[selinux-policy/f14/master] - Add execmem_exec_t label for gimp - Allow nagios plugin to read /proc/meminfo - Fix label for /usr
Miroslav Grepl
mgrepl at fedoraproject.org
Fri Jan 28 16:45:58 UTC 2011
commit 6e979ccfe6fbfcd0b50c2bf17faddeffe04522f7
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Fri Jan 28 17:46:01 2011 +0000
- Add execmem_exec_t label for gimp
- Allow nagios plugin to read /proc/meminfo
- Fix label for /usr/lib/debug
- Add label for /usr/lib/bjlib
- Fixes for confined users
- Change oracle_port_t to oracledb_port_t to prevent conflict with satellite
modules-targeted.conf | 8 +
policy-F14.patch | 3163 +++++++++++++++++++++++++++----------------------
selinux-policy.spec | 10 +-
3 files changed, 1741 insertions(+), 1440 deletions(-)
---
diff --git a/modules-targeted.conf b/modules-targeted.conf
index e935c82..9c29617 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -2298,3 +2298,11 @@ milter = module
# policy for namespace.init script
#
namespace = module
+
+# Layer: services
+# Module: keyboardd
+#
+# system-setup-keyboard is a keyboard layout daemon that monitors
+# /etc/sysconfig/keyboard and writes out an xorg.conf.d snippet
+#
+keyboardd = module
diff --git a/policy-F14.patch b/policy-F14.patch
index 0c4ec7f..92aa479 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/sepgsql_contexts serefpolicy-3.9.7/config/appconfig-mcs/sepgsql_contexts
---- nsaserefpolicy/config/appconfig-mcs/sepgsql_contexts 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/config/appconfig-mcs/sepgsql_contexts 2011-01-19 17:48:56.469042251 +0100
+--- nsaserefpolicy/config/appconfig-mcs/sepgsql_contexts 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/config/appconfig-mcs/sepgsql_contexts 2011-01-19 16:48:56.000000000 +0000
@@ -0,0 +1,40 @@
+#
+# Initial security label for SE-PostgreSQL (MCS)
@@ -43,8 +43,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/sepgsql
+db_language *.plperl system_u:object_r:sepgsql_safe_lang_t:s0
+db_language *.* system_u:object_r:sepgsql_lang_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/sepgsql_contexts serefpolicy-3.9.7/config/appconfig-mls/sepgsql_contexts
---- nsaserefpolicy/config/appconfig-mls/sepgsql_contexts 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/config/appconfig-mls/sepgsql_contexts 2011-01-19 17:48:56.469042251 +0100
+--- nsaserefpolicy/config/appconfig-mls/sepgsql_contexts 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/config/appconfig-mls/sepgsql_contexts 2011-01-19 16:48:56.000000000 +0000
@@ -0,0 +1,40 @@
+#
+# Initial security label for SE-PostgreSQL (MLS)
@@ -87,8 +87,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/sepgsql
+db_language *.plperl system_u:object_r:sepgsql_safe_lang_t:s0
+db_language *.* system_u:object_r:sepgsql_lang_t:s0
diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/sepgsql_contexts serefpolicy-3.9.7/config/appconfig-standard/sepgsql_contexts
---- nsaserefpolicy/config/appconfig-standard/sepgsql_contexts 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/config/appconfig-standard/sepgsql_contexts 2011-01-19 17:48:56.473040798 +0100
+--- nsaserefpolicy/config/appconfig-standard/sepgsql_contexts 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/config/appconfig-standard/sepgsql_contexts 2011-01-19 16:48:56.000000000 +0000
@@ -0,0 +1,40 @@
+#
+# Initial security label for SE-PostgreSQL (none-MLS)
@@ -131,8 +131,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/se
+db_language *.plperl system_u:object_r:sepgsql_safe_lang_t
+db_language *.* system_u:object_r:sepgsql_lang_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.9.7/Makefile
---- nsaserefpolicy/Makefile 2010-10-12 22:42:47.000000000 +0200
-+++ serefpolicy-3.9.7/Makefile 2011-01-19 17:48:56.474041360 +0100
+--- nsaserefpolicy/Makefile 2010-10-12 20:42:47.000000000 +0000
++++ serefpolicy-3.9.7/Makefile 2011-01-19 16:48:56.000000000 +0000
@@ -248,7 +248,7 @@
appdir := $(contextpath)
user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
@@ -143,8 +143,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.9.7/M
all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-3.9.7/man/man8/ftpd_selinux.8
---- nsaserefpolicy/man/man8/ftpd_selinux.8 2010-10-12 22:42:47.000000000 +0200
-+++ serefpolicy-3.9.7/man/man8/ftpd_selinux.8 2010-11-05 14:02:26.395649803 +0100
+--- nsaserefpolicy/man/man8/ftpd_selinux.8 2010-10-12 20:42:47.000000000 +0000
++++ serefpolicy-3.9.7/man/man8/ftpd_selinux.8 2010-11-05 13:02:26.000000000 +0000
@@ -15,7 +15,7 @@
semanage fcontext -a -t public_content_t "/var/ftp(/.*)?"
.TP
@@ -164,8 +164,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 sere
.SH BOOLEANS
.PP
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/git_selinux.8 serefpolicy-3.9.7/man/man8/git_selinux.8
---- nsaserefpolicy/man/man8/git_selinux.8 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/man/man8/git_selinux.8 2010-11-05 14:02:26.396649599 +0100
+--- nsaserefpolicy/man/man8/git_selinux.8 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/man/man8/git_selinux.8 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,109 @@
+.TH "git_selinux" "8" "27 May 2010" "domg472 at gmail.com" "Git SELinux policy documentation"
+.de EX
@@ -277,41 +277,67 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/git_selinux.8 seref
+.SH "SEE ALSO"
+selinux(8), git(8), chcon(1), semodule(8), setsebool(8)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.9.7/policy/flask/access_vectors
---- nsaserefpolicy/policy/flask/access_vectors 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/flask/access_vectors 2011-01-19 17:46:31.654042362 +0100
-@@ -27,6 +27,8 @@
- swapon
- quotaon
- mounton
+--- nsaserefpolicy/policy/flask/access_vectors 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/flask/access_vectors 2011-01-27 16:22:59.404455000 +0000
+@@ -153,6 +153,8 @@
+ search
+ rmdir
+ open
+ audit_access
+ execmod
}
-
-@@ -160,19 +162,20 @@
- {
- execute_no_trans
+ class file
+@@ -162,10 +164,16 @@
entrypoint
-- execmod
+ execmod
open
++ audit_access
}
class lnk_file
inherits file
+{
+ open
++ audit_access
++ execmod
+}
class chr_file
inherits file
- {
- execute_no_trans
+@@ -174,24 +182,31 @@
entrypoint
-- execmod
+ execmod
open
++ audit_access
}
-@@ -816,3 +819,33 @@
+ class blk_file
+ inherits file
+ {
+ open
++ audit_access
++ execmod
+ }
+
+ class sock_file
+ inherits file
+ {
+ open
++ audit_access
++ execmod
+ }
+
+ class fifo_file
+ inherits file
+ {
+ open
++ audit_access
++ execmod
+ }
+
+ class fd
+@@ -816,3 +831,33 @@
class x_keyboard
inherits x_device
@@ -346,8 +372,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors
+}
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/security_classes serefpolicy-3.9.7/policy/flask/security_classes
---- nsaserefpolicy/policy/flask/security_classes 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/flask/security_classes 2011-01-19 17:46:49.461042109 +0100
+--- nsaserefpolicy/policy/flask/security_classes 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/flask/security_classes 2011-01-19 16:46:49.000000000 +0000
@@ -125,4 +125,10 @@
class x_pointer # userspace
class x_keyboard # userspace
@@ -360,8 +386,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/security_classe
+
# FLASK
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.9.7/policy/global_tunables
---- nsaserefpolicy/policy/global_tunables 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/global_tunables 2010-11-05 14:02:26.398662249 +0100
+--- nsaserefpolicy/policy/global_tunables 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/global_tunables 2010-11-05 13:02:26.000000000 +0000
@@ -13,21 +13,21 @@
## <desc>
@@ -429,8 +455,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables seref
+gen_tunable(allow_console_login,false)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.9.7/policy/mcs
---- nsaserefpolicy/policy/mcs 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/mcs 2011-01-19 17:48:56.475041433 +0100
+--- nsaserefpolicy/policy/mcs 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/mcs 2011-01-19 16:48:56.000000000 +0000
@@ -86,10 +86,10 @@
(( h1 dom h2 ) and ( l2 eq h2 ));
@@ -494,8 +520,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.9.7
( h1 dom h2 );
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.9.7/policy/mls
---- nsaserefpolicy/policy/mls 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/mls 2011-01-19 17:48:56.476041227 +0100
+--- nsaserefpolicy/policy/mls 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/mls 2011-01-19 16:48:56.000000000 +0000
@@ -727,13 +727,13 @@
#
@@ -615,8 +641,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.9.7
(( t3 == mlsdbupgrade ) and ( l1 domby l2 )) or
(( t3 == mlsdbdowngrade ) and ( l1 dom l2 )) or
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.if serefpolicy-3.9.7/policy/modules/admin/acct.if
---- nsaserefpolicy/policy/modules/admin/acct.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/acct.if 2010-12-22 13:20:41.408042200 +0100
+--- nsaserefpolicy/policy/modules/admin/acct.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/acct.if 2010-12-22 12:20:41.000000000 +0000
@@ -78,3 +78,21 @@
manage_files_pattern($1, acct_data_t, acct_data_t)
manage_lnk_files_pattern($1, acct_data_t, acct_data_t)
@@ -640,8 +666,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.if
+ dontaudit $1 acct_data_t:dir list_dir_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.if serefpolicy-3.9.7/policy/modules/admin/alsa.if
---- nsaserefpolicy/policy/modules/admin/alsa.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/alsa.if 2010-11-05 14:02:26.400649407 +0100
+--- nsaserefpolicy/policy/modules/admin/alsa.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/alsa.if 2010-11-05 13:02:26.000000000 +0000
@@ -21,6 +21,32 @@
########################################
@@ -676,8 +702,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.if
## </summary>
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.9.7/policy/modules/admin/alsa.te
---- nsaserefpolicy/policy/modules/admin/alsa.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/alsa.te 2010-12-15 18:10:23.670042540 +0100
+--- nsaserefpolicy/policy/modules/admin/alsa.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/alsa.te 2010-12-15 17:10:23.000000000 +0000
@@ -11,7 +11,10 @@
role system_r types alsa_t;
@@ -704,8 +730,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te
manage_files_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t)
files_search_var_lib(alsa_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.if serefpolicy-3.9.7/policy/modules/admin/amanda.if
---- nsaserefpolicy/policy/modules/admin/amanda.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/amanda.if 2011-01-07 14:20:44.420042287 +0100
+--- nsaserefpolicy/policy/modules/admin/amanda.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/amanda.if 2011-01-07 13:20:44.000000000 +0000
@@ -59,11 +59,11 @@
#
interface(`amanda_search_lib',`
@@ -721,8 +747,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.9.7/policy/modules/admin/anaconda.te
---- nsaserefpolicy/policy/modules/admin/anaconda.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/anaconda.te 2010-11-05 14:02:26.401653043 +0100
+--- nsaserefpolicy/policy/modules/admin/anaconda.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/anaconda.te 2010-11-05 13:02:26.000000000 +0000
@@ -30,6 +30,7 @@
modutils_domtrans_depmod(anaconda_t)
@@ -741,8 +767,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anacond
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.if serefpolicy-3.9.7/policy/modules/admin/bootloader.if
---- nsaserefpolicy/policy/modules/admin/bootloader.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/bootloader.if 2010-11-18 16:22:06.419397638 +0100
+--- nsaserefpolicy/policy/modules/admin/bootloader.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/bootloader.if 2010-11-18 15:22:06.000000000 +0000
@@ -19,6 +19,24 @@
domtrans_pattern($1, bootloader_exec_t, bootloader_t)
')
@@ -769,8 +795,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloa
## <summary>
## Execute bootloader interactively and do
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.if serefpolicy-3.9.7/policy/modules/admin/brctl.if
---- nsaserefpolicy/policy/modules/admin/brctl.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/brctl.if 2010-11-05 14:02:26.402658425 +0100
+--- nsaserefpolicy/policy/modules/admin/brctl.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/brctl.if 2010-11-05 13:02:26.000000000 +0000
@@ -18,3 +18,28 @@
corecmd_search_bin($1)
domtrans_pattern($1, brctl_exec_t, brctl_t)
@@ -801,8 +827,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.i
+ role $2 types brctl_t;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.9.7/policy/modules/admin/certwatch.te
---- nsaserefpolicy/policy/modules/admin/certwatch.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/certwatch.te 2010-12-06 12:39:29.974042347 +0100
+--- nsaserefpolicy/policy/modules/admin/certwatch.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/certwatch.te 2010-12-06 11:39:29.000000000 +0000
@@ -31,11 +31,11 @@
logging_send_syslog_msg(certwatch_t)
@@ -818,8 +844,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwat
optional_policy(`
apache_exec_modules(certwatch_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.9.7/policy/modules/admin/consoletype.te
---- nsaserefpolicy/policy/modules/admin/consoletype.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/consoletype.te 2011-01-05 10:57:38.790042250 +0100
+--- nsaserefpolicy/policy/modules/admin/consoletype.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/consoletype.te 2011-01-05 09:57:38.000000000 +0000
@@ -48,6 +48,7 @@
mls_file_write_all_levels(consoletype_t)
@@ -841,8 +867,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/console
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-3.9.7/policy/modules/admin/dmesg.te
---- nsaserefpolicy/policy/modules/admin/dmesg.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/dmesg.te 2011-01-03 08:59:37.987042463 +0100
+--- nsaserefpolicy/policy/modules/admin/dmesg.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/dmesg.te 2011-01-03 07:59:37.000000000 +0000
@@ -23,6 +23,7 @@
kernel_read_ring_buffer(dmesg_t)
kernel_clear_ring_buffer(dmesg_t)
@@ -865,8 +891,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.t
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.if serefpolicy-3.9.7/policy/modules/admin/firstboot.if
---- nsaserefpolicy/policy/modules/admin/firstboot.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/firstboot.if 2010-11-05 14:02:26.405649638 +0100
+--- nsaserefpolicy/policy/modules/admin/firstboot.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/firstboot.if 2010-11-05 13:02:26.000000000 +0000
@@ -85,6 +85,25 @@
########################################
@@ -894,8 +920,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstbo
## </summary>
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.9.7/policy/modules/admin/firstboot.te
---- nsaserefpolicy/policy/modules/admin/firstboot.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/firstboot.te 2010-11-05 14:02:26.405649638 +0100
+--- nsaserefpolicy/policy/modules/admin/firstboot.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/firstboot.te 2010-11-05 13:02:26.000000000 +0000
@@ -103,6 +103,10 @@
')
@@ -916,8 +942,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstbo
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.9.7/policy/modules/admin/logrotate.te
---- nsaserefpolicy/policy/modules/admin/logrotate.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/logrotate.te 2010-11-05 14:02:26.406649853 +0100
+--- nsaserefpolicy/policy/modules/admin/logrotate.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/logrotate.te 2010-11-05 13:02:26.000000000 +0000
@@ -119,14 +119,20 @@
userdom_use_user_terminals(logrotate_t)
userdom_list_user_home_dirs(logrotate_t)
@@ -942,8 +968,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota
can_exec(logrotate_t, logrotate_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.fc serefpolicy-3.9.7/policy/modules/admin/logwatch.fc
---- nsaserefpolicy/policy/modules/admin/logwatch.fc 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/logwatch.fc 2010-11-05 14:02:26.407649368 +0100
+--- nsaserefpolicy/policy/modules/admin/logwatch.fc 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/logwatch.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,7 +1,11 @@
/usr/sbin/logcheck -- gen_context(system_u:object_r:logwatch_exec_t,s0)
+/usr/sbin/epylog -- gen_context(system_u:object_r:logwatch_exec_t,s0)
@@ -957,8 +983,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc
+
+/var/run/epylog\.pid gen_context(system_u:object_r:logwatch_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.9.7/policy/modules/admin/logwatch.te
---- nsaserefpolicy/policy/modules/admin/logwatch.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/logwatch.te 2010-11-18 15:49:39.362399015 +0100
+--- nsaserefpolicy/policy/modules/admin/logwatch.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/logwatch.te 2010-11-18 14:49:39.000000000 +0000
@@ -19,6 +19,9 @@
type logwatch_tmp_t;
files_tmp_file(logwatch_tmp_t)
@@ -1011,8 +1037,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.9.7/policy/modules/admin/mrtg.te
---- nsaserefpolicy/policy/modules/admin/mrtg.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/mrtg.te 2010-11-05 14:02:26.409649726 +0100
+--- nsaserefpolicy/policy/modules/admin/mrtg.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/mrtg.te 2010-11-05 13:02:26.000000000 +0000
@@ -115,6 +115,7 @@
userdom_use_user_terminals(mrtg_t)
userdom_dontaudit_read_user_home_content_files(mrtg_t)
@@ -1022,14 +1048,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te
netutils_domtrans_ping(mrtg_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool.fc serefpolicy-3.9.7/policy/modules/admin/ncftool.fc
---- nsaserefpolicy/policy/modules/admin/ncftool.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/admin/ncftool.fc 2010-11-05 14:02:26.410649521 +0100
+--- nsaserefpolicy/policy/modules/admin/ncftool.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/ncftool.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,2 @@
+
+/usr/bin/ncftool -- gen_context(system_u:object_r:ncftool_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool.if serefpolicy-3.9.7/policy/modules/admin/ncftool.if
---- nsaserefpolicy/policy/modules/admin/ncftool.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/admin/ncftool.if 2010-11-05 14:02:26.411649525 +0100
+--- nsaserefpolicy/policy/modules/admin/ncftool.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/ncftool.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,78 @@
+
+## <summary>policy for ncftool</summary>
@@ -1110,8 +1136,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool.te serefpolicy-3.9.7/policy/modules/admin/ncftool.te
---- nsaserefpolicy/policy/modules/admin/ncftool.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/admin/ncftool.te 2010-11-05 14:02:26.411649525 +0100
+--- nsaserefpolicy/policy/modules/admin/ncftool.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/ncftool.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,91 @@
+policy_module(ncftool, 1.0.0)
+
@@ -1205,8 +1231,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool
+ netutils_domtrans(ncftool_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.if serefpolicy-3.9.7/policy/modules/admin/netutils.if
---- nsaserefpolicy/policy/modules/admin/netutils.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/netutils.if 2010-12-15 14:42:34.057041703 +0100
+--- nsaserefpolicy/policy/modules/admin/netutils.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/netutils.if 2010-12-15 13:42:34.000000000 +0000
@@ -42,6 +42,7 @@
')
@@ -1248,8 +1274,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.9.7/policy/modules/admin/netutils.te
---- nsaserefpolicy/policy/modules/admin/netutils.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/netutils.te 2010-11-05 14:02:26.412649460 +0100
+--- nsaserefpolicy/policy/modules/admin/netutils.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/netutils.te 2010-11-05 13:02:26.000000000 +0000
@@ -48,6 +48,8 @@
kernel_search_proc(netutils_t)
@@ -1333,8 +1359,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
+ term_dontaudit_use_all_ptys(traceroute_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.9.7/policy/modules/admin/prelink.te
---- nsaserefpolicy/policy/modules/admin/prelink.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/prelink.te 2010-11-05 14:02:26.413649464 +0100
+--- nsaserefpolicy/policy/modules/admin/prelink.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/prelink.te 2010-11-05 13:02:26.000000000 +0000
@@ -59,10 +59,11 @@
manage_files_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
relabel_files_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
@@ -1418,8 +1444,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
+ ')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.fc serefpolicy-3.9.7/policy/modules/admin/readahead.fc
---- nsaserefpolicy/policy/modules/admin/readahead.fc 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/readahead.fc 2010-11-05 14:02:26.414649539 +0100
+--- nsaserefpolicy/policy/modules/admin/readahead.fc 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/readahead.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,3 +1,5 @@
/usr/sbin/readahead.* -- gen_context(system_u:object_r:readahead_exec_t,s0)
/sbin/readahead.* -- gen_context(system_u:object_r:readahead_exec_t,s0)
@@ -1427,8 +1453,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe
+/lib/systemd/systemd-readahead.* -- gen_context(system_u:object_r:readahead_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.if serefpolicy-3.9.7/policy/modules/admin/readahead.if
---- nsaserefpolicy/policy/modules/admin/readahead.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/readahead.if 2010-11-05 14:02:26.414649539 +0100
+--- nsaserefpolicy/policy/modules/admin/readahead.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/readahead.if 2010-11-05 13:02:26.000000000 +0000
@@ -1 +1,20 @@
## <summary>Readahead, read files into page cache for improved performance</summary>
+
@@ -1451,8 +1477,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe
+ domtrans_pattern($1, readahead_exec_t, readahead_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.9.7/policy/modules/admin/readahead.te
---- nsaserefpolicy/policy/modules/admin/readahead.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/readahead.te 2010-11-05 14:02:26.415652267 +0100
+--- nsaserefpolicy/policy/modules/admin/readahead.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/readahead.te 2011-01-27 14:31:48.839455001 +0000
@@ -53,6 +53,7 @@
files_list_non_security(readahead_t)
@@ -1461,7 +1487,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe
files_create_boot_flag(readahead_t)
files_getattr_all_pipes(readahead_t)
files_dontaudit_getattr_all_sockets(readahead_t)
-@@ -66,6 +67,7 @@
+@@ -66,11 +67,13 @@
fs_read_tmpfs_files(readahead_t)
fs_read_tmpfs_symlinks(readahead_t)
fs_list_inotifyfs(readahead_t)
@@ -1469,9 +1495,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe
fs_dontaudit_search_ramfs(readahead_t)
fs_dontaudit_read_ramfs_pipes(readahead_t)
fs_dontaudit_read_ramfs_files(readahead_t)
+ fs_dontaudit_use_tmpfs_chr_dev(readahead_t)
+
++mcs_file_read_all(readahead_t)
+ mls_file_read_all_levels(readahead_t)
+
+ storage_raw_read_fixed_disk(readahead_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.9.7/policy/modules/admin/rpm.fc
---- nsaserefpolicy/policy/modules/admin/rpm.fc 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/rpm.fc 2010-11-05 14:02:26.416649548 +0100
+--- nsaserefpolicy/policy/modules/admin/rpm.fc 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/rpm.fc 2010-11-05 13:02:26.000000000 +0000
@@ -7,6 +7,7 @@
/usr/bin/yum -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -1500,8 +1532,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc
/var/run/PackageKit(/.*)? gen_context(system_u:object_r:rpm_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.9.7/policy/modules/admin/rpm.if
---- nsaserefpolicy/policy/modules/admin/rpm.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/rpm.if 2010-11-11 15:55:47.688148574 +0100
+--- nsaserefpolicy/policy/modules/admin/rpm.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/rpm.if 2010-11-11 14:55:47.000000000 +0000
@@ -13,10 +13,13 @@
interface(`rpm_domtrans',`
gen_require(`
@@ -1684,8 +1716,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if
+ allow rpm_script_t $1:process sigchld;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.9.7/policy/modules/admin/rpm.te
---- nsaserefpolicy/policy/modules/admin/rpm.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/rpm.te 2010-11-05 14:02:26.418649556 +0100
+--- nsaserefpolicy/policy/modules/admin/rpm.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/rpm.te 2010-11-05 13:02:26.000000000 +0000
@@ -1,10 +1,11 @@
policy_module(rpm, 1.11.2)
@@ -1796,8 +1828,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te
optional_policy(`
java_domtrans_unconfined(rpm_script_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sectoolm.te serefpolicy-3.9.7/policy/modules/admin/sectoolm.te
---- nsaserefpolicy/policy/modules/admin/sectoolm.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/sectoolm.te 2011-01-19 17:25:50.716042303 +0100
+--- nsaserefpolicy/policy/modules/admin/sectoolm.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/sectoolm.te 2011-01-19 16:25:50.000000000 +0000
@@ -84,6 +84,7 @@
sysnet_domtrans_ifconfig(sectoolm_t)
@@ -1807,8 +1839,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sectool
optional_policy(`
mount_exec(sectoolm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.fc serefpolicy-3.9.7/policy/modules/admin/shorewall.fc
---- nsaserefpolicy/policy/modules/admin/shorewall.fc 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/shorewall.fc 2011-01-04 15:04:51.055041119 +0100
+--- nsaserefpolicy/policy/modules/admin/shorewall.fc 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/shorewall.fc 2011-01-04 14:04:51.000000000 +0000
@@ -11,4 +11,6 @@
/var/lib/shorewall6(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0)
/var/lib/shorewall-lite(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0)
@@ -1817,8 +1849,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewa
+
/var/log/shorewall.* gen_context(system_u:object_r:shorewall_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.if serefpolicy-3.9.7/policy/modules/admin/shorewall.if
---- nsaserefpolicy/policy/modules/admin/shorewall.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/shorewall.if 2010-11-05 14:02:26.419649700 +0100
+--- nsaserefpolicy/policy/modules/admin/shorewall.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/shorewall.if 2010-11-05 13:02:26.000000000 +0000
@@ -18,6 +18,24 @@
domtrans_pattern($1, shorewall_exec_t, shorewall_t)
')
@@ -1910,8 +1942,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewa
admin_pattern($1, shorewall_tmp_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.te serefpolicy-3.9.7/policy/modules/admin/shorewall.te
---- nsaserefpolicy/policy/modules/admin/shorewall.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/shorewall.te 2010-11-05 14:02:26.420649565 +0100
+--- nsaserefpolicy/policy/modules/admin/shorewall.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/shorewall.te 2010-11-05 13:02:26.000000000 +0000
@@ -58,6 +58,9 @@
manage_dirs_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
manage_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
@@ -1943,8 +1975,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewa
optional_policy(`
hostname_exec(shorewall_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.if serefpolicy-3.9.7/policy/modules/admin/shutdown.if
---- nsaserefpolicy/policy/modules/admin/shutdown.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/shutdown.if 2010-11-05 14:02:26.421649430 +0100
+--- nsaserefpolicy/policy/modules/admin/shutdown.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/shutdown.if 2010-11-05 13:02:26.000000000 +0000
@@ -20,7 +20,7 @@
ifdef(`hide_broken_symptoms', `
@@ -2029,8 +2061,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
## </summary>
## <param name="domain">
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.te serefpolicy-3.9.7/policy/modules/admin/shutdown.te
---- nsaserefpolicy/policy/modules/admin/shutdown.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/shutdown.te 2011-01-14 14:43:21.719042381 +0100
+--- nsaserefpolicy/policy/modules/admin/shutdown.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/shutdown.te 2011-01-14 13:43:21.000000000 +0000
@@ -7,6 +7,7 @@
type shutdown_t;
@@ -2083,8 +2115,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow
xserver_dontaudit_write_log(shutdown_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.te serefpolicy-3.9.7/policy/modules/admin/smoltclient.te
---- nsaserefpolicy/policy/modules/admin/smoltclient.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/smoltclient.te 2010-11-05 14:02:26.422649644 +0100
+--- nsaserefpolicy/policy/modules/admin/smoltclient.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/smoltclient.te 2010-11-05 13:02:26.000000000 +0000
@@ -46,6 +46,7 @@
files_getattr_generic_locks(smoltclient_t)
@@ -2094,16 +2126,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltcl
auth_use_nsswitch(smoltclient_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.fc serefpolicy-3.9.7/policy/modules/admin/sudo.fc
---- nsaserefpolicy/policy/modules/admin/sudo.fc 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/sudo.fc 2010-11-05 14:02:26.424649583 +0100
+--- nsaserefpolicy/policy/modules/admin/sudo.fc 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/sudo.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,2 +1,4 @@
/usr/bin/sudo(edit)? -- gen_context(system_u:object_r:sudo_exec_t,s0)
+
+/var/db/sudo(/.*)? gen_context(system_u:object_r:sudo_db_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.9.7/policy/modules/admin/sudo.if
---- nsaserefpolicy/policy/modules/admin/sudo.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/sudo.if 2010-11-05 14:02:26.425649447 +0100
+--- nsaserefpolicy/policy/modules/admin/sudo.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/sudo.if 2010-11-05 13:02:26.000000000 +0000
@@ -32,6 +32,7 @@
gen_require(`
@@ -2168,8 +2200,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
fs_manage_nfs_files($1_sudo_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.te serefpolicy-3.9.7/policy/modules/admin/sudo.te
---- nsaserefpolicy/policy/modules/admin/sudo.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/sudo.te 2010-11-05 14:02:26.426650989 +0100
+--- nsaserefpolicy/policy/modules/admin/sudo.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/sudo.te 2010-11-05 13:02:26.000000000 +0000
@@ -7,3 +7,7 @@
type sudo_exec_t;
@@ -2179,8 +2211,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.te
+files_type(sudo_db_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.9.7/policy/modules/admin/su.if
---- nsaserefpolicy/policy/modules/admin/su.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/su.if 2010-11-05 14:02:26.423649648 +0100
+--- nsaserefpolicy/policy/modules/admin/su.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/su.if 2010-11-05 13:02:26.000000000 +0000
@@ -210,7 +210,7 @@
auth_domtrans_chk_passwd($1_su_t)
@@ -2199,8 +2231,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
ifdef(`distro_redhat',`
# RHEL5 and possibly newer releases incl. Fedora
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.9.7/policy/modules/admin/tmpreaper.te
---- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/tmpreaper.te 2010-11-05 14:02:26.427649596 +0100
+--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/tmpreaper.te 2010-11-05 13:02:26.000000000 +0000
@@ -7,6 +7,7 @@
type tmpreaper_t;
@@ -2247,8 +2279,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tzdata.te serefpolicy-3.9.7/policy/modules/admin/tzdata.te
---- nsaserefpolicy/policy/modules/admin/tzdata.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/tzdata.te 2010-11-05 14:02:26.427649596 +0100
+--- nsaserefpolicy/policy/modules/admin/tzdata.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/tzdata.te 2010-11-05 13:02:26.000000000 +0000
@@ -15,7 +15,7 @@
# tzdata local policy
#
@@ -2259,8 +2291,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tzdata.
