rpms/selinux-policy/F-8 booleans-targeted.conf, 1.32, 1.33 policy-20070703.patch, 1.104, 1.105 selinux-policy.spec, 1.554, 1.555

Daniel J Walsh (dwalsh) fedora-extras-commits at redhat.com
Wed Oct 24 20:15:55 UTC 2007 

Author: dwalsh

Update of /cvs/extras/rpms/selinux-policy/F-8
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5911

Modified Files:
	booleans-targeted.conf policy-20070703.patch 
	selinux-policy.spec 
Log Message:
* Wed Oct 24 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-32
- Dontaudit mail programs looking at munin_var_lib



Index: booleans-targeted.conf
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/booleans-targeted.conf,v
retrieving revision 1.32
retrieving revision 1.33
diff -u -r1.32 -r1.33
--- booleans-targeted.conf	22 Oct 2007 21:27:07 -0000	1.32
+++ booleans-targeted.conf	24 Oct 2007 20:15:22 -0000	1.33
@@ -104,7 +104,7 @@
 
 # Allow http daemon to communicate with the TTY
 # 
-httpd_tty_comm = false
+httpd_tty_comm = true
 
 # Run CGI in the main httpd domain
 # 
@@ -216,7 +216,7 @@
 
 # Allow all domains to talk to ttys
 # 
-allow_daemons_use_tty = false
+allow_daemons_use_tty = true
 
 # Allow login domains to polyinstatiate directories
 # 
@@ -224,7 +224,7 @@
 
 # Allow all domains to talk to ttys
 # 
-allow_daemons_dump_core = false
+allow_daemons_dump_core = true
 
 # Allow mount command to mounton any directory
 # 

policy-20070703.patch:

Index: policy-20070703.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/policy-20070703.patch,v
retrieving revision 1.104
retrieving revision 1.105
diff -u -r1.104 -r1.105
--- policy-20070703.patch	24 Oct 2007 02:54:01 -0000	1.104
+++ policy-20070703.patch	24 Oct 2007 20:15:22 -0000	1.105
@@ -2088,7 +2088,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.0.8/policy/modules/admin/usermanage.if
 --- nsaserefpolicy/policy/modules/admin/usermanage.if	2007-10-22 13:21:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/admin/usermanage.if	2007-10-22 13:22:31.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/admin/usermanage.if	2007-10-23 22:49:15.000000000 -0400
 @@ -265,6 +265,24 @@
  
  ########################################
@@ -4746,7 +4746,7 @@
  dev_read_rand(amavis_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.0.8/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2007-10-22 13:21:36.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/apache.fc	2007-10-22 13:22:31.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/apache.fc	2007-10-24 13:23:10.000000000 -0400
 @@ -16,7 +16,6 @@
  
  /usr/lib/apache-ssl/.+		--	gen_context(system_u:object_r:httpd_exec_t,s0)
@@ -4774,7 +4774,7 @@
 +/etc/rc\.d/init\.d/httpd	--	gen_context(system_u:object_r:httpd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.0.8/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/apache.if	2007-10-22 13:22:31.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/apache.if	2007-10-24 13:24:07.000000000 -0400
 @@ -18,10 +18,6 @@
  		attribute httpd_script_exec_type;
  		type httpd_t, httpd_suexec_t, httpd_log_t;
@@ -5191,7 +5191,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.0.8/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/apache.te	2007-10-22 13:22:31.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/apache.te	2007-10-24 13:24:16.000000000 -0400
 @@ -20,6 +20,8 @@
  # Declarations
  #
@@ -7269,7 +7269,7 @@
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.fc serefpolicy-3.0.8/policy/modules/services/exim.fc
 --- nsaserefpolicy/policy/modules/services/exim.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/services/exim.fc	2007-10-22 13:22:31.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/exim.fc	2007-10-24 15:27:53.000000000 -0400
 @@ -0,0 +1,15 @@
 +# $Id$
 +# Draft SELinux refpolicy module for the Exim MTA
@@ -8202,7 +8202,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.0.8/policy/modules/services/mailman.te
 --- nsaserefpolicy/policy/modules/services/mailman.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/mailman.te	2007-10-22 13:22:31.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/mailman.te	2007-10-24 14:15:17.000000000 -0400
 @@ -55,6 +55,8 @@
  	apache_use_fds(mailman_cgi_t)
  	apache_dontaudit_append_log(mailman_cgi_t)
@@ -8212,7 +8212,22 @@
  
