rpms/selinux-policy/F-11 policy-20090521.patch,1.21,1.22
Miroslav Grepl
mgrepl at fedoraproject.org
Thu Jun 25 08:39:07 UTC 2009
Author: mgrepl
Update of /cvs/extras/rpms/selinux-policy/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv13819
Modified Files:
policy-20090521.patch
Log Message:
- Fix gpsd policy
policy-20090521.patch:
Index: policy-20090521.patch
===================================================================
RCS file: /cvs/extras/rpms/selinux-policy/F-11/policy-20090521.patch,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -p -r1.21 -r1.22
--- policy-20090521.patch 24 Jun 2009 20:45:35 -0000 1.21
+++ policy-20090521.patch 25 Jun 2009 08:39:06 -0000 1.22
@@ -1,6 +1,6 @@
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.6.12/policy/mcs
---- nsaserefpolicy/policy/mcs 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/mcs 2009-06-18 13:09:45.000000000 -0400
+--- nsaserefpolicy/policy/mcs 2009-06-25 10:19:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/mcs 2009-06-25 10:21:01.000000000 +0200
@@ -66,7 +66,7 @@
#
# Note that getattr on files is always permitted.
@@ -39,8 +39,8 @@ diff -b -B --ignore-all-space --exclude-
') dnl end enable_mcs
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.6.12/policy/modules/admin/certwatch.te
---- nsaserefpolicy/policy/modules/admin/certwatch.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/certwatch.te 2009-06-24 09:13:00.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/certwatch.te 2009-06-25 10:19:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/admin/certwatch.te 2009-06-25 10:21:01.000000000 +0200
@@ -1,5 +1,5 @@
-policy_module(certwatch, 1.3.0)
@@ -58,8 +58,8 @@ diff -b -B --ignore-all-space --exclude-
logging_send_syslog_msg(certwatch_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.6.12/policy/modules/admin/prelink.te
---- nsaserefpolicy/policy/modules/admin/prelink.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/prelink.te 2009-06-15 08:33:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/prelink.te 2009-06-25 10:19:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/admin/prelink.te 2009-06-25 10:21:01.000000000 +0200
@@ -68,10 +68,11 @@
files_list_all(prelink_t)
files_getattr_all_files(prelink_t)
@@ -85,8 +85,8 @@ diff -b -B --ignore-all-space --exclude-
unconfined_domain(prelink_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.6.12/policy/modules/admin/readahead.te
---- nsaserefpolicy/policy/modules/admin/readahead.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/readahead.te 2009-06-06 06:42:14.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/readahead.te 2009-06-25 10:19:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/admin/readahead.te 2009-06-25 10:21:01.000000000 +0200
@@ -55,6 +55,7 @@
files_read_non_security_files(readahead_t)
files_dontaudit_read_security_files(readahead_t)
@@ -96,8 +96,8 @@ diff -b -B --ignore-all-space --exclude-
fs_getattr_all_fs(readahead_t)
fs_search_auto_mountpoints(readahead_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.6.12/policy/modules/admin/rpm.if
---- nsaserefpolicy/policy/modules/admin/rpm.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/rpm.if 2009-05-29 11:02:56.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/rpm.if 2009-06-25 10:19:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/admin/rpm.if 2009-06-25 10:21:01.000000000 +0200
@@ -470,6 +470,24 @@
########################################
@@ -124,8 +124,8 @@ diff -b -B --ignore-all-space --exclude-
## write RPM tmp files
## </summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.6.12/policy/modules/admin/usermanage.te
---- nsaserefpolicy/policy/modules/admin/usermanage.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/admin/usermanage.te 2009-05-26 13:02:40.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/usermanage.te 2009-06-25 10:19:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/admin/usermanage.te 2009-06-25 10:21:01.000000000 +0200
@@ -209,6 +209,7 @@
files_manage_etc_files(groupadd_t)
files_relabel_etc_files(groupadd_t)
@@ -135,16 +135,16 @@ diff -b -B --ignore-all-space --exclude-
# Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}.
corecmd_exec_bin(groupadd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.fc serefpolicy-3.6.12/policy/modules/apps/gitosis.fc
---- nsaserefpolicy/policy/modules/apps/gitosis.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/gitosis.fc 2009-06-20 07:16:05.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gitosis.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/gitosis.fc 2009-06-25 10:21:01.000000000 +0200
@@ -0,0 +1,4 @@
+
+/usr/bin/gitosis-serve -- gen_context(system_u:object_r:gitosis_exec_t,s0)
+
+/var/lib/gitosis(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.6.12/policy/modules/apps/gitosis.if
---- nsaserefpolicy/policy/modules/apps/gitosis.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/gitosis.if 2009-06-20 07:16:05.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gitosis.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/gitosis.if 2009-06-25 10:28:47.000000000 +0200
@@ -0,0 +1,94 @@
+## <summary>gitosis interface</summary>
+
@@ -178,7 +178,7 @@ diff -b -B --ignore-all-space --exclude-
+## </param>
+## <param name="role">
+## <summary>
-+## The role to be allowed the gpsd domain.
++## The role to be allowed the gitosis domain.