fs_getattr_xattr_fs(tzdata_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.9.7/policy/modules/admin/usermanage.if
---- nsaserefpolicy/policy/modules/admin/usermanage.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/usermanage.if 2010-11-05 14:02:26.428658471 +0100
+--- nsaserefpolicy/policy/modules/admin/usermanage.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/usermanage.if 2010-11-05 13:02:26.000000000 +0000
@@ -285,6 +285,9 @@
usermanage_domtrans_useradd($1)
role $2 types useradd_t;
@@ -2272,8 +2304,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.9.7/policy/modules/admin/usermanage.te
---- nsaserefpolicy/policy/modules/admin/usermanage.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/usermanage.te 2011-01-07 10:32:45.063051683 +0100
+--- nsaserefpolicy/policy/modules/admin/usermanage.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/usermanage.te 2011-01-07 09:32:45.000000000 +0000
@@ -88,9 +88,7 @@
# for SSP
dev_read_urand(chfn_t)
@@ -2370,8 +2402,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
mta_manage_spool(useradd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.9.7/policy/modules/admin/vpn.te
---- nsaserefpolicy/policy/modules/admin/vpn.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/admin/vpn.te 2010-12-15 14:38:59.013042304 +0100
+--- nsaserefpolicy/policy/modules/admin/vpn.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/admin/vpn.te 2010-12-15 13:38:59.000000000 +0000
@@ -21,7 +21,7 @@
# Local policy
#
@@ -2392,8 +2424,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te
optional_policy(`
dbus_system_bus_client(vpnc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cdrecord.te serefpolicy-3.9.7/policy/modules/apps/cdrecord.te
---- nsaserefpolicy/policy/modules/apps/cdrecord.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/cdrecord.te 2010-11-23 10:23:26.819164270 +0100
+--- nsaserefpolicy/policy/modules/apps/cdrecord.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/cdrecord.te 2010-11-23 09:23:26.000000000 +0000
@@ -27,7 +27,7 @@
#
@@ -2404,15 +2436,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cdrecord
allow cdrecord_t self:unix_stream_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.fc serefpolicy-3.9.7/policy/modules/apps/chrome.fc
---- nsaserefpolicy/policy/modules/apps/chrome.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/chrome.fc 2010-11-05 14:02:26.431649963 +0100
+--- nsaserefpolicy/policy/modules/apps/chrome.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/chrome.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,3 @@
+ /opt/google/chrome/chrome-sandbox -- gen_context(system_u:object_r:chrome_sandbox_exec_t,s0)
+
+/usr/lib(64)?/chromium-browser/chrome-sandbox -- gen_context(system_u:object_r:chrome_sandbox_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.if serefpolicy-3.9.7/policy/modules/apps/chrome.if
---- nsaserefpolicy/policy/modules/apps/chrome.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/chrome.if 2010-12-01 11:41:03.714059045 +0100
+--- nsaserefpolicy/policy/modules/apps/chrome.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/chrome.if 2010-12-01 10:41:03.000000000 +0000
@@ -0,0 +1,91 @@
+
+## <summary>policy for chrome</summary>
@@ -2506,8 +2538,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.i
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.te serefpolicy-3.9.7/policy/modules/apps/chrome.te
---- nsaserefpolicy/policy/modules/apps/chrome.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/chrome.te 2010-12-06 13:33:46.570042283 +0100
+--- nsaserefpolicy/policy/modules/apps/chrome.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/chrome.te 2010-12-06 12:33:46.000000000 +0000
@@ -0,0 +1,94 @@
+policy_module(chrome,1.0.0)
+
@@ -2604,8 +2636,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.t
+ fs_dontaudit_append_cifs_files(chrome_sandbox_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.te serefpolicy-3.9.7/policy/modules/apps/cpufreqselector.te
---- nsaserefpolicy/policy/modules/apps/cpufreqselector.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/cpufreqselector.te 2010-11-05 14:02:26.432649548 +0100
+--- nsaserefpolicy/policy/modules/apps/cpufreqselector.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/cpufreqselector.te 2010-11-05 13:02:26.000000000 +0000
@@ -27,7 +27,7 @@
miscfiles_read_localization(cpufreqselector_t)
@@ -2616,9 +2648,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqs
optional_policy(`
dbus_system_domain(cpufreqselector_t, cpufreqselector_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.fc serefpolicy-3.9.7/policy/modules/apps/execmem.fc
---- nsaserefpolicy/policy/modules/apps/execmem.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/execmem.fc 2010-12-15 15:11:33.091041997 +0100
-@@ -0,0 +1,49 @@
+--- nsaserefpolicy/policy/modules/apps/execmem.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/execmem.fc 2011-01-25 16:30:37.624455000 +0000
+@@ -0,0 +1,50 @@
+
+/usr/bin/aticonfig -- gen_context(system_u:object_r:execmem_exec_t,s0)
+/usr/bin/darcs -- gen_context(system_u:object_r:execmem_exec_t,s0)
@@ -2667,10 +2699,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.
+
+/opt/google/chrome/chrome -- gen_context(system_u:object_r:execmem_exec_t,s0)
+/opt/google/chrome/google-chrome -- gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/lib(64)?/gimp/2\.0/plug-ins/help-browser -- gen_context(system_u:object_r:execmem_exec_t,s0)
+/opt/Komodo-Edit-5/lib/mozilla/komodo-bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.if serefpolicy-3.9.7/policy/modules/apps/execmem.if
---- nsaserefpolicy/policy/modules/apps/execmem.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/execmem.if 2010-11-05 14:02:26.434649697 +0100
+--- nsaserefpolicy/policy/modules/apps/execmem.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/execmem.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,110 @@
+## <summary>execmem domain</summary>
+
@@ -2783,8 +2816,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.
+ domtrans_pattern($1, execmem_exec_t, $2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.te serefpolicy-3.9.7/policy/modules/apps/execmem.te
---- nsaserefpolicy/policy/modules/apps/execmem.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/execmem.te 2010-11-05 14:02:26.434649697 +0100
+--- nsaserefpolicy/policy/modules/apps/execmem.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/execmem.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,10 @@
+policy_module(execmem, 1.0.0)
+
@@ -2797,15 +2830,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.
+application_executable_file(execmem_exec_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.fc serefpolicy-3.9.7/policy/modules/apps/firewallgui.fc
---- nsaserefpolicy/policy/modules/apps/firewallgui.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/firewallgui.fc 2010-11-05 14:02:26.435649701 +0100
+--- nsaserefpolicy/policy/modules/apps/firewallgui.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/firewallgui.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,3 @@
+
+/usr/share/system-config-firewall/system-config-firewall-mechanism.py -- gen_context(system_u:object_r:firewallgui_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.if serefpolicy-3.9.7/policy/modules/apps/firewallgui.if
---- nsaserefpolicy/policy/modules/apps/firewallgui.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/firewallgui.if 2010-11-05 14:02:26.436649566 +0100
+--- nsaserefpolicy/policy/modules/apps/firewallgui.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/firewallgui.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,41 @@
+
+## <summary>policy for firewallgui</summary>
@@ -2849,8 +2882,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewall
+ dontaudit $1 firewallgui_t:fifo_file rw_inherited_fifo_file_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.te serefpolicy-3.9.7/policy/modules/apps/firewallgui.te
---- nsaserefpolicy/policy/modules/apps/firewallgui.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/firewallgui.te 2010-11-10 15:20:58.931148384 +0100
+--- nsaserefpolicy/policy/modules/apps/firewallgui.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/firewallgui.te 2010-11-10 14:20:58.000000000 +0000
@@ -0,0 +1,69 @@
+policy_module(firewallgui,1.0.0)
+
@@ -2922,15 +2955,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewall
+ rpm_dontaudit_search_db(firewallgui_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.9.7/policy/modules/apps/gnome.fc
---- nsaserefpolicy/policy/modules/apps/gnome.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/gnome.fc 2010-11-05 14:02:26.437649221 +0100
-@@ -1,9 +1,30 @@
+--- nsaserefpolicy/policy/modules/apps/gnome.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/gnome.fc 2011-01-27 14:53:41.056455000 +0000
+@@ -1,9 +1,31 @@
-HOME_DIR/\.config/gtk-.* gen_context(system_u:object_r:gnome_home_t,s0)
+HOME_DIR/\.cache(/.*)? gen_context(system_u:object_r:cache_home_t,s0)
+HOME_DIR/\.config(/.*)? gen_context(system_u:object_r:config_home_t,s0)
HOME_DIR/\.gconf(d)?(/.*)? gen_context(system_u:object_r:gconf_home_t,s0)
HOME_DIR/\.gnome2(/.*)? gen_context(system_u:object_r:gnome_home_t,s0)
+HOME_DIR/\.gstreamer-.* gen_context(system_u:object_r:gstreamer_home_t,s0)
++HOME_DIR/\.kde(/.*)? gen_context(system_u:object_r:config_home_t,s0)
+HOME_DIR/\.local.* gen_context(system_u:object_r:gconf_home_t,s0)
+HOME_DIR/\.local/share(.*)? gen_context(system_u:object_r:data_home_t,s0)
+/HOME_DIR/\.Xdefaults gen_context(system_u:object_r:config_home_t,s0)
@@ -2958,8 +2992,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc
+/usr/libexec/gnome-system-monitor-mechanism -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.9.7/policy/modules/apps/gnome.if
---- nsaserefpolicy/policy/modules/apps/gnome.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/gnome.if 2010-11-05 14:02:26.438649785 +0100
+--- nsaserefpolicy/policy/modules/apps/gnome.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/gnome.if 2011-01-27 15:00:22.342455000 +0000
@@ -37,8 +37,7 @@
########################################
@@ -3357,7 +3391,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if
')
########################################
-@@ -151,40 +431,173 @@
+@@ -151,40 +431,174 @@
########################################
## <summary>
@@ -3484,6 +3518,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if
+ type config_home_t;
+ ')
+
++ read_lnk_files_pattern($1, config_home_t, config_home_t)
+ read_files_pattern($1, config_home_t, config_home_t)
+')
+
@@ -3544,8 +3579,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if
+ allow gconfdefaultsm_t $1:dbus send_msg;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.9.7/policy/modules/apps/gnome.te
---- nsaserefpolicy/policy/modules/apps/gnome.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/gnome.te 2010-11-05 14:02:26.439659078 +0100
+--- nsaserefpolicy/policy/modules/apps/gnome.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/gnome.te 2010-11-05 13:02:26.000000000 +0000
@@ -6,11 +6,24 @@
#
@@ -3687,8 +3722,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te
+ policykit_read_reload(gnomesystemmm_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.9.7/policy/modules/apps/gpg.fc
---- nsaserefpolicy/policy/modules/apps/gpg.fc 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/gpg.fc 2010-11-05 14:02:26.440657825 +0100
+--- nsaserefpolicy/policy/modules/apps/gpg.fc 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/gpg.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,4 +1,5 @@
HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:gpg_secret_t,s0)
+/root/\.gnupg(/.+)? gen_context(system_u:object_r:gpg_secret_t,s0)
@@ -3696,8 +3731,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s
/usr/bin/gpg(2)? -- gen_context(system_u:object_r:gpg_exec_t,s0)
/usr/bin/gpg-agent -- gen_context(system_u:object_r:gpg_agent_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.9.7/policy/modules/apps/gpg.if
---- nsaserefpolicy/policy/modules/apps/gpg.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/gpg.if 2011-01-04 15:08:59.889043195 +0100
+--- nsaserefpolicy/policy/modules/apps/gpg.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/gpg.if 2011-01-04 14:08:59.000000000 +0000
@@ -43,6 +43,8 @@
# Allow the user shell to signal the gpg-agent program.
allow $2 gpg_agent_t:process { signal sigkill };
@@ -3761,8 +3796,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
## <summary>
## Send generic signals to user gpg processes.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.9.7/policy/modules/apps/gpg.te
---- nsaserefpolicy/policy/modules/apps/gpg.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/gpg.te 2010-11-05 14:02:26.443649737 +0100
+--- nsaserefpolicy/policy/modules/apps/gpg.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/gpg.te 2011-01-27 15:00:34.126455000 +0000
@@ -4,6 +4,7 @@
#
# Declarations
@@ -3867,7 +3902,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
')
tunable_policy(`gpg_agent_env_file',`
-@@ -332,6 +354,9 @@
+@@ -321,6 +343,7 @@
+
+ fs_dontaudit_list_inotifyfs(gpg_pinentry_t)
+ fs_getattr_tmpfs(gpg_pinentry_t)
++fs_getattr_xattr_fs(gpg_pinentry_t)
+
+ auth_use_nsswitch(gpg_pinentry_t)
+
+@@ -332,6 +355,9 @@
# for .Xauthority
userdom_read_user_home_content_files(gpg_pinentry_t)
userdom_read_user_tmpfs_files(gpg_pinentry_t)
@@ -3877,20 +3920,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
tunable_policy(`use_nfs_home_dirs',`
fs_read_nfs_files(gpg_pinentry_t)
-@@ -347,6 +372,12 @@
+@@ -347,6 +373,13 @@
')
optional_policy(`
+ gnome_write_generic_cache_files(gpg_pinentry_t)
+ gnome_read_generic_cache_files(gpg_pinentry_t)
+ gnome_read_gconf_home_files(gpg_pinentry_t)
++ gnome_read_home_config(gpg_pinentry_t)
+')
+
+optional_policy(`
pulseaudio_exec(gpg_pinentry_t)
pulseaudio_rw_home_files(gpg_pinentry_t)
pulseaudio_setattr_home_dir(gpg_pinentry_t)
-@@ -356,4 +387,28 @@
+@@ -356,4 +389,28 @@
optional_policy(`
xserver_user_x_domain_template(gpg_pinentry, gpg_pinentry_t, gpg_pinentry_tmpfs_t)
@@ -3920,8 +3964,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
+ miscfiles_manage_public_files(gpg_web_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.fc serefpolicy-3.9.7/policy/modules/apps/irc.fc
---- nsaserefpolicy/policy/modules/apps/irc.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/irc.fc 2010-11-05 14:02:26.444660357 +0100
+--- nsaserefpolicy/policy/modules/apps/irc.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/irc.fc 2010-11-05 13:02:26.000000000 +0000
@@ -2,10 +2,14 @@
# /home
#
@@ -3938,8 +3982,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.fc s
+/usr/bin/irssi -- gen_context(system_u:object_r:irssi_exec_t,s0)
/usr/bin/tinyirc -- gen_context(system_u:object_r:irc_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.if serefpolicy-3.9.7/policy/modules/apps/irc.if
---- nsaserefpolicy/policy/modules/apps/irc.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/irc.if 2010-11-05 14:02:26.444660357 +0100
+--- nsaserefpolicy/policy/modules/apps/irc.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/irc.if 2010-11-05 13:02:26.000000000 +0000
@@ -18,9 +18,11 @@
interface(`irc_role',`
gen_require(`
@@ -3971,8 +4015,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.if s
+ relabel_lnk_files_pattern($2, irssi_home_t, irssi_home_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te serefpolicy-3.9.7/policy/modules/apps/irc.te
---- nsaserefpolicy/policy/modules/apps/irc.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/irc.te 2010-11-05 14:02:26.446649401 +0100
+--- nsaserefpolicy/policy/modules/apps/irc.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/irc.te 2010-11-05 13:02:26.000000000 +0000
@@ -24,6 +24,30 @@
########################################
@@ -4089,8 +4133,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te s
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.9.7/policy/modules/apps/java.fc
---- nsaserefpolicy/policy/modules/apps/java.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/java.fc 2010-11-05 14:02:26.447650732 +0100
+--- nsaserefpolicy/policy/modules/apps/java.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/java.fc 2010-11-05 13:02:26.000000000 +0000
@@ -5,10 +5,13 @@
/opt/ibm/java.*/(bin|javaws)(/.*)? -- gen_context(system_u:object_r:java_exec_t,s0)
/opt/local/matlab.*/bin.*/MATLAB.* -- gen_context(system_u:object_r:java_exec_t,s0)
@@ -4116,8 +4160,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc
/usr/java/eclipse[^/]*/eclipse -- gen_context(system_u:object_r:java_exec_t,s0)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.9.7/policy/modules/apps/java.if
---- nsaserefpolicy/policy/modules/apps/java.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/java.if 2010-11-05 14:02:26.448657023 +0100
+--- nsaserefpolicy/policy/modules/apps/java.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/java.if 2010-11-05 13:02:26.000000000 +0000
@@ -72,7 +72,8 @@
domain_interactive_fd($1_java_t)
@@ -4146,8 +4190,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.9.7/policy/modules/apps/java.te
---- nsaserefpolicy/policy/modules/apps/java.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/java.te 2011-01-04 14:45:51.987042778 +0100
+--- nsaserefpolicy/policy/modules/apps/java.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/java.te 2011-01-04 13:45:51.000000000 +0000
@@ -82,12 +82,12 @@
dev_read_rand(java_t)
dev_dontaudit_append_rand(java_t)
@@ -4185,8 +4229,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te
+ ')
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.te serefpolicy-3.9.7/policy/modules/apps/kdumpgui.te
---- nsaserefpolicy/policy/modules/apps/kdumpgui.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/kdumpgui.te 2010-11-05 14:02:26.450649838 +0100
+--- nsaserefpolicy/policy/modules/apps/kdumpgui.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/kdumpgui.te 2010-11-05 13:02:26.000000000 +0000
@@ -14,6 +14,7 @@
# system-config-kdump local policy
#
@@ -4221,8 +4265,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui
policykit_dbus_chat(kdumpgui_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.9.7/policy/modules/apps/livecd.if
---- nsaserefpolicy/policy/modules/apps/livecd.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/livecd.if 2010-11-05 14:02:26.451649912 +0100
+--- nsaserefpolicy/policy/modules/apps/livecd.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/livecd.if 2010-11-05 13:02:26.000000000 +0000
@@ -41,6 +41,8 @@
livecd_domtrans($1)
@@ -4267,8 +4311,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.i
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.9.7/policy/modules/apps/livecd.te
---- nsaserefpolicy/policy/modules/apps/livecd.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/livecd.te 2010-11-05 14:02:26.451649912 +0100
+--- nsaserefpolicy/policy/modules/apps/livecd.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/livecd.te 2010-11-05 13:02:26.000000000 +0000
@@ -27,7 +27,7 @@
files_tmp_filetrans(livecd_t, livecd_tmp_t, { dir file })
@@ -4278,9 +4322,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.t
')
optional_policy(`
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.9.7/policy/modules/apps/loadkeys.te
+--- nsaserefpolicy/policy/modules/apps/loadkeys.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/loadkeys.te 2011-01-27 16:32:42.891455000 +0000
+@@ -46,5 +46,9 @@
+ ')
+
+ optional_policy(`
++ keyboardd_read_pipes(loadkeys_t)
++')
++
++optional_policy(`
+ nscd_dontaudit_search_pid(loadkeys_t)
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawiki.fc serefpolicy-3.9.7/policy/modules/apps/mediawiki.fc
---- nsaserefpolicy/policy/modules/apps/mediawiki.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/mediawiki.fc 2010-11-05 14:02:26.452650126 +0100
+--- nsaserefpolicy/policy/modules/apps/mediawiki.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/mediawiki.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,10 @@
+
+/usr/lib(64)?/mediawiki/math/texvc -- gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)
@@ -4293,8 +4350,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawik
+
+/usr/share/mediawiki(/.*)? gen_context(system_u:object_r:httpd_mediawiki_content_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawiki.if serefpolicy-3.9.7/policy/modules/apps/mediawiki.if
---- nsaserefpolicy/policy/modules/apps/mediawiki.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/mediawiki.if 2010-11-05 14:02:26.453650759 +0100
+--- nsaserefpolicy/policy/modules/apps/mediawiki.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/mediawiki.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,40 @@
+## <summary>Mediawiki policy</summary>
+
@@ -4337,8 +4394,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawik
+ delete_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawiki.te serefpolicy-3.9.7/policy/modules/apps/mediawiki.te
---- nsaserefpolicy/policy/modules/apps/mediawiki.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/mediawiki.te 2010-11-05 14:02:26.453650759 +0100
+--- nsaserefpolicy/policy/modules/apps/mediawiki.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/mediawiki.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,35 @@
+
+policy_module(mediawiki, 1.0.0)
@@ -4376,8 +4433,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawik
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.9.7/policy/modules/apps/mono.if
---- nsaserefpolicy/policy/modules/apps/mono.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/mono.if 2010-11-05 14:02:26.454649576 +0100
+--- nsaserefpolicy/policy/modules/apps/mono.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/mono.if 2010-11-05 13:02:26.000000000 +0000
@@ -41,7 +41,6 @@
application_type($1_mono_t)
@@ -4401,8 +4458,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if
optional_policy(`
xserver_role($1_r, $1_mono_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.9.7/policy/modules/apps/mozilla.fc
---- nsaserefpolicy/policy/modules/apps/mozilla.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/mozilla.fc 2010-11-05 14:02:26.455650628 +0100
+--- nsaserefpolicy/policy/modules/apps/mozilla.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/mozilla.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,6 +1,7 @@
HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
HOME_DIR/\.java(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0)
@@ -4417,8 +4474,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
+/usr/lib(64)?/xulrunner[^/]*/plugin-container -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.9.7/policy/modules/apps/mozilla.if
---- nsaserefpolicy/policy/modules/apps/mozilla.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/mozilla.if 2010-11-05 14:02:26.456651820 +0100
+--- nsaserefpolicy/policy/modules/apps/mozilla.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/mozilla.if 2010-11-05 13:02:26.000000000 +0000
@@ -29,6 +29,8 @@
allow mozilla_t $2:process { sigchld signull };
allow mozilla_t $2:unix_stream_socket connectto;
