[selinux-policy] Make nvidia* to be labeled correctly Fix abrt_manage_cache() interface Make filetrans rules optional
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Nov 2 20:24:27 UTC 2011
commit d5bededc4d5964703d8567d23f5c9433a189bc38
Author: dwalsh <dwalsh at redhat.com>
Date: Wed Nov 2 16:23:55 2011 -0400
Make nvidia* to be labeled correctly
Fix abrt_manage_cache() interface
Make filetrans rules optional so base policy will build
Dontaudit chkpwd_t access to inherited TTYS
Make sure postfix content gets created with the correct label
Allow gnomeclock to read cgroup
Fixes for cloudform policy
execmem.patch | 86 +++---
ptrace.patch | 852 +++++++++++++++++++++++++--------------------------
selinux-policy.spec | 2 +-
3 files changed, 458 insertions(+), 482 deletions(-)
---
diff --git a/execmem.patch b/execmem.patch
index 21dda3f..83360b9 100644
--- a/execmem.patch
+++ b/execmem.patch
@@ -1,7 +1,7 @@
diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem serefpolicy-3.10.0/policy/modules/admin/rpm.te
---- serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem 2011-10-20 11:53:35.312262063 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-10-20 11:53:35.825261313 -0400
-@@ -416,14 +416,6 @@ optional_policy(`
+--- serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem 2011-11-02 16:19:54.192885000 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-11-02 16:19:58.603545000 -0400
+@@ -419,14 +419,6 @@ optional_policy(`
unconfined_domain_noaudit(rpm_script_t)
unconfined_domtrans(rpm_script_t)
unconfined_execmem_domtrans(rpm_script_t)
@@ -17,8 +17,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem serefpolicy-3.10
optional_policy(`
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.fc
---- serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem 2011-10-20 11:53:35.331262035 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/execmem.fc 2011-10-20 11:53:54.447234072 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem 2011-11-02 16:19:54.370885000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/execmem.fc 2011-11-02 16:19:58.609541000 -0400
@@ -47,3 +47,56 @@ ifdef(`distro_gentoo',`
/opt/Komodo-Edit-5/lib/mozilla/komodo-bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
/opt/Adobe/Reader9/Reader/intellinux/bin/acroread -- gen_context(system_u:object_r:execmem_exec_t,s0)
@@ -77,16 +77,16 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem serefpolicy-3
+/usr/bin/gnatmake -- gen_context(system_u:object_r:execmem_exec_t,s0)
+/usr/libexec/gcc(/.*)?/gnat1 -- gen_context(system_u:object_r:execmem_exec_t,s0)
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.if
---- serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem 2011-10-20 11:53:35.332262034 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-10-20 11:53:35.826261312 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem 2011-11-02 16:19:54.372890000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-11-02 16:19:58.615541000 -0400
@@ -129,4 +129,3 @@ interface(`execmem_execmod',`
allow $1 execmem_exec_t:file execmod;
')
-
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.te
---- serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem 2011-10-20 11:53:35.332262034 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/execmem.te 2011-10-20 11:53:35.827261310 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem 2011-11-02 16:19:54.374890000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/execmem.te 2011-11-02 16:19:58.620541000 -0400
@@ -4,7 +4,25 @@ policy_module(execmem, 1.0.0)
#
# Declarations
@@ -115,8 +115,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem serefpolicy-3
+ nsplugin_rw_semaphores(execmem_type)
+')
diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem serefpolicy-3.10.0/policy/modules/apps/mozilla.te
---- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem 2011-10-20 11:53:35.350262007 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te 2011-10-20 11:53:35.827261310 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem 2011-11-02 16:19:54.533885000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te 2011-11-02 16:19:58.629541000 -0400
@@ -273,10 +273,6 @@ optional_policy(`
')
@@ -139,7 +139,7 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem serefpolicy-3
optional_policy(`
diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem serefpolicy-3.10.0/policy/modules/apps/podsleuth.te
--- serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te 2011-10-20 11:53:35.828261308 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te 2011-11-02 16:19:58.635560000 -0400
@@ -85,5 +85,5 @@ optional_policy(`
')
@@ -148,9 +148,9 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem serefpolicy
+ execmem_exec(podsleuth_t)
')
diff -up serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem serefpolicy-3.10.0/policy/modules/roles/staff.te
---- serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem 2011-10-20 11:53:35.411261918 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/staff.te 2011-10-20 11:53:35.829261306 -0400
-@@ -268,10 +268,6 @@ ifndef(`distro_redhat',`
+--- serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem 2011-11-02 16:19:55.151799000 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/staff.te 2011-11-02 16:19:58.642541000 -0400
+@@ -262,10 +262,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
@@ -162,9 +162,9 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem serefpolicy-3.
')
diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem serefpolicy-3.10.0/policy/modules/roles/sysadm.te
---- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem 2011-10-20 11:53:35.412261917 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-10-20 11:53:35.829261306 -0400
-@@ -520,10 +520,6 @@ ifndef(`distro_redhat',`
+--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem 2011-11-02 16:19:55.158799000 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-11-02 16:19:58.650541000 -0400
+@@ -530,10 +530,6 @@ ifndef(`distro_redhat',`
')
optional_policy(`
@@ -176,9 +176,9 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem serefpolicy-3
')
diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te
---- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem 2011-10-20 11:53:35.820261320 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te 2011-10-20 11:53:35.830261305 -0400
-@@ -342,10 +342,6 @@ optional_policy(`
+--- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem 2011-11-02 16:19:58.593541000 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te 2011-11-02 16:20:17.606179000 -0400
+@@ -302,10 +302,6 @@ optional_policy(`
')
optional_policy(`
@@ -186,10 +186,10 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem seref
-')
-
-optional_policy(`
- kerberos_filetrans_named_content(unconfined_t)
+ livecd_run(unconfined_t, unconfined_r)
')
-@@ -366,13 +362,6 @@ optional_policy(`
+@@ -322,13 +318,6 @@ optional_policy(`
')
optional_policy(`
@@ -204,8 +204,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem seref
tunable_policy(`unconfined_mozilla_plugin_transition', `
diff -up serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem serefpolicy-3.10.0/policy/modules/roles/unprivuser.te
---- serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem 2011-10-20 11:53:35.414261914 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/unprivuser.te 2011-10-20 11:53:35.831261304 -0400
+--- serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem 2011-11-02 16:19:55.173799000 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/unprivuser.te 2011-11-02 16:19:58.666544000 -0400
@@ -148,10 +148,6 @@ ifndef(`distro_redhat',`
')
@@ -218,8 +218,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem serefpoli
')
diff -up serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem serefpolicy-3.10.0/policy/modules/roles/xguest.te
---- serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem 2011-10-20 11:53:35.415261912 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/xguest.te 2011-10-20 11:53:35.831261304 -0400
+--- serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem 2011-11-02 16:19:55.184799000 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/xguest.te 2011-11-02 16:19:58.674541000 -0400
@@ -107,14 +107,6 @@ optional_policy(`
')
@@ -236,8 +236,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem serefpolicy-3
')
diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem serefpolicy-3.10.0/policy/modules/services/boinc.te
---- serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem 2011-10-20 11:53:35.445261869 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/boinc.te 2011-10-20 11:53:35.832261303 -0400
+--- serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem 2011-11-02 16:19:55.443799000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/boinc.te 2011-11-02 16:19:58.679549000 -0400
@@ -170,5 +170,5 @@ miscfiles_read_fonts(boinc_project_t)
miscfiles_read_localization(boinc_project_t)
@@ -246,8 +246,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem serefpolicy
+ execmem_exec(boinc_project_t)
')
diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.execmem serefpolicy-3.10.0/policy/modules/services/cron.te
---- serefpolicy-3.10.0/policy/modules/services/cron.te.execmem 2011-10-20 11:53:35.479261819 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cron.te 2011-10-20 11:53:35.833261301 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cron.te.execmem 2011-11-02 16:19:55.743799000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cron.te 2011-11-02 16:19:58.690541000 -0400
@@ -299,10 +299,6 @@ optional_policy(`
')
@@ -283,8 +283,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.execmem serefpolicy-
nis_use_ypbind(cronjob_t)
')
diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem serefpolicy-3.10.0/policy/modules/services/hadoop.if
---- serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem 2011-10-20 11:53:35.529261745 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/hadoop.if 2011-10-20 11:53:35.834261299 -0400
+--- serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem 2011-11-02 16:19:56.185713000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/hadoop.if 2011-11-02 16:19:58.698541000 -0400
@@ -127,7 +127,7 @@ template(`hadoop_domain_template',`
hadoop_exec_config(hadoop_$1_t)
@@ -295,8 +295,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem serefpolic
kerberos_use(hadoop_$1_t)
diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem serefpolicy-3.10.0/policy/modules/services/hadoop.te
---- serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem 2011-10-20 11:53:35.530261744 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/hadoop.te 2011-10-20 11:53:35.835261297 -0400
+--- serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem 2011-11-02 16:19:56.193713000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/hadoop.te 2011-11-02 16:19:58.707541000 -0400
@@ -167,7 +167,7 @@ miscfiles_read_localization(hadoop_t)
userdom_use_inherited_user_terminals(hadoop_t)
@@ -322,9 +322,9 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem serefpolic
-java_exec(zookeeper_server_t)
+execmem_exec(zookeeper_server_t)
diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem serefpolicy-3.10.0/policy/modules/services/xserver.te
---- serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem 2011-10-20 11:53:35.719261468 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-10-20 11:53:35.837261295 -0400
-@@ -1247,10 +1247,6 @@ optional_policy(`
+--- serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem 2011-11-02 16:19:57.848627000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-11-02 16:19:58.744541000 -0400
+@@ -1250,10 +1250,6 @@ optional_policy(`
')
optional_policy(`
@@ -336,9 +336,9 @@ diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem serefpoli
rhgb_rw_tmpfs_files(xserver_t)
')
diff -up serefpolicy-3.10.0/policy/modules/system/init.te.execmem serefpolicy-3.10.0/policy/modules/system/init.te
---- serefpolicy-3.10.0/policy/modules/system/init.te.execmem 2011-10-20 11:53:35.738261440 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/init.te 2011-10-20 11:53:35.838261294 -0400
-@@ -1192,10 +1192,6 @@ optional_policy(`
+--- serefpolicy-3.10.0/policy/modules/system/init.te.execmem 2011-11-02 16:19:58.044541000 -0400
++++ serefpolicy-3.10.0/policy/modules/system/init.te 2011-11-02 16:19:58.757543000 -0400
+@@ -1191,10 +1191,6 @@ optional_policy(`
unconfined_dontaudit_rw_pipes(daemon)
')
@@ -350,8 +350,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/init.te.execmem serefpolicy-3.
rpm_transition_script(initrc_t)
diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem serefpolicy-3.10.0/policy/modules/system/userdomain.if
---- serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem 2011-10-20 11:53:35.775261386 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-10-20 11:53:35.840261291 -0400
+--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem 2011-11-02 16:19:58.435541000 -0400
++++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-11-02 16:19:58.796541000 -0400
@@ -1281,14 +1281,6 @@ template(`userdom_unpriv_user_template',
')
diff --git a/ptrace.patch b/ptrace.patch
index 80ea999..a3f1c0c 100644
--- a/ptrace.patch
+++ b/ptrace.patch
@@ -1,6 +1,6 @@
diff -up serefpolicy-3.10.0/policy/global_tunables.ptrace serefpolicy-3.10.0/policy/global_tunables
---- serefpolicy-3.10.0/policy/global_tunables.ptrace 2011-10-27 13:59:12.663914505 -0400
-+++ serefpolicy-3.10.0/policy/global_tunables 2011-10-27 13:59:14.005913486 -0400
+--- serefpolicy-3.10.0/policy/global_tunables.ptrace 2011-11-02 16:20:55.607911000 -0400
++++ serefpolicy-3.10.0/policy/global_tunables 2011-11-02 16:21:00.878481000 -0400
@@ -6,6 +6,13 @@
## <desc>
@@ -16,8 +16,8 @@ diff -up serefpolicy-3.10.0/policy/global_tunables.ptrace serefpolicy-3.10.0/pol
## </p>
## </desc>
diff -up serefpolicy-3.10.0/policy/modules/admin/kdump.if.ptrace serefpolicy-3.10.0/policy/modules/admin/kdump.if
---- serefpolicy-3.10.0/policy/modules/admin/kdump.if.ptrace 2011-10-27 13:59:12.698914478 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/kdump.if 2011-10-27 13:59:14.006913485 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/kdump.if.ptrace 2011-11-02 16:20:55.762914000 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/kdump.if 2011-11-02 16:21:00.886481000 -0400
@@ -140,8 +140,11 @@ interface(`kdump_admin',`
type kdump_initrc_exec_t;
')
@@ -33,7 +33,7 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/kdump.if.ptrace serefpolicy-3.1
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/admin/kismet.if.ptrace serefpolicy-3.10.0/policy/modules/admin/kismet.if
--- serefpolicy-3.10.0/policy/modules/admin/kismet.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/kismet.if 2011-10-27 13:59:14.008913483 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/kismet.if 2011-11-02 16:21:00.892484000 -0400
@@ -239,7 +239,10 @@ interface(`kismet_admin',`
')
@@ -47,8 +47,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/kismet.if.ptrace serefpolicy-3.
kismet_manage_pid_files($1)
kismet_manage_lib($1)
diff -up serefpolicy-3.10.0/policy/modules/admin/kudzu.te.ptrace serefpolicy-3.10.0/policy/modules/admin/kudzu.te
---- serefpolicy-3.10.0/policy/modules/admin/kudzu.te.ptrace 2011-10-27 13:59:12.702914477 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/kudzu.te 2011-10-27 13:59:14.009913482 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/kudzu.te.ptrace 2011-11-02 16:20:55.779911000 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/kudzu.te 2011-11-02 16:21:00.898481000 -0400
@@ -20,7 +20,7 @@ files_pid_file(kudzu_var_run_t)
# Local policy
#
@@ -59,8 +59,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/kudzu.te.ptrace serefpolicy-3.1
allow kudzu_t self:process { signal_perms execmem };
allow kudzu_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/admin/logrotate.te.ptrace serefpolicy-3.10.0/policy/modules/admin/logrotate.te
---- serefpolicy-3.10.0/policy/modules/admin/logrotate.te.ptrace 2011-10-27 13:59:12.703914476 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/logrotate.te 2011-10-27 13:59:14.011913480 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/logrotate.te.ptrace 2011-11-02 16:20:55.785911000 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/logrotate.te 2011-11-02 16:21:00.913482000 -0400
@@ -30,8 +30,6 @@ files_type(logrotate_var_lib_t)
# Change ownership on log files.
@@ -71,8 +71,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/logrotate.te.ptrace serefpolicy
allow logrotate_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
diff -up serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace serefpolicy-3.10.0/policy/modules/admin/ncftool.te
---- serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace 2011-10-27 13:59:12.714914466 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/ncftool.te 2011-10-27 13:59:14.012913479 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace 2011-11-02 16:20:55.831912000 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/ncftool.te 2011-11-02 16:21:00.918504000 -0400
@@ -17,8 +17,7 @@ role system_r types ncftool_t;
# ncftool local policy
#
@@ -84,8 +84,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace serefpolicy-3
allow ncftool_t self:fifo_file manage_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace serefpolicy-3.10.0/policy/modules/admin/rpm.te
---- serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace 2011-10-27 13:59:13.896913569 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-10-27 13:59:14.014913477 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace 2011-11-02 16:21:00.454481000 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-11-02 16:21:00.927490000 -0400
@@ -250,7 +250,8 @@ optional_policy(`
# rpm-script Local policy
#
@@ -97,8 +97,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace serefpolicy-3.10.
allow rpm_script_t self:fd use;
allow rpm_script_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/admin/sectoolm.te.ptrace serefpolicy-3.10.0/policy/modules/admin/sectoolm.te
---- serefpolicy-3.10.0/policy/modules/admin/sectoolm.te.ptrace 2011-10-27 13:59:12.745914442 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/sectoolm.te 2011-10-27 13:59:14.015913476 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/sectoolm.te.ptrace 2011-11-02 16:20:55.968900000 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/sectoolm.te 2011-11-02 16:21:00.933494000 -0400
@@ -23,7 +23,7 @@ files_tmp_file(sectool_tmp_t)
# sectool local policy
#
@@ -109,8 +109,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/sectoolm.te.ptrace serefpolicy-
dontaudit sectoolm_t self:process { execstack execmem };
allow sectoolm_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/admin/shorewall.if.ptrace serefpolicy-3.10.0/policy/modules/admin/shorewall.if
---- serefpolicy-3.10.0/policy/modules/admin/shorewall.if.ptrace 2011-10-27 13:59:12.746914442 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/shorewall.if 2011-10-27 13:59:14.016913475 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/shorewall.if.ptrace 2011-11-02 16:20:55.982886000 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/shorewall.if 2011-11-02 16:21:00.941491000 -0400
@@ -139,8 +139,11 @@ interface(`shorewall_admin',`
type shorewall_tmp_t, shorewall_etc_t;
')
@@ -125,8 +125,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/shorewall.if.ptrace serefpolicy
init_labeled_script_domtrans($1, shorewall_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/admin/shorewall.te.ptrace serefpolicy-3.10.0/policy/modules/admin/shorewall.te
---- serefpolicy-3.10.0/policy/modules/admin/shorewall.te.ptrace 2011-10-27 13:59:12.747914442 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/shorewall.te 2011-10-27 13:59:14.018913475 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/shorewall.te.ptrace 2011-11-02 16:20:55.988880000 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/shorewall.te 2011-11-02 16:21:00.948484000 -0400
@@ -37,7 +37,7 @@ logging_log_file(shorewall_log_t)
# shorewall local policy
#
@@ -137,8 +137,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/shorewall.te.ptrace serefpolicy
allow shorewall_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/admin/sosreport.te.ptrace serefpolicy-3.10.0/policy/modules/admin/sosreport.te
---- serefpolicy-3.10.0/policy/modules/admin/sosreport.te.ptrace 2011-10-27 13:59:12.760914431 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/sosreport.te 2011-10-27 13:59:14.019913475 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/sosreport.te.ptrace 2011-11-02 16:20:56.021847000 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/sosreport.te 2011-11-02 16:21:00.954486000 -0400
@@ -21,7 +21,7 @@ files_tmpfs_file(sosreport_tmpfs_t)
# sosreport local policy
#
@@ -149,8 +149,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/sosreport.te.ptrace serefpolicy
allow sosreport_t self:fifo_file rw_fifo_file_perms;
allow sosreport_t self:tcp_socket create_stream_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.te.ptrace serefpolicy-3.10.0/policy/modules/admin/usermanage.te
---- serefpolicy-3.10.0/policy/modules/admin/usermanage.te.ptrace 2011-10-27 13:59:13.940913534 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.te 2011-10-27 13:59:14.020913474 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/usermanage.te.ptrace 2011-11-02 16:21:00.638481000 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/usermanage.te 2011-11-02 16:21:00.963483000 -0400
@@ -439,7 +439,8 @@ optional_policy(`
# Useradd local policy
#
@@ -162,8 +162,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.te.ptrace serefpolic
allow useradd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow useradd_t self:process setfscreate;
diff -up serefpolicy-3.10.0/policy/modules/apps/chrome.te.ptrace serefpolicy-3.10.0/policy/modules/apps/chrome.te
---- serefpolicy-3.10.0/policy/modules/apps/chrome.te.ptrace 2011-10-27 13:59:12.787914412 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/chrome.te 2011-10-27 13:59:14.022913472 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/chrome.te.ptrace 2011-11-02 16:20:56.131827000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/chrome.te 2011-11-02 16:21:00.969478000 -0400
@@ -26,7 +26,7 @@ role system_r types chrome_sandbox_nacl_
#
# chrome_sandbox local policy
@@ -174,8 +174,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/chrome.te.ptrace serefpolicy-3.1
allow chrome_sandbox_t self:process setsched;
allow chrome_sandbox_t self:fifo_file manage_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.ptrace serefpolicy-3.10.0/policy/modules/apps/execmem.if
---- serefpolicy-3.10.0/policy/modules/apps/execmem.if.ptrace 2011-10-27 13:59:13.941913534 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-10-27 13:59:14.023913471 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.ptrace 2011-11-02 16:21:00.645481000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-11-02 16:21:00.977466000 -0400
@@ -59,7 +59,7 @@ template(`execmem_role_template',`
userdom_unpriv_usertype($1, $1_execmem_t)
@@ -186,8 +186,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.ptrace serefpolicy-3.
