[selinux-policy/f13/master] - Add label for /root/.screen
Miroslav Grepl
mgrepl at fedoraproject.org
Mon Jan 24 17:55:46 UTC 2011
commit 00ee854fbd74df5443dba4238f18ff4252987ac0
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Mon Jan 24 18:55:58 2011 +0000
- Add label for /root/.screen
policy-F13.patch | 2306 ++++++++++++++++++++++++++-------------------------
selinux-policy.spec | 5 +-
2 files changed, 1176 insertions(+), 1135 deletions(-)
---
diff --git a/policy-F13.patch b/policy-F13.patch
index 1374a6f..3f2246a 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/sepgsql_contexts serefpolicy-3.7.19/config/appconfig-mcs/sepgsql_contexts
---- nsaserefpolicy/config/appconfig-mcs/sepgsql_contexts 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/config/appconfig-mcs/sepgsql_contexts 2011-01-19 19:02:35.494057572 +0100
+--- nsaserefpolicy/config/appconfig-mcs/sepgsql_contexts 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/config/appconfig-mcs/sepgsql_contexts 2011-01-19 18:02:35.000000000 +0000
@@ -0,0 +1,40 @@
+#
+# Initial security label for SE-PostgreSQL (MCS)
@@ -43,8 +43,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/sepgsql
+db_language *.plperl system_u:object_r:sepgsql_safe_lang_t:s0
+db_language *.* system_u:object_r:sepgsql_lang_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/sepgsql_contexts serefpolicy-3.7.19/config/appconfig-mls/sepgsql_contexts
---- nsaserefpolicy/config/appconfig-mls/sepgsql_contexts 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/config/appconfig-mls/sepgsql_contexts 2011-01-19 19:02:35.494057572 +0100
+--- nsaserefpolicy/config/appconfig-mls/sepgsql_contexts 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/config/appconfig-mls/sepgsql_contexts 2011-01-19 18:02:35.000000000 +0000
@@ -0,0 +1,40 @@
+#
+# Initial security label for SE-PostgreSQL (MLS)
@@ -87,8 +87,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/sepgsql
+db_language *.plperl system_u:object_r:sepgsql_safe_lang_t:s0
+db_language *.* system_u:object_r:sepgsql_lang_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/sepgsql_contexts serefpolicy-3.7.19/config/appconfig-standard/sepgsql_contexts
---- nsaserefpolicy/config/appconfig-standard/sepgsql_contexts 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/config/appconfig-standard/sepgsql_contexts 2011-01-19 19:02:35.495292665 +0100
+--- nsaserefpolicy/config/appconfig-standard/sepgsql_contexts 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/config/appconfig-standard/sepgsql_contexts 2011-01-19 18:02:35.000000000 +0000
@@ -0,0 +1,40 @@
+#
+# Initial security label for SE-PostgreSQL (none-MLS)
@@ -131,8 +131,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/se
+db_language *.plperl system_u:object_r:sepgsql_safe_lang_t
+db_language *.* system_u:object_r:sepgsql_lang_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.7.19/Makefile
---- nsaserefpolicy/Makefile 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/Makefile 2011-01-19 19:02:35.498308180 +0100
+--- nsaserefpolicy/Makefile 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/Makefile 2011-01-19 18:02:35.000000000 +0000
@@ -244,7 +244,7 @@
appdir := $(contextpath)
user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
@@ -143,8 +143,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.7.19/
all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-3.7.19/man/man8/ftpd_selinux.8
---- nsaserefpolicy/man/man8/ftpd_selinux.8 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/man/man8/ftpd_selinux.8 2010-09-09 15:08:15.357085367 +0200
+--- nsaserefpolicy/man/man8/ftpd_selinux.8 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/man/man8/ftpd_selinux.8 2010-09-09 13:08:15.000000000 +0000
@@ -15,7 +15,7 @@
semanage fcontext -a -t public_content_t "/var/ftp(/.*)?"
.TP
@@ -164,8 +164,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 sere
.SH BOOLEANS
.PP
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.7.19/policy/flask/access_vectors
---- nsaserefpolicy/policy/flask/access_vectors 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/flask/access_vectors 2011-01-19 19:02:35.500042367 +0100
+--- nsaserefpolicy/policy/flask/access_vectors 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/flask/access_vectors 2011-01-19 18:02:35.000000000 +0000
@@ -816,3 +816,32 @@
class x_keyboard
@@ -200,8 +200,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors
+ execute
+}
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/security_classes serefpolicy-3.7.19/policy/flask/security_classes
---- nsaserefpolicy/policy/flask/security_classes 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/flask/security_classes 2011-01-19 19:02:35.501042440 +0100
+--- nsaserefpolicy/policy/flask/security_classes 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/flask/security_classes 2011-01-19 18:02:35.000000000 +0000
@@ -125,4 +125,10 @@
class x_pointer # userspace
class x_keyboard # userspace
@@ -214,8 +214,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/security_classe
+
# FLASK
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.7.19/policy/global_tunables
---- nsaserefpolicy/policy/global_tunables 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/global_tunables 2011-01-18 18:06:48.149053065 +0100
+--- nsaserefpolicy/policy/global_tunables 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/global_tunables 2011-01-18 17:06:48.000000000 +0000
@@ -61,15 +61,6 @@
## <desc>
@@ -266,8 +266,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables seref
+gen_tunable(mmap_low_allowed, false)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.7.19/policy/mcs
---- nsaserefpolicy/policy/mcs 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/mcs 2011-01-19 19:02:35.502042304 +0100
+--- nsaserefpolicy/policy/mcs 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/mcs 2011-01-19 18:02:35.000000000 +0000
@@ -86,10 +86,10 @@
(( h1 dom h2 ) and ( l2 eq h2 ));
@@ -330,8 +330,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.7.1
( h1 dom h2 );
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.7.19/policy/mls
---- nsaserefpolicy/policy/mls 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/mls 2011-01-19 19:02:35.504042381 +0100
+--- nsaserefpolicy/policy/mls 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/mls 2011-01-19 18:02:35.000000000 +0000
@@ -208,12 +208,14 @@
(( l1 eq l2 ) or
(( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
@@ -466,16 +466,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.7.1
(( t3 == mlsdbupgrade ) and ( l1 domby l2 )) or
(( t3 == mlsdbdowngrade ) and ( l1 dom l2 )) or
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/accountsd.fc serefpolicy-3.7.19/policy/modules/admin/accountsd.fc
---- nsaserefpolicy/policy/modules/admin/accountsd.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/admin/accountsd.fc 2010-05-28 09:41:59.944611136 +0200
+--- nsaserefpolicy/policy/modules/admin/accountsd.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/accountsd.fc 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,4 @@
+
+/usr/libexec/accounts-daemon -- gen_context(system_u:object_r:accountsd_exec_t,s0)
+
+/var/lib/AccountsService(/.*)? gen_context(system_u:object_r:accountsd_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/accountsd.if serefpolicy-3.7.19/policy/modules/admin/accountsd.if
---- nsaserefpolicy/policy/modules/admin/accountsd.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/admin/accountsd.if 2010-05-28 09:41:59.944611136 +0200
+--- nsaserefpolicy/policy/modules/admin/accountsd.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/accountsd.if 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,164 @@
+## <summary>policy for accountsd</summary>
+
@@ -642,8 +642,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/account
+ accountsd_manage_var_lib($1)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/accountsd.te serefpolicy-3.7.19/policy/modules/admin/accountsd.te
---- nsaserefpolicy/policy/modules/admin/accountsd.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/admin/accountsd.te 2010-08-24 15:44:39.211083773 +0200
+--- nsaserefpolicy/policy/modules/admin/accountsd.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/accountsd.te 2010-08-24 13:44:39.000000000 +0000
@@ -0,0 +1,62 @@
+policy_module(accountsd,1.0.0)
+
@@ -708,8 +708,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/account
+ xserver_dbus_chat_xdm(accountsd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-3.7.19/policy/modules/admin/acct.te
---- nsaserefpolicy/policy/modules/admin/acct.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/acct.te 2010-05-28 09:41:59.946611004 +0200
+--- nsaserefpolicy/policy/modules/admin/acct.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/acct.te 2010-05-28 07:41:59.000000000 +0000
@@ -43,6 +43,7 @@
fs_getattr_xattr_fs(acct_t)
@@ -719,8 +719,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te
corecmd_exec_bin(acct_t)
corecmd_exec_shell(acct_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.7.19/policy/modules/admin/alsa.te
---- nsaserefpolicy/policy/modules/admin/alsa.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/alsa.te 2010-05-28 09:41:59.946611004 +0200
+--- nsaserefpolicy/policy/modules/admin/alsa.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/alsa.te 2010-05-28 07:41:59.000000000 +0000
@@ -52,6 +52,8 @@
files_read_usr_files(alsa_t)
@@ -731,8 +731,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te
auth_use_nsswitch(alsa_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.7.19/policy/modules/admin/anaconda.te
---- nsaserefpolicy/policy/modules/admin/anaconda.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/anaconda.te 2010-05-28 09:41:59.947613243 +0200
+--- nsaserefpolicy/policy/modules/admin/anaconda.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/anaconda.te 2010-05-28 07:41:59.000000000 +0000
@@ -29,8 +29,10 @@
logging_send_syslog_msg(anaconda_t)
@@ -754,8 +754,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anacond
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.if serefpolicy-3.7.19/policy/modules/admin/bootloader.if
---- nsaserefpolicy/policy/modules/admin/bootloader.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/bootloader.if 2010-11-02 18:30:14.260901576 +0100
+--- nsaserefpolicy/policy/modules/admin/bootloader.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/bootloader.if 2010-11-02 17:30:14.000000000 +0000
@@ -18,6 +18,24 @@
domtrans_pattern($1, bootloader_exec_t, bootloader_t)
')
@@ -782,8 +782,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloa
## <summary>
## Execute bootloader interactively and do
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.if serefpolicy-3.7.19/policy/modules/admin/brctl.if
---- nsaserefpolicy/policy/modules/admin/brctl.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/brctl.if 2010-10-13 09:27:42.212650392 +0200
+--- nsaserefpolicy/policy/modules/admin/brctl.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/brctl.if 2010-10-13 07:27:42.000000000 +0000
@@ -17,3 +17,29 @@
domtrans_pattern($1, brctl_exec_t, brctl_t)
@@ -815,8 +815,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.i
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.7.19/policy/modules/admin/certwatch.te
---- nsaserefpolicy/policy/modules/admin/certwatch.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/certwatch.te 2010-07-19 15:48:02.471151653 +0200
+--- nsaserefpolicy/policy/modules/admin/certwatch.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/certwatch.te 2010-07-19 13:48:02.000000000 +0000
@@ -36,7 +36,7 @@
miscfiles_read_localization(certwatch_t)
@@ -835,8 +835,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwat
pcscd_read_pub_files(certwatch_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.if serefpolicy-3.7.19/policy/modules/admin/consoletype.if
---- nsaserefpolicy/policy/modules/admin/consoletype.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/consoletype.if 2010-05-28 09:41:59.948610734 +0200
+--- nsaserefpolicy/policy/modules/admin/consoletype.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/consoletype.if 2010-05-28 07:41:59.000000000 +0000
@@ -19,6 +19,9 @@
corecmd_search_bin($1)
@@ -848,8 +848,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/console
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.7.19/policy/modules/admin/consoletype.te
---- nsaserefpolicy/policy/modules/admin/consoletype.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/consoletype.te 2010-06-15 07:03:31.488859559 +0200
+--- nsaserefpolicy/policy/modules/admin/consoletype.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/consoletype.te 2010-06-15 05:03:31.000000000 +0000
@@ -10,7 +10,6 @@
type consoletype_exec_t;
application_executable_file(consoletype_exec_t)
@@ -868,8 +868,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/console
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-3.7.19/policy/modules/admin/dmesg.te
---- nsaserefpolicy/policy/modules/admin/dmesg.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/dmesg.te 2011-01-03 08:59:40.202042256 +0100
+--- nsaserefpolicy/policy/modules/admin/dmesg.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/dmesg.te 2011-01-03 07:59:40.000000000 +0000
@@ -24,6 +24,7 @@
kernel_read_ring_buffer(dmesg_t)
kernel_clear_ring_buffer(dmesg_t)
@@ -892,8 +892,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.t
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.7.19/policy/modules/admin/firstboot.te
---- nsaserefpolicy/policy/modules/admin/firstboot.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/firstboot.te 2010-09-01 16:15:20.344336196 +0200
+--- nsaserefpolicy/policy/modules/admin/firstboot.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/firstboot.te 2010-09-01 14:15:20.000000000 +0000
@@ -77,6 +77,7 @@
miscfiles_read_localization(firstboot_t)
@@ -927,8 +927,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstbo
xserver_unconfined(firstboot_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.7.19/policy/modules/admin/kismet.te
---- nsaserefpolicy/policy/modules/admin/kismet.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/kismet.te 2010-05-28 09:41:59.951610956 +0200
+--- nsaserefpolicy/policy/modules/admin/kismet.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/kismet.te 2010-05-28 07:41:59.000000000 +0000
@@ -45,6 +45,7 @@
manage_dirs_pattern(kismet_t, kismet_home_t, kismet_home_t)
manage_files_pattern(kismet_t, kismet_home_t, kismet_home_t)
@@ -938,8 +938,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.7.19/policy/modules/admin/logrotate.te
---- nsaserefpolicy/policy/modules/admin/logrotate.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/logrotate.te 2010-09-21 15:36:04.691635808 +0200
+--- nsaserefpolicy/policy/modules/admin/logrotate.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/logrotate.te 2010-09-21 13:36:04.000000000 +0000
@@ -32,7 +32,7 @@
# Change ownership on log files.
allow logrotate_t self:capability { chown dac_override dac_read_search kill fsetid fowner sys_resource sys_nice };
@@ -1065,8 +1065,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota
varnishd_manage_log(logrotate_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.fc serefpolicy-3.7.19/policy/modules/admin/logwatch.fc
---- nsaserefpolicy/policy/modules/admin/logwatch.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/logwatch.fc 2010-06-21 10:14:20.553072833 +0200
+--- nsaserefpolicy/policy/modules/admin/logwatch.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/logwatch.fc 2010-06-21 08:14:20.000000000 +0000
@@ -1,7 +1,14 @@
+
+/usr/sbin/epylog -- gen_context(system_u:object_r:logwatch_exec_t,s0)
@@ -1083,8 +1083,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc
+
+/var/run/epylog\.pid -- gen_context(system_u:object_r:logwatch_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.7.19/policy/modules/admin/logwatch.te
---- nsaserefpolicy/policy/modules/admin/logwatch.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/logwatch.te 2010-10-25 10:18:24.897901204 +0200
+--- nsaserefpolicy/policy/modules/admin/logwatch.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/logwatch.te 2010-10-25 08:18:24.000000000 +0000
@@ -20,6 +20,9 @@
type logwatch_tmp_t;
files_tmp_file(logwatch_tmp_t)
@@ -1149,8 +1149,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mcelog.te serefpolicy-3.7.19/policy/modules/admin/mcelog.te
---- nsaserefpolicy/policy/modules/admin/mcelog.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/mcelog.te 2010-05-28 09:41:59.952610471 +0200
+--- nsaserefpolicy/policy/modules/admin/mcelog.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/mcelog.te 2010-05-28 07:41:59.000000000 +0000
@@ -25,6 +25,8 @@
files_read_etc_files(mcelog_t)
@@ -1161,8 +1161,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mcelog.
miscfiles_read_localization(mcelog_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.7.19/policy/modules/admin/mrtg.te
---- nsaserefpolicy/policy/modules/admin/mrtg.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/mrtg.te 2010-05-28 09:41:59.952610471 +0200
+--- nsaserefpolicy/policy/modules/admin/mrtg.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/mrtg.te 2010-05-28 07:41:59.000000000 +0000
@@ -116,6 +116,7 @@
userdom_use_user_terminals(mrtg_t)
userdom_dontaudit_read_user_home_content_files(mrtg_t)
@@ -1172,14 +1172,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te
netutils_domtrans_ping(mrtg_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool.fc serefpolicy-3.7.19/policy/modules/admin/ncftool.fc
---- nsaserefpolicy/policy/modules/admin/ncftool.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/admin/ncftool.fc 2010-08-13 09:45:26.896085235 +0200
+--- nsaserefpolicy/policy/modules/admin/ncftool.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/ncftool.fc 2010-08-13 07:45:26.000000000 +0000
@@ -0,0 +1,2 @@
+
+/usr/bin/ncftool -- gen_context(system_u:object_r:ncftool_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool.if serefpolicy-3.7.19/policy/modules/admin/ncftool.if
---- nsaserefpolicy/policy/modules/admin/ncftool.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/admin/ncftool.if 2010-08-04 14:43:25.607335716 +0200
+--- nsaserefpolicy/policy/modules/admin/ncftool.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/ncftool.if 2010-08-04 12:43:25.000000000 +0000
@@ -0,0 +1,78 @@
+
+## <summary>policy for ncftool</summary>
@@ -1260,8 +1260,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool.te serefpolicy-3.7.19/policy/modules/admin/ncftool.te
---- nsaserefpolicy/policy/modules/admin/ncftool.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/admin/ncftool.te 2010-08-13 08:38:27.092085187 +0200
+--- nsaserefpolicy/policy/modules/admin/ncftool.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/ncftool.te 2010-08-13 06:38:27.000000000 +0000
@@ -0,0 +1,100 @@
+
+policy_module(ncftool,1.0.0)
@@ -1364,8 +1364,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool
+ netutils_domtrans(ncftool_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.fc serefpolicy-3.7.19/policy/modules/admin/netutils.fc
---- nsaserefpolicy/policy/modules/admin/netutils.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/netutils.fc 2010-05-28 09:41:59.953610894 +0200
+--- nsaserefpolicy/policy/modules/admin/netutils.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/netutils.fc 2010-05-28 07:41:59.000000000 +0000
@@ -9,6 +9,8 @@
/usr/bin/nmap -- gen_context(system_u:object_r:traceroute_exec_t,s0)
/usr/bin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0)
@@ -1376,8 +1376,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
/usr/sbin/tcpdump -- gen_context(system_u:object_r:netutils_exec_t,s0)
+/usr/sbin/send_arp -- gen_context(system_u:object_r:ping_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.if serefpolicy-3.7.19/policy/modules/admin/netutils.if
---- nsaserefpolicy/policy/modules/admin/netutils.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/netutils.if 2010-12-15 14:42:55.632042421 +0100
+--- nsaserefpolicy/policy/modules/admin/netutils.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/netutils.if 2010-12-15 13:42:55.000000000 +0000
@@ -41,6 +41,7 @@
')
@@ -1424,8 +1424,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.7.19/policy/modules/admin/netutils.te
---- nsaserefpolicy/policy/modules/admin/netutils.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/netutils.te 2010-07-13 11:08:40.256752721 +0200
+--- nsaserefpolicy/policy/modules/admin/netutils.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/netutils.te 2010-07-13 09:08:40.000000000 +0000
@@ -44,6 +44,7 @@
allow netutils_t self:packet_socket create_socket_perms;
allow netutils_t self:udp_socket create_socket_perms;
@@ -1522,8 +1522,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
+ term_dontaudit_use_all_ptys(traceroute_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.fc serefpolicy-3.7.19/policy/modules/admin/prelink.fc
---- nsaserefpolicy/policy/modules/admin/prelink.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/prelink.fc 2010-05-28 09:41:59.955610693 +0200
+--- nsaserefpolicy/policy/modules/admin/prelink.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/prelink.fc 2010-05-28 07:41:59.000000000 +0000
@@ -1,3 +1,4 @@
+/etc/cron\.daily/prelink -- gen_context(system_u:object_r:prelink_cron_system_exec_t,s0)
@@ -1537,8 +1537,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
+/var/lib/misc/prelink.* -- gen_context(system_u:object_r:prelink_var_lib_t,s0)
+/var/lib/prelink(/.*)? gen_context(system_u:object_r:prelink_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.if serefpolicy-3.7.19/policy/modules/admin/prelink.if
---- nsaserefpolicy/policy/modules/admin/prelink.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/prelink.if 2010-05-28 09:41:59.955610693 +0200
+--- nsaserefpolicy/policy/modules/admin/prelink.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/prelink.if 2010-05-28 07:41:59.000000000 +0000
@@ -17,6 +17,30 @@
corecmd_search_bin($1)
@@ -1585,8 +1585,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
+ relabel_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.7.19/policy/modules/admin/prelink.te
---- nsaserefpolicy/policy/modules/admin/prelink.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/prelink.te 2010-09-16 15:32:42.205637133 +0200
+--- nsaserefpolicy/policy/modules/admin/prelink.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/prelink.te 2010-09-16 13:32:42.000000000 +0000
@@ -21,8 +21,21 @@
type prelink_tmp_t;
files_tmp_file(prelink_tmp_t)
@@ -1732,8 +1732,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/quota.te serefpolicy-3.7.19/policy/modules/admin/quota.te
---- nsaserefpolicy/policy/modules/admin/quota.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/quota.te 2010-05-28 09:41:59.956610558 +0200
+--- nsaserefpolicy/policy/modules/admin/quota.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/quota.te 2010-05-28 07:41:59.000000000 +0000
@@ -39,6 +39,7 @@
kernel_list_proc(quota_t)
kernel_read_proc_symlinks(quota_t)
@@ -1743,8 +1743,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/quota.t
dev_read_sysfs(quota_t)
dev_getattr_all_blk_files(quota_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.7.19/policy/modules/admin/readahead.te
---- nsaserefpolicy/policy/modules/admin/readahead.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/readahead.te 2010-08-10 16:20:02.216085125 +0200
+--- nsaserefpolicy/policy/modules/admin/readahead.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/readahead.te 2010-08-10 14:20:02.000000000 +0000
@@ -52,6 +52,7 @@
files_list_non_security(readahead_t)
@@ -1766,8 +1766,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe
fs_dontaudit_read_ramfs_pipes(readahead_t)
fs_dontaudit_read_ramfs_files(readahead_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.7.19/policy/modules/admin/rpm.fc
---- nsaserefpolicy/policy/modules/admin/rpm.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/rpm.fc 2010-08-05 16:24:23.494085276 +0200
+--- nsaserefpolicy/policy/modules/admin/rpm.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/rpm.fc 2010-08-05 14:24:23.000000000 +0000
@@ -1,18 +1,20 @@
/bin/rpm -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -1822,8 +1822,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc
ifdef(`distro_suse', `
/usr/bin/online_update -- gen_context(system_u:object_r:rpm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.7.19/policy/modules/admin/rpm.if
---- nsaserefpolicy/policy/modules/admin/rpm.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/rpm.if 2010-11-11 15:55:49.911148064 +0100
+--- nsaserefpolicy/policy/modules/admin/rpm.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/rpm.if 2010-11-11 14:55:49.000000000 +0000
@@ -13,11 +13,36 @@
interface(`rpm_domtrans',`
gen_require(`
@@ -2296,8 +2296,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.7.19/policy/modules/admin/rpm.te
---- nsaserefpolicy/policy/modules/admin/rpm.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/rpm.te 2011-01-07 10:32:51.757290974 +0100
+--- nsaserefpolicy/policy/modules/admin/rpm.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/rpm.te 2011-01-07 09:32:51.000000000 +0000
@@ -1,6 +1,8 @@
policy_module(rpm, 1.10.0)
@@ -2599,8 +2599,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te
optional_policy(`
java_domtrans_unconfined(rpm_script_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sectoolm.te serefpolicy-3.7.19/policy/modules/admin/sectoolm.te
---- nsaserefpolicy/policy/modules/admin/sectoolm.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/sectoolm.te 2010-06-28 16:05:26.150150582 +0200
+--- nsaserefpolicy/policy/modules/admin/sectoolm.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/sectoolm.te 2010-06-28 14:05:26.000000000 +0000
@@ -85,6 +85,7 @@
sysnet_domtrans_ifconfig(sectoolm_t)
@@ -2610,8 +2610,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sectool
optional_policy(`
mount_exec(sectoolm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.fc serefpolicy-3.7.19/policy/modules/admin/shorewall.fc
---- nsaserefpolicy/policy/modules/admin/shorewall.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/shorewall.fc 2011-01-04 15:04:49.174051690 +0100
+--- nsaserefpolicy/policy/modules/admin/shorewall.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/shorewall.fc 2011-01-04 14:04:49.000000000 +0000
@@ -11,4 +11,6 @@
/var/lib/shorewall6(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0)
/var/lib/shorewall-lite(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0)
@@ -2620,8 +2620,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewa
+
/var/log/shorewall.* gen_context(system_u:object_r:shorewall_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.if serefpolicy-3.7.19/policy/modules/admin/shorewall.if
---- nsaserefpolicy/policy/modules/admin/shorewall.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/shorewall.if 2010-09-09 13:43:11.957085205 +0200
+--- nsaserefpolicy/policy/modules/admin/shorewall.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/shorewall.if 2010-09-09 11:43:11.000000000 +0000
@@ -18,47 +18,27 @@
domtrans_pattern($1, shorewall_exec_t, shorewall_t)
')
@@ -2746,8 +2746,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewa
admin_pattern($1, shorewall_var_lib_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.te serefpolicy-3.7.19/policy/modules/admin/shorewall.te
---- nsaserefpolicy/policy/modules/admin/shorewall.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/shorewall.te 2010-08-17 10:55:12.906334026 +0200
+--- nsaserefpolicy/policy/modules/admin/shorewall.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/shorewall.te 2010-08-17 08:55:12.000000000 +0000
@@ -59,6 +59,9 @@
manage_dirs_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
manage_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
@@ -2783,8 +2783,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewa
optional_policy(`
iptables_domtrans(shorewall_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.fc serefpolicy-3.7.19/policy/modules/admin/shutdown.fc
---- nsaserefpolicy/policy/modules/admin/shutdown.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/admin/shutdown.fc 2010-05-28 09:41:59.962611422 +0200
+--- nsaserefpolicy/policy/modules/admin/shutdown.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/shutdown.fc 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,5 @@
+/etc/nologin -- gen_context(system_u:object_r:shutdown_etc_t,s0)
+
@@ -2792,8 +2792,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
+
+/var/run/shutdown\.pid -- gen_context(system_u:object_r:shutdown_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.if serefpolicy-3.7.19/policy/modules/admin/shutdown.if
---- nsaserefpolicy/policy/modules/admin/shutdown.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/admin/shutdown.if 2010-05-28 09:41:59.963611216 +0200
+--- nsaserefpolicy/policy/modules/admin/shutdown.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/shutdown.if 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,136 @@
+
+## <summary>policy for shutdown</summary>
@@ -2932,8 +2932,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
+ allow $1 shutdown_exec_t:file getattr;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.te serefpolicy-3.7.19/policy/modules/admin/shutdown.te
---- nsaserefpolicy/policy/modules/admin/shutdown.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/admin/shutdown.te 2011-01-14 14:43:24.000042258 +0100
+--- nsaserefpolicy/policy/modules/admin/shutdown.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/shutdown.te 2011-01-14 13:43:24.000000000 +0000
@@ -0,0 +1,70 @@
+policy_module(shutdown,1.0.0)
+
@@ -3006,8 +3006,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
+ xserver_dontaudit_write_log(shutdown_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.te serefpolicy-3.7.19/policy/modules/admin/smoltclient.te
---- nsaserefpolicy/policy/modules/admin/smoltclient.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/smoltclient.te 2010-10-26 13:48:18.337651044 +0200
+--- nsaserefpolicy/policy/modules/admin/smoltclient.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/smoltclient.te 2010-10-26 11:48:18.000000000 +0000
@@ -46,6 +46,7 @@
files_getattr_generic_locks(smoltclient_t)
@@ -3017,16 +3017,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltcl
auth_use_nsswitch(smoltclient_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.fc serefpolicy-3.7.19/policy/modules/admin/sudo.fc
---- nsaserefpolicy/policy/modules/admin/sudo.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/sudo.fc 2010-09-13 15:54:07.362085420 +0200
+--- nsaserefpolicy/policy/modules/admin/sudo.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/sudo.fc 2010-09-13 13:54:07.000000000 +0000
@@ -1,2 +1,4 @@
/usr/bin/sudo(edit)? -- gen_context(system_u:object_r:sudo_exec_t,s0)
+
+/var/db/sudo(/.*)? gen_context(system_u:object_r:sudo_db_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.7.19/policy/modules/admin/sudo.if
---- nsaserefpolicy/policy/modules/admin/sudo.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/sudo.if 2010-10-05 16:40:27.236667890 +0200
+--- nsaserefpolicy/policy/modules/admin/sudo.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/sudo.if 2010-10-05 14:40:27.000000000 +0000
@@ -32,6 +32,7 @@
gen_require(`
@@ -3084,8 +3084,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
tunable_policy(`use_nfs_home_dirs',`
fs_manage_nfs_files($1_sudo_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.te serefpolicy-3.7.19/policy/modules/admin/sudo.te
---- nsaserefpolicy/policy/modules/admin/sudo.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/sudo.te 2010-09-13 15:54:35.371085087 +0200
+--- nsaserefpolicy/policy/modules/admin/sudo.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/sudo.te 2010-09-13 13:54:35.000000000 +0000
@@ -8,3 +8,6 @@
type sudo_exec_t;
@@ -3094,8 +3094,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.te
+type sudo_db_t;
+files_type(sudo_db_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.7.19/policy/modules/admin/su.if
---- nsaserefpolicy/policy/modules/admin/su.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/su.if 2010-05-28 09:41:59.965611225 +0200
+--- nsaserefpolicy/policy/modules/admin/su.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/su.if 2010-05-28 07:41:59.000000000 +0000
@@ -58,6 +58,10 @@
allow $2 $1_su_t:fifo_file rw_file_perms;
allow $2 $1_su_t:process sigchld;
@@ -3136,8 +3136,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
ifdef(`distro_redhat',`
# RHEL5 and possibly newer releases incl. Fedora
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.7.19/policy/modules/admin/tmpreaper.te
---- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/tmpreaper.te 2010-05-28 09:41:59.965611225 +0200
+--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/tmpreaper.te 2010-05-28 07:41:59.000000000 +0000
@@ -26,8 +26,11 @@
files_read_etc_files(tmpreaper_t)
files_read_var_lib_files(tmpreaper_t)
@@ -3192,8 +3192,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
unconfined_domain(tmpreaper_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.7.19/policy/modules/admin/usermanage.if
---- nsaserefpolicy/policy/modules/admin/usermanage.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/usermanage.if 2010-05-28 09:41:59.966611090 +0200
+--- nsaserefpolicy/policy/modules/admin/usermanage.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/usermanage.if 2010-05-28 07:41:59.000000000 +0000
@@ -18,6 +18,10 @@
files_search_usr($1)
corecmd_search_bin($1)
@@ -3250,8 +3250,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
nscd_run(useradd_t, $2)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.7.19/policy/modules/admin/usermanage.te
---- nsaserefpolicy/policy/modules/admin/usermanage.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/usermanage.te 2011-01-07 10:29:10.209292372 +0100
+--- nsaserefpolicy/policy/modules/admin/usermanage.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/usermanage.te 2011-01-07 09:29:10.000000000 +0000
@@ -197,8 +197,8 @@
selinux_compute_relabel_context(groupadd_t)
selinux_compute_user_contexts(groupadd_t)
@@ -3377,8 +3377,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.7.19/policy/modules/admin/vbetool.te
---- nsaserefpolicy/policy/modules/admin/vbetool.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/vbetool.te 2010-09-24 15:13:09.516386658 +0200
+--- nsaserefpolicy/policy/modules/admin/vbetool.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/vbetool.te 2010-09-24 13:13:09.000000000 +0000
@@ -6,6 +6,13 @@
# Declarations
#
@@ -3417,8 +3417,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool
hal_rw_pid_files(vbetool_t)
hal_write_log(vbetool_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.7.19/policy/modules/admin/vpn.if
---- nsaserefpolicy/policy/modules/admin/vpn.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/vpn.if 2010-05-28 09:41:59.968610889 +0200
+--- nsaserefpolicy/policy/modules/admin/vpn.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/vpn.if 2010-05-28 07:41:59.000000000 +0000
@@ -110,7 +110,7 @@
## </summary>
## </param>
@@ -3451,8 +3451,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if
+ allow $1 vpnc_t:tun_socket relabelfrom;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.7.19/policy/modules/admin/vpn.te
---- nsaserefpolicy/policy/modules/admin/vpn.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/admin/vpn.te 2010-10-08 10:44:30.399901187 +0200
+--- nsaserefpolicy/policy/modules/admin/vpn.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/admin/vpn.te 2010-10-08 08:44:30.000000000 +0000
@@ -31,7 +31,7 @@
allow vpnc_t self:rawip_socket create_socket_perms;
allow vpnc_t self:unix_dgram_socket create_socket_perms;
@@ -3488,8 +3488,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te
+ networkmanager_attach_tun_iface(vpnc_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats.te serefpolicy-3.7.19/policy/modules/apps/awstats.te
---- nsaserefpolicy/policy/modules/apps/awstats.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/awstats.te 2010-07-13 09:35:08.639752643 +0200
+--- nsaserefpolicy/policy/modules/apps/awstats.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/awstats.te 2010-07-13 07:35:08.000000000 +0000
@@ -45,6 +45,7 @@
dev_read_urand(awstats_t)
@@ -3499,8 +3499,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats.
# e.g. /usr/share/awstats/lang/awstats-en.txt
files_read_usr_files(awstats_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cdrecord.te serefpolicy-3.7.19/policy/modules/apps/cdrecord.te
---- nsaserefpolicy/policy/modules/apps/cdrecord.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/cdrecord.te 2010-11-23 10:23:24.860149261 +0100
+--- nsaserefpolicy/policy/modules/apps/cdrecord.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/cdrecord.te 2010-11-23 09:23:24.000000000 +0000
@@ -28,7 +28,7 @@
#
@@ -3511,15 +3511,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cdrecord
allow cdrecord_t self:unix_stream_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.fc serefpolicy-3.7.19/policy/modules/apps/chrome.fc
---- nsaserefpolicy/policy/modules/apps/chrome.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/chrome.fc 2010-05-28 09:41:59.969610893 +0200
+--- nsaserefpolicy/policy/modules/apps/chrome.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/chrome.fc 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,3 @@
+ /opt/google/chrome/chrome-sandbox -- gen_context(system_u:object_r:chrome_sandbox_exec_t,s0)
+
+/usr/lib(64)?/chromium-browser/chrome-sandbox -- gen_context(system_u:object_r:chrome_sandbox_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.if serefpolicy-3.7.19/policy/modules/apps/chrome.if
---- nsaserefpolicy/policy/modules/apps/chrome.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/chrome.if 2010-12-01 11:41:01.779291928 +0100
+--- nsaserefpolicy/policy/modules/apps/chrome.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/chrome.if 2010-12-01 10:41:01.000000000 +0000
@@ -0,0 +1,91 @@
+
+## <summary>policy for chrome</summary>
@@ -3613,8 +3613,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.i
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.te serefpolicy-3.7.19/policy/modules/apps/chrome.te
---- nsaserefpolicy/policy/modules/apps/chrome.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/chrome.te 2010-12-06 17:06:13.870042468 +0100
+--- nsaserefpolicy/policy/modules/apps/chrome.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/chrome.te 2010-12-06 16:06:13.000000000 +0000
@@ -0,0 +1,91 @@
+policy_module(chrome,1.0.0)
+
@@ -3708,8 +3708,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.t
+ fs_dontaudit_append_cifs_files(chrome_sandbox_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.te serefpolicy-3.7.19/policy/modules/apps/cpufreqselector.te
---- nsaserefpolicy/policy/modules/apps/cpufreqselector.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/cpufreqselector.te 2010-05-28 09:41:59.971610832 +0200
+--- nsaserefpolicy/policy/modules/apps/cpufreqselector.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/cpufreqselector.te 2010-05-28 07:41:59.000000000 +0000
@@ -25,8 +25,10 @@
dev_rw_sysfs(cpufreqselector_t)
@@ -3723,8 +3723,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqs
optional_policy(`
dbus_system_domain(cpufreqselector_t, cpufreqselector_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.fc serefpolicy-3.7.19/policy/modules/apps/execmem.fc
---- nsaserefpolicy/policy/modules/apps/execmem.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/execmem.fc 2010-08-17 15:04:07.036334389 +0200
+--- nsaserefpolicy/policy/modules/apps/execmem.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/execmem.fc 2010-08-17 13:04:07.000000000 +0000
@@ -0,0 +1,47 @@
+
+/usr/bin/aticonfig -- gen_context(system_u:object_r:execmem_exec_t,s0)
@@ -3774,8 +3774,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.