@@ -4547,8 +4604,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
## mozilla over dbus.
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.9.7/policy/modules/apps/mozilla.te
---- nsaserefpolicy/policy/modules/apps/mozilla.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/mozilla.te 2010-11-15 17:36:29.517396921 +0100
+--- nsaserefpolicy/policy/modules/apps/mozilla.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/mozilla.te 2011-01-27 14:33:35.594455000 +0000
@@ -25,6 +25,7 @@
type mozilla_home_t;
typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
@@ -4619,7 +4676,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
pulseaudio_exec(mozilla_t)
pulseaudio_stream_connect(mozilla_t)
pulseaudio_manage_home_files(mozilla_t)
-@@ -266,3 +291,128 @@
+@@ -266,3 +291,140 @@
optional_policy(`
thunderbird_domtrans(mozilla_t)
')
@@ -4711,6 +4768,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
+userdom_read_user_home_content_files(mozilla_plugin_t)
+userdom_read_user_home_content_symlinks(mozilla_plugin_t)
+
++tunable_policy(`use_nfs_home_dirs',`
++ fs_manage_nfs_dirs(mozilla_plugin_t)
++ fs_manage_nfs_files(mozilla_plugin_t)
++ fs_manage_nfs_symlinks(mozilla_plugin_t)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++ fs_manage_cifs_dirs(mozilla_plugin_t)
++ fs_manage_cifs_files(mozilla_plugin_t)
++ fs_manage_cifs_symlinks(mozilla_plugin_t)
++')
++
+optional_policy(`
+ alsa_read_rw_config(mozilla_plugin_t)
+ alsa_read_home_files(mozilla_plugin_t)
@@ -4749,8 +4818,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
+ xserver_read_user_iceauth(mozilla_plugin_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.9.7/policy/modules/apps/mplayer.if
---- nsaserefpolicy/policy/modules/apps/mplayer.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/mplayer.if 2010-11-05 14:02:26.459916885 +0100
+--- nsaserefpolicy/policy/modules/apps/mplayer.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/mplayer.if 2010-11-05 13:02:26.000000000 +0000
@@ -102,3 +102,39 @@
read_files_pattern($1, mplayer_home_t, mplayer_home_t)
userdom_search_user_home_dirs($1)
@@ -4792,8 +4861,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
+ domtrans_pattern($1, mplayer_exec_t, $2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.te serefpolicy-3.9.7/policy/modules/apps/mplayer.te
---- nsaserefpolicy/policy/modules/apps/mplayer.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/mplayer.te 2010-11-05 14:02:26.461650235 +0100
+--- nsaserefpolicy/policy/modules/apps/mplayer.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/mplayer.te 2010-11-05 13:02:26.000000000 +0000
@@ -32,6 +32,7 @@
type mplayer_home_t;
typealias mplayer_home_t alias { user_mplayer_home_t staff_mplayer_home_t sysadm_mplayer_home_t };
@@ -4831,16 +4900,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/namespace.fc serefpolicy-3.9.7/policy/modules/apps/namespace.fc
---- nsaserefpolicy/policy/modules/apps/namespace.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/namespace.fc 2011-01-14 16:42:28.160042208 +0100
+--- nsaserefpolicy/policy/modules/apps/namespace.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/namespace.fc 2011-01-14 15:42:28.000000000 +0000
@@ -0,0 +1,3 @@
+
+/etc/security/namespace.init -- gen_context(system_u:object_r:namespace_init_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/namespace.if serefpolicy-3.9.7/policy/modules/apps/namespace.if
---- nsaserefpolicy/policy/modules/apps/namespace.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/namespace.if 2011-01-14 16:42:28.161042562 +0100
-@@ -0,0 +1,46 @@
+--- nsaserefpolicy/policy/modules/apps/namespace.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/namespace.if 2011-01-27 13:29:07.896455000 +0000
+@@ -0,0 +1,48 @@
+
+## <summary>policy for namespace</summary>
+
@@ -4886,10 +4955,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/namespac
+
+ namespace_init_domtrans($1)
+ role $2 types namespace_init_t;
++
++ seutil_run_setfiles(namespace_init_t, $2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/namespace.te serefpolicy-3.9.7/policy/modules/apps/namespace.te
---- nsaserefpolicy/policy/modules/apps/namespace.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/namespace.te 2011-01-14 16:42:28.161042562 +0100
+--- nsaserefpolicy/policy/modules/apps/namespace.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/namespace.te 2011-01-24 17:15:34.737455000 +0000
@@ -0,0 +1,38 @@
+policy_module(namespace,1.0.0)
+
@@ -4930,8 +5001,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/namespac
+userdom_relabelto_user_home_files(namespace_init_t)
+userdom_user_home_dir_filetrans_user_home_content(namespace_init_t, { dir file lnk_file fifo_file sock_file })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.9.7/policy/modules/apps/nsplugin.fc
---- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/nsplugin.fc 2010-11-05 14:02:26.463651990 +0100
+--- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/nsplugin.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,11 @@
+HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
+HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0)
@@ -4945,8 +5016,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+/usr/lib(64)?/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:nsplugin_config_exec_t,s0)
+/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.9.7/policy/modules/apps/nsplugin.if
---- nsaserefpolicy/policy/modules/apps/nsplugin.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/nsplugin.if 2010-11-05 14:02:26.465650393 +0100
+--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/nsplugin.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,436 @@
+
+## <summary>policy for nsplugin</summary>
@@ -5385,8 +5456,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+ userdom_user_home_content_filetrans($1, nsplugin_home_t, $2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.9.7/policy/modules/apps/nsplugin.te
---- nsaserefpolicy/policy/modules/apps/nsplugin.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/nsplugin.te 2010-11-05 14:02:26.467652078 +0100
+--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/nsplugin.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,312 @@
+policy_module(nsplugin, 1.0.0)
+
@@ -5701,16 +5772,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.9.7/policy/modules/apps/openoffice.fc
---- nsaserefpolicy/policy/modules/apps/openoffice.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/openoffice.fc 2010-11-05 14:02:26.468650895 +0100
+--- nsaserefpolicy/policy/modules/apps/openoffice.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/openoffice.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,4 @@
+/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+/opt/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.9.7/policy/modules/apps/openoffice.if
---- nsaserefpolicy/policy/modules/apps/openoffice.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/openoffice.if 2010-11-05 14:02:26.469650061 +0100
+--- nsaserefpolicy/policy/modules/apps/openoffice.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/openoffice.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,129 @@
+## <summary>Openoffice</summary>
+
@@ -5842,8 +5913,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
+ domtrans_pattern($1, openoffice_exec_t, $2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.9.7/policy/modules/apps/openoffice.te
---- nsaserefpolicy/policy/modules/apps/openoffice.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/openoffice.te 2010-11-05 14:02:26.470650206 +0100
+--- nsaserefpolicy/policy/modules/apps/openoffice.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/openoffice.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,16 @@
+policy_module(openoffice, 1.0.0)
+
@@ -5862,8 +5933,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
+#
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.9.7/policy/modules/apps/podsleuth.te
---- nsaserefpolicy/policy/modules/apps/podsleuth.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/podsleuth.te 2010-11-05 14:02:26.472652449 +0100
+--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/podsleuth.te 2010-11-05 13:02:26.000000000 +0000
@@ -27,7 +27,7 @@
# podsleuth local policy
#
@@ -5882,8 +5953,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleut
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.9.7/policy/modules/apps/pulseaudio.if
---- nsaserefpolicy/policy/modules/apps/pulseaudio.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/pulseaudio.if 2010-11-05 14:02:26.473652523 +0100
+--- nsaserefpolicy/policy/modules/apps/pulseaudio.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/pulseaudio.if 2010-11-05 13:02:26.000000000 +0000
@@ -17,7 +17,7 @@
#
interface(`pulseaudio_role',`
@@ -5921,8 +5992,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.9.7/policy/modules/apps/pulseaudio.te
---- nsaserefpolicy/policy/modules/apps/pulseaudio.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/pulseaudio.te 2010-11-05 14:02:26.474653506 +0100
+--- nsaserefpolicy/policy/modules/apps/pulseaudio.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/pulseaudio.te 2010-11-05 13:02:26.000000000 +0000
@@ -44,6 +44,7 @@
manage_dirs_pattern(pulseaudio_t, pulseaudio_home_t, pulseaudio_home_t)
manage_files_pattern(pulseaudio_t, pulseaudio_home_t, pulseaudio_home_t)
@@ -5974,8 +6045,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud
+ sandbox_manage_tmpfs_files(pulseaudio_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.9.7/policy/modules/apps/qemu.if
---- nsaserefpolicy/policy/modules/apps/qemu.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/qemu.if 2010-11-05 14:02:26.476901106 +0100
+--- nsaserefpolicy/policy/modules/apps/qemu.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/qemu.if 2010-11-05 13:02:26.000000000 +0000
@@ -157,6 +157,24 @@
########################################
@@ -6114,8 +6185,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.9.7/policy/modules/apps/qemu.te
---- nsaserefpolicy/policy/modules/apps/qemu.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/qemu.te 2010-12-20 15:27:51.269051478 +0100
+--- nsaserefpolicy/policy/modules/apps/qemu.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/qemu.te 2010-12-20 14:27:51.000000000 +0000
@@ -55,6 +55,7 @@
userdom_search_user_home_content(qemu_t)
@@ -6156,15 +6227,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te
allow unconfined_qemu_t self:process { execstack execmem };
allow unconfined_qemu_t qemu_exec_t:file execmod;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/rssh.fc serefpolicy-3.9.7/policy/modules/apps/rssh.fc
---- nsaserefpolicy/policy/modules/apps/rssh.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/rssh.fc 2010-11-05 14:02:26.478901883 +0100
+--- nsaserefpolicy/policy/modules/apps/rssh.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/rssh.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1 +1,3 @@
/usr/bin/rssh -- gen_context(system_u:object_r:rssh_exec_t,s0)
+
+/usr/libexec/rssh_chroot_helper -- gen_context(system_u:object_r:rssh_chroot_helper_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/rssh.if serefpolicy-3.9.7/policy/modules/apps/rssh.if
---- nsaserefpolicy/policy/modules/apps/rssh.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/rssh.if 2010-11-05 14:02:26.479902237 +0100
+--- nsaserefpolicy/policy/modules/apps/rssh.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/rssh.if 2010-11-05 13:02:26.000000000 +0000
@@ -64,3 +64,21 @@
read_files_pattern($1, rssh_ro_t, rssh_ro_t)
read_lnk_files_pattern($1, rssh_ro_t, rssh_ro_t)
@@ -6188,8 +6259,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/rssh.if
+ domtrans_pattern($1, rssh_chroot_helper_exec_t, rssh_chroot_helper_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/rssh.te serefpolicy-3.9.7/policy/modules/apps/rssh.te
---- nsaserefpolicy/policy/modules/apps/rssh.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/rssh.te 2010-11-05 14:02:26.480901962 +0100
+--- nsaserefpolicy/policy/modules/apps/rssh.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/rssh.te 2010-11-05 13:02:26.000000000 +0000
@@ -31,6 +31,12 @@
typealias rssh_rw_t alias { auditadm_rssh_rw_t secadm_rssh_rw_t };
userdom_user_home_content(rssh_rw_t)
@@ -6230,8 +6301,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/rssh.te
+miscfiles_read_localization(rssh_chroot_helper_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.9.7/policy/modules/apps/sambagui.te
---- nsaserefpolicy/policy/modules/apps/sambagui.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/sambagui.te 2010-11-05 14:02:26.481925503 +0100
+--- nsaserefpolicy/policy/modules/apps/sambagui.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/sambagui.te 2010-11-05 13:02:26.000000000 +0000
@@ -29,7 +29,7 @@
files_read_etc_files(sambagui_t)
@@ -6261,13 +6332,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui
policykit_dbus_chat(sambagui_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.fc serefpolicy-3.9.7/policy/modules/apps/sandbox.fc
---- nsaserefpolicy/policy/modules/apps/sandbox.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/sandbox.fc 2011-01-18 17:08:34.844040747 +0100
+--- nsaserefpolicy/policy/modules/apps/sandbox.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/sandbox.fc 2011-01-18 16:08:34.000000000 +0000
@@ -0,0 +1 @@
+/usr/share/sandbox/start -- gen_context(system_u:object_r:sandbox_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.9.7/policy/modules/apps/sandbox.if
---- nsaserefpolicy/policy/modules/apps/sandbox.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/sandbox.if 2011-01-19 17:29:02.233041965 +0100
+--- nsaserefpolicy/policy/modules/apps/sandbox.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/sandbox.if 2011-01-19 16:29:02.000000000 +0000
@@ -0,0 +1,337 @@
+
+## <summary>policy for sandbox</summary>
@@ -6607,8 +6678,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
+ allow $1 sandbox_file_type:dir list_dir_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.9.7/policy/modules/apps/sandbox.te
---- nsaserefpolicy/policy/modules/apps/sandbox.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/sandbox.te 2011-01-19 17:29:06.698042209 +0100
+--- nsaserefpolicy/policy/modules/apps/sandbox.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/sandbox.te 2011-01-19 16:29:06.000000000 +0000
@@ -0,0 +1,451 @@
+policy_module(sandbox,1.0.0)
+dbus_stub()
@@ -7062,30 +7133,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.fc serefpolicy-3.9.7/policy/modules/apps/screen.fc
---- nsaserefpolicy/policy/modules/apps/screen.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/screen.fc 2011-01-14 14:38:22.853041696 +0100
-@@ -2,6 +2,7 @@
+--- nsaserefpolicy/policy/modules/apps/screen.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/screen.fc 2011-01-24 17:04:54.024455001 +0000
+@@ -2,6 +2,9 @@
# /home
#
HOME_DIR/\.screenrc -- gen_context(system_u:object_r:screen_home_t,s0)
+HOME_DIR/\.screen(/.*)? gen_context(system_u:object_r:screen_home_t,s0)
++
++/root/\.screen(/.*)? gen_context(system_u:object_r:screen_home_t,s0)
#
# /usr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.9.7/policy/modules/apps/screen.if
---- nsaserefpolicy/policy/modules/apps/screen.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/screen.if 2011-01-18 16:05:02.023042082 +0100
-@@ -64,6 +64,9 @@
+--- nsaserefpolicy/policy/modules/apps/screen.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/screen.if 2011-01-24 17:07:44.636455001 +0000
+@@ -64,6 +64,10 @@
files_pid_filetrans($1_screen_t, screen_var_run_t, dir)
allow $1_screen_t screen_home_t:dir list_dir_perms;
+ manage_dirs_pattern($1_screen_t, screen_home_t, screen_home_t)
+ manage_fifo_files_pattern($1_screen_t, screen_home_t, screen_home_t)
+ userdom_user_home_dir_filetrans($1_screen_t, screen_home_t, dir)
++ userdom_admin_home_dir_filetrans($1_screen_t, screen_home_t, dir)
read_files_pattern($1_screen_t, screen_home_t, screen_home_t)
read_lnk_files_pattern($1_screen_t, screen_home_t, screen_home_t)
-@@ -113,6 +116,7 @@
+@@ -113,6 +117,7 @@
dev_read_urand($1_screen_t)
domain_use_interactive_fds($1_screen_t)
@@ -7094,8 +7168,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.i
files_search_tmp($1_screen_t)
files_search_home($1_screen_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.if serefpolicy-3.9.7/policy/modules/apps/seunshare.if
---- nsaserefpolicy/policy/modules/apps/seunshare.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/seunshare.if 2010-11-05 14:02:26.488655314 +0100
+--- nsaserefpolicy/policy/modules/apps/seunshare.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/seunshare.if 2010-11-05 13:02:26.000000000 +0000
@@ -53,8 +53,14 @@
########################################
@@ -7148,8 +7222,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar
+ ')
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.te serefpolicy-3.9.7/policy/modules/apps/seunshare.te
---- nsaserefpolicy/policy/modules/apps/seunshare.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/seunshare.te 2010-11-05 14:02:26.489652874 +0100
+--- nsaserefpolicy/policy/modules/apps/seunshare.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/seunshare.te 2010-11-05 13:02:26.000000000 +0000
@@ -5,40 +5,45 @@
# Declarations
#
@@ -7214,8 +7288,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-3.9.7/policy/modules/apps/slocate.te
---- nsaserefpolicy/policy/modules/apps/slocate.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/slocate.te 2010-11-05 14:02:26.490654834 +0100
+--- nsaserefpolicy/policy/modules/apps/slocate.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/slocate.te 2010-11-05 13:02:26.000000000 +0000
@@ -38,6 +38,7 @@
dev_getattr_all_chr_files(locate_t)
@@ -7225,8 +7299,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.
files_getattr_all_pipes(locate_t)
files_getattr_all_sockets(locate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathy.fc serefpolicy-3.9.7/policy/modules/apps/telepathy.fc
---- nsaserefpolicy/policy/modules/apps/telepathy.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/telepathy.fc 2010-11-05 14:02:26.977899762 +0100
+--- nsaserefpolicy/policy/modules/apps/telepathy.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/telepathy.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,16 @@
+HOME_DIR/\.mission-control(/.*)? gen_context(system_u:object_r:telepathy_mission_control_home_t, s0)
+HOME_DIR/\.cache/\.mc_connections -- gen_context(system_u:object_r:telepathy_mission_control_cache_home_t, s0)
@@ -7245,8 +7319,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepath
+/usr/libexec/telepathy-sunshine -- gen_context(system_u:object_r:telepathy_sunshine_exec_t, s0)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathy.if serefpolicy-3.9.7/policy/modules/apps/telepathy.if
---- nsaserefpolicy/policy/modules/apps/telepathy.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/telepathy.if 2010-11-05 14:02:26.492902015 +0100
+--- nsaserefpolicy/policy/modules/apps/telepathy.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/telepathy.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,168 @@
+
+## <summary>Telepathy framework.</summary>
@@ -7417,8 +7491,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepath
+ files_search_tmp($1)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathy.te serefpolicy-3.9.7/policy/modules/apps/telepathy.te
---- nsaserefpolicy/policy/modules/apps/telepathy.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/apps/telepathy.te 2010-11-05 14:02:26.494917110 +0100
+--- nsaserefpolicy/policy/modules/apps/telepathy.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/telepathy.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,329 @@
+
+policy_module(telepathy, 1.0.0)
@@ -7750,16 +7824,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepath
+ xserver_rw_xdm_pipes(telepathy_domain)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.fc serefpolicy-3.9.7/policy/modules/apps/userhelper.fc
---- nsaserefpolicy/policy/modules/apps/userhelper.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/userhelper.fc 2010-11-05 14:02:26.495911736 +0100
+--- nsaserefpolicy/policy/modules/apps/userhelper.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/userhelper.fc 2010-11-05 13:02:26.000000000 +0000
@@ -7,3 +7,4 @@
# /usr
#
/usr/sbin/userhelper -- gen_context(system_u:object_r:userhelper_exec_t,s0)
+/usr/bin/consolehelper -- gen_context(system_u:object_r:consolehelper_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.if serefpolicy-3.9.7/policy/modules/apps/userhelper.if
---- nsaserefpolicy/policy/modules/apps/userhelper.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/userhelper.if 2010-11-05 14:02:26.497650674 +0100
+--- nsaserefpolicy/policy/modules/apps/userhelper.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/userhelper.if 2010-11-05 13:02:26.000000000 +0000
@@ -25,6 +25,7 @@
gen_require(`
attribute userhelper_type;
@@ -7831,8 +7905,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
+ ')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.te serefpolicy-3.9.7/policy/modules/apps/userhelper.te
---- nsaserefpolicy/policy/modules/apps/userhelper.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/userhelper.te 2010-11-05 14:02:26.498653402 +0100
+--- nsaserefpolicy/policy/modules/apps/userhelper.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/userhelper.te 2010-11-05 13:02:26.000000000 +0000
@@ -6,9 +6,61 @@
#
@@ -7896,8 +7970,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
+ xserver_stream_connect(consolehelper_domain)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.9.7/policy/modules/apps/vmware.fc
---- nsaserefpolicy/policy/modules/apps/vmware.fc 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/vmware.fc 2010-11-05 14:02:26.499652708 +0100
+--- nsaserefpolicy/policy/modules/apps/vmware.fc 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/vmware.fc 2010-11-05 13:02:26.000000000 +0000
@@ -66,5 +66,6 @@
/var/log/vmware.* -- gen_context(system_u:object_r:vmware_log_t,s0)
/var/log/vnetlib.* -- gen_context(system_u:object_r:vmware_log_t,s0)
@@ -7906,8 +7980,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.f
/var/run/vmnat.* -s gen_context(system_u:object_r:vmware_var_run_t,s0)
/var/run/vmware.* gen_context(system_u:object_r:vmware_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.9.7/policy/modules/apps/vmware.te
---- nsaserefpolicy/policy/modules/apps/vmware.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/vmware.te 2011-01-14 14:42:18.439041608 +0100
+--- nsaserefpolicy/policy/modules/apps/vmware.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/vmware.te 2011-01-14 13:42:18.000000000 +0000
@@ -126,6 +126,7 @@
dev_read_sysfs(vmware_host_t)
dev_read_urand(vmware_host_t)
@@ -7957,8 +8031,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.t
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalizer.te serefpolicy-3.9.7/policy/modules/apps/webalizer.te
---- nsaserefpolicy/policy/modules/apps/webalizer.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/webalizer.te 2011-01-03 14:33:54.725041758 +0100
+--- nsaserefpolicy/policy/modules/apps/webalizer.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/webalizer.te 2011-01-03 13:33:54.000000000 +0000
@@ -103,3 +103,8 @@
optional_policy(`
nscd_socket_use(webalizer_t)
@@ -7969,8 +8043,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalize
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.9.7/policy/modules/apps/wine.fc
---- nsaserefpolicy/policy/modules/apps/wine.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/wine.fc 2010-11-05 14:02:26.503653075 +0100
+--- nsaserefpolicy/policy/modules/apps/wine.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/wine.fc 2010-11-05 13:02:26.000000000 +0000
@@ -2,6 +2,7 @@
/opt/cxoffice/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
@@ -7980,8 +8054,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc
/opt/google/picasa(/.*)?/bin/notepad -- gen_context(system_u:object_r:wine_exec_t,s0)
/opt/google/picasa(/.*)?/bin/progman -- gen_context(system_u:object_r:wine_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.9.7/policy/modules/apps/wine.if
---- nsaserefpolicy/policy/modules/apps/wine.if 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/wine.if 2010-11-05 14:02:26.505650221 +0100
+--- nsaserefpolicy/policy/modules/apps/wine.if 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/wine.if 2010-11-05 13:02:26.000000000 +0000
@@ -29,12 +29,16 @@
#
template(`wine_role',`
@@ -8061,8 +8135,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if
+ allow $1 wine_t:shm rw_shm_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.9.7/policy/modules/apps/wine.te
---- nsaserefpolicy/policy/modules/apps/wine.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/wine.te 2010-11-05 14:02:26.506650225 +0100
+--- nsaserefpolicy/policy/modules/apps/wine.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/wine.te 2010-11-05 13:02:26.000000000 +0000
@@ -51,7 +51,11 @@
')
@@ -8077,8 +8151,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wireshark.te serefpolicy-3.9.7/policy/modules/apps/wireshark.te
---- nsaserefpolicy/policy/modules/apps/wireshark.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/wireshark.te 2010-11-05 14:02:26.507650160 +0100
+--- nsaserefpolicy/policy/modules/apps/wireshark.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/wireshark.te 2010-11-05 13:02:26.000000000 +0000
@@ -15,6 +15,7 @@
type wireshark_home_t;
typealias wireshark_home_t alias { user_wireshark_home_t staff_wireshark_home_t sysadm_wireshark_home_t };
@@ -8097,8 +8171,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wireshar
corenet_tcp_sendrecv_generic_if(wireshark_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if serefpolicy-3.9.7/policy/modules/apps/wm.if
---- nsaserefpolicy/policy/modules/apps/wm.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/apps/wm.if 2010-11-18 15:50:46.683399390 +0100
+--- nsaserefpolicy/policy/modules/apps/wm.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/apps/wm.if 2010-11-18 14:50:46.000000000 +0000
@@ -42,6 +42,7 @@
allow $1_wm_t self:process getsched;
allow $1_wm_t self:shm create_shm_perms;
@@ -8128,8 +8202,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if se
dbus_system_bus_client($1_wm_t)
dbus_session_bus_client($1_wm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.9.7/policy/modules/kernel/corecommands.fc
---- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/corecommands.fc 2011-01-14 17:03:13.574042262 +0100
+--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/corecommands.fc 2011-01-14 16:03:13.000000000 +0000
@@ -9,8 +9,11 @@
/bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0)
/bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0)
@@ -8284,8 +8358,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
+/usr/local/Brother/(.*/)?inf/brprintconf.* -- gen_context(system_u:object_r:bin_t,s0)
+/usr/local/Brother/(.*/)?inf/setup.* -- gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.9.7/policy/modules/kernel/corecommands.if
---- nsaserefpolicy/policy/modules/kernel/corecommands.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/corecommands.if 2010-11-05 14:02:26.513653539 +0100
+--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/corecommands.if 2010-11-05 13:02:26.000000000 +0000
@@ -163,7 +163,7 @@
########################################
@@ -8337,8 +8411,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
manage_lnk_files_pattern($1, bin_t, bin_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.fc serefpolicy-3.9.7/policy/modules/kernel/corenetwork.fc
---- nsaserefpolicy/policy/modules/kernel/corenetwork.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/corenetwork.fc 2010-11-05 14:02:26.514653962 +0100
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/corenetwork.fc 2010-11-05 13:02:26.000000000 +0000
@@ -5,3 +5,6 @@
/dev/tap.* -c gen_context(system_u:object_r:tun_tap_device_t,s0)
@@ -8347,8 +8421,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
+/lib/udev/devices/ppp -c gen_context(system_u:object_r:ppp_device_t,s0)
+/lib/udev/devices/net/.* -c gen_context(system_u:object_r:tun_tap_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.9.7/policy/modules/kernel/corenetwork.te.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/corenetwork.te.in 2011-01-17 10:35:04.487041547 +0100
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/corenetwork.te.in 2011-01-28 17:39:37.305455001 +0000
@@ -24,6 +24,7 @@
#
type tun_tap_device_t;
@@ -8447,7 +8521,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
-network_port(ntop, tcp,3000,s0, udp,3000,s0, tcp,3001,s0, udp,3001,s0)
+network_port(ntop, tcp,3000-3001,s0, udp,3000-3001,s0)
network_port(ntp, udp,123,s0)
-+network_port(oracle, tcp, 1521,s0,udp, 1521,s0, tcp,2483,s0,udp,2483,s0, tcp,2484,s0, udp,2484,s0)
++network_port(oracledb, tcp, 1521,s0,udp, 1521,s0, tcp,2483,s0,udp,2483,s0, tcp,2484,s0, udp,2484,s0)
network_port(ocsp, tcp,9080,s0)
network_port(openvpn, tcp,1194,s0, udp,1194,s0)
network_port(pegasus_http, tcp,5988,s0)
@@ -8533,8 +8607,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
+allow corenet_unconfined_type port_type:{ tcp_socket udp_socket rawip_socket } name_bind;
allow corenet_unconfined_type node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.9.7/policy/modules/kernel/devices.fc
---- nsaserefpolicy/policy/modules/kernel/devices.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/devices.fc 2010-11-05 14:02:26.519917011 +0100
+--- nsaserefpolicy/policy/modules/kernel/devices.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/devices.fc 2010-11-05 13:02:26.000000000 +0000
@@ -159,6 +159,7 @@
/dev/mvideo/.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
@@ -8569,8 +8643,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
+#
+/sys(/.*)? gen_context(system_u:object_r:sysfs_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.9.7/policy/modules/kernel/devices.if
---- nsaserefpolicy/policy/modules/kernel/devices.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/devices.if 2011-01-18 17:18:33.382042920 +0100
+--- nsaserefpolicy/policy/modules/kernel/devices.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/devices.if 2011-01-18 16:18:33.000000000 +0000
@@ -336,6 +336,24 @@
########################################
@@ -8904,8 +8978,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.9.7/policy/modules/kernel/devices.te
---- nsaserefpolicy/policy/modules/kernel/devices.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/devices.te 2010-11-05 14:02:26.528900638 +0100
+--- nsaserefpolicy/policy/modules/kernel/devices.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/devices.te 2010-11-05 13:02:26.000000000 +0000
@@ -102,6 +102,7 @@
#
type kvm_device_t;
@@ -8922,8 +8996,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
+allow devices_unconfined_type device_node:{ blk_file chr_file lnk_file } *;
