te	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/modutils.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/modutils.te	2007-03-20 19:03:52.000000000 -0400
 @@ -68,7 +68,7 @@
  # for locking: (cjp: ????)
  files_write_kernel_modules(insmod_t)
@@ -4893,7 +4912,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-2.5.9/policy/modules/system/mount.fc
 --- nsaserefpolicy/policy/modules/system/mount.fc	2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/mount.fc	2007-03-20 15:54:47.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/mount.fc	2007-03-20 19:03:52.000000000 -0400
 @@ -1,4 +1,3 @@
  /bin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
  /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
@@ -4902,7 +4921,7 @@
 +/sbin/mount.ntfs-3g		--	gen_context(system_u:object_r:mount_ntfs_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-2.5.9/policy/modules/system/mount.if
 --- nsaserefpolicy/policy/modules/system/mount.if	2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/mount.if	2007-03-20 15:56:09.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/mount.if	2007-03-20 19:03:52.000000000 -0400
 @@ -143,3 +143,40 @@
  		mount_domtrans($1)
  	')
@@ -4946,7 +4965,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.5.9/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/mount.te	2007-03-20 15:54:31.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/mount.te	2007-03-20 19:03:52.000000000 -0400
 @@ -9,8 +9,13 @@
  type mount_t;
  type mount_exec_t;
@@ -5030,7 +5049,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlabel.te serefpolicy-2.5.9/policy/modules/system/netlabel.te
 --- nsaserefpolicy/policy/modules/system/netlabel.te	2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/netlabel.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/netlabel.te	2007-03-20 19:03:52.000000000 -0400
 @@ -8,8 +8,7 @@
  
  type netlabel_mgmt_t;
@@ -5043,7 +5062,7 @@
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.5.9/policy/modules/system/selinuxutil.fc
 --- nsaserefpolicy/policy/modules/system/selinuxutil.fc	2006-11-16 17:15:24.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/selinuxutil.fc	2007-03-20 10:22:02.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/selinuxutil.fc	2007-03-20 19:03:52.000000000 -0400
 @@ -40,6 +40,7 @@
  /usr/sbin/setfiles.*		--	gen_context(system_u:object_r:setfiles_exec_t,s0)
  /usr/sbin/setsebool		--	gen_context(system_u:object_r:semanage_exec_t,s0)
@@ -5054,7 +5073,7 @@
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.5.9/policy/modules/system/selinuxutil.if
 --- nsaserefpolicy/policy/modules/system/selinuxutil.if	2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/selinuxutil.if	2007-03-20 10:21:19.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/selinuxutil.if	2007-03-20 19:03:52.000000000 -0400
 @@ -616,7 +616,7 @@
  	gen_require(`
  		type selinux_config_t;
@@ -5092,7 +5111,7 @@
  ##	<summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.5.9/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/selinuxutil.te	2007-03-20 10:34:20.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/selinuxutil.te	2007-03-20 19:03:52.000000000 -0400
 @@ -1,10 +1,8 @@
  
  policy_module(selinuxutil,1.4.1)
@@ -5246,7 +5265,7 @@
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.5.9/policy/modules/system/udev.te
 --- nsaserefpolicy/policy/modules/system/udev.te	2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/udev.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/udev.te	2007-03-20 19:03:52.000000000 -0400
 @@ -89,6 +89,7 @@
  dev_manage_all_dev_nodes(udev_t)
  dev_rw_generic_files(udev_t)
@@ -5274,7 +5293,7 @@
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-2.5.9/policy/modules/system/unconfined.fc
 --- nsaserefpolicy/policy/modules/system/unconfined.fc	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/unconfined.fc	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/unconfined.fc	2007-03-20 19:03:52.000000000 -0400
 @@ -10,4 +10,5 @@
  /usr/bin/valgrind 		--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
  /usr/local/RealPlayer/realplay\.bin --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
@@ -5283,7 +5302,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.5.9/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2007-03-20 09:23:14.000000000 -0400
-+++ serefpolicy-2.5.9/policy/modules/system/unconfined.te	2007-03-20 10:24:41.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/unconfined.te	2007-03-20 19:03:52.000000000 -0400
 @@ -50,6 +50,8 @@
  	userdom_unconfined(unconfined_t)
  	userdom_priveleged_home_dir_manager(unconfined_t)
@@ -5333,7 +5352,7 @@
  		init_dbus_chat_script(unconfined_execmem_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.5.9/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/userdomain.if	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/userdomain.if	2007-03-20 19:03:52.000000000 -0400
 @@ -115,6 +115,10 @@
  		# Allow making the stack executable via mprotect.
  		allow $1_t self:process execstack;
@@ -5755,7 +5774,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.5.9/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2007-02-19 11:32:53.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/userdomain.te	2007-03-20 11:11:08.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/userdomain.te	2007-03-20 19:03:52.000000000 -0400
 @@ -24,6 +24,9 @@
  # users home directory contents
  attribute home_type;
@@ -5848,7 +5867,7 @@
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.5.9/policy/modules/system/xen.te
 --- nsaserefpolicy/policy/modules/system/xen.te	2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.5.9/policy/modules/system/xen.te	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/modules/system/xen.te	2007-03-20 19:03:52.000000000 -0400
 @@ -166,8 +166,13 @@
  files_manage_etc_runtime_files(xend_t)
  files_etc_filetrans_etc_runtime(xend_t,file)
@@ -5903,7 +5922,7 @@
 +fs_read_dos_files(xend_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-2.5.9/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2007-01-02 12:57:51.000000000 -0500
-+++ serefpolicy-2.5.9/policy/support/obj_perm_sets.spt	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/policy/support/obj_perm_sets.spt	2007-03-20 19:03:52.000000000 -0400
 @@ -215,7 +215,7 @@
  define(`getattr_file_perms',`{ getattr }')
  define(`setattr_file_perms',`{ setattr }')
@@ -5915,7 +5934,7 @@
  define(`write_file_perms',`{ getattr write append lock ioctl }')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.5.9/Rules.modular
 --- nsaserefpolicy/Rules.modular	2006-11-16 17:15:29.000000000 -0500
-+++ serefpolicy-2.5.9/Rules.modular	2007-03-20 10:20:32.000000000 -0400
++++ serefpolicy-2.5.9/Rules.modular	2007-03-20 19:03:52.000000000 -0400
 @@ -167,7 +167,7 @@
  # these have to run individually because order matters:
  	$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/dist/rpms/selinux-policy/devel/selinux-policy.spec,v
retrieving revision 1.416
retrieving revision 1.417
diff -u -r1.416 -r1.417
--- selinux-policy.spec	20 Mar 2007 20:21:08 -0000	1.416
+++ selinux-policy.spec	21 Mar 2007 03:39:06 -0000	1.417
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.5.9
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -356,6 +356,9 @@
 %endif
 
 %changelog
+* Tue Mar 20 2007 Dan Walsh <dwalsh at redhat.com> 2.5.9-4
+- Fixes for logwatch
+
 * Tue Mar 20 2007 Dan Walsh <dwalsh at redhat.com> 2.5.9-3
 - Add fusermount and mount_ntfs policy
 




More information about the fedora-cvs-commits mailing list