+## </summary>
+## </param>
+## <param name="terminal">
@@ -241,8 +241,8 @@ diff -b -B --ignore-all-space --exclude-
+ manage_dirs_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.te serefpolicy-3.6.12/policy/modules/apps/gitosis.te
---- nsaserefpolicy/policy/modules/apps/gitosis.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/apps/gitosis.te 2009-06-20 07:16:05.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/gitosis.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.6.12/policy/modules/apps/gitosis.te 2009-06-25 10:21:01.000000000 +0200
@@ -0,0 +1,43 @@
+policy_module(gitosis,1.0.0)
+
@@ -288,8 +288,8 @@ diff -b -B --ignore-all-space --exclude-
+ ssh_rw_pipes(gitosis_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.6.12/policy/modules/apps/mozilla.te
---- nsaserefpolicy/policy/modules/apps/mozilla.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/apps/mozilla.te 2009-06-24 08:36:16.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/mozilla.te 2009-06-25 10:19:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/mozilla.te 2009-06-25 10:21:01.000000000 +0200
@@ -145,6 +145,7 @@
userdom_manage_user_tmp_dirs(mozilla_t)
userdom_manage_user_tmp_files(mozilla_t)
@@ -299,15 +299,15 @@ diff -b -B --ignore-all-space --exclude-
xserver_user_x_domain_template(mozilla, mozilla_t, mozilla_tmpfs_t)
xserver_dontaudit_read_xdm_tmp_files(mozilla_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.6.12/policy/modules/apps/qemu.fc
---- nsaserefpolicy/policy/modules/apps/qemu.fc 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/apps/qemu.fc 2009-06-08 13:49:44.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/qemu.fc 2009-06-25 10:19:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/qemu.fc 2009-06-25 10:21:01.000000000 +0200
@@ -1,2 +1,3 @@
/usr/bin/qemu.* -- gen_context(system_u:object_r:qemu_exec_t,s0)
+/usr/libexec/qemu.* -- gen_context(system_u:object_r:qemu_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.12/policy/modules/apps/qemu.te
---- nsaserefpolicy/policy/modules/apps/qemu.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/apps/qemu.te 2009-06-12 14:53:46.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/qemu.te 2009-06-25 10:19:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/qemu.te 2009-06-25 10:21:01.000000000 +0200
@@ -88,11 +88,16 @@
')
@@ -326,8 +326,8 @@ diff -b -B --ignore-all-space --exclude-
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.6.12/policy/modules/apps/sandbox.if
---- nsaserefpolicy/policy/modules/apps/sandbox.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/apps/sandbox.if 2009-06-24 08:54:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/sandbox.if 2009-06-25 10:19:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/sandbox.if 2009-06-25 10:21:01.000000000 +0200
@@ -3,73 +3,143 @@
########################################
@@ -505,8 +505,8 @@ diff -b -B --ignore-all-space --exclude-
+ allow $1 sandbox_xserver_tmpfs_t:file rw_file_perms;
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.6.12/policy/modules/apps/sandbox.te
---- nsaserefpolicy/policy/modules/apps/sandbox.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/apps/sandbox.te 2009-06-24 08:54:41.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/sandbox.te 2009-06-25 10:19:43.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/sandbox.te 2009-06-25 10:21:01.000000000 +0200
@@ -1,18 +1,84 @@
policy_module(sandbox,1.0.0)
+dbus_stub()
@@ -803,8 +803,8 @@ diff -b -B --ignore-all-space --exclude-
+ hal_dbus_chat(sandbox_net_client_t)
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.6.12/policy/modules/apps/vmware.fc
---- nsaserefpolicy/policy/modules/apps/vmware.fc 2009-04-07 15:54:49.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/apps/vmware.fc 2009-05-26 08:07:56.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/vmware.fc 2009-04-07 21:54:49.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/vmware.fc 2009-06-25 10:21:01.000000000 +0200
@@ -63,6 +63,7 @@
')
@@ -814,8 +814,8 @@ diff -b -B --ignore-all-space --exclude-
/var/run/vmnat.* -s gen_context(system_u:object_r:vmware_var_run_t,s0)
/var/run/vmware.* gen_context(system_u:object_r:vmware_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.6.12/policy/modules/apps/vmware.te
---- nsaserefpolicy/policy/modules/apps/vmware.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/apps/vmware.te 2009-06-12 08:42:20.000000000 -0400
+--- nsaserefpolicy/policy/modules/apps/vmware.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/apps/vmware.te 2009-06-25 10:21:01.000000000 +0200
@@ -136,7 +136,7 @@
miscfiles_read_localization(vmware_host_t)
@@ -837,8 +837,8 @@ diff -b -B --ignore-all-space --exclude-
ifdef(`TODO',`
# VMWare need access to pcmcia devices for network
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc
---- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc 2009-06-08 08:49:07.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/kernel/corecommands.fc 2009-06-25 10:21:01.000000000 +0200
@@ -7,6 +7,7 @@
/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
@@ -878,8 +878,8 @@ diff -b -B --ignore-all-space --exclude-
/usr/X11R6/lib(64)?/X11/xkb/xkbcomp -- gen_context(system_u:object_r:bin_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.12/policy/modules/kernel/corenetwork.te.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/kernel/corenetwork.te.in 2009-06-19 07:01:37.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/kernel/corenetwork.te.in 2009-06-25 10:21:01.000000000 +0200
@@ -134,7 +134,7 @@
network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
@@ -890,8 +890,8 @@ diff -b -B --ignore-all-space --exclude-
network_port(mmcc, tcp,5050,s0, udp,5050,s0)
network_port(monopd, tcp,1234,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.6.12/policy/modules/kernel/devices.fc
---- nsaserefpolicy/policy/modules/kernel/devices.fc 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/kernel/devices.fc 2009-06-08 09:12:26.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/devices.fc 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/kernel/devices.fc 2009-06-25 10:21:01.000000000 +0200
@@ -46,8 +46,10 @@
/dev/kmem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
/dev/kmsg -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
@@ -904,8 +904,8 @@ diff -b -B --ignore-all-space --exclude-
/dev/logibm -c gen_context(system_u:object_r:mouse_device_t,s0)
/dev/lp.* -c gen_context(system_u:object_r:printer_device_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.6.12/policy/modules/kernel/devices.if
---- nsaserefpolicy/policy/modules/kernel/devices.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/kernel/devices.if 2009-06-08 09:15:11.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/devices.if 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/kernel/devices.if 2009-06-25 10:21:01.000000000 +0200