allow devices_unconfined_type mtrr_device_t:file *;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.9.7/policy/modules/kernel/domain.if
---- nsaserefpolicy/policy/modules/kernel/domain.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/domain.if 2010-11-05 14:02:26.530901275 +0100
+--- nsaserefpolicy/policy/modules/kernel/domain.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/domain.if 2010-11-05 13:02:26.000000000 +0000
@@ -474,6 +474,25 @@
########################################
@@ -8992,8 +9066,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+ dontaudit $1 domain:socket_class_set { read write };
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.9.7/policy/modules/kernel/domain.te
---- nsaserefpolicy/policy/modules/kernel/domain.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/domain.te 2010-11-05 14:02:26.531901140 +0100
+--- nsaserefpolicy/policy/modules/kernel/domain.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/domain.te 2010-11-05 13:02:26.000000000 +0000
@@ -4,6 +4,21 @@
#
# Declarations
@@ -9167,8 +9241,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+# broken kernel
+dontaudit can_change_object_identity can_change_object_identity:key link;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.9.7/policy/modules/kernel/files.fc
---- nsaserefpolicy/policy/modules/kernel/files.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/files.fc 2010-11-10 10:16:15.579407766 +0100
+--- nsaserefpolicy/policy/modules/kernel/files.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/files.fc 2011-01-25 17:02:12.225455001 +0000
@@ -18,6 +18,7 @@
/fsckoptions -- gen_context(system_u:object_r:etc_runtime_t,s0)
/halt -- gen_context(system_u:object_r:etc_runtime_t,s0)
@@ -9269,10 +9343,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
+/nsr(/.*)? gen_context(system_u:object_r:var_t,s0)
+/nsr/logs(/.*)? gen_context(system_u:object_r:var_log_t,s0)
+
-+/usr/lib/debug <<none>>
++/usr/lib/debug(/.*)? <<none>>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.9.7/policy/modules/kernel/files.if
---- nsaserefpolicy/policy/modules/kernel/files.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/files.if 2010-12-01 14:00:54.587042432 +0100
+--- nsaserefpolicy/policy/modules/kernel/files.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/files.if 2011-01-24 18:04:07.679455001 +0000
@@ -1053,10 +1053,8 @@
relabel_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
relabel_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
@@ -10294,8 +10368,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
+ allow $1 file_type:kernel_service create_files_as;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.9.7/policy/modules/kernel/files.te
---- nsaserefpolicy/policy/modules/kernel/files.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/files.te 2010-11-05 14:02:26.545899735 +0100
+--- nsaserefpolicy/policy/modules/kernel/files.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/files.te 2010-11-05 13:02:26.000000000 +0000
@@ -11,6 +11,7 @@
attribute mountpoint;
attribute pidfile;
@@ -10328,8 +10402,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
#Temporarily in policy until FC5 dissappears
typealias etc_runtime_t alias firstboot_rw_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.fc serefpolicy-3.9.7/policy/modules/kernel/filesystem.fc
---- nsaserefpolicy/policy/modules/kernel/filesystem.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/filesystem.fc 2010-11-05 14:02:26.546899949 +0100
+--- nsaserefpolicy/policy/modules/kernel/filesystem.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/filesystem.fc 2010-11-05 13:02:26.000000000 +0000
@@ -2,5 +2,16 @@
/dev/shm/.* <<none>>
@@ -10348,8 +10422,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
+/dev/hugepages -d gen_context(system_u:object_r:hugetlbfs_t,s0)
+/dev/hugepages(/.*)? <<none>>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.9.7/policy/modules/kernel/filesystem.if
---- nsaserefpolicy/policy/modules/kernel/filesystem.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/filesystem.if 2010-12-15 14:58:40.821042279 +0100
+--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/filesystem.if 2010-12-15 13:58:40.000000000 +0000
@@ -646,11 +646,31 @@
')
@@ -10801,8 +10875,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.9.7/policy/modules/kernel/filesystem.te
---- nsaserefpolicy/policy/modules/kernel/filesystem.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/filesystem.te 2011-01-14 16:44:38.431041319 +0100
+--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/filesystem.te 2011-01-14 15:44:38.000000000 +0000
@@ -52,6 +52,7 @@
fs_type(anon_inodefs_t)
files_mountpoint(anon_inodefs_t)
@@ -10886,8 +10960,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
########################################
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.9.7/policy/modules/kernel/kernel.if
---- nsaserefpolicy/policy/modules/kernel/kernel.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/kernel.if 2011-01-19 17:48:56.478041164 +0100
+--- nsaserefpolicy/policy/modules/kernel/kernel.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/kernel.if 2011-01-19 16:48:56.000000000 +0000
@@ -698,6 +698,46 @@
########################################
@@ -11044,8 +11118,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.9.7/policy/modules/kernel/kernel.te
---- nsaserefpolicy/policy/modules/kernel/kernel.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/kernel.te 2011-01-18 18:03:07.135042561 +0100
+--- nsaserefpolicy/policy/modules/kernel/kernel.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/kernel.te 2011-01-18 17:03:07.000000000 +0000
@@ -52,6 +52,7 @@
fs_type(debugfs_t)
allow debugfs_t self:filesystem associate;
@@ -11124,8 +11198,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
#
# Unlabeled process local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.if serefpolicy-3.9.7/policy/modules/kernel/mcs.if
---- nsaserefpolicy/policy/modules/kernel/mcs.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/mcs.if 2010-11-05 14:02:26.553900050 +0100
+--- nsaserefpolicy/policy/modules/kernel/mcs.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/mcs.if 2010-11-05 13:02:26.000000000 +0000
@@ -102,3 +102,30 @@
typeattribute $1 mcssetcats;
@@ -11158,8 +11232,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.if
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.te serefpolicy-3.9.7/policy/modules/kernel/mcs.te
---- nsaserefpolicy/policy/modules/kernel/mcs.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/mcs.te 2010-11-05 14:02:26.554900264 +0100
+--- nsaserefpolicy/policy/modules/kernel/mcs.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/mcs.te 2010-11-05 13:02:26.000000000 +0000
@@ -10,3 +10,5 @@
attribute mcssetcats;
attribute mcswriteall;
@@ -11167,8 +11241,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.te
+attribute mcsuntrustedproc;
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.9.7/policy/modules/kernel/selinux.if
---- nsaserefpolicy/policy/modules/kernel/selinux.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/selinux.if 2010-11-05 14:02:26.554900264 +0100
+--- nsaserefpolicy/policy/modules/kernel/selinux.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/selinux.if 2010-11-05 13:02:26.000000000 +0000
@@ -40,7 +40,7 @@
# because of this statement, any module which
@@ -11270,8 +11344,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.9.7/policy/modules/kernel/storage.fc
---- nsaserefpolicy/policy/modules/kernel/storage.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/storage.fc 2010-11-05 14:02:26.556900133 +0100
+--- nsaserefpolicy/policy/modules/kernel/storage.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/storage.fc 2010-11-05 13:02:26.000000000 +0000
@@ -77,3 +77,6 @@
/dev/scramdisk/.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
@@ -11280,8 +11354,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
+/lib/udev/devices/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+/lib/udev/devices/fuse -c gen_context(system_u:object_r:fuse_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.9.7/policy/modules/kernel/storage.if
---- nsaserefpolicy/policy/modules/kernel/storage.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/storage.if 2010-11-05 14:02:26.557900138 +0100
+--- nsaserefpolicy/policy/modules/kernel/storage.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/storage.if 2010-11-05 13:02:26.000000000 +0000
@@ -101,6 +101,8 @@
dev_list_all_dev_nodes($1)
allow $1 fixed_disk_device_t:blk_file read_blk_file_perms;
@@ -11301,8 +11375,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
dev_add_entry_generic_dirs($1)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-3.9.7/policy/modules/kernel/terminal.fc
---- nsaserefpolicy/policy/modules/kernel/terminal.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/terminal.fc 2010-11-05 14:02:26.557900138 +0100
+--- nsaserefpolicy/policy/modules/kernel/terminal.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/terminal.fc 2010-11-05 13:02:26.000000000 +0000
@@ -40,3 +40,5 @@
# used by init scripts to initally populate udev /dev
/lib/udev/devices/console -c gen_context(system_u:object_r:console_device_t,s0)
@@ -11310,8 +11384,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin
+
+/lib/udev/devices/pts -d gen_context(system_u:object_r:devpts_t,s0-mls_systemhigh)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.9.7/policy/modules/kernel/terminal.if
---- nsaserefpolicy/policy/modules/kernel/terminal.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/terminal.if 2011-01-07 10:36:13.526042624 +0100
+--- nsaserefpolicy/policy/modules/kernel/terminal.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/terminal.if 2011-01-07 09:36:13.000000000 +0000
@@ -292,9 +292,11 @@
interface(`term_dontaudit_use_console',`
gen_require(`
@@ -11407,8 +11481,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.te serefpolicy-3.9.7/policy/modules/kernel/terminal.te
---- nsaserefpolicy/policy/modules/kernel/terminal.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/terminal.te 2010-11-05 14:02:26.559900216 +0100
+--- nsaserefpolicy/policy/modules/kernel/terminal.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/kernel/terminal.te 2010-11-05 13:02:26.000000000 +0000
@@ -29,6 +29,7 @@
fs_associate_tmpfs(devpts_t)
fs_type(devpts_t)
@@ -11418,8 +11492,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin
#
# devtty_t is the type of /dev/tty.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/auditadm.te serefpolicy-3.9.7/policy/modules/roles/auditadm.te
---- nsaserefpolicy/policy/modules/roles/auditadm.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/roles/auditadm.te 2010-11-05 14:02:26.560899941 +0100
+--- nsaserefpolicy/policy/modules/roles/auditadm.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/roles/auditadm.te 2010-11-05 13:02:26.000000000 +0000
@@ -28,10 +28,13 @@
logging_manage_audit_config(auditadm_t)
logging_run_auditctl(auditadm_t, auditadm_r)
@@ -11435,8 +11509,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/auditad
consoletype_exec(auditadm_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/dbadm.te serefpolicy-3.9.7/policy/modules/roles/dbadm.te
---- nsaserefpolicy/policy/modules/roles/dbadm.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/roles/dbadm.te 2010-11-05 14:02:26.560899941 +0100
+--- nsaserefpolicy/policy/modules/roles/dbadm.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/roles/dbadm.te 2010-11-05 13:02:26.000000000 +0000
@@ -37,6 +37,7 @@
selinux_get_enforce_mode(dbadm_t)
@@ -11454,8 +11528,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/dbadm.t
+ sudo_role_template(dbadm, dbadm_r, dbadm_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.9.7/policy/modules/roles/guest.te
---- nsaserefpolicy/policy/modules/roles/guest.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/roles/guest.te 2010-11-05 14:02:26.561899806 +0100
+--- nsaserefpolicy/policy/modules/roles/guest.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/roles/guest.te 2010-11-05 13:02:26.000000000 +0000
@@ -9,9 +9,15 @@
userdom_restricted_user_template(guest)
@@ -11474,8 +11548,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.t
+
+gen_user(guest_u, user, guest_r, s0, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/secadm.te serefpolicy-3.9.7/policy/modules/roles/secadm.te
---- nsaserefpolicy/policy/modules/roles/secadm.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/roles/secadm.te 2010-11-05 14:02:26.561899806 +0100
+--- nsaserefpolicy/policy/modules/roles/secadm.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/roles/secadm.te 2010-11-05 13:02:26.000000000 +0000
@@ -9,6 +9,8 @@
userdom_unpriv_user_template(secadm)
@@ -11486,9 +11560,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/secadm.
########################################
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.9.7/policy/modules/roles/staff.te
---- nsaserefpolicy/policy/modules/roles/staff.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/roles/staff.te 2010-12-22 13:17:33.238042369 +0100
-@@ -8,12 +8,48 @@
+--- nsaserefpolicy/policy/modules/roles/staff.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/roles/staff.te 2011-01-27 14:39:01.374455000 +0000
+@@ -8,12 +8,52 @@
role staff_r;
userdom_unpriv_user_template(staff)
@@ -11534,10 +11608,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
+netutils_signal_ping(staff_t)
+netutils_kill_ping(staff_t)
+
++tunable_policy(`allow_execmod',`
++ userdom_execmod_user_home_files(staff_usertype)
++')
++
optional_policy(`
apache_role(staff_r, staff_t)
')
-@@ -27,25 +63,108 @@
+@@ -27,25 +67,108 @@
')
optional_policy(`
@@ -11648,7 +11726,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
optional_policy(`
xserver_role(staff_r, staff_t)
-@@ -133,10 +252,6 @@
+@@ -133,10 +256,6 @@
')
optional_policy(`
@@ -11660,8 +11738,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.9.7/policy/modules/roles/sysadm.te
---- nsaserefpolicy/policy/modules/roles/sysadm.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/roles/sysadm.te 2011-01-19 18:19:15.824051591 +0100
+--- nsaserefpolicy/policy/modules/roles/sysadm.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/roles/sysadm.te 2011-01-19 17:19:15.000000000 +0000
@@ -24,20 +24,41 @@
#
# Local policy
@@ -11984,8 +12062,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
+ ')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.9.7/policy/modules/roles/unconfineduser.fc
---- nsaserefpolicy/policy/modules/roles/unconfineduser.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/roles/unconfineduser.fc 2010-11-05 14:02:26.564899749 +0100
+--- nsaserefpolicy/policy/modules/roles/unconfineduser.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/roles/unconfineduser.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,8 @@
+# Add programs here which should not be confined by SELinux
+# e.g.:
@@ -11996,8 +12074,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
+/usr/sbin/xrdp -- gen_context(system_u:object_r:unconfined_exec_t,s0)
+/usr/sbin/xrdp-sesman -- gen_context(system_u:object_r:unconfined_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.if serefpolicy-3.9.7/policy/modules/roles/unconfineduser.if
---- nsaserefpolicy/policy/modules/roles/unconfineduser.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/roles/unconfineduser.if 2010-11-05 14:02:26.566900317 +0100
+--- nsaserefpolicy/policy/modules/roles/unconfineduser.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/roles/unconfineduser.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,687 @@
+## <summary>Unconfiend user role</summary>
+
@@ -12687,8 +12765,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.9.7/policy/modules/roles/unconfineduser.te
---- nsaserefpolicy/policy/modules/roles/unconfineduser.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/roles/unconfineduser.te 2010-11-05 14:02:26.567900182 +0100
+--- nsaserefpolicy/policy/modules/roles/unconfineduser.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/roles/unconfineduser.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,489 @@
+policy_module(unconfineduser, 1.0.0)
+
@@ -13180,14 +13258,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi
+
+gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.9.7/policy/modules/roles/unprivuser.te
---- nsaserefpolicy/policy/modules/roles/unprivuser.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/roles/unprivuser.te 2010-12-15 14:47:10.627042466 +0100
-@@ -12,15 +12,51 @@
+--- nsaserefpolicy/policy/modules/roles/unprivuser.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/roles/unprivuser.te 2011-01-27 14:39:36.413455000 +0000
+@@ -12,15 +12,55 @@
userdom_unpriv_user_template(user)
+fs_exec_noxattr(user_t)
+
++tunable_policy(`allow_execmod',`
++ userdom_execmod_user_home_files(user_usertype)
++')
++
optional_policy(`
apache_role(user_r, user_t)
')
@@ -13234,7 +13316,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivu
xserver_role(user_r, user_t)
')
-@@ -110,7 +146,7 @@
+@@ -110,7 +150,7 @@
')
optional_policy(`
@@ -13244,8 +13326,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivu
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.te serefpolicy-3.9.7/policy/modules/roles/webadm.te
---- nsaserefpolicy/policy/modules/roles/webadm.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/roles/webadm.te 2010-11-05 14:02:26.568899907 +0100
+--- nsaserefpolicy/policy/modules/roles/webadm.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/roles/webadm.te 2010-11-05 13:02:26.000000000 +0000
@@ -38,6 +38,7 @@
seutil_domtrans_setfiles(webadm_t)
@@ -13255,8 +13337,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/webadm.
userdom_dontaudit_search_user_home_dirs(webadm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.9.7/policy/modules/roles/xguest.te
---- nsaserefpolicy/policy/modules/roles/xguest.te 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/roles/xguest.te 2010-11-05 14:02:26.569899841 +0100
+--- nsaserefpolicy/policy/modules/roles/xguest.te 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/roles/xguest.te 2010-11-05 13:02:26.000000000 +0000
@@ -14,7 +14,7 @@
## <desc>
@@ -13417,8 +13499,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.
-#gen_user(xguest_u,, xguest_r, s0, s0)
+gen_user(xguest_u, user, xguest_r, s0, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.fc serefpolicy-3.9.7/policy/modules/services/abrt.fc
---- nsaserefpolicy/policy/modules/services/abrt.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/abrt.fc 2010-11-05 14:02:26.569899841 +0100
+--- nsaserefpolicy/policy/modules/services/abrt.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/abrt.fc 2010-11-05 13:02:26.000000000 +0000
@@ -15,6 +15,7 @@
/var/run/abrt\.pid -- gen_context(system_u:object_r:abrt_var_run_t,s0)
@@ -13428,8 +13510,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
/var/spool/abrt(/.*)? gen_context(system_u:object_r:abrt_var_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.if serefpolicy-3.9.7/policy/modules/services/abrt.if
---- nsaserefpolicy/policy/modules/services/abrt.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/abrt.if 2010-11-05 14:02:26.570901033 +0100
+--- nsaserefpolicy/policy/modules/services/abrt.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/abrt.if 2010-11-05 13:02:26.000000000 +0000
@@ -71,6 +71,7 @@
type abrt_t;
')
@@ -13527,8 +13609,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
admin_pattern($1, abrt_tmp_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.9.7/policy/modules/services/abrt.te
---- nsaserefpolicy/policy/modules/services/abrt.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/abrt.te 2011-01-07 14:18:32.638042294 +0100
+--- nsaserefpolicy/policy/modules/services/abrt.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/abrt.te 2011-01-07 13:18:32.000000000 +0000
@@ -5,6 +5,14 @@
# Declarations
#
@@ -13702,8 +13784,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt
+ allow abrt_t domain:process setrlimit;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/accountsd.if serefpolicy-3.9.7/policy/modules/services/accountsd.if
---- nsaserefpolicy/policy/modules/services/accountsd.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/accountsd.if 2010-11-05 14:02:26.572899785 +0100
+--- nsaserefpolicy/policy/modules/services/accountsd.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/accountsd.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run accountsd.
## </summary>
@@ -13735,8 +13817,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/acco
accountsd_manage_lib_files($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/accountsd.te serefpolicy-3.9.7/policy/modules/services/accountsd.te
---- nsaserefpolicy/policy/modules/services/accountsd.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/accountsd.te 2010-11-05 14:02:26.573899929 +0100
+--- nsaserefpolicy/policy/modules/services/accountsd.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/accountsd.te 2010-11-05 13:02:26.000000000 +0000
@@ -8,6 +8,8 @@
type accountsd_t;
type accountsd_exec_t;
@@ -13756,8 +13838,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/acco
+ xserver_manage_xdm_etc_files(accountsd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.if serefpolicy-3.9.7/policy/modules/services/afs.if
---- nsaserefpolicy/policy/modules/services/afs.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/afs.if 2010-11-05 14:02:26.573899929 +0100
+--- nsaserefpolicy/policy/modules/services/afs.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/afs.if 2010-11-05 13:02:26.000000000 +0000
@@ -97,8 +97,8 @@
type afs_t, afs_initrc_exec_t;
')
@@ -13770,8 +13852,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.
# Allow afs_admin to restart the afs service
afs_initrc_domtrans($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.9.7/policy/modules/services/afs.te
---- nsaserefpolicy/policy/modules/services/afs.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/afs.te 2010-11-05 14:02:26.574900213 +0100
+--- nsaserefpolicy/policy/modules/services/afs.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/afs.te 2010-11-05 13:02:26.000000000 +0000
@@ -107,6 +107,10 @@
sysnet_dns_name_resolve(afs_t)
@@ -13784,8 +13866,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.
#
# AFS bossserver local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.fc serefpolicy-3.9.7/policy/modules/services/aiccu.fc
---- nsaserefpolicy/policy/modules/services/aiccu.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/aiccu.fc 2010-11-05 14:02:26.575900217 +0100
+--- nsaserefpolicy/policy/modules/services/aiccu.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/aiccu.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,6 @@
+/etc/aiccu.conf -- gen_context(system_u:object_r:aiccu_etc_t,s0)
+/etc/rc\.d/init\.d/aiccu -- gen_context(system_u:object_r:aiccu_initrc_exec_t,s0)
@@ -13794,8 +13876,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc
+
+/var/run/aiccu\.pid -- gen_context(system_u:object_r:aiccu_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.if serefpolicy-3.9.7/policy/modules/services/aiccu.if
---- nsaserefpolicy/policy/modules/services/aiccu.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/aiccu.if 2010-11-05 14:02:26.575900217 +0100
+--- nsaserefpolicy/policy/modules/services/aiccu.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/aiccu.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,116 @@
+## <summary>Automatic IPv6 Connectivity Client Utility.</summary>
+
@@ -13914,8 +13996,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc
+ files_list_pids($1)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.te serefpolicy-3.9.7/policy/modules/services/aiccu.te
---- nsaserefpolicy/policy/modules/services/aiccu.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/aiccu.te 2010-11-05 14:02:26.576900222 +0100
+--- nsaserefpolicy/policy/modules/services/aiccu.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/aiccu.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,71 @@
+policy_module(aiccu, 1.0.0)
+
@@ -13989,8 +14071,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc
+sysnet_domtrans_ifconfig(aiccu_t)
+sysnet_dns_name_resolve(aiccu_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide.if serefpolicy-3.9.7/policy/modules/services/aide.if
---- nsaserefpolicy/policy/modules/services/aide.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/aide.if 2010-11-05 14:02:26.576900222 +0100
+--- nsaserefpolicy/policy/modules/services/aide.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/aide.if 2010-11-05 13:02:26.000000000 +0000
@@ -33,6 +33,7 @@
## The role to allow the AIDE domain.
## </summary>
@@ -14000,8 +14082,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide
interface(`aide_run',`
gen_require(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.if serefpolicy-3.9.7/policy/modules/services/aisexec.if
---- nsaserefpolicy/policy/modules/services/aisexec.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/aisexec.if 2010-11-05 14:02:26.577899877 +0100
+--- nsaserefpolicy/policy/modules/services/aisexec.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/aisexec.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run aisexec.
## </summary>
@@ -14015,8 +14097,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aise
#
interface(`aisexec_domtrans',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.te serefpolicy-3.9.7/policy/modules/services/aisexec.te
---- nsaserefpolicy/policy/modules/services/aisexec.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/aisexec.te 2010-11-05 14:02:26.578899811 +0100
+--- nsaserefpolicy/policy/modules/services/aisexec.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/aisexec.te 2010-11-05 13:02:26.000000000 +0000
@@ -32,7 +32,7 @@
# aisexec local policy
#
@@ -14037,8 +14119,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aise
ccs_stream_connect(aisexec_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ajaxterm.fc serefpolicy-3.9.7/policy/modules/services/ajaxterm.fc
---- nsaserefpolicy/policy/modules/services/ajaxterm.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/ajaxterm.fc 2010-11-05 14:02:26.578899811 +0100
+--- nsaserefpolicy/policy/modules/services/ajaxterm.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ajaxterm.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,6 @@
+
+/etc/rc\.d/init\.d/ajaxterm -- gen_context(system_u:object_r:ajaxterm_initrc_exec_t,s0)
@@ -14047,8 +14129,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ajax
+
+/var/run/ajaxterm\.pid -- gen_context(system_u:object_r:ajaxterm_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ajaxterm.if serefpolicy-3.9.7/policy/modules/services/ajaxterm.if
---- nsaserefpolicy/policy/modules/services/ajaxterm.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/ajaxterm.if 2010-11-05 14:02:26.579899956 +0100
+--- nsaserefpolicy/policy/modules/services/ajaxterm.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ajaxterm.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,68 @@
+## <summary>policy for ajaxterm</summary>
+
@@ -14119,8 +14201,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ajax
+ allow $2 system_r;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ajaxterm.te serefpolicy-3.9.7/policy/modules/services/ajaxterm.te
---- nsaserefpolicy/policy/modules/services/ajaxterm.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/ajaxterm.te 2010-11-05 14:02:26.580899960 +0100
+--- nsaserefpolicy/policy/modules/services/ajaxterm.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ajaxterm.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,56 @@
+policy_module(ajaxterm, 1.0.0)
+
@@ -14179,8 +14261,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ajax
+
+sysnet_dns_name_resolve(ajaxterm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.if serefpolicy-3.9.7/policy/modules/services/amavis.if
---- nsaserefpolicy/policy/modules/services/amavis.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/amavis.if 2010-11-05 14:02:26.580899960 +0100
+--- nsaserefpolicy/policy/modules/services/amavis.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/amavis.if 2010-11-05 13:02:26.000000000 +0000
@@ -183,7 +183,7 @@
type amavis_var_run_t;
')
@@ -14191,8 +14273,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-3.9.7/policy/modules/services/amavis.te
---- nsaserefpolicy/policy/modules/services/amavis.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/amavis.te 2010-11-22 10:32:08.158419463 +0100
+--- nsaserefpolicy/policy/modules/services/amavis.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/amavis.te 2010-11-22 09:32:08.000000000 +0000
@@ -76,7 +76,7 @@
# tmp files
@@ -14220,8 +14302,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
corenet_all_recvfrom_unlabeled(amavis_t)
corenet_all_recvfrom_netlabel(amavis_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.9.7/policy/modules/services/apache.fc
---- nsaserefpolicy/policy/modules/services/apache.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/apache.fc 2010-11-05 14:02:26.582900039 +0100
+--- nsaserefpolicy/policy/modules/services/apache.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/apache.fc 2010-11-05 13:02:26.000000000 +0000
@@ -2,7 +2,7 @@
/etc/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0)
@@ -14286,8 +14368,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+/var/www/svn/hooks(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
+/var/www/svn/conf(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.9.7/policy/modules/services/apache.if
---- nsaserefpolicy/policy/modules/services/apache.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/apache.if 2010-12-22 13:21:57.145041696 +0100
+--- nsaserefpolicy/policy/modules/services/apache.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/apache.if 2010-12-22 12:21:57.000000000 +0000
@@ -13,17 +13,13 @@
#
template(`apache_content_template',`
@@ -14866,8 +14948,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+ dontaudit $1 httpd_tmp_t:file { read write };
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.9.7/policy/modules/services/apache.te
---- nsaserefpolicy/policy/modules/services/apache.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/apache.te 2011-01-19 17:15:16.626291860 +0100
+--- nsaserefpolicy/policy/modules/services/apache.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/apache.te 2011-01-19 16:15:16.000000000 +0000
@@ -18,130 +18,195 @@
# Declarations
#
@@ -15746,8 +15828,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+ userdom_read_user_home_content_files(httpd_user_script_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.if serefpolicy-3.9.7/policy/modules/services/apcupsd.if
---- nsaserefpolicy/policy/modules/services/apcupsd.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/apcupsd.if 2010-11-05 14:02:26.587899991 +0100
+--- nsaserefpolicy/policy/modules/services/apcupsd.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/apcupsd.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run apcupsd.
