[selinux-policy: 2331/3172] Seunshare patch from Dan Walsh.

[Daniel J Walsh]

commit 46b03739acbb8595a579780956fccf8614a6cccc
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Dec 1 10:31:28 2009 -0500

    Seunshare patch from Dan Walsh.

 policy/modules/apps/seunshare.if |    8 ++++++++
 policy/modules/apps/seunshare.te |   14 ++++++++++++--
 2 files changed, 20 insertions(+), 2 deletions(-)
---
diff --git a/policy/modules/apps/seunshare.if b/policy/modules/apps/seunshare.if
index dbdf448..7f47897 100644
--- a/policy/modules/apps/seunshare.if
+++ b/policy/modules/apps/seunshare.if
@@ -41,6 +41,14 @@ interface(`seunshare_run',`
 
 	seunshare_domtrans($1)
 	role $2 types seunshare_t;
+
+	allow $1 seunshare_t:process signal_perms;
+
+	ifdef(`hide_broken_symptoms', `
+		dontaudit seunshare_t $1:tcp_socket rw_socket_perms;
+		dontaudit seunshare_t $1:udp_socket rw_socket_perms;
+		dontaudit seunshare_t $1:unix_stream_socket rw_socket_perms;
+	')
 ')
 
 ########################################
diff --git a/policy/modules/apps/seunshare.te b/policy/modules/apps/seunshare.te
index dcec4bf..5e810f2 100644
--- a/policy/modules/apps/seunshare.te
+++ b/policy/modules/apps/seunshare.te
@@ -1,5 +1,5 @@
 
-policy_module(seunshare, 1.0.0)
+policy_module(seunshare, 1.0.1)
 
 ########################################
 #
@@ -16,7 +16,7 @@ role system_r types seunshare_t;
 # seunshare local policy
 #
 
-allow seunshare_t self:capability setpcap;
+allow seunshare_t self:capability { setuid dac_override setpcap sys_admin };
 allow seunshare_t self:process { setexec signal getcap setcap };
 
 allow seunshare_t self:fifo_file rw_file_perms;
@@ -30,6 +30,16 @@ files_mounton_all_poly_members(seunshare_t)
 
 auth_use_nsswitch(seunshare_t)
 
+logging_send_syslog_msg(seunshare_t)
+
 miscfiles_read_localization(seunshare_t)
 
 userdom_use_user_terminals(seunshare_t)
+
+ifdef(`hide_broken_symptoms', `
+	fs_dontaudit_rw_anon_inodefs_files(seunshare_t)
+
+	optional_policy(`
+		mozilla_dontaudit_manage_user_home_files(seunshare_t)
+	')
+')