+/opt/google/chrome/google-chrome -- gen_context(system_u:object_r:execmem_exec_t,s0)
+/opt/Komodo-Edit-5/lib/mozilla/komodo-bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.if serefpolicy-3.7.19/policy/modules/apps/execmem.if
---- nsaserefpolicy/policy/modules/apps/execmem.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/execmem.if 2010-05-28 09:41:59.972612093 +0200
+--- nsaserefpolicy/policy/modules/apps/execmem.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/execmem.if 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,110 @@
+## <summary>execmem domain</summary>
+
@@ -3888,8 +3888,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.
+ domtrans_pattern($1, execmem_exec_t, $2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.te serefpolicy-3.7.19/policy/modules/apps/execmem.te
---- nsaserefpolicy/policy/modules/apps/execmem.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/execmem.te 2010-05-28 09:41:59.973610840 +0200
+--- nsaserefpolicy/policy/modules/apps/execmem.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/execmem.te 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,11 @@
+
+policy_module(execmem, 1.0.0)
@@ -3903,15 +3903,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.
+application_executable_file(execmem_exec_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.fc serefpolicy-3.7.19/policy/modules/apps/firewallgui.fc
---- nsaserefpolicy/policy/modules/apps/firewallgui.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/firewallgui.fc 2010-05-28 09:41:59.974610705 +0200
+--- nsaserefpolicy/policy/modules/apps/firewallgui.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/firewallgui.fc 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,3 @@
+
+/usr/share/system-config-firewall/system-config-firewall-mechanism.py -- gen_context(system_u:object_r:firewallgui_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.if serefpolicy-3.7.19/policy/modules/apps/firewallgui.if
---- nsaserefpolicy/policy/modules/apps/firewallgui.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/firewallgui.if 2010-05-28 09:41:59.974610705 +0200
+--- nsaserefpolicy/policy/modules/apps/firewallgui.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/firewallgui.if 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,23 @@
+
+## <summary>policy for firewallgui</summary>
@@ -3937,8 +3937,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewall
+ allow firewallgui_t $1:dbus send_msg;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.te serefpolicy-3.7.19/policy/modules/apps/firewallgui.te
---- nsaserefpolicy/policy/modules/apps/firewallgui.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/firewallgui.te 2010-11-11 15:54:48.726147945 +0100
+--- nsaserefpolicy/policy/modules/apps/firewallgui.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/firewallgui.te 2010-11-11 14:54:48.000000000 +0000
@@ -0,0 +1,70 @@
+
+policy_module(firewallgui,1.0.0)
@@ -4011,8 +4011,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewall
+ rpm_dontaudit_search_db(firewallgui_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.fc serefpolicy-3.7.19/policy/modules/apps/gitosis.fc
---- nsaserefpolicy/policy/modules/apps/gitosis.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/gitosis.fc 2010-06-08 14:54:39.156860589 +0200
+--- nsaserefpolicy/policy/modules/apps/gitosis.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/gitosis.fc 2010-06-08 12:54:39.000000000 +0000
@@ -1,3 +1,5 @@
/usr/bin/gitosis-serve -- gen_context(system_u:object_r:gitosis_exec_t,s0)
+/usr/bin/gl-auth-command -- gen_context(system_u:object_r:gitosis_exec_t,s0)
@@ -4020,8 +4020,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.
/var/lib/gitosis(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0)
+/var/lib/gitolite(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.7.19/policy/modules/apps/gitosis.if
---- nsaserefpolicy/policy/modules/apps/gitosis.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/gitosis.if 2010-05-28 09:41:59.975610499 +0200
+--- nsaserefpolicy/policy/modules/apps/gitosis.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/gitosis.if 2010-05-28 07:41:59.000000000 +0000
@@ -62,7 +62,7 @@
files_search_var_lib($1)
read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t)
@@ -4032,8 +4032,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.
######################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.te serefpolicy-3.7.19/policy/modules/apps/gitosis.te
---- nsaserefpolicy/policy/modules/apps/gitosis.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/gitosis.te 2010-06-08 14:54:39.156860589 +0200
+--- nsaserefpolicy/policy/modules/apps/gitosis.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/gitosis.te 2010-06-08 12:54:39.000000000 +0000
@@ -26,12 +26,17 @@
manage_lnk_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
manage_dirs_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t)
@@ -4054,8 +4054,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.
+
+sysnet_read_config(gitosis_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.7.19/policy/modules/apps/gnome.fc
---- nsaserefpolicy/policy/modules/apps/gnome.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/gnome.fc 2010-09-09 13:47:27.008335639 +0200
+--- nsaserefpolicy/policy/modules/apps/gnome.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/gnome.fc 2010-09-09 11:47:27.000000000 +0000
@@ -1,8 +1,31 @@
-HOME_DIR/\.config/gtk-.* gen_context(system_u:object_r:gnome_home_t,s0)
+HOME_DIR/\.cache(/.*)? gen_context(system_u:object_r:cache_home_t,s0)
@@ -4091,8 +4091,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc
+/usr/libexec/gnome-system-monitor-mechanism -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.7.19/policy/modules/apps/gnome.if
---- nsaserefpolicy/policy/modules/apps/gnome.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/gnome.if 2010-10-18 14:45:15.884901735 +0200
+--- nsaserefpolicy/policy/modules/apps/gnome.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/gnome.if 2010-10-18 12:45:15.000000000 +0000
@@ -74,6 +74,24 @@
########################################
@@ -4567,8 +4567,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if
+ allow gconfdefaultsm_t $1:dbus send_msg;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.7.19/policy/modules/apps/gnome.te
---- nsaserefpolicy/policy/modules/apps/gnome.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/gnome.te 2010-06-01 13:55:21.432171932 +0200
+--- nsaserefpolicy/policy/modules/apps/gnome.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/gnome.te 2010-06-01 11:55:21.000000000 +0000
@@ -7,18 +7,33 @@
#
@@ -4720,8 +4720,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te
+ policykit_read_reload(gnomesystemmm_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.7.19/policy/modules/apps/gpg.fc
---- nsaserefpolicy/policy/modules/apps/gpg.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/gpg.fc 2010-05-28 09:41:59.978610931 +0200
+--- nsaserefpolicy/policy/modules/apps/gpg.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/gpg.fc 2010-05-28 07:41:59.000000000 +0000
@@ -1,4 +1,5 @@
HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:gpg_secret_t,s0)
+/root/\.gnupg(/.+)? gen_context(system_u:object_r:gpg_secret_t,s0)
@@ -4729,8 +4729,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s
/usr/bin/gpg(2)? -- gen_context(system_u:object_r:gpg_exec_t,s0)
/usr/bin/gpg-agent -- gen_context(system_u:object_r:gpg_agent_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.7.19/policy/modules/apps/gpg.if
---- nsaserefpolicy/policy/modules/apps/gpg.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/gpg.if 2011-01-04 15:08:31.384041746 +0100
+--- nsaserefpolicy/policy/modules/apps/gpg.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/gpg.if 2011-01-04 14:08:31.000000000 +0000
@@ -21,6 +21,7 @@
type gpg_agent_t, gpg_agent_exec_t;
type gpg_agent_tmp_t;
@@ -4883,8 +4883,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.7.19/policy/modules/apps/gpg.te
---- nsaserefpolicy/policy/modules/apps/gpg.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/gpg.te 2010-08-24 14:03:22.764083542 +0200
+--- nsaserefpolicy/policy/modules/apps/gpg.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/gpg.te 2010-08-24 12:03:22.000000000 +0000
@@ -5,6 +5,7 @@
#
# Declarations
@@ -5184,8 +5184,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.fc serefpolicy-3.7.19/policy/modules/apps/irc.fc
---- nsaserefpolicy/policy/modules/apps/irc.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/irc.fc 2010-05-28 09:41:59.980610940 +0200
+--- nsaserefpolicy/policy/modules/apps/irc.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/irc.fc 2010-05-28 07:41:59.000000000 +0000
@@ -2,10 +2,17 @@
# /home
#
@@ -5205,8 +5205,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.fc s
+/usr/bin/irssi -- gen_context(system_u:object_r:irssi_exec_t,s0)
/usr/bin/tinyirc -- gen_context(system_u:object_r:irc_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.if serefpolicy-3.7.19/policy/modules/apps/irc.if
---- nsaserefpolicy/policy/modules/apps/irc.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/irc.if 2010-05-28 09:41:59.981611014 +0200
+--- nsaserefpolicy/policy/modules/apps/irc.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/irc.if 2010-05-28 07:41:59.000000000 +0000
@@ -18,14 +18,51 @@
interface(`irc_role',`
gen_require(`
@@ -5260,8 +5260,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.if s
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te serefpolicy-3.7.19/policy/modules/apps/irc.te
---- nsaserefpolicy/policy/modules/apps/irc.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/irc.te 2010-05-28 09:41:59.981611014 +0200
+--- nsaserefpolicy/policy/modules/apps/irc.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/irc.te 2010-05-28 07:41:59.000000000 +0000
@@ -25,6 +25,30 @@
########################################
@@ -5378,8 +5378,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te s
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.7.19/policy/modules/apps/java.fc
---- nsaserefpolicy/policy/modules/apps/java.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/java.fc 2010-05-28 09:41:59.982610809 +0200
+--- nsaserefpolicy/policy/modules/apps/java.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/java.fc 2010-05-28 07:41:59.000000000 +0000
@@ -9,6 +9,7 @@
#
# /usr
@@ -5400,8 +5400,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc
+/usr/java/eclipse[^/]*/eclipse -- gen_context(system_u:object_r:java_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.7.19/policy/modules/apps/java.if
---- nsaserefpolicy/policy/modules/apps/java.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/java.if 2010-05-28 09:41:59.982610809 +0200
+--- nsaserefpolicy/policy/modules/apps/java.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/java.if 2010-05-28 07:41:59.000000000 +0000
@@ -72,6 +72,7 @@
domain_interactive_fd($1_java_t)
@@ -5428,8 +5428,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.7.19/policy/modules/apps/java.te
---- nsaserefpolicy/policy/modules/apps/java.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/java.te 2010-09-09 12:48:28.290335334 +0200
+--- nsaserefpolicy/policy/modules/apps/java.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/java.te 2010-09-09 10:48:28.000000000 +0000
@@ -147,6 +147,15 @@
init_dbus_chat_script(unconfined_java_t)
@@ -5447,20 +5447,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te
+ ')
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.fc serefpolicy-3.7.19/policy/modules/apps/kdumpgui.fc
---- nsaserefpolicy/policy/modules/apps/kdumpgui.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/kdumpgui.fc 2010-05-28 09:41:59.984611027 +0200
+--- nsaserefpolicy/policy/modules/apps/kdumpgui.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/kdumpgui.fc 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,2 @@
+
+/usr/share/system-config-kdump/system-config-kdump-backend.py -- gen_context(system_u:object_r:kdumpgui_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.if serefpolicy-3.7.19/policy/modules/apps/kdumpgui.if
---- nsaserefpolicy/policy/modules/apps/kdumpgui.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/kdumpgui.if 2010-05-28 09:41:59.984611027 +0200
+--- nsaserefpolicy/policy/modules/apps/kdumpgui.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/kdumpgui.if 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,2 @@
+## <summary>system-config-kdump policy</summary>
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.te serefpolicy-3.7.19/policy/modules/apps/kdumpgui.te
---- nsaserefpolicy/policy/modules/apps/kdumpgui.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/kdumpgui.te 2010-07-28 15:15:45.207071864 +0200
+--- nsaserefpolicy/policy/modules/apps/kdumpgui.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/kdumpgui.te 2010-07-28 13:15:45.000000000 +0000
@@ -0,0 +1,69 @@
+policy_module(kdumpgui,1.0.0)
+
@@ -5532,14 +5532,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui
+ policykit_dbus_chat(kdumpgui_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.7.19/policy/modules/apps/livecd.fc
---- nsaserefpolicy/policy/modules/apps/livecd.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/livecd.fc 2010-05-28 09:41:59.986610896 +0200
+--- nsaserefpolicy/policy/modules/apps/livecd.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/livecd.fc 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,2 @@
+
+/usr/bin/livecd-creator -- gen_context(system_u:object_r:livecd_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.7.19/policy/modules/apps/livecd.if
---- nsaserefpolicy/policy/modules/apps/livecd.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/livecd.if 2010-05-28 09:41:59.986610896 +0200
+--- nsaserefpolicy/policy/modules/apps/livecd.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/livecd.if 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,127 @@
+
+## <summary>policy for livecd</summary>
@@ -5669,8 +5669,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.i
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.7.19/policy/modules/apps/livecd.te
---- nsaserefpolicy/policy/modules/apps/livecd.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/livecd.te 2010-05-28 09:41:59.987610690 +0200
+--- nsaserefpolicy/policy/modules/apps/livecd.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/livecd.te 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,34 @@
+policy_module(livecd, 1.0.0)
+
@@ -5707,8 +5707,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.t
+seutil_domtrans_setfiles_mac(livecd_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.if serefpolicy-3.7.19/policy/modules/apps/loadkeys.if
---- nsaserefpolicy/policy/modules/apps/loadkeys.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/loadkeys.if 2010-05-28 09:41:59.987610690 +0200
+--- nsaserefpolicy/policy/modules/apps/loadkeys.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/loadkeys.if 2010-05-28 07:41:59.000000000 +0000
@@ -17,6 +17,9 @@
corecmd_search_bin($1)
@@ -5720,8 +5720,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.7.19/policy/modules/apps/loadkeys.te
---- nsaserefpolicy/policy/modules/apps/loadkeys.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/loadkeys.te 2010-05-28 09:41:59.988610625 +0200
+--- nsaserefpolicy/policy/modules/apps/loadkeys.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/loadkeys.te 2010-05-28 07:41:59.000000000 +0000
@@ -40,8 +40,12 @@
miscfiles_read_localization(loadkeys_t)
@@ -5737,8 +5737,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys
+ dev_dontaudit_rw_lvm_control(loadkeys_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawiki.fc serefpolicy-3.7.19/policy/modules/apps/mediawiki.fc
---- nsaserefpolicy/policy/modules/apps/mediawiki.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/mediawiki.fc 2010-10-08 10:46:51.423650902 +0200
+--- nsaserefpolicy/policy/modules/apps/mediawiki.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/mediawiki.fc 2010-10-08 08:46:51.000000000 +0000
@@ -0,0 +1,10 @@
+
+/usr/lib(64)?/mediawiki/math/texvc -- gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)
@@ -5751,8 +5751,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawik
+
+/usr/share/mediawiki(/.*)? gen_context(system_u:object_r:httpd_mediawiki_content_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawiki.if serefpolicy-3.7.19/policy/modules/apps/mediawiki.if
---- nsaserefpolicy/policy/modules/apps/mediawiki.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/mediawiki.if 2010-10-08 10:48:32.947650792 +0200
+--- nsaserefpolicy/policy/modules/apps/mediawiki.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/mediawiki.if 2010-10-08 08:48:32.000000000 +0000
@@ -0,0 +1,40 @@
+## <summary>Mediawiki policy</summary>
+
@@ -5795,8 +5795,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawik
+ delete_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawiki.te serefpolicy-3.7.19/policy/modules/apps/mediawiki.te
---- nsaserefpolicy/policy/modules/apps/mediawiki.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/mediawiki.te 2010-10-08 10:46:51.423650902 +0200
+--- nsaserefpolicy/policy/modules/apps/mediawiki.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/mediawiki.te 2010-10-08 08:46:51.000000000 +0000
@@ -0,0 +1,35 @@
+
+policy_module(mediawiki, 1.0.0)
@@ -5834,8 +5834,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawik
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.7.19/policy/modules/apps/mono.if
---- nsaserefpolicy/policy/modules/apps/mono.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/mono.if 2010-05-28 09:41:59.988610625 +0200
+--- nsaserefpolicy/policy/modules/apps/mono.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/mono.if 2010-05-28 07:41:59.000000000 +0000
@@ -40,16 +40,19 @@
domain_interactive_fd($1_mono_t)
application_type($1_mono_t)
@@ -5858,8 +5858,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if
optional_policy(`
xserver_role($1_r, $1_mono_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.7.19/policy/modules/apps/mozilla.fc
---- nsaserefpolicy/policy/modules/apps/mozilla.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/mozilla.fc 2010-05-28 09:41:59.989610908 +0200
+--- nsaserefpolicy/policy/modules/apps/mozilla.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/mozilla.fc 2010-05-28 07:41:59.000000000 +0000
@@ -1,6 +1,7 @@
HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
HOME_DIR/\.java(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
@@ -5877,8 +5877,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
/usr/bin/mozilla-bin-[0-9].* -- gen_context(system_u:object_r:mozilla_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.7.19/policy/modules/apps/mozilla.if
---- nsaserefpolicy/policy/modules/apps/mozilla.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/mozilla.if 2010-05-28 09:41:59.989610908 +0200
+--- nsaserefpolicy/policy/modules/apps/mozilla.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/mozilla.if 2010-05-28 07:41:59.000000000 +0000
@@ -48,6 +48,12 @@
mozilla_dbus_chat($2)
@@ -5960,8 +5960,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
+ domtrans_pattern($1, mozilla_exec_t, $2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.7.19/policy/modules/apps/mozilla.te
---- nsaserefpolicy/policy/modules/apps/mozilla.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/mozilla.te 2010-05-28 09:41:59.990610633 +0200
+--- nsaserefpolicy/policy/modules/apps/mozilla.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/mozilla.te 2010-05-28 07:41:59.000000000 +0000
@@ -91,6 +91,7 @@
corenet_raw_sendrecv_generic_node(mozilla_t)
corenet_tcp_sendrecv_http_port(mozilla_t)
@@ -6021,8 +6021,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
thunderbird_domtrans(mozilla_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.7.19/policy/modules/apps/mplayer.if
---- nsaserefpolicy/policy/modules/apps/mplayer.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/mplayer.if 2010-05-28 09:41:59.991610847 +0200
+--- nsaserefpolicy/policy/modules/apps/mplayer.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/mplayer.if 2010-05-28 07:41:59.000000000 +0000
@@ -102,3 +102,39 @@
read_files_pattern($1, mplayer_home_t, mplayer_home_t)
userdom_search_user_home_dirs($1)
@@ -6064,8 +6064,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
+ domtrans_pattern($1, mplayer_exec_t, $2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.te serefpolicy-3.7.19/policy/modules/apps/mplayer.te
---- nsaserefpolicy/policy/modules/apps/mplayer.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/mplayer.te 2010-05-28 09:41:59.992610642 +0200
+--- nsaserefpolicy/policy/modules/apps/mplayer.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/mplayer.te 2010-05-28 07:41:59.000000000 +0000
@@ -152,11 +152,15 @@
allow mplayer_t self:process { signal_perms getsched };
@@ -6142,16 +6142,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/namespace.fc serefpolicy-3.7.19/policy/modules/apps/namespace.fc
---- nsaserefpolicy/policy/modules/apps/namespace.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/namespace.fc 2011-01-14 14:26:59.318042402 +0100
+--- nsaserefpolicy/policy/modules/apps/namespace.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/namespace.fc 2011-01-14 13:26:59.000000000 +0000
@@ -0,0 +1,3 @@
+
+/etc/security/namespace.init -- gen_context(system_u:object_r:namespace_init_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/namespace.if serefpolicy-3.7.19/policy/modules/apps/namespace.if
---- nsaserefpolicy/policy/modules/apps/namespace.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/namespace.if 2011-01-14 14:26:59.318042402 +0100
-@@ -0,0 +1,46 @@
+--- nsaserefpolicy/policy/modules/apps/namespace.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/namespace.if 2011-01-24 18:13:36.414455001 +0000
+@@ -0,0 +1,47 @@
+
+## <summary>policy for namespace</summary>
+
@@ -6197,10 +6197,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/namespac
+
+ namespace_init_domtrans($1)
+ role $2 types namespace_init_t;
++
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/namespace.te serefpolicy-3.7.19/policy/modules/apps/namespace.te
---- nsaserefpolicy/policy/modules/apps/namespace.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/namespace.te 2011-01-14 14:26:59.318042402 +0100
+--- nsaserefpolicy/policy/modules/apps/namespace.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/namespace.te 2011-01-14 13:26:59.000000000 +0000
@@ -0,0 +1,38 @@
+policy_module(namespace,1.0.0)
+
@@ -6241,8 +6242,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/namespac
+userdom_relabelto_user_home_files(namespace_init_t)
+userdom_user_home_dir_filetrans_user_home_content(namespace_init_t, { dir file lnk_file fifo_file sock_file })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.7.19/policy/modules/apps/nsplugin.fc
---- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/nsplugin.fc 2010-05-28 09:41:59.992610642 +0200
+--- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/nsplugin.fc 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,10 @@
+HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
+HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
@@ -6255,8 +6256,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+/usr/lib(64)?/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:nsplugin_config_exec_t,s0)
+/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.7.19/policy/modules/apps/nsplugin.if
---- nsaserefpolicy/policy/modules/apps/nsplugin.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/nsplugin.if 2010-07-09 08:54:14.254135234 +0200
+--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/nsplugin.if 2010-07-09 06:54:14.000000000 +0000
@@ -0,0 +1,393 @@
+
+## <summary>policy for nsplugin</summary>
@@ -6652,8 +6653,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+ domtrans_pattern($1, nsplugin_exec_t, $2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.7.19/policy/modules/apps/nsplugin.te
---- nsaserefpolicy/policy/modules/apps/nsplugin.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/nsplugin.te 2010-08-05 10:55:36.778085667 +0200
+--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/nsplugin.te 2010-08-05 08:55:36.000000000 +0000
@@ -0,0 +1,299 @@
+
+policy_module(nsplugin, 1.0.0)
@@ -6955,16 +6956,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.7.19/policy/modules/apps/openoffice.fc
---- nsaserefpolicy/policy/modules/apps/openoffice.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/openoffice.fc 2010-05-28 09:41:59.995610655 +0200
+--- nsaserefpolicy/policy/modules/apps/openoffice.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/openoffice.fc 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,4 @@
+/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+/opt/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.7.19/policy/modules/apps/openoffice.if
---- nsaserefpolicy/policy/modules/apps/openoffice.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/openoffice.if 2010-05-28 09:41:59.995610655 +0200
+--- nsaserefpolicy/policy/modules/apps/openoffice.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/openoffice.if 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,129 @@
+## <summary>Openoffice</summary>
+
@@ -7096,8 +7097,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
+ domtrans_pattern($1, openoffice_exec_t, $2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.7.19/policy/modules/apps/openoffice.te
---- nsaserefpolicy/policy/modules/apps/openoffice.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/openoffice.te 2010-05-28 09:41:59.996611008 +0200
+--- nsaserefpolicy/policy/modules/apps/openoffice.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/openoffice.te 2010-05-28 07:41:59.000000000 +0000
@@ -0,0 +1,17 @@
+
+policy_module(openoffice, 1.0.0)
@@ -7117,8 +7118,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
+#
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.7.19/policy/modules/apps/podsleuth.te
---- nsaserefpolicy/policy/modules/apps/podsleuth.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/podsleuth.te 2010-08-09 15:09:14.103084679 +0200
+--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/podsleuth.te 2010-08-09 13:09:14.000000000 +0000
@@ -28,7 +28,7 @@
# podsleuth local policy
#
@@ -7153,8 +7154,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleut
optional_policy(`
dbus_system_bus_client(podsleuth_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.7.19/policy/modules/apps/pulseaudio.if
---- nsaserefpolicy/policy/modules/apps/pulseaudio.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/pulseaudio.if 2010-09-16 14:32:51.711386965 +0200
+--- nsaserefpolicy/policy/modules/apps/pulseaudio.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/pulseaudio.if 2010-09-16 12:32:51.000000000 +0000
@@ -17,7 +17,7 @@
#
interface(`pulseaudio_role',`
@@ -7241,8 +7242,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
+ allow $1 pulseaudio_t:process signull;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.7.19/policy/modules/apps/pulseaudio.te
---- nsaserefpolicy/policy/modules/apps/pulseaudio.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/pulseaudio.te 2010-06-14 18:32:15.573218388 +0200
+--- nsaserefpolicy/policy/modules/apps/pulseaudio.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/pulseaudio.te 2010-06-14 16:32:15.000000000 +0000
@@ -41,9 +41,11 @@
manage_dirs_pattern(pulseaudio_t, pulseaudio_home_t, pulseaudio_home_t)
manage_files_pattern(pulseaudio_t, pulseaudio_home_t, pulseaudio_home_t)
@@ -7283,8 +7284,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
+ sandbox_manage_tmpfs_files(pulseaudio_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.7.19/policy/modules/apps/qemu.fc
---- nsaserefpolicy/policy/modules/apps/qemu.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/qemu.fc 2010-05-28 09:41:59.999610811 +0200
+--- nsaserefpolicy/policy/modules/apps/qemu.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/qemu.fc 2010-05-28 07:41:59.000000000 +0000
@@ -1,2 +1,4 @@
-/usr/bin/qemu.* -- gen_context(system_u:object_r:qemu_exec_t,s0)
+/usr/bin/qemu -- gen_context(system_u:object_r:qemu_exec_t,s0)
@@ -7292,8 +7293,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc
+/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
/usr/libexec/qemu.* -- gen_context(system_u:object_r:qemu_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.7.19/policy/modules/apps/qemu.if
---- nsaserefpolicy/policy/modules/apps/qemu.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/qemu.if 2010-10-13 09:36:16.697649887 +0200
+--- nsaserefpolicy/policy/modules/apps/qemu.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/qemu.if 2010-10-13 07:36:16.000000000 +0000
@@ -127,12 +127,14 @@
template(`qemu_role',`
gen_require(`
@@ -7455,8 +7456,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.7.19/policy/modules/apps/qemu.te
---- nsaserefpolicy/policy/modules/apps/qemu.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/qemu.te 2010-12-20 15:25:40.428041440 +0100
+--- nsaserefpolicy/policy/modules/apps/qemu.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/qemu.te 2010-12-20 14:25:40.000000000 +0000
@@ -50,9 +50,12 @@
#
# qemu local policy
@@ -7494,19 +7495,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te
+ allow unconfined_qemu_t qemu_exec_t:file execmod;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.fc serefpolicy-3.7.19/policy/modules/apps/sambagui.fc
---- nsaserefpolicy/policy/modules/apps/sambagui.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/sambagui.fc 2010-05-28 09:42:00.002611802 +0200
+--- nsaserefpolicy/policy/modules/apps/sambagui.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/sambagui.fc 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1 @@
+/usr/share/system-config-samba/system-config-samba-mechanism.py -- gen_context(system_u:object_r:sambagui_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.if serefpolicy-3.7.19/policy/modules/apps/sambagui.if
---- nsaserefpolicy/policy/modules/apps/sambagui.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/sambagui.if 2010-05-28 09:42:00.002611802 +0200
+--- nsaserefpolicy/policy/modules/apps/sambagui.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/sambagui.if 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,2 @@
+## <summary>system-config-samba policy</summary>
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.7.19/policy/modules/apps/sambagui.te
---- nsaserefpolicy/policy/modules/apps/sambagui.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/sambagui.te 2011-01-04 14:04:57.892041466 +0100
+--- nsaserefpolicy/policy/modules/apps/sambagui.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/sambagui.te 2011-01-04 13:04:57.000000000 +0000
@@ -0,0 +1,63 @@
+policy_module(sambagui,1.0.0)
+
@@ -7572,13 +7573,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui
+ policykit_dbus_chat(sambagui_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.fc serefpolicy-3.7.19/policy/modules/apps/sandbox.fc
---- nsaserefpolicy/policy/modules/apps/sandbox.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/sandbox.fc 2011-01-18 16:44:18.484041288 +0100
+--- nsaserefpolicy/policy/modules/apps/sandbox.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/sandbox.fc 2011-01-18 15:44:18.000000000 +0000
@@ -0,0 +1 @@
+/usr/share/sandbox/start -- gen_context(system_u:object_r:sandbox_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.7.19/policy/modules/apps/sandbox.if
---- nsaserefpolicy/policy/modules/apps/sandbox.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/sandbox.if 2011-01-18 17:53:26.407042087 +0100
+--- nsaserefpolicy/policy/modules/apps/sandbox.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/sandbox.if 2011-01-18 16:53:26.000000000 +0000
@@ -0,0 +1,332 @@
+
+## <summary>policy for sandbox</summary>
@@ -7913,8 +7914,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
+ allow $1 sandbox_file_type:dir list_dir_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.7.19/policy/modules/apps/sandbox.te
---- nsaserefpolicy/policy/modules/apps/sandbox.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/sandbox.te 2011-01-18 16:43:18.742041999 +0100
+--- nsaserefpolicy/policy/modules/apps/sandbox.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/sandbox.te 2011-01-18 15:43:18.000000000 +0000
@@ -0,0 +1,450 @@
+policy_module(sandbox,1.0.0)
+
@@ -8367,30 +8368,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.fc serefpolicy-3.7.19/policy/modules/apps/screen.fc
---- nsaserefpolicy/policy/modules/apps/screen.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/screen.fc 2011-01-14 14:38:24.501042642 +0100
-@@ -2,6 +2,7 @@
+--- nsaserefpolicy/policy/modules/apps/screen.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/screen.fc 2011-01-24 17:04:52.066455001 +0000
+@@ -2,6 +2,9 @@
# /home
#
HOME_DIR/\.screenrc -- gen_context(system_u:object_r:screen_home_t,s0)
+HOME_DIR/\.screen(/.*)? gen_context(system_u:object_r:screen_home_t,s0)
++
++/root/\.screen(/.*)? gen_context(system_u:object_r:screen_home_t,s0)
#
# /usr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.7.19/policy/modules/apps/screen.if
---- nsaserefpolicy/policy/modules/apps/screen.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/screen.if 2011-01-18 16:05:04.096041318 +0100
-@@ -64,6 +64,9 @@
+--- nsaserefpolicy/policy/modules/apps/screen.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/screen.if 2011-01-24 17:07:42.523455001 +0000
+@@ -64,6 +64,10 @@
files_pid_filetrans($1_screen_t, screen_var_run_t, dir)
allow $1_screen_t screen_home_t:dir list_dir_perms;
+ manage_dirs_pattern($1_screen_t, screen_home_t, screen_home_t)
+ manage_fifo_files_pattern($1_screen_t, screen_home_t, screen_home_t)
+ userdom_user_home_dir_filetrans($1_screen_t, screen_home_t, dir)
++ userdom_admin_home_dir_filetrans($1_screen_t, screen_home_t, dir)
read_files_pattern($1_screen_t, screen_home_t, screen_home_t)
read_lnk_files_pattern($1_screen_t, screen_home_t, screen_home_t)
-@@ -113,6 +116,7 @@
+@@ -113,6 +117,7 @@
dev_read_urand($1_screen_t)
domain_use_interactive_fds($1_screen_t)
@@ -8399,8 +8403,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.i
files_search_tmp($1_screen_t)
files_search_home($1_screen_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.if serefpolicy-3.7.19/policy/modules/apps/seunshare.if
---- nsaserefpolicy/policy/modules/apps/seunshare.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/seunshare.if 2010-05-28 09:42:00.006611051 +0200
+--- nsaserefpolicy/policy/modules/apps/seunshare.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/seunshare.if 2010-05-28 07:42:00.000000000 +0000
@@ -2,30 +2,12 @@
########################################
@@ -8505,8 +8509,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar
+ ')
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.te serefpolicy-3.7.19/policy/modules/apps/seunshare.te
---- nsaserefpolicy/policy/modules/apps/seunshare.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/seunshare.te 2010-08-25 16:06:59.968119755 +0200
+--- nsaserefpolicy/policy/modules/apps/seunshare.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/seunshare.te 2010-08-25 14:06:59.000000000 +0000
@@ -6,40 +6,45 @@
# Declarations
#
@@ -8571,8 +8575,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-3.7.19/policy/modules/apps/slocate.te
---- nsaserefpolicy/policy/modules/apps/slocate.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/slocate.te 2010-05-28 09:42:00.007614268 +0200
+--- nsaserefpolicy/policy/modules/apps/slocate.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/slocate.te 2010-05-28 07:42:00.000000000 +0000
@@ -30,6 +30,7 @@
manage_files_pattern(locate_t, locate_var_lib_t, locate_var_lib_t)
@@ -8594,8 +8598,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.