## </summary>
@@ -15798,8 +15880,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
allow $1 apcupsd_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.9.7/policy/modules/services/apcupsd.te
---- nsaserefpolicy/policy/modules/services/apcupsd.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/apcupsd.te 2010-11-05 14:02:26.587899991 +0100
+--- nsaserefpolicy/policy/modules/services/apcupsd.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/apcupsd.te 2010-11-05 13:02:26.000000000 +0000
@@ -94,6 +94,10 @@
')
@@ -15812,8 +15894,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
mta_system_content(apcupsd_tmp_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.if serefpolicy-3.9.7/policy/modules/services/apm.if
---- nsaserefpolicy/policy/modules/services/apm.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/apm.if 2010-11-05 14:02:26.588899995 +0100
+--- nsaserefpolicy/policy/modules/services/apm.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/apm.if 2010-11-05 13:02:26.000000000 +0000
@@ -52,7 +52,7 @@
type apmd_t;
')
@@ -15841,8 +15923,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.
+ stream_connect_pattern($1, apmd_var_run_t, apmd_var_run_t, apmd_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-3.9.7/policy/modules/services/apm.te
---- nsaserefpolicy/policy/modules/services/apm.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/apm.te 2010-11-05 14:02:26.589899930 +0100
+--- nsaserefpolicy/policy/modules/services/apm.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/apm.te 2010-11-05 13:02:26.000000000 +0000
@@ -4,6 +4,7 @@
#
# Declarations
@@ -15895,8 +15977,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.
# for ifconfig which is run all the time
kernel_dontaudit_search_sysctl(apmd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.if serefpolicy-3.9.7/policy/modules/services/arpwatch.if
---- nsaserefpolicy/policy/modules/services/arpwatch.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/arpwatch.if 2010-11-05 14:02:26.589899930 +0100
+--- nsaserefpolicy/policy/modules/services/arpwatch.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/arpwatch.if 2010-11-05 13:02:26.000000000 +0000
@@ -137,7 +137,7 @@
type arpwatch_initrc_exec_t;
')
@@ -15907,8 +15989,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw
arpwatch_initrc_domtrans($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.if serefpolicy-3.9.7/policy/modules/services/asterisk.if
---- nsaserefpolicy/policy/modules/services/asterisk.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/asterisk.if 2010-11-05 14:02:26.590900493 +0100
+--- nsaserefpolicy/policy/modules/services/asterisk.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/asterisk.if 2010-11-05 13:02:26.000000000 +0000
@@ -64,7 +64,7 @@
type asterisk_initrc_exec_t;
')
@@ -15919,8 +16001,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
init_labeled_script_domtrans($1, asterisk_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.9.7/policy/modules/services/asterisk.te
---- nsaserefpolicy/policy/modules/services/asterisk.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/asterisk.te 2011-01-18 17:57:44.204042040 +0100
+--- nsaserefpolicy/policy/modules/services/asterisk.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/asterisk.te 2011-01-25 16:56:02.755455001 +0000
@@ -77,9 +77,10 @@
files_var_lib_filetrans(asterisk_t, asterisk_var_lib_t, file)
@@ -15941,15 +16023,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
corenet_udp_bind_asterisk_port(asterisk_t)
corenet_udp_bind_sip_port(asterisk_t)
corenet_sendrecv_asterisk_server_packets(asterisk_t)
-@@ -109,6 +111,7 @@
+@@ -107,8 +109,10 @@
+ corenet_udp_bind_generic_port(asterisk_t)
+ corenet_dontaudit_udp_bind_all_ports(asterisk_t)
corenet_sendrecv_generic_server_packets(asterisk_t)
++corenet_tcp_connect_festival_port(asterisk_t)
corenet_tcp_connect_postgresql_port(asterisk_t)
corenet_tcp_connect_snmp_port(asterisk_t)
+corenet_tcp_connect_sip_port(asterisk_t)
dev_rw_generic_usb_dev(asterisk_t)
dev_read_sysfs(asterisk_t)
-@@ -147,6 +150,10 @@
+@@ -147,6 +151,10 @@
')
optional_policy(`
@@ -15961,8 +16046,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-3.9.7/policy/modules/services/automount.if
---- nsaserefpolicy/policy/modules/services/automount.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/automount.if 2010-11-05 14:02:26.591900149 +0100
+--- nsaserefpolicy/policy/modules/services/automount.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/automount.if 2010-11-05 13:02:26.000000000 +0000
@@ -29,7 +29,6 @@
## </summary>
## </param>
@@ -16000,8 +16085,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
init_labeled_script_domtrans($1, automount_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.9.7/policy/modules/services/automount.te
---- nsaserefpolicy/policy/modules/services/automount.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/automount.te 2010-11-05 14:02:26.592899803 +0100
+--- nsaserefpolicy/policy/modules/services/automount.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/automount.te 2010-11-05 13:02:26.000000000 +0000
@@ -145,6 +145,7 @@
# Run mount in the mount_t domain.
@@ -16011,8 +16096,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
userdom_dontaudit_use_unpriv_user_fds(automount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.9.7/policy/modules/services/avahi.if
---- nsaserefpolicy/policy/modules/services/avahi.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/avahi.if 2010-11-05 14:02:26.593899878 +0100
+--- nsaserefpolicy/policy/modules/services/avahi.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/avahi.if 2010-11-05 13:02:26.000000000 +0000
@@ -90,6 +90,7 @@
class dbus send_msg;
')
@@ -16032,8 +16117,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
allow $1 avahi_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.9.7/policy/modules/services/avahi.te
---- nsaserefpolicy/policy/modules/services/avahi.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/avahi.te 2010-12-06 17:24:57.530042648 +0100
+--- nsaserefpolicy/policy/modules/services/avahi.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/avahi.te 2010-12-06 16:24:57.000000000 +0000
@@ -37,14 +37,16 @@
manage_files_pattern(avahi_t, avahi_var_lib_t, avahi_var_lib_t)
files_var_lib_filetrans(avahi_t, avahi_var_lib_t, { dir file })
@@ -16054,8 +16139,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
corecmd_exec_bin(avahi_t)
corecmd_exec_shell(avahi_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.9.7/policy/modules/services/bind.if
---- nsaserefpolicy/policy/modules/services/bind.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/bind.if 2010-11-05 14:02:26.594901069 +0100
+--- nsaserefpolicy/policy/modules/services/bind.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/bind.if 2010-11-05 13:02:26.000000000 +0000
@@ -186,7 +186,7 @@
')
@@ -16136,8 +16221,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
files_list_pids($1)
admin_pattern($1, named_var_run_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.9.7/policy/modules/services/bind.te
---- nsaserefpolicy/policy/modules/services/bind.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/bind.te 2010-11-05 14:02:26.595900096 +0100
+--- nsaserefpolicy/policy/modules/services/bind.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/bind.te 2010-11-05 13:02:26.000000000 +0000
@@ -6,10 +6,10 @@
#
@@ -16190,8 +16275,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.if serefpolicy-3.9.7/policy/modules/services/bitlbee.if
---- nsaserefpolicy/policy/modules/services/bitlbee.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/bitlbee.if 2010-11-05 14:02:26.595900096 +0100
+--- nsaserefpolicy/policy/modules/services/bitlbee.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/bitlbee.if 2010-11-05 13:02:26.000000000 +0000
@@ -6,7 +6,7 @@
## </summary>
## <param name="domain">
@@ -16202,8 +16287,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
## </param>
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.9.7/policy/modules/services/bitlbee.te
---- nsaserefpolicy/policy/modules/services/bitlbee.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/bitlbee.te 2011-01-04 17:03:31.450291694 +0100
+--- nsaserefpolicy/policy/modules/services/bitlbee.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/bitlbee.te 2011-01-04 16:03:31.000000000 +0000
@@ -26,19 +26,22 @@
#
# Local policy
@@ -16250,8 +16335,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
sysnet_dns_name_resolve(bitlbee_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.9.7/policy/modules/services/bluetooth.if
---- nsaserefpolicy/policy/modules/services/bluetooth.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/bluetooth.if 2010-11-05 14:02:26.597900315 +0100
+--- nsaserefpolicy/policy/modules/services/bluetooth.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/bluetooth.if 2010-11-05 13:02:26.000000000 +0000
@@ -14,6 +14,7 @@
## User domain for the role
## </summary>
@@ -16348,8 +16433,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue
admin_pattern($1, bluetooth_var_lib_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.9.7/policy/modules/services/bluetooth.te
---- nsaserefpolicy/policy/modules/services/bluetooth.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/bluetooth.te 2010-11-05 14:02:26.597900315 +0100
+--- nsaserefpolicy/policy/modules/services/bluetooth.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/bluetooth.te 2010-11-05 13:02:26.000000000 +0000
@@ -4,6 +4,7 @@
#
# Declarations
@@ -16382,8 +16467,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue
dbus_connect_system_bus(bluetooth_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.fc serefpolicy-3.9.7/policy/modules/services/boinc.fc
---- nsaserefpolicy/policy/modules/services/boinc.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/boinc.fc 2010-11-05 14:02:26.598900039 +0100
+--- nsaserefpolicy/policy/modules/services/boinc.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/boinc.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,8 @@
+
+/etc/rc\.d/init\.d/boinc-client -- gen_context(system_u:object_r:boinc_initrc_exec_t,s0)
@@ -16394,8 +16479,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
+/var/lib/boinc/projects(/.*)? gen_context(system_u:object_r:boinc_project_var_lib_t,s0)
+/var/lib/boinc/slots(/.*)? gen_context(system_u:object_r:boinc_project_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.if serefpolicy-3.9.7/policy/modules/services/boinc.if
---- nsaserefpolicy/policy/modules/services/boinc.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/boinc.if 2010-11-05 14:02:26.599900184 +0100
+--- nsaserefpolicy/policy/modules/services/boinc.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/boinc.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,150 @@
+## <summary>policy for boinc</summary>
+
@@ -16548,8 +16633,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
+ admin_pattern($1, boinc_var_lib_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.te serefpolicy-3.9.7/policy/modules/services/boinc.te
---- nsaserefpolicy/policy/modules/services/boinc.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/boinc.te 2010-12-09 12:28:05.201308230 +0100
+--- nsaserefpolicy/policy/modules/services/boinc.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/boinc.te 2010-12-09 11:28:05.000000000 +0000
@@ -0,0 +1,169 @@
+policy_module(boinc, 1.0.0)
+
@@ -16721,16 +16806,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin
+ java_exec(boinc_project_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugzilla.fc serefpolicy-3.9.7/policy/modules/services/bugzilla.fc
---- nsaserefpolicy/policy/modules/services/bugzilla.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/bugzilla.fc 2010-11-05 14:02:26.600899979 +0100
+--- nsaserefpolicy/policy/modules/services/bugzilla.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/bugzilla.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,4 @@
+
+/usr/share/bugzilla(/.*)? -d gen_context(system_u:object_r:httpd_bugzilla_content_t,s0)
+/usr/share/bugzilla(/.*)? -- gen_context(system_u:object_r:httpd_bugzilla_script_exec_t,s0)
+/var/lib/bugzilla(/.*)? gen_context(system_u:object_r:httpd_bugzilla_rw_content_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugzilla.if serefpolicy-3.9.7/policy/modules/services/bugzilla.if
---- nsaserefpolicy/policy/modules/services/bugzilla.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/bugzilla.if 2010-11-05 14:02:26.600899979 +0100
+--- nsaserefpolicy/policy/modules/services/bugzilla.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/bugzilla.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,80 @@
+## <summary>Bugzilla server</summary>
+
@@ -16813,8 +16898,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugz
+ admin_pattern($1, httpd_bugzilla_ra_content_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugzilla.te serefpolicy-3.9.7/policy/modules/services/bugzilla.te
---- nsaserefpolicy/policy/modules/services/bugzilla.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/bugzilla.te 2010-11-05 14:02:26.601899634 +0100
+--- nsaserefpolicy/policy/modules/services/bugzilla.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/bugzilla.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,55 @@
+policy_module(bugzilla, 1.0)
+
@@ -16872,8 +16957,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugz
+ postgresql_stream_connect(httpd_bugzilla_script_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.fc serefpolicy-3.9.7/policy/modules/services/cachefilesd.fc
---- nsaserefpolicy/policy/modules/services/cachefilesd.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/cachefilesd.fc 2010-11-05 14:02:26.601899634 +0100
+--- nsaserefpolicy/policy/modules/services/cachefilesd.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cachefilesd.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,29 @@
+###############################################################################
+#
@@ -16905,8 +16990,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach
+
+/var/run/cachefilesd\.pid -- gen_context(system_u:object_r:cachefiles_var_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.if serefpolicy-3.9.7/policy/modules/services/cachefilesd.if
---- nsaserefpolicy/policy/modules/services/cachefilesd.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/cachefilesd.if 2010-11-05 14:02:26.602899848 +0100
+--- nsaserefpolicy/policy/modules/services/cachefilesd.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cachefilesd.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,35 @@
+###############################################################################
+#
@@ -16944,8 +17029,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach
+ domtrans_pattern($1, cachefilesd_exec_t, cachefilesd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.te serefpolicy-3.9.7/policy/modules/services/cachefilesd.te
---- nsaserefpolicy/policy/modules/services/cachefilesd.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/cachefilesd.te 2010-11-05 14:02:26.603901738 +0100
+--- nsaserefpolicy/policy/modules/services/cachefilesd.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cachefilesd.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,143 @@
+###############################################################################
+#
@@ -17091,8 +17176,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach
+
+init_sigchld_script(cachefiles_kernel_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.te serefpolicy-3.9.7/policy/modules/services/canna.te
---- nsaserefpolicy/policy/modules/services/canna.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/canna.te 2010-11-05 14:02:26.603901738 +0100
+--- nsaserefpolicy/policy/modules/services/canna.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/canna.te 2010-11-05 13:02:26.000000000 +0000
@@ -34,7 +34,7 @@
allow canna_t self:tcp_socket create_stream_socket_perms;
@@ -17103,8 +17188,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cann
manage_dirs_pattern(canna_t, canna_var_lib_t, canna_var_lib_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.if serefpolicy-3.9.7/policy/modules/services/ccs.if
---- nsaserefpolicy/policy/modules/services/ccs.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ccs.if 2010-11-05 14:02:26.604900066 +0100
+--- nsaserefpolicy/policy/modules/services/ccs.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ccs.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run ccs.
## </summary>
@@ -17118,8 +17203,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.
#
interface(`ccs_domtrans',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-3.9.7/policy/modules/services/ccs.te
---- nsaserefpolicy/policy/modules/services/ccs.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ccs.te 2010-11-05 14:02:26.605899861 +0100
+--- nsaserefpolicy/policy/modules/services/ccs.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ccs.te 2010-11-05 13:02:26.000000000 +0000
@@ -61,7 +61,7 @@
manage_files_pattern(ccs_t, ccs_var_lib_t, ccs_var_lib_t)
files_var_lib_filetrans(ccs_t, ccs_var_lib_t, { file dir })
@@ -17150,8 +17235,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.
unconfined_use_fds(ccs_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.9.7/policy/modules/services/certmaster.if
---- nsaserefpolicy/policy/modules/services/certmaster.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/certmaster.if 2010-11-05 14:02:26.605899861 +0100
+--- nsaserefpolicy/policy/modules/services/certmaster.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/certmaster.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run certmaster.
## </summary>
@@ -17195,8 +17280,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
admin_pattern($1, certmaster_etc_rw_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.9.7/policy/modules/services/certmaster.te
---- nsaserefpolicy/policy/modules/services/certmaster.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/certmaster.te 2010-11-22 10:21:45.693149523 +0100
+--- nsaserefpolicy/policy/modules/services/certmaster.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/certmaster.te 2010-11-22 09:21:45.000000000 +0000
@@ -43,23 +43,23 @@
# log files
@@ -17226,8 +17311,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
files_search_var_lib(certmaster_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.if serefpolicy-3.9.7/policy/modules/services/certmonger.if
---- nsaserefpolicy/policy/modules/services/certmonger.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/certmonger.if 2010-11-05 14:02:26.606899865 +0100
+--- nsaserefpolicy/policy/modules/services/certmonger.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/certmonger.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run certmonger.
## </summary>
@@ -17253,8 +17338,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
admin_pattern($1, certmonger_var_run_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.te serefpolicy-3.9.7/policy/modules/services/certmonger.te
---- nsaserefpolicy/policy/modules/services/certmonger.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/certmonger.te 2010-12-15 15:06:55.729042250 +0100
+--- nsaserefpolicy/policy/modules/services/certmonger.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/certmonger.te 2010-12-15 14:06:55.000000000 +0000
@@ -23,7 +23,8 @@
# certmonger local policy
#
@@ -17328,8 +17413,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.fc serefpolicy-3.9.7/policy/modules/services/cgroup.fc
---- nsaserefpolicy/policy/modules/services/cgroup.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/cgroup.fc 2010-11-23 13:05:27.105158238 +0100
+--- nsaserefpolicy/policy/modules/services/cgroup.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cgroup.fc 2010-11-23 12:05:27.000000000 +0000
@@ -11,4 +11,5 @@
/sbin/cgrulesengd -- gen_context(system_u:object_r:cgred_exec_t,s0)
/sbin/cgclear -- gen_context(system_u:object_r:cgclear_exec_t,s0)
@@ -17337,8 +17422,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
+/var/log/cgrulesengd\.log -- gen_context(system_u:object_r:cgred_log_t,s0)
/var/run/cgred.* gen_context(system_u:object_r:cgred_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.if serefpolicy-3.9.7/policy/modules/services/cgroup.if
---- nsaserefpolicy/policy/modules/services/cgroup.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/cgroup.if 2010-11-05 14:02:26.608900014 +0100
+--- nsaserefpolicy/policy/modules/services/cgroup.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cgroup.if 2010-11-05 13:02:26.000000000 +0000
@@ -6,9 +6,9 @@
## CG Clear.
## </summary>
@@ -17389,8 +17474,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
cgroup_initrc_domtrans_cgconfig($1)
domain_system_change_exemption($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.te serefpolicy-3.9.7/policy/modules/services/cgroup.te
---- nsaserefpolicy/policy/modules/services/cgroup.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/cgroup.te 2010-12-07 14:57:18.915041300 +0100
+--- nsaserefpolicy/policy/modules/services/cgroup.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cgroup.te 2010-12-07 13:57:18.000000000 +0000
@@ -16,14 +16,17 @@
type cgred_initrc_exec_t;
init_script_file(cgred_initrc_exec_t)
@@ -17448,8 +17533,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro
manage_files_pattern(cgred_t, cgred_var_run_t, cgred_var_run_t)
manage_sock_files_pattern(cgred_t, cgred_var_run_t, cgred_var_run_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.if serefpolicy-3.9.7/policy/modules/services/chronyd.if
---- nsaserefpolicy/policy/modules/services/chronyd.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/chronyd.if 2010-11-05 14:02:26.609899949 +0100
+--- nsaserefpolicy/policy/modules/services/chronyd.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/chronyd.if 2010-11-05 13:02:26.000000000 +0000
@@ -19,6 +19,24 @@
domtrans_pattern($1, chronyd_exec_t, chronyd_t)
')
@@ -17578,8 +17663,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chro
+ admin_pattern($1, chronyd_tmpfs_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.te serefpolicy-3.9.7/policy/modules/services/chronyd.te
---- nsaserefpolicy/policy/modules/services/chronyd.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/chronyd.te 2011-01-14 14:48:03.778292550 +0100
+--- nsaserefpolicy/policy/modules/services/chronyd.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/chronyd.te 2011-01-14 13:48:03.000000000 +0000
@@ -15,6 +15,9 @@
type chronyd_keys_t;
files_type(chronyd_keys_t)
@@ -17623,8 +17708,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chro
gpsd_rw_shm(chronyd_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.9.7/policy/modules/services/clamav.fc
---- nsaserefpolicy/policy/modules/services/clamav.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/clamav.fc 2011-01-19 17:06:20.249042113 +0100
+--- nsaserefpolicy/policy/modules/services/clamav.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/clamav.fc 2011-01-19 16:06:20.000000000 +0000
@@ -9,6 +9,7 @@
/usr/sbin/clamav-milter -- gen_context(system_u:object_r:clamd_exec_t,s0)
@@ -17634,8 +17719,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
/var/log/clamav.* gen_context(system_u:object_r:clamd_var_log_t,s0)
/var/log/clamav/freshclam.* -- gen_context(system_u:object_r:freshclam_var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.9.7/policy/modules/services/clamav.if
---- nsaserefpolicy/policy/modules/services/clamav.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/clamav.if 2010-11-05 14:02:26.610899953 +0100
+--- nsaserefpolicy/policy/modules/services/clamav.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/clamav.if 2010-11-05 13:02:26.000000000 +0000
@@ -33,6 +33,7 @@
type clamd_t, clamd_var_run_t;
')
@@ -17673,8 +17758,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.9.7/policy/modules/services/clamav.te
---- nsaserefpolicy/policy/modules/services/clamav.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/clamav.te 2010-12-09 12:45:31.253041229 +0100
+--- nsaserefpolicy/policy/modules/services/clamav.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/clamav.te 2010-12-09 11:45:31.000000000 +0000
@@ -1,9 +1,9 @@
policy_module(clamav, 1.8.1)
@@ -17802,8 +17887,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
optional_policy(`
amavis_read_spool_files(clamscan_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.if serefpolicy-3.9.7/policy/modules/services/clogd.if
---- nsaserefpolicy/policy/modules/services/clogd.if 2010-10-12 22:42:47.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/clogd.if 2010-11-05 14:02:26.612900102 +0100
+--- nsaserefpolicy/policy/modules/services/clogd.if 2010-10-12 20:42:47.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/clogd.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run clogd.
## </summary>
@@ -17817,8 +17902,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clog
#
interface(`clogd_domtrans',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.te serefpolicy-3.9.7/policy/modules/services/clogd.te
---- nsaserefpolicy/policy/modules/services/clogd.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/clogd.te 2010-11-05 14:02:26.612900102 +0100
+--- nsaserefpolicy/policy/modules/services/clogd.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/clogd.te 2010-11-05 13:02:26.000000000 +0000
@@ -23,7 +23,6 @@
allow clogd_t self:capability { net_admin mknod };
@@ -17837,8 +17922,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clog
dev_read_lvm_control(clogd_t)
dev_manage_generic_blk_files(clogd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmirrord.fc serefpolicy-3.9.7/policy/modules/services/cmirrord.fc
---- nsaserefpolicy/policy/modules/services/cmirrord.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/cmirrord.fc 2010-11-05 14:02:26.613899827 +0100
+--- nsaserefpolicy/policy/modules/services/cmirrord.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cmirrord.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,6 @@
+
+/etc/rc\.d/init\.d/cmirrord -- gen_context(system_u:object_r:cmirrord_initrc_exec_t,s0)
@@ -17847,8 +17932,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmir
+
+/var/run/cmirrord\.pid -- gen_context(system_u:object_r:cmirrord_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmirrord.if serefpolicy-3.9.7/policy/modules/services/cmirrord.if
---- nsaserefpolicy/policy/modules/services/cmirrord.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/cmirrord.if 2010-11-05 14:02:26.614899831 +0100
+--- nsaserefpolicy/policy/modules/services/cmirrord.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cmirrord.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,113 @@
+## <summary>policy for cmirrord</summary>
+
@@ -17964,8 +18049,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmir
+ admin_pattern($1, cmirrord_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmirrord.te serefpolicy-3.9.7/policy/modules/services/cmirrord.te
---- nsaserefpolicy/policy/modules/services/cmirrord.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/cmirrord.te 2010-11-05 14:02:26.614899831 +0100
+--- nsaserefpolicy/policy/modules/services/cmirrord.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cmirrord.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,53 @@
+policy_module(cmirrord, 1.0.0)
+
@@ -18021,8 +18106,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmir
+ corosync_stream_connect(cmirrord_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.fc serefpolicy-3.9.7/policy/modules/services/cobbler.fc
---- nsaserefpolicy/policy/modules/services/cobbler.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/cobbler.fc 2011-01-07 11:47:43.865042388 +0100
+--- nsaserefpolicy/policy/modules/services/cobbler.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cobbler.fc 2011-01-07 10:47:43.000000000 +0000
@@ -1,7 +1,33 @@
-/etc/cobbler(/.*)? gen_context(system_u:object_r:cobbler_etc_t, s0)
-/etc/rc\.d/init\.d/cobblerd -- gen_context(system_u:object_r:cobblerd_initrc_exec_t, s0)
@@ -18063,8 +18148,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb
-/var/lib/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t, s0)
-/var/log/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_log_t, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.if serefpolicy-3.9.7/policy/modules/services/cobbler.if
---- nsaserefpolicy/policy/modules/services/cobbler.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/cobbler.if 2011-01-19 17:21:29.344051558 +0100
+--- nsaserefpolicy/policy/modules/services/cobbler.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cobbler.if 2011-01-19 16:21:29.000000000 +0000
@@ -1,12 +1,12 @@
## <summary>Cobbler installation server.</summary>
## <desc>
@@ -18244,8 +18329,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb
+ ')
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.te serefpolicy-3.9.7/policy/modules/services/cobbler.te
---- nsaserefpolicy/policy/modules/services/cobbler.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/cobbler.te 2010-11-23 13:00:51.279398493 +0100
+--- nsaserefpolicy/policy/modules/services/cobbler.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cobbler.te 2010-11-23 12:00:51.000000000 +0000
@@ -6,13 +6,35 @@
#
@@ -18472,8 +18557,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb
manage_dirs_pattern(cobblerd_t, httpd_cobbler_content_rw_t, httpd_cobbler_content_rw_t)
manage_files_pattern(cobblerd_t, httpd_cobbler_content_rw_t, httpd_cobbler_content_rw_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.9.7/policy/modules/services/consolekit.if
---- nsaserefpolicy/policy/modules/services/consolekit.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/consolekit.if 2010-11-05 14:02:26.617899984 +0100
+--- nsaserefpolicy/policy/modules/services/consolekit.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/consolekit.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run consolekit.