files_execmod_tmp($1_execmem_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/gnome.if.ptrace serefpolicy-3.10.0/policy/modules/apps/gnome.if
---- serefpolicy-3.10.0/policy/modules/apps/gnome.if.ptrace 2011-10-27 13:59:12.804914399 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/gnome.if 2011-10-27 13:59:14.030913464 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/gnome.if.ptrace 2011-11-02 16:20:56.187825000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/gnome.if 2011-11-02 16:21:00.989459000 -0400
@@ -91,8 +91,7 @@ interface(`gnome_role_gkeyringd',`
auth_use_nsswitch($1_gkeyringd_t)
@@ -199,8 +199,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/gnome.if.ptrace serefpolicy-3.10
stream_connect_pattern($3, gkeyringd_tmp_t, gkeyringd_tmp_t, $1_gkeyringd_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/irc.if.ptrace serefpolicy-3.10.0/policy/modules/apps/irc.if
---- serefpolicy-3.10.0/policy/modules/apps/irc.if.ptrace 2011-10-27 13:59:12.812914392 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/irc.if 2011-10-27 13:59:14.031913464 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/irc.if.ptrace 2011-11-02 16:20:56.224825000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/irc.if 2011-11-02 16:21:00.994463000 -0400
@@ -33,7 +33,7 @@ interface(`irc_role',`
domtrans_pattern($2, irssi_exec_t, irssi_t)
@@ -211,8 +211,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/irc.if.ptrace serefpolicy-3.10.0
manage_dirs_pattern($2, irssi_home_t, irssi_home_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/java.if.ptrace serefpolicy-3.10.0/policy/modules/apps/java.if
---- serefpolicy-3.10.0/policy/modules/apps/java.if.ptrace 2011-10-27 13:59:13.943913533 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/java.if 2011-10-27 13:59:14.032913464 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/java.if.ptrace 2011-11-02 16:21:00.650493000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/java.if 2011-11-02 16:21:01.001444000 -0400
@@ -76,11 +76,11 @@ template(`java_role_template',`
userdom_manage_tmpfs_role($2)
userdom_manage_tmpfs($1_java_t)
@@ -228,8 +228,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/java.if.ptrace serefpolicy-3.10.
domtrans_pattern($3, java_exec_t, $1_java_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/kde.te.ptrace serefpolicy-3.10.0/policy/modules/apps/kde.te
---- serefpolicy-3.10.0/policy/modules/apps/kde.te.ptrace 2011-10-27 13:59:12.820914387 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/kde.te 2011-10-27 13:59:14.034913464 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/kde.te.ptrace 2011-11-02 16:20:56.258830000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/kde.te 2011-11-02 16:21:01.006462000 -0400
@@ -13,9 +13,6 @@ dbus_system_domain(kdebacklighthelper_t,
#
# backlighthelper local policy
@@ -241,8 +241,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/kde.te.ptrace serefpolicy-3.10.0
kernel_read_system_state(kdebacklighthelper_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/livecd.te.ptrace serefpolicy-3.10.0/policy/modules/apps/livecd.te
---- serefpolicy-3.10.0/policy/modules/apps/livecd.te.ptrace 2011-10-27 13:59:12.825914382 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/livecd.te 2011-10-27 13:59:14.036913462 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/livecd.te.ptrace 2011-11-02 16:20:56.274828000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/livecd.te 2011-11-02 16:21:01.012454000 -0400
@@ -20,7 +20,10 @@ files_tmp_file(livecd_tmp_t)
dontaudit livecd_t self:capability2 mac_admin;
@@ -256,8 +256,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/livecd.te.ptrace serefpolicy-3.1
manage_dirs_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/mono.if.ptrace serefpolicy-3.10.0/policy/modules/apps/mono.if
---- serefpolicy-3.10.0/policy/modules/apps/mono.if.ptrace 2011-10-27 13:59:13.944913532 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/mono.if 2011-10-27 13:59:14.037913461 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/mono.if.ptrace 2011-11-02 16:21:00.656493000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/mono.if 2011-11-02 16:21:01.021424000 -0400
@@ -40,8 +40,8 @@ template(`mono_role_template',`
domain_interactive_fd($1_mono_t)
application_type($1_mono_t)
@@ -271,7 +271,7 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mono.if.ptrace serefpolicy-3.10.
diff -up serefpolicy-3.10.0/policy/modules/apps/mono.te.ptrace serefpolicy-3.10.0/policy/modules/apps/mono.te
--- serefpolicy-3.10.0/policy/modules/apps/mono.te.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/mono.te 2011-10-27 13:59:14.039913459 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/mono.te 2011-11-02 16:21:01.027416000 -0400
@@ -15,7 +15,7 @@ init_system_domain(mono_t, mono_exec_t)
# Local policy
#
@@ -282,8 +282,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mono.te.ptrace serefpolicy-3.10.
init_dbus_chat_script(mono_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.if.ptrace serefpolicy-3.10.0/policy/modules/apps/mozilla.if
---- serefpolicy-3.10.0/policy/modules/apps/mozilla.if.ptrace 2011-10-27 13:59:13.945913531 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.if 2011-10-27 13:59:14.040913458 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/mozilla.if.ptrace 2011-11-02 16:21:00.663481000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/mozilla.if 2011-11-02 16:21:01.033416000 -0400
@@ -221,7 +221,7 @@ interface(`mozilla_domtrans_plugin',`
allow mozilla_plugin_t $1:sem create_sem_perms;
@@ -294,8 +294,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.if.ptrace serefpolicy-3.
########################################
diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.ptrace serefpolicy-3.10.0/policy/modules/apps/mozilla.te
---- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.ptrace 2011-10-27 13:59:13.902913563 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te 2011-10-27 13:59:14.042913456 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.ptrace 2011-11-02 16:21:00.480481000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te 2011-11-02 16:21:01.042409000 -0400
@@ -301,7 +301,7 @@ optional_policy(`
# mozilla_plugin local policy
#
@@ -306,8 +306,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.ptrace serefpolicy-3.
allow mozilla_plugin_t self:process { setsched signal_perms execmem };
allow mozilla_plugin_t self:netlink_route_socket r_netlink_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.ptrace serefpolicy-3.10.0/policy/modules/apps/nsplugin.if
---- serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.ptrace 2011-10-27 13:59:13.947913529 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.if 2011-10-27 13:59:14.043913455 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.ptrace 2011-11-02 16:21:00.669481000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.if 2011-11-02 16:21:01.050395000 -0400
@@ -93,7 +93,7 @@ ifdef(`hide_broken_symptoms', `
dontaudit nsplugin_t $2:shm destroy;
allow $2 nsplugin_t:sem rw_sem_perms;
@@ -318,8 +318,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.ptrace serefpolicy-3
# Connect to pulseaudit server
diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.ptrace serefpolicy-3.10.0/policy/modules/apps/nsplugin.te
---- serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.ptrace 2011-10-27 13:59:13.948913528 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.te 2011-10-27 13:59:14.045913453 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.ptrace 2011-11-02 16:21:00.677481000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.te 2011-11-02 16:21:01.059398000 -0400
@@ -54,7 +54,7 @@ application_executable_file(nsplugin_con
#
dontaudit nsplugin_t self:capability { sys_nice sys_tty_config };
@@ -330,8 +330,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.ptrace serefpolicy-3
allow nsplugin_t self:sem create_sem_perms;
allow nsplugin_t self:shm create_shm_perms;
diff -up serefpolicy-3.10.0/policy/modules/apps/openoffice.if.ptrace serefpolicy-3.10.0/policy/modules/apps/openoffice.if
---- serefpolicy-3.10.0/policy/modules/apps/openoffice.if.ptrace 2011-10-27 13:59:12.847914364 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/openoffice.if 2011-10-27 13:59:14.046913452 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/openoffice.if.ptrace 2011-11-02 16:20:56.354830000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/openoffice.if 2011-11-02 16:21:01.065395000 -0400
@@ -69,7 +69,7 @@ interface(`openoffice_role_template',`
allow $1_openoffice_t self:process { getsched sigkill execheap execmem execstack };
@@ -342,8 +342,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/openoffice.if.ptrace serefpolicy
domtrans_pattern($3, openoffice_exec_t, $1_openoffice_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.ptrace serefpolicy-3.10.0/policy/modules/apps/podsleuth.te
---- serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.ptrace 2011-10-27 13:59:13.903913562 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te 2011-10-27 13:59:14.047913451 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.ptrace 2011-11-02 16:21:00.488484000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te 2011-11-02 16:21:01.071398000 -0400
@@ -27,7 +27,8 @@ ubac_constrained(podsleuth_tmpfs_t)
# podsleuth local policy
#
@@ -356,7 +356,7 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.ptrace serefpolicy-
allow podsleuth_t self:sem create_sem_perms;
diff -up serefpolicy-3.10.0/policy/modules/apps/uml.if.ptrace serefpolicy-3.10.0/policy/modules/apps/uml.if
--- serefpolicy-3.10.0/policy/modules/apps/uml.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/uml.if 2011-10-27 13:59:14.049913451 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/uml.if 2011-11-02 16:21:01.077416000 -0400
@@ -31,9 +31,9 @@ interface(`uml_role',`
allow $2 uml_t:unix_dgram_socket sendto;
allow uml_t $2:unix_dgram_socket sendto;
@@ -370,8 +370,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/uml.if.ptrace serefpolicy-3.10.0
allow $2 uml_ro_t:dir list_dir_perms;
read_files_pattern($2, uml_ro_t, uml_ro_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/uml.te.ptrace serefpolicy-3.10.0/policy/modules/apps/uml.te
---- serefpolicy-3.10.0/policy/modules/apps/uml.te.ptrace 2011-10-27 13:59:12.879914342 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/uml.te 2011-10-27 13:59:14.050913451 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/uml.te.ptrace 2011-11-02 16:20:56.483825000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/uml.te 2011-11-02 16:21:01.086395000 -0400
@@ -53,7 +53,7 @@ files_pid_file(uml_switch_var_run_t)
#
@@ -382,8 +382,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/uml.te.ptrace serefpolicy-3.10.0
allow uml_t self:unix_dgram_socket create_socket_perms;
# Use the network.
diff -up serefpolicy-3.10.0/policy/modules/apps/wine.if.ptrace serefpolicy-3.10.0/policy/modules/apps/wine.if
---- serefpolicy-3.10.0/policy/modules/apps/wine.if.ptrace 2011-10-27 13:59:13.955913521 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/wine.if 2011-10-27 13:59:14.056913446 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/wine.if.ptrace 2011-11-02 16:21:00.709496000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/wine.if 2011-11-02 16:21:01.092395000 -0400
@@ -100,7 +100,7 @@ template(`wine_role_template',`
role $2 types $1_wine_t;
@@ -394,8 +394,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/wine.if.ptrace serefpolicy-3.10.
corecmd_bin_domtrans($1_wine_t, $1_t)
diff -up serefpolicy-3.10.0/policy/modules/kernel/domain.te.ptrace serefpolicy-3.10.0/policy/modules/kernel/domain.te
---- serefpolicy-3.10.0/policy/modules/kernel/domain.te.ptrace 2011-10-27 13:59:12.928914305 -0400
-+++ serefpolicy-3.10.0/policy/modules/kernel/domain.te 2011-10-27 13:59:14.057913445 -0400
+--- serefpolicy-3.10.0/policy/modules/kernel/domain.te.ptrace 2011-11-02 16:20:56.704825000 -0400
++++ serefpolicy-3.10.0/policy/modules/kernel/domain.te 2011-11-02 16:21:01.100395000 -0400
@@ -181,7 +181,10 @@ allow unconfined_domain_type domain:fifo
allow unconfined_domain_type unconfined_domain_type:dbus send_msg;
@@ -408,14 +408,14 @@ diff -up serefpolicy-3.10.0/policy/modules/kernel/domain.te.ptrace serefpolicy-3
# Create/access any System V IPC objects.
allow unconfined_domain_type domain:{ sem msgq shm } *;
-@@ -316,3 +319,4 @@ optional_policy(`
+@@ -407,3 +410,4 @@ optional_policy(`
')
dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
+dontaudit domain self:capability sys_ptrace;
diff -up serefpolicy-3.10.0/policy/modules/kernel/kernel.te.ptrace serefpolicy-3.10.0/policy/modules/kernel/kernel.te
---- serefpolicy-3.10.0/policy/modules/kernel/kernel.te.ptrace 2011-10-27 13:59:12.954914285 -0400
-+++ serefpolicy-3.10.0/policy/modules/kernel/kernel.te 2011-10-27 13:59:14.058913444 -0400
+--- serefpolicy-3.10.0/policy/modules/kernel/kernel.te.ptrace 2011-11-02 16:20:56.826825000 -0400
++++ serefpolicy-3.10.0/policy/modules/kernel/kernel.te 2011-11-02 16:21:01.109395000 -0400
@@ -191,7 +191,11 @@ sid tcp_socket gen_context(system_u:obj
# kernel local policy
#
@@ -439,8 +439,8 @@ diff -up serefpolicy-3.10.0/policy/modules/kernel/kernel.te.ptrace serefpolicy-3
gen_require(`
bool secure_mode_insmod;
diff -up serefpolicy-3.10.0/policy/modules/roles/dbadm.te.ptrace serefpolicy-3.10.0/policy/modules/roles/dbadm.te
---- serefpolicy-3.10.0/policy/modules/roles/dbadm.te.ptrace 2011-10-27 13:59:12.976914267 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/dbadm.te 2011-10-27 13:59:14.059913443 -0400
+--- serefpolicy-3.10.0/policy/modules/roles/dbadm.te.ptrace 2011-11-02 16:20:56.906825000 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/dbadm.te 2011-11-02 16:21:01.115395000 -0400
@@ -28,7 +28,7 @@ userdom_base_user_template(dbadm)
# database admin local policy
#
@@ -452,7 +452,7 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/dbadm.te.ptrace serefpolicy-3.1
files_delete_generic_locks(dbadm_t)
diff -up serefpolicy-3.10.0/policy/modules/roles/logadm.te.ptrace serefpolicy-3.10.0/policy/modules/roles/logadm.te
--- serefpolicy-3.10.0/policy/modules/roles/logadm.te.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/logadm.te 2011-10-27 13:59:14.060913442 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/logadm.te 2011-11-02 16:21:01.119398000 -0400
@@ -14,6 +14,5 @@ userdom_base_user_template(logadm)
# logadmin local policy
#
@@ -462,8 +462,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/logadm.te.ptrace serefpolicy-3.
+allow logadm_t self:capability { dac_override dac_read_search kill sys_nice };
logging_admin(logadm_t, logadm_r)
diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace serefpolicy-3.10.0/policy/modules/roles/sysadm.te
---- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace 2011-10-27 13:59:13.958913521 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-10-27 13:59:14.061913441 -0400
+--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace 2011-11-02 16:21:00.735481000 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-11-02 16:21:01.127397000 -0400
@@ -5,13 +5,6 @@ policy_module(sysadm, 2.2.1)
# Declarations
#
@@ -488,8 +488,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace serefpolicy-3.
')
diff -up serefpolicy-3.10.0/policy/modules/roles/webadm.te.ptrace serefpolicy-3.10.0/policy/modules/roles/webadm.te
---- serefpolicy-3.10.0/policy/modules/roles/webadm.te.ptrace 2011-10-27 13:59:12.989914257 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/webadm.te 2011-10-27 13:59:14.063913440 -0400
+--- serefpolicy-3.10.0/policy/modules/roles/webadm.te.ptrace 2011-11-02 16:20:56.949828000 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/webadm.te 2011-11-02 16:21:01.133406000 -0400
@@ -28,7 +28,7 @@ userdom_base_user_template(webadm)
# webadmin local policy
#
@@ -500,9 +500,9 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/webadm.te.ptrace serefpolicy-3.
files_dontaudit_search_all_dirs(webadm_t)
files_manage_generic_locks(webadm_t)
diff -up serefpolicy-3.10.0/policy/modules/services/abrt.if.ptrace serefpolicy-3.10.0/policy/modules/services/abrt.if
---- serefpolicy-3.10.0/policy/modules/services/abrt.if.ptrace 2011-10-27 13:59:12.993914253 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/abrt.if 2011-10-27 13:59:14.065913440 -0400
-@@ -335,9 +335,13 @@ interface(`abrt_admin',`
+--- serefpolicy-3.10.0/policy/modules/services/abrt.if.ptrace 2011-11-02 16:20:56.967816000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/abrt.if 2011-11-02 16:21:01.141395000 -0400
+@@ -336,9 +336,13 @@ interface(`abrt_admin',`
type abrt_initrc_exec_t;
')
@@ -518,8 +518,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/abrt.if.ptrace serefpolicy-3
domain_system_change_exemption($1)
role_transition $2 abrt_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/accountsd.if.ptrace serefpolicy-3.10.0/policy/modules/services/accountsd.if
---- serefpolicy-3.10.0/policy/modules/services/accountsd.if.ptrace 2011-10-27 13:59:12.997914253 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/accountsd.if 2011-10-27 13:59:14.066913439 -0400
+--- serefpolicy-3.10.0/policy/modules/services/accountsd.if.ptrace 2011-11-02 16:20:56.979807000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/accountsd.if 2011-11-02 16:21:01.147398000 -0400
@@ -138,8 +138,12 @@ interface(`accountsd_admin',`
type accountsd_t;
')
@@ -535,8 +535,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/accountsd.if.ptrace serefpol
accountsd_manage_lib_files($1)
')
diff -up serefpolicy-3.10.0/policy/modules/services/accountsd.te.ptrace serefpolicy-3.10.0/policy/modules/services/accountsd.te
---- serefpolicy-3.10.0/policy/modules/services/accountsd.te.ptrace 2011-10-27 13:59:12.999914251 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/accountsd.te 2011-10-27 13:59:14.069913436 -0400
+--- serefpolicy-3.10.0/policy/modules/services/accountsd.te.ptrace 2011-11-02 16:20:56.985800000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/accountsd.te 2011-11-02 16:21:01.153402000 -0400
@@ -19,7 +19,7 @@ files_type(accountsd_var_lib_t)
# accountsd local policy
#
@@ -547,8 +547,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/accountsd.te.ptrace serefpol
allow accountsd_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/afs.if.ptrace serefpolicy-3.10.0/policy/modules/services/afs.if
---- serefpolicy-3.10.0/policy/modules/services/afs.if.ptrace 2011-10-27 13:59:13.000914250 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/afs.if 2011-10-27 13:59:14.070913435 -0400
+--- serefpolicy-3.10.0/policy/modules/services/afs.if.ptrace 2011-11-02 16:20:56.990797000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/afs.if 2011-11-02 16:21:01.159402000 -0400
@@ -97,9 +97,13 @@ interface(`afs_admin',`
type afs_t, afs_initrc_exec_t;
')
@@ -566,7 +566,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/afs.if.ptrace serefpolicy-3.
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/aiccu.if.ptrace serefpolicy-3.10.0/policy/modules/services/aiccu.if
--- serefpolicy-3.10.0/policy/modules/services/aiccu.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/aiccu.if 2011-10-27 13:59:14.072913433 -0400
++++ serefpolicy-3.10.0/policy/modules/services/aiccu.if 2011-11-02 16:21:01.165403000 -0400
@@ -79,9 +79,13 @@ interface(`aiccu_admin',`
type aiccu_var_run_t;
')
@@ -583,8 +583,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/aiccu.if.ptrace serefpolicy-
domain_system_change_exemption($1)
role_transition $2 aiccu_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/aide.if.ptrace serefpolicy-3.10.0/policy/modules/services/aide.if
---- serefpolicy-3.10.0/policy/modules/services/aide.if.ptrace 2011-10-27 13:59:13.005914245 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/aide.if 2011-10-27 13:59:14.074913431 -0400
+--- serefpolicy-3.10.0/policy/modules/services/aide.if.ptrace 2011-11-02 16:20:57.023767000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/aide.if 2011-11-02 16:21:01.180404000 -0400
@@ -61,9 +61,13 @@ interface(`aide_admin',`
type aide_t, aide_db_t, aide_log_t;
')
@@ -601,8 +601,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/aide.if.ptrace serefpolicy-3
admin_pattern($1, aide_db_t)
diff -up serefpolicy-3.10.0/policy/modules/services/aisexec.if.ptrace serefpolicy-3.10.0/policy/modules/services/aisexec.if
---- serefpolicy-3.10.0/policy/modules/services/aisexec.if.ptrace 2011-10-27 13:59:13.008914242 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/aisexec.if 2011-10-27 13:59:14.075913430 -0400
+--- serefpolicy-3.10.0/policy/modules/services/aisexec.if.ptrace 2011-11-02 16:20:57.034752000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/aisexec.if 2011-11-02 16:21:01.186395000 -0400
@@ -82,9 +82,13 @@ interface(`aisexecd_admin',`
type aisexec_initrc_exec_t;
')
@@ -619,8 +619,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/aisexec.if.ptrace serefpolic
domain_system_change_exemption($1)
role_transition $2 aisexec_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/ajaxterm.if.ptrace serefpolicy-3.10.0/policy/modules/services/ajaxterm.if
---- serefpolicy-3.10.0/policy/modules/services/ajaxterm.if.ptrace 2011-10-27 13:59:13.012914240 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ajaxterm.if 2011-10-27 13:59:14.077913429 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ajaxterm.if.ptrace 2011-11-02 16:20:57.045739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ajaxterm.if 2011-11-02 16:21:01.191397000 -0400
@@ -76,9 +76,13 @@ interface(`ajaxterm_admin',`
type ajaxterm_t, ajaxterm_initrc_exec_t;
')
@@ -638,7 +638,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ajaxterm.if.ptrace serefpoli
role_transition $2 ajaxterm_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/amavis.if.ptrace serefpolicy-3.10.0/policy/modules/services/amavis.if
--- serefpolicy-3.10.0/policy/modules/services/amavis.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/amavis.if 2011-10-27 13:59:14.078913429 -0400
++++ serefpolicy-3.10.0/policy/modules/services/amavis.if 2011-11-02 16:21:01.198395000 -0400
@@ -231,9 +231,13 @@ interface(`amavis_admin',`
type amavis_initrc_exec_t;
')
@@ -655,8 +655,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/amavis.if.ptrace serefpolicy
domain_system_change_exemption($1)
role_transition $2 amavis_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/apache.if.ptrace serefpolicy-3.10.0/policy/modules/services/apache.if
---- serefpolicy-3.10.0/policy/modules/services/apache.if.ptrace 2011-10-27 13:59:13.988913499 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/apache.if 2011-10-27 13:59:14.081913428 -0400
+--- serefpolicy-3.10.0/policy/modules/services/apache.if.ptrace 2011-11-02 16:21:00.856481000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/apache.if 2011-11-02 16:21:01.212395000 -0400
@@ -1297,9 +1297,13 @@ interface(`apache_admin',`
type httpd_unit_file_t;
')
@@ -674,7 +674,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/apache.if.ptrace serefpolicy
role_transition $2 httpd_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/apcupsd.if.ptrace serefpolicy-3.10.0/policy/modules/services/apcupsd.if
--- serefpolicy-3.10.0/policy/modules/services/apcupsd.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/apcupsd.if 2011-10-27 13:59:14.082913427 -0400
++++ serefpolicy-3.10.0/policy/modules/services/apcupsd.if 2011-11-02 16:21:01.219395000 -0400
@@ -146,9 +146,13 @@ interface(`apcupsd_admin',`
type apcupsd_initrc_exec_t;
')
@@ -691,8 +691,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/apcupsd.if.ptrace serefpolic
domain_system_change_exemption($1)
role_transition $2 apcupsd_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/apm.te.ptrace serefpolicy-3.10.0/policy/modules/services/apm.te
---- serefpolicy-3.10.0/policy/modules/services/apm.te.ptrace 2011-10-27 13:59:13.030914227 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/apm.te 2011-10-27 13:59:14.084913425 -0400
+--- serefpolicy-3.10.0/policy/modules/services/apm.te.ptrace 2011-11-02 16:20:57.113739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/apm.te 2011-11-02 16:21:01.227395000 -0400
@@ -60,7 +60,7 @@ logging_send_syslog_msg(apm_t)
# mknod: controlling an orderly resume of PCMCIA requires creating device
# nodes 254,{0,1,2} for some reason.
@@ -703,8 +703,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/apm.te.ptrace serefpolicy-3.