# getpwnam
auth_use_nsswitch(locate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathy.fc serefpolicy-3.7.19/policy/modules/apps/telepathy.fc
---- nsaserefpolicy/policy/modules/apps/telepathy.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/telepathy.fc 2010-07-21 16:06:37.364385112 +0200
+--- nsaserefpolicy/policy/modules/apps/telepathy.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/telepathy.fc 2010-07-21 14:06:37.000000000 +0000
@@ -0,0 +1,14 @@
+#HOME_DIR/\.mission-control(/.*)? gen_context(system_u:object_r:telepathy_mission_control_home_t, s0)
+#HOME_DIR/\.cache/\.mc_connections -- gen_context(system_u:object_r:telepathy_mission_control_cache_home_t, s0)
@@ -8612,8 +8616,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepath
+#/usr/libexec/telepathy-stream-engine -- gen_context(system_u:object_r:telepathy_stream_engine_exec_t, s0)
+#/usr/libexec/telepathy-sunshine -- gen_context(system_u:object_r:telepathy_sunshine_exec_t, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathy.if serefpolicy-3.7.19/policy/modules/apps/telepathy.if
---- nsaserefpolicy/policy/modules/apps/telepathy.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/telepathy.if 2010-10-18 15:46:49.026650859 +0200
+--- nsaserefpolicy/policy/modules/apps/telepathy.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/telepathy.if 2010-10-18 13:46:49.000000000 +0000
@@ -0,0 +1,184 @@
+
+## <summary>Telepathy framework.</summary>
@@ -8800,8 +8804,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepath
+ files_search_tmp($1)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathy.te serefpolicy-3.7.19/policy/modules/apps/telepathy.te
---- nsaserefpolicy/policy/modules/apps/telepathy.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/telepathy.te 2010-07-13 15:32:42.439502750 +0200
+--- nsaserefpolicy/policy/modules/apps/telepathy.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/telepathy.te 2010-07-13 13:32:42.000000000 +0000
@@ -0,0 +1,302 @@
+
+policy_module(telepathy, 1.0.0)
@@ -9106,16 +9110,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepath
+ xserver_rw_xdm_pipes(telepathy_domain)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.fc serefpolicy-3.7.19/policy/modules/apps/userhelper.fc
---- nsaserefpolicy/policy/modules/apps/userhelper.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/userhelper.fc 2010-05-28 09:42:00.011611282 +0200
+--- nsaserefpolicy/policy/modules/apps/userhelper.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/userhelper.fc 2010-05-28 07:42:00.000000000 +0000
@@ -7,3 +7,4 @@
# /usr
#
/usr/sbin/userhelper -- gen_context(system_u:object_r:userhelper_exec_t,s0)
+/usr/bin/consolehelper -- gen_context(system_u:object_r:consolehelper_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.if serefpolicy-3.7.19/policy/modules/apps/userhelper.if
---- nsaserefpolicy/policy/modules/apps/userhelper.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/userhelper.if 2010-05-28 09:42:00.012610867 +0200
+--- nsaserefpolicy/policy/modules/apps/userhelper.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/userhelper.if 2010-05-28 07:42:00.000000000 +0000
@@ -25,6 +25,7 @@
gen_require(`
attribute userhelper_type;
@@ -9184,8 +9188,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
+ ')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.te serefpolicy-3.7.19/policy/modules/apps/userhelper.te
---- nsaserefpolicy/policy/modules/apps/userhelper.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/userhelper.te 2010-05-28 09:42:00.013611081 +0200
+--- nsaserefpolicy/policy/modules/apps/userhelper.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/userhelper.te 2010-05-28 07:42:00.000000000 +0000
@@ -7,9 +7,51 @@
#
@@ -9239,8 +9243,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
+ xserver_stream_connect(consolehelper_domain)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.7.19/policy/modules/apps/vmware.fc
---- nsaserefpolicy/policy/modules/apps/vmware.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/vmware.fc 2010-08-18 13:26:32.541085116 +0200
+--- nsaserefpolicy/policy/modules/apps/vmware.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/vmware.fc 2010-08-18 11:26:32.000000000 +0000
@@ -66,5 +66,6 @@
/var/log/vmware.* -- gen_context(system_u:object_r:vmware_log_t,s0)
/var/log/vnetlib.* -- gen_context(system_u:object_r:vmware_log_t,s0)
@@ -9249,8 +9253,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.f
/var/run/vmnat.* -s gen_context(system_u:object_r:vmware_var_run_t,s0)
/var/run/vmware.* gen_context(system_u:object_r:vmware_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.if serefpolicy-3.7.19/policy/modules/apps/vmware.if
---- nsaserefpolicy/policy/modules/apps/vmware.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/vmware.if 2010-05-28 09:42:00.013611081 +0200
+--- nsaserefpolicy/policy/modules/apps/vmware.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/vmware.if 2010-05-28 07:42:00.000000000 +0000
@@ -84,3 +84,22 @@
logging_search_logs($1)
append_files_pattern($1, vmware_log_t, vmware_log_t)
@@ -9275,8 +9279,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.i
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.7.19/policy/modules/apps/vmware.te
---- nsaserefpolicy/policy/modules/apps/vmware.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/vmware.te 2011-01-14 14:42:02.815042356 +0100
+--- nsaserefpolicy/policy/modules/apps/vmware.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/vmware.te 2011-01-14 13:42:02.000000000 +0000
@@ -29,6 +29,10 @@
type vmware_host_exec_t;
init_daemon_domain(vmware_host_t, vmware_host_exec_t)
@@ -9349,8 +9353,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.t
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalizer.te serefpolicy-3.7.19/policy/modules/apps/webalizer.te
---- nsaserefpolicy/policy/modules/apps/webalizer.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/webalizer.te 2011-01-03 14:33:53.133051854 +0100
+--- nsaserefpolicy/policy/modules/apps/webalizer.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/webalizer.te 2011-01-03 13:33:53.000000000 +0000
@@ -85,6 +85,7 @@
userdom_use_user_terminals(webalizer_t)
userdom_use_unpriv_users_fds(webalizer_t)
@@ -9369,8 +9373,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalize
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.7.19/policy/modules/apps/wine.fc
---- nsaserefpolicy/policy/modules/apps/wine.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/wine.fc 2010-05-28 09:42:00.014611294 +0200
+--- nsaserefpolicy/policy/modules/apps/wine.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/wine.fc 2010-05-28 07:42:00.000000000 +0000
@@ -2,6 +2,7 @@
/opt/cxoffice/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
@@ -9380,8 +9384,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc
/opt/google/picasa(/.*)?/bin/notepad -- gen_context(system_u:object_r:wine_exec_t,s0)
/opt/google/picasa(/.*)?/bin/progman -- gen_context(system_u:object_r:wine_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.7.19/policy/modules/apps/wine.if
---- nsaserefpolicy/policy/modules/apps/wine.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/wine.if 2010-05-28 09:42:00.015611019 +0200
+--- nsaserefpolicy/policy/modules/apps/wine.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/wine.if 2010-05-28 07:42:00.000000000 +0000
@@ -35,6 +35,8 @@
role $1 types wine_t;
@@ -9408,8 +9412,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if
optional_policy(`
xserver_role($1_r, $1_wine_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.7.19/policy/modules/apps/wine.te
---- nsaserefpolicy/policy/modules/apps/wine.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/wine.te 2010-09-09 14:18:56.313334508 +0200
+--- nsaserefpolicy/policy/modules/apps/wine.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/wine.te 2010-09-09 12:18:56.000000000 +0000
@@ -1,6 +1,13 @@
policy_module(wine, 1.6.1)
@@ -9454,8 +9458,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if serefpolicy-3.7.19/policy/modules/apps/wm.if
---- nsaserefpolicy/policy/modules/apps/wm.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/apps/wm.if 2010-05-28 09:42:00.017610539 +0200
+--- nsaserefpolicy/policy/modules/apps/wm.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/apps/wm.if 2010-05-28 07:42:00.000000000 +0000
@@ -30,6 +30,7 @@
template(`wm_role_template',`
gen_require(`
@@ -9506,8 +9510,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if se
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.7.19/policy/modules/kernel/corecommands.fc
---- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/corecommands.fc 2011-01-14 14:27:46.058042202 +0100
+--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/corecommands.fc 2011-01-14 13:27:46.000000000 +0000
@@ -9,8 +9,11 @@
/bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0)
/bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0)
@@ -9664,8 +9668,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
+/usr/local/Brother/(.*/)?inf/brprintconf.* -- gen_context(system_u:object_r:bin_t,s0)
+/usr/local/Brother/(.*/)?inf/setup.* -- gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.7.19/policy/modules/kernel/corecommands.if
---- nsaserefpolicy/policy/modules/kernel/corecommands.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/corecommands.if 2010-10-08 11:10:25.398900803 +0200
+--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/corecommands.if 2010-10-08 09:10:25.000000000 +0000
@@ -179,6 +179,24 @@
dontaudit $1 bin_t:dir write;
')
@@ -9708,8 +9712,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
manage_lnk_files_pattern($1, bin_t, bin_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.7.19/policy/modules/kernel/corenetwork.te.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/corenetwork.te.in 2011-01-17 10:37:03.828041865 +0100
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/corenetwork.te.in 2011-01-17 09:37:03.000000000 +0000
@@ -25,6 +25,7 @@
#
type tun_tap_device_t;
@@ -9899,8 +9903,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
+allow corenet_unconfined_type port_type:{ tcp_socket udp_socket rawip_socket } name_bind;
allow corenet_unconfined_type node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.m4 serefpolicy-3.7.19/policy/modules/kernel/corenetwork.te.m4
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.m4 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/corenetwork.te.m4 2010-07-14 10:38:30.694409837 +0200
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.m4 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/corenetwork.te.m4 2010-07-14 08:38:30.000000000 +0000
@@ -10,7 +10,7 @@
#
# return the low port in a range.
@@ -9920,8 +9924,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
portcon $2 $3 gen_context(system_u:object_r:$1,$4)
ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.7.19/policy/modules/kernel/devices.fc
---- nsaserefpolicy/policy/modules/kernel/devices.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/devices.fc 2010-06-03 09:52:19.227159326 +0200
+--- nsaserefpolicy/policy/modules/kernel/devices.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/devices.fc 2010-06-03 07:52:19.000000000 +0000
@@ -70,6 +70,7 @@
/dev/modem -c gen_context(system_u:object_r:modem_device_t,s0)
/dev/mpu401.* -c gen_context(system_u:object_r:sound_device_t,s0)
@@ -9961,8 +9965,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
+#
+/sys(/.*)? gen_context(system_u:object_r:sysfs_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.7.19/policy/modules/kernel/devices.if
---- nsaserefpolicy/policy/modules/kernel/devices.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/devices.if 2011-01-18 17:18:36.853041461 +0100
+--- nsaserefpolicy/policy/modules/kernel/devices.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/devices.if 2011-01-18 16:18:36.000000000 +0000
@@ -407,7 +407,7 @@
########################################
@@ -10327,8 +10331,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
## </summary>
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.7.19/policy/modules/kernel/devices.te
---- nsaserefpolicy/policy/modules/kernel/devices.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/devices.te 2010-06-03 09:52:19.246160621 +0200
+--- nsaserefpolicy/policy/modules/kernel/devices.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/devices.te 2010-06-03 07:52:19.000000000 +0000
@@ -1,5 +1,5 @@
-policy_module(devices, 1.9.3)
@@ -10372,8 +10376,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
allow devices_unconfined_type mtrr_device_t:file *;
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.7.19/policy/modules/kernel/domain.if
---- nsaserefpolicy/policy/modules/kernel/domain.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/domain.if 2011-01-14 14:56:43.663041883 +0100
+--- nsaserefpolicy/policy/modules/kernel/domain.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/domain.if 2011-01-14 13:56:43.000000000 +0000
@@ -611,7 +611,7 @@
########################################
@@ -10454,8 +10458,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+ dontaudit $1 domain:socket_class_set { read write };
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.7.19/policy/modules/kernel/domain.te
---- nsaserefpolicy/policy/modules/kernel/domain.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/domain.te 2011-01-14 14:56:31.997041208 +0100
+--- nsaserefpolicy/policy/modules/kernel/domain.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/domain.te 2011-01-14 13:56:31.000000000 +0000
@@ -5,6 +5,21 @@
#
# Declarations
@@ -10623,8 +10627,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+ userdom_relabelto_user_home_files(polydomain)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.7.19/policy/modules/kernel/files.fc
---- nsaserefpolicy/policy/modules/kernel/files.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/files.fc 2010-10-25 11:09:58.145663420 +0200
+--- nsaserefpolicy/policy/modules/kernel/files.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/files.fc 2010-10-25 09:09:58.000000000 +0000
@@ -18,6 +18,7 @@
/fsckoptions -- gen_context(system_u:object_r:etc_runtime_t,s0)
/halt -- gen_context(system_u:object_r:etc_runtime_t,s0)
@@ -10743,8 +10747,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
+/nsr(/.*)? gen_context(system_u:object_r:var_t,s0)
+/nsr/logs(/.*)? gen_context(system_u:object_r:var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.7.19/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/files.if 2010-12-01 14:00:25.783042277 +0100
+--- nsaserefpolicy/policy/modules/kernel/files.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/files.if 2011-01-24 18:04:53.791455000 +0000
@@ -1053,10 +1053,8 @@
relabel_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
relabel_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
@@ -11798,8 +11802,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
+ allow $1 file_type:kernel_service create_files_as;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.7.19/policy/modules/kernel/files.te
---- nsaserefpolicy/policy/modules/kernel/files.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/files.te 2010-05-28 09:42:00.032610673 +0200
+--- nsaserefpolicy/policy/modules/kernel/files.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/files.te 2010-05-28 07:42:00.000000000 +0000
@@ -1,4 +1,4 @@
-
+
@@ -11846,15 +11850,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
########################################
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.fc serefpolicy-3.7.19/policy/modules/kernel/filesystem.fc
---- nsaserefpolicy/policy/modules/kernel/filesystem.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.fc 2010-08-10 16:17:05.636084991 +0200
+--- nsaserefpolicy/policy/modules/kernel/filesystem.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.fc 2010-08-10 14:17:05.000000000 +0000
@@ -1 +1,3 @@
/dev/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
+
+/cgroup(/.*)? gen_context(system_u:object_r:cgroup_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.7.19/policy/modules/kernel/filesystem.if
---- nsaserefpolicy/policy/modules/kernel/filesystem.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.if 2011-01-18 17:41:41.159293424 +0100
+--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.if 2011-01-18 16:41:41.000000000 +0000
@@ -559,6 +559,24 @@
########################################
@@ -12409,8 +12413,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.7.19/policy/modules/kernel/filesystem.te
---- nsaserefpolicy/policy/modules/kernel/filesystem.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.te 2011-01-14 11:10:52.101041649 +0100
+--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.te 2011-01-14 10:10:52.000000000 +0000
@@ -53,6 +53,7 @@
fs_type(anon_inodefs_t)
files_mountpoint(anon_inodefs_t)
@@ -12449,8 +12453,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
########################################
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.7.19/policy/modules/kernel/kernel.if
---- nsaserefpolicy/policy/modules/kernel/kernel.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/kernel.if 2011-01-19 19:02:35.507042391 +0100
+--- nsaserefpolicy/policy/modules/kernel/kernel.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/kernel.if 2011-01-19 18:02:35.000000000 +0000
@@ -534,6 +534,37 @@
########################################
@@ -12648,8 +12652,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.7.19/policy/modules/kernel/kernel.te
---- nsaserefpolicy/policy/modules/kernel/kernel.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/kernel.te 2011-01-18 18:00:20.345042656 +0100
+--- nsaserefpolicy/policy/modules/kernel/kernel.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/kernel.te 2011-01-18 17:00:20.000000000 +0000
@@ -46,15 +46,6 @@
sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh)
@@ -12753,8 +12757,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
#
# Unlabeled process local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.if serefpolicy-3.7.19/policy/modules/kernel/mcs.if
---- nsaserefpolicy/policy/modules/kernel/mcs.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/mcs.if 2010-09-23 12:59:03.197386946 +0200
+--- nsaserefpolicy/policy/modules/kernel/mcs.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/mcs.if 2010-09-23 10:59:03.000000000 +0000
@@ -102,3 +102,29 @@
typeattribute $1 mcssetcats;
@@ -12786,16 +12790,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.if
+ typeattribute $1 mcsuntrustedproc;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.te serefpolicy-3.7.19/policy/modules/kernel/mcs.te
---- nsaserefpolicy/policy/modules/kernel/mcs.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/mcs.te 2010-09-23 12:58:14.301386891 +0200
+--- nsaserefpolicy/policy/modules/kernel/mcs.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/mcs.te 2010-09-23 10:58:14.000000000 +0000
@@ -11,3 +11,4 @@
attribute mcssetcats;
attribute mcswriteall;
attribute mcsreadall;
+attribute mcsuntrustedproc;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.7.19/policy/modules/kernel/selinux.if
---- nsaserefpolicy/policy/modules/kernel/selinux.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/selinux.if 2010-05-28 09:42:00.040610567 +0200
+--- nsaserefpolicy/policy/modules/kernel/selinux.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/selinux.if 2010-05-28 07:42:00.000000000 +0000
@@ -40,7 +40,7 @@
# because of this statement, any module which
@@ -12854,8 +12858,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu
+ mls_trusted_object($1)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.7.19/policy/modules/kernel/storage.fc
---- nsaserefpolicy/policy/modules/kernel/storage.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/storage.fc 2010-05-28 09:42:00.041610572 +0200
+--- nsaserefpolicy/policy/modules/kernel/storage.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/storage.fc 2010-05-28 07:42:00.000000000 +0000
@@ -20,6 +20,7 @@
/dev/gscd -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/hitcd -b gen_context(system_u:object_r:removable_device_t,s0)
@@ -12865,8 +12869,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
/dev/jsfd -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
/dev/jsflash -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.7.19/policy/modules/kernel/storage.if
---- nsaserefpolicy/policy/modules/kernel/storage.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/storage.if 2010-08-06 12:20:38.267333652 +0200
+--- nsaserefpolicy/policy/modules/kernel/storage.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/storage.if 2010-08-06 10:20:38.000000000 +0000
@@ -101,6 +101,8 @@
dev_list_all_dev_nodes($1)
allow $1 fixed_disk_device_t:blk_file read_blk_file_perms;
@@ -12913,8 +12917,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
## devices device nodes.
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.7.19/policy/modules/kernel/terminal.if
---- nsaserefpolicy/policy/modules/kernel/terminal.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/kernel/terminal.if 2010-09-16 15:33:56.220637065 +0200
+--- nsaserefpolicy/policy/modules/kernel/terminal.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/kernel/terminal.if 2010-09-16 13:33:56.000000000 +0000
@@ -292,9 +292,11 @@
interface(`term_dontaudit_use_console',`
gen_require(`
@@ -13022,8 +13026,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/auditadm.te serefpolicy-3.7.19/policy/modules/roles/auditadm.te
---- nsaserefpolicy/policy/modules/roles/auditadm.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/roles/auditadm.te 2010-05-28 09:42:00.043610790 +0200
+--- nsaserefpolicy/policy/modules/roles/auditadm.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/roles/auditadm.te 2010-05-28 07:42:00.000000000 +0000
@@ -29,10 +29,13 @@
logging_manage_audit_config(auditadm_t)
logging_run_auditctl(auditadm_t, auditadm_r)
@@ -13039,8 +13043,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/auditad
consoletype_exec(auditadm_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.7.19/policy/modules/roles/guest.te
---- nsaserefpolicy/policy/modules/roles/guest.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/roles/guest.te 2010-10-01 15:18:58.435349564 +0200
+--- nsaserefpolicy/policy/modules/roles/guest.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/roles/guest.te 2010-10-01 13:18:58.000000000 +0000
@@ -10,17 +10,15 @@
userdom_restricted_user_template(guest)
@@ -13064,8 +13068,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.t
-#gen_user(guest_u,, guest_r, s0, s0)
+gen_user(guest_u, user, guest_r, s0, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/secadm.te serefpolicy-3.7.19/policy/modules/roles/secadm.te
---- nsaserefpolicy/policy/modules/roles/secadm.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/roles/secadm.te 2010-05-28 09:42:00.044610794 +0200
+--- nsaserefpolicy/policy/modules/roles/secadm.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/roles/secadm.te 2010-05-28 07:42:00.000000000 +0000
@@ -10,6 +10,8 @@
userdom_unpriv_user_template(secadm)
@@ -13076,9 +13080,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/secadm.
########################################
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.7.19/policy/modules/roles/staff.te
---- nsaserefpolicy/policy/modules/roles/staff.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/roles/staff.te 2010-12-15 14:43:54.408042196 +0100
-@@ -9,25 +9,58 @@
+--- nsaserefpolicy/policy/modules/roles/staff.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/roles/staff.te 2011-01-24 18:49:52.457455001 +0000
+@@ -9,25 +9,66 @@
role staff_r;
userdom_unpriv_user_template(staff)
@@ -13108,6 +13112,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
+netutils_signal_ping(staff_t)
+netutils_kill_ping(staff_t)
+
++ifdef(`distro_
++redhat',`
++#FIXME
++tunable_policy(`allow_polyinstantiation',`
++ seutil_role_allow_setfiles(staff_r)
++ ')
++')
++
optional_policy(`
apache_role(staff_r, staff_t)
')
@@ -13137,7 +13149,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
bluetooth_role(staff_r, staff_t)
')
-@@ -99,12 +132,18 @@
+@@ -99,12 +140,18 @@
oident_manage_user_content(staff_t)
oident_relabel_user_content(staff_t)
')
@@ -13156,7 +13168,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
pyzor_role(staff_r, staff_t)
')
-@@ -119,22 +158,27 @@
+@@ -119,22 +166,27 @@
optional_policy(`
screen_role_template(staff, staff_r, staff_t)
')
@@ -13184,7 +13196,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
optional_policy(`
sudo_role_template(staff, staff_r, staff_t)
-@@ -145,6 +189,11 @@
+@@ -145,6 +197,11 @@
userdom_dontaudit_use_user_terminals(staff_t)
')
@@ -13196,7 +13208,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
optional_policy(`
thunderbird_role(staff_r, staff_t)
')
-@@ -169,6 +218,77 @@
+@@ -169,6 +226,77 @@
wireshark_role(staff_r, staff_t)
')
@@ -13275,8 +13287,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
+ userhelper_console_role_template(staff, staff_r, staff_usertype)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.7.19/policy/modules/roles/sysadm.te
---- nsaserefpolicy/policy/modules/roles/sysadm.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/roles/sysadm.te 2011-01-19 18:18:43.216042333 +0100
+--- nsaserefpolicy/policy/modules/roles/sysadm.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/roles/sysadm.te 2011-01-19 17:18:43.000000000 +0000
@@ -28,17 +28,29 @@
corecmd_exec_shell(sysadm_t)
@@ -13624,8 +13636,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
+modutils_read_module_deps(sysadm_t)
+miscfiles_read_hwdata(sysadm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.7.19/policy/modules/roles/unconfineduser.fc
---- nsaserefpolicy/policy/modules/roles/unconfineduser.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/roles/unconfineduser.fc 2010-05-28 09:42:00.047610527 +0200
+--- nsaserefpolicy/policy/modules/roles/unconfineduser.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/roles/unconfineduser.fc 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,10 @@
+# Add programs here which should not be confined by SELinux
+# e.g.:
@@ -13638,8 +13650,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
+/usr/sbin/xrdp -- gen_context(system_u:object_r:unconfined_exec_t,s0)
+/usr/sbin/xrdp-sesman -- gen_context(system_u:object_r:unconfined_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.if serefpolicy-3.7.19/policy/modules/roles/unconfineduser.if
---- nsaserefpolicy/policy/modules/roles/unconfineduser.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/roles/unconfineduser.if 2010-10-05 17:05:35.898651111 +0200
+--- nsaserefpolicy/policy/modules/roles/unconfineduser.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/roles/unconfineduser.if 2010-10-05 15:05:35.000000000 +0000
@@ -0,0 +1,706 @@
+## <summary>Unconfiend user role</summary>
+
@@ -14348,8 +14360,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.7.19/policy/modules/roles/unconfineduser.te
---- nsaserefpolicy/policy/modules/roles/unconfineduser.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/roles/unconfineduser.te 2011-01-14 14:20:39.378128074 +0100
+--- nsaserefpolicy/policy/modules/roles/unconfineduser.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/roles/unconfineduser.te 2011-01-14 13:20:39.000000000 +0000
@@ -0,0 +1,453 @@
+policy_module(unconfineduser, 1.0.0)
+
@@ -14805,8 +14817,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
+gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.7.19/policy/modules/roles/unprivuser.te
---- nsaserefpolicy/policy/modules/roles/unprivuser.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/roles/unprivuser.te 2010-12-15 14:45:10.473042920 +0100
+--- nsaserefpolicy/policy/modules/roles/unprivuser.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/roles/unprivuser.te 2010-12-15 13:45:10.000000000 +0000
@@ -13,10 +13,13 @@
userdom_unpriv_user_template(user)
@@ -14866,8 +14878,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivu
xserver_role(user_r, user_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.7.19/policy/modules/roles/xguest.te
---- nsaserefpolicy/policy/modules/roles/xguest.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/roles/xguest.te 2010-11-02 17:09:32.420901767 +0100
+--- nsaserefpolicy/policy/modules/roles/xguest.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/roles/xguest.te 2010-11-02 16:09:32.000000000 +0000
@@ -15,7 +15,7 @@
## <desc>
@@ -15017,8 +15029,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.
+
+gen_user(xguest_u, user, xguest_r, s0, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.fc serefpolicy-3.7.19/policy/modules/services/abrt.fc
---- nsaserefpolicy/policy/modules/services/abrt.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/abrt.fc 2010-07-14 12:41:50.667159114 +0200
+--- nsaserefpolicy/policy/modules/services/abrt.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/abrt.fc 2010-07-14 10:41:50.000000000 +0000
@@ -1,11 +1,21 @@
-/etc/abrt(/.*)? gen_context(system_u:object_r:abrt_etc_t,s0)
-/etc/rc\.d/init\.d/abrt -- gen_context(system_u:object_r:abrt_initrc_exec_t,s0)
@@ -15047,8 +15059,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
+
+/var/spool/abrt(/.*)? gen_context(system_u:object_r:abrt_var_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.if serefpolicy-3.7.19/policy/modules/services/abrt.if
---- nsaserefpolicy/policy/modules/services/abrt.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/abrt.if 2010-09-16 14:47:19.835637495 +0200
+--- nsaserefpolicy/policy/modules/services/abrt.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/abrt.if 2010-09-16 12:47:19.000000000 +0000
@@ -21,7 +21,7 @@
######################################
@@ -15314,8 +15326,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
files_search_var($1)
admin_pattern($1, abrt_var_cache_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.7.19/policy/modules/services/abrt.te
---- nsaserefpolicy/policy/modules/services/abrt.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/abrt.te 2011-01-07 14:18:16.592043328 +0100
+--- nsaserefpolicy/policy/modules/services/abrt.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/abrt.te 2011-01-07 13:18:16.000000000 +0000
@@ -1,11 +1,19 @@
-policy_module(abrt, 1.0.1)
@@ -15587,8 +15599,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
+ allow abrt_t domain:process setrlimit;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.if serefpolicy-3.7.19/policy/modules/services/afs.if
---- nsaserefpolicy/policy/modules/services/afs.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/afs.if 2010-09-16 15:14:41.650636974 +0200
+--- nsaserefpolicy/policy/modules/services/afs.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/afs.if 2010-09-16 13:14:41.000000000 +0000
@@ -97,8 +97,8 @@
type afs_t, afs_initrc_exec_t;
')
@@ -15601,8 +15613,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.
# Allow afs_admin to restart the afs service
afs_initrc_domtrans($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.7.19/policy/modules/services/afs.te
---- nsaserefpolicy/policy/modules/services/afs.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/afs.te 2010-05-28 09:42:00.053610763 +0200
+--- nsaserefpolicy/policy/modules/services/afs.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/afs.te 2010-05-28 07:42:00.000000000 +0000
@@ -88,9 +88,14 @@
fs_getattr_xattr_fs(afs_t)
@@ -15619,8 +15631,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.
corenet_all_recvfrom_netlabel(afs_t)
corenet_tcp_sendrecv_generic_if(afs_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.fc serefpolicy-3.7.19/policy/modules/services/aiccu.fc
---- nsaserefpolicy/policy/modules/services/aiccu.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/aiccu.fc 2010-06-14 11:26:52.511056371 +0200
+--- nsaserefpolicy/policy/modules/services/aiccu.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/aiccu.fc 2010-06-14 09:26:52.000000000 +0000
@@ -0,0 +1,6 @@
+/etc/aiccu\.conf -- gen_context(system_u:object_r:aiccu_etc_t,s0)
+/etc/rc\.d/init\.d/aiccu -- gen_context(system_u:object_r:aiccu_initrc_exec_t,s0)
@@ -15629,8 +15641,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc
+
+/var/run/aiccu\.pid -- gen_context(system_u:object_r:aiccu_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.if serefpolicy-3.7.19/policy/modules/services/aiccu.if
---- nsaserefpolicy/policy/modules/services/aiccu.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/aiccu.if 2010-06-14 11:26:09.814056575 +0200
+--- nsaserefpolicy/policy/modules/services/aiccu.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/aiccu.if 2010-06-14 09:26:09.000000000 +0000
@@ -0,0 +1,118 @@
+## <summary>Automatic IPv6 Connectivity Client Utility.</summary>
+
@@ -15751,8 +15763,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc
+ files_search_pids($1)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.te serefpolicy-3.7.19/policy/modules/services/aiccu.te
---- nsaserefpolicy/policy/modules/services/aiccu.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/aiccu.te 2010-09-16 09:55:09.026658234 +0200
+--- nsaserefpolicy/policy/modules/services/aiccu.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/aiccu.te 2010-09-16 07:55:09.000000000 +0000
@@ -0,0 +1,72 @@
+
+policy_module(aiccu, 1.0.0)
@@ -15827,8 +15839,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc
+sysnet_dns_name_resolve(aiccu_t)
+sysnet_domtrans_ifconfig(aiccu_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.fc serefpolicy-3.7.19/policy/modules/services/aisexec.fc
---- nsaserefpolicy/policy/modules/services/aisexec.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/aisexec.fc 2010-05-28 09:42:00.055610771 +0200
+--- nsaserefpolicy/policy/modules/services/aisexec.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/aisexec.fc 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,10 @@
+
+/etc/rc\.d/init\.d/openais -- gen_context(system_u:object_r:aisexec_initrc_exec_t,s0)
@@ -15841,8 +15853,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aise
+
+/var/run/aisexec\.pid -- gen_context(system_u:object_r:aisexec_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.if serefpolicy-3.7.19/policy/modules/services/aisexec.if
---- nsaserefpolicy/policy/modules/services/aisexec.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/aisexec.if 2010-05-28 09:42:00.056610845 +0200
+--- nsaserefpolicy/policy/modules/services/aisexec.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/aisexec.if 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,106 @@
+## <summary>SELinux policy for Aisexec Cluster Engine</summary>
+
@@ -15951,8 +15963,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aise
+ admin_pattern($1, aisexec_tmpfs_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.te serefpolicy-3.7.19/policy/modules/services/aisexec.te
---- nsaserefpolicy/policy/modules/services/aisexec.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/aisexec.te 2010-07-19 15:48:59.455151640 +0200
+--- nsaserefpolicy/policy/modules/services/aisexec.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/aisexec.te 2010-07-19 13:48:59.000000000 +0000
@@ -0,0 +1,114 @@
+
+policy_module(aisexec,1.0.0)
@@ -16069,8 +16081,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aise
+userdom_rw_semaphores(aisexec_t)
+userdom_rw_unpriv_user_shared_mem(aisexec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.if serefpolicy-3.7.19/policy/modules/services/amavis.if
---- nsaserefpolicy/policy/modules/services/amavis.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/amavis.if 2010-08-20 13:59:09.305084875 +0200
+--- nsaserefpolicy/policy/modules/services/amavis.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/amavis.if 2010-08-20 11:59:09.000000000 +0000
@@ -56,7 +56,7 @@
')
@@ -16081,8 +16093,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.7.19/policy/modules/services/apache.fc
---- nsaserefpolicy/policy/modules/services/apache.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/apache.fc 2010-07-13 09:55:52.782503046 +0200
+--- nsaserefpolicy/policy/modules/services/apache.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/apache.fc 2010-07-13 07:55:52.000000000 +0000
@@ -3,6 +3,7 @@
/etc/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
/etc/apache-ssl(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
@@ -16142,8 +16154,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+/var/www/svn/conf(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.7.19/policy/modules/services/apache.if
---- nsaserefpolicy/policy/modules/services/apache.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/apache.if 2010-11-02 16:55:03.289650829 +0100
+--- nsaserefpolicy/policy/modules/services/apache.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/apache.if 2010-11-02 15:55:03.000000000 +0000
@@ -13,17 +13,13 @@
#
template(`apache_content_template',`
@@ -16642,8 +16654,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+ allow $1 httpd_suexec_exec_t:file getattr;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.7.19/policy/modules/services/apache.te
---- nsaserefpolicy/policy/modules/services/apache.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/apache.te 2011-01-18 17:21:06.301042684 +0100
+--- nsaserefpolicy/policy/modules/services/apache.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/apache.te 2011-01-18 16:21:06.000000000 +0000
@@ -19,11 +19,13 @@
# Declarations
#
@@ -17302,8 +17314,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+typealias httpd_var_run_t alias httpd_fastcgi_var_run_t;
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.7.19/policy/modules/services/apcupsd.te
---- nsaserefpolicy/policy/modules/services/apcupsd.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/apcupsd.te 2010-05-28 09:42:00.061610936 +0200
+--- nsaserefpolicy/policy/modules/services/apcupsd.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/apcupsd.te 2010-05-28 07:42:00.000000000 +0000
@@ -95,6 +95,10 @@
')
@@ -17316,8 +17328,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
mta_system_content(apcupsd_tmp_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-3.7.19/policy/modules/services/apm.te
---- nsaserefpolicy/policy/modules/services/apm.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/apm.te 2010-07-19 15:49:29.576151384 +0200
+--- nsaserefpolicy/policy/modules/services/apm.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/apm.te 2010-07-19 13:49:29.000000000 +0000
@@ -63,6 +63,7 @@
dontaudit apmd_t self:capability { setuid dac_override dac_read_search sys_ptrace sys_tty_config };
allow apmd_t self:process { signal_perms getsession };
@@ -17335,8 +17347,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.
dev_read_urand(apmd_t)
dev_rw_apm_bios(apmd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.if serefpolicy-3.7.19/policy/modules/services/arpwatch.if
---- nsaserefpolicy/policy/modules/services/arpwatch.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/arpwatch.if 2010-09-16 15:05:24.621637181 +0200
+--- nsaserefpolicy/policy/modules/services/arpwatch.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/arpwatch.if 2010-09-16 13:05:24.000000000 +0000
@@ -137,7 +137,7 @@
type arpwatch_initrc_exec_t;
')
@@ -17347,8 +17359,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw
arpwatch_initrc_domtrans($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.te serefpolicy-3.7.19/policy/modules/services/arpwatch.te
---- nsaserefpolicy/policy/modules/services/arpwatch.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/arpwatch.te 2010-07-23 14:06:57.786138760 +0200
+--- nsaserefpolicy/policy/modules/services/arpwatch.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/arpwatch.te 2010-07-23 12:06:57.000000000 +0000
@@ -34,6 +34,7 @@
allow arpwatch_t self:tcp_socket { connect create_stream_socket_perms };
allow arpwatch_t self:udp_socket create_socket_perms;
@@ -17379,8 +17391,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw
fs_getattr_all_fs(arpwatch_t)
fs_search_auto_mountpoints(arpwatch_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.if serefpolicy-3.7.19/policy/modules/services/asterisk.if
---- nsaserefpolicy/policy/modules/services/asterisk.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/asterisk.if 2010-09-16 15:05:49.748637209 +0200
+--- nsaserefpolicy/policy/modules/services/asterisk.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/asterisk.if 2010-09-16 13:05:49.000000000 +0000
@@ -1,5 +1,24 @@
## <summary>Asterisk IP telephony server</summary>
@@ -17416,8 +17428,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
init_labeled_script_domtrans($1, asterisk_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.7.19/policy/modules/services/asterisk.te
---- nsaserefpolicy/policy/modules/services/asterisk.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/asterisk.te 2010-05-28 09:42:00.064610809 +0200
+--- nsaserefpolicy/policy/modules/services/asterisk.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/asterisk.te 2010-05-28 07:42:00.000000000 +0000
@@ -40,12 +40,13 @@
#
@@ -17528,8 +17540,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-3.7.19/policy/modules/services/automount.if
---- nsaserefpolicy/policy/modules/services/automount.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/automount.if 2010-09-16 15:06:07.893637088 +0200
+--- nsaserefpolicy/policy/modules/services/automount.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/automount.if 2010-09-16 13:06:07.000000000 +0000
@@ -68,7 +68,8 @@
type automount_t;
')
@@ -17550,8 +17562,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
init_labeled_script_domtrans($1, automount_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.7.19/policy/modules/services/automount.te
---- nsaserefpolicy/policy/modules/services/automount.te 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/automount.te 2010-05-28 09:42:00.065610953 +0200
+--- nsaserefpolicy/policy/modules/services/automount.te 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/automount.te 2010-05-28 07:42:00.000000000 +0000
@@ -146,6 +146,7 @@
# Run mount in the mount_t domain.
@@ -17561,8 +17573,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
userdom_dontaudit_use_unpriv_user_fds(automount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.7.19/policy/modules/services/avahi.if
---- nsaserefpolicy/policy/modules/services/avahi.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/avahi.if 2010-05-28 09:42:00.065610953 +0200
+--- nsaserefpolicy/policy/modules/services/avahi.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/avahi.if 2010-05-28 07:42:00.000000000 +0000
@@ -90,6 +90,7 @@
class dbus send_msg;
')
@@ -17572,8 +17584,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
allow avahi_t $1:dbus send_msg;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.7.19/policy/modules/services/avahi.te
---- nsaserefpolicy/policy/modules/services/avahi.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/avahi.te 2010-06-15 18:00:13.770018228 +0200
+--- nsaserefpolicy/policy/modules/services/avahi.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/avahi.te 2010-06-15 16:00:13.000000000 +0000
@@ -104,6 +104,10 @@
')
@@ -17586,8 +17598,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.7.19/policy/modules/services/bind.if
---- nsaserefpolicy/policy/modules/services/bind.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/bind.if 2010-08-13 08:08:10.688085038 +0200
+--- nsaserefpolicy/policy/modules/services/bind.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/bind.if 2010-08-13 06:08:10.000000000 +0000
@@ -269,6 +269,27 @@
allow $1 named_var_run_t:dir setattr;
')
@@ -17636,8 +17648,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
admin_pattern($1, named_var_run_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.7.19/policy/modules/services/bind.te
---- nsaserefpolicy/policy/modules/services/bind.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/bind.te 2010-08-13 07:59:53.335085221 +0200
+--- nsaserefpolicy/policy/modules/services/bind.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/bind.te 2010-08-13 05:59:53.000000000 +0000
@@ -240,6 +240,7 @@
sysnet_dns_name_resolve(ndc_t)
@@ -17647,8 +17659,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
term_dontaudit_use_console(ndc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.7.19/policy/modules/services/bitlbee.te
---- nsaserefpolicy/policy/modules/services/bitlbee.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/bitlbee.te 2011-01-04 16:26:00.197041921 +0100
+--- nsaserefpolicy/policy/modules/services/bitlbee.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/bitlbee.te 2011-01-04 15:26:00.000000000 +0000
@@ -27,19 +27,21 @@
#
# Local policy
@@ -17694,8 +17706,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
sysnet_dns_name_resolve(bitlbee_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.7.19/policy/modules/services/bluetooth.if
---- nsaserefpolicy/policy/modules/services/bluetooth.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/bluetooth.if 2010-06-25 15:39:19.963137669 +0200
+--- nsaserefpolicy/policy/modules/services/bluetooth.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/bluetooth.if 2010-06-25 13:39:19.000000000 +0000
@@ -117,6 +117,27 @@
########################################
@@ -17744,8 +17756,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue
admin_pattern($1, bluetooth_var_lib_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.7.19/policy/modules/services/bluetooth.te
---- nsaserefpolicy/policy/modules/services/bluetooth.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/bluetooth.te 2010-10-01 15:18:25.436349626 +0200
+--- nsaserefpolicy/policy/modules/services/bluetooth.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/bluetooth.te 2010-10-01 13:18:25.000000000 +0000
@@ -148,6 +148,10 @@
userdom_dontaudit_search_user_home_dirs(bluetooth_t)
@@ -17758,8 +17770,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue
dbus_connect_system_bus(bluetooth_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.fc serefpolicy-3.7.19/policy/modules/services/boinc.fc
---- nsaserefpolicy/policy/modules/services/boinc.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/boinc.fc 2010-08-24 11:08:39.309083977 +0200
+--- nsaserefpolicy/policy/modules/services/boinc.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/boinc.fc 2010-08-24 09:08:39.000000000 +0000
@@ -0,0 +1,8 @@
+
+/etc/rc\.d/init\.d/boinc-client -- gen_context(system_u:object_r:boinc_initrc_exec_t,s0)
@@ -17770,8 +17782,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
+/var/lib/boinc/projects(/.*)? gen_context(system_u:object_r:boinc_project_var_lib_t,s0)
+/var/lib/boinc/slots(/.*)? gen_context(system_u:object_r:boinc_project_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.if serefpolicy-3.7.19/policy/modules/services/boinc.if
---- nsaserefpolicy/policy/modules/services/boinc.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/boinc.if 2010-09-16 15:15:07.962637079 +0200
+--- nsaserefpolicy/policy/modules/services/boinc.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/boinc.if 2010-09-16 13:15:07.000000000 +0000
@@ -0,0 +1,151 @@
+
+## <summary>policy for boinc</summary>
@@ -17925,8 +17937,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
+ admin_pattern($1, boinc_var_lib_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.te serefpolicy-3.7.19/policy/modules/services/boinc.te
---- nsaserefpolicy/policy/modules/services/boinc.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/boinc.te 2010-12-09 12:27:20.801041392 +0100
+--- nsaserefpolicy/policy/modules/services/boinc.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/boinc.te 2010-12-09 11:27:20.000000000 +0000
@@ -0,0 +1,179 @@
+
+policy_module(boinc,1.0.0)
@@ -18108,16 +18120,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
+ java_exec(boinc_project_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugzilla.fc serefpolicy-3.7.19/policy/modules/services/bugzilla.fc
---- nsaserefpolicy/policy/modules/services/bugzilla.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/bugzilla.fc 2010-05-28 09:42:00.069610831 +0200
+--- nsaserefpolicy/policy/modules/services/bugzilla.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/bugzilla.fc 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,4 @@
+
+/usr/share/bugzilla(/.*)? -d gen_context(system_u:object_r:httpd_bugzilla_content_t,s0)
+/usr/share/bugzilla(/.*)? -- gen_context(system_u:object_r:httpd_bugzilla_script_exec_t,s0)
+/var/lib/bugzilla(/.*)? gen_context(system_u:object_r:httpd_bugzilla_rw_content_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugzilla.if serefpolicy-3.7.19/policy/modules/services/bugzilla.if
---- nsaserefpolicy/policy/modules/services/bugzilla.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/bugzilla.if 2010-05-28 09:42:00.069610831 +0200
+--- nsaserefpolicy/policy/modules/services/bugzilla.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/bugzilla.if 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,39 @@
+## <summary>Bugzilla server</summary>
+
@@ -18159,8 +18171,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugz
+ dontaudit $1 httpd_bugzilla_script_t:unix_stream_socket { read write };
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugzilla.te serefpolicy-3.7.19/policy/modules/services/bugzilla.te
---- nsaserefpolicy/policy/modules/services/bugzilla.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/bugzilla.te 2010-05-28 09:42:00.070610905 +0200
+--- nsaserefpolicy/policy/modules/services/bugzilla.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/bugzilla.te 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,57 @@
+
+policy_module(bugzilla, 1.0)
@@ -18220,8 +18232,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugz
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.fc serefpolicy-3.7.19/policy/modules/services/cachefilesd.fc
---- nsaserefpolicy/policy/modules/services/cachefilesd.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/cachefilesd.fc 2010-05-28 09:42:00.070610905 +0200
+--- nsaserefpolicy/policy/modules/services/cachefilesd.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cachefilesd.fc 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,29 @@
+###############################################################################
+#
@@ -18253,8 +18265,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach
+
+/var/run/cachefilesd\.pid -- gen_context(system_u:object_r:cachefiles_var_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.if serefpolicy-3.7.19/policy/modules/services/cachefilesd.if
---- nsaserefpolicy/policy/modules/services/cachefilesd.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/cachefilesd.if 2010-05-28 09:42:00.071610839 +0200
+--- nsaserefpolicy/policy/modules/services/cachefilesd.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cachefilesd.if 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,41 @@
+###############################################################################
+#
@@ -18298,8 +18310,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach
+ allow cachefilesd_t $1:process sigchld;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.te serefpolicy-3.7.19/policy/modules/services/cachefilesd.te
---- nsaserefpolicy/policy/modules/services/cachefilesd.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/cachefilesd.te 2010-05-28 09:42:00.071610839 +0200
+--- nsaserefpolicy/policy/modules/services/cachefilesd.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cachefilesd.te 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,147 @@
+###############################################################################
+#
@@ -18449,8 +18461,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach
+
+dev_search_sysfs(cachefiles_kernel_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-3.7.19/policy/modules/services/ccs.te
---- nsaserefpolicy/policy/modules/services/ccs.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ccs.te 2010-05-28 09:42:00.072610704 +0200
+--- nsaserefpolicy/policy/modules/services/ccs.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ccs.te 2010-05-28 07:42:00.000000000 +0000
@@ -114,5 +114,15 @@
')
@@ -18468,8 +18480,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.
