[selinux-policy: 3003/3172] Merge upstream

Thu Oct 7 23:27:14 UTC 2010

commit 14ffaf836d9e8faf41d73cb102ffca1b871e4cb5
Merge: a55bb56 fee4864
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Thu Sep 16 07:05:26 2010 -0400

    Merge upstream

 Changelog                             |    1 +
 policy/modules/admin/certwatch.te     |    2 +-
 policy/modules/admin/firstboot.te     |    2 +-
 policy/modules/admin/smoltclient.te   |    4 +-
 policy/modules/apps/awstats.te        |    2 +-
 policy/modules/roles/staff.te         |  107 ++++++++++++++++-----------------
 policy/modules/roles/unprivuser.te    |   20 +++---
 policy/modules/services/amavis.if     |    2 +-
 policy/modules/services/amavis.te     |    2 +-
 policy/modules/services/arpwatch.te   |    2 +-
 policy/modules/services/canna.te      |    2 +-
 policy/modules/services/certmaster.if |    4 +-
 policy/modules/services/certmaster.te |    2 +-
 policy/modules/services/certmonger.te |    2 +-
 policy/modules/services/courier.if    |    1 +
 policy/modules/services/courier.te    |    2 +-
 policy/modules/services/dcc.te        |    4 +-
 policy/modules/services/djbdns.te     |    5 +-
 policy/modules/services/fetchmail.te  |    2 +-
 policy/modules/services/icecast.te    |    2 +-
 policy/modules/services/nslcd.te      |    2 +-
 policy/modules/services/nut.te        |    4 +-
 policy/modules/services/openct.te     |    4 +-
 policy/modules/services/pcscd.te      |    3 +-
 policy/modules/services/postgresql.te |    5 +-
 policy/modules/services/postgrey.te   |    4 +-
 policy/modules/services/prelude.te    |    2 +-
 policy/modules/services/radvd.te      |    4 +-
 policy/modules/services/snort.te      |    2 +-
 policy/modules/services/stunnel.te    |    4 +-
 policy/modules/services/zabbix.te     |    4 +-
 policy/modules/services/zebra.te      |    4 +-
 32 files changed, 104 insertions(+), 108 deletions(-)
---
diff --cc policy/modules/roles/staff.te
index 06b7974,1854002..b0d95d4

--- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te
@@@ -61,22 -27,6 +61,35 @@@ optional_policy(
  ')
  
  optional_policy(`
- 	dbadm_role_change(staff_r)
++	accountsd_dbus_chat(staff_t)
++	accountsd_read_lib_files(staff_t)
 +')
 +
 +optional_policy(`
- 	logadm_role_change(staff_r)
++	gnomeclock_dbus_chat(staff_t)
 +')
 +
 +optional_policy(`
- 	webadm_role_change(staff_r)
++	firewallgui_dbus_chat(staff_t)
++')
++
++optional_policy(`
++	lpd_list_spool(staff_t)
 +')
 +
 +optional_policy(`
- 	kerneloops_manage_tmp_files(staff_t)
++	kerneloops_dbus_chat(staff_t)
++')
++
++optional_policy(`
++	logadm_role_change(staff_r)
++')
++
++optional_policy(`
++	mozilla_run_plugin(staff_t, staff_r)
 +')
 +
 +optional_policy(`
  	oident_manage_user_content(staff_t)
  	oident_relabel_user_content(staff_t)
  ')
@@@ -86,15 -36,11 +99,19 @@@ optional_policy(
  ')
  
  optional_policy(`
- 	secadm_role_change(staff_r)
++	rtkit_scheduled(staff_t)
 +')
 +
 +optional_policy(`
- 	unconfined_role_change(staff_r)
++	rpm_dbus_chat(staff_usertype)
 +')
 +
 +optional_policy(`
- 	rtkit_scheduled(staff_t)
+ 	secadm_role_change(staff_r)
+ ')
+ 
+ optional_policy(`
 -	ssh_role_template(staff, staff_r, staff_t)
++	sandbox_transition(staff_t, staff_r)
  ')
  
  optional_policy(`
@@@ -102,21 -48,9 +119,42 @@@
  ')
  
  optional_policy(`
+ 	sysadm_role_change(staff_r)
+ 	userdom_dontaudit_use_user_terminals(staff_t)
+ ')
++optional_policy(`
++	setroubleshoot_stream_connect(staff_t)
++	setroubleshoot_dbus_chat(staff_t)
++	setroubleshoot_dbus_chat_fixit(staff_t)
++')
++
++optional_policy(`
 +	ssh_role_template(staff, staff_r, staff_t)
 +')
 +
 +optional_policy(`
 +	sudo_role_template(staff, staff_r, staff_t)
 +')
 +
 +optional_policy(`
- 	sysadm_role_change(staff_r)
- 	userdom_dontaudit_use_user_terminals(staff_t)
++	telepathy_dbus_session_role(staff_r, staff_t)
 +')
 +
 +optional_policy(`
- 	telepathy_dbus_session_role(staff_r, staff_t)
++	userhelper_console_role_template(staff, staff_r, staff_usertype)
++')
++
++optional_policy(`
++	unconfined_role_change(staff_r)
++')
++
++optional_policy(`
++	virt_stream_connect(staff_t)
++')
++
++optional_policy(`
++	webadm_role_change(staff_r)
 +')
  
  optional_policy(`
  	xserver_role(staff_r, staff_t)
diff --cc policy/modules/roles/unprivuser.te
index aac3fe1,9b55b00..2932c13
--- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te
@@@ -19,34 -17,15 +19,39 @@@ optional_policy(
  ')
  
  optional_policy(`
+ 	oident_manage_user_content(user_t)
+ 	oident_relabel_user_content(user_t)
+ ')
+ 
+ optional_policy(`
 +	mozilla_run_plugin(user_t, user_r)
 +')
 +
 +optional_policy(`
 +	rpm_dontaudit_dbus_chat(user_t)
 +')
 +
 +optional_policy(`
 +	rtkit_scheduled(user_t)
 +')
 +
 +optional_policy(`
 +	sandbox_transition(user_t, user_r)
 +')
 +
 +optional_policy(`
  	screen_role_template(user, user_r, user_t)
  ')
  
  optional_policy(`
- 	telepathy_dbus_session_role(user_r, user_t)
++	setroubleshoot_dontaudit_stream_connect(user_t)
 +')
 +
 +optional_policy(`
- 	setroubleshoot_dontaudit_stream_connect(user_t)
++	telepathy_dbus_session_role(user_r, user_t)
 +')
 +
 +optional_policy(`
  	xserver_role(user_r, user_t)
  ')
  