## </summary>
@@ -18563,8 +18648,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
+ list_dirs_pattern($1, consolekit_var_run_t, consolekit_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.9.7/policy/modules/services/consolekit.te
---- nsaserefpolicy/policy/modules/services/consolekit.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/consolekit.te 2010-11-05 14:02:26.618899919 +0100
+--- nsaserefpolicy/policy/modules/services/consolekit.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/consolekit.te 2010-11-05 13:02:26.000000000 +0000
@@ -15,6 +15,9 @@
type consolekit_var_run_t;
files_pid_file(consolekit_var_run_t)
@@ -18629,8 +18714,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
unconfined_stream_connect(consolekit_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.fc serefpolicy-3.9.7/policy/modules/services/corosync.fc
---- nsaserefpolicy/policy/modules/services/corosync.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/corosync.fc 2010-11-05 14:02:26.618899919 +0100
+--- nsaserefpolicy/policy/modules/services/corosync.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/corosync.fc 2010-11-05 13:02:26.000000000 +0000
@@ -3,6 +3,7 @@
/usr/sbin/corosync -- gen_context(system_u:object_r:corosync_exec_t,s0)
@@ -18640,8 +18725,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
/var/lib/corosync(/.*)? gen_context(system_u:object_r:corosync_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.if serefpolicy-3.9.7/policy/modules/services/corosync.if
---- nsaserefpolicy/policy/modules/services/corosync.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/corosync.if 2010-11-05 14:02:26.619899923 +0100
+--- nsaserefpolicy/policy/modules/services/corosync.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/corosync.if 2010-11-05 13:02:26.000000000 +0000
@@ -18,6 +18,25 @@
domtrans_pattern($1, corosync_exec_t, corosync_t)
')
@@ -18669,8 +18754,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
## <summary>
## Allow the specified domain to read corosync's log files.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.te serefpolicy-3.9.7/policy/modules/services/corosync.te
---- nsaserefpolicy/policy/modules/services/corosync.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/corosync.te 2010-11-08 15:07:08.396399085 +0100
+--- nsaserefpolicy/policy/modules/services/corosync.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/corosync.te 2010-11-08 14:07:08.000000000 +0000
@@ -32,8 +32,8 @@
# corosync local policy
#
@@ -18753,8 +18838,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.9.7/policy/modules/services/courier.if
---- nsaserefpolicy/policy/modules/services/courier.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/courier.if 2010-11-05 14:02:26.620899928 +0100
+--- nsaserefpolicy/policy/modules/services/courier.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/courier.if 2010-11-05 13:02:26.000000000 +0000
@@ -138,6 +138,7 @@
type courier_etc_t;
')
@@ -18788,8 +18873,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.9.7/policy/modules/services/courier.te
---- nsaserefpolicy/policy/modules/services/courier.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/courier.te 2010-11-05 14:02:26.621900212 +0100
+--- nsaserefpolicy/policy/modules/services/courier.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/courier.te 2010-11-05 13:02:26.000000000 +0000
@@ -93,7 +93,7 @@
allow courier_pop_t courier_tcpd_t:{ unix_stream_socket tcp_socket } rw_stream_socket_perms;
@@ -18800,8 +18885,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
miscfiles_read_localization(courier_pop_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.9.7/policy/modules/services/cron.fc
---- nsaserefpolicy/policy/modules/services/cron.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/cron.fc 2010-11-05 14:02:26.621900212 +0100
+--- nsaserefpolicy/policy/modules/services/cron.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cron.fc 2010-11-05 13:02:26.000000000 +0000
@@ -14,7 +14,7 @@
/var/run/anacron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
/var/run/atd\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -18820,8 +18905,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
+
+/var/log/mcelog.* -- gen_context(system_u:object_r:cron_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.9.7/policy/modules/services/cron.if
---- nsaserefpolicy/policy/modules/services/cron.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/cron.if 2010-11-05 14:02:26.622900146 +0100
+--- nsaserefpolicy/policy/modules/services/cron.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cron.if 2010-11-05 13:02:26.000000000 +0000
@@ -12,6 +12,11 @@
## </param>
#
@@ -19134,8 +19219,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
+ manage_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.9.7/policy/modules/services/cron.te
---- nsaserefpolicy/policy/modules/services/cron.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/cron.te 2010-11-18 15:49:20.364398664 +0100
+--- nsaserefpolicy/policy/modules/services/cron.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cron.te 2010-11-18 14:49:20.000000000 +0000
@@ -10,18 +10,18 @@
#
@@ -19524,9 +19609,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.9.7/policy/modules/services/cups.fc
---- nsaserefpolicy/policy/modules/services/cups.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/cups.fc 2010-11-05 14:02:26.624900225 +0100
-@@ -71,3 +71,9 @@
+--- nsaserefpolicy/policy/modules/services/cups.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cups.fc 2011-01-27 14:09:18.102455001 +0000
+@@ -34,6 +34,8 @@
+ /usr/lib/cups/backend/hp.* -- gen_context(system_u:object_r:hplip_exec_t,s0)
+ /usr/lib64/cups/backend/hp.* -- gen_context(system_u:object_r:hplip_exec_t,s0)
+
++/usr/lib/bjlib(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,mls_systemhigh)
++
+ /usr/libexec/cups-pk-helper-mechanism -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
+ /usr/libexec/hal_lpadmin -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
+
+@@ -71,3 +73,9 @@
/var/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
/var/run/udev-configure-printer(/.*)? gen_context(system_u:object_r:cupsd_config_var_run_t,s0)
/var/turboprint(/.*)? gen_context(system_u:object_r:cupsd_var_run_t,s0)
@@ -19537,8 +19631,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
+
+/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.9.7/policy/modules/services/cups.if
---- nsaserefpolicy/policy/modules/services/cups.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/cups.if 2010-11-05 14:02:26.625900229 +0100
+--- nsaserefpolicy/policy/modules/services/cups.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cups.if 2010-11-05 13:02:26.000000000 +0000
@@ -190,10 +190,12 @@
interface(`cups_read_config',`
gen_require(`
@@ -19587,8 +19681,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
admin_pattern($1, ptal_etc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.9.7/policy/modules/services/cups.te
---- nsaserefpolicy/policy/modules/services/cups.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/cups.te 2010-11-11 16:08:04.089399299 +0100
+--- nsaserefpolicy/policy/modules/services/cups.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cups.te 2010-11-11 15:08:04.000000000 +0000
@@ -15,6 +15,7 @@
type cupsd_t;
type cupsd_exec_t;
@@ -19726,8 +19820,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
logging_send_syslog_msg(hplip_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.if serefpolicy-3.9.7/policy/modules/services/cvs.if
---- nsaserefpolicy/policy/modules/services/cvs.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/cvs.if 2011-01-04 13:27:09.653042014 +0100
+--- nsaserefpolicy/policy/modules/services/cvs.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cvs.if 2011-01-04 12:27:09.000000000 +0000
@@ -1,5 +1,23 @@
## <summary>Concurrent versions system</summary>
@@ -19764,8 +19858,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
allow $1 cvs_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.9.7/policy/modules/services/cvs.te
---- nsaserefpolicy/policy/modules/services/cvs.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/cvs.te 2010-11-05 14:02:26.628899963 +0100
+--- nsaserefpolicy/policy/modules/services/cvs.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cvs.te 2010-11-05 13:02:26.000000000 +0000
@@ -6,9 +6,9 @@
#
@@ -19800,8 +19894,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
+ files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.if serefpolicy-3.9.7/policy/modules/services/cyphesis.if
---- nsaserefpolicy/policy/modules/services/cyphesis.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/cyphesis.if 2010-11-05 14:02:26.628899963 +0100
+--- nsaserefpolicy/policy/modules/services/cyphesis.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cyphesis.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run cyphesis.
## </summary>
@@ -19815,8 +19909,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyph
#
interface(`cyphesis_domtrans',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.9.7/policy/modules/services/cyrus.te
---- nsaserefpolicy/policy/modules/services/cyrus.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/cyrus.te 2010-11-05 14:02:26.629899828 +0100
+--- nsaserefpolicy/policy/modules/services/cyrus.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/cyrus.te 2010-11-05 13:02:26.000000000 +0000
@@ -26,7 +26,7 @@
# Local policy
#
@@ -19835,8 +19929,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
snmp_dontaudit_write_snmp_var_lib_files(cyrus_t)
snmp_stream_connect(cyrus_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.9.7/policy/modules/services/dbus.if
---- nsaserefpolicy/policy/modules/services/dbus.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/dbus.if 2010-11-05 14:02:26.630900181 +0100
+--- nsaserefpolicy/policy/modules/services/dbus.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dbus.if 2010-11-05 13:02:26.000000000 +0000
@@ -41,9 +41,9 @@
template(`dbus_role_template',`
gen_require(`
@@ -19990,8 +20084,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
+ delete_files_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.9.7/policy/modules/services/dbus.te
---- nsaserefpolicy/policy/modules/services/dbus.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/dbus.te 2010-11-05 14:02:26.630900181 +0100
+--- nsaserefpolicy/policy/modules/services/dbus.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dbus.te 2010-11-05 13:02:26.000000000 +0000
@@ -74,9 +74,10 @@
read_files_pattern(system_dbusd_t, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
@@ -20044,8 +20138,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
+ xserver_append_xdm_home_files(session_bus_type)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.if serefpolicy-3.9.7/policy/modules/services/dcc.if
---- nsaserefpolicy/policy/modules/services/dcc.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/dcc.if 2010-11-05 14:02:26.631901234 +0100
+--- nsaserefpolicy/policy/modules/services/dcc.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dcc.if 2010-11-05 13:02:26.000000000 +0000
@@ -168,6 +168,6 @@
type dcc_var_t, dccifd_var_run_t, dccifd_t;
')
@@ -20055,8 +20149,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.
stream_connect_pattern($1, dcc_var_t, dccifd_var_run_t, dccifd_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.if serefpolicy-3.9.7/policy/modules/services/ddclient.if
---- nsaserefpolicy/policy/modules/services/ddclient.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ddclient.if 2010-11-05 14:02:26.632899981 +0100
+--- nsaserefpolicy/policy/modules/services/ddclient.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ddclient.if 2010-11-05 13:02:26.000000000 +0000
@@ -64,8 +64,8 @@
interface(`ddclient_admin',`
gen_require(`
@@ -20069,8 +20163,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddcl
allow $1 ddclient_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.te serefpolicy-3.9.7/policy/modules/services/ddclient.te
---- nsaserefpolicy/policy/modules/services/ddclient.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ddclient.te 2010-12-01 11:55:09.821041797 +0100
+--- nsaserefpolicy/policy/modules/services/ddclient.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ddclient.te 2010-12-01 10:55:09.000000000 +0000
@@ -18,6 +18,9 @@
type ddclient_log_t;
logging_log_file(ddclient_log_t)
@@ -20127,8 +20221,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddcl
miscfiles_read_localization(ddclient_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.if serefpolicy-3.9.7/policy/modules/services/denyhosts.if
---- nsaserefpolicy/policy/modules/services/denyhosts.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/denyhosts.if 2010-11-05 14:02:26.632899981 +0100
+--- nsaserefpolicy/policy/modules/services/denyhosts.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/denyhosts.if 2010-11-05 13:02:26.000000000 +0000
@@ -13,12 +13,12 @@
## Execute a domain transition to run denyhosts.
## </summary>
@@ -20182,8 +20276,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/deny
admin_pattern($1, denyhosts_var_lock_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.te serefpolicy-3.9.7/policy/modules/services/denyhosts.te
---- nsaserefpolicy/policy/modules/services/denyhosts.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/denyhosts.te 2010-11-05 14:02:26.633900055 +0100
+--- nsaserefpolicy/policy/modules/services/denyhosts.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/denyhosts.te 2010-11-05 13:02:26.000000000 +0000
@@ -25,7 +25,8 @@
#
# DenyHosts personal policy.
@@ -20224,8 +20318,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/deny
+ gnome_dontaudit_search_config(denyhosts_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.if serefpolicy-3.9.7/policy/modules/services/devicekit.if
---- nsaserefpolicy/policy/modules/services/devicekit.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/devicekit.if 2010-11-05 14:02:26.633900055 +0100
+--- nsaserefpolicy/policy/modules/services/devicekit.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/devicekit.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run devicekit.
## </summary>
@@ -20311,8 +20405,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.9.7/policy/modules/services/devicekit.te
---- nsaserefpolicy/policy/modules/services/devicekit.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/devicekit.te 2010-11-05 14:02:26.634900199 +0100
+--- nsaserefpolicy/policy/modules/services/devicekit.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/devicekit.te 2010-11-05 13:02:26.000000000 +0000
@@ -75,10 +75,12 @@
manage_files_pattern(devicekit_disk_t, devicekit_var_lib_t, devicekit_var_lib_t)
files_var_lib_filetrans(devicekit_disk_t, devicekit_var_lib_t, dir)
@@ -20451,8 +20545,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi
vbetool_domtrans(devicekit_power_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.if serefpolicy-3.9.7/policy/modules/services/dhcp.if
---- nsaserefpolicy/policy/modules/services/dhcp.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/dhcp.if 2010-11-05 14:02:26.635962573 +0100
+--- nsaserefpolicy/policy/modules/services/dhcp.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dhcp.if 2010-11-05 13:02:26.000000000 +0000
@@ -36,7 +36,7 @@
')
@@ -20472,8 +20566,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.9.7/policy/modules/services/dhcp.te
---- nsaserefpolicy/policy/modules/services/dhcp.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/dhcp.te 2010-11-05 14:02:26.636917319 +0100
+--- nsaserefpolicy/policy/modules/services/dhcp.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dhcp.te 2010-11-05 13:02:26.000000000 +0000
@@ -73,6 +73,8 @@
corenet_sendrecv_dhcpd_server_packets(dhcpd_t)
corenet_sendrecv_pxe_server_packets(dhcpd_t)
@@ -20495,8 +20589,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
dbus_connect_system_bus(dhcpd_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv-admin.fc serefpolicy-3.9.7/policy/modules/services/dirsrv-admin.fc
---- nsaserefpolicy/policy/modules/services/dirsrv-admin.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/dirsrv-admin.fc 2010-11-15 14:18:25.094399316 +0100
+--- nsaserefpolicy/policy/modules/services/dirsrv-admin.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dirsrv-admin.fc 2010-11-15 13:18:25.000000000 +0000
@@ -0,0 +1,11 @@
+/etc/dirsrv/admin-serv(/.*)? gen_context(system_u:object_r:dirsrvadmin_config_t,s0)
+
@@ -20510,8 +20604,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs
+/usr/lib64/dirsrv/dsgw-cgi-bin(/.*)? gen_context(system_u:object_r:httpd_dirsrvadmin_script_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv-admin.if serefpolicy-3.9.7/policy/modules/services/dirsrv-admin.if
---- nsaserefpolicy/policy/modules/services/dirsrv-admin.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/dirsrv-admin.if 2010-11-15 14:18:25.095399878 +0100
+--- nsaserefpolicy/policy/modules/services/dirsrv-admin.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dirsrv-admin.if 2010-11-15 13:18:25.000000000 +0000
@@ -0,0 +1,95 @@
+## <summary>Administration Server for Directory Server, dirsrv-admin.</summary>
+
@@ -20609,8 +20703,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs
+ manage_dirs_pattern($1, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv-admin.te serefpolicy-3.9.7/policy/modules/services/dirsrv-admin.te
---- nsaserefpolicy/policy/modules/services/dirsrv-admin.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/dirsrv-admin.te 2010-11-18 16:13:31.926400100 +0100
+--- nsaserefpolicy/policy/modules/services/dirsrv-admin.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dirsrv-admin.te 2010-11-18 15:13:31.000000000 +0000
@@ -0,0 +1,94 @@
+policy_module(dirsrv-admin,1.0.0)
+
@@ -20707,8 +20801,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs
+dirsrv_manage_config(httpd_dirsrvadmin_script_t)
+dirsrv_read_share(httpd_dirsrvadmin_script_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv.fc serefpolicy-3.9.7/policy/modules/services/dirsrv.fc
---- nsaserefpolicy/policy/modules/services/dirsrv.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/dirsrv.fc 2010-11-15 14:18:25.095399878 +0100
+--- nsaserefpolicy/policy/modules/services/dirsrv.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dirsrv.fc 2010-11-15 13:18:25.000000000 +0000
@@ -0,0 +1,20 @@
+/etc/dirsrv(/.*) gen_context(system_u:object_r:dirsrv_config_t,s0)
+
@@ -20731,8 +20825,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs
+
+/var/log/dirsrv/ldap-agent.log gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv.if serefpolicy-3.9.7/policy/modules/services/dirsrv.if
---- nsaserefpolicy/policy/modules/services/dirsrv.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/dirsrv.if 2011-01-20 12:07:52.510041884 +0100
+--- nsaserefpolicy/policy/modules/services/dirsrv.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dirsrv.if 2011-01-20 11:07:52.000000000 +0000
@@ -0,0 +1,212 @@
+## <summary>policy for dirsrv</summary>
+
@@ -20947,8 +21041,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs
+ stream_connect_pattern($1, dirsrv_var_run_t, dirsrv_var_run_t, dirsrv_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv.te serefpolicy-3.9.7/policy/modules/services/dirsrv.te
---- nsaserefpolicy/policy/modules/services/dirsrv.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/dirsrv.te 2011-01-14 16:33:36.867042355 +0100
+--- nsaserefpolicy/policy/modules/services/dirsrv.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dirsrv.te 2011-01-14 15:33:36.000000000 +0000
@@ -0,0 +1,180 @@
+policy_module(dirsrv,1.0.0)
+
@@ -21131,8 +21225,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs
+ rpcbind_stream_connect(initrc_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbdns.te serefpolicy-3.9.7/policy/modules/services/djbdns.te
---- nsaserefpolicy/policy/modules/services/djbdns.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/djbdns.te 2010-11-05 14:02:26.637916067 +0100
+--- nsaserefpolicy/policy/modules/services/djbdns.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/djbdns.te 2010-11-05 13:02:26.000000000 +0000
@@ -23,9 +23,6 @@
# Local policy for axfrdns component
#
@@ -21154,8 +21248,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbd
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.fc serefpolicy-3.9.7/policy/modules/services/dnsmasq.fc
---- nsaserefpolicy/policy/modules/services/dnsmasq.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/dnsmasq.fc 2010-12-06 15:06:26.251042551 +0100
+--- nsaserefpolicy/policy/modules/services/dnsmasq.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dnsmasq.fc 2010-12-06 14:06:26.000000000 +0000
@@ -6,7 +6,7 @@
/var/lib/misc/dnsmasq\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0)
/var/lib/dnsmasq(/.*)? gen_context(system_u:object_r:dnsmasq_lease_t,s0)
@@ -21166,8 +21260,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
/var/run/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
/var/run/libvirt/network(/.*)? gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.9.7/policy/modules/services/dnsmasq.if
---- nsaserefpolicy/policy/modules/services/dnsmasq.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/dnsmasq.if 2010-11-05 14:02:26.638915931 +0100
+--- nsaserefpolicy/policy/modules/services/dnsmasq.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dnsmasq.if 2010-11-05 13:02:26.000000000 +0000
@@ -101,9 +101,9 @@
## Read dnsmasq config files.
## </summary>
@@ -21215,8 +21309,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.9.7/policy/modules/services/dnsmasq.te
---- nsaserefpolicy/policy/modules/services/dnsmasq.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/dnsmasq.te 2010-11-05 14:02:26.639650535 +0100
+--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dnsmasq.te 2010-11-05 13:02:26.000000000 +0000
@@ -96,10 +96,18 @@
')
@@ -21237,8 +21331,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.9.7/policy/modules/services/dovecot.fc
---- nsaserefpolicy/policy/modules/services/dovecot.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/dovecot.fc 2010-11-05 14:02:26.640650469 +0100
+--- nsaserefpolicy/policy/modules/services/dovecot.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dovecot.fc 2010-11-05 13:02:26.000000000 +0000
@@ -25,7 +25,7 @@
ifdef(`distro_redhat', `
/usr/libexec/dovecot/auth -- gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
@@ -21249,8 +21343,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.9.7/policy/modules/services/dovecot.if
---- nsaserefpolicy/policy/modules/services/dovecot.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/dovecot.if 2010-12-01 11:47:13.591040970 +0100
+--- nsaserefpolicy/policy/modules/services/dovecot.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dovecot.if 2010-12-01 10:47:13.000000000 +0000
@@ -1,5 +1,24 @@
## <summary>Dovecot POP and IMAP mail server</summary>
@@ -21341,8 +21435,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
admin_pattern($1, dovecot_var_run_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.9.7/policy/modules/services/dovecot.te
---- nsaserefpolicy/policy/modules/services/dovecot.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/dovecot.te 2011-01-14 14:46:07.945051887 +0100
+--- nsaserefpolicy/policy/modules/services/dovecot.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/dovecot.te 2011-01-14 13:46:07.000000000 +0000
@@ -18,7 +18,7 @@
files_tmp_file(dovecot_auth_tmp_t)
@@ -21493,8 +21587,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
+ sendmail_domtrans(dovecot_deliver_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/drbd.fc serefpolicy-3.9.7/policy/modules/services/drbd.fc
---- nsaserefpolicy/policy/modules/services/drbd.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/drbd.fc 2010-11-08 15:07:40.735399064 +0100
+--- nsaserefpolicy/policy/modules/services/drbd.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/drbd.fc 2010-11-08 14:07:40.000000000 +0000
@@ -0,0 +1,9 @@
+
+/sbin/drbdadm -- gen_context(system_u:object_r:drbd_exec_t,s0)
@@ -21506,8 +21600,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/drbd
+
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/drbd.if serefpolicy-3.9.7/policy/modules/services/drbd.if
---- nsaserefpolicy/policy/modules/services/drbd.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/drbd.if 2010-11-08 15:07:40.735399064 +0100
+--- nsaserefpolicy/policy/modules/services/drbd.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/drbd.if 2010-11-08 14:07:40.000000000 +0000
@@ -0,0 +1,130 @@
+
+## <summary>policy for drbd</summary>
@@ -21640,8 +21734,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/drbd
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/drbd.te serefpolicy-3.9.7/policy/modules/services/drbd.te
---- nsaserefpolicy/policy/modules/services/drbd.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/drbd.te 2010-11-08 15:07:40.735399064 +0100
+--- nsaserefpolicy/policy/modules/services/drbd.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/drbd.te 2010-11-08 14:07:40.000000000 +0000
@@ -0,0 +1,57 @@
+
+policy_module(drbd,1.0.0)
@@ -21701,8 +21795,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/drbd
+sysnet_dns_name_resolve(drbd_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.fc serefpolicy-3.9.7/policy/modules/services/exim.fc
---- nsaserefpolicy/policy/modules/services/exim.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/exim.fc 2010-11-05 14:02:26.642650338 +0100
+--- nsaserefpolicy/policy/modules/services/exim.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/exim.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,3 +1,6 @@
+
+/etc/rc\.d/init\.d/exim -- gen_context(system_u:object_r:exim_initrc_exec_t,s0)
@@ -21711,8 +21805,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
/var/log/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_log_t,s0)
/var/run/exim[0-9]?\.pid -- gen_context(system_u:object_r:exim_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.9.7/policy/modules/services/exim.if
---- nsaserefpolicy/policy/modules/services/exim.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/exim.if 2010-11-05 14:02:26.643650483 +0100
+--- nsaserefpolicy/policy/modules/services/exim.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/exim.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run exim.
## </summary>
@@ -21810,8 +21904,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
+ admin_pattern($1, exim_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.9.7/policy/modules/services/exim.te
---- nsaserefpolicy/policy/modules/services/exim.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/exim.te 2010-11-05 14:02:26.645652447 +0100
+--- nsaserefpolicy/policy/modules/services/exim.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/exim.te 2010-11-05 13:02:26.000000000 +0000
@@ -6,24 +6,24 @@
#
@@ -21877,8 +21971,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.9.7/policy/modules/services/fail2ban.if
---- nsaserefpolicy/policy/modules/services/fail2ban.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/fail2ban.if 2010-11-05 14:02:26.645652447 +0100
+--- nsaserefpolicy/policy/modules/services/fail2ban.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/fail2ban.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run fail2ban.
## </summary>
@@ -21942,8 +22036,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
allow $1 fail2ban_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.9.7/policy/modules/services/fail2ban.te
---- nsaserefpolicy/policy/modules/services/fail2ban.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/fail2ban.te 2010-11-05 14:02:26.647649104 +0100
+--- nsaserefpolicy/policy/modules/services/fail2ban.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/fail2ban.te 2010-11-05 13:02:26.000000000 +0000
@@ -28,7 +28,7 @@
# fail2ban local policy
#
@@ -21973,8 +22067,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
iptables_domtrans(fail2ban_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.if serefpolicy-3.9.7/policy/modules/services/fetchmail.if
---- nsaserefpolicy/policy/modules/services/fetchmail.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/fetchmail.if 2010-11-05 14:02:26.647649104 +0100
+--- nsaserefpolicy/policy/modules/services/fetchmail.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/fetchmail.if 2010-11-05 13:02:26.000000000 +0000
@@ -18,6 +18,7 @@
type fetchmail_var_run_t;
')
@@ -21984,8 +22078,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetc
files_list_etc($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.if serefpolicy-3.9.7/policy/modules/services/fprintd.if
---- nsaserefpolicy/policy/modules/services/fprintd.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/fprintd.if 2010-11-05 14:02:26.648649317 +0100
+--- nsaserefpolicy/policy/modules/services/fprintd.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/fprintd.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run fprintd.