unconfined_use_fds(ccs_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.7.19/policy/modules/services/certmaster.if
---- nsaserefpolicy/policy/modules/services/certmaster.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/certmaster.if 2010-12-01 14:03:22.438042558 +0100
+--- nsaserefpolicy/policy/modules/services/certmaster.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/certmaster.if 2010-12-01 13:03:22.000000000 +0000
@@ -18,6 +18,25 @@
domtrans_pattern($1, certmaster_exec_t, certmaster_t)
')
@@ -18497,8 +18509,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
## <summary>
## read certmaster logs.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.fc serefpolicy-3.7.19/policy/modules/services/certmonger.fc
---- nsaserefpolicy/policy/modules/services/certmonger.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/certmonger.fc 2010-05-28 09:42:00.073610778 +0200
+--- nsaserefpolicy/policy/modules/services/certmonger.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/certmonger.fc 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,6 @@
+/etc/rc\.d/init\.d/certmonger -- gen_context(system_u:object_r:certmonger_initrc_exec_t,s0)
+
@@ -18507,8 +18519,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
+/var/run/certmonger.pid -- gen_context(system_u:object_r:certmonger_var_run_t,s0)
+/var/lib/certmonger(/.*)? gen_context(system_u:object_r:certmonger_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.if serefpolicy-3.7.19/policy/modules/services/certmonger.if
---- nsaserefpolicy/policy/modules/services/certmonger.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/certmonger.if 2010-06-28 14:44:32.157401643 +0200
+--- nsaserefpolicy/policy/modules/services/certmonger.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/certmonger.if 2010-06-28 12:44:32.000000000 +0000
@@ -0,0 +1,218 @@
+
+## <summary>Certificate status monitor and PKI enrollment client</summary>
@@ -18729,8 +18741,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
+ admin_pattern($1, certmonger_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.te serefpolicy-3.7.19/policy/modules/services/certmonger.te
---- nsaserefpolicy/policy/modules/services/certmonger.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/certmonger.te 2010-12-15 15:05:16.296042554 +0100
+--- nsaserefpolicy/policy/modules/services/certmonger.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/certmonger.te 2010-12-15 14:05:16.000000000 +0000
@@ -0,0 +1,92 @@
+policy_module(certmonger,1.0.0)
+
@@ -18825,8 +18837,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.fc serefpolicy-3.7.19/policy/modules/services/cgroup.fc
---- nsaserefpolicy/policy/modules/services/cgroup.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/cgroup.fc 2010-08-10 16:13:34.251005312 +0200
+--- nsaserefpolicy/policy/modules/services/cgroup.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cgroup.fc 2010-08-10 14:13:34.000000000 +0000
@@ -0,0 +1,10 @@
+/etc/cgconfig.conf -- gen_context(system_u:object_r:cgconfig_etc_t,s0)
+/etc/cgrules.conf -- gen_context(system_u:object_r:cgrules_etc_t,s0)
@@ -18839,8 +18851,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
+
+/var/run/cgred.* gen_context(system_u:object_r:cgred_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.if serefpolicy-3.7.19/policy/modules/services/cgroup.if
---- nsaserefpolicy/policy/modules/services/cgroup.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/cgroup.if 2010-08-10 16:13:34.251334760 +0200
+--- nsaserefpolicy/policy/modules/services/cgroup.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cgroup.if 2010-08-10 14:13:34.000000000 +0000
@@ -0,0 +1,147 @@
+## <summary>libcg is a library that abstracts the control group file system in Linux.</summary>
+
@@ -18990,8 +19002,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
+ role_transition $2 cgred_initrc_exec_t system_r;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.te serefpolicy-3.7.19/policy/modules/services/cgroup.te
---- nsaserefpolicy/policy/modules/services/cgroup.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/cgroup.te 2010-08-10 16:14:55.451084972 +0200
+--- nsaserefpolicy/policy/modules/services/cgroup.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cgroup.te 2010-08-10 14:14:55.000000000 +0000
@@ -0,0 +1,79 @@
+policy_module(cgroup, 1.0.0)
+
@@ -19073,8 +19085,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
+
+miscfiles_read_localization(cgred_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.if serefpolicy-3.7.19/policy/modules/services/chronyd.if
---- nsaserefpolicy/policy/modules/services/chronyd.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/chronyd.if 2010-06-28 18:44:16.191151821 +0200
+--- nsaserefpolicy/policy/modules/services/chronyd.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/chronyd.if 2010-06-28 16:44:16.000000000 +0000
@@ -19,6 +19,24 @@
domtrans_pattern($1, chronyd_exec_t, chronyd_t)
')
@@ -19188,8 +19200,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chro
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.te serefpolicy-3.7.19/policy/modules/services/chronyd.te
---- nsaserefpolicy/policy/modules/services/chronyd.te 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/chronyd.te 2011-01-14 14:47:12.321041202 +0100
+--- nsaserefpolicy/policy/modules/services/chronyd.te 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/chronyd.te 2011-01-14 13:47:12.000000000 +0000
@@ -16,6 +16,9 @@
type chronyd_keys_t;
files_type(chronyd_keys_t)
@@ -19243,8 +19255,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chro
gpsd_rw_shm(chronyd_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.7.19/policy/modules/services/clamav.fc
---- nsaserefpolicy/policy/modules/services/clamav.fc 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/clamav.fc 2011-01-19 17:06:42.240041373 +0100
+--- nsaserefpolicy/policy/modules/services/clamav.fc 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/clamav.fc 2011-01-19 16:06:42.000000000 +0000
@@ -10,6 +10,7 @@
/var/clamav(/.*)? gen_context(system_u:object_r:clamd_var_lib_t,s0)
@@ -19254,8 +19266,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
/var/log/clamav/freshclam.* -- gen_context(system_u:object_r:freshclam_var_log_t,s0)
/var/log/clamd.* gen_context(system_u:object_r:clamd_var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.7.19/policy/modules/services/clamav.if
---- nsaserefpolicy/policy/modules/services/clamav.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/clamav.if 2010-10-18 15:38:09.251650866 +0200
+--- nsaserefpolicy/policy/modules/services/clamav.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/clamav.if 2010-10-18 13:38:09.000000000 +0000
@@ -49,12 +49,12 @@
#
interface(`clamav_append_log',`
@@ -19273,8 +19285,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.7.19/policy/modules/services/clamav.te
---- nsaserefpolicy/policy/modules/services/clamav.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/clamav.te 2010-12-09 12:46:16.374042098 +0100
+--- nsaserefpolicy/policy/modules/services/clamav.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/clamav.te 2010-12-09 11:46:16.000000000 +0000
@@ -1,6 +1,13 @@
policy_module(clamav, 1.7.1)
@@ -19392,16 +19404,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
optional_policy(`
amavis_read_spool_files(clamscan_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.fc serefpolicy-3.7.19/policy/modules/services/clogd.fc
---- nsaserefpolicy/policy/modules/services/clogd.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/clogd.fc 2010-05-28 09:42:00.079610731 +0200
+--- nsaserefpolicy/policy/modules/services/clogd.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/clogd.fc 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,4 @@
+
+/usr/sbin/clogd -- gen_context(system_u:object_r:clogd_exec_t,s0)
+
+/var/run/clogd\.pid -- gen_context(system_u:object_r:clogd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.if serefpolicy-3.7.19/policy/modules/services/clogd.if
---- nsaserefpolicy/policy/modules/services/clogd.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/clogd.if 2010-10-13 09:52:30.479899693 +0200
+--- nsaserefpolicy/policy/modules/services/clogd.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/clogd.if 2010-10-13 07:52:30.000000000 +0000
@@ -0,0 +1,82 @@
+## <summary>clogd - clustered mirror log server</summary>
+
@@ -19486,8 +19498,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clog
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.te serefpolicy-3.7.19/policy/modules/services/clogd.te
---- nsaserefpolicy/policy/modules/services/clogd.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/clogd.te 2010-05-28 09:42:00.080611084 +0200
+--- nsaserefpolicy/policy/modules/services/clogd.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/clogd.te 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,65 @@
+
+policy_module(clogd,1.0.0)
@@ -19555,8 +19567,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clog
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmirrord.fc serefpolicy-3.7.19/policy/modules/services/cmirrord.fc
---- nsaserefpolicy/policy/modules/services/cmirrord.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/cmirrord.fc 2010-05-28 12:23:32.682860590 +0200
+--- nsaserefpolicy/policy/modules/services/cmirrord.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cmirrord.fc 2010-05-28 10:23:32.000000000 +0000
@@ -0,0 +1,6 @@
+
+/etc/rc\.d/init\.d/cmirrord -- gen_context(system_u:object_r:cmirrord_initrc_exec_t,s0)
@@ -19565,8 +19577,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmir
+
+/var/run/cmirrord\.pid -- gen_context(system_u:object_r:cmirrord_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmirrord.if serefpolicy-3.7.19/policy/modules/services/cmirrord.if
---- nsaserefpolicy/policy/modules/services/cmirrord.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/cmirrord.if 2010-05-28 12:30:40.719860805 +0200
+--- nsaserefpolicy/policy/modules/services/cmirrord.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cmirrord.if 2010-05-28 10:30:40.000000000 +0000
@@ -0,0 +1,118 @@
+
+## <summary>policy for cmirrord</summary>
@@ -19687,8 +19699,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmir
+
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmirrord.te serefpolicy-3.7.19/policy/modules/services/cmirrord.te
---- nsaserefpolicy/policy/modules/services/cmirrord.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/cmirrord.te 2010-09-15 15:45:43.101636923 +0200
+--- nsaserefpolicy/policy/modules/services/cmirrord.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cmirrord.te 2010-09-15 13:45:43.000000000 +0000
@@ -0,0 +1,62 @@
+
+policy_module(cmirrord,1.0.0)
@@ -19753,8 +19765,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmir
+ corosync_stream_connect(cmirrord_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.fc serefpolicy-3.7.19/policy/modules/services/cobbler.fc
---- nsaserefpolicy/policy/modules/services/cobbler.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/cobbler.fc 2011-01-07 11:32:18.772301640 +0100
+--- nsaserefpolicy/policy/modules/services/cobbler.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cobbler.fc 2011-01-07 10:32:18.000000000 +0000
@@ -1,7 +1,33 @@
-/etc/cobbler(/.*)? gen_context(system_u:object_r:cobbler_etc_t, s0)
-/etc/rc\.d/init\.d/cobblerd -- gen_context(system_u:object_r:cobblerd_initrc_exec_t, s0)
@@ -19795,8 +19807,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb
-/var/lib/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t, s0)
-/var/log/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_log_t, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.if serefpolicy-3.7.19/policy/modules/services/cobbler.if
---- nsaserefpolicy/policy/modules/services/cobbler.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/cobbler.if 2011-01-19 17:25:53.443041687 +0100
+--- nsaserefpolicy/policy/modules/services/cobbler.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cobbler.if 2011-01-19 16:25:53.000000000 +0000
@@ -1,12 +1,12 @@
## <summary>Cobbler installation server.</summary>
## <desc>
@@ -19988,8 +20000,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb
+ ')
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.te serefpolicy-3.7.19/policy/modules/services/cobbler.te
---- nsaserefpolicy/policy/modules/services/cobbler.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/cobbler.te 2010-12-01 13:46:59.993291958 +0100
+--- nsaserefpolicy/policy/modules/services/cobbler.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cobbler.te 2010-12-01 12:46:59.000000000 +0000
@@ -1,5 +1,4 @@
-
-policy_module(cobbler, 1.0.0)
@@ -20221,8 +20233,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb
+manage_dirs_pattern(cobblerd_t, httpd_cobbler_content_rw_t, httpd_cobbler_content_rw_t)
+manage_files_pattern(cobblerd_t, httpd_cobbler_content_rw_t, httpd_cobbler_content_rw_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.7.19/policy/modules/services/consolekit.fc
---- nsaserefpolicy/policy/modules/services/consolekit.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/consolekit.fc 2010-05-28 09:42:00.084613262 +0200
+--- nsaserefpolicy/policy/modules/services/consolekit.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/consolekit.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,5 +1,7 @@
/usr/sbin/console-kit-daemon -- gen_context(system_u:object_r:consolekit_exec_t,s0)
@@ -20233,8 +20245,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
+/var/run/console-kit-daemon\.pid -- gen_context(system_u:object_r:consolekit_var_run_t,s0)
+/var/run/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.7.19/policy/modules/services/consolekit.if
---- nsaserefpolicy/policy/modules/services/consolekit.if 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/consolekit.if 2010-10-05 16:31:31.267651526 +0200
+--- nsaserefpolicy/policy/modules/services/consolekit.if 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/consolekit.if 2010-10-05 14:31:31.000000000 +0000
@@ -55,5 +55,62 @@
')
@@ -20299,8 +20311,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.7.19/policy/modules/services/consolekit.te
---- nsaserefpolicy/policy/modules/services/consolekit.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/consolekit.te 2010-06-15 18:01:58.476767291 +0200
+--- nsaserefpolicy/policy/modules/services/consolekit.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/consolekit.te 2010-06-15 16:01:58.000000000 +0000
@@ -16,12 +16,15 @@
type consolekit_var_run_t;
files_pid_file(consolekit_var_run_t)
@@ -20406,8 +20418,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
unconfined_stream_connect(consolekit_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.fc serefpolicy-3.7.19/policy/modules/services/corosync.fc
---- nsaserefpolicy/policy/modules/services/corosync.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/corosync.fc 2010-05-28 09:42:00.087610617 +0200
+--- nsaserefpolicy/policy/modules/services/corosync.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/corosync.fc 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,15 @@
+
+/etc/rc\.d/init\.d/corosync -- gen_context(system_u:object_r:corosync_initrc_exec_t,s0)
@@ -20425,8 +20437,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
+/var/run/corosync\.pid -- gen_context(system_u:object_r:corosync_var_run_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.if serefpolicy-3.7.19/policy/modules/services/corosync.if
---- nsaserefpolicy/policy/modules/services/corosync.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/corosync.if 2010-09-16 17:00:39.809386936 +0200
+--- nsaserefpolicy/policy/modules/services/corosync.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/corosync.if 2010-09-16 15:00:39.000000000 +0000
@@ -0,0 +1,127 @@
+## <summary>SELinux policy for Corosync Cluster Engine</summary>
+
@@ -20556,8 +20568,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.te serefpolicy-3.7.19/policy/modules/services/corosync.te
---- nsaserefpolicy/policy/modules/services/corosync.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/corosync.te 2010-11-08 15:05:45.930398628 +0100
+--- nsaserefpolicy/policy/modules/services/corosync.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/corosync.te 2010-11-08 14:05:45.000000000 +0000
@@ -0,0 +1,145 @@
+
+policy_module(corosync,1.0.0)
@@ -20705,8 +20717,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
+ ricci_rw_modclusterd_tmpfs_files(corosync_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.7.19/policy/modules/services/cron.fc
---- nsaserefpolicy/policy/modules/services/cron.fc 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/cron.fc 2010-05-28 09:42:00.088610900 +0200
+--- nsaserefpolicy/policy/modules/services/cron.fc 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cron.fc 2010-05-28 07:42:00.000000000 +0000
@@ -14,7 +14,7 @@
/var/run/anacron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
/var/run/atd\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -20725,8 +20737,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
+
+/var/log/mcelog.* -- gen_context(system_u:object_r:cron_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.7.19/policy/modules/services/cron.if
---- nsaserefpolicy/policy/modules/services/cron.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/cron.if 2010-09-16 14:41:50.412386895 +0200
+--- nsaserefpolicy/policy/modules/services/cron.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cron.if 2010-09-16 12:41:50.000000000 +0000
@@ -12,6 +12,12 @@
## </param>
#
@@ -20955,8 +20967,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
+ manage_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.7.19/policy/modules/services/cron.te
---- nsaserefpolicy/policy/modules/services/cron.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/cron.te 2010-11-18 15:47:35.785397612 +0100
+--- nsaserefpolicy/policy/modules/services/cron.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cron.te 2010-11-18 14:47:35.000000000 +0000
@@ -38,8 +38,10 @@
type cron_var_lib_t;
files_type(cron_var_lib_t)
@@ -21274,8 +21286,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
tunable_policy(`fcron_crond', `
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.7.19/policy/modules/services/cups.fc
---- nsaserefpolicy/policy/modules/services/cups.fc 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/cups.fc 2010-05-28 09:42:00.091610700 +0200
+--- nsaserefpolicy/policy/modules/services/cups.fc 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cups.fc 2010-05-28 07:42:00.000000000 +0000
@@ -13,10 +13,14 @@
/etc/cups/certs/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/rc\.d/init\.d/cups -- gen_context(system_u:object_r:cupsd_initrc_exec_t,s0)
@@ -21324,8 +21336,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
+
+/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.7.19/policy/modules/services/cups.if
---- nsaserefpolicy/policy/modules/services/cups.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/cups.if 2010-10-13 09:46:06.858649491 +0200
+--- nsaserefpolicy/policy/modules/services/cups.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cups.if 2010-10-13 07:46:06.000000000 +0000
@@ -6,7 +6,7 @@
## </summary>
## <param name="domain">
@@ -21355,8 +21367,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
files_list_tmp($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.7.19/policy/modules/services/cups.te
---- nsaserefpolicy/policy/modules/services/cups.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/cups.te 2010-11-11 16:08:06.457149130 +0100
+--- nsaserefpolicy/policy/modules/services/cups.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cups.te 2010-11-11 15:08:06.000000000 +0000
@@ -16,6 +16,7 @@
type cupsd_t;
type cupsd_exec_t;
@@ -21637,8 +21649,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
logging_send_syslog_msg(hplip_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.7.19/policy/modules/services/cvs.te
---- nsaserefpolicy/policy/modules/services/cvs.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/cvs.te 2010-05-28 09:42:00.093610497 +0200
+--- nsaserefpolicy/policy/modules/services/cvs.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cvs.te 2010-05-28 07:42:00.000000000 +0000
@@ -93,6 +93,7 @@
auth_can_read_shadow_passwords(cvs_t)
tunable_policy(`allow_cvs_read_shadow',`
@@ -21654,8 +21666,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
+ files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.fc serefpolicy-3.7.19/policy/modules/services/cyrus.fc
---- nsaserefpolicy/policy/modules/services/cyrus.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/cyrus.fc 2010-07-14 12:43:21.905172641 +0200
+--- nsaserefpolicy/policy/modules/services/cyrus.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cyrus.fc 2010-07-14 10:43:21.000000000 +0000
@@ -1,4 +1,4 @@
-/etc/rc\.d/init\.d/cyrus -- gen_context(system_u:object_r:cyrus_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/cyrus-imapd -- gen_context(system_u:object_r:cyrus_initrc_exec_t,s0)
@@ -21663,8 +21675,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
/usr/lib(64)?/cyrus-imapd/cyrus-master -- gen_context(system_u:object_r:cyrus_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.7.19/policy/modules/services/cyrus.te
---- nsaserefpolicy/policy/modules/services/cyrus.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/cyrus.te 2010-08-24 14:09:21.658222360 +0200
+--- nsaserefpolicy/policy/modules/services/cyrus.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/cyrus.te 2010-08-24 12:09:21.000000000 +0000
@@ -27,7 +27,7 @@
# Local policy
#
@@ -21691,8 +21703,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
snmp_dontaudit_write_snmp_var_lib_files(cyrus_t)
snmp_stream_connect(cyrus_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.7.19/policy/modules/services/dbus.if
---- nsaserefpolicy/policy/modules/services/dbus.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/dbus.if 2010-05-28 09:42:00.095610713 +0200
+--- nsaserefpolicy/policy/modules/services/dbus.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/dbus.if 2010-05-28 07:42:00.000000000 +0000
@@ -42,8 +42,10 @@
gen_require(`
class dbus { send_msg acquire_svc };
@@ -21886,8 +21898,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.7.19/policy/modules/services/dbus.te
---- nsaserefpolicy/policy/modules/services/dbus.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/dbus.te 2010-05-28 09:42:00.096610787 +0200
+--- nsaserefpolicy/policy/modules/services/dbus.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/dbus.te 2010-05-28 07:42:00.000000000 +0000
@@ -86,6 +86,7 @@
dev_read_sysfs(system_dbusd_t)
@@ -21936,8 +21948,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
+ xserver_append_xdm_home_files(session_bus_type)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.fc serefpolicy-3.7.19/policy/modules/services/denyhosts.fc
---- nsaserefpolicy/policy/modules/services/denyhosts.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/denyhosts.fc 2010-05-28 09:42:00.096610787 +0200
+--- nsaserefpolicy/policy/modules/services/denyhosts.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/denyhosts.fc 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,7 @@
+/etc/rc\.d/init\.d/denyhosts -- gen_context(system_u:object_r:denyhosts_initrc_exec_t, s0)
+
@@ -21947,8 +21959,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/deny
+/var/lock/subsys/denyhosts -- gen_context(system_u:object_r:denyhosts_var_lock_t, s0)
+/var/log/denyhosts(/.*)? gen_context(system_u:object_r:denyhosts_var_log_t, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.if serefpolicy-3.7.19/policy/modules/services/denyhosts.if
---- nsaserefpolicy/policy/modules/services/denyhosts.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/denyhosts.if 2010-05-28 09:42:00.097610580 +0200
+--- nsaserefpolicy/policy/modules/services/denyhosts.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/denyhosts.if 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,87 @@
+## <summary>Deny Hosts.</summary>
+## <desc>
@@ -22038,8 +22050,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/deny
+ admin_pattern($1, denyhosts_var_lock_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.te serefpolicy-3.7.19/policy/modules/services/denyhosts.te
---- nsaserefpolicy/policy/modules/services/denyhosts.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/denyhosts.te 2010-07-13 09:14:58.230502484 +0200
+--- nsaserefpolicy/policy/modules/services/denyhosts.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/denyhosts.te 2010-07-13 07:14:58.000000000 +0000
@@ -0,0 +1,81 @@
+
+policy_module(denyhosts, 1.0.0)
@@ -22123,8 +22135,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/deny
+ gnome_dontaudit_search_config(denyhosts_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.fc serefpolicy-3.7.19/policy/modules/services/devicekit.fc
---- nsaserefpolicy/policy/modules/services/devicekit.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/devicekit.fc 2010-05-28 09:42:00.098611422 +0200
+--- nsaserefpolicy/policy/modules/services/devicekit.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/devicekit.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,8 +1,14 @@
/usr/libexec/devkit-daemon -- gen_context(system_u:object_r:devicekit_exec_t,s0)
/usr/libexec/devkit-disks-daemon -- gen_context(system_u:object_r:devicekit_disk_exec_t,s0)
@@ -22142,8 +22154,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi
+/var/run/udisks(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
+/var/run/upower(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.if serefpolicy-3.7.19/policy/modules/services/devicekit.if
---- nsaserefpolicy/policy/modules/services/devicekit.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/devicekit.if 2010-09-16 14:43:03.179637274 +0200
+--- nsaserefpolicy/policy/modules/services/devicekit.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/devicekit.if 2010-09-16 12:43:03.000000000 +0000
@@ -139,6 +139,26 @@
########################################
@@ -22193,8 +22205,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi
admin_pattern($1, devicekit_tmp_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.7.19/policy/modules/services/devicekit.te
---- nsaserefpolicy/policy/modules/services/devicekit.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/devicekit.te 2010-10-05 16:46:24.302651295 +0200
+--- nsaserefpolicy/policy/modules/services/devicekit.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/devicekit.te 2010-10-05 14:46:24.000000000 +0000
@@ -42,6 +42,8 @@
files_read_etc_files(devicekit_t)
@@ -22438,8 +22450,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi
vbetool_domtrans(devicekit_power_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.if serefpolicy-3.7.19/policy/modules/services/dhcp.if
---- nsaserefpolicy/policy/modules/services/dhcp.if 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/dhcp.if 2010-09-16 17:18:21.454637263 +0200
+--- nsaserefpolicy/policy/modules/services/dhcp.if 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/dhcp.if 2010-09-16 15:18:21.000000000 +0000
@@ -77,7 +77,7 @@
#
interface(`dhcpd_admin',`
@@ -22450,8 +22462,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.7.19/policy/modules/services/dhcp.te
---- nsaserefpolicy/policy/modules/services/dhcp.te 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/dhcp.te 2010-10-18 16:03:31.352650791 +0200
+--- nsaserefpolicy/policy/modules/services/dhcp.te 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/dhcp.te 2010-10-18 14:03:31.000000000 +0000
@@ -74,6 +74,8 @@
corenet_sendrecv_dhcpd_server_packets(dhcpd_t)
corenet_sendrecv_pxe_server_packets(dhcpd_t)
@@ -22473,8 +22485,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
dbus_connect_system_bus(dhcpd_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv-admin.fc serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.fc
---- nsaserefpolicy/policy/modules/services/dirsrv-admin.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.fc 2010-11-15 14:19:02.503399070 +0100
+--- nsaserefpolicy/policy/modules/services/dirsrv-admin.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.fc 2010-11-15 13:19:02.000000000 +0000
@@ -0,0 +1,11 @@
+/etc/dirsrv/admin-serv(/.*)? gen_context(system_u:object_r:dirsrvadmin_config_t,s0)
+
@@ -22488,8 +22500,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs
+/usr/lib64/dirsrv/dsgw-cgi-bin(/.*)? gen_context(system_u:object_r:httpd_dirsrvadmin_script_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv-admin.if serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.if
---- nsaserefpolicy/policy/modules/services/dirsrv-admin.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.if 2010-11-15 14:19:02.504398934 +0100
+--- nsaserefpolicy/policy/modules/services/dirsrv-admin.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.if 2010-11-15 13:19:02.000000000 +0000
@@ -0,0 +1,95 @@
+## <summary>Administration Server for Directory Server, dirsrv-admin.</summary>
+
@@ -22587,8 +22599,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs
+ manage_dirs_pattern($1, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv-admin.te serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.te
---- nsaserefpolicy/policy/modules/services/dirsrv-admin.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.te 2010-11-15 14:19:02.523147846 +0100
+--- nsaserefpolicy/policy/modules/services/dirsrv-admin.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.te 2010-11-15 13:19:02.000000000 +0000
@@ -0,0 +1,92 @@
+policy_module(dirsrv-admin,1.0.0)
+
@@ -22683,8 +22695,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs
+dirsrv_manage_config(httpd_dirsrvadmin_script_t)
+dirsrv_read_share(httpd_dirsrvadmin_script_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv.fc serefpolicy-3.7.19/policy/modules/services/dirsrv.fc
---- nsaserefpolicy/policy/modules/services/dirsrv.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/dirsrv.fc 2010-11-15 14:19:02.524147919 +0100
+--- nsaserefpolicy/policy/modules/services/dirsrv.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/dirsrv.fc 2010-11-15 13:19:02.000000000 +0000
@@ -0,0 +1,20 @@
+/etc/dirsrv(/.*) gen_context(system_u:object_r:dirsrv_config_t,s0)
+
@@ -22707,8 +22719,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs
+
+/var/log/dirsrv/ldap-agent.log gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv.if serefpolicy-3.7.19/policy/modules/services/dirsrv.if
---- nsaserefpolicy/policy/modules/services/dirsrv.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/dirsrv.if 2011-01-20 12:07:54.246042815 +0100
+--- nsaserefpolicy/policy/modules/services/dirsrv.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/dirsrv.if 2011-01-20 11:07:54.000000000 +0000
@@ -0,0 +1,212 @@
+## <summary>policy for dirsrv</summary>
+
@@ -22923,8 +22935,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs
+ stream_connect_pattern($1, dirsrv_var_run_t, dirsrv_var_run_t, dirsrv_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv.te serefpolicy-3.7.19/policy/modules/services/dirsrv.te
---- nsaserefpolicy/policy/modules/services/dirsrv.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/dirsrv.te 2011-01-14 16:32:12.778042378 +0100
+--- nsaserefpolicy/policy/modules/services/dirsrv.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/dirsrv.te 2011-01-14 15:32:12.000000000 +0000
@@ -0,0 +1,180 @@
+policy_module(dirsrv,1.0.0)
+
@@ -23107,8 +23119,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs
+ rpcbind_stream_connect(initrc_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbdns.if serefpolicy-3.7.19/policy/modules/services/djbdns.if
---- nsaserefpolicy/policy/modules/services/djbdns.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/djbdns.if 2010-05-28 09:42:00.101610733 +0200
+--- nsaserefpolicy/policy/modules/services/djbdns.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/djbdns.if 2010-05-28 07:42:00.000000000 +0000
@@ -26,6 +26,8 @@
daemontools_read_svc(djbdns_$1_t)
@@ -23159,8 +23171,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbd
+ allow $1 djbdns_tinydn_t:key link;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbdns.te serefpolicy-3.7.19/policy/modules/services/djbdns.te
---- nsaserefpolicy/policy/modules/services/djbdns.te 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/djbdns.te 2010-05-28 09:42:00.101610733 +0200
+--- nsaserefpolicy/policy/modules/services/djbdns.te 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/djbdns.te 2010-05-28 07:42:00.000000000 +0000
@@ -42,3 +42,11 @@
files_search_var(djbdns_axfrdns_t)
@@ -23174,8 +23186,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbd
+init_dontaudit_use_script_fds(djbdns_tinydns_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.fc serefpolicy-3.7.19/policy/modules/services/dnsmasq.fc
---- nsaserefpolicy/policy/modules/services/dnsmasq.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/dnsmasq.fc 2010-05-28 09:42:00.102610946 +0200
+--- nsaserefpolicy/policy/modules/services/dnsmasq.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/dnsmasq.fc 2010-05-28 07:42:00.000000000 +0000
@@ -6,5 +6,7 @@
/var/lib/misc/dnsmasq\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
/var/lib/dnsmasq(/.*)? gen_context(system_u:object_r:dnsmasq_lease_t,s0)
@@ -23185,8 +23197,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
/var/run/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
/var/run/libvirt/network(/.*)? gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.7.19/policy/modules/services/dnsmasq.if
---- nsaserefpolicy/policy/modules/services/dnsmasq.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/dnsmasq.if 2010-05-28 09:42:00.102610946 +0200
+--- nsaserefpolicy/policy/modules/services/dnsmasq.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/dnsmasq.if 2010-05-28 07:42:00.000000000 +0000
@@ -111,7 +111,7 @@
type dnsmasq_etc_t;
')
@@ -23206,8 +23218,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.7.19/policy/modules/services/dnsmasq.te
---- nsaserefpolicy/policy/modules/services/dnsmasq.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/dnsmasq.te 2010-10-13 08:36:11.278650255 +0200
+--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/dnsmasq.te 2010-10-13 06:36:11.000000000 +0000
@@ -19,6 +19,9 @@
type dnsmasq_lease_t;
files_type(dnsmasq_lease_t)
@@ -23268,8 +23280,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.7.19/policy/modules/services/dovecot.fc
---- nsaserefpolicy/policy/modules/services/dovecot.fc 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/dovecot.fc 2010-07-08 14:31:14.740152947 +0200
+--- nsaserefpolicy/policy/modules/services/dovecot.fc 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/dovecot.fc 2010-07-08 12:31:14.000000000 +0000
@@ -3,6 +3,7 @@
# /etc
#
@@ -23298,8 +23310,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
/var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.7.19/policy/modules/services/dovecot.if
---- nsaserefpolicy/policy/modules/services/dovecot.if 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/dovecot.if 2010-12-01 11:47:10.200042400 +0100
+--- nsaserefpolicy/policy/modules/services/dovecot.if 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/dovecot.if 2010-12-01 10:47:10.000000000 +0000
@@ -1,5 +1,24 @@
## <summary>Dovecot POP and IMAP mail server</summary>
@@ -23345,8 +23357,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
admin_pattern($1, dovecot_spool_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.7.19/policy/modules/services/dovecot.te
---- nsaserefpolicy/policy/modules/services/dovecot.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/dovecot.te 2011-01-14 14:46:52.457041882 +0100
+--- nsaserefpolicy/policy/modules/services/dovecot.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/dovecot.te 2011-01-14 13:46:52.000000000 +0000
@@ -9,6 +9,9 @@
type dovecot_exec_t;
init_daemon_domain(dovecot_t, dovecot_exec_t)
@@ -23572,8 +23584,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
+ sendmail_domtrans(dovecot_deliver_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.fc serefpolicy-3.7.19/policy/modules/services/exim.fc
---- nsaserefpolicy/policy/modules/services/exim.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/exim.fc 2010-05-28 09:42:00.105610536 +0200
+--- nsaserefpolicy/policy/modules/services/exim.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/exim.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,3 +1,6 @@
+
+/etc/rc\.d/init\.d/exim -- gen_context(system_u:object_r:exim_initrc_exec_t,s0)
@@ -23582,8 +23594,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
/var/log/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_log_t,s0)
/var/run/exim[0-9]?\.pid -- gen_context(system_u:object_r:exim_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.7.19/policy/modules/services/exim.if
---- nsaserefpolicy/policy/modules/services/exim.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/exim.if 2010-09-16 15:15:56.330386661 +0200
+--- nsaserefpolicy/policy/modules/services/exim.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/exim.if 2010-09-16 13:15:56.000000000 +0000
@@ -20,6 +20,24 @@
########################################
@@ -23657,8 +23669,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
+ admin_pattern($1, exim_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.7.19/policy/modules/services/exim.te
---- nsaserefpolicy/policy/modules/services/exim.te 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/exim.te 2010-12-01 13:21:05.137040781 +0100
+--- nsaserefpolicy/policy/modules/services/exim.te 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/exim.te 2010-12-01 12:21:05.000000000 +0000
@@ -36,6 +36,9 @@
application_executable_file(exim_exec_t)
mta_agent_executable(exim_exec_t)
@@ -23689,8 +23701,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.7.19/policy/modules/services/fail2ban.if
---- nsaserefpolicy/policy/modules/services/fail2ban.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/fail2ban.if 2010-05-28 09:42:00.108611036 +0200
+--- nsaserefpolicy/policy/modules/services/fail2ban.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/fail2ban.if 2010-05-28 07:42:00.000000000 +0000
@@ -138,6 +138,26 @@
########################################
@@ -23719,8 +23731,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
## an fail2ban environment
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.7.19/policy/modules/services/fail2ban.te
---- nsaserefpolicy/policy/modules/services/fail2ban.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/fail2ban.te 2010-10-08 10:29:01.304899702 +0200
+--- nsaserefpolicy/policy/modules/services/fail2ban.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/fail2ban.te 2010-10-08 08:29:01.000000000 +0000
@@ -29,8 +29,9 @@
# fail2ban local policy
#
@@ -23751,8 +23763,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
iptables_domtrans(fail2ban_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.if serefpolicy-3.7.19/policy/modules/services/fetchmail.if
---- nsaserefpolicy/policy/modules/services/fetchmail.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/fetchmail.if 2010-09-16 14:46:13.627387014 +0200
+--- nsaserefpolicy/policy/modules/services/fetchmail.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/fetchmail.if 2010-09-16 12:46:13.000000000 +0000
@@ -18,6 +18,7 @@
type fetchmail_var_run_t;
')
@@ -23762,8 +23774,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetc
files_list_etc($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.7.19/policy/modules/services/fprintd.te
---- nsaserefpolicy/policy/modules/services/fprintd.te 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/fprintd.te 2010-11-02 17:13:59.386650147 +0100
+--- nsaserefpolicy/policy/modules/services/fprintd.te 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/fprintd.te 2010-11-02 16:13:59.000000000 +0000
@@ -18,9 +18,9 @@
# Local policy
#
@@ -23793,8 +23805,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fpri
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.fc serefpolicy-3.7.19/policy/modules/services/ftp.fc
---- nsaserefpolicy/policy/modules/services/ftp.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ftp.fc 2010-07-19 17:37:44.247151964 +0200
+--- nsaserefpolicy/policy/modules/services/ftp.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ftp.fc 2010-07-19 15:37:44.000000000 +0000
@@ -13,6 +13,8 @@
/usr/kerberos/sbin/ftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0)
@@ -23814,8 +23826,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
/var/log/muddleftpd\.log.* -- gen_context(system_u:object_r:xferlog_t,s0)
/var/log/proftpd(/.*)? gen_context(system_u:object_r:xferlog_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.if serefpolicy-3.7.19/policy/modules/services/ftp.if
---- nsaserefpolicy/policy/modules/services/ftp.if 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ftp.if 2010-05-28 09:42:00.110611252 +0200
+--- nsaserefpolicy/policy/modules/services/ftp.if 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ftp.if 2010-05-28 07:42:00.000000000 +0000
@@ -115,6 +115,44 @@
role $2 types ftpdctl_t;
')
@@ -23862,8 +23874,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
## <summary>
## All of the rules required to administrate
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.7.19/policy/modules/services/ftp.te
---- nsaserefpolicy/policy/modules/services/ftp.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ftp.te 2010-06-09 23:01:26.359209225 +0200
+--- nsaserefpolicy/policy/modules/services/ftp.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ftp.te 2010-06-09 21:01:26.000000000 +0000
@@ -41,11 +41,51 @@
## <desc>
@@ -24113,8 +24125,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
+ fs_read_nfs_symlinks(ftpd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.fc serefpolicy-3.7.19/policy/modules/services/git.fc
---- nsaserefpolicy/policy/modules/services/git.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/git.fc 2010-06-30 13:03:56.351618002 +0200
+--- nsaserefpolicy/policy/modules/services/git.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/git.fc 2010-06-30 11:03:56.000000000 +0000
@@ -1,3 +1,12 @@
+HOME_DIR/public_git(/.*)? gen_context(system_u:object_r:git_session_content_t, s0)
+HOME_DIR/\.gitconfig -- gen_context(system_u:object_r:git_session_content_t, s0)
@@ -24130,8 +24142,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
+/var/www/git(/.*)? gen_context(system_u:object_r:httpd_git_content_t,s0)
+/var/www/git/gitweb.cgi gen_context(system_u:object_r:httpd_git_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.if serefpolicy-3.7.19/policy/modules/services/git.if
---- nsaserefpolicy/policy/modules/services/git.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/git.if 2010-05-28 09:42:00.113610772 +0200
+--- nsaserefpolicy/policy/modules/services/git.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/git.if 2010-05-28 07:42:00.000000000 +0000
@@ -1 +1,525 @@
-## <summary>GIT revision control system</summary>
+## <summary>Fast Version Control System.</summary>
@@ -24660,8 +24672,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.7.19/policy/modules/services/git.te
---- nsaserefpolicy/policy/modules/services/git.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/git.te 2010-05-28 09:42:00.113610772 +0200
+--- nsaserefpolicy/policy/modules/services/git.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/git.te 2010-05-28 07:42:00.000000000 +0000
@@ -1,9 +1,193 @@
-policy_module(git, 1.0)
@@ -24860,8 +24872,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
+gen_user(git_shell_u, user, git_shell_r, s0, s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.7.19/policy/modules/services/gnomeclock.if
---- nsaserefpolicy/policy/modules/services/gnomeclock.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/gnomeclock.if 2010-05-28 09:42:00.114610776 +0200
+--- nsaserefpolicy/policy/modules/services/gnomeclock.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/gnomeclock.if 2010-05-28 07:42:00.000000000 +0000
@@ -63,3 +63,24 @@
allow $1 gnomeclock_t:dbus send_msg;
allow gnomeclock_t $1:dbus send_msg;
@@ -24888,8 +24900,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnom
+ dontaudit gnomeclock_t $1:dbus send_msg;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.7.19/policy/modules/services/gpm.te
---- nsaserefpolicy/policy/modules/services/gpm.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/gpm.te 2010-10-13 08:34:38.732649366 +0200
+--- nsaserefpolicy/policy/modules/services/gpm.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/gpm.te 2010-10-13 06:34:38.000000000 +0000
@@ -70,6 +70,7 @@
userdom_dontaudit_use_unpriv_user_fds(gpm_t)
@@ -24899,8 +24911,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.
