[selinux-policy/f13/master] - Add vbetool_mmap_zero_ignore boolean

[Miroslav Grepl]

commit dbf2d4dab870fa0b816a870c41966d9702462d7f
Author: Miroslav Grepl <mgrepl at redhat.com>
Date:   Fri Sep 24 15:22:38 2010 +0200

    - Add vbetool_mmap_zero_ignore boolean

 policy-F13.patch    |   27 +++++++++++++++++++++++++--
 selinux-policy.spec |    5 ++++-
 2 files changed, 29 insertions(+), 3 deletions(-)
---
diff --git a/policy-F13.patch b/policy-F13.patch
index a95636a..a542e38 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -2860,8 +2860,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.7.19/policy/modules/admin/vbetool.te
 --- nsaserefpolicy/policy/modules/admin/vbetool.te	2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/vbetool.te	2010-05-28 09:41:59.967610815 +0200
-@@ -25,7 +25,13 @@
++++ serefpolicy-3.7.19/policy/modules/admin/vbetool.te	2010-09-24 15:13:09.516386658 +0200
+@@ -6,6 +6,13 @@
+ # Declarations
+ #
+ 
++## <desc>
++## <p>
++##      Ignore vbetool mmap_zero errors.
++## </p>
++## </desc>
++gen_tunable(vbetool_mmap_zero_ignore, false)
++
+ type vbetool_t;
+ type vbetool_exec_t;
+ init_system_domain(vbetool_t, vbetool_exec_t)
+@@ -25,12 +32,22 @@
  dev_rw_xserver_misc(vbetool_t)
  dev_rw_mtrr(vbetool_t)
  
@@ -2875,6 +2889,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool
  
  term_use_unallocated_ttys(vbetool_t)
  
+ miscfiles_read_localization(vbetool_t)
+ 
++tunable_policy(`vbetool_mmap_zero_ignore',`
++        dontaudit vbetool_t self:memprotect mmap_zero;
++')
++
+ optional_policy(`
+ 	hal_rw_pid_files(vbetool_t)
+ 	hal_write_log(vbetool_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.7.19/policy/modules/admin/vpn.if
 --- nsaserefpolicy/policy/modules/admin/vpn.if	2010-04-13 20:44:37.000000000 +0200
 +++ serefpolicy-3.7.19/policy/modules/admin/vpn.if	2010-05-28 09:41:59.968610889 +0200
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 96801d2..7dde793 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.7.19
-Release: 61%{?dist}
+Release: 62%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -469,6 +469,9 @@ exit 0
 %endif
 
 %changelog
+* Fri Sep 24 2010 Miroslav Grepl <mgrepl at redhat.com> 3.7.19-62
+- Add vbetool_mmap_zero_ignore boolean
+
 * Fri Sep 24 2010 Miroslav Grepl <mgrepl at redhat.com> 3.7.19-61
 - Move c2s to run in jabber_router_t domain
 - Allow domains with different mcs levels to send each other signals as long as they are not identified as mcsconstrainproc