  	optional_policy(`
  		nscd_socket_use(mailman_cgi_t)
-@@ -96,6 +98,7 @@
+@@ -67,6 +69,14 @@
+ #
+ 
+ allow mailman_mail_t self:unix_dgram_socket create_socket_perms;
++allow mailman_mail_t initrc_t:process signal;
++allow mailman_mail_t self:capability { setuid setgid };
++
++mta_dontaudit_rw_delivery_tcp_sockets(mailman_mail_t)
++
++auth_use_nsswitch(mailman_mail_t)
++
++files_search_spool(mailman_mail_t)
+ 
+ mta_dontaudit_rw_delivery_tcp_sockets(mailman_mail_t)
+ 
+@@ -96,6 +106,7 @@
  kernel_read_proc_symlinks(mailman_queue_t)
  
  auth_domtrans_chk_passwd(mailman_queue_t)
@@ -8487,6 +8502,31 @@
  	logrotate_read_tmp_files(system_mail_t)
  ')
  
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.0.8/policy/modules/services/munin.if
+--- nsaserefpolicy/policy/modules/services/munin.if	2007-10-22 13:21:39.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/munin.if	2007-10-24 08:51:46.000000000 -0400
+@@ -61,3 +61,21 @@
+ 	allow $1 munin_var_lib_t:dir search_dir_perms;
+ 	files_search_var_lib($1)
+ ')
++
++#######################################
++## <summary>
++##	dontaudit Search munin library directories.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`munin_dontaudit_search_lib',`
++	gen_require(`
++		type munin_var_lib_t;
++	')
++
++	dontaudit $1 munin_var_lib_t:dir search_dir_perms;
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.0.8/policy/modules/services/mysql.fc
 --- nsaserefpolicy/policy/modules/services/mysql.fc	2007-10-22 13:21:36.000000000 -0400
 +++ serefpolicy-3.0.8/policy/modules/services/mysql.fc	2007-10-22 13:22:31.000000000 -0400
@@ -8787,7 +8827,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.0.8/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te	2007-10-22 13:22:31.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te	2007-10-24 15:41:31.000000000 -0400
 @@ -13,6 +13,9 @@
  type NetworkManager_var_run_t;
  files_pid_file(NetworkManager_var_run_t)
@@ -8835,7 +8875,16 @@
  ')
  
  optional_policy(`
-@@ -162,6 +166,7 @@
+@@ -151,6 +155,8 @@
+ optional_policy(`
+ 	nscd_socket_use(NetworkManager_t)
+ 	nscd_signal(NetworkManager_t)
++	nscd_script_domtrans(NetworkManager_t)
++	nscd_domtrans(NetworkManager_t)
+ ')
+ 
+ optional_policy(`
+@@ -162,6 +168,7 @@
  	ppp_domtrans(NetworkManager_t)
  	ppp_read_pid_files(NetworkManager_t)
  	ppp_signal(NetworkManager_t)
@@ -8843,7 +8892,7 @@
  ')
  
  optional_policy(`
-@@ -173,8 +178,10 @@
+@@ -173,8 +180,10 @@
  ')
  