optional_policy(`
seutil_sigchld_newrole(gpm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.7.19/policy/modules/services/gpsd.te
---- nsaserefpolicy/policy/modules/services/gpsd.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/gpsd.te 2010-05-28 09:42:00.114610776 +0200
+--- nsaserefpolicy/policy/modules/services/gpsd.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/gpsd.te 2010-05-28 07:42:00.000000000 +0000
@@ -57,9 +57,14 @@
miscfiles_read_localization(gpsd_t)
@@ -24917,8 +24929,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.7.19/policy/modules/services/hal.if
---- nsaserefpolicy/policy/modules/services/hal.if 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/hal.if 2010-09-16 15:08:39.708386708 +0200
+--- nsaserefpolicy/policy/modules/services/hal.if 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/hal.if 2010-09-16 13:08:39.000000000 +0000
@@ -51,6 +51,7 @@
type hald_t;
')
@@ -24964,8 +24976,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
## </summary>
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.7.19/policy/modules/services/hal.te
---- nsaserefpolicy/policy/modules/services/hal.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/hal.te 2010-09-01 12:01:45.692083773 +0200
+--- nsaserefpolicy/policy/modules/services/hal.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/hal.te 2010-09-01 10:01:45.000000000 +0000
@@ -55,6 +55,9 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -25122,8 +25134,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
#
# Local hald dccm policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.if serefpolicy-3.7.19/policy/modules/services/icecast.if
---- nsaserefpolicy/policy/modules/services/icecast.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/icecast.if 2010-09-16 14:50:20.457637118 +0200
+--- nsaserefpolicy/policy/modules/services/icecast.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/icecast.if 2010-09-16 12:50:20.000000000 +0000
@@ -173,6 +173,7 @@
type icecast_t, icecast_initrc_exec_t;
')
@@ -25133,8 +25145,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icec
# Allow icecast_t to restart the apache service
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.te serefpolicy-3.7.19/policy/modules/services/icecast.te
---- nsaserefpolicy/policy/modules/services/icecast.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/icecast.te 2010-09-09 12:23:45.726084993 +0200
+--- nsaserefpolicy/policy/modules/services/icecast.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/icecast.te 2010-09-09 10:23:45.000000000 +0000
@@ -6,6 +6,14 @@
# Declarations
#
@@ -25178,8 +25190,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icec
rtkit_scheduled(icecast_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-3.7.19/policy/modules/services/inn.te
---- nsaserefpolicy/policy/modules/services/inn.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/inn.te 2010-05-28 09:42:00.117610715 +0200
+--- nsaserefpolicy/policy/modules/services/inn.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/inn.te 2010-05-28 07:42:00.000000000 +0000
@@ -106,6 +106,7 @@
userdom_dontaudit_use_unpriv_user_fds(innd_t)
@@ -25189,8 +25201,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.
mta_send_mail(innd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.fc serefpolicy-3.7.19/policy/modules/services/jabber.fc
---- nsaserefpolicy/policy/modules/services/jabber.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/jabber.fc 2010-09-24 14:38:41.409386147 +0200
+--- nsaserefpolicy/policy/modules/services/jabber.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/jabber.fc 2010-09-24 12:38:41.000000000 +0000
@@ -2,5 +2,14 @@
/usr/sbin/jabberd -- gen_context(system_u:object_r:jabberd_exec_t,s0)
@@ -25207,8 +25219,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb
/var/lib/jabber(/.*)? gen_context(system_u:object_r:jabberd_var_lib_t,s0)
/var/log/jabber(/.*)? gen_context(system_u:object_r:jabberd_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.if serefpolicy-3.7.19/policy/modules/services/jabber.if
---- nsaserefpolicy/policy/modules/services/jabber.if 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/jabber.if 2010-09-24 14:58:50.065385991 +0200
+--- nsaserefpolicy/policy/modules/services/jabber.if 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/jabber.if 2010-09-24 12:58:50.000000000 +0000
@@ -1,17 +1,96 @@
## <summary>Jabber instant messaging server</summary>
@@ -25330,8 +25342,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb
domain_system_change_exemption($1)
role_transition $2 jabberd_initrc_exec_t system_r;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.te serefpolicy-3.7.19/policy/modules/services/jabber.te
---- nsaserefpolicy/policy/modules/services/jabber.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/jabber.te 2010-12-01 13:18:43.455040817 +0100
+--- nsaserefpolicy/policy/modules/services/jabber.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/jabber.te 2010-12-01 12:18:43.000000000 +0000
@@ -6,13 +6,19 @@
# Declarations
#
@@ -25503,8 +25515,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb
+sysnet_read_config(jabberd_domain)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.7.19/policy/modules/services/kerberos.fc
---- nsaserefpolicy/policy/modules/services/kerberos.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/kerberos.fc 2010-07-23 13:43:56.367388499 +0200
+--- nsaserefpolicy/policy/modules/services/kerberos.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/kerberos.fc 2010-07-23 11:43:56.000000000 +0000
@@ -8,7 +8,7 @@
/etc/krb5kdc/kadm5\.keytab -- gen_context(system_u:object_r:krb5_keytab_t,s0)
/etc/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
@@ -25515,8 +25527,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
/etc/rc\.d/init\.d/krb524d -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
/etc/rc\.d/init\.d/krb5kdc -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.7.19/policy/modules/services/kerberos.if
---- nsaserefpolicy/policy/modules/services/kerberos.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/kerberos.if 2010-09-02 15:07:11.046335422 +0200
+--- nsaserefpolicy/policy/modules/services/kerberos.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/kerberos.if 2010-09-02 13:07:11.000000000 +0000
@@ -74,7 +74,7 @@
')
@@ -25538,8 +25550,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
allow $1 self:tcp_socket create_socket_perms;
allow $1 self:udp_socket create_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.7.19/policy/modules/services/kerberos.te
---- nsaserefpolicy/policy/modules/services/kerberos.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/kerberos.te 2011-01-20 12:02:37.297292519 +0100
+--- nsaserefpolicy/policy/modules/services/kerberos.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/kerberos.te 2011-01-20 11:02:37.000000000 +0000
@@ -36,6 +36,7 @@
domain_obj_id_change_exemption(kpropd_t)
@@ -25667,8 +25679,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
allow kpropd_t krb5_keytab_t:file read_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.fc serefpolicy-3.7.19/policy/modules/services/ksmtuned.fc
---- nsaserefpolicy/policy/modules/services/ksmtuned.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ksmtuned.fc 2010-05-28 09:42:00.119610652 +0200
+--- nsaserefpolicy/policy/modules/services/ksmtuned.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ksmtuned.fc 2010-05-28 07:42:00.000000000 +0000
@@ -3,3 +3,5 @@
/usr/sbin/ksmtuned -- gen_context(system_u:object_r:ksmtuned_exec_t,s0)
@@ -25676,8 +25688,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt
+
+/var/log/ksmtuned.* gen_context(system_u:object_r:ksmtuned_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.if serefpolicy-3.7.19/policy/modules/services/ksmtuned.if
---- nsaserefpolicy/policy/modules/services/ksmtuned.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ksmtuned.if 2010-06-28 14:28:28.265152638 +0200
+--- nsaserefpolicy/policy/modules/services/ksmtuned.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ksmtuned.if 2010-06-28 12:28:28.000000000 +0000
@@ -59,8 +59,8 @@
type ksmtuned_initrc_exec_t;
')
@@ -25690,8 +25702,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt
files_list_pids($1)
admin_pattern($1, ksmtuned_var_run_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.te serefpolicy-3.7.19/policy/modules/services/ksmtuned.te
---- nsaserefpolicy/policy/modules/services/ksmtuned.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ksmtuned.te 2010-11-02 17:00:40.709901203 +0100
+--- nsaserefpolicy/policy/modules/services/ksmtuned.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ksmtuned.te 2010-11-02 16:00:40.000000000 +0000
@@ -10,6 +10,9 @@
type ksmtuned_exec_t;
init_daemon_domain(ksmtuned_t, ksmtuned_exec_t)
@@ -25732,8 +25744,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt
miscfiles_read_localization(ksmtuned_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.fc serefpolicy-3.7.19/policy/modules/services/ldap.fc
---- nsaserefpolicy/policy/modules/services/ldap.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ldap.fc 2010-07-14 12:46:27.722157993 +0200
+--- nsaserefpolicy/policy/modules/services/ldap.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ldap.fc 2010-07-14 10:46:27.000000000 +0000
@@ -1,6 +1,8 @@
/etc/ldap/slapd\.conf -- gen_context(system_u:object_r:slapd_etc_t,s0)
@@ -25750,8 +25762,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
/var/run/slapd\.pid -- gen_context(system_u:object_r:slapd_var_run_t,s0)
+#/var/run/slapd.* -s gen_context(system_u:object_r:slapd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.if serefpolicy-3.7.19/policy/modules/services/ldap.if
---- nsaserefpolicy/policy/modules/services/ldap.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ldap.if 2010-09-16 15:00:27.926637062 +0200
+--- nsaserefpolicy/policy/modules/services/ldap.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ldap.if 2010-09-16 13:00:27.000000000 +0000
@@ -1,5 +1,43 @@
## <summary>OpenLDAP directory server</summary>
@@ -25856,8 +25868,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.7.19/policy/modules/services/ldap.te
---- nsaserefpolicy/policy/modules/services/ldap.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ldap.te 2010-08-13 08:23:10.016085503 +0200
+--- nsaserefpolicy/policy/modules/services/ldap.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ldap.te 2010-08-13 06:23:10.000000000 +0000
@@ -11,7 +11,7 @@
init_daemon_domain(slapd_t, slapd_exec_t)
@@ -25902,8 +25914,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
manage_sock_files_pattern(slapd_t, slapd_var_run_t, slapd_var_run_t)
files_pid_filetrans(slapd_t, slapd_var_run_t, { file sock_file })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.7.19/policy/modules/services/lircd.te
---- nsaserefpolicy/policy/modules/services/lircd.te 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/lircd.te 2010-06-16 22:26:45.652869735 +0200
+--- nsaserefpolicy/policy/modules/services/lircd.te 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/lircd.te 2010-06-16 20:26:45.000000000 +0000
@@ -24,8 +24,11 @@
# lircd local policy
#
@@ -25955,8 +25967,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lirc
+sysnet_dns_name_resolve(lircd_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-3.7.19/policy/modules/services/lpd.if
---- nsaserefpolicy/policy/modules/services/lpd.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/lpd.if 2010-09-16 15:34:23.589636742 +0200
+--- nsaserefpolicy/policy/modules/services/lpd.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/lpd.if 2010-09-16 13:34:23.000000000 +0000
@@ -153,7 +153,7 @@
')
@@ -25967,8 +25979,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.if serefpolicy-3.7.19/policy/modules/services/memcached.if
---- nsaserefpolicy/policy/modules/services/memcached.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/memcached.if 2010-09-16 14:51:54.584636864 +0200
+--- nsaserefpolicy/policy/modules/services/memcached.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/memcached.if 2010-09-16 12:51:54.000000000 +0000
@@ -59,6 +59,7 @@
gen_require(`
type memcached_t;
@@ -25985,8 +25997,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memc
admin_pattern($1, memcached_var_run_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.fc serefpolicy-3.7.19/policy/modules/services/milter.fc
---- nsaserefpolicy/policy/modules/services/milter.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/milter.fc 2010-12-20 15:10:54.057041234 +0100
+--- nsaserefpolicy/policy/modules/services/milter.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/milter.fc 2010-12-20 14:10:54.000000000 +0000
@@ -1,10 +1,15 @@
+/etc/mail/dkim-milter/keys(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0)
+
@@ -26004,8 +26016,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
/var/run/milter-greylist\.pid -- gen_context(system_u:object_r:greylist_milter_data_t,s0)
/var/run/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_data_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.7.19/policy/modules/services/milter.if
---- nsaserefpolicy/policy/modules/services/milter.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/milter.if 2010-09-09 10:52:57.640084901 +0200
+--- nsaserefpolicy/policy/modules/services/milter.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/milter.if 2010-09-09 08:52:57.000000000 +0000
@@ -37,6 +37,8 @@
files_read_etc_files($1_milter_t)
@@ -26064,8 +26076,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
+ delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.te serefpolicy-3.7.19/policy/modules/services/milter.te
---- nsaserefpolicy/policy/modules/services/milter.te 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/milter.te 2010-09-09 10:52:57.643085262 +0200
+--- nsaserefpolicy/policy/modules/services/milter.te 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/milter.te 2010-09-09 08:52:57.000000000 +0000
@@ -10,6 +10,13 @@
attribute milter_domains;
attribute milter_data_type;
@@ -26122,8 +26134,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
mta_send_mail(spamass_milter_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/modemmanager.te serefpolicy-3.7.19/policy/modules/services/modemmanager.te
---- nsaserefpolicy/policy/modules/services/modemmanager.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/modemmanager.te 2010-10-01 15:17:59.179349157 +0200
+--- nsaserefpolicy/policy/modules/services/modemmanager.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/modemmanager.te 2010-10-01 13:17:59.000000000 +0000
@@ -16,8 +16,8 @@
#
# ModemManager local policy
@@ -26158,8 +26170,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mode
udev_read_db(modemmanager_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.fc serefpolicy-3.7.19/policy/modules/services/mpd.fc
---- nsaserefpolicy/policy/modules/services/mpd.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/mpd.fc 2010-06-28 14:07:11.647362394 +0200
+--- nsaserefpolicy/policy/modules/services/mpd.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/mpd.fc 2010-06-28 12:07:11.000000000 +0000
@@ -0,0 +1,11 @@
+
+
@@ -26173,8 +26185,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.
+/var/lib/mpd/music(/.*)? gen_context(system_u:object_r:mpd_data_t,s0)
+/var/lib/mpd/playlists(/.*)? gen_context(system_u:object_r:mpd_data_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.if serefpolicy-3.7.19/policy/modules/services/mpd.if
---- nsaserefpolicy/policy/modules/services/mpd.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/mpd.if 2010-09-16 14:59:09.494386932 +0200
+--- nsaserefpolicy/policy/modules/services/mpd.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/mpd.if 2010-09-16 12:59:09.000000000 +0000
@@ -0,0 +1,295 @@
+
+## <summary>policy for daemon for playing music</summary>
@@ -26472,8 +26484,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.
+ admin_pattern($1, mpd_tmpfs_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.te serefpolicy-3.7.19/policy/modules/services/mpd.te
---- nsaserefpolicy/policy/modules/services/mpd.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/mpd.te 2011-01-07 14:17:21.054042273 +0100
+--- nsaserefpolicy/policy/modules/services/mpd.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/mpd.te 2011-01-07 13:17:21.000000000 +0000
@@ -0,0 +1,141 @@
+
+policy_module(mpd,1.0.0)
@@ -26617,8 +26629,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.
+ xserver_dontaudit_read_xdm_pid(mpd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.7.19/policy/modules/services/mta.fc
---- nsaserefpolicy/policy/modules/services/mta.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/mta.fc 2011-01-20 10:58:55.708051696 +0100
+--- nsaserefpolicy/policy/modules/services/mta.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/mta.fc 2011-01-20 09:58:55.000000000 +0000
@@ -1,4 +1,5 @@
-HOME_DIR/\.forward -- gen_context(system_u:object_r:mail_forward_t,s0)
+HOME_DIR/\.forward[^/]* -- gen_context(system_u:object_r:mail_home_t,s0)
@@ -26636,8 +26648,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
/usr/lib/courier/bin/sendmail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.7.19/policy/modules/services/mta.if
---- nsaserefpolicy/policy/modules/services/mta.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/mta.if 2010-09-09 11:00:37.517335104 +0200
+--- nsaserefpolicy/policy/modules/services/mta.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/mta.if 2010-09-09 09:00:37.000000000 +0000
@@ -144,6 +144,30 @@
')
')
@@ -26868,8 +26880,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
## </summary>
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.7.19/policy/modules/services/mta.te
---- nsaserefpolicy/policy/modules/services/mta.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/mta.te 2011-01-04 15:53:26.314042349 +0100
+--- nsaserefpolicy/policy/modules/services/mta.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/mta.te 2011-01-04 14:53:26.000000000 +0000
@@ -21,8 +21,8 @@
type etc_mail_t;
files_config_file(etc_mail_t)
@@ -27069,8 +27081,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
+ exim_manage_log(user_mail_domain)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.7.19/policy/modules/services/munin.fc
---- nsaserefpolicy/policy/modules/services/munin.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/munin.fc 2010-12-20 18:11:37.421042409 +0100
+--- nsaserefpolicy/policy/modules/services/munin.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/munin.fc 2010-12-20 17:11:37.000000000 +0000
@@ -6,6 +6,65 @@
/usr/share/munin/munin-.* -- gen_context(system_u:object_r:munin_exec_t,s0)
/usr/share/munin/plugins/.* -- gen_context(system_u:object_r:munin_exec_t,s0)
@@ -27138,8 +27150,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+/var/www/html/munin(/.*)? gen_context(system_u:object_r:httpd_munin_content_t,s0)
+/var/www/html/munin/cgi(/.*)? gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.7.19/policy/modules/services/munin.if
---- nsaserefpolicy/policy/modules/services/munin.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/munin.if 2010-09-16 15:01:01.167395899 +0200
+--- nsaserefpolicy/policy/modules/services/munin.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/munin.if 2010-09-16 13:01:01.000000000 +0000
@@ -16,8 +16,7 @@
type munin_var_run_t, munin_t;
')
@@ -27235,8 +27247,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
## <summary>
## All of the rules required to administrate
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.7.19/policy/modules/services/munin.te
---- nsaserefpolicy/policy/modules/services/munin.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/munin.te 2010-12-20 16:38:45.976041956 +0100
+--- nsaserefpolicy/policy/modules/services/munin.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/munin.te 2010-12-20 15:38:45.000000000 +0000
@@ -28,12 +28,26 @@
type munin_var_run_t alias lrrd_var_run_t;
files_pid_file(munin_var_run_t)
@@ -27471,8 +27483,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+
+auth_use_nsswitch(munin_system_plugin_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.7.19/policy/modules/services/mysql.if
---- nsaserefpolicy/policy/modules/services/mysql.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/mysql.if 2010-09-16 15:01:43.198637084 +0200
+--- nsaserefpolicy/policy/modules/services/mysql.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/mysql.if 2010-09-16 13:01:43.000000000 +0000
@@ -73,6 +73,7 @@
type mysqld_t, mysqld_var_run_t, mysqld_db_t;
')
@@ -27482,8 +27494,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
stream_connect_pattern($1, mysqld_db_t, mysqld_var_run_t, mysqld_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.7.19/policy/modules/services/mysql.te
---- nsaserefpolicy/policy/modules/services/mysql.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/mysql.te 2011-01-17 10:32:43.704041892 +0100
+--- nsaserefpolicy/policy/modules/services/mysql.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/mysql.te 2011-01-17 09:32:43.000000000 +0000
@@ -65,6 +65,7 @@
manage_dirs_pattern(mysqld_t, mysqld_db_t, mysqld_db_t)
@@ -27528,8 +27540,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
mysql_manage_db_files(mysqld_safe_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.7.19/policy/modules/services/nagios.fc
---- nsaserefpolicy/policy/modules/services/nagios.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/nagios.fc 2010-05-28 09:42:00.131610831 +0200
+--- nsaserefpolicy/policy/modules/services/nagios.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/nagios.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,16 +1,89 @@
/etc/nagios(/.*)? gen_context(system_u:object_r:nagios_etc_t,s0)
/etc/nagios/nrpe\.cfg -- gen_context(system_u:object_r:nrpe_etc_t,s0)
@@ -27626,8 +27638,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
+# unconfined plugins
+/usr/lib(64)?/nagios/plugins/check_by_ssh -- gen_context(system_u:object_r:nagios_unconfined_plugin_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.7.19/policy/modules/services/nagios.if
---- nsaserefpolicy/policy/modules/services/nagios.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/nagios.if 2010-12-03 10:05:34.581045938 +0100
+--- nsaserefpolicy/policy/modules/services/nagios.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/nagios.if 2010-12-03 09:05:34.000000000 +0000
@@ -64,8 +64,8 @@
########################################
@@ -27816,8 +27828,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
+ admin_pattern($1, nrpe_etc_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.7.19/policy/modules/services/nagios.te
---- nsaserefpolicy/policy/modules/services/nagios.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/nagios.te 2010-12-15 15:55:10.404042137 +0100
+--- nsaserefpolicy/policy/modules/services/nagios.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/nagios.te 2010-12-15 14:55:10.000000000 +0000
@@ -10,13 +10,12 @@
type nagios_exec_t;
init_daemon_domain(nagios_t, nagios_exec_t)
@@ -28220,8 +28232,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
+ init_read_utmp(nagios_system_plugin_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.7.19/policy/modules/services/networkmanager.fc
---- nsaserefpolicy/policy/modules/services/networkmanager.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/networkmanager.fc 2010-10-25 13:45:54.246900872 +0200
+--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/networkmanager.fc 2010-10-25 11:45:54.000000000 +0000
@@ -1,12 +1,33 @@
+/etc/rc\.d/init\.d/wicd -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t, s0)
+/etc/NetworkManager/dispatcher\.d(/.*) gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
@@ -28257,8 +28269,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.7.19/policy/modules/services/networkmanager.if
---- nsaserefpolicy/policy/modules/services/networkmanager.if 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/networkmanager.if 2010-06-28 18:01:28.875149888 +0200
+--- nsaserefpolicy/policy/modules/services/networkmanager.if 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/networkmanager.if 2010-06-28 16:01:28.000000000 +0000
@@ -100,6 +100,27 @@
########################################
@@ -28403,8 +28415,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+ append_files_pattern($1, NetworkManager_log_t, NetworkManager_log_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.7.19/policy/modules/services/networkmanager.te
---- nsaserefpolicy/policy/modules/services/networkmanager.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/networkmanager.te 2010-11-10 10:33:17.378148982 +0100
+--- nsaserefpolicy/policy/modules/services/networkmanager.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/networkmanager.te 2010-11-10 09:33:17.000000000 +0000
@@ -19,6 +19,9 @@
type NetworkManager_tmp_t;
files_tmp_file(NetworkManager_tmp_t)
@@ -28668,8 +28680,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.7.19/policy/modules/services/nis.fc
---- nsaserefpolicy/policy/modules/services/nis.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/nis.fc 2010-07-23 15:46:13.779074299 +0200
+--- nsaserefpolicy/policy/modules/services/nis.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/nis.fc 2010-07-23 13:46:13.000000000 +0000
@@ -1,4 +1,7 @@
-
+/etc/rc\.d/init\.d/ypbind -- gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
@@ -28693,8 +28705,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
+/var/run/ypserv.* -- gen_context(system_u:object_r:ypserv_var_run_t,s0)
+/var/run/yppass.* -- gen_context(system_u:object_r:yppasswdd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.7.19/policy/modules/services/nis.if
---- nsaserefpolicy/policy/modules/services/nis.if 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/nis.if 2010-08-06 12:16:38.934083793 +0200
+--- nsaserefpolicy/policy/modules/services/nis.if 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/nis.if 2010-08-06 10:16:38.000000000 +0000
@@ -28,7 +28,7 @@
type var_yp_t;
')
@@ -28879,8 +28891,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
admin_pattern($1, ypbind_tmp_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.7.19/policy/modules/services/nis.te
---- nsaserefpolicy/policy/modules/services/nis.te 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/nis.te 2010-05-28 09:42:00.137610990 +0200
+--- nsaserefpolicy/policy/modules/services/nis.te 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/nis.te 2010-05-28 07:42:00.000000000 +0000
@@ -1,11 +1,14 @@
-policy_module(nis, 1.9.0)
@@ -28966,8 +28978,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
corenet_udp_bind_all_rpc_ports(ypxfr_t)
corenet_dontaudit_tcp_bind_all_reserved_ports(ypxfr_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.7.19/policy/modules/services/nscd.if
---- nsaserefpolicy/policy/modules/services/nscd.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/nscd.if 2010-11-11 16:02:13.620399037 +0100
+--- nsaserefpolicy/policy/modules/services/nscd.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/nscd.if 2010-11-11 15:02:13.000000000 +0000
@@ -112,11 +112,33 @@
allow $1 self:unix_stream_socket create_socket_perms;
@@ -29012,8 +29024,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.7.19/policy/modules/services/nscd.te
---- nsaserefpolicy/policy/modules/services/nscd.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/nscd.te 2010-06-01 17:15:11.443159955 +0200
+--- nsaserefpolicy/policy/modules/services/nscd.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/nscd.te 2010-06-01 15:15:11.000000000 +0000
@@ -1,10 +1,17 @@
-policy_module(nscd, 1.10.0)
@@ -29079,8 +29091,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
+ unconfined_dontaudit_rw_packet_sockets(nscd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.if serefpolicy-3.7.19/policy/modules/services/nslcd.if
---- nsaserefpolicy/policy/modules/services/nslcd.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/nslcd.if 2010-09-16 15:03:19.430636930 +0200
+--- nsaserefpolicy/policy/modules/services/nslcd.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/nslcd.if 2010-09-16 13:03:19.000000000 +0000
@@ -106,9 +106,9 @@
role_transition $2 nslcd_initrc_exec_t system_r;
allow $2 system_r;
@@ -29096,8 +29108,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslc
+ admin_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.te serefpolicy-3.7.19/policy/modules/services/nslcd.te
---- nsaserefpolicy/policy/modules/services/nslcd.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/nslcd.te 2010-05-28 09:42:00.139610787 +0200
+--- nsaserefpolicy/policy/modules/services/nslcd.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/nslcd.te 2010-05-28 07:42:00.000000000 +0000
@@ -35,6 +35,8 @@
manage_sock_files_pattern(nslcd_t, nslcd_var_run_t, nslcd_var_run_t)
files_pid_filetrans(nslcd_t, nslcd_var_run_t, { file dir })
@@ -29108,8 +29120,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslc
auth_use_nsswitch(nslcd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop.if serefpolicy-3.7.19/policy/modules/services/ntop.if
---- nsaserefpolicy/policy/modules/services/ntop.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ntop.if 2010-06-28 14:35:14.462401509 +0200
+--- nsaserefpolicy/policy/modules/services/ntop.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ntop.if 2010-06-28 12:35:14.000000000 +0000
@@ -1 +1,157 @@
## <summary>Network Top</summary>
+
@@ -29269,8 +29281,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop
+ allow $2 system_r;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop.te serefpolicy-3.7.19/policy/modules/services/ntop.te
---- nsaserefpolicy/policy/modules/services/ntop.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ntop.te 2010-05-28 09:42:00.140610931 +0200
+--- nsaserefpolicy/policy/modules/services/ntop.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ntop.te 2010-05-28 07:42:00.000000000 +0000
@@ -11,12 +11,12 @@
init_daemon_domain(ntop_t, ntop_exec_t)
application_domain(ntop_t, ntop_exec_t)
@@ -29361,8 +29373,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.7.19/policy/modules/services/ntp.if
---- nsaserefpolicy/policy/modules/services/ntp.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ntp.if 2010-09-16 15:06:24.157386834 +0200
+--- nsaserefpolicy/policy/modules/services/ntp.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ntp.if 2010-09-16 13:06:24.000000000 +0000
@@ -144,7 +144,7 @@
type ntpd_initrc_exec_t;
')
@@ -29373,8 +29385,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
init_labeled_script_domtrans($1, ntpd_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.7.19/policy/modules/services/ntp.te
---- nsaserefpolicy/policy/modules/services/ntp.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ntp.te 2010-05-28 09:42:00.141610585 +0200
+--- nsaserefpolicy/policy/modules/services/ntp.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ntp.te 2010-05-28 07:42:00.000000000 +0000
@@ -97,9 +97,12 @@
dev_read_sysfs(ntpd_t)
# for SSP
@@ -29389,8 +29401,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
term_use_ptmx(ntpd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.te serefpolicy-3.7.19/policy/modules/services/nut.te
---- nsaserefpolicy/policy/modules/services/nut.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/nut.te 2010-08-25 16:39:24.497085412 +0200
+--- nsaserefpolicy/policy/modules/services/nut.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/nut.te 2010-08-25 14:39:24.000000000 +0000
@@ -67,13 +67,15 @@
allow nut_upsmon_t self:fifo_file rw_fifo_file_perms;
allow nut_upsmon_t self:unix_dgram_socket { create_socket_perms sendto };
@@ -29420,8 +29432,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.