allow apmd_t self:fifo_file rw_fifo_file_perms;
allow apmd_t self:netlink_socket create_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/arpwatch.if.ptrace serefpolicy-3.10.0/policy/modules/services/arpwatch.if
---- serefpolicy-3.10.0/policy/modules/services/arpwatch.if.ptrace 2011-10-27 13:59:13.032914225 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/arpwatch.if 2011-10-27 13:59:14.086913423 -0400
+--- serefpolicy-3.10.0/policy/modules/services/arpwatch.if.ptrace 2011-11-02 16:20:57.119739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/arpwatch.if 2011-11-02 16:21:01.233395000 -0400
@@ -137,9 +137,13 @@ interface(`arpwatch_admin',`
type arpwatch_initrc_exec_t;
')
@@ -721,8 +721,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/arpwatch.if.ptrace serefpoli
domain_system_change_exemption($1)
role_transition $2 arpwatch_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/asterisk.if.ptrace serefpolicy-3.10.0/policy/modules/services/asterisk.if
---- serefpolicy-3.10.0/policy/modules/services/asterisk.if.ptrace 2011-10-27 13:59:13.034914223 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/asterisk.if 2011-10-27 13:59:14.087913422 -0400
+--- serefpolicy-3.10.0/policy/modules/services/asterisk.if.ptrace 2011-11-02 16:20:57.140745000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/asterisk.if 2011-11-02 16:21:01.237398000 -0400
@@ -64,9 +64,13 @@ interface(`asterisk_admin',`
type asterisk_initrc_exec_t;
')
@@ -739,8 +739,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/asterisk.if.ptrace serefpoli
domain_system_change_exemption($1)
role_transition $2 asterisk_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/automount.if.ptrace serefpolicy-3.10.0/policy/modules/services/automount.if
---- serefpolicy-3.10.0/policy/modules/services/automount.if.ptrace 2011-10-27 13:59:13.038914219 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/automount.if 2011-10-27 13:59:14.089913420 -0400
+--- serefpolicy-3.10.0/policy/modules/services/automount.if.ptrace 2011-11-02 16:20:57.159744000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/automount.if 2011-11-02 16:21:01.244398000 -0400
@@ -150,9 +150,13 @@ interface(`automount_admin',`
type automount_var_run_t, automount_initrc_exec_t;
')
@@ -757,8 +757,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/automount.if.ptrace serefpol
domain_system_change_exemption($1)
role_transition $2 automount_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/avahi.if.ptrace serefpolicy-3.10.0/policy/modules/services/avahi.if
---- serefpolicy-3.10.0/policy/modules/services/avahi.if.ptrace 2011-10-27 13:59:13.042914218 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/avahi.if 2011-10-27 13:59:14.091913418 -0400
+--- serefpolicy-3.10.0/policy/modules/services/avahi.if.ptrace 2011-11-02 16:20:57.171739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/avahi.if 2011-11-02 16:21:01.250403000 -0400
@@ -154,9 +154,13 @@ interface(`avahi_admin',`
type avahi_t, avahi_var_run_t, avahi_initrc_exec_t;
')
@@ -775,8 +775,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/avahi.if.ptrace serefpolicy-
domain_system_change_exemption($1)
role_transition $2 avahi_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/bind.if.ptrace serefpolicy-3.10.0/policy/modules/services/bind.if
---- serefpolicy-3.10.0/policy/modules/services/bind.if.ptrace 2011-10-27 13:59:13.046914215 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/bind.if 2011-10-27 13:59:14.093913416 -0400
+--- serefpolicy-3.10.0/policy/modules/services/bind.if.ptrace 2011-11-02 16:20:57.189739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/bind.if 2011-11-02 16:21:01.257395000 -0400
@@ -408,12 +408,20 @@ interface(`bind_admin',`
type dnssec_t, ndc_t, named_keytab_t;
')
@@ -802,7 +802,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/bind.if.ptrace serefpolicy-3
init_labeled_script_domtrans($1, named_initrc_exec_t)
diff -up serefpolicy-3.10.0/policy/modules/services/bitlbee.if.ptrace serefpolicy-3.10.0/policy/modules/services/bitlbee.if
--- serefpolicy-3.10.0/policy/modules/services/bitlbee.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/bitlbee.if 2011-10-27 13:59:14.095913416 -0400
++++ serefpolicy-3.10.0/policy/modules/services/bitlbee.if 2011-11-02 16:21:01.263398000 -0400
@@ -43,9 +43,13 @@ interface(`bitlbee_admin',`
type bitlbee_initrc_exec_t;
')
@@ -819,8 +819,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/bitlbee.if.ptrace serefpolic
domain_system_change_exemption($1)
role_transition $2 bitlbee_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/bluetooth.if.ptrace serefpolicy-3.10.0/policy/modules/services/bluetooth.if
---- serefpolicy-3.10.0/policy/modules/services/bluetooth.if.ptrace 2011-10-27 13:59:13.051914210 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/bluetooth.if 2011-10-27 13:59:14.096913416 -0400
+--- serefpolicy-3.10.0/policy/modules/services/bluetooth.if.ptrace 2011-11-02 16:20:57.212739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/bluetooth.if 2011-11-02 16:21:01.271395000 -0400
@@ -28,7 +28,11 @@ interface(`bluetooth_role',`
# allow ps to show cdrecord and allow the user to kill it
@@ -850,8 +850,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/bluetooth.if.ptrace serefpol
domain_system_change_exemption($1)
role_transition $2 bluetooth_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/boinc.if.ptrace serefpolicy-3.10.0/policy/modules/services/boinc.if
---- serefpolicy-3.10.0/policy/modules/services/boinc.if.ptrace 2011-10-27 13:59:13.055914206 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/boinc.if 2011-10-27 13:59:14.098913415 -0400
+--- serefpolicy-3.10.0/policy/modules/services/boinc.if.ptrace 2011-11-02 16:20:57.224744000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/boinc.if 2011-11-02 16:21:01.277395000 -0400
@@ -137,9 +137,13 @@ interface(`boinc_admin',`
type boinc_t, boinc_initrc_exec_t, boinc_var_lib_t;
')
@@ -868,8 +868,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/boinc.if.ptrace serefpolicy-
domain_system_change_exemption($1)
role_transition $2 boinc_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.ptrace serefpolicy-3.10.0/policy/modules/services/boinc.te
---- serefpolicy-3.10.0/policy/modules/services/boinc.te.ptrace 2011-10-27 13:59:13.912913556 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/boinc.te 2011-10-27 13:59:14.100913413 -0400
+--- serefpolicy-3.10.0/policy/modules/services/boinc.te.ptrace 2011-11-02 16:21:00.533488000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/boinc.te 2011-11-02 16:21:01.283398000 -0400
@@ -121,9 +121,13 @@ mta_send_mail(boinc_t)
domtrans_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_t)
allow boinc_t boinc_project_t:process sigkill;
@@ -886,8 +886,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.ptrace serefpolicy-
allow boinc_project_t self:sem create_sem_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/bugzilla.if.ptrace serefpolicy-3.10.0/policy/modules/services/bugzilla.if
---- serefpolicy-3.10.0/policy/modules/services/bugzilla.if.ptrace 2011-10-27 13:59:13.059914205 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/bugzilla.if 2011-10-27 13:59:14.101913412 -0400
+--- serefpolicy-3.10.0/policy/modules/services/bugzilla.if.ptrace 2011-11-02 16:20:57.237739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/bugzilla.if 2011-11-02 16:21:01.289396000 -0400
@@ -62,9 +62,13 @@ interface(`bugzilla_admin',`
type httpd_bugzilla_htaccess_t, httpd_bugzilla_tmp_t;
')
@@ -904,8 +904,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/bugzilla.if.ptrace serefpoli
admin_pattern($1, httpd_bugzilla_tmp_t)
diff -up serefpolicy-3.10.0/policy/modules/services/callweaver.if.ptrace serefpolicy-3.10.0/policy/modules/services/callweaver.if
---- serefpolicy-3.10.0/policy/modules/services/callweaver.if.ptrace 2011-10-27 13:59:13.068914197 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/callweaver.if 2011-10-27 13:59:14.103913410 -0400
+--- serefpolicy-3.10.0/policy/modules/services/callweaver.if.ptrace 2011-11-02 16:20:57.260739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/callweaver.if 2011-11-02 16:21:01.295395000 -0400
@@ -336,9 +336,13 @@ interface(`callweaver_admin',`
type callweaver_spool_t;
')
@@ -923,7 +923,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/callweaver.if.ptrace serefpo
role_transition $2 callweaver_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/canna.if.ptrace serefpolicy-3.10.0/policy/modules/services/canna.if
--- serefpolicy-3.10.0/policy/modules/services/canna.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/canna.if 2011-10-27 13:59:14.105913408 -0400
++++ serefpolicy-3.10.0/policy/modules/services/canna.if 2011-11-02 16:21:01.301395000 -0400
@@ -42,9 +42,13 @@ interface(`canna_admin',`
type canna_var_run_t, canna_initrc_exec_t;
')
@@ -940,8 +940,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/canna.if.ptrace serefpolicy-
domain_system_change_exemption($1)
role_transition $2 canna_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/certmaster.if.ptrace serefpolicy-3.10.0/policy/modules/services/certmaster.if
---- serefpolicy-3.10.0/policy/modules/services/certmaster.if.ptrace 2011-10-27 13:59:13.075914193 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/certmaster.if 2011-10-27 13:59:14.106913407 -0400
+--- serefpolicy-3.10.0/policy/modules/services/certmaster.if.ptrace 2011-11-02 16:20:57.290739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/certmaster.if 2011-11-02 16:21:01.307395000 -0400
@@ -119,9 +119,13 @@ interface(`certmaster_admin',`
type certmaster_etc_rw_t, certmaster_var_log_t, certmaster_initrc_exec_t;
')
@@ -958,8 +958,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/certmaster.if.ptrace serefpo
domain_system_change_exemption($1)
role_transition $2 certmaster_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/certmonger.if.ptrace serefpolicy-3.10.0/policy/modules/services/certmonger.if
---- serefpolicy-3.10.0/policy/modules/services/certmonger.if.ptrace 2011-10-27 13:59:13.078914190 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/certmonger.if 2011-10-27 13:59:14.108913405 -0400
+--- serefpolicy-3.10.0/policy/modules/services/certmonger.if.ptrace 2011-11-02 16:20:57.301739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/certmonger.if 2011-11-02 16:21:01.313395000 -0400
@@ -158,7 +158,11 @@ interface(`certmonger_admin',`
')
@@ -974,8 +974,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/certmonger.if.ptrace serefpo
# Allow certmonger_t to restart the apache service
certmonger_initrc_domtrans($1)
diff -up serefpolicy-3.10.0/policy/modules/services/cgroup.if.ptrace serefpolicy-3.10.0/policy/modules/services/cgroup.if
---- serefpolicy-3.10.0/policy/modules/services/cgroup.if.ptrace 2011-10-27 13:59:13.083914185 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cgroup.if 2011-10-27 13:59:14.110913405 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cgroup.if.ptrace 2011-11-02 16:20:57.319739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cgroup.if 2011-11-02 16:21:01.324402000 -0400
@@ -171,15 +171,27 @@ interface(`cgroup_admin',`
type cgrules_etc_t, cgclear_t;
')
@@ -1008,8 +1008,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cgroup.if.ptrace serefpolicy
admin_pattern($1, cgrules_etc_t)
files_list_etc($1)
diff -up serefpolicy-3.10.0/policy/modules/services/cgroup.te.ptrace serefpolicy-3.10.0/policy/modules/services/cgroup.te
---- serefpolicy-3.10.0/policy/modules/services/cgroup.te.ptrace 2011-10-27 13:59:13.086914183 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cgroup.te 2011-10-27 13:59:14.111913404 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cgroup.te.ptrace 2011-11-02 16:20:57.324743000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cgroup.te 2011-11-02 16:21:01.330408000 -0400
@@ -76,7 +76,8 @@ fs_unmount_cgroup(cgconfig_t)
# cgred personal policy.
#
@@ -1021,8 +1021,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cgroup.te.ptrace serefpolicy
allow cgred_t self:unix_dgram_socket { write create connect };
diff -up serefpolicy-3.10.0/policy/modules/services/chronyd.if.ptrace serefpolicy-3.10.0/policy/modules/services/chronyd.if
---- serefpolicy-3.10.0/policy/modules/services/chronyd.if.ptrace 2011-10-27 13:59:13.089914183 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/chronyd.if 2011-10-27 13:59:14.114913401 -0400
+--- serefpolicy-3.10.0/policy/modules/services/chronyd.if.ptrace 2011-11-02 16:20:57.335739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/chronyd.if 2011-11-02 16:21:01.337395000 -0400
@@ -217,9 +217,13 @@ interface(`chronyd_admin',`
type chronyd_keys_t;
')
@@ -1039,8 +1039,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/chronyd.if.ptrace serefpolic
domain_system_change_exemption($1)
role_transition $2 chronyd_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/clamav.if.ptrace serefpolicy-3.10.0/policy/modules/services/clamav.if
---- serefpolicy-3.10.0/policy/modules/services/clamav.if.ptrace 2011-10-27 13:59:13.093914179 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/clamav.if 2011-10-27 13:59:14.116913399 -0400
+--- serefpolicy-3.10.0/policy/modules/services/clamav.if.ptrace 2011-11-02 16:20:57.352739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/clamav.if 2011-11-02 16:21:01.351398000 -0400
@@ -176,13 +176,19 @@ interface(`clamav_admin',`
type freshclam_t, freshclam_var_log_t;
')
@@ -1065,8 +1065,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/clamav.if.ptrace serefpolicy
init_labeled_script_domtrans($1, clamd_initrc_exec_t)
diff -up serefpolicy-3.10.0/policy/modules/services/cmirrord.if.ptrace serefpolicy-3.10.0/policy/modules/services/cmirrord.if
---- serefpolicy-3.10.0/policy/modules/services/cmirrord.if.ptrace 2011-10-27 13:59:13.104914170 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cmirrord.if 2011-10-27 13:59:14.117913398 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cmirrord.if.ptrace 2011-11-02 16:20:57.398739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cmirrord.if 2011-11-02 16:21:01.359395000 -0400
@@ -101,9 +101,13 @@ interface(`cmirrord_admin',`
type cmirrord_t, cmirrord_initrc_exec_t, cmirrord_var_run_t;
')
@@ -1083,8 +1083,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cmirrord.if.ptrace serefpoli
domain_system_change_exemption($1)
role_transition $2 cmirrord_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/cobbler.if.ptrace serefpolicy-3.10.0/policy/modules/services/cobbler.if
---- serefpolicy-3.10.0/policy/modules/services/cobbler.if.ptrace 2011-10-27 13:59:13.109914167 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cobbler.if 2011-10-27 13:59:14.119913397 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cobbler.if.ptrace 2011-11-02 16:20:57.409739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cobbler.if 2011-11-02 16:21:01.365395000 -0400
@@ -189,9 +189,13 @@ interface(`cobblerd_admin',`
type httpd_cobbler_content_ra_t, httpd_cobbler_content_rw_t;
')
@@ -1101,8 +1101,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cobbler.if.ptrace serefpolic
admin_pattern($1, cobbler_etc_t)
diff -up serefpolicy-3.10.0/policy/modules/services/cobbler.te.ptrace serefpolicy-3.10.0/policy/modules/services/cobbler.te
---- serefpolicy-3.10.0/policy/modules/services/cobbler.te.ptrace 2011-10-27 13:59:13.110914166 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cobbler.te 2011-10-27 13:59:14.121913397 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cobbler.te.ptrace 2011-11-02 16:20:57.415739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cobbler.te 2011-11-02 16:21:01.371404000 -0400
@@ -60,7 +60,7 @@ files_tmp_file(cobbler_tmp_t)
#
@@ -1113,8 +1113,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cobbler.te.ptrace serefpolic
allow cobblerd_t self:process { getsched setsched signal };
allow cobblerd_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/collectd.if.ptrace serefpolicy-3.10.0/policy/modules/services/collectd.if
---- serefpolicy-3.10.0/policy/modules/services/collectd.if.ptrace 2011-10-27 13:59:13.113914163 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/collectd.if 2011-10-27 13:59:14.123913396 -0400
+--- serefpolicy-3.10.0/policy/modules/services/collectd.if.ptrace 2011-11-02 16:20:57.421739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/collectd.if 2011-11-02 16:21:01.377403000 -0400
@@ -142,9 +142,13 @@ interface(`collectd_admin',`
type collectd_var_lib_t;
')
@@ -1131,8 +1131,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/collectd.if.ptrace serefpoli
domain_system_change_exemption($1)
role_transition $2 collectd_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/consolekit.te.ptrace serefpolicy-3.10.0/policy/modules/services/consolekit.te
---- serefpolicy-3.10.0/policy/modules/services/consolekit.te.ptrace 2011-10-27 13:59:13.118914159 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/consolekit.te 2011-10-27 13:59:14.124913395 -0400
+--- serefpolicy-3.10.0/policy/modules/services/consolekit.te.ptrace 2011-11-02 16:20:57.439739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/consolekit.te 2011-11-02 16:21:01.383395000 -0400
@@ -23,7 +23,8 @@ files_tmpfs_file(consolekit_tmpfs_t)
# consolekit local policy
#
@@ -1154,8 +1154,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/consolekit.te.ptrace serefpo
unconfined_stream_connect(consolekit_t)
')
diff -up serefpolicy-3.10.0/policy/modules/services/corosync.if.ptrace serefpolicy-3.10.0/policy/modules/services/corosync.if
---- serefpolicy-3.10.0/policy/modules/services/corosync.if.ptrace 2011-10-27 13:59:13.121914158 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/corosync.if 2011-10-27 13:59:14.126913393 -0400
+--- serefpolicy-3.10.0/policy/modules/services/corosync.if.ptrace 2011-11-02 16:20:57.450739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/corosync.if 2011-11-02 16:21:01.389396000 -0400
@@ -101,9 +101,13 @@ interface(`corosyncd_admin',`
type corosync_initrc_exec_t;
')
@@ -1172,8 +1172,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/corosync.if.ptrace serefpoli
domain_system_change_exemption($1)
role_transition $2 corosync_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/corosync.te.ptrace serefpolicy-3.10.0/policy/modules/services/corosync.te
---- serefpolicy-3.10.0/policy/modules/services/corosync.te.ptrace 2011-10-27 13:59:13.122914157 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/corosync.te 2011-10-27 13:59:14.127913392 -0400
+--- serefpolicy-3.10.0/policy/modules/services/corosync.te.ptrace 2011-11-02 16:20:57.456739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/corosync.te 2011-11-02 16:21:01.395395000 -0400
@@ -33,7 +33,7 @@ files_pid_file(corosync_var_run_t)
# corosync local policy
#
@@ -1184,8 +1184,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/corosync.te.ptrace serefpoli
allow corosync_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/cron.if.ptrace serefpolicy-3.10.0/policy/modules/services/cron.if
---- serefpolicy-3.10.0/policy/modules/services/cron.if.ptrace 2011-10-27 13:59:13.133914148 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cron.if 2011-10-27 13:59:14.130913389 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cron.if.ptrace 2011-11-02 16:20:57.500739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cron.if 2011-11-02 16:21:01.404395000 -0400
@@ -140,7 +140,11 @@ interface(`cron_role',`
# crontab shows up in user ps
@@ -1224,8 +1224,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cron.if.ptrace serefpolicy-3
# Run helper programs as the user domain
#corecmd_bin_domtrans(admin_crontab_t, $2)
diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.ptrace serefpolicy-3.10.0/policy/modules/services/cron.te
---- serefpolicy-3.10.0/policy/modules/services/cron.te.ptrace 2011-10-27 13:59:13.915913554 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cron.te 2011-10-27 13:59:14.132913387 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cron.te.ptrace 2011-11-02 16:21:00.542481000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cron.te 2011-11-02 16:21:01.415395000 -0400
@@ -350,7 +350,6 @@ optional_policy(`
#
@@ -1235,8 +1235,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.ptrace serefpolicy-3
allow system_cronjob_t self:process { signal_perms getsched setsched };
allow system_cronjob_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/ctdbd.if.ptrace serefpolicy-3.10.0/policy/modules/services/ctdbd.if
---- serefpolicy-3.10.0/policy/modules/services/ctdbd.if.ptrace 2011-10-27 13:59:13.138914145 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ctdbd.if 2011-10-27 13:59:14.134913386 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ctdbd.if.ptrace 2011-11-02 16:20:57.515739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ctdbd.if 2011-11-02 16:21:01.419395000 -0400
@@ -236,8 +236,11 @@ interface(`ctdbd_admin',`
type ctdbd_log_t, ctdbd_var_lib_t, ctdbd_var_run_t;
')
@@ -1251,8 +1251,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ctdbd.if.ptrace serefpolicy-
ctdbd_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ctdbd.te.ptrace serefpolicy-3.10.0/policy/modules/services/ctdbd.te
---- serefpolicy-3.10.0/policy/modules/services/ctdbd.te.ptrace 2011-10-27 13:59:13.140914143 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ctdbd.te 2011-10-27 13:59:14.135913386 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ctdbd.te.ptrace 2011-11-02 16:20:57.517739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ctdbd.te 2011-11-02 16:21:01.425395000 -0400
@@ -33,7 +33,7 @@ files_pid_file(ctdbd_var_run_t)
# ctdbd local policy
#
@@ -1263,8 +1263,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ctdbd.te.ptrace serefpolicy-
allow ctdbd_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/cups.if.ptrace serefpolicy-3.10.0/policy/modules/services/cups.if
---- serefpolicy-3.10.0/policy/modules/services/cups.if.ptrace 2011-10-27 13:59:13.142914141 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cups.if 2011-10-27 13:59:14.137913384 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cups.if.ptrace 2011-11-02 16:20:57.529739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cups.if 2011-11-02 16:21:01.432395000 -0400
@@ -327,9 +327,13 @@ interface(`cups_admin',`
type ptal_var_run_t;
')
@@ -1281,8 +1281,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cups.if.ptrace serefpolicy-3
domain_system_change_exemption($1)
role_transition $2 cupsd_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/cvs.if.ptrace serefpolicy-3.10.0/policy/modules/services/cvs.if
---- serefpolicy-3.10.0/policy/modules/services/cvs.if.ptrace 2011-10-27 13:59:13.146914137 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cvs.if 2011-10-27 13:59:14.139913382 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cvs.if.ptrace 2011-11-02 16:20:57.544739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cvs.if 2011-11-02 16:21:01.438395000 -0400
@@ -80,9 +80,13 @@ interface(`cvs_admin',`
type cvs_data_t, cvs_var_run_t;
')
@@ -1300,7 +1300,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cvs.if.ptrace serefpolicy-3.