## </summary>
@@ -22004,8 +22098,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fpri
')
-
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.9.7/policy/modules/services/fprintd.te
---- nsaserefpolicy/policy/modules/services/fprintd.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/fprintd.te 2010-11-05 14:02:26.649916819 +0100
+--- nsaserefpolicy/policy/modules/services/fprintd.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/fprintd.te 2010-11-05 13:02:26.000000000 +0000
@@ -17,9 +17,9 @@
# Local policy
#
@@ -22025,16 +22119,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fpri
+ policykit_dbus_chat_auth(fprintd_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.fc serefpolicy-3.9.7/policy/modules/services/ftp.fc
---- nsaserefpolicy/policy/modules/services/ftp.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ftp.fc 2010-11-05 14:02:26.651660855 +0100
+--- nsaserefpolicy/policy/modules/services/ftp.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ftp.fc 2010-11-05 13:02:26.000000000 +0000
@@ -29,3 +29,4 @@
/var/log/vsftpd.* -- gen_context(system_u:object_r:xferlog_t,s0)
/var/log/xferlog.* -- gen_context(system_u:object_r:xferlog_t,s0)
/var/log/xferreport.* -- gen_context(system_u:object_r:xferlog_t,s0)
+/usr/libexec/webmin/vsftpd/webalizer/xfer_log -- gen_context(system_u:object_r:xferlog_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.9.7/policy/modules/services/ftp.te
---- nsaserefpolicy/policy/modules/services/ftp.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ftp.te 2010-11-05 14:02:26.652659043 +0100
+--- nsaserefpolicy/policy/modules/services/ftp.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ftp.te 2010-11-05 13:02:26.000000000 +0000
@@ -40,6 +40,13 @@
## <desc>
@@ -22196,8 +22290,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
tunable_policy(`sftpd_enable_homedirs && use_nfs_home_dirs',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gatekeeper.te serefpolicy-3.9.7/policy/modules/services/gatekeeper.te
---- nsaserefpolicy/policy/modules/services/gatekeeper.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/gatekeeper.te 2010-11-05 14:02:26.653657442 +0100
+--- nsaserefpolicy/policy/modules/services/gatekeeper.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/gatekeeper.te 2010-11-05 13:02:26.000000000 +0000
@@ -33,7 +33,7 @@
allow gatekeeper_t self:tcp_socket create_stream_socket_perms;
allow gatekeeper_t self:udp_socket create_socket_perms;
@@ -22208,8 +22302,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gate
files_search_etc(gatekeeper_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.fc serefpolicy-3.9.7/policy/modules/services/git.fc
---- nsaserefpolicy/policy/modules/services/git.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/git.fc 2010-11-05 14:02:26.653657442 +0100
+--- nsaserefpolicy/policy/modules/services/git.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/git.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,3 +1,13 @@
+HOME_DIR/public_git(/.*)? gen_context(system_u:object_r:git_session_content_t,s0)
+HOME_DIR/\.gitaliases -- gen_context(system_u:object_r:git_session_content_t,s0)
@@ -22226,8 +22320,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
+/var/www/git(/.*)? gen_context(system_u:object_r:httpd_git_content_t,s0)
+/var/www/git/gitweb.cgi gen_context(system_u:object_r:httpd_git_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.if serefpolicy-3.9.7/policy/modules/services/git.if
---- nsaserefpolicy/policy/modules/services/git.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/git.if 2010-11-05 14:02:26.655910769 +0100
+--- nsaserefpolicy/policy/modules/services/git.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/git.if 2010-11-05 13:02:26.000000000 +0000
@@ -1 +1,520 @@
-## <summary>GIT revision control system</summary>
+## <summary>Fast Version Control System.</summary>
@@ -22751,8 +22845,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
+ userdom_search_user_home_dirs($1)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.9.7/policy/modules/services/git.te
---- nsaserefpolicy/policy/modules/services/git.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/git.te 2010-11-05 14:02:26.656916151 +0100
+--- nsaserefpolicy/policy/modules/services/git.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/git.te 2010-11-05 13:02:26.000000000 +0000
@@ -1,8 +1,192 @@
-policy_module(git, 1.0)
+policy_module(git, 1.0.3)
@@ -22950,16 +23044,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
+git_role_template(git_shell)
+gen_user(git_shell_u, user, git_shell_r, s0, s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.9.7/policy/modules/services/gnomeclock.fc
---- nsaserefpolicy/policy/modules/services/gnomeclock.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/gnomeclock.fc 2010-11-05 14:02:26.657900511 +0100
+--- nsaserefpolicy/policy/modules/services/gnomeclock.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/gnomeclock.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,2 +1,4 @@
/usr/libexec/gnome-clock-applet-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
+/usr/libexec/gsd-datetime-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.9.7/policy/modules/services/gnomeclock.if
---- nsaserefpolicy/policy/modules/services/gnomeclock.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/gnomeclock.if 2010-11-05 14:02:26.658901144 +0100
+--- nsaserefpolicy/policy/modules/services/gnomeclock.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/gnomeclock.if 2010-11-05 13:02:26.000000000 +0000
@@ -63,3 +63,24 @@
allow $1 gnomeclock_t:dbus send_msg;
allow gnomeclock_t $1:dbus send_msg;
@@ -22986,8 +23080,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnom
+ dontaudit gnomeclock_t $1:dbus send_msg;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.if serefpolicy-3.9.7/policy/modules/services/gpm.if
---- nsaserefpolicy/policy/modules/services/gpm.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/gpm.if 2010-11-05 14:02:26.659902406 +0100
+--- nsaserefpolicy/policy/modules/services/gpm.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/gpm.if 2010-11-05 13:02:26.000000000 +0000
@@ -16,8 +16,8 @@
type gpmctl_t, gpm_t;
')
@@ -23025,8 +23119,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.
+ allow $1 gpmctl_t:sock_file setattr_sock_file_perms;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.9.7/policy/modules/services/gpm.te
---- nsaserefpolicy/policy/modules/services/gpm.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/gpm.te 2010-11-05 14:02:26.660912537 +0100
+--- nsaserefpolicy/policy/modules/services/gpm.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/gpm.te 2010-11-05 13:02:26.000000000 +0000
@@ -69,6 +69,7 @@
userdom_dontaudit_use_unpriv_user_fds(gpm_t)
@@ -23036,8 +23130,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.
optional_policy(`
seutil_sigchld_newrole(gpm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.9.7/policy/modules/services/gpsd.te
---- nsaserefpolicy/policy/modules/services/gpsd.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/gpsd.te 2010-11-15 12:15:12.594147757 +0100
+--- nsaserefpolicy/policy/modules/services/gpsd.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/gpsd.te 2010-11-15 11:15:12.000000000 +0000
@@ -46,6 +46,8 @@
corenet_tcp_bind_all_nodes(gpsd_t)
corenet_tcp_bind_gpsd_port(gpsd_t)
@@ -23059,8 +23153,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.9.7/policy/modules/services/hal.if
---- nsaserefpolicy/policy/modules/services/hal.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/hal.if 2010-12-15 18:22:11.593042438 +0100
+--- nsaserefpolicy/policy/modules/services/hal.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/hal.if 2010-12-15 17:22:11.000000000 +0000
@@ -51,6 +51,7 @@
type hald_t;
')
@@ -23184,8 +23278,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
+ dontaudit $1 hald_var_run_t:file read_inherited_file_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.9.7/policy/modules/services/hal.te
---- nsaserefpolicy/policy/modules/services/hal.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/hal.te 2010-11-05 14:02:26.666650306 +0100
+--- nsaserefpolicy/policy/modules/services/hal.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/hal.te 2010-11-05 13:02:26.000000000 +0000
@@ -54,6 +54,9 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -23315,8 +23409,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
#
# Local hald dccm policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hddtemp.if serefpolicy-3.9.7/policy/modules/services/hddtemp.if
---- nsaserefpolicy/policy/modules/services/hddtemp.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/hddtemp.if 2010-11-05 14:02:26.667650380 +0100
+--- nsaserefpolicy/policy/modules/services/hddtemp.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/hddtemp.if 2010-11-05 13:02:26.000000000 +0000
@@ -69,9 +69,5 @@
allow $2 system_r;
@@ -23329,16 +23423,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hddt
+ files_list_etc($1)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hddtemp.te serefpolicy-3.9.7/policy/modules/services/hddtemp.te
---- nsaserefpolicy/policy/modules/services/hddtemp.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/hddtemp.te 2010-11-05 14:02:26.668653178 +0100
+--- nsaserefpolicy/policy/modules/services/hddtemp.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/hddtemp.te 2010-11-05 13:02:26.000000000 +0000
@@ -46,4 +46,3 @@
logging_send_syslog_msg(hddtemp_t)
miscfiles_read_localization(hddtemp_t)
-
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.if serefpolicy-3.9.7/policy/modules/services/icecast.if
---- nsaserefpolicy/policy/modules/services/icecast.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/icecast.if 2010-11-05 14:02:26.669650109 +0100
+--- nsaserefpolicy/policy/modules/services/icecast.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/icecast.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run icecast.
## </summary>
@@ -23380,8 +23474,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icec
-
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.te serefpolicy-3.9.7/policy/modules/services/icecast.te
---- nsaserefpolicy/policy/modules/services/icecast.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/icecast.te 2010-11-05 14:02:26.670650463 +0100
+--- nsaserefpolicy/policy/modules/services/icecast.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/icecast.te 2010-11-05 13:02:26.000000000 +0000
@@ -5,6 +5,14 @@
# Declarations
#
@@ -23421,8 +23515,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icec
# Init script handling
domain_use_interactive_fds(icecast_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.if serefpolicy-3.9.7/policy/modules/services/ifplugd.if
---- nsaserefpolicy/policy/modules/services/ifplugd.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ifplugd.if 2010-11-05 14:02:26.671653889 +0100
+--- nsaserefpolicy/policy/modules/services/ifplugd.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ifplugd.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run ifplugd.
## </summary>
@@ -23447,8 +23541,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifpl
allow $1 ifplugd_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.if serefpolicy-3.9.7/policy/modules/services/inetd.if
---- nsaserefpolicy/policy/modules/services/inetd.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/inetd.if 2010-11-05 14:02:26.672902394 +0100
+--- nsaserefpolicy/policy/modules/services/inetd.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/inetd.if 2010-11-05 13:02:26.000000000 +0000
@@ -55,7 +55,6 @@
## </param>
#
@@ -23458,8 +23552,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inet
type inetd_t;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.if serefpolicy-3.9.7/policy/modules/services/inn.if
---- nsaserefpolicy/policy/modules/services/inn.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/inn.if 2010-11-05 14:02:26.673902188 +0100
+--- nsaserefpolicy/policy/modules/services/inn.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/inn.if 2010-11-05 13:02:26.000000000 +0000
@@ -93,6 +93,7 @@
type innd_etc_t;
')
@@ -23496,8 +23590,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.
allow $1 innd_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-3.9.7/policy/modules/services/inn.te
---- nsaserefpolicy/policy/modules/services/inn.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/inn.te 2010-11-05 14:02:26.674936066 +0100
+--- nsaserefpolicy/policy/modules/services/inn.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/inn.te 2010-11-05 13:02:26.000000000 +0000
@@ -4,6 +4,7 @@
#
# Declarations
@@ -23541,8 +23635,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.
mta_send_mail(innd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.fc serefpolicy-3.9.7/policy/modules/services/jabber.fc
---- nsaserefpolicy/policy/modules/services/jabber.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/jabber.fc 2010-11-05 14:02:26.676917986 +0100
+--- nsaserefpolicy/policy/modules/services/jabber.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/jabber.fc 2010-11-05 13:02:26.000000000 +0000
@@ -2,5 +2,14 @@
/usr/sbin/jabberd -- gen_context(system_u:object_r:jabberd_exec_t,s0)
@@ -23559,8 +23653,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb
/var/lib/jabber(/.*)? gen_context(system_u:object_r:jabberd_var_lib_t,s0)
/var/log/jabber(/.*)? gen_context(system_u:object_r:jabberd_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.if serefpolicy-3.9.7/policy/modules/services/jabber.if
---- nsaserefpolicy/policy/modules/services/jabber.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/jabber.if 2010-11-05 14:02:26.678660346 +0100
+--- nsaserefpolicy/policy/modules/services/jabber.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/jabber.if 2010-11-05 13:02:26.000000000 +0000
@@ -1,8 +1,82 @@
## <summary>Jabber instant messaging server</summary>
@@ -23680,8 +23774,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb
domain_system_change_exemption($1)
role_transition $2 jabberd_initrc_exec_t system_r;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.te serefpolicy-3.9.7/policy/modules/services/jabber.te
---- nsaserefpolicy/policy/modules/services/jabber.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/jabber.te 2010-12-01 13:18:26.368042344 +0100
+--- nsaserefpolicy/policy/modules/services/jabber.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/jabber.te 2010-12-01 12:18:26.000000000 +0000
@@ -5,13 +5,19 @@
# Declarations
#
@@ -23850,8 +23944,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb
+
+sysnet_read_config(jabberd_domain)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.9.7/policy/modules/services/kerberos.fc
---- nsaserefpolicy/policy/modules/services/kerberos.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/kerberos.fc 2010-11-05 14:02:26.681651070 +0100
+--- nsaserefpolicy/policy/modules/services/kerberos.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/kerberos.fc 2010-11-05 13:02:26.000000000 +0000
@@ -8,7 +8,7 @@
/etc/krb5kdc/kadm5\.keytab -- gen_context(system_u:object_r:krb5_keytab_t,s0)
/etc/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0)
@@ -23862,8 +23956,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
/etc/rc\.d/init\.d/krb524d -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
/etc/rc\.d/init\.d/krb5kdc -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.9.7/policy/modules/services/kerberos.if
---- nsaserefpolicy/policy/modules/services/kerberos.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/kerberos.if 2010-11-15 16:25:46.721148183 +0100
+--- nsaserefpolicy/policy/modules/services/kerberos.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/kerberos.if 2011-01-27 14:26:12.443455001 +0000
@@ -26,9 +26,9 @@
## Execute kadmind in the current domain
## </summary>
@@ -23907,7 +24001,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
')
optional_policy(`
-@@ -235,7 +234,7 @@
+@@ -216,6 +215,25 @@
+ allow $1 krb5_keytab_t:file rw_file_perms;
+ ')
+
++#######################################
++## <summary>
++## Create keytab file in /etc
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`kerberos_etc_filetrans_keytab',`
++ gen_require(`
++ type krb5_keytab_t;
++ ')
++
++ allow $1 krb5_keytab_t:file manage_file_perms;
++ files_etc_filetrans($1, krb5_keytab_t, file)
++')
++
+ ########################################
+ ## <summary>
+ ## Create a derived type for kerberos keytab
+@@ -235,7 +253,7 @@
type $1_keytab_t;
files_type($1_keytab_t)
@@ -23916,7 +24036,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
kerberos_read_keytab($2)
kerberos_use($2)
-@@ -338,9 +337,8 @@
+@@ -338,9 +356,8 @@
type kadmind_t, krb5kdc_t, kerberos_initrc_exec_t;
type kadmind_log_t, kadmind_tmp_t, kadmind_var_run_t;
type krb5_conf_t, krb5_keytab_t, krb5kdc_conf_t;
@@ -23927,7 +24047,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
')
allow $1 kadmind_t:process { ptrace signal_perms };
-@@ -378,3 +376,22 @@
+@@ -378,3 +395,22 @@
admin_pattern($1, krb5kdc_var_run_t)
')
@@ -23951,8 +24071,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
+ files_tmp_filetrans($1, krb5_host_rcache_t, file)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.9.7/policy/modules/services/kerberos.te
---- nsaserefpolicy/policy/modules/services/kerberos.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/kerberos.te 2011-01-20 11:05:37.513041436 +0100
+--- nsaserefpolicy/policy/modules/services/kerberos.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/kerberos.te 2011-01-20 10:05:37.000000000 +0000
@@ -6,9 +6,9 @@
#
@@ -24083,8 +24203,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.9.7/policy/modules/services/kerneloops.if
---- nsaserefpolicy/policy/modules/services/kerneloops.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/kerneloops.if 2010-11-05 14:02:26.685901124 +0100
+--- nsaserefpolicy/policy/modules/services/kerneloops.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/kerneloops.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,15 +5,14 @@
## Execute a domain transition to run kerneloops.
## </summary>
@@ -24121,9 +24241,90 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kern
+ files_list_tmp($1)
admin_pattern($1, kerneloops_tmp_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/keyboardd.fc serefpolicy-3.9.7/policy/modules/services/keyboardd.fc
+--- nsaserefpolicy/policy/modules/services/keyboardd.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/keyboardd.fc 2011-01-27 16:24:03.231455000 +0000
+@@ -0,0 +1,2 @@
++
++/usr/bin/system-setup-keyboard -- gen_context(system_u:object_r:keyboardd_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/keyboardd.if serefpolicy-3.9.7/policy/modules/services/keyboardd.if
+--- nsaserefpolicy/policy/modules/services/keyboardd.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/keyboardd.if 2011-01-27 18:16:09.428455000 +0000
+@@ -0,0 +1,39 @@
++
++## <summary>policy for system-setup-keyboard daemon</summary>
++
++########################################
++## <summary>
++## Execute a domain transition to run keyboard setup daemon.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`keyboardd_domtrans',`
++ gen_require(`
++ type keyboardd_t, keyboardd_exec_t;
++ ')
++
++ domtrans_pattern($1, keyboardd_exec_t, keyboardd_t)
++')
++
++#######################################
++## <summary>
++## Allow attempts to read to
++## keyboardd unnamed pipes.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`keyboardd_read_pipes',`
++ gen_require(`
++ type sendmail_t;
++ ')
++
++ allow $1 keyboardd_t:fifo_file read_fifo_file_perms;
++')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/keyboardd.te serefpolicy-3.9.7/policy/modules/services/keyboardd.te
+--- nsaserefpolicy/policy/modules/services/keyboardd.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/keyboardd.te 2011-01-27 16:28:13.273455000 +0000
+@@ -0,0 +1,28 @@
++
++policy_module(keyboardd, 1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type keyboardd_t;
++type keyboardd_exec_t;
++init_daemon_domain(keyboardd_t, keyboardd_exec_t)
++
++permissive keyboardd_t;
++
++########################################
++#
++# keyboardd local policy
++#
++
++allow keyboardd_t self:fifo_file rw_fifo_file_perms;
++allow keyboardd_t self:unix_stream_socket create_stream_socket_perms;
++
++files_rw_etc_runtime_files(keyboardd_t)
++files_etc_filetrans_etc_runtime(keyboardd_t, file)
++
++files_read_etc_files(keyboardd_t)
++
++miscfiles_read_localization(keyboardd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.fc serefpolicy-3.9.7/policy/modules/services/ksmtuned.fc
---- nsaserefpolicy/policy/modules/services/ksmtuned.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ksmtuned.fc 2010-11-05 14:02:26.686902036 +0100
+--- nsaserefpolicy/policy/modules/services/ksmtuned.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ksmtuned.fc 2010-11-05 13:02:26.000000000 +0000
@@ -3,3 +3,5 @@
/usr/sbin/ksmtuned -- gen_context(system_u:object_r:ksmtuned_exec_t,s0)
@@ -24131,8 +24332,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt
+
+/var/log/ksmtuned.* gen_context(system_u:object_r:ksmtuned_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.if serefpolicy-3.9.7/policy/modules/services/ksmtuned.if
---- nsaserefpolicy/policy/modules/services/ksmtuned.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ksmtuned.if 2010-11-05 14:02:26.688917550 +0100
+--- nsaserefpolicy/policy/modules/services/ksmtuned.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ksmtuned.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run ksmtuned.
## </summary>
@@ -24167,8 +24368,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt
-
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.te serefpolicy-3.9.7/policy/modules/services/ksmtuned.te
---- nsaserefpolicy/policy/modules/services/ksmtuned.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ksmtuned.te 2010-11-05 14:02:26.689901910 +0100
+--- nsaserefpolicy/policy/modules/services/ksmtuned.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ksmtuned.te 2010-11-05 13:02:26.000000000 +0000
@@ -9,6 +9,9 @@
type ksmtuned_exec_t;
init_daemon_domain(ksmtuned_t, ksmtuned_exec_t)
@@ -24208,8 +24409,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt
+
miscfiles_read_localization(ksmtuned_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.fc serefpolicy-3.9.7/policy/modules/services/ldap.fc
---- nsaserefpolicy/policy/modules/services/ldap.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ldap.fc 2010-11-05 14:02:26.690912321 +0100
+--- nsaserefpolicy/policy/modules/services/ldap.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ldap.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,6 +1,8 @@
/etc/ldap/slapd\.conf -- gen_context(system_u:object_r:slapd_etc_t,s0)
@@ -24226,8 +24427,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
/var/run/slapd\.pid -- gen_context(system_u:object_r:slapd_var_run_t,s0)
+/var/run/slapd.* -s gen_context(system_u:object_r:slapd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.if serefpolicy-3.9.7/policy/modules/services/ldap.if
---- nsaserefpolicy/policy/modules/services/ldap.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ldap.if 2010-11-05 14:02:26.692916032 +0100
+--- nsaserefpolicy/policy/modules/services/ldap.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ldap.if 2010-11-05 13:02:26.000000000 +0000
@@ -1,5 +1,41 @@
## <summary>OpenLDAP directory server</summary>
@@ -24338,8 +24539,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
files_list_tmp($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.9.7/policy/modules/services/ldap.te
---- nsaserefpolicy/policy/modules/services/ldap.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ldap.te 2010-11-05 14:02:26.693650006 +0100
+--- nsaserefpolicy/policy/modules/services/ldap.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ldap.te 2010-11-05 13:02:26.000000000 +0000
@@ -10,7 +10,7 @@
init_daemon_domain(slapd_t, slapd_exec_t)
@@ -24389,8 +24590,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
kernel_read_system_state(slapd_t)
kernel_read_kernel_sysctls(slapd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/likewise.if serefpolicy-3.9.7/policy/modules/services/likewise.if
---- nsaserefpolicy/policy/modules/services/likewise.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/likewise.if 2010-11-05 14:02:26.695650155 +0100
+--- nsaserefpolicy/policy/modules/services/likewise.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/likewise.if 2010-11-05 13:02:26.000000000 +0000
@@ -63,7 +63,7 @@
allow $1_t self:tcp_socket create_stream_socket_perms;
allow $1_t self:udp_socket create_socket_perms;
@@ -24401,8 +24602,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/like
manage_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
files_pid_filetrans($1_t, $1_var_run_t, file)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/likewise.te serefpolicy-3.9.7/policy/modules/services/likewise.te
---- nsaserefpolicy/policy/modules/services/likewise.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/likewise.te 2010-11-05 14:02:26.696654839 +0100
+--- nsaserefpolicy/policy/modules/services/likewise.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/likewise.te 2010-11-05 13:02:26.000000000 +0000
@@ -205,7 +205,7 @@
# Likewise DC location service local policy
#
@@ -24413,8 +24614,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/like
manage_files_pattern(netlogond_t, likewise_etc_t, likewise_etc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.fc serefpolicy-3.9.7/policy/modules/services/lircd.fc
---- nsaserefpolicy/policy/modules/services/lircd.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/lircd.fc 2010-11-22 10:33:00.038397135 +0100
+--- nsaserefpolicy/policy/modules/services/lircd.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/lircd.fc 2010-11-22 09:33:00.000000000 +0000
@@ -2,6 +2,7 @@
/etc/rc\.d/init\.d/lirc -- gen_context(system_u:object_r:lircd_initrc_exec_t,s0)
@@ -24424,8 +24625,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lirc
/usr/sbin/lircd -- gen_context(system_u:object_r:lircd_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.if serefpolicy-3.9.7/policy/modules/services/lircd.if
---- nsaserefpolicy/policy/modules/services/lircd.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/lircd.if 2010-11-05 14:02:26.698654917 +0100
+--- nsaserefpolicy/policy/modules/services/lircd.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/lircd.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run lircd.
## </summary>
@@ -24482,8 +24683,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lirc
admin_pattern($1, lircd_var_run_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.9.7/policy/modules/services/lircd.te
---- nsaserefpolicy/policy/modules/services/lircd.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/lircd.te 2010-12-06 17:45:11.727291249 +0100
+--- nsaserefpolicy/policy/modules/services/lircd.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/lircd.te 2010-12-06 16:45:11.000000000 +0000
@@ -24,6 +24,9 @@
#
@@ -24520,8 +24721,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lirc
files_manage_generic_locks(lircd_t)
files_read_all_locks(lircd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-3.9.7/policy/modules/services/lpd.if
---- nsaserefpolicy/policy/modules/services/lpd.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/lpd.if 2010-11-05 14:02:26.700653599 +0100
+--- nsaserefpolicy/policy/modules/services/lpd.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/lpd.if 2010-11-05 13:02:26.000000000 +0000
@@ -14,6 +14,7 @@
## User domain for the role
## </summary>
@@ -24558,8 +24759,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.
type lpr_t, lpr_exec_t;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.te serefpolicy-3.9.7/policy/modules/services/lpd.te
---- nsaserefpolicy/policy/modules/services/lpd.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/lpd.te 2010-11-05 14:02:26.702916635 +0100
+--- nsaserefpolicy/policy/modules/services/lpd.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/lpd.te 2010-11-05 13:02:26.000000000 +0000
@@ -6,9 +6,9 @@
#
@@ -24628,8 +24829,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.
fs_read_cifs_files(lpr_t)
fs_read_cifs_symlinks(lpr_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.9.7/policy/modules/services/mailman.if
---- nsaserefpolicy/policy/modules/services/mailman.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/mailman.if 2010-11-05 14:02:26.704916294 +0100
+--- nsaserefpolicy/policy/modules/services/mailman.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/mailman.if 2010-11-05 13:02:26.000000000 +0000
@@ -16,7 +16,7 @@
## </summary>
## </param>
@@ -24649,8 +24850,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
files_list_var_lib(mailman_$1_t)
files_read_var_lib_symlinks(mailman_$1_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.9.7/policy/modules/services/mailman.te
---- nsaserefpolicy/policy/modules/services/mailman.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/mailman.te 2010-11-05 14:02:26.705651037 +0100
+--- nsaserefpolicy/policy/modules/services/mailman.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/mailman.te 2010-11-05 13:02:26.000000000 +0000
@@ -61,9 +61,9 @@
# Mailman mail local policy
#
@@ -24682,8 +24883,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
\ No newline at end of file
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.if serefpolicy-3.9.7/policy/modules/services/memcached.if
---- nsaserefpolicy/policy/modules/services/memcached.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/memcached.if 2010-11-05 14:02:26.707655027 +0100
+--- nsaserefpolicy/policy/modules/services/memcached.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/memcached.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,15 +5,14 @@
## Execute a domain transition to run memcached.
## </summary>
@@ -24721,8 +24922,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memc
admin_pattern($1, memcached_var_run_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.fc serefpolicy-3.9.7/policy/modules/services/milter.fc
---- nsaserefpolicy/policy/modules/services/milter.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/milter.fc 2010-12-20 15:03:06.213042299 +0100
+--- nsaserefpolicy/policy/modules/services/milter.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/milter.fc 2010-12-20 14:03:06.000000000 +0000
@@ -1,10 +1,15 @@
+/etc/mail/dkim-milter/keys(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0)
+
@@ -24740,8 +24941,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
/var/run/milter-greylist\.pid -- gen_context(system_u:object_r:greylist_milter_data_t,s0)
/var/run/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_data_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.9.7/policy/modules/services/milter.if
---- nsaserefpolicy/policy/modules/services/milter.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/milter.if 2010-11-05 14:02:26.710654901 +0100
+--- nsaserefpolicy/policy/modules/services/milter.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/milter.if 2010-11-05 13:02:26.000000000 +0000
@@ -24,7 +24,7 @@
# Type for the milter data (e.g. the socket used to communicate with the MTA)
@@ -24824,8 +25025,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
+ delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.te serefpolicy-3.9.7/policy/modules/services/milter.te
---- nsaserefpolicy/policy/modules/services/milter.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/milter.te 2010-11-05 14:02:26.711654137 +0100
+--- nsaserefpolicy/policy/modules/services/milter.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/milter.te 2010-11-05 13:02:26.000000000 +0000
@@ -9,6 +9,13 @@
attribute milter_domains;
attribute milter_data_type;
@@ -24893,8 +25094,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt
# The milter runs from /var/lib/spamass-milter
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock.fc serefpolicy-3.9.7/policy/modules/services/mock.fc
---- nsaserefpolicy/policy/modules/services/mock.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/mock.fc 2010-11-05 14:02:26.711654137 +0100
+--- nsaserefpolicy/policy/modules/services/mock.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/mock.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,6 @@
+
+/usr/sbin/mock -- gen_context(system_u:object_r:mock_exec_t,s0)
@@ -24903,8 +25104,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock
+
+/var/cache/mock(/.*)? gen_context(system_u:object_r:mock_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock.if serefpolicy-3.9.7/policy/modules/services/mock.if
---- nsaserefpolicy/policy/modules/services/mock.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/mock.if 2010-11-05 14:02:26.713916613 +0100
+--- nsaserefpolicy/policy/modules/services/mock.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/mock.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,236 @@
+## <summary>policy for mock</summary>
+
@@ -25143,8 +25344,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock
+ admin_pattern($1, mock_var_lib_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock.te serefpolicy-3.9.7/policy/modules/services/mock.te
---- nsaserefpolicy/policy/modules/services/mock.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/mock.te 2011-01-07 10:56:33.999042315 +0100
+--- nsaserefpolicy/policy/modules/services/mock.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/mock.te 2011-01-07 09:56:33.000000000 +0000
@@ -0,0 +1,101 @@
+policy_module(mock,1.0.0)
+
@@ -25248,8 +25449,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mock
+ apache_read_sys_content_rw_files(mock_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/modemmanager.if serefpolicy-3.9.7/policy/modules/services/modemmanager.if
---- nsaserefpolicy/policy/modules/services/modemmanager.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/modemmanager.if 2010-11-05 14:02:26.716900842 +0100
+--- nsaserefpolicy/policy/modules/services/modemmanager.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/modemmanager.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run modemmanager.