#
# Local policy for upsdrvctl
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.7.19/policy/modules/services/nx.fc
---- nsaserefpolicy/policy/modules/services/nx.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/nx.fc 2010-05-28 09:42:00.142610728 +0200
+--- nsaserefpolicy/policy/modules/services/nx.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/nx.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,7 +1,15 @@
/opt/NX/bin/nxserver -- gen_context(system_u:object_r:nx_server_exec_t,s0)
@@ -29441,8 +29453,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.f
+
/usr/libexec/nx/nxserver -- gen_context(system_u:object_r:nx_server_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.if serefpolicy-3.7.19/policy/modules/services/nx.if
---- nsaserefpolicy/policy/modules/services/nx.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/nx.if 2010-05-28 09:42:00.143610940 +0200
+--- nsaserefpolicy/policy/modules/services/nx.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/nx.if 2010-05-28 07:42:00.000000000 +0000
@@ -17,3 +17,70 @@
spec_domtrans_pattern($1, nx_server_exec_t, nx_server_t)
@@ -29515,8 +29527,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.i
+ filetrans_pattern($1, nx_server_var_lib_t, $2, $3)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.7.19/policy/modules/services/nx.te
---- nsaserefpolicy/policy/modules/services/nx.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/nx.te 2010-05-28 09:42:00.144610804 +0200
+--- nsaserefpolicy/policy/modules/services/nx.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/nx.te 2010-05-28 07:42:00.000000000 +0000
@@ -25,6 +25,12 @@
type nx_server_var_run_t;
files_pid_file(nx_server_var_run_t)
@@ -29552,8 +29564,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.t
kernel_read_kernel_sysctls(nx_server_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.7.19/policy/modules/services/oddjob.fc
---- nsaserefpolicy/policy/modules/services/oddjob.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/oddjob.fc 2010-05-28 09:42:00.144610804 +0200
+--- nsaserefpolicy/policy/modules/services/oddjob.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/oddjob.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,4 +1,5 @@
/usr/lib(64)?/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
+/usr/libexec/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
@@ -29561,8 +29573,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
/usr/sbin/oddjobd -- gen_context(system_u:object_r:oddjob_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.7.19/policy/modules/services/oddjob.if
---- nsaserefpolicy/policy/modules/services/oddjob.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/oddjob.if 2010-09-16 15:10:11.324637049 +0200
+--- nsaserefpolicy/policy/modules/services/oddjob.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/oddjob.if 2010-09-16 13:10:11.000000000 +0000
@@ -22,6 +22,25 @@
domtrans_pattern($1, oddjob_exec_t, oddjob_t)
')
@@ -29623,8 +29635,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
## <summary>
## Execute a domain transition to run oddjob_mkhomedir.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.7.19/policy/modules/services/oddjob.te
---- nsaserefpolicy/policy/modules/services/oddjob.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/oddjob.te 2010-05-28 09:42:00.145610598 +0200
+--- nsaserefpolicy/policy/modules/services/oddjob.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/oddjob.te 2010-05-28 07:42:00.000000000 +0000
@@ -100,8 +100,7 @@
# Add/remove user home directories
@@ -29637,8 +29649,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
+userdom_manage_user_home_content(oddjob_mkhomedir_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oident.te serefpolicy-3.7.19/policy/modules/services/oident.te
---- nsaserefpolicy/policy/modules/services/oident.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/oident.te 2010-05-28 09:42:00.146610252 +0200
+--- nsaserefpolicy/policy/modules/services/oident.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/oident.te 2010-05-28 07:42:00.000000000 +0000
@@ -49,6 +49,7 @@
kernel_read_network_state(oidentd_t)
kernel_read_network_state_symlinks(oidentd_t)
@@ -29648,8 +29660,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oide
logging_send_syslog_msg(oidentd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.7.19/policy/modules/services/openvpn.te
---- nsaserefpolicy/policy/modules/services/openvpn.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/openvpn.te 2010-12-01 11:53:50.004042761 +0100
+--- nsaserefpolicy/policy/modules/services/openvpn.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/openvpn.te 2010-12-01 10:53:50.000000000 +0000
@@ -25,6 +25,9 @@
type openvpn_etc_rw_t;
files_config_file(openvpn_etc_rw_t)
@@ -29715,8 +29727,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
+ unconfined_attach_tun_iface(openvpn_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.if serefpolicy-3.7.19/policy/modules/services/pads.if
---- nsaserefpolicy/policy/modules/services/pads.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/pads.if 2010-09-16 15:10:56.276637029 +0200
+--- nsaserefpolicy/policy/modules/services/pads.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/pads.if 2010-09-16 13:10:56.000000000 +0000
@@ -39,6 +39,9 @@
role_transition $2 pads_initrc_exec_t system_r;
allow $2 system_r;
@@ -29728,8 +29740,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads
admin_pattern($1, pads_config_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/passenger.fc serefpolicy-3.7.19/policy/modules/services/passenger.fc
---- nsaserefpolicy/policy/modules/services/passenger.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/passenger.fc 2010-12-21 08:32:58.717040259 +0100
+--- nsaserefpolicy/policy/modules/services/passenger.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/passenger.fc 2010-12-21 07:32:58.000000000 +0000
@@ -0,0 +1,16 @@
+
+/usr/lib(64)?/ruby/gems/.*/passenger-.*/ext/apache2/ApplicationPoolServerExecutable -- gen_context(system_u:object_r:passenger_exec_t,s0)
@@ -29748,8 +29760,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pass
+
+/var/run/passenger(/.*)? gen_context(system_u:object_r:passenger_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/passenger.if serefpolicy-3.7.19/policy/modules/services/passenger.if
---- nsaserefpolicy/policy/modules/services/passenger.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/passenger.if 2010-12-21 07:41:31.411042063 +0100
+--- nsaserefpolicy/policy/modules/services/passenger.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/passenger.if 2010-12-21 06:41:31.000000000 +0000
@@ -0,0 +1,67 @@
+## <summary>Passenger policy</summary>
+
@@ -29819,8 +29831,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pass
+ read_lnk_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/passenger.te serefpolicy-3.7.19/policy/modules/services/passenger.te
---- nsaserefpolicy/policy/modules/services/passenger.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/passenger.te 2010-12-21 08:02:12.321042395 +0100
+--- nsaserefpolicy/policy/modules/services/passenger.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/passenger.te 2010-12-21 07:02:12.000000000 +0000
@@ -0,0 +1,76 @@
+policy_module(passanger, 1.0.0)
+
@@ -29899,8 +29911,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pass
+ apache_read_sys_content(passenger_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.7.19/policy/modules/services/pcscd.te
---- nsaserefpolicy/policy/modules/services/pcscd.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/pcscd.te 2010-08-17 15:11:28.402085340 +0200
+--- nsaserefpolicy/policy/modules/services/pcscd.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/pcscd.te 2010-08-17 13:11:28.000000000 +0000
@@ -42,6 +42,7 @@
corenet_tcp_sendrecv_all_ports(pcscd_t)
corenet_tcp_connect_http_port(pcscd_t)
@@ -29910,8 +29922,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcsc
dev_rw_smartcard(pcscd_t)
dev_rw_usbfs(pcscd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.7.19/policy/modules/services/pegasus.te
---- nsaserefpolicy/policy/modules/services/pegasus.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/pegasus.te 2010-05-28 09:42:00.147610884 +0200
+--- nsaserefpolicy/policy/modules/services/pegasus.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/pegasus.te 2010-05-28 07:42:00.000000000 +0000
@@ -30,7 +30,7 @@
# Local policy
#
@@ -29984,8 +29996,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pega
+ xen_stream_connect_xenstore(pegasus_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.fc serefpolicy-3.7.19/policy/modules/services/piranha.fc
---- nsaserefpolicy/policy/modules/services/piranha.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/piranha.fc 2010-08-05 10:49:22.814085304 +0200
+--- nsaserefpolicy/policy/modules/services/piranha.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/piranha.fc 2010-08-05 08:49:22.000000000 +0000
@@ -0,0 +1,27 @@
+
+/etc/rc\.d/init\.d/pulse -- gen_context(system_u:object_r:piranha_pulse_initrc_exec_t,s0)
@@ -30015,8 +30027,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.if serefpolicy-3.7.19/policy/modules/services/piranha.if
---- nsaserefpolicy/policy/modules/services/piranha.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/piranha.if 2010-05-28 09:42:00.149610331 +0200
+--- nsaserefpolicy/policy/modules/services/piranha.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/piranha.if 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,175 @@
+
+## <summary>policy for piranha</summary>
@@ -30194,8 +30206,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
+ manage_lnk_files_pattern($1, piranha_log_t, piranha_log_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.te serefpolicy-3.7.19/policy/modules/services/piranha.te
---- nsaserefpolicy/policy/modules/services/piranha.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/piranha.te 2010-09-09 13:14:39.486084912 +0200
+--- nsaserefpolicy/policy/modules/services/piranha.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/piranha.te 2010-09-09 11:14:39.000000000 +0000
@@ -0,0 +1,230 @@
+
+policy_module(piranha,1.0.0)
@@ -30428,8 +30440,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
+
+sysnet_read_config(piranha_domain)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouthd.fc serefpolicy-3.7.19/policy/modules/services/plymouthd.fc
---- nsaserefpolicy/policy/modules/services/plymouthd.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/plymouthd.fc 2010-05-28 09:42:00.150610614 +0200
+--- nsaserefpolicy/policy/modules/services/plymouthd.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/plymouthd.fc 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,9 @@
+/bin/plymouth -- gen_context(system_u:object_r:plymouth_exec_t, s0)
+
@@ -30441,8 +30453,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plym
+
+/var/run/plymouth(/.*)? gen_context(system_u:object_r:plymouthd_var_run_t, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouthd.if serefpolicy-3.7.19/policy/modules/services/plymouthd.if
---- nsaserefpolicy/policy/modules/services/plymouthd.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/plymouthd.if 2010-09-16 15:18:22.185386928 +0200
+--- nsaserefpolicy/policy/modules/services/plymouthd.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/plymouthd.if 2010-09-16 13:18:22.000000000 +0000
@@ -0,0 +1,326 @@
+## <summary>policy for plymouthd</summary>
+
@@ -30771,8 +30783,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plym
+ allow $1 plymouthd_t:unix_stream_socket connectto;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouthd.te serefpolicy-3.7.19/policy/modules/services/plymouthd.te
---- nsaserefpolicy/policy/modules/services/plymouthd.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/plymouthd.te 2010-05-28 09:42:00.151610478 +0200
+--- nsaserefpolicy/policy/modules/services/plymouthd.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/plymouthd.te 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,109 @@
+policy_module(plymouthd, 1.0.0)
+
@@ -30884,8 +30896,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plym
+')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.fc serefpolicy-3.7.19/policy/modules/services/policykit.fc
---- nsaserefpolicy/policy/modules/services/policykit.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/policykit.fc 2010-05-28 09:42:00.152610621 +0200
+--- nsaserefpolicy/policy/modules/services/policykit.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/policykit.fc 2010-05-28 07:42:00.000000000 +0000
@@ -6,10 +6,13 @@
/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0)
/usr/libexec/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0)
@@ -30902,8 +30914,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
/var/run/PolicyKit(/.*)? gen_context(system_u:object_r:policykit_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.if serefpolicy-3.7.19/policy/modules/services/policykit.if
---- nsaserefpolicy/policy/modules/services/policykit.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/policykit.if 2010-05-28 09:42:00.152610621 +0200
+--- nsaserefpolicy/policy/modules/services/policykit.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/policykit.if 2010-05-28 07:42:00.000000000 +0000
@@ -17,12 +17,37 @@
class dbus send_msg;
')
@@ -31001,8 +31013,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
+ allow $1 policykit_auth_t:process signal;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.7.19/policy/modules/services/policykit.te
---- nsaserefpolicy/policy/modules/services/policykit.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/policykit.te 2010-09-09 11:05:30.401085346 +0200
+--- nsaserefpolicy/policy/modules/services/policykit.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/policykit.te 2010-09-09 09:05:30.000000000 +0000
@@ -25,6 +25,9 @@
type policykit_reload_t alias polkit_reload_t;
files_type(policykit_reload_t)
@@ -31186,8 +31198,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
allow policykit_resolve_t self:unix_stream_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.fc serefpolicy-3.7.19/policy/modules/services/portreserve.fc
---- nsaserefpolicy/policy/modules/services/portreserve.fc 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/portreserve.fc 2010-05-28 09:42:00.154610557 +0200
+--- nsaserefpolicy/policy/modules/services/portreserve.fc 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/portreserve.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,3 +1,6 @@
+
+/etc/rc\.d/init\.d/portreserve -- gen_context(system_u:object_r:portreserve_initrc_exec_t,s0)
@@ -31196,8 +31208,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
/sbin/portreserve -- gen_context(system_u:object_r:portreserve_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.if serefpolicy-3.7.19/policy/modules/services/portreserve.if
---- nsaserefpolicy/policy/modules/services/portreserve.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/portreserve.if 2010-09-16 15:19:05.465636901 +0200
+--- nsaserefpolicy/policy/modules/services/portreserve.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/portreserve.if 2010-09-16 13:19:05.000000000 +0000
@@ -18,6 +18,24 @@
domtrans_pattern($1, portreserve_exec_t, portreserve_t)
')
@@ -31265,8 +31277,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
+ admin_pattern($1, portreserve_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.7.19/policy/modules/services/portreserve.te
---- nsaserefpolicy/policy/modules/services/portreserve.te 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/portreserve.te 2010-07-09 09:55:59.073135212 +0200
+--- nsaserefpolicy/policy/modules/services/portreserve.te 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/portreserve.te 2010-07-09 07:55:59.000000000 +0000
@@ -10,6 +10,9 @@
type portreserve_exec_t;
init_daemon_domain(portreserve_t, portreserve_exec_t)
@@ -31284,8 +31296,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
+
+userdom_dontaudit_search_user_home_content(portreserve_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.7.19/policy/modules/services/postfix.fc
---- nsaserefpolicy/policy/modules/services/postfix.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/postfix.fc 2010-05-28 09:42:00.155610840 +0200
+--- nsaserefpolicy/policy/modules/services/postfix.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/postfix.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,4 +1,5 @@
# postfix
+/etc/rc\.d/init\.d/postfix -- gen_context(system_u:object_r:postfix_initrc_exec_t,s0)
@@ -31306,8 +31318,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
/usr/sbin/postfix -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postkick -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.7.19/policy/modules/services/postfix.if
---- nsaserefpolicy/policy/modules/services/postfix.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/postfix.if 2011-01-19 11:28:09.917041062 +0100
+--- nsaserefpolicy/policy/modules/services/postfix.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/postfix.if 2011-01-19 10:28:09.000000000 +0000
@@ -35,7 +35,7 @@
role system_r types postfix_$1_t;
@@ -31722,8 +31734,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+ admin_pattern($1, postfix_public_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.7.19/policy/modules/services/postfix.te
---- nsaserefpolicy/policy/modules/services/postfix.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/postfix.te 2011-01-20 10:59:48.876041237 +0100
+--- nsaserefpolicy/policy/modules/services/postfix.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/postfix.te 2011-01-20 09:59:48.000000000 +0000
@@ -6,6 +6,15 @@
# Declarations
#
@@ -32151,8 +32163,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+userdom_home_filetrans_user_home_dir(postfix_virtual_t)
+userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, {file dir })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.7.19/policy/modules/services/postgresql.if
---- nsaserefpolicy/policy/modules/services/postgresql.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/postgresql.if 2011-01-19 19:02:35.510042541 +0100
+--- nsaserefpolicy/policy/modules/services/postgresql.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/postgresql.if 2011-01-19 18:02:35.000000000 +0000
@@ -10,7 +10,7 @@
## </summary>
## </param>
@@ -32508,8 +32520,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
postgresql_tcp_connect($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.7.19/policy/modules/services/postgresql.te
---- nsaserefpolicy/policy/modules/services/postgresql.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/postgresql.te 2011-01-19 19:02:35.513051840 +0100
+--- nsaserefpolicy/policy/modules/services/postgresql.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/postgresql.te 2011-01-19 18:02:35.000000000 +0000
@@ -1,5 +1,4 @@
-
-policy_module(postgresql, 1.10.2)
@@ -32842,8 +32854,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.7.19/policy/modules/services/ppp.if
---- nsaserefpolicy/policy/modules/services/ppp.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ppp.if 2010-10-13 09:40:56.718900943 +0200
+--- nsaserefpolicy/policy/modules/services/ppp.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ppp.if 2010-10-13 07:40:56.000000000 +0000
@@ -281,7 +281,7 @@
type pppd_var_run_t;
')
@@ -32884,8 +32896,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
admin_pattern($1, pptp_log_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.7.19/policy/modules/services/ppp.te
---- nsaserefpolicy/policy/modules/services/ppp.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ppp.te 2010-05-28 09:42:00.159610853 +0200
+--- nsaserefpolicy/policy/modules/services/ppp.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ppp.te 2010-05-28 07:42:00.000000000 +0000
@@ -71,7 +71,7 @@
# PPPD Local policy
#
@@ -32905,8 +32917,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.7.19/policy/modules/services/prelude.if
---- nsaserefpolicy/policy/modules/services/prelude.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/prelude.if 2010-09-16 15:12:53.251386792 +0200
+--- nsaserefpolicy/policy/modules/services/prelude.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/prelude.if 2010-09-16 13:12:53.000000000 +0000
@@ -136,9 +136,15 @@
allow $2 system_r;
@@ -32924,8 +32936,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
admin_pattern($1, prelude_lml_var_run_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.if serefpolicy-3.7.19/policy/modules/services/privoxy.if
---- nsaserefpolicy/policy/modules/services/privoxy.if 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/privoxy.if 2010-09-16 15:24:54.424637062 +0200
+--- nsaserefpolicy/policy/modules/services/privoxy.if 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/privoxy.if 2010-09-16 13:24:54.000000000 +0000
@@ -24,7 +24,7 @@
type privoxy_initrc_exec_t;
')
@@ -32936,8 +32948,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/priv
init_labeled_script_domtrans($1, privoxy_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.fc serefpolicy-3.7.19/policy/modules/services/procmail.fc
---- nsaserefpolicy/policy/modules/services/procmail.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/procmail.fc 2010-05-28 09:42:00.159610853 +0200
+--- nsaserefpolicy/policy/modules/services/procmail.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/procmail.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,3 +1,5 @@
+HOME_DIR/\.procmailrc -- gen_context(system_u:object_r:procmail_home_t, s0)
+/root/\.procmailrc -- gen_context(system_u:object_r:procmail_home_t, s0)
@@ -32945,8 +32957,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
/usr/bin/procmail -- gen_context(system_u:object_r:procmail_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.if serefpolicy-3.7.19/policy/modules/services/procmail.if
---- nsaserefpolicy/policy/modules/services/procmail.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/procmail.if 2010-07-19 15:50:57.889151415 +0200
+--- nsaserefpolicy/policy/modules/services/procmail.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/procmail.if 2010-07-19 13:50:57.000000000 +0000
@@ -77,3 +77,22 @@
files_search_tmp($1)
rw_files_pattern($1, procmail_tmp_t, procmail_tmp_t)
@@ -32971,8 +32983,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
+ read_files_pattern($1, procmail_home_t, procmail_home_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.7.19/policy/modules/services/procmail.te
---- nsaserefpolicy/policy/modules/services/procmail.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/procmail.te 2010-05-28 09:42:00.161610790 +0200
+--- nsaserefpolicy/policy/modules/services/procmail.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/procmail.te 2010-05-28 07:42:00.000000000 +0000
@@ -11,6 +11,9 @@
application_domain(procmail_t, procmail_exec_t)
role system_r types procmail_t;
@@ -33053,8 +33065,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.if serefpolicy-3.7.19/policy/modules/services/psad.if
---- nsaserefpolicy/policy/modules/services/psad.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/psad.if 2010-10-18 15:26:34.337901390 +0200
+--- nsaserefpolicy/policy/modules/services/psad.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/psad.if 2010-10-18 13:26:34.000000000 +0000
@@ -174,6 +174,26 @@
append_files_pattern($1, psad_var_log_t, psad_var_log_t)
')
@@ -33105,8 +33117,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad
allow $1 psad_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.te serefpolicy-3.7.19/policy/modules/services/psad.te
---- nsaserefpolicy/policy/modules/services/psad.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/psad.te 2010-06-03 10:24:19.786161096 +0200
+--- nsaserefpolicy/policy/modules/services/psad.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/psad.te 2010-06-03 08:24:19.000000000 +0000
@@ -86,6 +86,7 @@
dev_read_urand(psad_t)
@@ -33116,8 +33128,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad
fs_getattr_all_fs(psad_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/puppet.te serefpolicy-3.7.19/policy/modules/services/puppet.te
---- nsaserefpolicy/policy/modules/services/puppet.te 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/puppet.te 2011-01-17 10:29:24.948041219 +0100
+--- nsaserefpolicy/policy/modules/services/puppet.te 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/puppet.te 2011-01-17 09:29:24.000000000 +0000
@@ -14,6 +14,13 @@
## </desc>
gen_tunable(puppet_manage_all_files, false)
@@ -33183,8 +33195,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pupp
+ usermanage_domtrans_useradd(puppetmaster_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.7.19/policy/modules/services/pyzor.fc
---- nsaserefpolicy/policy/modules/services/pyzor.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/pyzor.fc 2010-05-28 09:42:00.162610723 +0200
+--- nsaserefpolicy/policy/modules/services/pyzor.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/pyzor.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,6 +1,10 @@
/etc/pyzor(/.*)? gen_context(system_u:object_r:pyzor_etc_t, s0)
+/etc/rc\.d/init\.d/pyzord -- gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
@@ -33197,8 +33209,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
/usr/bin/pyzor -- gen_context(system_u:object_r:pyzor_exec_t,s0)
/usr/bin/pyzord -- gen_context(system_u:object_r:pyzord_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.7.19/policy/modules/services/pyzor.if
---- nsaserefpolicy/policy/modules/services/pyzor.if 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/pyzor.if 2010-05-28 09:42:00.162610723 +0200
+--- nsaserefpolicy/policy/modules/services/pyzor.if 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/pyzor.if 2010-05-28 07:42:00.000000000 +0000
@@ -88,3 +88,50 @@
corecmd_search_bin($1)
can_exec($1, pyzor_exec_t)
@@ -33251,8 +33263,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.7.19/policy/modules/services/pyzor.te
---- nsaserefpolicy/policy/modules/services/pyzor.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/pyzor.te 2010-05-28 09:42:00.163610797 +0200
+--- nsaserefpolicy/policy/modules/services/pyzor.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/pyzor.te 2010-05-28 07:42:00.000000000 +0000
@@ -6,6 +6,38 @@
# Declarations
#
@@ -33318,8 +33330,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmail.te serefpolicy-3.7.19/policy/modules/services/qmail.te
---- nsaserefpolicy/policy/modules/services/qmail.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/qmail.te 2010-09-01 12:03:11.253344636 +0200
+--- nsaserefpolicy/policy/modules/services/qmail.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/qmail.te 2010-09-01 10:03:11.000000000 +0000
@@ -125,6 +125,10 @@
spamassassin_domtrans_client(qmail_local_t)
')
@@ -33332,8 +33344,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmai
#
# qmail-lspawn local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.fc serefpolicy-3.7.19/policy/modules/services/qpidd.fc
---- nsaserefpolicy/policy/modules/services/qpidd.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/qpidd.fc 2010-05-28 09:42:00.163610797 +0200
+--- nsaserefpolicy/policy/modules/services/qpidd.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/qpidd.fc 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,9 @@
+
+/usr/sbin/qpidd -- gen_context(system_u:object_r:qpidd_exec_t,s0)
@@ -33345,8 +33357,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid
+/var/run/qpidd(/.*)? gen_context(system_u:object_r:qpidd_var_run_t,s0)
+/var/run/qpidd\.pid gen_context(system_u:object_r:qpidd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.if serefpolicy-3.7.19/policy/modules/services/qpidd.if
---- nsaserefpolicy/policy/modules/services/qpidd.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/qpidd.if 2010-09-16 15:23:19.343636970 +0200
+--- nsaserefpolicy/policy/modules/services/qpidd.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/qpidd.if 2010-09-16 13:23:19.000000000 +0000
@@ -0,0 +1,231 @@
+
+## <summary>policy for qpidd</summary>
@@ -33580,8 +33592,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid
+ allow $1 qpidd_t:shm rw_shm_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.te serefpolicy-3.7.19/policy/modules/services/qpidd.te
---- nsaserefpolicy/policy/modules/services/qpidd.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/qpidd.te 2010-11-11 16:21:18.340430870 +0100
+--- nsaserefpolicy/policy/modules/services/qpidd.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/qpidd.te 2010-11-11 15:21:18.000000000 +0000
@@ -0,0 +1,63 @@
+policy_module(qpidd,1.0.0)
+
@@ -33647,8 +33659,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid
+ corosync_stream_connect(qpidd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.if serefpolicy-3.7.19/policy/modules/services/radius.if
---- nsaserefpolicy/policy/modules/services/radius.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/radius.if 2010-09-16 15:25:26.911637199 +0200
+--- nsaserefpolicy/policy/modules/services/radius.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/radius.if 2010-09-16 13:25:26.000000000 +0000
@@ -38,7 +38,7 @@
type radiusd_initrc_exec_t;
')
@@ -33659,8 +33671,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
init_labeled_script_domtrans($1, radiusd_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-3.7.19/policy/modules/services/radius.te
---- nsaserefpolicy/policy/modules/services/radius.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/radius.te 2011-01-03 10:47:38.474042362 +0100
+--- nsaserefpolicy/policy/modules/services/radius.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/radius.te 2011-01-03 09:47:38.000000000 +0000
@@ -37,7 +37,7 @@
# gzip also needs chown access to preserve GID for radwtmp files
allow radiusd_t self:capability { chown dac_override fsetid kill setgid setuid sys_resource sys_tty_config };
@@ -33687,16 +33699,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.7.19/policy/modules/services/razor.fc
---- nsaserefpolicy/policy/modules/services/razor.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/razor.fc 2010-05-28 09:42:00.165610873 +0200
+--- nsaserefpolicy/policy/modules/services/razor.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/razor.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,3 +1,4 @@
+/root/\.razor(/.*)? gen_context(system_u:object_r:razor_home_t,s0)
HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:razor_home_t,s0)
/etc/razor(/.*)? gen_context(system_u:object_r:razor_etc_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.7.19/policy/modules/services/razor.if
---- nsaserefpolicy/policy/modules/services/razor.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/razor.if 2010-09-16 15:26:20.599637115 +0200
+--- nsaserefpolicy/policy/modules/services/razor.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/razor.if 2010-09-16 13:26:20.000000000 +0000
@@ -157,3 +157,44 @@
domtrans_pattern($1, razor_exec_t, razor_t)
@@ -33743,8 +33755,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.7.19/policy/modules/services/razor.te
---- nsaserefpolicy/policy/modules/services/razor.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/razor.te 2010-05-28 09:42:00.166610736 +0200
+--- nsaserefpolicy/policy/modules/services/razor.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/razor.te 2010-05-28 07:42:00.000000000 +0000
@@ -6,6 +6,32 @@
# Declarations
#
@@ -33797,8 +33809,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
+
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remotelogin.te serefpolicy-3.7.19/policy/modules/services/remotelogin.te
---- nsaserefpolicy/policy/modules/services/remotelogin.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/remotelogin.te 2010-11-08 15:03:03.626165758 +0100
+--- nsaserefpolicy/policy/modules/services/remotelogin.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/remotelogin.te 2010-11-08 14:03:03.000000000 +0000
@@ -50,6 +50,7 @@
fs_search_auto_mountpoints(remote_login_t)
@@ -33808,8 +33820,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remo
auth_rw_login_records(remote_login_t)
auth_rw_faillog(remote_login_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/resmgr.if serefpolicy-3.7.19/policy/modules/services/resmgr.if
---- nsaserefpolicy/policy/modules/services/resmgr.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/resmgr.if 2010-09-16 15:29:11.862636875 +0200
+--- nsaserefpolicy/policy/modules/services/resmgr.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/resmgr.if 2010-09-16 13:29:11.000000000 +0000
@@ -16,7 +16,6 @@
type resmgrd_var_run_t, resmgrd_t;
')
@@ -33820,8 +33832,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/resm
+ stream_connect_pattern($1, resmgrd_var_run_t, resmgrd_var_run_t, resmgrd_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.fc serefpolicy-3.7.19/policy/modules/services/rgmanager.fc
---- nsaserefpolicy/policy/modules/services/rgmanager.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/rgmanager.fc 2010-05-28 09:42:00.167610740 +0200
+--- nsaserefpolicy/policy/modules/services/rgmanager.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rgmanager.fc 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,10 @@
+
+/etc/rc\.d/init\.d/rgmanager -- gen_context(system_u:object_r:rgmanager_initrc_exec_t,s0)
@@ -33834,8 +33846,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
+
+/var/run/cluster/rgmanager\.sk -s gen_context(system_u:object_r:rgmanager_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.if serefpolicy-3.7.19/policy/modules/services/rgmanager.if
---- nsaserefpolicy/policy/modules/services/rgmanager.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/rgmanager.if 2010-09-16 15:26:59.814637060 +0200
+--- nsaserefpolicy/policy/modules/services/rgmanager.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rgmanager.if 2010-09-16 13:26:59.000000000 +0000
@@ -0,0 +1,141 @@
+## <summary>SELinux policy for rgmanager</summary>
+
@@ -33979,8 +33991,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
+ admin_pattern($1, rgmanager_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.te serefpolicy-3.7.19/policy/modules/services/rgmanager.te
---- nsaserefpolicy/policy/modules/services/rgmanager.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/rgmanager.te 2010-06-15 18:40:09.964045327 +0200
+--- nsaserefpolicy/policy/modules/services/rgmanager.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rgmanager.te 2010-06-15 16:40:09.000000000 +0000
@@ -0,0 +1,223 @@
+
+policy_module(rgmanager, 1.0.0)
@@ -34206,8 +34218,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
+ xen_domtrans_xm(rgmanager_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.fc serefpolicy-3.7.19/policy/modules/services/rhcs.fc
---- nsaserefpolicy/policy/modules/services/rhcs.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/rhcs.fc 2010-09-16 17:00:39.815401517 +0200
+--- nsaserefpolicy/policy/modules/services/rhcs.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rhcs.fc 2010-09-16 15:00:39.000000000 +0000
@@ -0,0 +1,26 @@
+/usr/sbin/dlm_controld -- gen_context(system_u:object_r:dlm_controld_exec_t,s0)
+/usr/sbin/fenced -- gen_context(system_u:object_r:fenced_exec_t,s0)
@@ -34236,8 +34248,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
+/var/run/qdiskd\.pid -- gen_context(system_u:object_r:qdiskd_var_run_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.if serefpolicy-3.7.19/policy/modules/services/rhcs.if
---- nsaserefpolicy/policy/modules/services/rhcs.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/rhcs.if 2010-10-13 08:11:31.778899963 +0200
+--- nsaserefpolicy/policy/modules/services/rhcs.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rhcs.if 2010-10-13 06:11:31.000000000 +0000
@@ -0,0 +1,458 @@
+## <summary>RHCS - Red Hat Cluster Suite</summary>
+
@@ -34698,8 +34710,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
+ read_files_pattern($1, cluster_var_lib_t, cluster_var_lib_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.te serefpolicy-3.7.19/policy/modules/services/rhcs.te
---- nsaserefpolicy/policy/modules/services/rhcs.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/services/rhcs.te 2010-11-10 09:52:06.897160419 +0100
+--- nsaserefpolicy/policy/modules/services/rhcs.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rhcs.te 2010-11-10 08:52:06.000000000 +0000
@@ -0,0 +1,259 @@
+
+policy_module(rhcs,1.1.0)
@@ -34961,8 +34973,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
+ corosync_stream_connect(cluster_domain)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-3.7.19/policy/modules/services/ricci.fc
---- nsaserefpolicy/policy/modules/services/ricci.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ricci.fc 2010-07-21 13:56:07.915385135 +0200
+--- nsaserefpolicy/policy/modules/services/ricci.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ricci.fc 2010-07-21 11:56:07.000000000 +0000
@@ -1,3 +1,6 @@
+
+/etc/rc\.d/init\.d/ricci -- gen_context(system_u:object_r:ricci_initrc_exec_t,s0)
@@ -34971,8 +34983,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
/usr/libexec/ricci-modlog -- gen_context(system_u:object_r:ricci_modlog_exec_t,s0)
/usr/libexec/ricci-modrpm -- gen_context(system_u:object_r:ricci_modrpm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-3.7.19/policy/modules/services/ricci.if
---- nsaserefpolicy/policy/modules/services/ricci.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ricci.if 2010-09-16 15:29:32.734636961 +0200
+--- nsaserefpolicy/policy/modules/services/ricci.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ricci.if 2010-09-16 13:29:32.000000000 +0000
@@ -18,6 +18,24 @@
domtrans_pattern($1, ricci_exec_t, ricci_t)
')
@@ -35118,8 +35130,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
+ admin_pattern($1, ricci_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.7.19/policy/modules/services/ricci.te
---- nsaserefpolicy/policy/modules/services/ricci.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ricci.te 2010-08-09 14:14:31.795085246 +0200
+--- nsaserefpolicy/policy/modules/services/ricci.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ricci.te 2010-08-09 12:14:31.000000000 +0000
@@ -11,6 +11,9 @@
domain_type(ricci_t)
init_daemon_domain(ricci_t, ricci_exec_t)
@@ -35277,8 +35289,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
ccs_read_config(ricci_modstorage_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.fc serefpolicy-3.7.19/policy/modules/services/rlogin.fc
---- nsaserefpolicy/policy/modules/services/rlogin.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/rlogin.fc 2010-05-28 09:42:00.174610693 +0200
+--- nsaserefpolicy/policy/modules/services/rlogin.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rlogin.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,4 +1,7 @@
HOME_DIR/\.rlogin -- gen_context(system_u:object_r:rlogind_home_t,s0)
+HOME_DIR/\.rhosts -- gen_context(system_u:object_r:rlogind_home_t,s0)
@@ -35288,8 +35300,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog
/usr/kerberos/sbin/klogind -- gen_context(system_u:object_r:rlogind_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.7.19/policy/modules/services/rlogin.te
---- nsaserefpolicy/policy/modules/services/rlogin.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/rlogin.te 2010-09-02 15:07:41.711106623 +0200
+--- nsaserefpolicy/policy/modules/services/rlogin.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rlogin.te 2010-09-02 13:07:41.000000000 +0000
@@ -69,6 +69,7 @@
fs_getattr_xattr_fs(rlogind_t)
fs_search_auto_mountpoints(rlogind_t)
@@ -35307,8 +35319,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog
remotelogin_domtrans(rlogind_t)
remotelogin_signal(rlogind_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.fc serefpolicy-3.7.19/policy/modules/services/rpcbind.fc
---- nsaserefpolicy/policy/modules/services/rpcbind.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/rpcbind.fc 2010-08-20 13:48:39.185084889 +0200
+--- nsaserefpolicy/policy/modules/services/rpcbind.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rpcbind.fc 2010-08-20 11:48:39.000000000 +0000
@@ -2,6 +2,7 @@
/sbin/rpcbind -- gen_context(system_u:object_r:rpcbind_exec_t,s0)
@@ -35318,8 +35330,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
/var/run/rpc.statd\.pid -- gen_context(system_u:object_r:rpcbind_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.7.19/policy/modules/services/rpcbind.if