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/cyrus.if.ptrace serefpolicy-3.10.0/policy/modules/services/cyrus.if
--- serefpolicy-3.10.0/policy/modules/services/cyrus.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cyrus.if 2011-10-27 13:59:14.140913381 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cyrus.if 2011-11-02 16:21:01.454394000 -0400
@@ -62,9 +62,13 @@ interface(`cyrus_admin',`
type cyrus_var_run_t, cyrus_initrc_exec_t;
')
@@ -1317,8 +1317,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cyrus.if.ptrace serefpolicy-
domain_system_change_exemption($1)
role_transition $2 cyrus_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/dbus.if.ptrace serefpolicy-3.10.0/policy/modules/services/dbus.if
---- serefpolicy-3.10.0/policy/modules/services/dbus.if.ptrace 2011-10-27 13:59:13.157914130 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/dbus.if 2011-10-27 13:59:14.142913379 -0400
+--- serefpolicy-3.10.0/policy/modules/services/dbus.if.ptrace 2011-11-02 16:20:57.592742000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/dbus.if 2011-11-02 16:21:01.462395000 -0400
@@ -71,7 +71,11 @@ template(`dbus_role_template',`
domtrans_pattern($3, dbusd_exec_t, $1_dbusd_t)
@@ -1333,8 +1333,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dbus.if.ptrace serefpolicy-3
# cjp: this seems very broken
corecmd_bin_domtrans($1_dbusd_t, $1_t)
diff -up serefpolicy-3.10.0/policy/modules/services/ddclient.if.ptrace serefpolicy-3.10.0/policy/modules/services/ddclient.if
---- serefpolicy-3.10.0/policy/modules/services/ddclient.if.ptrace 2011-10-27 13:59:13.163914124 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ddclient.if 2011-10-27 13:59:14.144913378 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ddclient.if.ptrace 2011-11-02 16:20:57.622740000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ddclient.if 2011-11-02 16:21:01.468398000 -0400
@@ -68,9 +68,13 @@ interface(`ddclient_admin',`
type ddclient_var_run_t;
')
@@ -1351,8 +1351,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ddclient.if.ptrace serefpoli
domain_system_change_exemption($1)
role_transition $2 ddclient_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/denyhosts.if.ptrace serefpolicy-3.10.0/policy/modules/services/denyhosts.if
---- serefpolicy-3.10.0/policy/modules/services/denyhosts.if.ptrace 2011-10-27 13:59:13.166914124 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/denyhosts.if 2011-10-27 13:59:14.145913378 -0400
+--- serefpolicy-3.10.0/policy/modules/services/denyhosts.if.ptrace 2011-11-02 16:20:57.634739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/denyhosts.if 2011-11-02 16:21:01.474398000 -0400
@@ -67,9 +67,13 @@ interface(`denyhosts_admin',`
type denyhosts_var_log_t, denyhosts_initrc_exec_t;
')
@@ -1369,8 +1369,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/denyhosts.if.ptrace serefpol
domain_system_change_exemption($1)
role_transition $2 denyhosts_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/devicekit.if.ptrace serefpolicy-3.10.0/policy/modules/services/devicekit.if
---- serefpolicy-3.10.0/policy/modules/services/devicekit.if.ptrace 2011-10-27 13:59:13.170914120 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/devicekit.if 2011-10-27 13:59:14.147913378 -0400
+--- serefpolicy-3.10.0/policy/modules/services/devicekit.if.ptrace 2011-11-02 16:20:57.652740000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/devicekit.if 2011-11-02 16:21:01.480401000 -0400
@@ -308,13 +308,18 @@ interface(`devicekit_admin',`
type devicekit_var_lib_t, devicekit_var_run_t, devicekit_tmp_t;
')
@@ -1394,8 +1394,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/devicekit.if.ptrace serefpol
admin_pattern($1, devicekit_tmp_t)
diff -up serefpolicy-3.10.0/policy/modules/services/devicekit.te.ptrace serefpolicy-3.10.0/policy/modules/services/devicekit.te
---- serefpolicy-3.10.0/policy/modules/services/devicekit.te.ptrace 2011-10-27 13:59:13.173914117 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/devicekit.te 2011-10-27 13:59:14.149913376 -0400
+--- serefpolicy-3.10.0/policy/modules/services/devicekit.te.ptrace 2011-11-02 16:20:57.659742000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/devicekit.te 2011-11-02 16:21:01.488407000 -0400
@@ -65,7 +65,8 @@ optional_policy(`
# DeviceKit disk local policy
#
@@ -1416,8 +1416,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/devicekit.te.ptrace serefpol
allow devicekit_power_t self:fifo_file rw_fifo_file_perms;
allow devicekit_power_t self:unix_dgram_socket create_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/dhcp.if.ptrace serefpolicy-3.10.0/policy/modules/services/dhcp.if
---- serefpolicy-3.10.0/policy/modules/services/dhcp.if.ptrace 2011-10-27 13:59:13.176914114 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/dhcp.if 2011-10-27 13:59:14.150913375 -0400
+--- serefpolicy-3.10.0/policy/modules/services/dhcp.if.ptrace 2011-11-02 16:20:57.678739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/dhcp.if 2011-11-02 16:21:01.495395000 -0400
@@ -105,8 +105,11 @@ interface(`dhcpd_admin',`
type dhcpd_var_run_t, dhcpd_initrc_exec_t;
')
@@ -1433,7 +1433,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dhcp.if.ptrace serefpolicy-3
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/dictd.if.ptrace serefpolicy-3.10.0/policy/modules/services/dictd.if
--- serefpolicy-3.10.0/policy/modules/services/dictd.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/dictd.if 2011-10-27 13:59:14.152913373 -0400
++++ serefpolicy-3.10.0/policy/modules/services/dictd.if 2011-11-02 16:21:01.501401000 -0400
@@ -38,8 +38,11 @@ interface(`dictd_admin',`
type dictd_var_run_t, dictd_initrc_exec_t;
')
@@ -1448,8 +1448,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dictd.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, dictd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/dnsmasq.if.ptrace serefpolicy-3.10.0/policy/modules/services/dnsmasq.if
---- serefpolicy-3.10.0/policy/modules/services/dnsmasq.if.ptrace 2011-10-27 13:59:13.191914103 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/dnsmasq.if 2011-10-27 13:59:14.154913371 -0400
+--- serefpolicy-3.10.0/policy/modules/services/dnsmasq.if.ptrace 2011-11-02 16:20:57.727739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/dnsmasq.if 2011-11-02 16:21:01.509395000 -0400
@@ -298,8 +298,11 @@ interface(`dnsmasq_admin',`
type dnsmasq_initrc_exec_t;
')
@@ -1464,8 +1464,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dnsmasq.if.ptrace serefpolic
init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/dovecot.if.ptrace serefpolicy-3.10.0/policy/modules/services/dovecot.if
---- serefpolicy-3.10.0/policy/modules/services/dovecot.if.ptrace 2011-10-27 13:59:13.196914100 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/dovecot.if 2011-10-27 13:59:14.155913370 -0400
+--- serefpolicy-3.10.0/policy/modules/services/dovecot.if.ptrace 2011-11-02 16:20:57.746743000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/dovecot.if 2011-11-02 16:21:01.515395000 -0400
@@ -119,8 +119,11 @@ interface(`dovecot_admin',`
type dovecot_cert_t, dovecot_passwd_t, dovecot_initrc_exec_t;
')
@@ -1480,8 +1480,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dovecot.if.ptrace serefpolic
init_labeled_script_domtrans($1, dovecot_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/drbd.if.ptrace serefpolicy-3.10.0/policy/modules/services/drbd.if
---- serefpolicy-3.10.0/policy/modules/services/drbd.if.ptrace 2011-10-27 13:59:13.200914098 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/drbd.if 2011-10-27 13:59:14.157913368 -0400
+--- serefpolicy-3.10.0/policy/modules/services/drbd.if.ptrace 2011-11-02 16:20:57.757744000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/drbd.if 2011-11-02 16:21:01.519398000 -0400
@@ -120,8 +120,11 @@ interface(`drbd_admin',`
type drbd_var_lib_t;
')
@@ -1496,8 +1496,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/drbd.if.ptrace serefpolicy-3
files_search_var_lib($1)
admin_pattern($1, drbd_var_lib_t)
diff -up serefpolicy-3.10.0/policy/modules/services/dspam.if.ptrace serefpolicy-3.10.0/policy/modules/services/dspam.if
---- serefpolicy-3.10.0/policy/modules/services/dspam.if.ptrace 2011-10-27 13:59:13.203914095 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/dspam.if 2011-10-27 13:59:14.159913366 -0400
+--- serefpolicy-3.10.0/policy/modules/services/dspam.if.ptrace 2011-11-02 16:20:57.776739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/dspam.if 2011-11-02 16:21:01.525395000 -0400
@@ -244,8 +244,11 @@ interface(`dspam_admin',`
type dspam_var_run_t;
')
@@ -1512,8 +1512,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dspam.if.ptrace serefpolicy-
dspam_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/exim.if.ptrace serefpolicy-3.10.0/policy/modules/services/exim.if
---- serefpolicy-3.10.0/policy/modules/services/exim.if.ptrace 2011-10-27 13:59:13.208914090 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/exim.if 2011-10-27 13:59:14.161913365 -0400
+--- serefpolicy-3.10.0/policy/modules/services/exim.if.ptrace 2011-11-02 16:20:57.789739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/exim.if 2011-11-02 16:21:01.532395000 -0400
@@ -260,8 +260,11 @@ interface(`exim_admin',`
type exim_tmp_t, exim_spool_t, exim_var_run_t;
')
@@ -1528,8 +1528,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/exim.if.ptrace serefpolicy-3
exim_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/fail2ban.if.ptrace serefpolicy-3.10.0/policy/modules/services/fail2ban.if
---- serefpolicy-3.10.0/policy/modules/services/fail2ban.if.ptrace 2011-10-27 13:59:13.212914089 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/fail2ban.if 2011-10-27 13:59:14.162913365 -0400
+--- serefpolicy-3.10.0/policy/modules/services/fail2ban.if.ptrace 2011-11-02 16:20:57.806739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/fail2ban.if 2011-11-02 16:21:01.538401000 -0400
@@ -199,8 +199,11 @@ interface(`fail2ban_admin',`
type fail2ban_client_t;
')
@@ -1544,8 +1544,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/fail2ban.if.ptrace serefpoli
init_labeled_script_domtrans($1, fail2ban_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/fcoemon.if.ptrace serefpolicy-3.10.0/policy/modules/services/fcoemon.if
---- serefpolicy-3.10.0/policy/modules/services/fcoemon.if.ptrace 2011-10-27 13:59:13.215914086 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/fcoemon.if 2011-10-27 13:59:14.164913365 -0400
+--- serefpolicy-3.10.0/policy/modules/services/fcoemon.if.ptrace 2011-11-02 16:20:57.816744000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/fcoemon.if 2011-11-02 16:21:01.545398000 -0400
@@ -81,8 +81,11 @@ interface(`fcoemon_admin',`
type fcoemon_var_run_t;
')
@@ -1560,8 +1560,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/fcoemon.if.ptrace serefpolic
files_search_pids($1)
admin_pattern($1, fcoemon_var_run_t)
diff -up serefpolicy-3.10.0/policy/modules/services/fetchmail.if.ptrace serefpolicy-3.10.0/policy/modules/services/fetchmail.if
---- serefpolicy-3.10.0/policy/modules/services/fetchmail.if.ptrace 2011-10-27 13:59:13.220914081 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/fetchmail.if 2011-10-27 13:59:14.166913363 -0400
+--- serefpolicy-3.10.0/policy/modules/services/fetchmail.if.ptrace 2011-11-02 16:20:57.828739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/fetchmail.if 2011-11-02 16:21:01.551398000 -0400
@@ -18,8 +18,11 @@ interface(`fetchmail_admin',`
type fetchmail_var_run_t;
')
@@ -1576,8 +1576,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/fetchmail.if.ptrace serefpol
files_list_etc($1)
admin_pattern($1, fetchmail_etc_t)
diff -up serefpolicy-3.10.0/policy/modules/services/firewalld.if.ptrace serefpolicy-3.10.0/policy/modules/services/firewalld.if
---- serefpolicy-3.10.0/policy/modules/services/firewalld.if.ptrace 2011-10-27 13:59:13.224914078 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/firewalld.if 2011-10-27 13:59:14.167913362 -0400
+--- serefpolicy-3.10.0/policy/modules/services/firewalld.if.ptrace 2011-11-02 16:20:57.844739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/firewalld.if 2011-11-02 16:21:01.556407000 -0400
@@ -62,8 +62,11 @@ interface(`firewalld_admin',`
type firewalld_initrc_exec_t;
')
@@ -1592,8 +1592,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/firewalld.if.ptrace serefpol
firewalld_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/fprintd.te.ptrace serefpolicy-3.10.0/policy/modules/services/fprintd.te
---- serefpolicy-3.10.0/policy/modules/services/fprintd.te.ptrace 2011-10-27 13:59:13.228914077 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/fprintd.te 2011-10-27 13:59:14.169913360 -0400
+--- serefpolicy-3.10.0/policy/modules/services/fprintd.te.ptrace 2011-11-02 16:20:57.856741000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/fprintd.te 2011-11-02 16:21:01.562407000 -0400
@@ -17,7 +17,8 @@ files_type(fprintd_var_lib_t)
# Local policy
#
@@ -1605,8 +1605,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/fprintd.te.ptrace serefpolic
allow fprintd_t self:process { getsched setsched signal };
diff -up serefpolicy-3.10.0/policy/modules/services/ftp.if.ptrace serefpolicy-3.10.0/policy/modules/services/ftp.if
---- serefpolicy-3.10.0/policy/modules/services/ftp.if.ptrace 2011-10-27 13:59:13.231914074 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ftp.if 2011-10-27 13:59:14.171913358 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ftp.if.ptrace 2011-11-02 16:20:57.879739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ftp.if 2011-11-02 16:21:01.569395000 -0400
@@ -237,8 +237,11 @@ interface(`ftp_admin',`
type ftpd_initrc_exec_t;
')
@@ -1621,8 +1621,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ftp.if.ptrace serefpolicy-3.
init_labeled_script_domtrans($1, ftpd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/git.if.ptrace serefpolicy-3.10.0/policy/modules/services/git.if
---- serefpolicy-3.10.0/policy/modules/services/git.if.ptrace 2011-10-27 13:59:13.237914068 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/git.if 2011-10-27 13:59:14.173913356 -0400
+--- serefpolicy-3.10.0/policy/modules/services/git.if.ptrace 2011-11-02 16:20:57.903739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/git.if 2011-11-02 16:21:01.577395000 -0400
@@ -42,8 +42,11 @@ interface(`git_session_role',`
domtrans_pattern($2, gitd_exec_t, git_session_t)
@@ -1637,8 +1637,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/git.if.ptrace serefpolicy-3.
########################################
diff -up serefpolicy-3.10.0/policy/modules/services/glance.if.ptrace serefpolicy-3.10.0/policy/modules/services/glance.if
---- serefpolicy-3.10.0/policy/modules/services/glance.if.ptrace 2011-10-27 13:59:13.242914065 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/glance.if 2011-10-27 13:59:14.174913355 -0400
+--- serefpolicy-3.10.0/policy/modules/services/glance.if.ptrace 2011-11-02 16:20:57.914739000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/glance.if 2011-11-02 16:21:01.582398000 -0400
@@ -245,10 +245,14 @@ interface(`glance_admin',`
type glance_api_initrc_exec_t;
')
@@ -1657,8 +1657,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/glance.if.ptrace serefpolicy
init_labeled_script_domtrans($1, glance_registry_initrc_exec_t)
diff -up serefpolicy-3.10.0/policy/modules/services/gnomeclock.te.ptrace serefpolicy-3.10.0/policy/modules/services/gnomeclock.te
---- serefpolicy-3.10.0/policy/modules/services/gnomeclock.te.ptrace 2011-10-27 13:59:13.247914062 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/gnomeclock.te 2011-10-27 13:59:14.176913354 -0400
+--- serefpolicy-3.10.0/policy/modules/services/gnomeclock.te.ptrace 2011-11-02 16:20:57.931742000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/gnomeclock.te 2011-11-02 16:21:01.589396000 -0400
@@ -14,7 +14,7 @@ dbus_system_domain(gnomeclock_t, gnomecl
# gnomeclock local policy
#
@@ -1669,8 +1669,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/gnomeclock.te.ptrace serefpo
allow gnomeclock_t self:fifo_file rw_fifo_file_perms;
allow gnomeclock_t self:unix_stream_socket create_stream_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/gpsd.te.ptrace serefpolicy-3.10.0/policy/modules/services/gpsd.te
---- serefpolicy-3.10.0/policy/modules/services/gpsd.te.ptrace 2011-10-27 13:59:13.251914058 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/gpsd.te 2011-10-27 13:59:14.178913354 -0400
+--- serefpolicy-3.10.0/policy/modules/services/gpsd.te.ptrace 2011-11-02 16:20:57.947742000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/gpsd.te 2011-11-02 16:21:01.595395000 -0400
@@ -25,7 +25,7 @@ files_pid_file(gpsd_var_run_t)
#
@@ -1681,8 +1681,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/gpsd.te.ptrace serefpolicy-3
allow gpsd_t self:shm create_shm_perms;
allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto };
diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.ptrace serefpolicy-3.10.0/policy/modules/services/hadoop.if
---- serefpolicy-3.10.0/policy/modules/services/hadoop.if.ptrace 2011-10-27 13:59:13.917913552 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/hadoop.if 2011-10-27 13:59:14.180913352 -0400
+--- serefpolicy-3.10.0/policy/modules/services/hadoop.if.ptrace 2011-11-02 16:21:00.551481000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/hadoop.if 2011-11-02 16:21:01.603404000 -0400
@@ -222,14 +222,21 @@ interface(`hadoop_role',`
hadoop_domtrans($2)
role $1 types hadoop_t;
@@ -1708,8 +1708,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.ptrace serefpolicy
########################################
diff -up serefpolicy-3.10.0/policy/modules/services/hal.if.ptrace serefpolicy-3.10.0/policy/modules/services/hal.if
---- serefpolicy-3.10.0/policy/modules/services/hal.if.ptrace 2011-10-27 13:59:13.257914054 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/hal.if 2011-10-27 13:59:14.181913351 -0400
+--- serefpolicy-3.10.0/policy/modules/services/hal.if.ptrace 2011-11-02 16:20:57.980718000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/hal.if 2011-11-02 16:21:01.612397000 -0400
@@ -70,7 +70,9 @@ interface(`hal_ptrace',`
type hald_t;
')
@@ -1722,8 +1722,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hal.if.ptrace serefpolicy-3.