  optional_policy(`
@@ -8966,10 +9015,54 @@
  corenet_dontaudit_tcp_bind_all_reserved_ports(ypxfr_t)
  corenet_dontaudit_udp_bind_all_reserved_ports(ypxfr_t)
  corenet_tcp_connect_all_ports(ypxfr_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.0.8/policy/modules/services/nscd.fc
+--- nsaserefpolicy/policy/modules/services/nscd.fc	2007-10-22 13:21:36.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/nscd.fc	2007-10-24 15:39:40.000000000 -0400
+@@ -9,3 +9,6 @@
+ /var/run/\.nscd_socket	-s	gen_context(system_u:object_r:nscd_var_run_t,s0)
+ 
+ /var/run/nscd(/.*)?		gen_context(system_u:object_r:nscd_var_run_t,s0)
++
++/etc/rc\.d/init\.d/nscd	--	gen_context(system_u:object_r:httpd_script_exec_t,s0)
++
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.0.8/policy/modules/services/nscd.if
+--- nsaserefpolicy/policy/modules/services/nscd.if	2007-10-22 13:21:39.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/nscd.if	2007-10-24 15:39:19.000000000 -0400
+@@ -204,3 +204,22 @@
+ 	role $2 types nscd_t;
+ 	dontaudit nscd_t $3:chr_file rw_term_perms;
+ ')
++
++########################################
++## <summary>
++##	Execute nscd server in the ntpd domain.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`nscd_script_domtrans',`
++	gen_require(`
++		type nscd_script_exec_t;
++	')
++
++	init_script_domtrans_spec($1,nscd_script_exec_t)
++')
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.0.8/policy/modules/services/nscd.te
 --- nsaserefpolicy/policy/modules/services/nscd.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/nscd.te	2007-10-22 13:22:31.000000000 -0400
-@@ -28,14 +28,14 @@
++++ serefpolicy-3.0.8/policy/modules/services/nscd.te	2007-10-24 15:39:46.000000000 -0400
+@@ -23,19 +23,22 @@
+ type nscd_log_t;
+ logging_log_file(nscd_log_t)
+ 
++type nscd_script_exec_t;
++init_script_type(nscd_script_exec_t)
++
+ ########################################
+ #
  # Local policy
  #
  
@@ -8987,7 +9080,7 @@
  allow nscd_t self:tcp_socket create_socket_perms;
  allow nscd_t self:udp_socket create_socket_perms;
  
-@@ -50,6 +50,8 @@
+@@ -50,6 +53,8 @@
  manage_sock_files_pattern(nscd_t,nscd_var_run_t,nscd_var_run_t)
  files_pid_filetrans(nscd_t,nscd_var_run_t,{ file sock_file })
  
@@ -8996,7 +9089,7 @@
  kernel_read_kernel_sysctls(nscd_t)
  kernel_list_proc(nscd_t)
  kernel_read_proc_symlinks(nscd_t)
-@@ -73,6 +75,8 @@
+@@ -73,6 +78,8 @@
  corenet_udp_sendrecv_all_nodes(nscd_t)
  corenet_tcp_sendrecv_all_ports(nscd_t)
  corenet_udp_sendrecv_all_ports(nscd_t)
@@ -9005,7 +9098,7 @@
  corenet_tcp_connect_all_ports(nscd_t)
  corenet_sendrecv_all_client_packets(nscd_t)
  corenet_rw_tun_tap_dev(nscd_t)
-@@ -93,6 +97,7 @@
+@@ -93,6 +100,7 @@
  libs_use_ld_so(nscd_t)
  libs_use_shared_libs(nscd_t)
  
@@ -9013,7 +9106,7 @@
  logging_send_syslog_msg(nscd_t)
  
  miscfiles_read_localization(nscd_t)
-@@ -114,3 +119,12 @@
+@@ -114,3 +122,12 @@
  	xen_dontaudit_rw_unix_stream_sockets(nscd_t)
  	xen_append_log(nscd_t)
  ')
@@ -9798,7 +9891,7 @@
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.0.8/policy/modules/services/procmail.te
 --- nsaserefpolicy/policy/modules/services/procmail.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/procmail.te	2007-10-22 13:22:31.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/procmail.te	2007-10-24 08:51:22.000000000 -0400
 @@ -30,6 +30,8 @@
  allow procmail_t procmail_tmp_t:file manage_file_perms;
  files_tmp_filetrans(procmail_t, procmail_tmp_t, file)
@@ -9816,7 +9909,28 @@
  
  auth_use_nsswitch(procmail_t)
  