---- nsaserefpolicy/policy/modules/services/rpcbind.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/rpcbind.if 2010-09-16 15:30:57.838386767 +0200
+--- nsaserefpolicy/policy/modules/services/rpcbind.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rpcbind.if 2010-09-16 13:30:57.000000000 +0000
@@ -34,8 +34,7 @@
')
@@ -35347,8 +35359,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
+ admin_pattern($1, rpcbind_var_run_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.7.19/policy/modules/services/rpcbind.te
---- nsaserefpolicy/policy/modules/services/rpcbind.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/rpcbind.te 2010-08-30 20:25:53.722333587 +0200
+--- nsaserefpolicy/policy/modules/services/rpcbind.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rpcbind.te 2010-08-30 18:25:53.000000000 +0000
@@ -44,6 +44,8 @@
kernel_read_network_state(rpcbind_t)
kernel_request_load_module(rpcbind_t)
@@ -35367,8 +35379,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
+ nis_use_ypbind(rpcbind_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.7.19/policy/modules/services/rpc.if
---- nsaserefpolicy/policy/modules/services/rpc.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/rpc.if 2010-10-13 09:43:18.320901313 +0200
+--- nsaserefpolicy/policy/modules/services/rpc.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rpc.if 2010-10-13 07:43:18.000000000 +0000
@@ -246,6 +246,32 @@
allow rpcd_t $1:process signal;
')
@@ -35409,8 +35421,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
+ allow $1 var_lib_nfs_t:file relabel_file_perms;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.7.19/policy/modules/services/rpc.te
---- nsaserefpolicy/policy/modules/services/rpc.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/rpc.te 2010-09-24 12:39:25.042386720 +0200
+--- nsaserefpolicy/policy/modules/services/rpc.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rpc.te 2010-09-24 10:39:25.000000000 +0000
@@ -80,6 +80,7 @@
corecmd_exec_bin(rpcd_t)
@@ -35480,8 +35492,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.if serefpolicy-3.7.19/policy/modules/services/rsync.if
---- nsaserefpolicy/policy/modules/services/rsync.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/rsync.if 2010-06-16 23:07:29.041110161 +0200
+--- nsaserefpolicy/policy/modules/services/rsync.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rsync.if 2010-06-16 21:07:29.000000000 +0000
@@ -119,25 +119,68 @@
type rsync_etc_t;
')
@@ -35561,8 +35573,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
+ files_etc_filetrans($1, rsync_etc_t, $2)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.7.19/policy/modules/services/rsync.te
---- nsaserefpolicy/policy/modules/services/rsync.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/rsync.te 2010-05-28 09:42:00.177610912 +0200
+--- nsaserefpolicy/policy/modules/services/rsync.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rsync.te 2010-05-28 07:42:00.000000000 +0000
@@ -8,6 +8,13 @@
## <desc>
@@ -35623,8 +35635,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
+
auth_can_read_shadow_passwords(rsync_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.if serefpolicy-3.7.19/policy/modules/services/rtkit.if
---- nsaserefpolicy/policy/modules/services/rtkit.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/rtkit.if 2010-05-28 09:42:00.177610912 +0200
+--- nsaserefpolicy/policy/modules/services/rtkit.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rtkit.if 2010-05-28 07:42:00.000000000 +0000
@@ -41,6 +41,27 @@
########################################
@@ -35654,8 +35666,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtki
## </summary>
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.te serefpolicy-3.7.19/policy/modules/services/rtkit.te
---- nsaserefpolicy/policy/modules/services/rtkit.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/rtkit.te 2010-06-15 18:00:58.428018646 +0200
+--- nsaserefpolicy/policy/modules/services/rtkit.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rtkit.te 2010-06-15 16:00:58.000000000 +0000
@@ -32,5 +32,9 @@
miscfiles_read_localization(rtkit_daemon_t)
@@ -35667,8 +35679,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtki
policykit_dbus_chat(rtkit_daemon_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.te serefpolicy-3.7.19/policy/modules/services/rwho.te
---- nsaserefpolicy/policy/modules/services/rwho.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/rwho.te 2010-09-09 13:17:41.097085184 +0200
+--- nsaserefpolicy/policy/modules/services/rwho.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/rwho.te 2010-09-09 11:17:41.000000000 +0000
@@ -56,6 +56,8 @@
init_read_utmp(rwho_t)
init_dontaudit_write_utmp(rwho_t)
@@ -35679,8 +35691,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho
sysnet_dns_name_resolve(rwho_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.7.19/policy/modules/services/samba.fc
---- nsaserefpolicy/policy/modules/services/samba.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/samba.fc 2010-08-10 16:58:12.349085082 +0200
+--- nsaserefpolicy/policy/modules/services/samba.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/samba.fc 2010-08-10 14:58:12.000000000 +0000
@@ -36,13 +36,16 @@
/var/log/samba(/.*)? gen_context(system_u:object_r:samba_log_t,s0)
@@ -35709,8 +35721,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+/var/lib/samba/scripts(/.*)? gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.7.19/policy/modules/services/samba.if
---- nsaserefpolicy/policy/modules/services/samba.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/samba.if 2010-09-16 16:51:08.806636988 +0200
+--- nsaserefpolicy/policy/modules/services/samba.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/samba.if 2010-09-16 14:51:08.000000000 +0000
@@ -62,6 +62,25 @@
########################################
@@ -35908,8 +35920,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+ admin_pattern($1, samba_unconfined_script_exec_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.7.19/policy/modules/services/samba.te
---- nsaserefpolicy/policy/modules/services/samba.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/samba.te 2010-10-26 10:38:39.378650869 +0200
+--- nsaserefpolicy/policy/modules/services/samba.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/samba.te 2010-10-26 08:38:39.000000000 +0000
@@ -66,6 +66,13 @@
## </desc>
gen_tunable(samba_share_nfs, false)
@@ -36294,8 +36306,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+ can_exec(smbd_t, samba_unconfined_script_exec_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.fc serefpolicy-3.7.19/policy/modules/services/sasl.fc
---- nsaserefpolicy/policy/modules/services/sasl.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/sasl.fc 2010-07-14 12:47:11.116159544 +0200
+--- nsaserefpolicy/policy/modules/services/sasl.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/sasl.fc 2010-07-14 10:47:11.000000000 +0000
@@ -1,4 +1,4 @@
-/etc/rc\.d/init\.d/sasl -- gen_context(system_u:object_r:saslauthd_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/saslauthd -- gen_context(system_u:object_r:saslauthd_initrc_exec_t,s0)
@@ -36303,8 +36315,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
#
# /usr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.if serefpolicy-3.7.19/policy/modules/services/sasl.if
---- nsaserefpolicy/policy/modules/services/sasl.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/sasl.if 2010-09-16 16:45:19.599637162 +0200
+--- nsaserefpolicy/policy/modules/services/sasl.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/sasl.if 2010-09-16 14:45:19.000000000 +0000
@@ -42,7 +42,7 @@
type saslauthd_initrc_exec_t;
')
@@ -36315,8 +36327,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
init_labeled_script_domtrans($1, saslauthd_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.7.19/policy/modules/services/sasl.te
---- nsaserefpolicy/policy/modules/services/sasl.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/sasl.te 2010-05-28 09:42:00.182610859 +0200
+--- nsaserefpolicy/policy/modules/services/sasl.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/sasl.te 2010-05-28 07:42:00.000000000 +0000
@@ -50,6 +50,9 @@
kernel_read_kernel_sysctls(saslauthd_t)
kernel_read_system_state(saslauthd_t)
@@ -36328,8 +36340,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
corenet_all_recvfrom_netlabel(saslauthd_t)
corenet_tcp_sendrecv_generic_if(saslauthd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.fc serefpolicy-3.7.19/policy/modules/services/sendmail.fc
---- nsaserefpolicy/policy/modules/services/sendmail.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/sendmail.fc 2010-05-28 09:42:00.182610859 +0200
+--- nsaserefpolicy/policy/modules/services/sendmail.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/sendmail.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,4 +1,6 @@
+/etc/rc\.d/init\.d/sendmail -- gen_context(system_u:object_r:sendmail_initrc_exec_t,s0)
@@ -36338,8 +36350,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
/var/log/mail(/.*)? gen_context(system_u:object_r:sendmail_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.7.19/policy/modules/services/sendmail.if
---- nsaserefpolicy/policy/modules/services/sendmail.if 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/sendmail.if 2010-09-16 16:48:16.015637212 +0200
+--- nsaserefpolicy/policy/modules/services/sendmail.if 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/sendmail.if 2010-09-16 14:48:16.000000000 +0000
@@ -51,10 +51,24 @@
')
@@ -36458,8 +36470,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
+ admin_pattern($1, mail_spool_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.7.19/policy/modules/services/sendmail.te
---- nsaserefpolicy/policy/modules/services/sendmail.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/sendmail.te 2010-05-28 09:42:00.184610725 +0200
+--- nsaserefpolicy/policy/modules/services/sendmail.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/sendmail.te 2010-05-28 07:42:00.000000000 +0000
@@ -20,6 +20,9 @@
mta_mailserver_delivery(sendmail_t)
mta_mailserver_sender(sendmail_t)
@@ -36549,8 +36561,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.7.19/policy/modules/services/setroubleshoot.fc
---- nsaserefpolicy/policy/modules/services/setroubleshoot.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/setroubleshoot.fc 2010-05-28 09:42:00.184610725 +0200
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/setroubleshoot.fc 2010-05-28 07:42:00.000000000 +0000
@@ -5,3 +5,5 @@
/var/log/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_log_t,s0)
@@ -36558,8 +36570,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
+
+/usr/share/setroubleshoot/SetroubleshootFixit\.py* -- gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.7.19/policy/modules/services/setroubleshoot.if
---- nsaserefpolicy/policy/modules/services/setroubleshoot.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/setroubleshoot.if 2010-09-16 16:20:10.904636972 +0200
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/setroubleshoot.if 2010-09-16 14:20:10.000000000 +0000
@@ -16,8 +16,8 @@
')
@@ -36698,8 +36710,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
+ admin_pattern($1, setroubleshoot_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.7.19/policy/modules/services/setroubleshoot.te
---- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/setroubleshoot.te 2010-05-28 09:42:00.186610872 +0200
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/setroubleshoot.te 2010-05-28 07:42:00.000000000 +0000
@@ -22,13 +22,19 @@
type setroubleshoot_var_run_t;
files_pid_file(setroubleshoot_var_run_t)
@@ -36848,8 +36860,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
+ userdom_read_all_users_state(setroubleshoot_fixit_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.if serefpolicy-3.7.19/policy/modules/services/smartmon.if
---- nsaserefpolicy/policy/modules/services/smartmon.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/smartmon.if 2010-09-16 16:45:57.103387039 +0200
+--- nsaserefpolicy/policy/modules/services/smartmon.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/smartmon.if 2010-09-16 14:45:57.000000000 +0000
@@ -15,6 +15,7 @@
type fsdaemon_tmp_t;
')
@@ -36868,8 +36880,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
init_labeled_script_domtrans($1, fsdaemon_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.7.19/policy/modules/services/smartmon.te
---- nsaserefpolicy/policy/modules/services/smartmon.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/smartmon.te 2010-11-15 14:09:31.283147945 +0100
+--- nsaserefpolicy/policy/modules/services/smartmon.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/smartmon.te 2010-11-15 13:09:31.000000000 +0000
@@ -73,6 +73,7 @@
files_read_etc_runtime_files(fsdaemon_t)
# for config
@@ -36889,8 +36901,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
term_dontaudit_search_ptys(fsdaemon_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smokeping.te serefpolicy-3.7.19/policy/modules/services/smokeping.te
---- nsaserefpolicy/policy/modules/services/smokeping.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/smokeping.te 2010-10-05 16:58:22.852651336 +0200
+--- nsaserefpolicy/policy/modules/services/smokeping.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/smokeping.te 2010-10-05 14:58:22.000000000 +0000
@@ -24,6 +24,7 @@
# smokeping local policy
#
@@ -36916,8 +36928,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok
getattr_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_run_t, smokeping_var_run_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.7.19/policy/modules/services/snmp.if
---- nsaserefpolicy/policy/modules/services/snmp.if 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/snmp.if 2010-11-15 17:53:35.780147148 +0100
+--- nsaserefpolicy/policy/modules/services/snmp.if 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/snmp.if 2010-11-15 16:53:35.000000000 +0000
@@ -62,11 +62,32 @@
type snmpd_var_lib_t;
')
@@ -36970,8 +36982,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
init_labeled_script_domtrans($1, snmpd_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.7.19/policy/modules/services/snmp.te
---- nsaserefpolicy/policy/modules/services/snmp.te 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/snmp.te 2010-12-01 11:26:42.353042721 +0100
+--- nsaserefpolicy/policy/modules/services/snmp.te 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/snmp.te 2010-12-01 10:26:42.000000000 +0000
@@ -25,14 +25,15 @@
#
# Local policy
@@ -36999,8 +37011,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
auth_use_nsswitch(snmpd_t)
auth_read_all_dirs_except_shadow(snmpd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.if serefpolicy-3.7.19/policy/modules/services/snort.if
---- nsaserefpolicy/policy/modules/services/snort.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/snort.if 2010-09-16 16:42:05.561636781 +0200
+--- nsaserefpolicy/policy/modules/services/snort.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/snort.if 2010-09-16 14:42:05.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run snort.
## </summary>
@@ -37014,8 +37026,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor
#
interface(`snort_domtrans',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.7.19/policy/modules/services/snort.te
---- nsaserefpolicy/policy/modules/services/snort.te 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/snort.te 2010-05-28 09:42:00.188610878 +0200
+--- nsaserefpolicy/policy/modules/services/snort.te 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/snort.te 2010-05-28 07:42:00.000000000 +0000
@@ -62,6 +62,7 @@
kernel_read_proc_symlinks(snort_t)
kernel_request_load_module(snort_t)
@@ -37035,8 +37047,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor
domain_use_interactive_fds(snort_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.7.19/policy/modules/services/spamassassin.fc
---- nsaserefpolicy/policy/modules/services/spamassassin.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/spamassassin.fc 2010-12-20 16:58:16.259041911 +0100
+--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/spamassassin.fc 2010-12-20 15:58:16.000000000 +0000
@@ -1,15 +1,28 @@
-HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamassassin_home_t,s0)
+HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
@@ -37069,8 +37081,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
+/var/spool/MD-Quarantine(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
+/var/spool/MIMEDefang(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.7.19/policy/modules/services/spamassassin.if
---- nsaserefpolicy/policy/modules/services/spamassassin.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/spamassassin.if 2010-09-16 16:51:58.958637037 +0200
+--- nsaserefpolicy/policy/modules/services/spamassassin.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/spamassassin.if 2010-09-16 14:51:58.000000000 +0000
@@ -14,6 +14,7 @@
## User domain for the role
## </summary>
@@ -37233,8 +37245,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
+ admin_pattern($1, spamd_var_run_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.7.19/policy/modules/services/spamassassin.te
---- nsaserefpolicy/policy/modules/services/spamassassin.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/spamassassin.te 2011-01-18 15:53:51.928042302 +0100
+--- nsaserefpolicy/policy/modules/services/spamassassin.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/spamassassin.te 2011-01-18 14:53:51.000000000 +0000
@@ -20,6 +20,35 @@
## </desc>
gen_tunable(spamd_enable_home_dirs, true)
@@ -37554,8 +37566,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
udev_read_db(spamd_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.7.19/policy/modules/services/squid.if
---- nsaserefpolicy/policy/modules/services/squid.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/squid.if 2010-09-16 16:33:25.875637032 +0200
+--- nsaserefpolicy/policy/modules/services/squid.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/squid.if 2010-09-16 14:33:25.000000000 +0000
@@ -71,7 +71,7 @@
type squid_t;
')
@@ -37574,8 +37586,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
interface(`squid_dontaudit_search_cache',`
gen_require(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.7.19/policy/modules/services/squid.te
---- nsaserefpolicy/policy/modules/services/squid.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/squid.te 2011-01-03 09:56:23.355040924 +0100
+--- nsaserefpolicy/policy/modules/services/squid.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/squid.te 2011-01-03 08:56:23.000000000 +0000
@@ -14,6 +14,13 @@
## </desc>
gen_tunable(squid_connect_any, false)
@@ -37639,8 +37651,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
-allow squid_t tmpfs_t:file { read write };
-') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.7.19/policy/modules/services/ssh.fc
---- nsaserefpolicy/policy/modules/services/ssh.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ssh.fc 2011-01-04 16:00:55.694041145 +0100
+--- nsaserefpolicy/policy/modules/services/ssh.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ssh.fc 2011-01-04 15:00:55.000000000 +0000
@@ -1,4 +1,9 @@
HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+HOME_DIR/\.shosts gen_context(system_u:object_r:ssh_home_t,s0)
@@ -37659,8 +37671,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
+/root/\.ssh(/.*)? gen_context(system_u:object_r:home_ssh_t,s0)
+/root/\.shosts gen_context(system_u:object_r:home_ssh_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.7.19/policy/modules/services/ssh.if
---- nsaserefpolicy/policy/modules/services/ssh.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ssh.if 2010-11-02 17:20:27.771899311 +0100
+--- nsaserefpolicy/policy/modules/services/ssh.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ssh.if 2010-11-02 16:20:27.000000000 +0000
@@ -36,6 +36,7 @@
gen_require(`
attribute ssh_server;
@@ -38025,8 +38037,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
+ admin_pattern($1, sshd_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.7.19/policy/modules/services/ssh.te
---- nsaserefpolicy/policy/modules/services/ssh.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ssh.te 2011-01-14 14:36:33.523041523 +0100
+--- nsaserefpolicy/policy/modules/services/ssh.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ssh.te 2011-01-14 13:36:33.000000000 +0000
@@ -34,13 +34,12 @@
ssh_server_template(sshd)
init_daemon_domain(sshd_t, sshd_exec_t)
@@ -38220,8 +38232,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
tunable_policy(`ssh_sysadm_login',`
# Relabel and access ptys created by sshd
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.7.19/policy/modules/services/sssd.if
---- nsaserefpolicy/policy/modules/services/sssd.if 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/sssd.if 2010-09-16 16:48:33.455636869 +0200
+--- nsaserefpolicy/policy/modules/services/sssd.if 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/sssd.if 2010-09-16 14:48:33.000000000 +0000
@@ -89,6 +89,7 @@
type sssd_var_run_t;
')
@@ -38262,8 +38274,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd
# Allow sssd_t to restart the apache service
sssd_initrc_domtrans($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.7.19/policy/modules/services/sssd.te
---- nsaserefpolicy/policy/modules/services/sssd.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/sssd.te 2010-08-18 13:10:17.920085544 +0200
+--- nsaserefpolicy/policy/modules/services/sssd.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/sssd.te 2010-08-18 11:10:17.000000000 +0000
@@ -29,9 +29,12 @@
#
# sssd local policy
@@ -38296,8 +38308,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd
dbus_system_bus_client(sssd_t)
dbus_connect_system_bus(sssd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.7.19/policy/modules/services/sysstat.te
---- nsaserefpolicy/policy/modules/services/sysstat.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/sysstat.te 2010-07-27 15:46:39.210073648 +0200
+--- nsaserefpolicy/policy/modules/services/sysstat.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/sysstat.te 2010-07-27 13:46:39.000000000 +0000
@@ -20,7 +20,7 @@
#
@@ -38316,8 +38328,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/syss
+ nscd_socket_use(sysstat_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.if serefpolicy-3.7.19/policy/modules/services/tftp.if
---- nsaserefpolicy/policy/modules/services/tftp.if 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/tftp.if 2010-12-01 13:48:17.722042535 +0100
+--- nsaserefpolicy/policy/modules/services/tftp.if 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/tftp.if 2010-12-01 12:48:17.000000000 +0000
@@ -16,6 +16,26 @@
')
@@ -38395,8 +38407,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
admin_pattern($1, tftpdir_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-3.7.19/policy/modules/services/tftp.te
---- nsaserefpolicy/policy/modules/services/tftp.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/tftp.te 2010-12-01 13:48:12.460043191 +0100
+--- nsaserefpolicy/policy/modules/services/tftp.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/tftp.te 2010-12-01 12:48:12.000000000 +0000
@@ -1,5 +1,4 @@
-
-policy_module(tftp, 1.11.3)
@@ -38449,8 +38461,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd.if serefpolicy-3.7.19/policy/modules/services/tgtd.if
---- nsaserefpolicy/policy/modules/services/tgtd.if 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/tgtd.if 2010-09-15 15:55:31.098636967 +0200
+--- nsaserefpolicy/policy/modules/services/tgtd.if 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/tgtd.if 2010-09-15 13:55:31.000000000 +0000
@@ -26,3 +26,21 @@
allow $1 tgtd_t:sem rw_sem_perms;
@@ -38474,8 +38486,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd
+ allow $1 tgtd_t:sem create_sem_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd.te serefpolicy-3.7.19/policy/modules/services/tgtd.te
---- nsaserefpolicy/policy/modules/services/tgtd.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/tgtd.te 2010-09-15 15:54:21.234637075 +0200
+--- nsaserefpolicy/policy/modules/services/tgtd.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/tgtd.te 2010-09-15 13:54:21.000000000 +0000
@@ -38,7 +38,7 @@
allow tgtd_t self:unix_dgram_socket create_socket_perms;
@@ -38505,8 +38517,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd
+ iscsi_manage_semaphores(tgtd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.if serefpolicy-3.7.19/policy/modules/services/tor.if
---- nsaserefpolicy/policy/modules/services/tor.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/tor.if 2010-09-16 16:46:52.559636983 +0200
+--- nsaserefpolicy/policy/modules/services/tor.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/tor.if 2010-09-16 14:46:52.000000000 +0000
@@ -42,7 +42,7 @@
type tor_initrc_exec_t;
')
@@ -38517,8 +38529,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
init_labeled_script_domtrans($1, tor_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.7.19/policy/modules/services/tor.te
---- nsaserefpolicy/policy/modules/services/tor.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/tor.te 2010-09-13 12:47:18.717085060 +0200
+--- nsaserefpolicy/policy/modules/services/tor.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/tor.te 2010-09-13 10:47:18.000000000 +0000
@@ -43,8 +43,11 @@
#
@@ -38549,8 +38561,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
tunable_policy(`tor_bind_all_unreserved_ports', `
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.fc serefpolicy-3.7.19/policy/modules/services/tuned.fc
---- nsaserefpolicy/policy/modules/services/tuned.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/tuned.fc 2010-07-13 13:49:47.453752782 +0200
+--- nsaserefpolicy/policy/modules/services/tuned.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/tuned.fc 2010-07-13 11:49:47.000000000 +0000
@@ -5,4 +5,5 @@
/var/log/tuned(/.*)? gen_context(system_u:object_r:tuned_log_t,s0)
/var/log/tuned\.log -- gen_context(system_u:object_r:tuned_log_t,s0)
@@ -38558,8 +38570,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tune
+/var/run/tuned(/.*)? -- gen_context(system_u:object_r:tuned_var_run_t,s0)
/var/run/tuned\.pid -- gen_context(system_u:object_r:tuned_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.te serefpolicy-3.7.19/policy/modules/services/tuned.te
---- nsaserefpolicy/policy/modules/services/tuned.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/tuned.te 2010-07-13 14:01:29.318753228 +0200
+--- nsaserefpolicy/policy/modules/services/tuned.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/tuned.te 2010-07-13 12:01:29.000000000 +0000
@@ -25,13 +25,17 @@
#
@@ -38591,8 +38603,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tune
optional_policy(`
sysnet_domtrans_ifconfig(tuned_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucspitcp.if serefpolicy-3.7.19/policy/modules/services/ucspitcp.if
---- nsaserefpolicy/policy/modules/services/ucspitcp.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ucspitcp.if 2010-09-16 15:55:14.630636773 +0200
+--- nsaserefpolicy/policy/modules/services/ucspitcp.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ucspitcp.if 2010-09-16 13:55:14.000000000 +0000
@@ -31,8 +31,5 @@
role system_r types $1;
@@ -38604,8 +38616,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucsp
+ domtrans_pattern(ucspitcp_t, $2, $1)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucspitcp.te serefpolicy-3.7.19/policy/modules/services/ucspitcp.te
---- nsaserefpolicy/policy/modules/services/ucspitcp.te 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ucspitcp.te 2010-05-28 09:42:00.197610559 +0200
+--- nsaserefpolicy/policy/modules/services/ucspitcp.te 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ucspitcp.te 2010-05-28 07:42:00.000000000 +0000
@@ -92,3 +92,8 @@
daemontools_service_domain(ucspitcp_t, ucspitcp_exec_t)
daemontools_read_svc(ucspitcp_t)
@@ -38616,8 +38628,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucsp
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.te serefpolicy-3.7.19/policy/modules/services/ulogd.te
---- nsaserefpolicy/policy/modules/services/ulogd.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/ulogd.te 2010-08-24 14:41:34.195084825 +0200
+--- nsaserefpolicy/policy/modules/services/ulogd.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/ulogd.te 2010-08-24 12:41:34.000000000 +0000
@@ -32,6 +32,9 @@
allow ulogd_t self:capability net_admin;
@@ -38649,16 +38661,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulog
+ postgresql_tcp_connect(ulogd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbmuxd.fc serefpolicy-3.7.19/policy/modules/services/usbmuxd.fc
---- nsaserefpolicy/policy/modules/services/usbmuxd.fc 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/usbmuxd.fc 2010-05-28 09:42:00.198610771 +0200
+--- nsaserefpolicy/policy/modules/services/usbmuxd.fc 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/usbmuxd.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,3 +1,3 @@
/usr/sbin/usbmuxd -- gen_context(system_u:object_r:usbmuxd_exec_t,s0)
-/var/run/usbmuxd -s gen_context(system_u:object_r:usbmuxd_var_run_t,s0)
+/var/run/usbmuxd.* gen_context(system_u:object_r:usbmuxd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.if serefpolicy-3.7.19/policy/modules/services/uucp.if
---- nsaserefpolicy/policy/modules/services/uucp.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/uucp.if 2010-09-16 16:47:05.182637460 +0200
+--- nsaserefpolicy/policy/modules/services/uucp.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/uucp.if 2010-09-16 14:47:05.000000000 +0000
@@ -1,5 +1,24 @@
## <summary>Unix to Unix Copy</summary>
@@ -38694,8 +38706,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp
logging_list_logs($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.7.19/policy/modules/services/uucp.te
---- nsaserefpolicy/policy/modules/services/uucp.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/uucp.te 2010-11-11 16:29:14.234398746 +0100
+--- nsaserefpolicy/policy/modules/services/uucp.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/uucp.te 2010-11-11 15:29:14.000000000 +0000
@@ -84,6 +84,7 @@
corenet_udp_sendrecv_generic_node(uucpd_t)
corenet_tcp_sendrecv_all_ports(uucpd_t)
@@ -38725,8 +38737,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp
files_read_etc_files(uux_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varnishd.if serefpolicy-3.7.19/policy/modules/services/varnishd.if
---- nsaserefpolicy/policy/modules/services/varnishd.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/varnishd.if 2010-05-28 09:42:00.198610771 +0200
+--- nsaserefpolicy/policy/modules/services/varnishd.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/varnishd.if 2010-05-28 07:42:00.000000000 +0000
@@ -56,6 +56,25 @@
read_files_pattern($1, varnishd_etc_t, varnishd_etc_t)
')
@@ -38754,8 +38766,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varn
## <summary>
## Read varnish logs.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varnishd.te serefpolicy-3.7.19/policy/modules/services/varnishd.te
---- nsaserefpolicy/policy/modules/services/varnishd.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/varnishd.te 2010-08-04 15:24:49.633084903 +0200
+--- nsaserefpolicy/policy/modules/services/varnishd.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/varnishd.te 2010-08-04 13:24:49.000000000 +0000
@@ -52,6 +52,7 @@
#
@@ -38765,8 +38777,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varn
allow varnishd_t self:fifo_file rw_fifo_file_perms;
allow varnishd_t self:tcp_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.fc serefpolicy-3.7.19/policy/modules/services/vhostmd.fc
---- nsaserefpolicy/policy/modules/services/vhostmd.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/vhostmd.fc 2010-07-21 10:49:49.095135392 +0200
+--- nsaserefpolicy/policy/modules/services/vhostmd.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/vhostmd.fc 2010-07-21 08:49:49.000000000 +0000
@@ -1,5 +1,5 @@
-/etc/rc.d/init.d/vhostmd -- gen_context(system_u:object_r:vhostmd_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/vhostmd -- gen_context(system_u:object_r:vhostmd_initrc_exec_t,s0)
@@ -38776,8 +38788,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhos
-/var/run/vhostmd.pid -- gen_context(system_u:object_r:vhostmd_var_run_t,s0)
+/var/run/vhostmd\.pid -- gen_context(system_u:object_r:vhostmd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.if serefpolicy-3.7.19/policy/modules/services/vhostmd.if
---- nsaserefpolicy/policy/modules/services/vhostmd.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/vhostmd.if 2010-09-16 16:16:14.800637139 +0200
+--- nsaserefpolicy/policy/modules/services/vhostmd.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/vhostmd.if 2010-09-16 14:16:14.000000000 +0000
@@ -51,8 +51,8 @@
type vhostmd_tmpfs_t;
')
@@ -38828,8 +38840,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhos
role_transition $2 vhostmd_initrc_exec_t system_r;
allow $2 system_r;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.te serefpolicy-3.7.19/policy/modules/services/vhostmd.te
---- nsaserefpolicy/policy/modules/services/vhostmd.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/vhostmd.te 2010-08-10 16:37:30.997085210 +0200
+--- nsaserefpolicy/policy/modules/services/vhostmd.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/vhostmd.te 2010-08-10 14:37:30.000000000 +0000
@@ -45,6 +45,8 @@
corenet_tcp_connect_soundd_port(vhostmd_t)
@@ -38849,8 +38861,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhos
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.7.19/policy/modules/services/virt.fc
---- nsaserefpolicy/policy/modules/services/virt.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/virt.fc 2010-08-18 14:33:42.065085583 +0200
+--- nsaserefpolicy/policy/modules/services/virt.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/virt.fc 2010-08-18 12:33:42.000000000 +0000
@@ -12,18 +12,19 @@
/etc/xen/[^/]* -d gen_context(system_u:object_r:virt_etc_rw_t,s0)
/etc/xen/.*/.* gen_context(system_u:object_r:virt_etc_rw_t,s0)
@@ -38875,8 +38887,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
/var/vdsm(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.7.19/policy/modules/services/virt.if
---- nsaserefpolicy/policy/modules/services/virt.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/virt.if 2010-09-23 12:59:31.493386880 +0200
+--- nsaserefpolicy/policy/modules/services/virt.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/virt.if 2010-09-23 10:59:31.000000000 +0000
@@ -21,6 +21,8 @@
type $1_t, virt_domain;
domain_type($1_t)
@@ -39090,8 +39102,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
+ dontaudit $1 virtd_t:fifo_file write;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.7.19/policy/modules/services/virt.te
---- nsaserefpolicy/policy/modules/services/virt.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/virt.te 2011-01-07 14:27:09.212042336 +0100
+--- nsaserefpolicy/policy/modules/services/virt.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/virt.te 2011-01-24 17:03:51.777455001 +0000
@@ -1,5 +1,5 @@
-policy_module(virt, 1.3.2)
@@ -39218,13 +39230,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
xen_rw_image_files(svirt_t)
')
-@@ -179,22 +203,30 @@
+@@ -179,22 +203,32 @@
#
allow virtd_t self:capability { chown dac_override fowner ipc_lock kill mknod net_admin net_raw setpcap setuid setgid sys_admin sys_nice sys_ptrace };
-allow virtd_t self:process { getcap getsched setcap sigkill signal signull execmem setexec setfscreate setsched };
+allow virtd_t self:process { getcap getsched setcap sigkill signal signull execmem setexec setfscreate setsockcreate setsched };
++allow virtd_t self:fifo_file { manage_fifo_file_perms relabelfrom
++relabelto };
allow virtd_t self:fifo_file rw_fifo_file_perms;
allow virtd_t self:unix_stream_socket create_stream_socket_perms;
allow virtd_t self:tcp_socket create_stream_socket_perms;
@@ -39252,7 +39266,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
read_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
read_lnk_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
-@@ -205,8 +237,14 @@
+@@ -205,8 +239,14 @@
manage_files_pattern(virtd_t, virt_image_type, virt_image_type)
manage_blk_files_pattern(virtd_t, virt_image_type, virt_image_type)
@@ -39269,7 +39283,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t)
manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
-@@ -225,6 +263,7 @@
+@@ -225,6 +265,7 @@
kernel_read_system_state(virtd_t)
kernel_read_network_state(virtd_t)
kernel_rw_net_sysctls(virtd_t)
@@ -39277,7 +39291,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
kernel_request_load_module(virtd_t)
kernel_search_debugfs(virtd_t)
-@@ -248,18 +287,27 @@
+@@ -248,18 +289,27 @@
dev_rw_kvm(virtd_t)
dev_getattr_all_chr_files(virtd_t)
dev_rw_mtrr(virtd_t)
@@ -39306,7 +39320,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
fs_list_auto_mountpoints(virtd_t)
fs_getattr_xattr_fs(virtd_t)
-@@ -267,6 +315,18 @@
+@@ -267,6 +317,18 @@
fs_list_inotifyfs(virtd_t)
fs_manage_cgroup_dirs(virtd_t)
fs_rw_cgroup_files(virtd_t)
@@ -39325,7 +39339,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
mcs_process_set_categories(virtd_t)
-@@ -290,16 +350,26 @@
+@@ -290,16 +352,26 @@
modutils_manage_module_config(virtd_t)
logging_send_syslog_msg(virtd_t)
@@ -39352,7 +39366,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
tunable_policy(`virt_use_nfs',`
fs_manage_nfs_dirs(virtd_t)
-@@ -318,6 +388,10 @@
+@@ -318,6 +390,10 @@
')
optional_policy(`
@@ -39363,7 +39377,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
dbus_system_bus_client(virtd_t)
optional_policy(`
-@@ -370,6 +444,8 @@
+@@ -370,6 +446,8 @@
qemu_signal(virtd_t)
qemu_kill(virtd_t)
qemu_setsched(virtd_t)
@@ -39372,7 +39386,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
')
optional_policy(`
-@@ -407,6 +483,19 @@
+@@ -407,6 +485,19 @@
allow virt_domain self:unix_dgram_socket { create_socket_perms sendto };
allow virt_domain self:tcp_socket create_stream_socket_perms;
@@ -39392,7 +39406,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
append_files_pattern(virt_domain, virt_log_t, virt_log_t)
append_files_pattern(virt_domain, virt_var_lib_t, virt_var_lib_t)
-@@ -427,6 +516,7 @@
+@@ -427,6 +518,7 @@
corenet_tcp_bind_virt_migration_port(virt_domain)
corenet_tcp_connect_virt_migration_port(virt_domain)
@@ -39400,7 +39414,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
dev_read_rand(virt_domain)
dev_read_sound(virt_domain)
dev_read_urand(virt_domain)
-@@ -434,10 +524,12 @@
+@@ -434,10 +526,12 @@
dev_rw_ksm(virt_domain)
dev_rw_kvm(virt_domain)
dev_rw_qemu(virt_domain)
@@ -39413,7 +39427,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
files_read_usr_files(virt_domain)
files_read_var_files(virt_domain)
files_search_all(virt_domain)
-@@ -445,6 +537,11 @@
+@@ -445,6 +539,11 @@
fs_getattr_tmpfs(virt_domain)
fs_rw_anon_inodefs_files(virt_domain)
fs_rw_tmpfs_files(virt_domain)
@@ -39425,7 +39439,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
term_use_all_terms(virt_domain)
term_getattr_pty_fs(virt_domain)
-@@ -462,8 +559,13 @@
+@@ -462,8 +561,13 @@
')
optional_policy(`
@@ -39440,8 +39454,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.7.19/policy/modules/services/w3c.te
---- nsaserefpolicy/policy/modules/services/w3c.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/w3c.te 2010-06-16 16:52:11.832865080 +0200
+--- nsaserefpolicy/policy/modules/services/w3c.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/w3c.te 2010-06-16 14:52:11.000000000 +0000
@@ -8,11 +8,18 @@
apache_content_template(w3c_validator)
@@ -39468,8 +39482,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.
+
+apache_dontaudit_rw_tmp_files(httpd_w3c_validator_script_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xfs.if serefpolicy-3.7.19/policy/modules/services/xfs.if
---- nsaserefpolicy/policy/modules/services/xfs.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/xfs.if 2010-09-16 15:50:24.207636935 +0200
+--- nsaserefpolicy/policy/modules/services/xfs.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/xfs.if 2010-09-16 13:50:24.000000000 +0000
@@ -1,4 +1,4 @@
-## <summary>X Windows Font Server </summary>
+## <summary>X Windows Font Server</summary>
@@ -39477,8 +39491,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xfs.