########################################
diff -up serefpolicy-3.10.0/policy/modules/services/hal.te.ptrace serefpolicy-3.10.0/policy/modules/services/hal.te
---- serefpolicy-3.10.0/policy/modules/services/hal.te.ptrace 2011-10-27 13:59:13.261914051 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/hal.te 2011-10-27 13:59:14.183913349 -0400
+--- serefpolicy-3.10.0/policy/modules/services/hal.te.ptrace 2011-11-02 16:20:57.988710000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/hal.te 2011-11-02 16:21:01.619399000 -0400
@@ -64,7 +64,7 @@ typealias hald_var_run_t alias pmtools_v
# execute openvt which needs setuid
@@ -1734,8 +1734,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hal.te.ptrace serefpolicy-3.
allow hald_t self:fifo_file rw_fifo_file_perms;
allow hald_t self:unix_stream_socket { create_stream_socket_perms connectto };
diff -up serefpolicy-3.10.0/policy/modules/services/hddtemp.if.ptrace serefpolicy-3.10.0/policy/modules/services/hddtemp.if
---- serefpolicy-3.10.0/policy/modules/services/hddtemp.if.ptrace 2011-10-27 13:59:13.262914050 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/hddtemp.if 2011-10-27 13:59:14.185913347 -0400
+--- serefpolicy-3.10.0/policy/modules/services/hddtemp.if.ptrace 2011-11-02 16:20:57.994704000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/hddtemp.if 2011-11-02 16:21:01.626395000 -0400
@@ -60,8 +60,11 @@ interface(`hddtemp_admin',`
type hddtemp_t, hddtemp_etc_t, hddtemp_initrc_exec_t;
')
@@ -1750,8 +1750,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hddtemp.if.ptrace serefpolic
init_labeled_script_domtrans($1, hddtemp_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/icecast.if.ptrace serefpolicy-3.10.0/policy/modules/services/icecast.if
---- serefpolicy-3.10.0/policy/modules/services/icecast.if.ptrace 2011-10-27 13:59:13.265914047 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/icecast.if 2011-10-27 13:59:14.186913346 -0400
+--- serefpolicy-3.10.0/policy/modules/services/icecast.if.ptrace 2011-11-02 16:20:58.005694000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/icecast.if 2011-11-02 16:21:01.632396000 -0400
@@ -173,8 +173,11 @@ interface(`icecast_admin',`
type icecast_t, icecast_initrc_exec_t;
')
@@ -1766,8 +1766,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/icecast.if.ptrace serefpolic
# Allow icecast_t to restart the apache service
icecast_initrc_domtrans($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ifplugd.if.ptrace serefpolicy-3.10.0/policy/modules/services/ifplugd.if
---- serefpolicy-3.10.0/policy/modules/services/ifplugd.if.ptrace 2011-10-27 13:59:13.267914045 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ifplugd.if 2011-10-27 13:59:14.188913344 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ifplugd.if.ptrace 2011-11-02 16:20:58.016684000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ifplugd.if 2011-11-02 16:21:01.639397000 -0400
@@ -117,7 +117,7 @@ interface(`ifplugd_admin',`
type ifplugd_initrc_exec_t;
')
@@ -1778,8 +1778,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ifplugd.if.ptrace serefpolic
init_labeled_script_domtrans($1, ifplugd_initrc_exec_t)
diff -up serefpolicy-3.10.0/policy/modules/services/ifplugd.te.ptrace serefpolicy-3.10.0/policy/modules/services/ifplugd.te
---- serefpolicy-3.10.0/policy/modules/services/ifplugd.te.ptrace 2011-10-27 13:59:13.268914044 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ifplugd.te 2011-10-27 13:59:14.190913343 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ifplugd.te.ptrace 2011-11-02 16:20:58.021679000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ifplugd.te 2011-11-02 16:21:01.645395000 -0400
@@ -26,7 +26,7 @@ files_pid_file(ifplugd_var_run_t)
#
@@ -1790,8 +1790,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ifplugd.te.ptrace serefpolic
allow ifplugd_t self:fifo_file rw_fifo_file_perms;
allow ifplugd_t self:tcp_socket create_stream_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/inn.if.ptrace serefpolicy-3.10.0/policy/modules/services/inn.if
---- serefpolicy-3.10.0/policy/modules/services/inn.if.ptrace 2011-10-27 13:59:13.274914042 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/inn.if 2011-10-27 13:59:14.191913343 -0400
+--- serefpolicy-3.10.0/policy/modules/services/inn.if.ptrace 2011-11-02 16:20:58.045653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/inn.if 2011-11-02 16:21:01.653395000 -0400
@@ -202,8 +202,11 @@ interface(`inn_admin',`
type innd_initrc_exec_t;
')
@@ -1806,8 +1806,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/inn.if.ptrace serefpolicy-3.
init_labeled_script_domtrans($1, innd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/jabber.if.ptrace serefpolicy-3.10.0/policy/modules/services/jabber.if
---- serefpolicy-3.10.0/policy/modules/services/jabber.if.ptrace 2011-10-27 13:59:13.279914037 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/jabber.if 2011-10-27 13:59:14.193913343 -0400
+--- serefpolicy-3.10.0/policy/modules/services/jabber.if.ptrace 2011-11-02 16:20:58.067653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/jabber.if 2011-11-02 16:21:01.659399000 -0400
@@ -143,10 +143,14 @@ interface(`jabber_admin',`
type jabberd_initrc_exec_t, jabberd_router_t;
')
@@ -1826,8 +1826,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/jabber.if.ptrace serefpolicy
init_labeled_script_domtrans($1, jabberd_initrc_exec_t)
diff -up serefpolicy-3.10.0/policy/modules/services/kerberos.if.ptrace serefpolicy-3.10.0/policy/modules/services/kerberos.if
---- serefpolicy-3.10.0/policy/modules/services/kerberos.if.ptrace 2011-10-27 13:59:13.285914031 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/kerberos.if 2011-10-27 13:59:14.195913341 -0400
+--- serefpolicy-3.10.0/policy/modules/services/kerberos.if.ptrace 2011-11-02 16:20:58.085653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/kerberos.if 2011-11-02 16:21:01.666395000 -0400
@@ -340,13 +340,18 @@ interface(`kerberos_admin',`
type krb5kdc_var_run_t, krb5_host_rcache_t;
')
@@ -1851,8 +1851,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/kerberos.if.ptrace serefpoli
init_labeled_script_domtrans($1, kerberos_initrc_exec_t)
diff -up serefpolicy-3.10.0/policy/modules/services/kerneloops.if.ptrace serefpolicy-3.10.0/policy/modules/services/kerneloops.if
---- serefpolicy-3.10.0/policy/modules/services/kerneloops.if.ptrace 2011-10-27 13:59:13.288914030 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/kerneloops.if 2011-10-27 13:59:14.196913340 -0400
+--- serefpolicy-3.10.0/policy/modules/services/kerneloops.if.ptrace 2011-11-02 16:20:58.098653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/kerneloops.if 2011-11-02 16:21:01.672398000 -0400
@@ -101,8 +101,11 @@ interface(`kerneloops_admin',`
type kerneloops_t, kerneloops_initrc_exec_t, kerneloops_tmp_t;
')
@@ -1867,8 +1867,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/kerneloops.if.ptrace serefpo
init_labeled_script_domtrans($1, kerneloops_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ksmtuned.if.ptrace serefpolicy-3.10.0/policy/modules/services/ksmtuned.if
---- serefpolicy-3.10.0/policy/modules/services/ksmtuned.if.ptrace 2011-10-27 13:59:13.294914026 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ksmtuned.if 2011-10-27 13:59:14.198913338 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ksmtuned.if.ptrace 2011-11-02 16:20:58.114656000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ksmtuned.if 2011-11-02 16:21:01.678398000 -0400
@@ -58,8 +58,11 @@ interface(`ksmtuned_admin',`
type ksmtuned_t, ksmtuned_var_run_t, ksmtuned_initrc_exec_t;
')
@@ -1883,8 +1883,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ksmtuned.if.ptrace serefpoli
files_list_pids($1)
admin_pattern($1, ksmtuned_var_run_t)
diff -up serefpolicy-3.10.0/policy/modules/services/ksmtuned.te.ptrace serefpolicy-3.10.0/policy/modules/services/ksmtuned.te
---- serefpolicy-3.10.0/policy/modules/services/ksmtuned.te.ptrace 2011-10-27 13:59:13.295914025 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ksmtuned.te 2011-10-27 13:59:14.200913336 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ksmtuned.te.ptrace 2011-11-02 16:20:58.119656000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ksmtuned.te 2011-11-02 16:21:01.684398000 -0400
@@ -23,7 +23,7 @@ files_pid_file(ksmtuned_var_run_t)
# ksmtuned local policy
#
@@ -1895,8 +1895,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ksmtuned.te.ptrace serefpoli
manage_dirs_pattern(ksmtuned_t, ksmtuned_log_t, ksmtuned_log_t)
diff -up serefpolicy-3.10.0/policy/modules/services/l2tpd.if.ptrace serefpolicy-3.10.0/policy/modules/services/l2tpd.if
---- serefpolicy-3.10.0/policy/modules/services/l2tpd.if.ptrace 2011-10-27 13:59:13.299914021 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/l2tpd.if 2011-10-27 13:59:14.201913335 -0400
+--- serefpolicy-3.10.0/policy/modules/services/l2tpd.if.ptrace 2011-11-02 16:20:58.130653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/l2tpd.if 2011-11-02 16:21:01.690398000 -0400
@@ -101,8 +101,11 @@ interface(`l2tpd_admin',`
type l2tpd_var_run_t;
')
@@ -1911,8 +1911,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/l2tpd.if.ptrace serefpolicy-
l2tpd_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ldap.if.ptrace serefpolicy-3.10.0/policy/modules/services/ldap.if
---- serefpolicy-3.10.0/policy/modules/services/ldap.if.ptrace 2011-10-27 13:59:13.302914019 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ldap.if 2011-10-27 13:59:14.203913333 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ldap.if.ptrace 2011-11-02 16:20:58.152655000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ldap.if 2011-11-02 16:21:01.697394000 -0400
@@ -174,8 +174,11 @@ interface(`ldap_admin',`
type slapd_initrc_exec_t;
')
@@ -1928,7 +1928,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ldap.if.ptrace serefpolicy-3
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/lircd.if.ptrace serefpolicy-3.10.0/policy/modules/services/lircd.if
--- serefpolicy-3.10.0/policy/modules/services/lircd.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/lircd.if 2011-10-27 13:59:14.210913330 -0400
++++ serefpolicy-3.10.0/policy/modules/services/lircd.if 2011-11-02 16:21:01.703395000 -0400
@@ -80,8 +80,11 @@ interface(`lircd_admin',`
type lircd_initrc_exec_t, lircd_etc_t;
')
@@ -1943,8 +1943,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/lircd.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, lircd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/lldpad.if.ptrace serefpolicy-3.10.0/policy/modules/services/lldpad.if
---- serefpolicy-3.10.0/policy/modules/services/lldpad.if.ptrace 2011-10-27 13:59:13.312914011 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/lldpad.if 2011-10-27 13:59:14.211913329 -0400
+--- serefpolicy-3.10.0/policy/modules/services/lldpad.if.ptrace 2011-11-02 16:20:58.186653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/lldpad.if 2011-11-02 16:21:01.709395000 -0400
@@ -180,8 +180,11 @@ interface(`lldpad_admin',`
type lldpad_var_run_t;
')
@@ -1959,8 +1959,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/lldpad.if.ptrace serefpolicy
lldpad_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/lpd.if.ptrace serefpolicy-3.10.0/policy/modules/services/lpd.if
---- serefpolicy-3.10.0/policy/modules/services/lpd.if.ptrace 2011-10-27 13:59:13.315914008 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/lpd.if 2011-10-27 13:59:14.213913327 -0400
+--- serefpolicy-3.10.0/policy/modules/services/lpd.if.ptrace 2011-11-02 16:20:58.193653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/lpd.if 2011-11-02 16:21:01.715398000 -0400
@@ -28,7 +28,10 @@ interface(`lpd_role',`
dontaudit lpr_t $2:unix_stream_socket { read write };
@@ -1974,8 +1974,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/lpd.if.ptrace serefpolicy-3.
optional_policy(`
cups_read_config($2)
diff -up serefpolicy-3.10.0/policy/modules/services/mailscanner.if.ptrace serefpolicy-3.10.0/policy/modules/services/mailscanner.if
---- serefpolicy-3.10.0/policy/modules/services/mailscanner.if.ptrace 2011-10-27 13:59:13.323914004 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/mailscanner.if 2011-10-27 13:59:14.215913325 -0400
+--- serefpolicy-3.10.0/policy/modules/services/mailscanner.if.ptrace 2011-11-02 16:20:58.222653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/mailscanner.if 2011-11-02 16:21:01.721395000 -0400
@@ -47,8 +47,11 @@ interface(`mailscanner_admin',`
role_transition $2 mscan_initrc_exec_t system_r;
allow $2 system_r;
@@ -1990,34 +1990,10 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mailscanner.if.ptrace serefp
admin_pattern($1, mscan_etc_t)
files_list_etc($1)
diff -up serefpolicy-3.10.0/policy/modules/services/matahari.if.ptrace serefpolicy-3.10.0/policy/modules/services/matahari.if
---- serefpolicy-3.10.0/policy/modules/services/matahari.if.ptrace 2011-10-27 13:59:13.328913999 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/matahari.if 2011-10-27 13:59:14.216913324 -0400
-@@ -229,13 +229,18 @@ interface(`matahari_admin',`
- role_transition $2 matahari_initrc_exec_t system_r;
- allow $2 system_r;
-
-- allow $1 matahari_netd_t:process { ptrace signal_perms };
-+ allow $1 matahari_netd_t:process signal_perms;
- ps_process_pattern($1, matahari_netd_t)
-+ tunable_policy(`deny_ptrace',`',`
-+ allow $1 matahari_netd_t:process ptrace;
-+ allow $1 matahari_hostd_t:process ptrace;
-+ allow $1 matahari_serviced_t:process ptrace;
-+ ')
-
-- allow $1 matahari_hostd_t:process { ptrace signal_perms };
-+ allow $1 matahari_hostd_t:process signal_perms;
- ps_process_pattern($1, matahari_hostd_t)
-
-- allow $1 matahari_serviced_t:process { ptrace signal_perms };
-+ allow $1 matahari_serviced_t:process signal_perms;
- ps_process_pattern($1, matahari_serviced_t)
-
- files_search_var_lib($1)
diff -up serefpolicy-3.10.0/policy/modules/services/matahari.te.ptrace serefpolicy-3.10.0/policy/modules/services/matahari.te
---- serefpolicy-3.10.0/policy/modules/services/matahari.te.ptrace 2011-10-27 13:59:13.329913998 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/matahari.te 2011-10-27 13:59:14.218913322 -0400
-@@ -24,9 +24,6 @@ files_pid_file(matahari_var_run_t)
+--- serefpolicy-3.10.0/policy/modules/services/matahari.te.ptrace 2011-11-02 16:20:58.231654000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/matahari.te 2011-11-02 16:21:01.734398000 -0400
+@@ -25,9 +25,6 @@ files_pid_file(matahari_var_run_t)
#
# matahari_hostd local policy
#
@@ -2028,8 +2004,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/matahari.te.ptrace serefpoli
dev_read_sysfs(matahari_hostd_t)
diff -up serefpolicy-3.10.0/policy/modules/services/memcached.if.ptrace serefpolicy-3.10.0/policy/modules/services/memcached.if
---- serefpolicy-3.10.0/policy/modules/services/memcached.if.ptrace 2011-10-27 13:59:13.331913997 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/memcached.if 2011-10-27 13:59:14.220913320 -0400
+--- serefpolicy-3.10.0/policy/modules/services/memcached.if.ptrace 2011-11-02 16:20:58.241656000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/memcached.if 2011-11-02 16:21:01.741404000 -0400
@@ -59,8 +59,11 @@ interface(`memcached_admin',`
type memcached_t, memcached_initrc_exec_t, memcached_var_run_t;
')
@@ -2044,8 +2020,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/memcached.if.ptrace serefpol
init_labeled_script_domtrans($1, memcached_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/mock.if.ptrace serefpolicy-3.10.0/policy/modules/services/mock.if
---- serefpolicy-3.10.0/policy/modules/services/mock.if.ptrace 2011-10-27 13:59:13.339913990 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/mock.if 2011-10-27 13:59:14.222913319 -0400
+--- serefpolicy-3.10.0/policy/modules/services/mock.if.ptrace 2011-11-02 16:20:58.277653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/mock.if 2011-11-02 16:21:01.747395000 -0400
@@ -245,7 +245,10 @@ interface(`mock_role',`
mock_run($2, $1)
@@ -2076,8 +2052,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mock.if.ptrace serefpolicy-3
files_list_var_lib($1)
diff -up serefpolicy-3.10.0/policy/modules/services/mock.te.ptrace serefpolicy-3.10.0/policy/modules/services/mock.te
---- serefpolicy-3.10.0/policy/modules/services/mock.te.ptrace 2011-10-27 13:59:13.340913989 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/mock.te 2011-10-27 13:59:14.224913319 -0400
+--- serefpolicy-3.10.0/policy/modules/services/mock.te.ptrace 2011-11-02 16:20:58.280653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/mock.te 2011-11-02 16:21:01.753397000 -0400
@@ -41,7 +41,7 @@ files_config_file(mock_etc_t)
# mock local policy
#
@@ -2097,8 +2073,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mock.te.ptrace serefpolicy-3
allow mock_build_t self:process { fork setsched setpgid signal_perms };
allow mock_build_t self:netlink_audit_socket { create_socket_perms nlmsg_relay };
diff -up serefpolicy-3.10.0/policy/modules/services/mojomojo.if.ptrace serefpolicy-3.10.0/policy/modules/services/mojomojo.if
---- serefpolicy-3.10.0/policy/modules/services/mojomojo.if.ptrace 2011-10-27 13:59:13.344913989 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/mojomojo.if 2011-10-27 13:59:14.225913318 -0400
+--- serefpolicy-3.10.0/policy/modules/services/mojomojo.if.ptrace 2011-11-02 16:20:58.295655000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/mojomojo.if 2011-11-02 16:21:01.759415000 -0400
@@ -24,8 +24,11 @@ interface(`mojomojo_admin',`
type httpd_mojomojo_script_exec_t;
')
@@ -2114,7 +2090,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mojomojo.if.ptrace serefpoli
admin_pattern($1, httpd_mojomojo_tmp_t)
diff -up serefpolicy-3.10.0/policy/modules/services/mpd.if.ptrace serefpolicy-3.10.0/policy/modules/services/mpd.if
--- serefpolicy-3.10.0/policy/modules/services/mpd.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/mpd.if 2011-10-27 13:59:14.227913316 -0400
++++ serefpolicy-3.10.0/policy/modules/services/mpd.if 2011-11-02 16:21:01.766396000 -0400
@@ -244,8 +244,11 @@ interface(`mpd_admin',`
type mpd_tmpfs_t;
')
@@ -2129,8 +2105,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mpd.if.ptrace serefpolicy-3.