@@ -1727,6 +1727,133 @@
########################################
@@ -1041,8 +1041,8 @@ diff -b -B --ignore-all-space --exclude-
## </summary>
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.6.12/policy/modules/kernel/devices.te
---- nsaserefpolicy/policy/modules/kernel/devices.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/kernel/devices.te 2009-06-08 09:12:06.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/devices.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/kernel/devices.te 2009-06-25 10:21:01.000000000 +0200
@@ -78,6 +78,13 @@
dev_node(ipmi_device_t)
@@ -1071,8 +1071,8 @@ diff -b -B --ignore-all-space --exclude-
#
type lvm_control_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.12/policy/modules/kernel/domain.if
---- nsaserefpolicy/policy/modules/kernel/domain.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/kernel/domain.if 2009-06-22 17:32:05.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/domain.if 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/kernel/domain.if 2009-06-25 10:21:01.000000000 +0200
@@ -44,34 +44,6 @@
interface(`domain_type',`
# start with basic domain
@@ -1109,8 +1109,8 @@ diff -b -B --ignore-all-space --exclude-
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.6.12/policy/modules/kernel/domain.te
---- nsaserefpolicy/policy/modules/kernel/domain.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/kernel/domain.te 2009-06-23 17:00:28.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/domain.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/kernel/domain.te 2009-06-25 10:21:01.000000000 +0200
@@ -91,6 +91,9 @@
kernel_read_proc_symlinks(domain)
kernel_read_crypto_sysctls(domain)
@@ -1182,8 +1182,8 @@ diff -b -B --ignore-all-space --exclude-
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.6.12/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/kernel/files.if 2009-06-15 08:32:29.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/files.if 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/kernel/files.if 2009-06-25 10:21:01.000000000 +0200
@@ -1953,6 +1953,7 @@
allow $1 etc_t:dir list_dir_perms;
read_files_pattern($1, etc_t, etc_t)
@@ -1209,8 +1209,8 @@ diff -b -B --ignore-all-space --exclude-
allow $1 file_type:fifo_file { getattr read write append ioctl lock };
allow $1 file_type:sock_file { getattr read write append ioctl lock };
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.12/policy/modules/kernel/kernel.if
---- nsaserefpolicy/policy/modules/kernel/kernel.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if 2009-05-22 08:57:53.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/kernel.if 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/kernel/kernel.if 2009-06-25 10:21:01.000000000 +0200
@@ -817,7 +817,7 @@
type proc_t;
')
@@ -1221,8 +1221,8 @@ diff -b -B --ignore-all-space --exclude-
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.6.12/policy/modules/kernel/terminal.if
---- nsaserefpolicy/policy/modules/kernel/terminal.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/kernel/terminal.if 2009-06-11 10:02:45.000000000 -0400
+--- nsaserefpolicy/policy/modules/kernel/terminal.if 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/kernel/terminal.if 2009-06-25 10:21:01.000000000 +0200
@@ -571,6 +571,25 @@
dontaudit $1 devpts_t:chr_file { getattr read write ioctl };
')
@@ -1250,8 +1250,8 @@ diff -b -B --ignore-all-space --exclude-
## <summary>
## Read and write the controlling
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.6.12/policy/modules/roles/staff.te
---- nsaserefpolicy/policy/modules/roles/staff.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/roles/staff.te 2009-06-24 09:17:25.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/staff.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/roles/staff.te 2009-06-25 10:21:01.000000000 +0200
@@ -44,6 +44,10 @@
')
@@ -1275,8 +1275,8 @@ diff -b -B --ignore-all-space --exclude-
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.if serefpolicy-3.6.12/policy/modules/roles/sysadm.if
---- nsaserefpolicy/policy/modules/roles/sysadm.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/roles/sysadm.if 2009-06-24 09:17:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/sysadm.if 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/roles/sysadm.if 2009-06-25 10:21:01.000000000 +0200
@@ -116,6 +116,41 @@
########################################
@@ -1320,8 +1320,8 @@ diff -b -B --ignore-all-space --exclude-
## a specified domain. This is an explicit transition,
## requiring the caller to use setexeccon().
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.6.12/policy/modules/roles/sysadm.te
---- nsaserefpolicy/policy/modules/roles/sysadm.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/roles/sysadm.te 2009-06-24 09:17:38.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/sysadm.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/roles/sysadm.te 2009-06-25 10:21:01.000000000 +0200
@@ -334,6 +334,10 @@
')
@@ -1334,8 +1334,8 @@ diff -b -B --ignore-all-space --exclude-
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.6.12/policy/modules/roles/unconfineduser.te
---- nsaserefpolicy/policy/modules/roles/unconfineduser.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/roles/unconfineduser.te 2009-06-24 09:16:27.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/unconfineduser.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/roles/unconfineduser.te 2009-06-25 10:21:01.000000000 +0200
@@ -52,6 +52,8 @@
init_system_domain(unconfined_execmem_t, execmem_exec_t)
role unconfined_r types unconfined_execmem_t;
@@ -1366,8 +1366,8 @@ diff -b -B --ignore-all-space --exclude-
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.6.12/policy/modules/roles/unprivuser.te
---- nsaserefpolicy/policy/modules/roles/unprivuser.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/roles/unprivuser.te 2009-06-24 09:16:51.000000000 -0400
+--- nsaserefpolicy/policy/modules/roles/unprivuser.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/roles/unprivuser.te 2009-06-25 10:21:01.000000000 +0200
@@ -22,5 +22,9 @@
')
@@ -1379,8 +1379,8 @@ diff -b -B --ignore-all-space --exclude-
setroubleshoot_dontaudit_stream_connect(user_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.6.12/policy/modules/services/apache.fc
---- nsaserefpolicy/policy/modules/services/apache.fc 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/apache.fc 2009-05-26 15:13:01.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/apache.fc 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/apache.fc 2009-06-25 10:21:01.000000000 +0200
@@ -98,4 +98,6 @@