-@@ -108,6 +111,9 @@
+@@ -65,6 +68,8 @@
+ libs_use_ld_so(procmail_t)
+ libs_use_shared_libs(procmail_t)
+ 
++logging_send_syslog_msg(procmail_t)
++
+ miscfiles_read_localization(procmail_t)
+ 
+ # only works until we define a different type for maildir
+@@ -97,17 +102,16 @@
+ ')
+ 
+ optional_policy(`
+-	logging_send_syslog_msg(procmail_t)
+-')
+-
+-optional_policy(`
+-	nis_use_ypbind(procmail_t)
++	munin_dontaudit_search_lib(procmail_t)
+ ')
+ 
+ optional_policy(`
  	# for a bug in the postfix local program
  	postfix_dontaudit_rw_local_tcp_sockets(procmail_t)
  	postfix_dontaudit_use_fds(procmail_t)
@@ -9826,7 +9940,7 @@
  ')
  
  optional_policy(`
-@@ -129,3 +135,7 @@
+@@ -129,3 +133,7 @@
  	spamassassin_exec_client(procmail_t)
  	spamassassin_read_lib_files(procmail_t)
  ')
@@ -11032,7 +11146,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.0.8/policy/modules/services/sendmail.te
 --- nsaserefpolicy/policy/modules/services/sendmail.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/sendmail.te	2007-10-22 13:22:31.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/sendmail.te	2007-10-24 08:46:31.000000000 -0400
 @@ -20,19 +20,22 @@
  mta_mailserver_delivery(sendmail_t)
  mta_mailserver_sender(sendmail_t)
@@ -11067,7 +11181,7 @@
  corenet_all_recvfrom_unlabeled(sendmail_t)
  corenet_all_recvfrom_netlabel(sendmail_t)
  corenet_tcp_sendrecv_all_if(sendmail_t)
-@@ -94,30 +99,24 @@
+@@ -94,30 +99,28 @@
  miscfiles_read_certs(sendmail_t)
  miscfiles_read_localization(sendmail_t)
  
@@ -11089,20 +11203,21 @@
  
  optional_policy(`
 -	clamav_search_lib(sendmail_t)
--')
--
--optional_policy(`
--	nis_use_ypbind(sendmail_t)
 +	cron_read_pipes(sendmail_t)
  ')
  
  optional_policy(`
--	nscd_socket_use(sendmail_t)
+-	nis_use_ypbind(sendmail_t)
 +	clamav_search_lib(sendmail_t)
  ')
  
  optional_policy(`
-@@ -131,6 +130,10 @@
+-	nscd_socket_use(sendmail_t)
++	munin_dontaudit_search_lib(sendmail_t)
+ ')
+ 
+ optional_policy(`
+@@ -131,6 +134,10 @@
  ')
  
  optional_policy(`
@@ -11113,7 +11228,7 @@
  	seutil_sigchld_newrole(sendmail_t)
  ')
  
-@@ -156,3 +159,15 @@
+@@ -156,3 +163,15 @@
  
  dontaudit sendmail_t admin_tty_type:chr_file { getattr ioctl };
  ') dnl end TODO
@@ -11839,7 +11954,7 @@
  /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.0.8/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.if	2007-10-22 13:22:31.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/xserver.if	2007-10-24 14:01:12.000000000 -0400
 @@ -126,6 +126,8 @@
  	# read events - the synaptics touchpad driver reads raw events
  	dev_rw_input_dev($1_xserver_t)
@@ -11872,12 +11987,13 @@
  
  	type $1_iceauth_t;
  	domain_type($1_iceauth_t)
-@@ -282,11 +286,14 @@
+@@ -282,11 +286,15 @@
  	domtrans_pattern($1_xserver_t, xauth_exec_t, $1_xauth_t)
  
  	allow $1_xserver_t $1_xauth_home_t:file { getattr read };
 +	allow xdm_t $1_xauth_home_t:file append_file_perms;
  
++	read_files_pattern($1_xserver_t, $2, $2)
  	domtrans_pattern($2, xserver_exec_t, $1_xserver_t)
  	allow $1_xserver_t $2:process signal;
  
@@ -11887,7 +12003,7 @@
  
  	manage_dirs_pattern($2,$1_fonts_t,$1_fonts_t)
  	manage_files_pattern($2,$1_fonts_t,$1_fonts_t)
-@@ -316,6 +323,7 @@
+@@ -316,6 +324,7 @@
  	userdom_use_user_ttys($1,$1_xserver_t)
  	userdom_setattr_user_ttys($1,$1_xserver_t)
  	userdom_rw_user_tmpfs_files($1,$1_xserver_t)
@@ -11895,7 +12011,7 @@
  
  	xserver_use_user_fonts($1,$1_xserver_t)
  	xserver_rw_xdm_tmp_files($1_xauth_t)
-@@ -353,12 +361,6 @@
+@@ -353,12 +362,6 @@
  	# allow ps to show xauth
  	ps_process_pattern($2,$1_xauth_t)
  