mpd_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/munin.if.ptrace serefpolicy-3.10.0/policy/modules/services/munin.if
---- serefpolicy-3.10.0/policy/modules/services/munin.if.ptrace 2011-10-27 13:59:13.360913976 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/munin.if 2011-10-27 13:59:14.229913314 -0400
+--- serefpolicy-3.10.0/policy/modules/services/munin.if.ptrace 2011-11-02 16:20:58.340653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/munin.if 2011-11-02 16:21:01.773395000 -0400
@@ -183,8 +183,11 @@ interface(`munin_admin',`
type httpd_munin_content_t, munin_initrc_exec_t;
')
@@ -2145,8 +2121,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/munin.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, munin_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/mysql.if.ptrace serefpolicy-3.10.0/policy/modules/services/mysql.if
---- serefpolicy-3.10.0/policy/modules/services/mysql.if.ptrace 2011-10-27 13:59:13.364913973 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/mysql.if 2011-10-27 13:59:14.230913313 -0400
+--- serefpolicy-3.10.0/policy/modules/services/mysql.if.ptrace 2011-11-02 16:20:58.353653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/mysql.if 2011-11-02 16:21:01.780396000 -0400
@@ -389,8 +389,11 @@ interface(`mysql_admin',`
type mysqld_etc_t;
')
@@ -2161,8 +2137,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mysql.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, mysqld_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/mysql.te.ptrace serefpolicy-3.10.0/policy/modules/services/mysql.te
---- serefpolicy-3.10.0/policy/modules/services/mysql.te.ptrace 2011-10-27 13:59:13.365913972 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/mysql.te 2011-10-27 13:59:14.232913311 -0400
+--- serefpolicy-3.10.0/policy/modules/services/mysql.te.ptrace 2011-11-02 16:20:58.360653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/mysql.te 2011-11-02 16:21:01.787395000 -0400
@@ -158,7 +158,6 @@ optional_policy(`
#
@@ -2172,8 +2148,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mysql.te.ptrace serefpolicy-
allow mysqld_safe_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/nagios.if.ptrace serefpolicy-3.10.0/policy/modules/services/nagios.if
---- serefpolicy-3.10.0/policy/modules/services/nagios.if.ptrace 2011-10-27 13:59:13.368913969 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/nagios.if 2011-10-27 13:59:14.234913309 -0400
+--- serefpolicy-3.10.0/policy/modules/services/nagios.if.ptrace 2011-11-02 16:20:58.372653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/nagios.if 2011-11-02 16:21:01.794395000 -0400
@@ -225,8 +225,11 @@ interface(`nagios_admin',`
type nagios_etc_t, nrpe_etc_t, nagios_spool_t;
')
@@ -2188,8 +2164,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nagios.if.ptrace serefpolicy
init_labeled_script_domtrans($1, nagios_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/networkmanager.te.ptrace serefpolicy-3.10.0/policy/modules/services/networkmanager.te
---- serefpolicy-3.10.0/policy/modules/services/networkmanager.te.ptrace 2011-10-27 13:59:13.377913962 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/networkmanager.te 2011-10-27 13:59:14.236913308 -0400
+--- serefpolicy-3.10.0/policy/modules/services/networkmanager.te.ptrace 2011-11-02 16:20:58.412654000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/networkmanager.te 2011-11-02 16:21:01.802395000 -0400
@@ -44,13 +44,17 @@ init_system_domain(wpa_cli_t, wpa_cli_ex
# networkmanager will ptrace itself if gdb is installed
@@ -2212,8 +2188,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/networkmanager.te.ptrace ser
allow NetworkManager_t self:unix_dgram_socket { sendto create_socket_perms };
allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/nis.if.ptrace serefpolicy-3.10.0/policy/modules/services/nis.if
---- serefpolicy-3.10.0/policy/modules/services/nis.if.ptrace 2011-10-27 13:59:13.380913959 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/nis.if 2011-10-27 13:59:14.239913308 -0400
+--- serefpolicy-3.10.0/policy/modules/services/nis.if.ptrace 2011-11-02 16:20:58.424653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/nis.if 2011-11-02 16:21:01.809419000 -0400
@@ -390,16 +390,22 @@ interface(`nis_admin',`
type ypbind_initrc_exec_t, nis_initrc_exec_t, ypxfr_t;
')
@@ -2242,8 +2218,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nis.if.ptrace serefpolicy-3.
nis_initrc_domtrans($1)
diff -up serefpolicy-3.10.0/policy/modules/services/nscd.if.ptrace serefpolicy-3.10.0/policy/modules/services/nscd.if
---- serefpolicy-3.10.0/policy/modules/services/nscd.if.ptrace 2011-10-27 13:59:13.386913957 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/nscd.if 2011-10-27 13:59:14.241913306 -0400
+--- serefpolicy-3.10.0/policy/modules/services/nscd.if.ptrace 2011-11-02 16:20:58.444653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/nscd.if 2011-11-02 16:21:01.818395000 -0400
@@ -321,8 +321,11 @@ interface(`nscd_admin',`
type nscd_initrc_exec_t;
')
@@ -2258,8 +2234,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nscd.if.ptrace serefpolicy-3
init_labeled_script_domtrans($1, nscd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/nscd.te.ptrace serefpolicy-3.10.0/policy/modules/services/nscd.te
---- serefpolicy-3.10.0/policy/modules/services/nscd.te.ptrace 2011-10-27 13:59:13.388913955 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/nscd.te 2011-10-27 13:59:14.242913305 -0400
+--- serefpolicy-3.10.0/policy/modules/services/nscd.te.ptrace 2011-11-02 16:20:58.450653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/nscd.te 2011-11-02 16:21:01.824397000 -0400
@@ -40,7 +40,7 @@ logging_log_file(nscd_log_t)
# Local policy
#
@@ -2270,8 +2246,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nscd.te.ptrace serefpolicy-3
allow nscd_t self:process { getattr getcap setcap setsched signal_perms };
allow nscd_t self:fifo_file read_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/nslcd.if.ptrace serefpolicy-3.10.0/policy/modules/services/nslcd.if
---- serefpolicy-3.10.0/policy/modules/services/nslcd.if.ptrace 2011-10-27 13:59:13.389913954 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/nslcd.if 2011-10-27 13:59:14.244913303 -0400
+--- serefpolicy-3.10.0/policy/modules/services/nslcd.if.ptrace 2011-11-02 16:20:58.456653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/nslcd.if 2011-11-02 16:21:01.830405000 -0400
@@ -98,7 +98,10 @@ interface(`nslcd_admin',`
')
@@ -2285,8 +2261,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nslcd.if.ptrace serefpolicy-
# Allow nslcd_t to restart the apache service
nslcd_initrc_domtrans($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ntp.if.ptrace serefpolicy-3.10.0/policy/modules/services/ntp.if
---- serefpolicy-3.10.0/policy/modules/services/ntp.if.ptrace 2011-10-27 13:59:13.396913947 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ntp.if 2011-10-27 13:59:14.246913301 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ntp.if.ptrace 2011-11-02 16:20:58.478653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ntp.if 2011-11-02 16:21:01.837400000 -0400
@@ -204,8 +204,11 @@ interface(`ntp_admin',`
type ntpd_key_t, ntpd_var_run_t, ntpd_initrc_exec_t;
')
@@ -2301,8 +2277,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ntp.if.ptrace serefpolicy-3.
init_labeled_script_domtrans($1, ntpd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/oident.if.ptrace serefpolicy-3.10.0/policy/modules/services/oident.if
---- serefpolicy-3.10.0/policy/modules/services/oident.if.ptrace 2011-10-27 13:59:13.409913938 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/oident.if 2011-10-27 13:59:14.247913300 -0400
+--- serefpolicy-3.10.0/policy/modules/services/oident.if.ptrace 2011-11-02 16:20:58.530653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/oident.if 2011-11-02 16:21:01.843398000 -0400
@@ -89,8 +89,11 @@ interface(`oident_admin',`
type oidentd_t, oidentd_initrc_exec_t, oidentd_config_t;
')
@@ -2318,7 +2294,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/oident.if.ptrace serefpolicy
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/openvpn.if.ptrace serefpolicy-3.10.0/policy/modules/services/openvpn.if
--- serefpolicy-3.10.0/policy/modules/services/openvpn.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/openvpn.if 2011-10-27 13:59:14.250913297 -0400
++++ serefpolicy-3.10.0/policy/modules/services/openvpn.if 2011-11-02 16:21:01.849397000 -0400
@@ -144,8 +144,11 @@ interface(`openvpn_admin',`
type openvpn_var_run_t, openvpn_initrc_exec_t;
')
@@ -2333,8 +2309,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/openvpn.if.ptrace serefpolic
init_labeled_script_domtrans($1, openvpn_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/pads.if.ptrace serefpolicy-3.10.0/policy/modules/services/pads.if
---- serefpolicy-3.10.0/policy/modules/services/pads.if.ptrace 2011-10-27 13:59:13.417913932 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/pads.if 2011-10-27 13:59:14.254913295 -0400
+--- serefpolicy-3.10.0/policy/modules/services/pads.if.ptrace 2011-11-02 16:20:58.557653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/pads.if 2011-11-02 16:21:01.854402000 -0400
@@ -31,8 +31,11 @@ interface(`pads_admin',`
type pads_var_run_t;
')
@@ -2349,8 +2325,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/pads.if.ptrace serefpolicy-3
init_labeled_script_domtrans($1, pads_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/pingd.if.ptrace serefpolicy-3.10.0/policy/modules/services/pingd.if
---- serefpolicy-3.10.0/policy/modules/services/pingd.if.ptrace 2011-10-27 13:59:13.426913925 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/pingd.if 2011-10-27 13:59:14.255913295 -0400
+--- serefpolicy-3.10.0/policy/modules/services/pingd.if.ptrace 2011-11-02 16:20:58.590653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/pingd.if 2011-11-02 16:21:01.866400000 -0400
@@ -80,8 +80,11 @@ interface(`pingd_admin',`
type pingd_initrc_exec_t;
')
@@ -2365,8 +2341,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/pingd.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, pingd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/piranha.te.ptrace serefpolicy-3.10.0/policy/modules/services/piranha.te
---- serefpolicy-3.10.0/policy/modules/services/piranha.te.ptrace 2011-10-27 13:59:13.431913920 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/piranha.te 2011-10-27 13:59:14.257913294 -0400
+--- serefpolicy-3.10.0/policy/modules/services/piranha.te.ptrace 2011-11-02 16:20:58.613653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/piranha.te 2011-11-02 16:21:01.873398000 -0400
@@ -65,7 +65,11 @@ init_domtrans_script(piranha_fos_t)
#
@@ -2381,8 +2357,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/piranha.te.ptrace serefpolic
allow piranha_web_t self:netlink_route_socket r_netlink_socket_perms;
allow piranha_web_t self:sem create_sem_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/plymouthd.if.ptrace serefpolicy-3.10.0/policy/modules/services/plymouthd.if
---- serefpolicy-3.10.0/policy/modules/services/plymouthd.if.ptrace 2011-10-27 13:59:13.434913919 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/plymouthd.if 2011-10-27 13:59:14.259913292 -0400
+--- serefpolicy-3.10.0/policy/modules/services/plymouthd.if.ptrace 2011-11-02 16:20:58.623655000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/plymouthd.if 2011-11-02 16:21:01.880395000 -0400
@@ -291,8 +291,11 @@ interface(`plymouthd_admin',`
type plymouthd_var_run_t;
')
@@ -2397,8 +2373,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/plymouthd.if.ptrace serefpol
files_list_var_lib($1)
admin_pattern($1, plymouthd_spool_t)
diff -up serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace serefpolicy-3.10.0/policy/modules/services/policykit.te
---- serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace 2011-10-27 13:59:13.444913911 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/policykit.te 2011-10-27 13:59:14.260913291 -0400
+--- serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace 2011-11-02 16:20:58.650654000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/policykit.te 2011-11-02 16:21:01.887399000 -0400
@@ -38,7 +38,7 @@ files_pid_file(policykit_var_run_t)
# policykit local policy
#
@@ -2418,8 +2394,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace serefpol
allow policykit_resolve_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/polipo.if.ptrace serefpolicy-3.10.0/policy/modules/services/polipo.if
---- serefpolicy-3.10.0/policy/modules/services/polipo.if.ptrace 2011-10-27 13:59:13.447913908 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/polipo.if 2011-10-27 13:59:14.262913289 -0400
+--- serefpolicy-3.10.0/policy/modules/services/polipo.if.ptrace 2011-11-02 16:20:58.658653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/polipo.if 2011-11-02 16:21:01.893399000 -0400
@@ -32,8 +32,11 @@ template(`polipo_role',`
# Policy
#
@@ -2448,7 +2424,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/polipo.if.ptrace serefpolicy
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/portreserve.if.ptrace serefpolicy-3.10.0/policy/modules/services/portreserve.if
--- serefpolicy-3.10.0/policy/modules/services/portreserve.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/portreserve.if 2011-10-27 13:59:14.264913287 -0400
++++ serefpolicy-3.10.0/policy/modules/services/portreserve.if 2011-11-02 16:21:01.900395000 -0400
@@ -104,8 +104,11 @@ interface(`portreserve_admin',`
type portreserve_initrc_exec_t;
')
@@ -2463,8 +2439,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/portreserve.if.ptrace serefp
portreserve_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/postfix.if.ptrace serefpolicy-3.10.0/policy/modules/services/postfix.if
---- serefpolicy-3.10.0/policy/modules/services/postfix.if.ptrace 2011-10-27 13:59:13.457913902 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/postfix.if 2011-10-27 13:59:14.266913285 -0400
+--- serefpolicy-3.10.0/policy/modules/services/postfix.if.ptrace 2011-11-02 16:20:58.698653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/postfix.if 2011-11-02 16:21:01.909402000 -0400
@@ -729,25 +729,36 @@ interface(`postfix_admin',`
type postfix_smtpd_t, postfix_var_run_t;
')
@@ -2510,8 +2486,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/postfix.if.ptrace serefpolic
postfix_run_map($1, $2)
diff -up serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if.ptrace serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if
---- serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if.ptrace 2011-10-27 13:59:13.462913897 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if 2011-10-27 13:59:14.268913284 -0400
+--- serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if.ptrace 2011-11-02 16:20:58.714657000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if 2011-11-02 16:21:01.916399000 -0400
@@ -23,8 +23,11 @@ interface(`postfixpolicyd_admin',`
type postfix_policyd_var_run_t, postfix_policyd_initrc_exec_t;
')
@@ -2526,8 +2502,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if.ptrace ser
init_labeled_script_domtrans($1, postfix_policyd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/postgresql.if.ptrace serefpolicy-3.10.0/policy/modules/services/postgresql.if
---- serefpolicy-3.10.0/policy/modules/services/postgresql.if.ptrace 2011-10-27 13:59:13.466913895 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/postgresql.if 2011-10-27 13:59:14.270913284 -0400
+--- serefpolicy-3.10.0/policy/modules/services/postgresql.if.ptrace 2011-11-02 16:20:58.740653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/postgresql.if 2011-11-02 16:21:01.925395000 -0400
@@ -541,8 +541,11 @@ interface(`postgresql_admin',`
typeattribute $1 sepgsql_admin_type;
@@ -2542,8 +2518,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/postgresql.if.ptrace serefpo
init_labeled_script_domtrans($1, postgresql_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/postgrey.if.ptrace serefpolicy-3.10.0/policy/modules/services/postgrey.if
---- serefpolicy-3.10.0/policy/modules/services/postgrey.if.ptrace 2011-10-27 13:59:13.469913892 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/postgrey.if 2011-10-27 13:59:14.271913283 -0400
+--- serefpolicy-3.10.0/policy/modules/services/postgrey.if.ptrace 2011-11-02 16:20:58.758656000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/postgrey.if 2011-11-02 16:21:01.931402000 -0400
@@ -62,8 +62,11 @@ interface(`postgrey_admin',`
type postgrey_var_lib_t, postgrey_var_run_t;
')
@@ -2558,8 +2534,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/postgrey.if.ptrace serefpoli
init_labeled_script_domtrans($1, postgrey_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ppp.if.ptrace serefpolicy-3.10.0/policy/modules/services/ppp.if
---- serefpolicy-3.10.0/policy/modules/services/ppp.if.ptrace 2011-10-27 13:59:13.473913888 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ppp.if 2011-10-27 13:59:14.273913281 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ppp.if.ptrace 2011-11-02 16:20:58.775653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ppp.if 2011-11-02 16:21:01.939397000 -0400
@@ -386,10 +386,14 @@ interface(`ppp_admin',`
type pppd_initrc_exec_t, pppd_etc_rw_t;
')
@@ -2578,8 +2554,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ppp.if.ptrace serefpolicy-3.