/var/lib/rt3/data/RT-Shredder(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
@@ -1390,8 +1390,8 @@ diff -b -B --ignore-all-space --exclude-
+/var/www/svn/hooks(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
+/var/www/svn/conf(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-3.6.12/policy/modules/services/automount.if
---- nsaserefpolicy/policy/modules/services/automount.if 2009-04-07 15:54:47.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/automount.if 2009-06-08 08:39:46.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/automount.if 2009-04-07 21:54:47.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/automount.if 2009-06-25 10:21:01.000000000 +0200
@@ -21,6 +21,25 @@
########################################
@@ -1419,8 +1419,8 @@ diff -b -B --ignore-all-space --exclude-
## </summary>
## <param name="domain">
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.6.12/policy/modules/services/bluetooth.te
---- nsaserefpolicy/policy/modules/services/bluetooth.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/bluetooth.te 2009-06-16 09:05:29.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/bluetooth.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/bluetooth.te 2009-06-25 10:21:01.000000000 +0200
@@ -64,6 +64,7 @@
allow bluetooth_t self:unix_stream_socket { connectto create_stream_socket_perms };
allow bluetooth_t self:tcp_socket create_stream_socket_perms;
@@ -1430,8 +1430,8 @@ diff -b -B --ignore-all-space --exclude-
read_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.6.12/policy/modules/services/consolekit.te
---- nsaserefpolicy/policy/modules/services/consolekit.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/consolekit.te 2009-06-01 06:47:53.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/consolekit.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/consolekit.te 2009-06-25 10:21:01.000000000 +0200
@@ -14,7 +14,7 @@
files_pid_file(consolekit_var_run_t)
@@ -1450,8 +1450,8 @@ diff -b -B --ignore-all-space --exclude-
fs_list_inotifyfs(consolekit_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.6.12/policy/modules/services/cron.if
---- nsaserefpolicy/policy/modules/services/cron.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/cron.if 2009-05-26 08:38:15.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cron.if 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/cron.if 2009-06-25 10:21:01.000000000 +0200
@@ -163,27 +163,14 @@
#
interface(`cron_unconfined_role',`
@@ -1483,8 +1483,8 @@ diff -b -B --ignore-all-space --exclude-
gen_require(`
class dbus send_msg;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.6.12/policy/modules/services/cups.fc
---- nsaserefpolicy/policy/modules/services/cups.fc 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/cups.fc 2009-06-19 14:21:26.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/cups.fc 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/cups.fc 2009-06-25 10:21:01.000000000 +0200
@@ -36,6 +36,8 @@
# keep as separate lines to ensure proper sorting
/usr/lib/cups/backend/hp.* -- gen_context(system_u:object_r:hplip_exec_t,s0)
@@ -1495,8 +1495,8 @@ diff -b -B --ignore-all-space --exclude-
/usr/sbin/printconf-backend -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
/usr/sbin/ptal-printd -- gen_context(system_u:object_r:ptal_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.6.12/policy/modules/services/dcc.te
---- nsaserefpolicy/policy/modules/services/dcc.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/dcc.te 2009-06-09 07:21:39.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/dcc.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/dcc.te 2009-06-25 10:21:01.000000000 +0200
@@ -130,11 +130,13 @@
# Access files in /var/dcc. The map file can be updated
@@ -1524,8 +1524,8 @@ diff -b -B --ignore-all-space --exclude-
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.if serefpolicy-3.6.12/policy/modules/services/ddclient.if
---- nsaserefpolicy/policy/modules/services/ddclient.if 2009-04-07 15:54:45.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/ddclient.if 2009-06-15 15:36:48.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ddclient.if 2009-04-07 21:54:45.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/ddclient.if 2009-06-25 10:21:01.000000000 +0200
@@ -21,6 +21,31 @@
########################################
@@ -1559,8 +1559,8 @@ diff -b -B --ignore-all-space --exclude-
## an ddclient environment
## </summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.6.12/policy/modules/services/devicekit.te
---- nsaserefpolicy/policy/modules/services/devicekit.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/devicekit.te 2009-06-21 08:58:19.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/devicekit.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/devicekit.te 2009-06-25 10:21:01.000000000 +0200
@@ -55,7 +55,7 @@
#
# DeviceKit-Power local policy
@@ -1603,9 +1603,9 @@ diff -b -B --ignore-all-space --exclude-
polkit_read_lib(devicekit_disk_t)
polkit_read_reload(devicekit_disk_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.6.12/policy/modules/services/dnsmasq.te
---- nsaserefpolicy/policy/modules/services/dnsmasq.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/dnsmasq.te 2009-06-19 07:12:28.000000000 -0400
-@@ -87,6 +88,10 @@
+--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/dnsmasq.te 2009-06-25 10:21:01.000000000 +0200
+@@ -87,6 +87,10 @@
')
optional_policy(`
@@ -1617,8 +1617,8 @@ diff -b -B --ignore-all-space --exclude-
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.6.12/policy/modules/services/fprintd.te
---- nsaserefpolicy/policy/modules/services/fprintd.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/fprintd.te 2009-06-17 09:18:27.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/fprintd.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/fprintd.te 2009-06-25 10:21:01.000000000 +0200
@@ -22,12 +22,15 @@
corecmd_search_bin(fprintd_t)
@@ -1649,8 +1649,8 @@ diff -b -B --ignore-all-space --exclude-
permissive fprintd_t;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.6.12/policy/modules/services/ftp.te
---- nsaserefpolicy/policy/modules/services/ftp.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/ftp.te 2009-06-16 08:25:50.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ftp.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/ftp.te 2009-06-25 10:21:01.000000000 +0200
@@ -129,8 +129,7 @@
allow ftpd_t ftpdctl_tmp_t:sock_file { getattr unlink };
@@ -1662,8 +1662,8 @@ diff -b -B --ignore-all-space --exclude-
kernel_read_kernel_sysctls(ftpd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.12/policy/modules/services/gnomeclock.te