########################################
## <summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.7.19/policy/modules/services/xserver.fc
---- nsaserefpolicy/policy/modules/services/xserver.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/xserver.fc 2010-10-01 15:30:07.992599971 +0200
+--- nsaserefpolicy/policy/modules/services/xserver.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/xserver.fc 2010-10-01 13:30:07.000000000 +0000
@@ -2,13 +2,23 @@
# HOME_DIR
#
@@ -39602,8 +39616,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+/var/lib/pqsql/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.7.19/policy/modules/services/xserver.if
---- nsaserefpolicy/policy/modules/services/xserver.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/xserver.if 2011-01-07 14:00:01.543041896 +0100
+--- nsaserefpolicy/policy/modules/services/xserver.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/xserver.if 2011-01-07 13:00:01.000000000 +0000
@@ -19,9 +19,10 @@
interface(`xserver_restricted_role',`
gen_require(`
@@ -40372,8 +40386,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+ manage_files_pattern($1, user_fonts_config_t, user_fonts_config_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.7.19/policy/modules/services/xserver.te
---- nsaserefpolicy/policy/modules/services/xserver.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/xserver.te 2010-11-02 18:15:31.232651388 +0100
+--- nsaserefpolicy/policy/modules/services/xserver.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/xserver.te 2010-11-02 17:15:31.000000000 +0000
@@ -1,5 +1,5 @@
-policy_module(xserver, 3.3.2)
@@ -41317,8 +41331,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+ fs_append_cifs_files(xdmhomewriter)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.if serefpolicy-3.7.19/policy/modules/services/zebra.if
---- nsaserefpolicy/policy/modules/services/zebra.if 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/zebra.if 2010-09-16 15:45:27.161386642 +0200
+--- nsaserefpolicy/policy/modules/services/zebra.if 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/zebra.if 2010-09-16 13:45:27.000000000 +0000
@@ -38,8 +38,7 @@
')
@@ -41330,8 +41344,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.if serefpolicy-3.7.19/policy/modules/services/zosremote.if
---- nsaserefpolicy/policy/modules/services/zosremote.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/zosremote.if 2010-09-16 15:54:12.998637035 +0200
+--- nsaserefpolicy/policy/modules/services/zosremote.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/services/zosremote.if 2010-09-16 13:54:12.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run audispd-zos-remote.
## </summary>
@@ -41345,8 +41359,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosr
#
interface(`zosremote_domtrans',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.if serefpolicy-3.7.19/policy/modules/system/application.if
---- nsaserefpolicy/policy/modules/system/application.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/application.if 2011-01-18 17:37:24.656040920 +0100
+--- nsaserefpolicy/policy/modules/system/application.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/application.if 2011-01-18 16:37:24.000000000 +0000
@@ -130,3 +130,76 @@
allow $1 application_domain_type:process signull;
@@ -41425,8 +41439,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.7.19/policy/modules/system/application.te
---- nsaserefpolicy/policy/modules/system/application.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/application.te 2010-05-28 09:42:00.208611712 +0200
+--- nsaserefpolicy/policy/modules/system/application.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/application.te 2010-05-28 07:42:00.000000000 +0000
@@ -7,6 +7,22 @@
# Executables to be run by user
attribute application_exec_type;
@@ -41451,8 +41465,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic
ssh_sigchld(application_domain_type)
ssh_rw_stream_sockets(application_domain_type)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.7.19/policy/modules/system/authlogin.fc
---- nsaserefpolicy/policy/modules/system/authlogin.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/authlogin.fc 2010-11-10 15:15:13.229148284 +0100
+--- nsaserefpolicy/policy/modules/system/authlogin.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/authlogin.fc 2010-11-10 14:15:13.000000000 +0000
@@ -10,6 +10,7 @@
/sbin/pam_console_apply -- gen_context(system_u:object_r:pam_console_exec_t,s0)
/sbin/pam_timestamp_check -- gen_context(system_u:object_r:pam_exec_t,s0)
@@ -41470,8 +41484,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
/var/run/pam_ssh(/.*)? gen_context(system_u:object_r:var_auth_t,s0)
/var/run/sepermit(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.7.19/policy/modules/system/authlogin.if
---- nsaserefpolicy/policy/modules/system/authlogin.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/authlogin.if 2011-01-14 14:33:19.234041121 +0100
+--- nsaserefpolicy/policy/modules/system/authlogin.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/authlogin.if 2011-01-14 13:33:19.000000000 +0000
@@ -41,7 +41,6 @@
## </param>
#
@@ -41622,8 +41636,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.7.19/policy/modules/system/authlogin.te
---- nsaserefpolicy/policy/modules/system/authlogin.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/authlogin.te 2011-01-14 14:32:33.697042630 +0100
+--- nsaserefpolicy/policy/modules/system/authlogin.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/authlogin.te 2011-01-14 13:32:33.000000000 +0000
@@ -6,9 +6,17 @@
# Declarations
#
@@ -41666,8 +41680,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+ ')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.if serefpolicy-3.7.19/policy/modules/system/daemontools.if
---- nsaserefpolicy/policy/modules/system/daemontools.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/daemontools.if 2010-05-28 09:42:00.211610814 +0200
+--- nsaserefpolicy/policy/modules/system/daemontools.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/daemontools.if 2010-05-28 07:42:00.000000000 +0000
@@ -71,6 +71,32 @@
domtrans_pattern($1, svc_start_exec_t, svc_start_t)
')
@@ -41749,8 +41763,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemon
+ allow $1 svc_run_t:process sigchld;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.te serefpolicy-3.7.19/policy/modules/system/daemontools.te
---- nsaserefpolicy/policy/modules/system/daemontools.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/daemontools.te 2010-05-28 09:42:00.211610814 +0200
+--- nsaserefpolicy/policy/modules/system/daemontools.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/daemontools.te 2010-05-28 07:42:00.000000000 +0000
@@ -39,7 +39,10 @@
# multilog creates /service/*/log/status
manage_files_pattern(svc_multilog_t, svc_svc_t, svc_svc_t)
@@ -41824,8 +41838,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemon
daemontools_domtrans_run(svc_start_t)
daemontools_manage_svc(svc_start_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.7.19/policy/modules/system/fstools.fc
---- nsaserefpolicy/policy/modules/system/fstools.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/fstools.fc 2010-05-28 09:42:00.212610747 +0200
+--- nsaserefpolicy/policy/modules/system/fstools.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/fstools.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,4 +1,3 @@
-/sbin/badblocks -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/blkid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -41840,8 +41854,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
/sbin/partprobe -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.7.19/policy/modules/system/fstools.te
---- nsaserefpolicy/policy/modules/system/fstools.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/fstools.te 2010-08-30 20:22:56.254334577 +0200
+--- nsaserefpolicy/policy/modules/system/fstools.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/fstools.te 2010-08-30 18:22:56.000000000 +0000
@@ -118,6 +118,8 @@
fs_search_tmpfs(fsadm_t)
fs_getattr_tmpfs_dirs(fsadm_t)
@@ -41887,8 +41901,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
xen_rw_image_files(fsadm_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-3.7.19/policy/modules/system/getty.te
---- nsaserefpolicy/policy/modules/system/getty.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/getty.te 2010-05-28 09:42:00.213610890 +0200
+--- nsaserefpolicy/policy/modules/system/getty.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/getty.te 2010-05-28 07:42:00.000000000 +0000
@@ -84,7 +84,7 @@
term_setattr_all_ttys(getty_t)
term_setattr_unallocated_ttys(getty_t)
@@ -41899,8 +41913,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.
auth_rw_login_records(getty_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.7.19/policy/modules/system/hostname.te
---- nsaserefpolicy/policy/modules/system/hostname.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/hostname.te 2010-05-28 09:42:00.214610824 +0200
+--- nsaserefpolicy/policy/modules/system/hostname.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/hostname.te 2010-05-28 07:42:00.000000000 +0000
@@ -27,15 +27,18 @@
dev_read_sysfs(hostname_t)
@@ -41932,8 +41946,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna
xen_dontaudit_use_fds(hostname_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplug.te serefpolicy-3.7.19/policy/modules/system/hotplug.te
---- nsaserefpolicy/policy/modules/system/hotplug.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/hotplug.te 2010-08-11 15:18:19.642089570 +0200
+--- nsaserefpolicy/policy/modules/system/hotplug.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/hotplug.te 2010-08-11 13:18:19.000000000 +0000
@@ -24,7 +24,7 @@
#
@@ -41953,8 +41967,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplu
files_read_kernel_modules(hotplug_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.7.19/policy/modules/system/init.fc
---- nsaserefpolicy/policy/modules/system/init.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/init.fc 2010-05-28 09:42:00.214610824 +0200
+--- nsaserefpolicy/policy/modules/system/init.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/init.fc 2010-05-28 07:42:00.000000000 +0000
@@ -44,6 +44,9 @@
/usr/sbin/apachectl -- gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -41966,8 +41980,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.f
#
# /var
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.7.19/policy/modules/system/init.if
---- nsaserefpolicy/policy/modules/system/init.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/init.if 2011-01-14 14:25:37.423041886 +0100
+--- nsaserefpolicy/policy/modules/system/init.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/init.if 2011-01-14 13:25:37.000000000 +0000
@@ -193,8 +193,10 @@
gen_require(`
attribute direct_run_init, direct_init, direct_init_entry;
@@ -42315,8 +42329,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
+ manage_files_pattern($1, initrc_state_t, initrc_state_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.7.19/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/init.te 2011-01-18 16:03:10.193041196 +0100
+--- nsaserefpolicy/policy/modules/system/init.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/init.te 2011-01-18 15:03:10.000000000 +0000
@@ -1,5 +1,5 @@
-policy_module(init, 1.14.2)
@@ -42836,8 +42850,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
+ fail2ban_read_lib_files(daemon)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.7.19/policy/modules/system/ipsec.fc
---- nsaserefpolicy/policy/modules/system/ipsec.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/ipsec.fc 2010-08-04 14:47:49.067094603 +0200
+--- nsaserefpolicy/policy/modules/system/ipsec.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/ipsec.fc 2010-08-04 12:47:49.000000000 +0000
@@ -25,6 +25,7 @@
/usr/libexec/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0)
/usr/libexec/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
@@ -42856,8 +42870,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
/var/run/pluto(/.*)? gen_context(system_u:object_r:ipsec_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.7.19/policy/modules/system/ipsec.if
---- nsaserefpolicy/policy/modules/system/ipsec.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/ipsec.if 2010-08-11 11:42:38.707085427 +0200
+--- nsaserefpolicy/policy/modules/system/ipsec.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/ipsec.if 2010-08-11 09:42:38.000000000 +0000
@@ -18,6 +18,24 @@
domtrans_pattern($1, ipsec_exec_t, ipsec_t)
')
@@ -42963,8 +42977,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
+ allow ipsec_mgmt_t $1:dbus send_msg;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.7.19/policy/modules/system/ipsec.te
---- nsaserefpolicy/policy/modules/system/ipsec.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/ipsec.te 2010-08-10 17:44:19.793085351 +0200
+--- nsaserefpolicy/policy/modules/system/ipsec.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/ipsec.te 2010-08-10 15:44:19.000000000 +0000
@@ -73,7 +73,7 @@
#
@@ -43124,8 +43138,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
userdom_use_user_terminals(setkey_t)
+userdom_read_user_tmp_files(setkey_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.7.19/policy/modules/system/iptables.fc
---- nsaserefpolicy/policy/modules/system/iptables.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/iptables.fc 2010-07-13 08:46:46.673502862 +0200
+--- nsaserefpolicy/policy/modules/system/iptables.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/iptables.fc 2010-07-13 06:46:46.000000000 +0000
@@ -1,13 +1,19 @@
/etc/rc\.d/init\.d/ip6?tables -- gen_context(system_u:object_r:iptables_initrc_exec_t,s0)
-/etc/sysconfig/ip6?tables.* -- gen_context(system_u:object_r:iptables_conf_t,s0)
@@ -43149,8 +43163,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
/usr/sbin/iptables-restore -- gen_context(system_u:object_r:iptables_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.7.19/policy/modules/system/iptables.if
---- nsaserefpolicy/policy/modules/system/iptables.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/iptables.if 2010-05-28 09:42:00.220610773 +0200
+--- nsaserefpolicy/policy/modules/system/iptables.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/iptables.if 2010-05-28 07:42:00.000000000 +0000
@@ -17,6 +17,10 @@
corecmd_search_bin($1)
@@ -43163,8 +43177,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.7.19/policy/modules/system/iptables.te
---- nsaserefpolicy/policy/modules/system/iptables.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/iptables.te 2010-09-09 13:43:36.973085060 +0200
+--- nsaserefpolicy/policy/modules/system/iptables.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/iptables.te 2010-09-09 11:43:36.000000000 +0000
@@ -14,9 +14,6 @@
type iptables_initrc_exec_t;
init_script_file(iptables_initrc_exec_t)
@@ -43263,8 +43277,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-3.7.19/policy/modules/system/iscsi.if
---- nsaserefpolicy/policy/modules/system/iscsi.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/iscsi.if 2010-05-28 09:42:00.221610567 +0200
+--- nsaserefpolicy/policy/modules/system/iscsi.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/iscsi.if 2010-05-28 07:42:00.000000000 +0000
@@ -56,3 +56,21 @@
allow $1 iscsi_var_lib_t:dir list_dir_perms;
files_search_var_lib($1)
@@ -43288,8 +43302,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
+ allow $1 iscsid_t:sem create_sem_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.7.19/policy/modules/system/iscsi.te
---- nsaserefpolicy/policy/modules/system/iscsi.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/iscsi.te 2011-01-03 08:55:36.369042409 +0100
+--- nsaserefpolicy/policy/modules/system/iscsi.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/iscsi.te 2011-01-03 07:55:36.000000000 +0000
@@ -32,7 +32,9 @@
#
@@ -43329,8 +43343,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
+ tgtd_manage_semaphores(iscsid_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/kdump.te serefpolicy-3.7.19/policy/modules/system/kdump.te
---- nsaserefpolicy/policy/modules/system/kdump.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/kdump.te 2010-08-11 11:35:47.007335356 +0200
+--- nsaserefpolicy/policy/modules/system/kdump.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/kdump.te 2010-08-11 09:35:47.000000000 +0000
@@ -28,8 +28,10 @@
files_read_etc_runtime_files(kdump_t)
files_read_kernel_img(kdump_t)
@@ -43343,8 +43357,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/kdump.
dev_read_framebuffer(kdump_t)
dev_read_sysfs(kdump_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.19/policy/modules/system/libraries.fc
---- nsaserefpolicy/policy/modules/system/libraries.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/libraries.fc 2011-01-03 15:19:24.272041163 +0100
+--- nsaserefpolicy/policy/modules/system/libraries.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/libraries.fc 2011-01-03 14:19:24.000000000 +0000
@@ -127,17 +127,23 @@
/usr/lib64/altivec/libavcodec\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib(64)?/cedega/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -43573,8 +43587,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
+/opt/google/picasa/.*\.dll -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/opt/google/picasa/.*\.yti -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.7.19/policy/modules/system/libraries.te
---- nsaserefpolicy/policy/modules/system/libraries.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/libraries.te 2010-05-28 09:42:00.223612180 +0200
+--- nsaserefpolicy/policy/modules/system/libraries.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/libraries.te 2010-05-28 07:42:00.000000000 +0000
@@ -62,7 +62,7 @@
manage_files_pattern(ldconfig_t, ldconfig_cache_t, ldconfig_cache_t)
@@ -43612,16 +43626,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
ifdef(`distro_gentoo',`
# leaked fds from portage
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.fc serefpolicy-3.7.19/policy/modules/system/locallogin.fc
---- nsaserefpolicy/policy/modules/system/locallogin.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/locallogin.fc 2010-07-14 11:26:45.251159071 +0200
+--- nsaserefpolicy/policy/modules/system/locallogin.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/locallogin.fc 2010-07-14 09:26:45.000000000 +0000
@@ -1,2 +1,4 @@
/sbin/sulogin -- gen_context(system_u:object_r:sulogin_exec_t,s0)
+/sbin/sushell -- gen_context(system_u:object_r:sulogin_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.7.19/policy/modules/system/locallogin.te
---- nsaserefpolicy/policy/modules/system/locallogin.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/locallogin.te 2010-05-28 09:42:00.245611274 +0200
+--- nsaserefpolicy/policy/modules/system/locallogin.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/locallogin.te 2010-05-28 07:42:00.000000000 +0000
@@ -33,9 +33,8 @@
# Local login local policy
#
@@ -43724,8 +43738,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locall
- nscd_socket_use(sulogin_t)
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.7.19/policy/modules/system/logging.fc
---- nsaserefpolicy/policy/modules/system/logging.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/logging.fc 2011-01-03 10:28:54.454042244 +0100
+--- nsaserefpolicy/policy/modules/system/logging.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/logging.fc 2011-01-03 09:28:54.000000000 +0000
@@ -17,6 +17,10 @@
/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0)
@@ -43767,8 +43781,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+
+/var/webmin(/.*)? gen_context(system_u:object_r:var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.7.19/policy/modules/system/logging.if
---- nsaserefpolicy/policy/modules/system/logging.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/logging.if 2010-09-16 15:43:30.178636919 +0200
+--- nsaserefpolicy/policy/modules/system/logging.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/logging.if 2010-09-16 13:43:30.000000000 +0000
@@ -545,6 +545,25 @@
########################################
@@ -43867,8 +43881,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
domain_system_change_exemption($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.7.19/policy/modules/system/logging.te
---- nsaserefpolicy/policy/modules/system/logging.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/logging.te 2010-08-18 13:16:17.741085184 +0200
+--- nsaserefpolicy/policy/modules/system/logging.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/logging.te 2010-08-18 11:16:17.000000000 +0000
@@ -61,6 +61,7 @@
type syslogd_t;
type syslogd_exec_t;
@@ -43961,8 +43975,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.7.19/policy/modules/system/lvm.fc
---- nsaserefpolicy/policy/modules/system/lvm.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/lvm.fc 2010-12-07 14:22:23.642042343 +0100
+--- nsaserefpolicy/policy/modules/system/lvm.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/lvm.fc 2010-12-07 13:22:23.000000000 +0000
@@ -28,10 +28,12 @@
#
/lib/lvm-10/.* -- gen_context(system_u:object_r:lvm_exec_t,s0)
@@ -43984,8 +43998,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc
/var/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.if serefpolicy-3.7.19/policy/modules/system/lvm.if
---- nsaserefpolicy/policy/modules/system/lvm.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/lvm.if 2010-09-02 13:55:45.873084762 +0200
+--- nsaserefpolicy/policy/modules/system/lvm.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/lvm.if 2010-09-02 11:55:45.000000000 +0000
@@ -34,7 +34,7 @@
type lvm_exec_t;
')
@@ -44019,8 +44033,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.if
+ allow $1 clvmd_tmpfs_t:file unlink;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.7.19/policy/modules/system/lvm.te
---- nsaserefpolicy/policy/modules/system/lvm.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/lvm.te 2010-09-02 13:43:13.984335270 +0200
+--- nsaserefpolicy/policy/modules/system/lvm.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/lvm.te 2010-09-02 11:43:13.000000000 +0000
@@ -13,6 +13,9 @@
type clvmd_initrc_exec_t;
init_script_file(clvmd_initrc_exec_t)
@@ -44121,8 +44135,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.7.19/policy/modules/system/miscfiles.fc
---- nsaserefpolicy/policy/modules/system/miscfiles.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/miscfiles.fc 2010-12-20 14:52:26.229042213 +0100
+--- nsaserefpolicy/policy/modules/system/miscfiles.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/miscfiles.fc 2010-12-20 13:52:26.000000000 +0000
@@ -9,7 +9,9 @@
# /etc
#
@@ -44150,8 +44164,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
ifdef(`distro_debian',`
/var/lib/msttcorefonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.7.19/policy/modules/system/miscfiles.if
---- nsaserefpolicy/policy/modules/system/miscfiles.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/miscfiles.if 2010-08-13 08:51:13.070085230 +0200
+--- nsaserefpolicy/policy/modules/system/miscfiles.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/miscfiles.if 2010-08-13 06:51:13.000000000 +0000
@@ -1,5 +1,49 @@
## <summary>Miscelaneous files.</summary>
@@ -44230,8 +44244,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.te serefpolicy-3.7.19/policy/modules/system/miscfiles.te
---- nsaserefpolicy/policy/modules/system/miscfiles.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/miscfiles.te 2010-08-13 08:20:38.726085384 +0200
+--- nsaserefpolicy/policy/modules/system/miscfiles.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/miscfiles.te 2010-08-13 06:20:38.000000000 +0000
@@ -6,11 +6,13 @@
# Declarations
#
@@ -44248,8 +44262,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
#
# fonts_t is the type of various font
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.if serefpolicy-3.7.19/policy/modules/system/modutils.if
---- nsaserefpolicy/policy/modules/system/modutils.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/modutils.if 2010-06-16 22:16:32.597859978 +0200
+--- nsaserefpolicy/policy/modules/system/modutils.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/modutils.if 2010-06-16 20:16:32.000000000 +0000
@@ -37,6 +37,26 @@
allow $1 modules_dep_t:file read_file_perms;
')
@@ -44278,8 +44292,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
## <summary>
## Read the configuration options used when
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.7.19/policy/modules/system/modutils.te
---- nsaserefpolicy/policy/modules/system/modutils.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/modutils.te 2010-12-07 10:05:17.730292521 +0100
+--- nsaserefpolicy/policy/modules/system/modutils.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/modutils.te 2010-12-07 09:05:17.000000000 +0000
@@ -19,8 +19,12 @@
type insmod_exec_t;
application_domain(insmod_t, insmod_exec_t)
@@ -44399,8 +44413,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
dev_rw_xserver_misc(insmod_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.7.19/policy/modules/system/mount.fc
---- nsaserefpolicy/policy/modules/system/mount.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/mount.fc 2010-05-28 09:42:00.508610668 +0200
+--- nsaserefpolicy/policy/modules/system/mount.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/mount.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,4 +1,10 @@
/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
@@ -44414,8 +44428,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+/var/cache/davfs2(/.*)? gen_context(system_u:object_r:mount_var_run_t,s0)
+/var/run/davfs2(/.*)? gen_context(system_u:object_r:mount_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.7.19/policy/modules/system/mount.if
---- nsaserefpolicy/policy/modules/system/mount.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/mount.if 2010-05-28 09:42:00.509611579 +0200
+--- nsaserefpolicy/policy/modules/system/mount.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/mount.if 2010-05-28 07:42:00.000000000 +0000
@@ -16,6 +16,14 @@
')
@@ -44614,8 +44628,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+ role $2 types showmount_t;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.7.19/policy/modules/system/mount.te
---- nsaserefpolicy/policy/modules/system/mount.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/mount.te 2010-12-01 14:32:13.850040866 +0100
+--- nsaserefpolicy/policy/modules/system/mount.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/mount.te 2010-12-01 13:32:13.000000000 +0000
@@ -18,8 +18,15 @@
init_system_domain(mount_t, mount_exec_t)
role system_r types mount_t;
@@ -44914,8 +44928,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+
+userdom_use_user_terminals(showmount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.fc serefpolicy-3.7.19/policy/modules/system/raid.fc
---- nsaserefpolicy/policy/modules/system/raid.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/raid.fc 2011-01-20 11:41:49.880042636 +0100
+--- nsaserefpolicy/policy/modules/system/raid.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/raid.fc 2011-01-20 10:41:49.000000000 +0000
@@ -1,5 +1,10 @@
/dev/.mdadm.map -- gen_context(system_u:object_r:mdadm_map_t,s0)
@@ -44928,8 +44942,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.f
/sbin/mdmpd -- gen_context(system_u:object_r:mdadm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.7.19/policy/modules/system/raid.te
---- nsaserefpolicy/policy/modules/system/raid.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/raid.te 2011-01-20 11:45:32.007043992 +0100
+--- nsaserefpolicy/policy/modules/system/raid.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/raid.te 2011-01-20 10:45:32.000000000 +0000
@@ -26,6 +26,7 @@
dontaudit mdadm_t self:capability sys_tty_config;
allow mdadm_t self:process { sigchld sigkill sigstop signull signal };
@@ -44955,8 +44969,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.t
term_dontaudit_list_ptys(mdadm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.7.19/policy/modules/system/selinuxutil.fc
---- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/selinuxutil.fc 2010-05-28 09:42:00.511610748 +0200
+--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/selinuxutil.fc 2010-05-28 07:42:00.000000000 +0000
@@ -6,13 +6,13 @@
/etc/selinux(/.*)? gen_context(system_u:object_r:selinux_config_t,s0)
/etc/selinux/([^/]*/)?contexts(/.*)? gen_context(system_u:object_r:default_context_t,s0)
@@ -44997,8 +45011,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+/etc/share/selinux/targeted(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
+/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.7.19/policy/modules/system/selinuxutil.if
---- nsaserefpolicy/policy/modules/system/selinuxutil.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/selinuxutil.if 2011-01-18 15:44:52.758042314 +0100
+--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/selinuxutil.if 2011-01-24 18:44:51.054455001 +0000
@@ -199,6 +199,10 @@
role $2 types newrole_t;
@@ -45049,10 +45063,36 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
')
########################################
-@@ -545,6 +574,53 @@
+@@ -543,6 +572,77 @@
+ role $2 types setfiles_t;
+ ')
- ########################################
- ## <summary>
++#######################################
++## <summary>
++## Allow access for a role to setfiles_t private type
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## The role to be allowed the setfiles domain.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`seutil_role_allow_setfiles',`
++ gen_require(`
++ type setfiles_t;
++ ')
++
++ role $1 types setfiles_t;
++')
++
++########################################
++## <summary>
+## Execute setfiles in the setfiles domain.
+## </summary>
+## <param name="domain">
@@ -45098,12 +45138,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+ role $2 types setfiles_mac_t;
+')
+
-+########################################
-+## <summary>
+ ########################################
+ ## <summary>
## Execute setfiles in the caller domain.
- ## </summary>
- ## <param name="domain">
-@@ -690,6 +766,7 @@
+@@ -690,6 +790,7 @@
')
files_search_etc($1)
@@ -45111,7 +45149,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
manage_files_pattern($1, selinux_config_t, selinux_config_t)
read_lnk_files_pattern($1, selinux_config_t, selinux_config_t)
')
-@@ -1009,6 +1086,26 @@
+@@ -1009,6 +1110,26 @@
########################################
## <summary>
@@ -45138,7 +45176,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
## Execute semanage in the semanage domain, and
## allow the specified role the semanage domain,
## and use the caller's terminal.
-@@ -1020,7 +1117,7 @@
+@@ -1020,7 +1141,7 @@
## </param>
## <param name="role">
## <summary>
@@ -45147,7 +45185,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
## </summary>
## </param>
## <rolecap/>
-@@ -1038,6 +1135,54 @@
+@@ -1038,6 +1159,54 @@
########################################
## <summary>
@@ -45202,7 +45240,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
## Full management of the semanage
## module store.
## </summary>
-@@ -1149,3 +1294,194 @@
+@@ -1149,3 +1318,194 @@
selinux_dontaudit_get_fs_mount($1)
seutil_dontaudit_read_config($1)
')
@@ -45398,8 +45436,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.7.19/policy/modules/system/selinuxutil.te
---- nsaserefpolicy/policy/modules/system/selinuxutil.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/selinuxutil.te 2011-01-20 12:32:53.438042580 +0100
+--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/selinuxutil.te 2011-01-20 11:32:53.000000000 +0000
@@ -23,6 +23,9 @@
type selinux_config_t;
files_type(selinux_config_t)
@@ -45838,8 +45876,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+ unconfined_domain(setfiles_mac_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-3.7.19/policy/modules/system/setrans.te
---- nsaserefpolicy/policy/modules/system/setrans.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/setrans.te 2010-05-28 09:42:00.515611599 +0200
+--- nsaserefpolicy/policy/modules/system/setrans.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/setrans.te 2010-05-28 07:42:00.000000000 +0000
@@ -13,6 +13,7 @@
type setrans_t;
type setrans_exec_t;
@@ -45849,14 +45887,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
type setrans_initrc_exec_t;
init_script_file(setrans_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.fc serefpolicy-3.7.19/policy/modules/system/sosreport.fc
---- nsaserefpolicy/policy/modules/system/sosreport.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/system/sosreport.fc 2010-05-28 09:42:00.516610554 +0200
+--- nsaserefpolicy/policy/modules/system/sosreport.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/sosreport.fc 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,2 @@
+
+/usr/sbin/sosreport -- gen_context(system_u:object_r:sosreport_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.if serefpolicy-3.7.19/policy/modules/system/sosreport.if
---- nsaserefpolicy/policy/modules/system/sosreport.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/system/sosreport.if 2010-05-28 09:42:00.516610554 +0200
+--- nsaserefpolicy/policy/modules/system/sosreport.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/sosreport.if 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,131 @@
+
+## <summary>policy for sosreport</summary>
@@ -45990,8 +46028,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosrep
+ allow $1 sosreport_tmp_t:file append;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.te serefpolicy-3.7.19/policy/modules/system/sosreport.te
---- nsaserefpolicy/policy/modules/system/sosreport.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/system/sosreport.te 2010-05-28 09:42:00.517610628 +0200
+--- nsaserefpolicy/policy/modules/system/sosreport.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/sosreport.te 2010-05-28 07:42:00.000000000 +0000
@@ -0,0 +1,155 @@
+
+policy_module(sosreport,1.0.0)
@@ -46149,8 +46187,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosrep
+ unconfined_domain(sosreport_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.7.19/policy/modules/system/sysnetwork.fc
---- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/sysnetwork.fc 2010-05-28 09:42:00.517610628 +0200
+--- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/sysnetwork.fc 2010-05-28 07:42:00.000000000 +0000
@@ -64,3 +64,5 @@
ifdef(`distro_gentoo',`
/var/lib/dhcpc(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
@@ -46158,8 +46196,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.7.19/policy/modules/system/sysnetwork.if
---- nsaserefpolicy/policy/modules/system/sysnetwork.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/sysnetwork.if 2010-08-04 14:40:49.949335299 +0200
+--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/sysnetwork.if 2010-08-04 12:40:49.000000000 +0000
@@ -60,25 +60,24 @@
netutils_run(dhcpc_t, $2)
netutils_run_ping(dhcpc_t, $2)
@@ -46390,8 +46428,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+ role_transition $1 dhcpc_exec_t system_r;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.7.19/policy/modules/system/sysnetwork.te
---- nsaserefpolicy/policy/modules/system/sysnetwork.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/sysnetwork.te 2011-01-07 10:38:30.725042747 +0100
+--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/sysnetwork.te 2011-01-07 09:38:30.000000000 +0000
@@ -1,11 +1,18 @@
-policy_module(sysnetwork, 1.10.3)
@@ -46550,16 +46588,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+ ')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.7.19/policy/modules/system/udev.fc
---- nsaserefpolicy/policy/modules/system/udev.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/udev.fc 2010-05-28 09:42:00.520610847 +0200
+--- nsaserefpolicy/policy/modules/system/udev.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/udev.fc 2010-05-28 07:42:00.000000000 +0000
@@ -22,3 +22,4 @@
/usr/bin/udevinfo -- gen_context(system_u:object_r:udev_exec_t,s0)
/var/run/PackageKit/udev(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
+/var/run/libgpod(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.7.19/policy/modules/system/udev.if
---- nsaserefpolicy/policy/modules/system/udev.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/udev.if 2010-09-16 15:27:33.814637102 +0200
+--- nsaserefpolicy/policy/modules/system/udev.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/udev.if 2010-09-16 13:27:33.000000000 +0000
@@ -88,8 +88,7 @@
')
@@ -46597,8 +46635,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.i
## udev pid files.
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.7.19/policy/modules/system/udev.te
---- nsaserefpolicy/policy/modules/system/udev.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/udev.te 2011-01-14 14:25:52.533041029 +0100
+--- nsaserefpolicy/policy/modules/system/udev.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/udev.te 2011-01-14 13:25:52.000000000 +0000
@@ -50,6 +50,7 @@
allow udev_t self:unix_stream_socket connectto;
allow udev_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -46657,8 +46695,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.7.19/policy/modules/system/unconfined.fc
---- nsaserefpolicy/policy/modules/system/unconfined.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/unconfined.fc 2010-05-28 09:42:00.522610784 +0200
+--- nsaserefpolicy/policy/modules/system/unconfined.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/unconfined.fc 2010-05-28 07:42:00.000000000 +0000
@@ -1,15 +1 @@
# Add programs here which should not be confined by SELinux
-# e.g.:
@@ -46676,8 +46714,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
-/usr/lib32/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.7.19/policy/modules/system/unconfined.if
---- nsaserefpolicy/policy/modules/system/unconfined.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/unconfined.if 2010-05-28 09:42:00.523610857 +0200
+--- nsaserefpolicy/policy/modules/system/unconfined.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/unconfined.if 2010-05-28 07:42:00.000000000 +0000
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
@@ -47173,8 +47211,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
- allow $1 unconfined_t:dbus acquire_svc;
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.7.19/policy/modules/system/unconfined.te
---- nsaserefpolicy/policy/modules/system/unconfined.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/unconfined.te 2010-05-28 09:42:00.524610720 +0200
+--- nsaserefpolicy/policy/modules/system/unconfined.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/unconfined.te 2010-05-28 07:42:00.000000000 +0000
@@ -5,227 +5,5 @@
#
# Declarations
@@ -47405,8 +47443,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
- ')
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.7.19/policy/modules/system/userdomain.fc
---- nsaserefpolicy/policy/modules/system/userdomain.fc 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/userdomain.fc 2010-09-15 15:41:19.167386857 +0200
+--- nsaserefpolicy/policy/modules/system/userdomain.fc 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/userdomain.fc 2010-09-15 13:41:19.000000000 +0000
@@ -1,4 +1,18 @@
HOME_DIR -d gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
+HOME_DIR -l gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
@@ -47428,8 +47466,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+HOME_DIR/\.debug(/.*)? <<none>>
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.7.19/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/userdomain.if 2010-12-09 12:46:32.622291524 +0100
+--- nsaserefpolicy/policy/modules/system/userdomain.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/userdomain.if 2010-12-09 11:46:32.000000000 +0000
@@ -30,8 +30,9 @@
')
@@ -49734,8 +49772,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+ allow $1 user_tmp_t:file delete_file_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.7.19/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/userdomain.te 2011-01-19 17:11:07.574292106 +0100
+--- nsaserefpolicy/policy/modules/system/userdomain.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/userdomain.te 2011-01-19 16:11:07.000000000 +0000
@@ -29,18 +29,18 @@
## <desc>
@@ -49849,8 +49887,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+# Nautilus causes this avc
+dontaudit unpriv_userdomain self:dir setattr;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.7.19/policy/modules/system/xen.if
---- nsaserefpolicy/policy/modules/system/xen.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/xen.if 2010-09-16 14:34:16.094636765 +0200
+--- nsaserefpolicy/policy/modules/system/xen.if 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/xen.if 2010-09-16 12:34:16.000000000 +0000
@@ -213,8 +213,9 @@
interface(`xen_domtrans_xm',`
gen_require(`
@@ -49872,8 +49910,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
files_search_pids($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.7.19/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/xen.te 2010-07-23 14:36:40.882388397 +0200
+--- nsaserefpolicy/policy/modules/system/xen.te 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/modules/system/xen.te 2010-07-23 12:36:40.000000000 +0000
@@ -5,6 +5,7 @@
#
# Declarations
@@ -49949,8 +49987,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
fs_list_auto_mountpoints(xend_t)
files_search_mnt(xend_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns.spt serefpolicy-3.7.19/policy/support/misc_patterns.spt
---- nsaserefpolicy/policy/support/misc_patterns.spt 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/support/misc_patterns.spt 2010-05-28 09:42:00.532611375 +0200
+--- nsaserefpolicy/policy/support/misc_patterns.spt 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/support/misc_patterns.spt 2010-05-28 07:42:00.000000000 +0000
@@ -15,7 +15,7 @@
domain_transition_pattern($1,$2,$3)
@@ -49975,8 +50013,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.7.19/policy/support/obj_perm_sets.spt
---- nsaserefpolicy/policy/support/obj_perm_sets.spt 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/support/obj_perm_sets.spt 2010-05-28 09:42:00.533610400 +0200
+--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2010-04-13 18:44:37.000000000 +0000
++++ serefpolicy-3.7.19/policy/support/obj_perm_sets.spt 2010-05-28 07:42:00.000000000 +0000
@@ -28,7 +28,7 @@
#
# All socket classes.
@@ -50087,8 +50125,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets
+define(`all_passwd_perms', `{ passwd chfn chsh rootok crontab } ')
+define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.7.19/policy/users
---- nsaserefpolicy/policy/users 2010-04-13 20:44:36.000000000 +0200
-+++ serefpolicy-3.7.19/policy/users 2010-05-28 09:42:00.534610823 +0200
+--- nsaserefpolicy/policy/users 2010-04-13 18:44:36.000000000 +0000
++++ serefpolicy-3.7.19/policy/users 2010-05-28 07:42:00.000000000 +0000
@@ -6,7 +6,7 @@
#
# gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_catetories])
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 8caf73e..95d142f 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.7.19
-Release: 85%{?dist}
+Release: 86%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -471,6 +471,9 @@ exit 0
%endif
%changelog
+* Mon Jan 24 2011 Miroslav Grepl <mgrepl at redhat.com> 3.7.19-86
+- Add label for /root/.screen
+
* Thu Jan 20 2011 Miroslav Grepl <mgrepl at redhat.com> 3.7.19-85
- Treat irpinit, iprupdate, iprdump services with raid policy
- Fixes for kerberos policy
More information about the scm-commits
mailing list