ppp_initrc_domtrans($1)
diff -up serefpolicy-3.10.0/policy/modules/services/prelude.if.ptrace serefpolicy-3.10.0/policy/modules/services/prelude.if
---- serefpolicy-3.10.0/policy/modules/services/prelude.if.ptrace 2011-10-27 13:59:13.476913887 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/prelude.if 2011-10-27 13:59:14.275913279 -0400
+--- serefpolicy-3.10.0/policy/modules/services/prelude.if.ptrace 2011-11-02 16:20:58.787654000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/prelude.if 2011-11-02 16:21:01.945395000 -0400
@@ -118,13 +118,18 @@ interface(`prelude_admin',`
type prelude_lml_t;
')
@@ -2604,7 +2580,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/prelude.if.ptrace serefpolic
init_labeled_script_domtrans($1, prelude_initrc_exec_t)
diff -up serefpolicy-3.10.0/policy/modules/services/privoxy.if.ptrace serefpolicy-3.10.0/policy/modules/services/privoxy.if
--- serefpolicy-3.10.0/policy/modules/services/privoxy.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/privoxy.if 2011-10-27 13:59:14.276913278 -0400
++++ serefpolicy-3.10.0/policy/modules/services/privoxy.if 2011-11-02 16:21:01.957399000 -0400
@@ -23,8 +23,11 @@ interface(`privoxy_admin',`
type privoxy_etc_rw_t, privoxy_var_run_t;
')
@@ -2619,8 +2595,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/privoxy.if.ptrace serefpolic
init_labeled_script_domtrans($1, privoxy_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/psad.if.ptrace serefpolicy-3.10.0/policy/modules/services/psad.if
---- serefpolicy-3.10.0/policy/modules/services/psad.if.ptrace 2011-10-27 13:59:13.486913879 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/psad.if 2011-10-27 13:59:14.278913276 -0400
+--- serefpolicy-3.10.0/policy/modules/services/psad.if.ptrace 2011-11-02 16:20:58.823653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/psad.if 2011-11-02 16:21:01.964398000 -0400
@@ -295,8 +295,11 @@ interface(`psad_admin',`
type psad_tmp_t;
')
@@ -2635,8 +2611,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/psad.if.ptrace serefpolicy-3
init_labeled_script_domtrans($1, psad_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/puppet.te.ptrace serefpolicy-3.10.0/policy/modules/services/puppet.te
---- serefpolicy-3.10.0/policy/modules/services/puppet.te.ptrace 2011-10-27 13:59:13.498913869 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/puppet.te 2011-10-27 13:59:14.280913274 -0400
+--- serefpolicy-3.10.0/policy/modules/services/puppet.te.ptrace 2011-11-02 16:20:58.848653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/puppet.te 2011-11-02 16:21:01.972388000 -0400
@@ -62,7 +62,7 @@ files_tmp_file(puppetmaster_tmp_t)
# Puppet personal policy
#
@@ -2647,8 +2623,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/puppet.te.ptrace serefpolicy
allow puppet_t self:fifo_file rw_fifo_file_perms;
allow puppet_t self:netlink_route_socket create_netlink_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/pyzor.if.ptrace serefpolicy-3.10.0/policy/modules/services/pyzor.if
---- serefpolicy-3.10.0/policy/modules/services/pyzor.if.ptrace 2011-10-27 13:59:13.502913868 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/pyzor.if 2011-10-27 13:59:14.281913273 -0400
+--- serefpolicy-3.10.0/policy/modules/services/pyzor.if.ptrace 2011-11-02 16:20:58.873655000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/pyzor.if 2011-11-02 16:21:01.979381000 -0400
@@ -29,7 +29,10 @@ interface(`pyzor_role',`
# allow ps to show pyzor and allow the user to kill it
@@ -2675,8 +2651,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/pyzor.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, pyzord_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/qpid.if.ptrace serefpolicy-3.10.0/policy/modules/services/qpid.if
---- serefpolicy-3.10.0/policy/modules/services/qpid.if.ptrace 2011-10-27 13:59:13.518913855 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/qpid.if 2011-10-27 13:59:14.283913273 -0400
+--- serefpolicy-3.10.0/policy/modules/services/qpid.if.ptrace 2011-11-02 16:20:58.913654000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/qpid.if 2011-11-02 16:21:01.986372000 -0400
@@ -177,8 +177,11 @@ interface(`qpidd_admin',`
type qpidd_t, qpidd_initrc_exec_t;
')
@@ -2692,7 +2668,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/qpid.if.ptrace serefpolicy-3
qpidd_initrc_domtrans($1)
diff -up serefpolicy-3.10.0/policy/modules/services/radius.if.ptrace serefpolicy-3.10.0/policy/modules/services/radius.if
--- serefpolicy-3.10.0/policy/modules/services/radius.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/radius.if 2011-10-27 13:59:14.285913273 -0400
++++ serefpolicy-3.10.0/policy/modules/services/radius.if 2011-11-02 16:21:01.998370000 -0400
@@ -38,8 +38,11 @@ interface(`radius_admin',`
type radiusd_initrc_exec_t;
')
@@ -2707,8 +2683,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/radius.if.ptrace serefpolicy
init_labeled_script_domtrans($1, radiusd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/radvd.if.ptrace serefpolicy-3.10.0/policy/modules/services/radvd.if
---- serefpolicy-3.10.0/policy/modules/services/radvd.if.ptrace 2011-10-27 13:59:13.532913845 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/radvd.if 2011-10-27 13:59:14.286913272 -0400
+--- serefpolicy-3.10.0/policy/modules/services/radvd.if.ptrace 2011-11-02 16:20:58.936656000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/radvd.if 2011-11-02 16:21:02.004360000 -0400
@@ -23,8 +23,11 @@ interface(`radvd_admin',`
type radvd_var_run_t;
')
@@ -2723,8 +2699,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/radvd.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, radvd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/razor.if.ptrace serefpolicy-3.10.0/policy/modules/services/razor.if
---- serefpolicy-3.10.0/policy/modules/services/razor.if.ptrace 2011-10-27 13:59:13.535913842 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/razor.if 2011-10-27 13:59:14.288913270 -0400
+--- serefpolicy-3.10.0/policy/modules/services/razor.if.ptrace 2011-11-02 16:20:58.947653000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/razor.if 2011-11-02 16:21:02.012351000 -0400
@@ -132,7 +132,10 @@ interface(`razor_role',`
# allow ps to show razor and allow the user to kill it
@@ -2738,8 +2714,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/razor.if.ptrace serefpolicy-
manage_dirs_pattern($2, razor_home_t, razor_home_t)
manage_files_pattern($2, razor_home_t, razor_home_t)
diff -up serefpolicy-3.10.0/policy/modules/services/rgmanager.if.ptrace serefpolicy-3.10.0/policy/modules/services/rgmanager.if
---- serefpolicy-3.10.0/policy/modules/services/rgmanager.if.ptrace 2011-10-27 13:59:13.541913836 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/rgmanager.if 2011-10-27 13:59:14.290913268 -0400
+--- serefpolicy-3.10.0/policy/modules/services/rgmanager.if.ptrace 2011-11-02 16:20:58.975638000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/rgmanager.if 2011-11-02 16:21:02.020342000 -0400
@@ -117,8 +117,11 @@ interface(`rgmanager_admin',`
type rgmanager_tmpfs_t, rgmanager_var_log_t, rgmanager_var_run_t;
')
@@ -2754,8 +2730,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rgmanager.if.ptrace serefpol
init_labeled_script_domtrans($1, rgmanager_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/rgmanager.te.ptrace serefpolicy-3.10.0/policy/modules/services/rgmanager.te
---- serefpolicy-3.10.0/policy/modules/services/rgmanager.te.ptrace 2011-10-27 13:59:13.543913836 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/rgmanager.te 2011-10-27 13:59:14.291913267 -0400
+--- serefpolicy-3.10.0/policy/modules/services/rgmanager.te.ptrace 2011-11-02 16:20:58.981633000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/rgmanager.te 2011-11-02 16:21:02.027333000 -0400
@@ -37,7 +37,6 @@ files_pid_file(rgmanager_var_run_t)
#
@@ -2765,8 +2741,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rgmanager.te.ptrace serefpol
dontaudit rgmanager_t self:process ptrace;
diff -up serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if.ptrace serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if
---- serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if.ptrace 2011-10-27 13:59:13.556913825 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if 2011-10-27 13:59:14.293913265 -0400
+--- serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if.ptrace 2011-11-02 16:20:59.031583000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if 2011-11-02 16:21:02.033331000 -0400
@@ -284,8 +284,11 @@ interface(`rhsmcertd_admin',`
type rhsmcertd_var_run_t;
')
@@ -2781,8 +2757,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if.ptrace serefpol
rhsmcertd_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ricci.if.ptrace serefpolicy-3.10.0/policy/modules/services/ricci.if
---- serefpolicy-3.10.0/policy/modules/services/ricci.if.ptrace 2011-10-27 13:59:13.560913823 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ricci.if 2011-10-27 13:59:14.295913263 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ricci.if.ptrace 2011-11-02 16:20:59.044569000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ricci.if 2011-11-02 16:21:02.041317000 -0400
@@ -245,8 +245,11 @@ interface(`ricci_admin',`
type ricci_var_lib_t, ricci_var_log_t, ricci_var_run_t;
')
@@ -2798,7 +2774,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ricci.if.ptrace serefpolicy-
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/roundup.if.ptrace serefpolicy-3.10.0/policy/modules/services/roundup.if
--- serefpolicy-3.10.0/policy/modules/services/roundup.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/roundup.if 2011-10-27 13:59:14.296913262 -0400
++++ serefpolicy-3.10.0/policy/modules/services/roundup.if 2011-11-02 16:21:02.048315000 -0400
@@ -23,8 +23,11 @@ interface(`roundup_admin',`
type roundup_initrc_exec_t;
')
@@ -2813,8 +2789,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/roundup.if.ptrace serefpolic
init_labeled_script_domtrans($1, roundup_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/rpcbind.if.ptrace serefpolicy-3.10.0/policy/modules/services/rpcbind.if
---- serefpolicy-3.10.0/policy/modules/services/rpcbind.if.ptrace 2011-10-27 13:59:13.573913814 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/rpcbind.if 2011-10-27 13:59:14.298913260 -0400
+--- serefpolicy-3.10.0/policy/modules/services/rpcbind.if.ptrace 2011-11-02 16:20:59.103567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/rpcbind.if 2011-11-02 16:21:02.054316000 -0400
@@ -155,8 +155,11 @@ interface(`rpcbind_admin',`
type rpcbind_initrc_exec_t;
')
@@ -2829,8 +2805,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rpcbind.if.ptrace serefpolic
init_labeled_script_domtrans($1, rpcbind_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/rtkit.te.ptrace serefpolicy-3.10.0/policy/modules/services/rtkit.te
---- serefpolicy-3.10.0/policy/modules/services/rtkit.te.ptrace 2011-10-27 13:59:13.583913806 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/rtkit.te 2011-10-27 13:59:14.299913260 -0400
+--- serefpolicy-3.10.0/policy/modules/services/rtkit.te.ptrace 2011-11-02 16:20:59.136579000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/rtkit.te 2011-11-02 16:21:02.062321000 -0400
@@ -15,7 +15,7 @@ init_system_domain(rtkit_daemon_t, rtkit
# rtkit_daemon local policy
#
@@ -2841,8 +2817,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rtkit.te.ptrace serefpolicy-
kernel_read_system_state(rtkit_daemon_t)
diff -up serefpolicy-3.10.0/policy/modules/services/rwho.if.ptrace serefpolicy-3.10.0/policy/modules/services/rwho.if
---- serefpolicy-3.10.0/policy/modules/services/rwho.if.ptrace 2011-10-27 13:59:13.584913805 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/rwho.if 2011-10-27 13:59:14.301913260 -0400
+--- serefpolicy-3.10.0/policy/modules/services/rwho.if.ptrace 2011-11-02 16:20:59.142570000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/rwho.if 2011-11-02 16:21:02.068313000 -0400
@@ -138,8 +138,11 @@ interface(`rwho_admin',`
type rwho_initrc_exec_t;
')
@@ -2857,8 +2833,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rwho.if.ptrace serefpolicy-3
init_labeled_script_domtrans($1, rwho_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/samba.if.ptrace serefpolicy-3.10.0/policy/modules/services/samba.if
---- serefpolicy-3.10.0/policy/modules/services/samba.if.ptrace 2011-10-27 13:59:13.587913802 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/samba.if 2011-10-27 13:59:14.303913259 -0400
+--- serefpolicy-3.10.0/policy/modules/services/samba.if.ptrace 2011-11-02 16:20:59.162567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/samba.if 2011-11-02 16:21:02.077313000 -0400
@@ -784,13 +784,18 @@ interface(`samba_admin',`
type winbind_var_run_t, winbind_tmp_t, samba_unconfined_script_t;
')
@@ -2883,7 +2859,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/samba.if.ptrace serefpolicy-
samba_run_smbcontrol($1, $2, $3)
diff -up serefpolicy-3.10.0/policy/modules/services/samhain.if.ptrace serefpolicy-3.10.0/policy/modules/services/samhain.if
--- serefpolicy-3.10.0/policy/modules/services/samhain.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/samhain.if 2011-10-27 13:59:14.306913256 -0400
++++ serefpolicy-3.10.0/policy/modules/services/samhain.if 2011-11-02 16:21:02.085312000 -0400
@@ -271,10 +271,14 @@ interface(`samhain_admin',`
type samhain_initrc_exec_t, samhain_log_t, samhain_var_run_t;
')
@@ -2902,8 +2878,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/samhain.if.ptrace serefpolic
files_list_var_lib($1)
diff -up serefpolicy-3.10.0/policy/modules/services/sanlock.if.ptrace serefpolicy-3.10.0/policy/modules/services/sanlock.if
---- serefpolicy-3.10.0/policy/modules/services/sanlock.if.ptrace 2011-10-27 13:59:13.590913799 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/sanlock.if 2011-10-27 13:59:14.307913255 -0400
+--- serefpolicy-3.10.0/policy/modules/services/sanlock.if.ptrace 2011-11-02 16:20:59.183571000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/sanlock.if 2011-11-02 16:21:02.098317000 -0400
@@ -99,8 +99,11 @@ interface(`sanlock_admin',`
type sanlock_initrc_exec_t;
')
@@ -2918,8 +2894,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sanlock.if.ptrace serefpolic
sanlock_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/sasl.if.ptrace serefpolicy-3.10.0/policy/modules/services/sasl.if
---- serefpolicy-3.10.0/policy/modules/services/sasl.if.ptrace 2011-10-27 13:59:13.592913798 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/sasl.if 2011-10-27 13:59:14.309913253 -0400
+--- serefpolicy-3.10.0/policy/modules/services/sasl.if.ptrace 2011-11-02 16:20:59.191567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/sasl.if 2011-11-02 16:21:02.104317000 -0400
@@ -42,8 +42,11 @@ interface(`sasl_admin',`
type saslauthd_initrc_exec_t;
')
@@ -2934,8 +2910,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sasl.if.ptrace serefpolicy-3
init_labeled_script_domtrans($1, saslauthd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/sblim.if.ptrace serefpolicy-3.10.0/policy/modules/services/sblim.if
---- serefpolicy-3.10.0/policy/modules/services/sblim.if.ptrace 2011-10-27 13:59:13.596913797 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/sblim.if 2011-10-27 13:59:14.311913251 -0400
+--- serefpolicy-3.10.0/policy/modules/services/sblim.if.ptrace 2011-11-02 16:20:59.202567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/sblim.if 2011-11-02 16:21:02.111312000 -0400
@@ -65,11 +65,15 @@ interface(`sblim_admin',`
type sblim_var_run_t;
')
@@ -2956,8 +2932,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sblim.if.ptrace serefpolicy-
files_search_pids($1)
admin_pattern($1, sblim_var_run_t)
diff -up serefpolicy-3.10.0/policy/modules/services/sblim.te.ptrace serefpolicy-3.10.0/policy/modules/services/sblim.te
---- serefpolicy-3.10.0/policy/modules/services/sblim.te.ptrace 2011-10-27 13:59:13.597913796 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/sblim.te 2011-10-27 13:59:14.313913249 -0400
+--- serefpolicy-3.10.0/policy/modules/services/sblim.te.ptrace 2011-11-02 16:20:59.214567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/sblim.te 2011-11-02 16:21:02.116312000 -0400
@@ -24,7 +24,7 @@ files_pid_file(sblim_var_run_t)
#
@@ -2968,8 +2944,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sblim.te.ptrace serefpolicy-
allow sblim_gatherd_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/sendmail.if.ptrace serefpolicy-3.10.0/policy/modules/services/sendmail.if
---- serefpolicy-3.10.0/policy/modules/services/sendmail.if.ptrace 2011-10-27 13:59:13.600913793 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/sendmail.if 2011-10-27 13:59:14.314913249 -0400
+--- serefpolicy-3.10.0/policy/modules/services/sendmail.if.ptrace 2011-11-02 16:20:59.230567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/sendmail.if 2011-11-02 16:21:02.126311000 -0400
@@ -334,10 +334,14 @@ interface(`sendmail_admin',`
type mail_spool_t;
')
@@ -2988,8 +2964,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sendmail.if.ptrace serefpoli
sendmail_initrc_domtrans($1)
diff -up serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if.ptrace serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if
---- serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if.ptrace 2011-10-27 13:59:13.602913791 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if 2011-10-27 13:59:14.316913248 -0400
+--- serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if.ptrace 2011-11-02 16:20:59.242570000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if 2011-11-02 16:21:02.134309000 -0400
@@ -140,8 +140,11 @@ interface(`setroubleshoot_admin',`
type setroubleshoot_var_lib_t;
')
@@ -3004,8 +2980,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if.ptrace ser
logging_list_logs($1)
admin_pattern($1, setroubleshoot_var_log_t)
diff -up serefpolicy-3.10.0/policy/modules/services/smartmon.if.ptrace serefpolicy-3.10.0/policy/modules/services/smartmon.if
---- serefpolicy-3.10.0/policy/modules/services/smartmon.if.ptrace 2011-10-27 13:59:13.606913787 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/smartmon.if 2011-10-27 13:59:14.318913246 -0400
+--- serefpolicy-3.10.0/policy/modules/services/smartmon.if.ptrace 2011-11-02 16:20:59.259572000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/smartmon.if 2011-11-02 16:21:02.140335000 -0400
@@ -42,8 +42,11 @@ interface(`smartmon_admin',`
type fsdaemon_initrc_exec_t;
')
@@ -3021,7 +2997,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/smartmon.if.ptrace serefpoli
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/smokeping.if.ptrace serefpolicy-3.10.0/policy/modules/services/smokeping.if
--- serefpolicy-3.10.0/policy/modules/services/smokeping.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/smokeping.if 2011-10-27 13:59:14.320913244 -0400
++++ serefpolicy-3.10.0/policy/modules/services/smokeping.if 2011-11-02 16:21:02.147311000 -0400
@@ -153,8 +153,11 @@ interface(`smokeping_admin',`
type smokeping_t, smokeping_initrc_exec_t;
')
@@ -3036,8 +3012,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/smokeping.if.ptrace serefpol
smokeping_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/snmp.if.ptrace serefpolicy-3.10.0/policy/modules/services/snmp.if
---- serefpolicy-3.10.0/policy/modules/services/snmp.if.ptrace 2011-10-27 13:59:13.612913783 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/snmp.if 2011-10-27 13:59:14.322913242 -0400
+--- serefpolicy-3.10.0/policy/modules/services/snmp.if.ptrace 2011-11-02 16:20:59.292575000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/snmp.if 2011-11-02 16:21:02.153312000 -0400
@@ -168,8 +168,11 @@ interface(`snmp_admin',`
type snmpd_var_lib_t, snmpd_var_run_t;
')
@@ -3052,8 +3028,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/snmp.if.ptrace serefpolicy-3
init_labeled_script_domtrans($1, snmpd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/snmp.te.ptrace serefpolicy-3.10.0/policy/modules/services/snmp.te
---- serefpolicy-3.10.0/policy/modules/services/snmp.te.ptrace 2011-10-27 13:59:13.613913782 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/snmp.te 2011-10-27 13:59:14.323913241 -0400
+--- serefpolicy-3.10.0/policy/modules/services/snmp.te.ptrace 2011-11-02 16:20:59.299567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/snmp.te 2011-11-02 16:21:02.160309000 -0400
@@ -26,7 +26,8 @@ files_type(snmpd_var_lib_t)
# Local policy
#
@@ -3065,8 +3041,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/snmp.te.ptrace serefpolicy-3
allow snmpd_t self:process { signal_perms getsched setsched };
allow snmpd_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/snort.if.ptrace serefpolicy-3.10.0/policy/modules/services/snort.if
---- serefpolicy-3.10.0/policy/modules/services/snort.if.ptrace 2011-10-27 13:59:13.615913780 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/snort.if 2011-10-27 13:59:14.325913241 -0400
+--- serefpolicy-3.10.0/policy/modules/services/snort.if.ptrace 2011-11-02 16:20:59.304570000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/snort.if 2011-11-02 16:21:02.166312000 -0400
@@ -41,8 +41,11 @@ interface(`snort_admin',`
type snort_etc_t, snort_initrc_exec_t;
')
@@ -3081,8 +3057,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/snort.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, snort_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/soundserver.if.ptrace serefpolicy-3.10.0/policy/modules/services/soundserver.if
---- serefpolicy-3.10.0/policy/modules/services/soundserver.if.ptrace 2011-10-27 13:59:13.617913779 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/soundserver.if 2011-10-27 13:59:14.327913241 -0400
+--- serefpolicy-3.10.0/policy/modules/services/soundserver.if.ptrace 2011-11-02 16:20:59.315567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/soundserver.if 2011-11-02 16:21:02.173309000 -0400
@@ -37,8 +37,11 @@ interface(`soundserver_admin',`
type soundd_tmp_t, soundd_var_run_t;
')
@@ -3097,8 +3073,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/soundserver.if.ptrace serefp
init_labeled_script_domtrans($1, soundd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/spamassassin.if.ptrace serefpolicy-3.10.0/policy/modules/services/spamassassin.if
---- serefpolicy-3.10.0/policy/modules/services/spamassassin.if.ptrace 2011-10-27 13:59:13.620913779 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/spamassassin.if 2011-10-27 13:59:14.328913240 -0400
+--- serefpolicy-3.10.0/policy/modules/services/spamassassin.if.ptrace 2011-11-02 16:20:59.327571000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/spamassassin.if 2011-11-02 16:21:02.180310000 -0400
@@ -27,12 +27,12 @@ interface(`spamassassin_role',`
domtrans_pattern($2, spamassassin_exec_t, spamassassin_t)
@@ -3128,8 +3104,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/spamassassin.if.ptrace seref
init_labeled_script_domtrans($1, spamd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/squid.if.ptrace serefpolicy-3.10.0/policy/modules/services/squid.if
---- serefpolicy-3.10.0/policy/modules/services/squid.if.ptrace 2011-10-27 13:59:13.625913774 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/squid.if 2011-10-27 13:59:14.330913238 -0400
+--- serefpolicy-3.10.0/policy/modules/services/squid.if.ptrace 2011-11-02 16:20:59.347567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/squid.if 2011-11-02 16:21:02.186312000 -0400
@@ -209,8 +209,11 @@ interface(`squid_admin',`
type squid_log_t, squid_var_run_t, squid_initrc_exec_t;
')
@@ -3144,8 +3120,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/squid.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, squid_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ssh.if.ptrace serefpolicy-3.10.0/policy/modules/services/ssh.if
---- serefpolicy-3.10.0/policy/modules/services/ssh.if.ptrace 2011-10-27 13:59:13.963913517 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ssh.if 2011-10-27 13:59:14.332913236 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ssh.if.ptrace 2011-11-02 16:21:00.759481000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ssh.if 2011-11-02 16:21:02.196309000 -0400
@@ -367,7 +367,7 @@ template(`ssh_role_template',`
# allow ps to show ssh
@@ -3165,8 +3141,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ssh.if.ptrace serefpolicy-3.
# allow ps to show ssh
ps_process_pattern($3, $1_ssh_agent_t)
diff -up serefpolicy-3.10.0/policy/modules/services/sssd.if.ptrace serefpolicy-3.10.0/policy/modules/services/sssd.if
---- serefpolicy-3.10.0/policy/modules/services/sssd.if.ptrace 2011-10-27 13:59:13.634913766 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/sssd.if 2011-10-27 13:59:14.334913234 -0400
+--- serefpolicy-3.10.0/policy/modules/services/sssd.if.ptrace 2011-11-02 16:20:59.380578000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/sssd.if 2011-11-02 16:21:02.203309000 -0400
@@ -234,8 +234,11 @@ interface(`sssd_admin',`
type sssd_t, sssd_public_t, sssd_initrc_exec_t;
')
@@ -3181,8 +3157,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sssd.if.ptrace serefpolicy-3
# Allow sssd_t to restart the apache service
sssd_initrc_domtrans($1)
diff -up serefpolicy-3.10.0/policy/modules/services/tcsd.if.ptrace serefpolicy-3.10.0/policy/modules/services/tcsd.if
---- serefpolicy-3.10.0/policy/modules/services/tcsd.if.ptrace 2011-10-27 13:59:13.643913760 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/tcsd.if 2011-10-27 13:59:14.336913232 -0400
+--- serefpolicy-3.10.0/policy/modules/services/tcsd.if.ptrace 2011-11-02 16:20:59.433567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/tcsd.if 2011-11-02 16:21:02.211309000 -0400
@@ -137,8 +137,11 @@ interface(`tcsd_admin',`
type tcsd_var_lib_t;
')
@@ -3197,8 +3173,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/tcsd.if.ptrace serefpolicy-3
tcsd_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/tftp.if.ptrace serefpolicy-3.10.0/policy/modules/services/tftp.if
---- serefpolicy-3.10.0/policy/modules/services/tftp.if.ptrace 2011-10-27 13:59:13.648913755 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/tftp.if 2011-10-27 13:59:14.338913230 -0400
+--- serefpolicy-3.10.0/policy/modules/services/tftp.if.ptrace 2011-11-02 16:20:59.454567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/tftp.if 2011-11-02 16:21:02.217312000 -0400
@@ -109,8 +109,11 @@ interface(`tftp_admin',`
type tftpd_t, tftpdir_t, tftpdir_rw_t, tftpd_var_run_t;
')
@@ -3213,8 +3189,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/tftp.if.ptrace serefpolicy-3
files_list_var_lib($1)
admin_pattern($1, tftpdir_rw_t)
diff -up serefpolicy-3.10.0/policy/modules/services/tor.if.ptrace serefpolicy-3.10.0/policy/modules/services/tor.if
---- serefpolicy-3.10.0/policy/modules/services/tor.if.ptrace 2011-10-27 13:59:13.653913753 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/tor.if 2011-10-27 13:59:14.339913230 -0400
+--- serefpolicy-3.10.0/policy/modules/services/tor.if.ptrace 2011-11-02 16:20:59.476567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/tor.if 2011-11-02 16:21:02.223312000 -0400
@@ -42,8 +42,11 @@ interface(`tor_admin',`
type tor_initrc_exec_t;
')
@@ -3229,8 +3205,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/tor.if.ptrace serefpolicy-3.