---- nsaserefpolicy/policy/modules/services/gnomeclock.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/gnomeclock.te 2009-06-20 06:24:32.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/gnomeclock.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/gnomeclock.te 2009-06-25 10:21:01.000000000 +0200
@@ -44,6 +44,7 @@
')
@@ -1672,9 +1672,57 @@ diff -b -B --ignore-all-space --exclude-
polkit_domtrans_auth(gnomeclock_t)
polkit_read_lib(gnomeclock_t)
polkit_read_reload(gnomeclock_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.6.12/policy/modules/services/gpsd.fc
+--- nsaserefpolicy/policy/modules/services/gpsd.fc 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/gpsd.fc 2009-06-25 10:25:21.000000000 +0200
+@@ -1,3 +1,6 @@
++/etc/rc\.d/init\.d/gpsd -- gen_context(system_u:object_r:gpsd_initrc_exec_t,s0)
+
+ /usr/sbin/gpsd -- gen_context(system_u:object_r:gpsd_exec_t,s0)
+
++/var/run/gpsd\.pid -- gen_context(system_u:object_r:gpsd_var_run_t,s0)
++/var/run/gpsd\.sock -s gen_context(system_u:object_r:gpsd_var_run_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.6.12/policy/modules/services/gpsd.te
+--- nsaserefpolicy/policy/modules/services/gpsd.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/gpsd.te 2009-06-25 10:24:43.000000000 +0200
+@@ -8,11 +9,17 @@
+ type gpsd_t;
+ type gpsd_exec_t;
+ application_domain(gpsd_t, gpsd_exec_t)
+-role system_r types gpsd_t;
++init_daemon_domain(gpsd_t, gpsd_exec_t)
++
++type gpsd_initrc_exec_t;
++init_script_file(gpsd_initrc_exec_t)
+
+ type gpsd_tmpfs_t;
+ files_tmpfs_file(gpsd_tmpfs_t)
+
++type gpsd_var_run_t;
++files_pid_file(gpsd_var_run_t)
++
+ ########################################
+ #
+ # gpsd local policy
+@@ -28,6 +35,15 @@
+ manage_files_pattern(gpsd_t, gpsd_tmpfs_t, gpsd_tmpfs_t)
+ fs_tmpfs_filetrans(gpsd_t, gpsd_tmpfs_t, { dir file })
+
++manage_files_pattern(gpsd_t, gpsd_var_run_t, gpsd_var_run_t)
++manage_sock_files_pattern(gpsd_t, gpsd_var_run_t, gpsd_var_run_t)
++files_pid_filetrans(gpsd_t, gpsd_var_run_t, { file sock_file })
++
++corenet_all_recvfrom_unlabeled(gpsd_t)
++corenet_all_recvfrom_netlabel(gpsd_t)
++corenet_tcp_sendrecv_generic_if(gpsd_t)
++corenet_tcp_sendrecv_generic_node(gpsd_t)
++corenet_tcp_sendrecv_all_ports(gpsd_t)
+ corenet_tcp_bind_all_nodes(gpsd_t)
+ corenet_tcp_bind_gpsd_port(gpsd_t)
+
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.12/policy/modules/services/hal.te
---- nsaserefpolicy/policy/modules/services/hal.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/hal.te 2009-05-27 07:02:29.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/hal.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/hal.te 2009-06-25 10:21:01.000000000 +0200
@@ -162,6 +162,7 @@
fs_mount_dos_fs(hald_t)
fs_unmount_dos_fs(hald_t)
@@ -1684,8 +1732,8 @@ diff -b -B --ignore-all-space --exclude-
files_getattr_all_mountpoints(hald_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.6.12/policy/modules/services/kerberos.if
---- nsaserefpolicy/policy/modules/services/kerberos.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/kerberos.if 2009-06-01 08:13:05.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/kerberos.if 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/kerberos.if 2009-06-25 10:21:01.000000000 +0200
@@ -70,6 +70,7 @@
interface(`kerberos_use',`
gen_require(`
@@ -1703,8 +1751,8 @@ diff -b -B --ignore-all-space --exclude-
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.12/policy/modules/services/kerberos.te
---- nsaserefpolicy/policy/modules/services/kerberos.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/kerberos.te 2009-06-23 16:51:54.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/kerberos.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/kerberos.te 2009-06-25 10:21:01.000000000 +0200
@@ -287,6 +287,11 @@
manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t)
@@ -1718,8 +1766,8 @@ diff -b -B --ignore-all-space --exclude-
corecmd_exec_bin(kpropd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.6.12/policy/modules/services/lircd.te
---- nsaserefpolicy/policy/modules/services/lircd.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/lircd.te 2009-06-01 08:22:04.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/lircd.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/lircd.te 2009-06-25 10:21:01.000000000 +0200
@@ -45,6 +45,9 @@
dev_filetrans(lircd_t, lircd_sock_t, sock_file )
dev_read_generic_usb_dev(lircd_t)
@@ -1731,8 +1779,8 @@ diff -b -B --ignore-all-space --exclude-
files_read_etc_files(lircd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.6.12/policy/modules/services/mailman.if
---- nsaserefpolicy/policy/modules/services/mailman.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/mailman.if 2009-05-26 13:53:04.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mailman.if 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/mailman.if 2009-06-25 10:21:01.000000000 +0200
@@ -197,6 +197,7 @@
type mailman_data_t;
')
@@ -1742,8 +1790,8 @@ diff -b -B --ignore-all-space --exclude-
read_lnk_files_pattern($1, mailman_data_t, mailman_data_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.12/policy/modules/services/mta.if
---- nsaserefpolicy/policy/modules/services/mta.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/mta.if 2009-06-15 10:55:27.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mta.if 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/mta.if 2009-06-25 10:21:01.000000000 +0200
@@ -473,6 +473,7 @@
')
@@ -1753,8 +1801,8 @@ diff -b -B --ignore-all-space --exclude-
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.6.12/policy/modules/services/mysql.te
---- nsaserefpolicy/policy/modules/services/mysql.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/mysql.te 2009-06-22 17:04:03.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/mysql.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/mysql.te 2009-06-25 10:21:01.000000000 +0200
@@ -136,10 +136,12 @@
allow mysqld_safe_t self:capability { dac_override fowner chown };
allow mysqld_safe_t self:fifo_file rw_fifo_file_perms;
@@ -1770,16 +1818,16 @@ diff -b -B --ignore-all-space --exclude-
mysql_search_pid_files(mysqld_safe_t)
mysql_write_log(mysqld_safe_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.fc serefpolicy-3.6.12/policy/modules/services/nslcd.fc
---- nsaserefpolicy/policy/modules/services/nslcd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/nslcd.fc 2009-06-24 09:04:03.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nslcd.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.6.12/policy/modules/services/nslcd.fc 2009-06-25 10:21:01.000000000 +0200
@@ -0,0 +1,4 @@
+/usr/sbin/nslcd -- gen_context(system_u:object_r:nslcd_exec_t,s0)
+/etc/nss-ldapd.conf -- gen_context(system_u:object_r:nslcd_conf_t,s0)
+/etc/rc\.d/init\.d/nslcd -- gen_context(system_u:object_r:nslcd_initrc_exec_t,s0)
