[selinux-policy: 2345/3172] Kerberos patch from Dan Walsh.

[Daniel J Walsh]

commit e1b8b54739e5774eb9616997110da0e5b58a9851
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Dec 18 10:40:53 2009 -0500

    Kerberos patch from Dan Walsh.

 policy/modules/services/kerberos.te |   15 ++++++++++++++-
 1 files changed, 14 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te
index e5d40f4..736ee13 100644
--- a/policy/modules/services/kerberos.te
+++ b/policy/modules/services/kerberos.te
@@ -1,5 +1,5 @@
 
-policy_module(kerberos, 1.10.0)
+policy_module(kerberos, 1.10.1)
 
 ########################################
 #
@@ -277,6 +277,8 @@ optional_policy(`
 #
 
 allow kpropd_t self:capability net_bind_service;
+allow kpropd_t self:process setfscreate;
+
 allow kpropd_t self:fifo_file rw_file_perms;
 allow kpropd_t self:unix_stream_socket create_stream_socket_perms;
 allow kpropd_t self:tcp_socket create_stream_socket_perms;
@@ -285,10 +287,17 @@ allow kpropd_t krb5_host_rcache_t:file rw_file_perms;
 
 allow kpropd_t krb5_keytab_t:file read_file_perms;
 
+read_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_conf_t)
+
 manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t)
+filetrans_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_lock_t, file)
 
 manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_principal_t)
 
+manage_dirs_pattern(kpropd_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
+manage_files_pattern(kpropd_t, krb5kdc_tmp_t, krb5kdc_tmp_t)
+files_tmp_filetrans(kpropd_t, krb5kdc_tmp_t, { file dir })
+
 corecmd_exec_bin(kpropd_t)
 
 corenet_all_recvfrom_unlabeled(kpropd_t)
@@ -303,10 +312,14 @@ dev_read_urand(kpropd_t)
 files_read_etc_files(kpropd_t)
 files_search_tmp(kpropd_t)
 
+selinux_validate_context(kpropd_t)
+
 logging_send_syslog_msg(kpropd_t)
 
 miscfiles_read_localization(kpropd_t)
 
+seutil_read_file_contexts(kpropd_t)
+
 sysnet_dns_name_resolve(kpropd_t)
 
 kerberos_use(kpropd_t)