init_labeled_script_domtrans($1, tor_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/tuned.if.ptrace serefpolicy-3.10.0/policy/modules/services/tuned.if
---- serefpolicy-3.10.0/policy/modules/services/tuned.if.ptrace 2011-10-27 13:59:13.656913750 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/tuned.if 2011-10-27 13:59:14.341913229 -0400
+--- serefpolicy-3.10.0/policy/modules/services/tuned.if.ptrace 2011-11-02 16:20:59.486583000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/tuned.if 2011-11-02 16:21:02.229312000 -0400
@@ -115,8 +115,11 @@ interface(`tuned_admin',`
type tuned_t, tuned_var_run_t, tuned_initrc_exec_t;
')
@@ -3246,7 +3222,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/tuned.if.ptrace serefpolicy-
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ulogd.if.ptrace serefpolicy-3.10.0/policy/modules/services/ulogd.if
--- serefpolicy-3.10.0/policy/modules/services/ulogd.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ulogd.if 2011-10-27 13:59:14.343913227 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ulogd.if 2011-11-02 16:21:02.236309000 -0400
@@ -123,8 +123,11 @@ interface(`ulogd_admin',`
type ulogd_var_log_t, ulogd_initrc_exec_t;
')
@@ -3262,7 +3238,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ulogd.if.ptrace serefpolicy-
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/uucp.if.ptrace serefpolicy-3.10.0/policy/modules/services/uucp.if
--- serefpolicy-3.10.0/policy/modules/services/uucp.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/uucp.if 2011-10-27 13:59:14.344913226 -0400
++++ serefpolicy-3.10.0/policy/modules/services/uucp.if 2011-11-02 16:21:02.242309000 -0400
@@ -99,8 +99,11 @@ interface(`uucp_admin',`
type uucpd_var_run_t;
')
@@ -3277,8 +3253,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/uucp.if.ptrace serefpolicy-3
logging_list_logs($1)
admin_pattern($1, uucpd_log_t)
diff -up serefpolicy-3.10.0/policy/modules/services/uuidd.if.ptrace serefpolicy-3.10.0/policy/modules/services/uuidd.if
---- serefpolicy-3.10.0/policy/modules/services/uuidd.if.ptrace 2011-10-27 13:59:13.669913741 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/uuidd.if 2011-10-27 13:59:14.346913224 -0400
+--- serefpolicy-3.10.0/policy/modules/services/uuidd.if.ptrace 2011-11-02 16:20:59.542567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/uuidd.if 2011-11-02 16:21:02.247309000 -0400
@@ -177,8 +177,11 @@ interface(`uuidd_admin',`
type uuidd_var_run_t;
')
@@ -3294,7 +3270,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/uuidd.if.ptrace serefpolicy-
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/varnishd.if.ptrace serefpolicy-3.10.0/policy/modules/services/varnishd.if
--- serefpolicy-3.10.0/policy/modules/services/varnishd.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/varnishd.if 2011-10-27 13:59:14.347913223 -0400
++++ serefpolicy-3.10.0/policy/modules/services/varnishd.if 2011-11-02 16:21:02.254309000 -0400
@@ -155,8 +155,11 @@ interface(`varnishd_admin_varnishlog',`
type varnishlog_var_run_t;
')
@@ -3322,8 +3298,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/varnishd.if.ptrace serefpoli
init_labeled_script_domtrans($1, varnishd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/vdagent.if.ptrace serefpolicy-3.10.0/policy/modules/services/vdagent.if
---- serefpolicy-3.10.0/policy/modules/services/vdagent.if.ptrace 2011-10-27 13:59:13.674913736 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/vdagent.if 2011-10-27 13:59:14.349913222 -0400
+--- serefpolicy-3.10.0/policy/modules/services/vdagent.if.ptrace 2011-11-02 16:20:59.554567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/vdagent.if 2011-11-02 16:21:02.259309000 -0400
@@ -118,8 +118,11 @@ interface(`vdagent_admin',`
type vdagent_var_run_t;
')
@@ -3338,8 +3314,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/vdagent.if.ptrace serefpolic
files_search_pids($1)
admin_pattern($1, vdagent_var_run_t)
diff -up serefpolicy-3.10.0/policy/modules/services/vhostmd.if.ptrace serefpolicy-3.10.0/policy/modules/services/vhostmd.if
---- serefpolicy-3.10.0/policy/modules/services/vhostmd.if.ptrace 2011-10-27 13:59:13.676913734 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/vhostmd.if 2011-10-27 13:59:14.350913222 -0400
+--- serefpolicy-3.10.0/policy/modules/services/vhostmd.if.ptrace 2011-11-02 16:20:59.561569000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/vhostmd.if 2011-11-02 16:21:02.266309000 -0400
@@ -210,8 +210,11 @@ interface(`vhostmd_admin',`
type vhostmd_t, vhostmd_initrc_exec_t;
')
@@ -3354,8 +3330,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/vhostmd.if.ptrace serefpolic
vhostmd_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/virt.if.ptrace serefpolicy-3.10.0/policy/modules/services/virt.if
---- serefpolicy-3.10.0/policy/modules/services/virt.if.ptrace 2011-10-27 13:59:13.682913731 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/virt.if 2011-10-27 13:59:14.352913222 -0400
+--- serefpolicy-3.10.0/policy/modules/services/virt.if.ptrace 2011-11-02 16:20:59.580567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/virt.if 2011-11-02 16:21:02.275309000 -0400
@@ -618,10 +618,14 @@ interface(`virt_admin',`
type virt_lxc_t;
')
@@ -3383,9 +3359,9 @@ diff -up serefpolicy-3.10.0/policy/modules/services/virt.if.ptrace serefpolicy-3
########################################
diff -up serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace serefpolicy-3.10.0/policy/modules/services/virt.te
---- serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace 2011-10-27 13:59:13.870913588 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/virt.te 2011-10-27 14:00:38.019849097 -0400
-@@ -254,7 +254,7 @@ optional_policy(`
+--- serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace 2011-11-02 16:21:00.404481000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/virt.te 2011-11-02 16:21:02.286309000 -0400
+@@ -250,7 +250,7 @@ optional_policy(`
# virtd local policy
#
@@ -3394,7 +3370,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace serefpolicy-3
allow virtd_t self:process { getcap getsched setcap sigkill signal signull execmem setexec setfscreate setsockcreate setsched };
ifdef(`hide_broken_symptoms',`
# caused by some bogus kernel code
-@@ -845,7 +845,6 @@ optional_policy(`
+@@ -846,7 +846,6 @@ optional_policy(`
# virt_lxc_domain local policy
#
allow svirt_lxc_domain self:capability { kill setuid setgid dac_override };
@@ -3403,8 +3379,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace serefpolicy-3
allow virtd_t svirt_lxc_domain:process { signal_perms };
allow virtd_lxc_t svirt_lxc_domain:process { getattr getsched setsched transition signal signull sigkill };
diff -up serefpolicy-3.10.0/policy/modules/services/vnstatd.if.ptrace serefpolicy-3.10.0/policy/modules/services/vnstatd.if
---- serefpolicy-3.10.0/policy/modules/services/vnstatd.if.ptrace 2011-10-27 13:59:13.687913727 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/vnstatd.if 2011-10-27 13:59:14.357913217 -0400
+--- serefpolicy-3.10.0/policy/modules/services/vnstatd.if.ptrace 2011-11-02 16:20:59.600570000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/vnstatd.if 2011-11-02 16:21:02.295309000 -0400
@@ -136,8 +136,11 @@ interface(`vnstatd_admin',`
type vnstatd_t, vnstatd_var_lib_t;
')
@@ -3419,8 +3395,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/vnstatd.if.ptrace serefpolic
files_list_var_lib($1)
admin_pattern($1, vnstatd_var_lib_t)
diff -up serefpolicy-3.10.0/policy/modules/services/wdmd.if.ptrace serefpolicy-3.10.0/policy/modules/services/wdmd.if
---- serefpolicy-3.10.0/policy/modules/services/wdmd.if.ptrace 2011-10-27 13:59:13.692913722 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/wdmd.if 2011-10-27 13:59:14.359913215 -0400
+--- serefpolicy-3.10.0/policy/modules/services/wdmd.if.ptrace 2011-11-02 16:20:59.616567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/wdmd.if 2011-11-02 16:21:02.311309000 -0400
@@ -62,8 +62,11 @@ interface(`wdmd_admin',`
type wdmd_initrc_exec_t;
')
@@ -3435,8 +3411,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/wdmd.if.ptrace serefpolicy-3
wdmd_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace serefpolicy-3.10.0/policy/modules/services/xserver.te
---- serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace 2011-10-27 13:59:13.970913510 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-10-27 13:59:14.362913212 -0400
+--- serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace 2011-11-02 16:21:00.803481000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-11-02 16:21:02.326309000 -0400
@@ -417,8 +417,13 @@ optional_policy(`
# XDM Local policy
#
@@ -3464,8 +3440,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace serefpolic
allow xserver_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow xserver_t self:fd use;
diff -up serefpolicy-3.10.0/policy/modules/services/zabbix.if.ptrace serefpolicy-3.10.0/policy/modules/services/zabbix.if
---- serefpolicy-3.10.0/policy/modules/services/zabbix.if.ptrace 2011-10-27 13:59:13.706913711 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/zabbix.if 2011-10-27 13:59:14.364913210 -0400
+--- serefpolicy-3.10.0/policy/modules/services/zabbix.if.ptrace 2011-11-02 16:20:59.669567000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/zabbix.if 2011-11-02 16:21:02.334309000 -0400
@@ -142,8 +142,11 @@ interface(`zabbix_admin',`
type zabbix_initrc_exec_t;
')
@@ -3480,8 +3456,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/zabbix.if.ptrace serefpolicy
init_labeled_script_domtrans($1, zabbix_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/zebra.if.ptrace serefpolicy-3.10.0/policy/modules/services/zebra.if
---- serefpolicy-3.10.0/policy/modules/services/zebra.if.ptrace 2011-10-27 13:59:13.713913708 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/zebra.if 2011-10-27 13:59:14.365913209 -0400
+--- serefpolicy-3.10.0/policy/modules/services/zebra.if.ptrace 2011-11-02 16:20:59.697569000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/zebra.if 2011-11-02 16:21:02.340309000 -0400
@@ -64,8 +64,11 @@ interface(`zebra_admin',`
type zebra_conf_t, zebra_var_run_t, zebra_initrc_exec_t;
')
@@ -3496,8 +3472,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/zebra.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, zebra_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/system/hotplug.te.ptrace serefpolicy-3.10.0/policy/modules/system/hotplug.te
---- serefpolicy-3.10.0/policy/modules/system/hotplug.te.ptrace 2011-10-27 13:59:13.737913688 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/hotplug.te 2011-10-27 13:59:14.371913207 -0400
+--- serefpolicy-3.10.0/policy/modules/system/hotplug.te.ptrace 2011-11-02 16:20:59.839580000 -0400
++++ serefpolicy-3.10.0/policy/modules/system/hotplug.te 2011-11-02 16:21:02.354311000 -0400
@@ -23,7 +23,7 @@ files_pid_file(hotplug_var_run_t)
#
@@ -3508,8 +3484,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/hotplug.te.ptrace serefpolicy-
dontaudit hotplug_t self:capability { dac_override dac_read_search };
allow hotplug_t self:process { setpgid getsession getattr signal_perms };
diff -up serefpolicy-3.10.0/policy/modules/system/init.if.ptrace serefpolicy-3.10.0/policy/modules/system/init.if
---- serefpolicy-3.10.0/policy/modules/system/init.if.ptrace 2011-10-27 13:59:13.742913685 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/init.if 2011-10-27 13:59:14.374913204 -0400
+--- serefpolicy-3.10.0/policy/modules/system/init.if.ptrace 2011-11-02 16:20:59.863567000 -0400
++++ serefpolicy-3.10.0/policy/modules/system/init.if 2011-11-02 16:21:02.369309000 -0400
@@ -1123,7 +1123,9 @@ interface(`init_ptrace',`
type init_t;
')
@@ -3522,8 +3498,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/init.if.ptrace serefpolicy-3.1
########################################
diff -up serefpolicy-3.10.0/policy/modules/system/init.te.ptrace serefpolicy-3.10.0/policy/modules/system/init.te
---- serefpolicy-3.10.0/policy/modules/system/init.te.ptrace 2011-10-27 13:59:13.924913545 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/init.te 2011-10-27 13:59:14.376913202 -0400
+--- serefpolicy-3.10.0/policy/modules/system/init.te.ptrace 2011-11-02 16:21:00.588481000 -0400
++++ serefpolicy-3.10.0/policy/modules/system/init.te 2011-11-02 16:21:02.388309000 -0400
@@ -121,7 +121,7 @@ ifdef(`enable_mls',`
#
@@ -3544,8 +3520,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/init.te.ptrace serefpolicy-3.1
allow initrc_t self:passwd rootok;
allow initrc_t self:key manage_key_perms;
diff -up serefpolicy-3.10.0/policy/modules/system/ipsec.te.ptrace serefpolicy-3.10.0/policy/modules/system/ipsec.te
---- serefpolicy-3.10.0/policy/modules/system/ipsec.te.ptrace 2011-10-27 13:59:13.749913679 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/ipsec.te 2011-10-27 13:59:14.378913200 -0400
+--- serefpolicy-3.10.0/policy/modules/system/ipsec.te.ptrace 2011-11-02 16:20:59.901577000 -0400
++++ serefpolicy-3.10.0/policy/modules/system/ipsec.te 2011-11-02 16:21:02.396309000 -0400
@@ -73,7 +73,7 @@ role system_r types setkey_t;
#
@@ -3577,8 +3553,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/ipsec.te.ptrace serefpolicy-3.
domain_dontaudit_getattr_all_pipes(ipsec_mgmt_t)
diff -up serefpolicy-3.10.0/policy/modules/system/iscsi.te.ptrace serefpolicy-3.10.0/policy/modules/system/iscsi.te
---- serefpolicy-3.10.0/policy/modules/system/iscsi.te.ptrace 2011-10-27 13:59:13.754913674 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/iscsi.te 2011-10-27 13:59:14.379913199 -0400
+--- serefpolicy-3.10.0/policy/modules/system/iscsi.te.ptrace 2011-11-02 16:20:59.926567000 -0400
++++ serefpolicy-3.10.0/policy/modules/system/iscsi.te 2011-11-02 16:21:02.402312000 -0400
@@ -31,7 +31,6 @@ files_pid_file(iscsi_var_run_t)
#
@@ -3588,8 +3564,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/iscsi.te.ptrace serefpolicy-3.
allow iscsid_t self:fifo_file rw_fifo_file_perms;
allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto };
diff -up serefpolicy-3.10.0/policy/modules/system/locallogin.te.ptrace serefpolicy-3.10.0/policy/modules/system/locallogin.te
---- serefpolicy-3.10.0/policy/modules/system/locallogin.te.ptrace 2011-10-27 13:59:13.763913669 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/locallogin.te 2011-10-27 13:59:14.381913198 -0400
+--- serefpolicy-3.10.0/policy/modules/system/locallogin.te.ptrace 2011-11-02 16:20:59.970558000 -0400
++++ serefpolicy-3.10.0/policy/modules/system/locallogin.te 2011-11-02 16:21:02.410309000 -0400
@@ -35,7 +35,7 @@ role system_r types sulogin_t;
# Local login local policy
#
@@ -3600,8 +3576,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/locallogin.te.ptrace serefpoli
allow local_login_t self:fd use;
allow local_login_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/system/logging.if.ptrace serefpolicy-3.10.0/policy/modules/system/logging.if
---- serefpolicy-3.10.0/policy/modules/system/logging.if.ptrace 2011-10-27 13:59:13.767913665 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/logging.if 2011-10-27 13:59:14.391913190 -0400
+--- serefpolicy-3.10.0/policy/modules/system/logging.if.ptrace 2011-11-02 16:20:59.986543000 -0400
++++ serefpolicy-3.10.0/policy/modules/system/logging.if 2011-11-02 16:21:02.421309000 -0400
@@ -1095,9 +1095,13 @@ interface(`logging_admin_audit',`
type auditd_initrc_exec_t;
')
@@ -3635,8 +3611,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/logging.if.ptrace serefpolicy-
manage_dirs_pattern($1, klogd_var_run_t, klogd_var_run_t)
manage_files_pattern($1, klogd_var_run_t, klogd_var_run_t)
diff -up serefpolicy-3.10.0/policy/modules/system/mount.te.ptrace serefpolicy-3.10.0/policy/modules/system/mount.te
---- serefpolicy-3.10.0/policy/modules/system/mount.te.ptrace 2011-10-27 13:59:13.786913650 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/mount.te 2011-10-27 13:59:14.393913188 -0400
+--- serefpolicy-3.10.0/policy/modules/system/mount.te.ptrace 2011-11-02 16:21:00.088481000 -0400
++++ serefpolicy-3.10.0/policy/modules/system/mount.te 2011-11-02 16:21:02.429309000 -0400
@@ -48,7 +48,11 @@ role system_r types showmount_t;
# setuid/setgid needed to mount cifs
@@ -3651,8 +3627,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/mount.te.ptrace serefpolicy-3.
allow mount_t self:unix_stream_socket create_stream_socket_perms;
allow mount_t self:unix_dgram_socket create_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/system/sysnetwork.te.ptrace serefpolicy-3.10.0/policy/modules/system/sysnetwork.te
---- serefpolicy-3.10.0/policy/modules/system/sysnetwork.te.ptrace 2011-10-27 13:59:13.805913638 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/sysnetwork.te 2011-10-27 13:59:14.394913187 -0400
+--- serefpolicy-3.10.0/policy/modules/system/sysnetwork.te.ptrace 2011-11-02 16:21:00.168481000 -0400
++++ serefpolicy-3.10.0/policy/modules/system/sysnetwork.te 2011-11-02 16:21:02.437309000 -0400
@@ -51,10 +51,13 @@ files_config_file(net_conf_t)
# DHCP client local policy
#
@@ -3670,8 +3646,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/sysnetwork.te.ptrace serefpoli
allow dhcpc_t self:fifo_file rw_fifo_file_perms;
allow dhcpc_t self:tcp_socket create_stream_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/system/udev.te.ptrace serefpolicy-3.10.0/policy/modules/system/udev.te
---- serefpolicy-3.10.0/policy/modules/system/udev.te.ptrace 2011-10-27 13:59:13.813913630 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/udev.te 2011-10-27 13:59:14.396913187 -0400
+--- serefpolicy-3.10.0/policy/modules/system/udev.te.ptrace 2011-11-02 16:21:00.201481000 -0400
++++ serefpolicy-3.10.0/policy/modules/system/udev.te 2011-11-02 16:21:02.444309000 -0400
@@ -34,7 +34,7 @@ ifdef(`enable_mcs',`
# Local policy
#
@@ -3695,8 +3671,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/udev.te.ptrace serefpolicy-3.1
allow udev_t self:fd use;
allow udev_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/system/unconfined.if.ptrace serefpolicy-3.10.0/policy/modules/system/unconfined.if
---- serefpolicy-3.10.0/policy/modules/system/unconfined.if.ptrace 2011-10-27 13:59:13.851913603 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/unconfined.if 2011-10-27 13:59:14.397913187 -0400
+--- serefpolicy-3.10.0/policy/modules/system/unconfined.if.ptrace 2011-11-02 16:21:00.347484000 -0400
++++ serefpolicy-3.10.0/policy/modules/system/unconfined.if 2011-11-02 16:21:02.451309000 -0400
@@ -18,7 +18,12 @@ interface(`unconfined_domain_noaudit',`
')
@@ -3712,8 +3688,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/unconfined.if.ptrace serefpoli
allow $1 self:fifo_file { manage_fifo_file_perms relabelfrom relabelto };
diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace serefpolicy-3.10.0/policy/modules/system/userdomain.if
---- serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace 2011-10-27 13:59:13.975913508 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-10-27 13:59:14.403913182 -0400
+--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace 2011-11-02 16:21:00.833481000 -0400
++++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-11-02 16:21:02.483309000 -0400
@@ -40,7 +40,10 @@ template(`userdom_base_user_template',`
role $1_r types $1_t;
allow system_r $1_r;
@@ -3759,8 +3735,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace serefpoli
########################################
diff -up serefpolicy-3.10.0/policy/modules/system/xen.te.ptrace serefpolicy-3.10.0/policy/modules/system/xen.te
---- serefpolicy-3.10.0/policy/modules/system/xen.te.ptrace 2011-10-27 13:59:13.832913615 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/xen.te 2011-10-27 13:59:14.404913181 -0400
+--- serefpolicy-3.10.0/policy/modules/system/xen.te.ptrace 2011-11-02 16:21:00.309481000 -0400
++++ serefpolicy-3.10.0/policy/modules/system/xen.te 2011-11-02 16:21:02.493309000 -0400
@@ -206,7 +206,6 @@ tunable_policy(`xend_run_qemu',`
#
diff --git a/selinux-policy.spec b/selinux-policy.spec
index b3eedad..ca8820e 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -244,7 +244,7 @@ Based off of reference policy: Checked out revision 2.20091117
%prep
%setup -n serefpolicy-%{version} -q
%patch -p1
-%patch1 -p1
+%patch1 -p1 -b .unconfined
%patch2 -p1 -b .passwd
%patch3 -p1
%patch4 -p1 -b .execmem
More information about the scm-commits
mailing list