+/var/run/nslcd(/.*)? gen_context(system_u:object_r:nslcd_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.if serefpolicy-3.6.12/policy/modules/services/nslcd.if
---- nsaserefpolicy/policy/modules/services/nslcd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/nslcd.if 2009-06-24 09:04:03.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nslcd.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.6.12/policy/modules/services/nslcd.if 2009-06-25 10:21:01.000000000 +0200
@@ -0,0 +1,145 @@
+
+## <summary>policy for nslcd</summary>
@@ -1927,8 +1975,8 @@ diff -b -B --ignore-all-space --exclude-
+ allow $1 nslcd_t:unix_stream_socket connectto;
+')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.te serefpolicy-3.6.12/policy/modules/services/nslcd.te
---- nsaserefpolicy/policy/modules/services/nslcd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/nslcd.te 2009-06-24 09:04:03.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/nslcd.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.6.12/policy/modules/services/nslcd.te 2009-06-25 10:21:01.000000000 +0200
@@ -0,0 +1,50 @@
+policy_module(nslcd,1.0.0)
+
@@ -1981,8 +2029,8 @@ diff -b -B --ignore-all-space --exclude-
+
+logging_send_syslog_msg(nslcd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.6.12/policy/modules/services/pcscd.te
---- nsaserefpolicy/policy/modules/services/pcscd.te 2009-04-07 15:54:45.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/pcscd.te 2009-06-16 09:51:56.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/pcscd.te 2009-04-07 21:54:45.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/pcscd.te 2009-06-25 10:21:01.000000000 +0200
@@ -28,6 +28,7 @@
allow pcscd_t self:tcp_socket create_stream_socket_perms;
@@ -2001,8 +2049,8 @@ diff -b -B --ignore-all-space --exclude-
term_dontaudit_getattr_pty_dirs(pcscd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.6.12/policy/modules/services/polkit.fc
---- nsaserefpolicy/policy/modules/services/polkit.fc 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/polkit.fc 2009-06-15 11:00:10.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/polkit.fc 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/polkit.fc 2009-06-25 10:21:01.000000000 +0200
@@ -2,7 +2,7 @@
/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:polkit_auth_exec_t,s0)
/usr/libexec/polkit-grant-helper.* -- gen_context(system_u:object_r:polkit_grant_exec_t,s0)
@@ -2013,9 +2061,9 @@ diff -b -B --ignore-all-space --exclude-
/var/lib/PolicyKit(/.*)? gen_context(system_u:object_r:polkit_var_lib_t,s0)
/var/run/PolicyKit(/.*)? gen_context(system_u:object_r:polkit_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.6.12/policy/modules/services/polkit.if
---- nsaserefpolicy/policy/modules/services/polkit.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/polkit.if 2009-06-24 16:24:18.000000000 -0400
-@@ -194,6 +195,7 @@
+--- nsaserefpolicy/policy/modules/services/polkit.if 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/polkit.if 2009-06-25 10:21:01.000000000 +0200
+@@ -194,6 +194,7 @@
polkit_domtrans_auth($1)
role $2 types polkit_auth_t;
@@ -2023,7 +2071,7 @@ diff -b -B --ignore-all-space --exclude-
')
#######################################
-@@ -217,6 +219,7 @@
+@@ -217,6 +218,7 @@
polkit_run_grant($2, $1)
polkit_read_lib($2)
polkit_read_reload($2)
@@ -2032,8 +2080,8 @@ diff -b -B --ignore-all-space --exclude-
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.6.12/policy/modules/services/postfix.if
---- nsaserefpolicy/policy/modules/services/postfix.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/postfix.if 2009-06-03 08:38:18.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/postfix.if 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/postfix.if 2009-06-25 10:21:01.000000000 +0200
@@ -580,6 +580,25 @@
########################################
@@ -2061,8 +2109,8 @@ diff -b -B --ignore-all-space --exclude-
## postfix_postdrop domain.
## </summary>
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.12/policy/modules/services/ppp.if
---- nsaserefpolicy/policy/modules/services/ppp.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/ppp.if 2009-06-18 15:55:43.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/ppp.if 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/ppp.if 2009-06-25 10:21:01.000000000 +0200
@@ -177,10 +177,16 @@
interface(`ppp_run',`
gen_require(`
@@ -2081,8 +2129,8 @@ diff -b -B --ignore-all-space --exclude-
########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.6.12/policy/modules/services/privoxy.te
---- nsaserefpolicy/policy/modules/services/privoxy.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/privoxy.te 2009-06-15 15:20:45.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/privoxy.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/privoxy.te 2009-06-25 10:21:01.000000000 +0200
@@ -48,8 +48,7 @@
files_pid_filetrans(privoxy_t, privoxy_var_run_t, file)
@@ -2094,8 +2142,8 @@ diff -b -B --ignore-all-space --exclude-
corenet_all_recvfrom_unlabeled(privoxy_t)
corenet_all_recvfrom_netlabel(privoxy_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.6.12/policy/modules/services/pyzor.fc
---- nsaserefpolicy/policy/modules/services/pyzor.fc 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/pyzor.fc 2009-05-21 08:32:24.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/pyzor.fc 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/pyzor.fc 2009-06-25 10:21:01.000000000 +0200
@@ -3,6 +3,8 @@
HOME_DIR/\.pyzor(/.*)? gen_context(system_u:object_r:pyzor_home_t,s0)
@@ -2106,8 +2154,8 @@ diff -b -B --ignore-all-space --exclude-
/usr/bin/pyzor -- gen_context(system_u:object_r:pyzor_exec_t,s0)
/usr/bin/pyzord -- gen_context(system_u:object_r:pyzord_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.6.12/policy/modules/services/pyzor.te
---- nsaserefpolicy/policy/modules/services/pyzor.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/pyzor.te 2009-06-09 07:21:04.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/pyzor.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/pyzor.te 2009-06-25 10:21:01.000000000 +0200
@@ -97,6 +97,8 @@
kernel_read_kernel_sysctls(pyzor_t)
kernel_read_system_state(pyzor_t)
@@ -2118,8 +2166,8 @@ diff -b -B --ignore-all-space --exclude-
corecmd_getattr_bin_files(pyzor_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.12/policy/modules/services/rpc.te
---- nsaserefpolicy/policy/modules/services/rpc.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/rpc.te 2009-06-08 08:39:25.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rpc.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/rpc.te 2009-06-25 10:21:01.000000000 +0200
@@ -95,6 +95,10 @@
userdom_signal_unpriv_users(rpcd_t)
@@ -2143,8 +2191,8 @@ diff -b -B --ignore-all-space --exclude-