@@ -11908,7 +12024,7 @@
  	domain_use_interactive_fds($1_xauth_t)
  
  	files_read_etc_files($1_xauth_t)
-@@ -387,6 +389,14 @@
+@@ -387,6 +390,14 @@
  	')
  
  	optional_policy(`
@@ -11923,7 +12039,7 @@
  		nis_use_ypbind($1_xauth_t)
  	')
  
-@@ -537,16 +547,14 @@
+@@ -537,16 +548,14 @@
  
  	gen_require(`
  		type xdm_t, xdm_tmp_t;
@@ -11945,7 +12061,7 @@
  
  	# for when /tmp/.X11-unix is created by the system
  	allow $2 xdm_t:fd use;
-@@ -555,25 +563,53 @@
+@@ -555,25 +564,53 @@
  	allow $2 xdm_tmp_t:sock_file { read write };
  	dontaudit $2 xdm_t:tcp_socket { read write };
  
@@ -12007,7 +12123,7 @@
  	')
  ')
  
-@@ -626,6 +662,24 @@
+@@ -626,6 +663,24 @@
  
  ########################################
  ## <summary>
@@ -12032,7 +12148,7 @@
  ##	Transition to a user Xauthority domain.
  ## </summary>
  ## <desc>
-@@ -659,6 +713,73 @@
+@@ -659,6 +714,73 @@
  
  ########################################
  ## <summary>
@@ -12106,7 +12222,7 @@
  ##	Transition to a user Xauthority domain.
  ## </summary>
  ## <desc>
-@@ -927,6 +1048,7 @@
+@@ -927,6 +1049,7 @@
  	files_search_tmp($1)
  	allow $1 xdm_tmp_t:dir list_dir_perms;
  	create_sock_files_pattern($1,xdm_tmp_t,xdm_tmp_t)
@@ -12114,7 +12230,7 @@
  ')
  
  ########################################
-@@ -987,6 +1109,37 @@
+@@ -987,6 +1110,37 @@
  
  ########################################
  ## <summary>
@@ -12152,7 +12268,7 @@
  ##	Make an X session script an entrypoint for the specified domain.
  ## </summary>
  ## <param name="domain">
-@@ -1136,7 +1289,7 @@
+@@ -1136,7 +1290,7 @@
  		type xdm_xserver_tmp_t;
  	')
  
@@ -12161,7 +12277,7 @@
  ')
  
  ########################################
-@@ -1325,3 +1478,63 @@
+@@ -1325,3 +1479,63 @@
  	files_search_tmp($1)
  	stream_connect_pattern($1,xdm_xserver_tmp_t,xdm_xserver_tmp_t,xdm_xserver_t)
  ')
@@ -15286,7 +15402,7 @@
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.0.8/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/selinuxutil.te	2007-10-22 13:22:31.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/system/selinuxutil.te	2007-10-23 22:51:09.000000000 -0400
 @@ -76,7 +76,6 @@
  type restorecond_exec_t;
  init_daemon_domain(restorecond_t,restorecond_exec_t)


Index: selinux-policy.spec
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-8/selinux-policy.spec,v
retrieving revision 1.554
retrieving revision 1.555
diff -u -r1.554 -r1.555
--- selinux-policy.spec	24 Oct 2007 02:54:01 -0000	1.554
+++ selinux-policy.spec	24 Oct 2007 20:15:22 -0000	1.555
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 31%{?dist}
+Release: 32%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -373,6 +373,9 @@
 %endif
 
 %changelog
+* Wed Oct 24 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-32
+- Dontaudit mail programs looking at munin_var_lib
+
 * Tue Oct 23 2007 Dan Walsh <dwalsh at redhat.com> 3.0.8-31
 - Fixes for vmware
 - Additional textrel_shlib_t for codecs

More information about the fedora-extras-commits mailing list