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.12/policy/modules/services/rsync.te
---- nsaserefpolicy/policy/modules/services/rsync.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/rsync.te 2009-06-03 08:45:52.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/rsync.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/rsync.te 2009-06-25 10:21:01.000000000 +0200
@@ -126,6 +126,8 @@
tunable_policy(`rsync_export_all_ro',`
@@ -2155,8 +2203,8 @@ diff -b -B --ignore-all-space --exclude-
auth_read_all_files_except_shadow(rsync_t)
auth_read_all_symlinks_except_shadow(rsync_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.6.12/policy/modules/services/sendmail.te
---- nsaserefpolicy/policy/modules/services/sendmail.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/sendmail.te 2009-06-03 08:38:28.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/sendmail.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/sendmail.te 2009-06-25 10:21:01.000000000 +0200
@@ -148,6 +148,7 @@
optional_policy(`
@@ -2166,8 +2214,8 @@ diff -b -B --ignore-all-space --exclude-
postfix_read_config(sendmail_t)
postfix_search_spool(sendmail_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.12/policy/modules/services/setroubleshoot.te
---- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/setroubleshoot.te 2009-06-10 11:22:59.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/setroubleshoot.te 2009-06-25 10:21:01.000000000 +0200
@@ -121,6 +121,10 @@
userdom_dontaudit_read_user_home_content_files(setroubleshootd_t)
@@ -2180,8 +2228,8 @@ diff -b -B --ignore-all-space --exclude-
dbus_connect_system_bus(setroubleshootd_t)
dbus_system_domain(setroubleshootd_t, setroubleshootd_exec_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.te serefpolicy-3.6.12/policy/modules/services/shorewall.te
---- nsaserefpolicy/policy/modules/services/shorewall.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/shorewall.te 2009-06-12 07:59:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/shorewall.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/shorewall.te 2009-06-25 10:21:01.000000000 +0200
@@ -35,6 +35,7 @@
allow shorewall_t self:capability { dac_override net_admin net_raw setuid setgid sys_nice sys_ptrace};
@@ -2191,16 +2239,16 @@ diff -b -B --ignore-all-space --exclude-
allow shorewall_t self:fifo_file rw_fifo_file_perms;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.12/policy/modules/services/spamassassin.fc
---- nsaserefpolicy/policy/modules/services/spamassassin.fc 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.fc 2009-05-21 08:31:58.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/spamassassin.fc 2009-06-25 10:21:01.000000000 +0200
@@ -1,3 +1,4 @@
+/root/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
/etc/rc\.d/init\.d/spamd -- gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.6.12/policy/modules/services/uucp.te
---- nsaserefpolicy/policy/modules/services/uucp.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/uucp.te 2009-06-10 16:13:54.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/uucp.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/uucp.te 2009-06-25 10:21:01.000000000 +0200
@@ -95,6 +95,8 @@
files_search_home(uucpd_t)
files_search_spool(uucpd_t)
@@ -2211,8 +2259,8 @@ diff -b -B --ignore-all-space --exclude-
logging_send_syslog_msg(uucpd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.12/policy/modules/services/virt.te
---- nsaserefpolicy/policy/modules/services/virt.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/virt.te 2009-06-22 18:00:37.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/virt.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/virt.te 2009-06-25 10:21:01.000000000 +0200
@@ -22,6 +22,13 @@
## <desc>
@@ -2297,8 +2345,8 @@ diff -b -B --ignore-all-space --exclude-
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.6.12/policy/modules/services/xserver.fc
---- nsaserefpolicy/policy/modules/services/xserver.fc 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/xserver.fc 2009-06-24 08:58:23.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/xserver.fc 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/xserver.fc 2009-06-25 10:21:01.000000000 +0200
@@ -62,6 +62,7 @@
/usr/bin/iceauth -- gen_context(system_u:object_r:iceauth_exec_t,s0)
/usr/bin/slim -- gen_context(system_u:object_r:xdm_exec_t,s0)
@@ -2308,8 +2356,8 @@ diff -b -B --ignore-all-space --exclude-
/usr/bin/Xorg -- gen_context(system_u:object_r:xserver_exec_t,s0)
ifdef(`distro_debian', `
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.12/policy/modules/services/xserver.if
---- nsaserefpolicy/policy/modules/services/xserver.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/xserver.if 2009-06-24 08:57:49.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/xserver.if 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/xserver.if 2009-06-25 10:21:01.000000000 +0200
@@ -861,6 +861,24 @@
########################################
@@ -2344,8 +2392,8 @@ diff -b -B --ignore-all-space --exclude-
allow $1 xdm_t:x_client { getattr destroy };
allow $1 xdm_t:x_drawable { read receive get_property getattr send list_child add_child };
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.6.12/policy/modules/services/xserver.te
---- nsaserefpolicy/policy/modules/services/xserver.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/xserver.te 2009-06-24 08:58:07.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/xserver.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/xserver.te 2009-06-25 10:21:01.000000000 +0200
@@ -370,8 +370,9 @@
manage_lnk_files_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
manage_fifo_files_pattern(xdm_t, xdm_tmpfs_t, xdm_tmpfs_t)
@@ -2393,8 +2441,8 @@ diff -b -B --ignore-all-space --exclude-
unconfined_domtrans(xserver_t)
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.6.12/policy/modules/system/authlogin.fc
---- nsaserefpolicy/policy/modules/system/authlogin.fc 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/authlogin.fc 2009-06-24 09:01:03.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/authlogin.fc 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/authlogin.fc 2009-06-25 10:21:01.000000000 +0200
@@ -24,6 +24,8 @@
/usr/sbin/unix_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
')
@@ -2410,8 +2458,8 @@ diff -b -B --ignore-all-space --exclude-
-/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.6.12/policy/modules/system/authlogin.if
---- nsaserefpolicy/policy/modules/system/authlogin.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/authlogin.if 2009-06-24 09:00:52.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/authlogin.if 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/authlogin.if 2009-06-25 10:21:01.000000000 +0200
@@ -42,8 +42,7 @@
#
interface(`auth_login_pgm_domain',`
@@ -2687,8 +2735,8 @@ diff -b -B --ignore-all-space --exclude-
-')
-
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.6.12/policy/modules/system/authlogin.te
---- nsaserefpolicy/policy/modules/system/authlogin.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/authlogin.te 2009-06-24 09:01:40.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/authlogin.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/authlogin.te 2009-06-25 10:21:01.000000000 +0200
@@ -1,5 +1,5 @@
-policy_module(authlogin, 2.0.0)
@@ -2786,8 +2834,8 @@ diff -b -B --ignore-all-space --exclude-
term_dontaudit_use_console(updpwd_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.6.12/policy/modules/system/init.fc
---- nsaserefpolicy/policy/modules/system/init.fc 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/init.fc 2009-05-26 09:15:52.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/init.fc 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/init.fc 2009-06-25 10:21:01.000000000 +0200
@@ -6,6 +6,8 @@
/etc/rc\.d/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
/etc/rc\.d/rc\.[^/]+ -- gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -2798,8 +2846,8 @@ diff -b -B --ignore-all-space --exclude-
/etc/X11/prefdm -- gen_context(system_u:object_r:initrc_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.6.12/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/init.te 2009-06-15 10:44:05.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/init.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/init.te 2009-06-25 10:21:01.000000000 +0200
@@ -285,6 +285,7 @@
kernel_dontaudit_getattr_message_if(initrc_t)
kernel_stream_connect(initrc_t)
@@ -2817,8 +2865,8 @@ diff -b -B --ignore-all-space --exclude-
optional_policy(`
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.6.12/policy/modules/system/ipsec.te
---- nsaserefpolicy/policy/modules/system/ipsec.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/ipsec.te 2009-06-15 16:11:42.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/ipsec.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/ipsec.te 2009-06-25 10:21:01.000000000 +0200
@@ -1,5 +1,5 @@
-policy_module(ipsec, 1.9.0)
@@ -2941,8 +2989,8 @@ diff -b -B --ignore-all-space --exclude-
# allow setkey to set the context for ipsec SAs and policy.
ipsec_setcontext_default_spd(setkey_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.6.12/policy/modules/system/iscsi.te
---- nsaserefpolicy/policy/modules/system/iscsi.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/iscsi.te 2009-06-16 09:44:36.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/iscsi.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/iscsi.te 2009-06-25 10:21:01.000000000 +0200
@@ -69,6 +69,7 @@
dev_rw_sysfs(iscsid_t)
@@ -2952,8 +3000,8 @@ diff -b -B --ignore-all-space --exclude-
files_read_etc_files(iscsid_t)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.12/policy/modules/system/libraries.fc
---- nsaserefpolicy/policy/modules/system/libraries.fc 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/libraries.fc 2009-06-12 09:03:04.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/libraries.fc 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/libraries.fc 2009-06-25 10:21:01.000000000 +0200
@@ -139,6 +139,7 @@
/usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/fglrx/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -2983,8 +3031,8 @@ diff -b -B --ignore-all-space --exclude-
-
+/usr/lib(64)?/midori/.*\.so(\.[^/]*)* gen_context(system_u:object_r:textrel_shlib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.6.12/policy/modules/system/locallogin.te
---- nsaserefpolicy/policy/modules/system/locallogin.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/locallogin.te 2009-05-28 21:07:39.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/locallogin.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/locallogin.te 2009-06-25 10:21:01.000000000 +0200
@@ -211,6 +211,7 @@
# Sulogin local policy
#
@@ -3006,8 +3054,8 @@ diff -b -B --ignore-all-space --exclude-
ifdef(`sulogin_no_pam', `
allow sulogin_t self:capability sys_tty_config;
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.12/policy/modules/system/sysnetwork.te
---- nsaserefpolicy/policy/modules/system/sysnetwork.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/sysnetwork.te 2009-06-01 13:01:59.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/sysnetwork.te 2009-06-25 10:21:01.000000000 +0200
@@ -45,7 +45,7 @@
# DHCP client local policy
#
@@ -3018,8 +3066,8 @@ diff -b -B --ignore-all-space --exclude-
dontaudit dhcpc_t self:capability { dac_read_search sys_module };
allow dhcpc_t self:process { setfscreate ptrace signal_perms };
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.6.12/policy/modules/system/udev.te
---- nsaserefpolicy/policy/modules/system/udev.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/udev.te 2009-06-22 13:06:14.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/udev.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/udev.te 2009-06-25 10:21:01.000000000 +0200
@@ -112,6 +112,7 @@
fs_getattr_all_fs(udev_t)
@@ -3040,8 +3088,8 @@ diff -b -B --ignore-all-space --exclude-
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.12/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/userdomain.if 2009-06-24 08:30:23.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/userdomain.if 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/userdomain.if 2009-06-25 10:21:01.000000000 +0200
@@ -627,12 +627,6 @@
')
@@ -3093,8 +3141,8 @@ diff -b -B --ignore-all-space --exclude-
')
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virtual.te serefpolicy-3.6.12/policy/modules/system/virtual.te
---- nsaserefpolicy/policy/modules/system/virtual.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/virtual.te 2009-06-12 14:53:26.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/virtual.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/virtual.te 2009-06-25 10:21:01.000000000 +0200
@@ -38,6 +38,7 @@
dev_read_sound(virtualdomain)
dev_write_sound(virtualdomain)
@@ -3115,8 +3163,8 @@ diff -b -B --ignore-all-space --exclude-
virt_read_lib_files(virtualdomain)
virt_read_content(virtualdomain)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.6.12/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te 2009-05-21 08:27:59.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/system/xen.te 2009-06-04 14:47:25.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/xen.te 2009-06-25 10:19:44.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/system/xen.te 2009-06-25 10:21:01.000000000 +0200
@@ -419,6 +419,7 @@
kernel_read_xen_state(xm_ssh_t)
kernel_write_xen_state(xm_ssh_t)
More information about the fedora-extras-commits
mailing list