## </summary>
@@ -25263,8 +25464,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mode
#
interface(`modemmanager_domtrans',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/modemmanager.te serefpolicy-3.9.7/policy/modules/services/modemmanager.te
---- nsaserefpolicy/policy/modules/services/modemmanager.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/modemmanager.te 2010-11-05 14:02:26.717900358 +0100
+--- nsaserefpolicy/policy/modules/services/modemmanager.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/modemmanager.te 2010-11-05 13:02:26.000000000 +0000
@@ -16,7 +16,8 @@
# ModemManager local policy
#
@@ -25298,8 +25499,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mode
udev_read_db(modemmanager_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mojomojo.if serefpolicy-3.9.7/policy/modules/services/mojomojo.if
---- nsaserefpolicy/policy/modules/services/mojomojo.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/mojomojo.if 2010-11-05 14:02:26.719900576 +0100
+--- nsaserefpolicy/policy/modules/services/mojomojo.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/mojomojo.if 2010-11-05 13:02:26.000000000 +0000
@@ -19,18 +19,20 @@
#
interface(`mojomojo_admin',`
@@ -25328,8 +25529,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mojo
admin_pattern($1, httpd_mojomojo_script_t)
admin_pattern($1, httpd_mojomojo_content_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mojomojo.te serefpolicy-3.9.7/policy/modules/services/mojomojo.te
---- nsaserefpolicy/policy/modules/services/mojomojo.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/mojomojo.te 2010-11-05 14:02:26.720900371 +0100
+--- nsaserefpolicy/policy/modules/services/mojomojo.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/mojomojo.te 2010-11-05 13:02:26.000000000 +0000
@@ -7,6 +7,9 @@
apache_content_template(mojomojo)
@@ -25352,8 +25553,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mojo
corenet_tcp_connect_mysqld_port(httpd_mojomojo_script_t)
corenet_tcp_connect_smtp_port(httpd_mojomojo_script_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.fc serefpolicy-3.9.7/policy/modules/services/mpd.fc
---- nsaserefpolicy/policy/modules/services/mpd.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/mpd.fc 2010-11-05 14:02:26.721901353 +0100
+--- nsaserefpolicy/policy/modules/services/mpd.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/mpd.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,10 @@
+
+/etc/mpd\.conf -- gen_context(system_u:object_r:mpd_etc_t,s0)
@@ -25366,8 +25567,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.
+/var/lib/mpd/music(/.*)? gen_context(system_u:object_r:mpd_data_t,s0)
+/var/lib/mpd/playlists(/.*)? gen_context(system_u:object_r:mpd_data_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.if serefpolicy-3.9.7/policy/modules/services/mpd.if
---- nsaserefpolicy/policy/modules/services/mpd.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/mpd.if 2010-11-05 14:02:26.722901428 +0100
+--- nsaserefpolicy/policy/modules/services/mpd.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/mpd.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,267 @@
+## <summary>policy for daemon for playing music</summary>
+
@@ -25637,8 +25838,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.
+ admin_pattern($1, mpd_tmpfs_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.te serefpolicy-3.9.7/policy/modules/services/mpd.te
---- nsaserefpolicy/policy/modules/services/mpd.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/mpd.te 2011-01-07 14:05:16.237042445 +0100
+--- nsaserefpolicy/policy/modules/services/mpd.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/mpd.te 2011-01-07 13:05:16.000000000 +0000
@@ -0,0 +1,143 @@
+policy_module(mpd, 1.0.0)
+
@@ -25784,8 +25985,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.
+ xserver_dontaudit_read_xdm_pid(mpd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.9.7/policy/modules/services/mta.fc
---- nsaserefpolicy/policy/modules/services/mta.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/mta.fc 2011-01-20 10:58:20.510042573 +0100
+--- nsaserefpolicy/policy/modules/services/mta.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/mta.fc 2011-01-20 09:58:20.000000000 +0000
@@ -1,4 +1,5 @@
-HOME_DIR/\.forward -- gen_context(system_u:object_r:mail_forward_t,s0)
+HOME_DIR/\.forward[^/]* -- gen_context(system_u:object_r:mail_home_t,s0)
@@ -25804,8 +26005,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
/usr/lib(64)?/sendmail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.9.7/policy/modules/services/mta.if
---- nsaserefpolicy/policy/modules/services/mta.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/mta.if 2010-11-05 14:02:26.726901166 +0100
+--- nsaserefpolicy/policy/modules/services/mta.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/mta.if 2010-11-05 13:02:26.000000000 +0000
@@ -37,9 +37,9 @@
## is the prefix for user_t).
## </summary>
@@ -26056,8 +26257,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
+ ')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.9.7/policy/modules/services/mta.te
---- nsaserefpolicy/policy/modules/services/mta.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/mta.te 2011-01-04 15:53:28.091041224 +0100
+--- nsaserefpolicy/policy/modules/services/mta.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/mta.te 2011-01-04 14:53:28.000000000 +0000
@@ -20,8 +20,8 @@
type etc_mail_t;
files_config_file(etc_mail_t)
@@ -26280,8 +26481,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
+ exim_manage_log(user_mail_domain)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.9.7/policy/modules/services/munin.fc
---- nsaserefpolicy/policy/modules/services/munin.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/munin.fc 2010-12-15 13:42:32.358042993 +0100
+--- nsaserefpolicy/policy/modules/services/munin.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/munin.fc 2010-12-15 12:42:32.000000000 +0000
@@ -51,6 +51,7 @@
/usr/share/munin/plugins/irqstats -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
/usr/share/munin/plugins/load -- gen_context(system_u:object_r:system_munin_plugin_exec_t,s0)
@@ -26299,8 +26500,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
/var/run/munin(/.*)? gen_context(system_u:object_r:munin_var_run_t,s0)
/var/www/html/munin(/.*)? gen_context(system_u:object_r:httpd_munin_content_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.9.7/policy/modules/services/munin.if
---- nsaserefpolicy/policy/modules/services/munin.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/munin.if 2010-11-23 12:48:19.045182669 +0100
+--- nsaserefpolicy/policy/modules/services/munin.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/munin.if 2010-11-23 11:48:19.000000000 +0000
@@ -13,10 +13,11 @@
#
template(`munin_plugin_template',`
@@ -26386,8 +26587,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
allow $1 munin_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.9.7/policy/modules/services/munin.te
---- nsaserefpolicy/policy/modules/services/munin.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/munin.te 2010-12-16 15:13:14.373042501 +0100
+--- nsaserefpolicy/policy/modules/services/munin.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/munin.te 2010-12-16 14:13:14.000000000 +0000
@@ -5,6 +5,8 @@
# Declarations
#
@@ -26596,8 +26797,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+
+miscfiles_read_localization(munin_plugin_domain)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.9.7/policy/modules/services/mysql.if
---- nsaserefpolicy/policy/modules/services/mysql.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/mysql.if 2011-01-05 10:55:41.877042746 +0100
+--- nsaserefpolicy/policy/modules/services/mysql.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/mysql.if 2011-01-05 09:55:41.000000000 +0000
@@ -18,6 +18,24 @@
domtrans_pattern($1, mysqld_exec_t, mysqld_t)
')
@@ -26698,8 +26899,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
admin_pattern($1, mysqld_tmp_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.9.7/policy/modules/services/mysql.te
---- nsaserefpolicy/policy/modules/services/mysql.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/mysql.te 2011-01-17 10:32:45.744043083 +0100
+--- nsaserefpolicy/policy/modules/services/mysql.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/mysql.te 2011-01-17 09:32:45.000000000 +0000
@@ -6,9 +6,9 @@
#
@@ -26788,8 +26989,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.9.7/policy/modules/services/nagios.if
---- nsaserefpolicy/policy/modules/services/nagios.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/nagios.if 2010-12-03 10:05:15.156153251 +0100
+--- nsaserefpolicy/policy/modules/services/nagios.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/nagios.if 2011-01-25 16:36:14.828455000 +0000
@@ -12,10 +12,8 @@
## </param>
#
@@ -26814,16 +27015,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
allow nagios_t nagios_$1_plugin_t:process signal_perms;
-@@ -36,6 +36,8 @@
+@@ -36,6 +36,10 @@
dontaudit nagios_$1_plugin_t nrpe_t:tcp_socket { read write };
dontaudit nagios_$1_plugin_t nagios_log_t:file { read write };
++ kernel_read_system_state(nagios_$1_plugin_t)
++
+ files_read_usr_files(nagios_$1_plugin_t)
+
miscfiles_read_localization(nagios_$1_plugin_t)
')
-@@ -49,7 +51,6 @@
+@@ -49,7 +53,6 @@
## Domain to not audit.
## </summary>
## </param>
@@ -26831,7 +27034,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
#
interface(`nagios_dontaudit_rw_pipes',`
gen_require(`
-@@ -159,6 +160,26 @@
+@@ -159,6 +162,26 @@
########################################
## <summary>
@@ -26858,7 +27061,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
## Execute the nagios NRPE with
## a domain transition.
## </summary>
-@@ -195,11 +216,9 @@
+@@ -195,11 +218,9 @@
#
interface(`nagios_admin',`
gen_require(`
@@ -26874,8 +27077,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
allow $1 nagios_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.9.7/policy/modules/services/nagios.te
---- nsaserefpolicy/policy/modules/services/nagios.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/nagios.te 2010-12-15 15:34:02.492042596 +0100
+--- nsaserefpolicy/policy/modules/services/nagios.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/nagios.te 2011-01-25 16:36:31.916455000 +0000
@@ -79,6 +79,7 @@
kernel_read_system_state(nagios_t)
@@ -26935,7 +27138,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
domtrans_pattern(nrpe_t, nagios_checkdisk_plugin_exec_t, nagios_checkdisk_plugin_t)
read_files_pattern(nrpe_t, nagios_etc_t, nagios_etc_t)
-@@ -270,7 +272,6 @@
+@@ -270,12 +272,10 @@
#
allow nagios_mail_plugin_t self:capability { setuid setgid dac_override };
@@ -26943,7 +27146,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
allow nagios_mail_plugin_t self:netlink_route_socket r_netlink_socket_perms;
allow nagios_mail_plugin_t self:tcp_socket create_stream_socket_perms;
allow nagios_mail_plugin_t self:udp_socket create_socket_perms;
-@@ -310,6 +311,9 @@
+
+-kernel_read_system_state(nagios_mail_plugin_t)
+ kernel_read_kernel_sysctls(nagios_mail_plugin_t)
+
+ corecmd_read_bin_files(nagios_mail_plugin_t)
+@@ -310,6 +310,9 @@
# needed by ioctl()
allow nagios_checkdisk_plugin_t self:capability { sys_admin sys_rawio };
@@ -26953,7 +27161,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
files_read_etc_runtime_files(nagios_checkdisk_plugin_t)
fs_getattr_all_fs(nagios_checkdisk_plugin_t)
-@@ -323,7 +327,6 @@
+@@ -323,7 +326,6 @@
allow nagios_services_plugin_t self:capability { net_bind_service net_raw };
allow nagios_services_plugin_t self:process { signal sigkill };
@@ -26961,7 +27169,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
allow nagios_services_plugin_t self:tcp_socket create_stream_socket_perms;
allow nagios_services_plugin_t self:udp_socket create_socket_perms;
-@@ -340,6 +343,8 @@
+@@ -340,6 +342,8 @@
optional_policy(`
netutils_domtrans_ping(nagios_services_plugin_t)
@@ -26970,9 +27178,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
')
optional_policy(`
+@@ -363,7 +367,6 @@
+ manage_dirs_pattern(nagios_system_plugin_t, nagios_system_plugin_tmp_t, nagios_system_plugin_tmp_t)
+ files_tmp_filetrans(nagios_system_plugin_t, nagios_system_plugin_tmp_t, { dir file })
+
+-kernel_read_system_state(nagios_system_plugin_t)
+ kernel_read_kernel_sysctls(nagios_system_plugin_t)
+
+ corecmd_exec_bin(nagios_system_plugin_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.9.7/policy/modules/services/networkmanager.fc
---- nsaserefpolicy/policy/modules/services/networkmanager.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/networkmanager.fc 2010-12-06 11:32:42.145042158 +0100
+--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/networkmanager.fc 2010-12-06 10:32:42.000000000 +0000
@@ -1,7 +1,13 @@
/etc/rc\.d/init\.d/wicd -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
@@ -26998,8 +27214,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
/var/run/NetworkManager\.pid -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.9.7/policy/modules/services/networkmanager.if
---- nsaserefpolicy/policy/modules/services/networkmanager.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/networkmanager.if 2010-11-05 14:02:26.735899879 +0100
+--- nsaserefpolicy/policy/modules/services/networkmanager.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/networkmanager.if 2010-11-05 13:02:26.000000000 +0000
@@ -43,9 +43,9 @@
## Allow caller to relabel tun_socket
## </summary>
@@ -27094,8 +27310,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+ append_files_pattern($1, NetworkManager_log_t, NetworkManager_log_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.9.7/policy/modules/services/networkmanager.te
---- nsaserefpolicy/policy/modules/services/networkmanager.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/networkmanager.te 2010-11-15 16:20:58.798398973 +0100
+--- nsaserefpolicy/policy/modules/services/networkmanager.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/networkmanager.te 2010-11-15 15:20:58.000000000 +0000
@@ -12,6 +12,12 @@
type NetworkManager_initrc_exec_t;
init_script_file(NetworkManager_initrc_exec_t)
@@ -27238,8 +27454,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.9.7/policy/modules/services/nis.fc
---- nsaserefpolicy/policy/modules/services/nis.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/nis.fc 2010-11-05 14:02:26.737900237 +0100
+--- nsaserefpolicy/policy/modules/services/nis.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/nis.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,5 +1,5 @@
/etc/rc\.d/init\.d/ypbind -- gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/yppasswd -- gen_context(system_u:object_r:nis_initrc_exec_t,s0)
@@ -27256,8 +27472,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
/var/yp(/.*)? gen_context(system_u:object_r:var_yp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.9.7/policy/modules/services/nis.if
---- nsaserefpolicy/policy/modules/services/nis.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/nis.if 2010-11-05 14:02:26.737900237 +0100
+--- nsaserefpolicy/policy/modules/services/nis.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/nis.if 2010-11-05 13:02:26.000000000 +0000
@@ -34,7 +34,7 @@
allow $1 self:udp_socket create_socket_perms;
@@ -27323,8 +27539,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
allow $1 ypbind_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.9.7/policy/modules/services/nis.te
---- nsaserefpolicy/policy/modules/services/nis.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/nis.te 2010-11-05 14:02:26.738899892 +0100
+--- nsaserefpolicy/policy/modules/services/nis.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/nis.te 2010-11-05 13:02:26.000000000 +0000
@@ -55,10 +55,11 @@
########################################
#
@@ -27359,8 +27575,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
allow ypserv_t self:unix_stream_socket create_stream_socket_perms;
allow ypserv_t self:netlink_route_socket r_netlink_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.9.7/policy/modules/services/nscd.if
---- nsaserefpolicy/policy/modules/services/nscd.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/nscd.if 2010-11-11 16:02:10.525398693 +0100
+--- nsaserefpolicy/policy/modules/services/nscd.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/nscd.if 2010-11-11 15:02:10.000000000 +0000
@@ -116,7 +116,26 @@
dontaudit $1 nscd_t:nscd { getserv shmempwd shmemgrp shmemhost shmemserv };
files_search_pids($1)
@@ -27425,8 +27641,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
interface(`nscd_run',`
gen_require(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.9.7/policy/modules/services/nscd.te
---- nsaserefpolicy/policy/modules/services/nscd.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/nscd.te 2010-11-05 14:02:26.740899761 +0100
+--- nsaserefpolicy/policy/modules/services/nscd.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/nscd.te 2010-11-05 13:02:26.000000000 +0000
@@ -1,9 +1,16 @@
-policy_module(nscd, 1.10.0)
+policy_module(nscd, 1.10.1)
@@ -27504,8 +27720,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
+ unconfined_dontaudit_rw_packet_sockets(nscd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.if serefpolicy-3.9.7/policy/modules/services/nslcd.if
---- nsaserefpolicy/policy/modules/services/nslcd.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/nslcd.if 2010-11-05 14:02:26.740899761 +0100
+--- nsaserefpolicy/policy/modules/services/nslcd.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/nslcd.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run nslcd.
## </summary>
@@ -27544,8 +27760,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslc
+ admin_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop.te serefpolicy-3.9.7/policy/modules/services/ntop.te
---- nsaserefpolicy/policy/modules/services/ntop.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ntop.te 2010-11-05 14:02:26.741900185 +0100
+--- nsaserefpolicy/policy/modules/services/ntop.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ntop.te 2010-11-05 13:02:26.000000000 +0000
@@ -51,7 +51,7 @@
manage_dirs_pattern(ntop_t, ntop_var_lib_t, ntop_var_lib_t)
@@ -27556,8 +27772,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop
manage_files_pattern(ntop_t, ntop_var_run_t, ntop_var_run_t)
files_pid_filetrans(ntop_t, ntop_var_run_t, file)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.9.7/policy/modules/services/ntp.if
---- nsaserefpolicy/policy/modules/services/ntp.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ntp.if 2010-11-05 14:02:26.741900185 +0100
+--- nsaserefpolicy/policy/modules/services/ntp.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ntp.if 2010-11-05 13:02:26.000000000 +0000
@@ -140,11 +140,10 @@
interface(`ntp_admin',`
gen_require(`
@@ -27573,8 +27789,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
init_labeled_script_domtrans($1, ntpd_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.9.7/policy/modules/services/ntp.te
---- nsaserefpolicy/policy/modules/services/ntp.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ntp.te 2010-11-05 14:02:26.742900049 +0100
+--- nsaserefpolicy/policy/modules/services/ntp.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ntp.te 2010-11-05 13:02:26.000000000 +0000
@@ -96,9 +96,12 @@
dev_read_sysfs(ntpd_t)
# for SSP
@@ -27589,8 +27805,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
term_use_ptmx(ntpd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.if serefpolicy-3.9.7/policy/modules/services/nx.if
---- nsaserefpolicy/policy/modules/services/nx.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/nx.if 2010-11-05 14:02:26.743902219 +0100
+--- nsaserefpolicy/policy/modules/services/nx.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/nx.if 2010-11-05 13:02:26.000000000 +0000
@@ -33,8 +33,10 @@
type nx_server_home_ssh_t, nx_server_var_lib_t;
')
@@ -27618,8 +27834,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.i
filetrans_pattern($1, nx_server_var_lib_t, $2, $3)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.9.7/policy/modules/services/nx.te
---- nsaserefpolicy/policy/modules/services/nx.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/nx.te 2010-11-05 14:02:26.743902219 +0100
+--- nsaserefpolicy/policy/modules/services/nx.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/nx.te 2010-11-05 13:02:26.000000000 +0000
@@ -27,6 +27,9 @@
type nx_server_var_run_t;
files_pid_file(nx_server_var_run_t)
@@ -27665,8 +27881,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.t
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.9.7/policy/modules/services/oddjob.fc
---- nsaserefpolicy/policy/modules/services/oddjob.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/oddjob.fc 2010-11-05 14:02:26.744901106 +0100
+--- nsaserefpolicy/policy/modules/services/oddjob.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/oddjob.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,4 +1,5 @@
/usr/lib(64)?/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
+/usr/libexec/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
@@ -27674,8 +27890,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
/usr/sbin/oddjobd -- gen_context(system_u:object_r:oddjob_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.9.7/policy/modules/services/oddjob.if
---- nsaserefpolicy/policy/modules/services/oddjob.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/oddjob.if 2010-11-05 14:02:26.744901106 +0100
+--- nsaserefpolicy/policy/modules/services/oddjob.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/oddjob.if 2010-11-05 13:02:26.000000000 +0000
@@ -9,9 +9,9 @@
## Execute a domain transition to run oddjob.
## </summary>
@@ -27748,8 +27964,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
## <summary>
## Execute a domain transition to run oddjob_mkhomedir.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.9.7/policy/modules/services/oddjob.te
---- nsaserefpolicy/policy/modules/services/oddjob.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/oddjob.te 2010-11-05 14:02:26.745900761 +0100
+--- nsaserefpolicy/policy/modules/services/oddjob.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/oddjob.te 2010-11-05 13:02:26.000000000 +0000
@@ -7,7 +7,6 @@
type oddjob_t;
@@ -27778,8 +27994,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
+userdom_manage_user_home_content_dirs(oddjob_mkhomedir_t)
+userdom_manage_user_home_content(oddjob_mkhomedir_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oident.if serefpolicy-3.9.7/policy/modules/services/oident.if
---- nsaserefpolicy/policy/modules/services/oident.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/oident.if 2010-11-05 14:02:26.746900067 +0100
+--- nsaserefpolicy/policy/modules/services/oident.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/oident.if 2010-11-05 13:02:26.000000000 +0000
@@ -18,7 +18,7 @@
## </summary>
## </param>
@@ -27846,8 +28062,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oide
+ admin_pattern($1, oidentd_config_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oident.te serefpolicy-3.9.7/policy/modules/services/oident.te
---- nsaserefpolicy/policy/modules/services/oident.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/oident.te 2010-11-05 14:02:26.747900072 +0100
+--- nsaserefpolicy/policy/modules/services/oident.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/oident.te 2010-11-05 13:02:26.000000000 +0000
@@ -1,4 +1,4 @@
-policy_module(oident, 2.1.0)
+policy_module(oident, 2.1.0)
@@ -27878,8 +28094,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oide
logging_send_syslog_msg(oidentd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openct.if serefpolicy-3.9.7/policy/modules/services/openct.if
---- nsaserefpolicy/policy/modules/services/openct.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/openct.if 2010-11-05 14:02:26.747900072 +0100
+--- nsaserefpolicy/policy/modules/services/openct.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/openct.if 2010-11-05 13:02:26.000000000 +0000
@@ -23,9 +23,9 @@
## Execute openct in the caller domain.
## </summary>
@@ -27905,8 +28121,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
#
interface(`openct_domtrans',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.9.7/policy/modules/services/openvpn.te
---- nsaserefpolicy/policy/modules/services/openvpn.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/openvpn.te 2010-12-01 11:53:52.004042394 +0100
+--- nsaserefpolicy/policy/modules/services/openvpn.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/openvpn.te 2010-12-01 10:53:52.000000000 +0000
@@ -6,9 +6,9 @@
#
@@ -28013,8 +28229,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
+ unconfined_attach_tun_iface(openvpn_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.if serefpolicy-3.9.7/policy/modules/services/pads.if
---- nsaserefpolicy/policy/modules/services/pads.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/pads.if 2010-11-05 14:02:26.749900150 +0100
+--- nsaserefpolicy/policy/modules/services/pads.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/pads.if 2010-11-05 13:02:26.000000000 +0000
@@ -25,10 +25,10 @@
## </param>
## <rolecap/>
@@ -28040,8 +28256,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads
admin_pattern($1, pads_config_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.te serefpolicy-3.9.7/policy/modules/services/pads.te
---- nsaserefpolicy/policy/modules/services/pads.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/pads.te 2010-11-05 14:02:26.749900150 +0100
+--- nsaserefpolicy/policy/modules/services/pads.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/pads.te 2010-11-05 13:02:26.000000000 +0000
@@ -1,4 +1,4 @@
-policy_module(pads, 1.0.0)
+policy_module(pads, 1.0.0)
@@ -28072,8 +28288,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads
allow pads_t pads_config_t:file manage_file_perms;
files_etc_filetrans(pads_t, pads_config_t, file)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/passenger.fc serefpolicy-3.9.7/policy/modules/services/passenger.fc
---- nsaserefpolicy/policy/modules/services/passenger.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/passenger.fc 2010-12-22 13:14:36.720042389 +0100
+--- nsaserefpolicy/policy/modules/services/passenger.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/passenger.fc 2010-12-22 12:14:36.000000000 +0000
@@ -0,0 +1,16 @@
+
+/usr/lib(64)?/ruby/gems/.*/passenger-.*/ext/apache2/ApplicationPoolServerExecutable -- gen_context(system_u:object_r:passenger_exec_t,s0)
@@ -28092,8 +28308,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pass
+
+/var/run/passenger(/.*)? gen_context(system_u:object_r:passenger_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/passenger.if serefpolicy-3.9.7/policy/modules/services/passenger.if
---- nsaserefpolicy/policy/modules/services/passenger.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/passenger.if 2010-12-22 13:14:36.720042389 +0100
+--- nsaserefpolicy/policy/modules/services/passenger.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/passenger.if 2010-12-22 12:14:36.000000000 +0000
@@ -0,0 +1,67 @@
+## <summary>Passenger policy</summary>
+
@@ -28163,8 +28379,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pass
+ read_lnk_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/passenger.te serefpolicy-3.9.7/policy/modules/services/passenger.te
---- nsaserefpolicy/policy/modules/services/passenger.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/passenger.te 2010-12-22 13:14:36.720042389 +0100
+--- nsaserefpolicy/policy/modules/services/passenger.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/passenger.te 2010-12-22 12:14:36.000000000 +0000
@@ -0,0 +1,76 @@
+policy_module(passanger, 1.0.0)
+
@@ -28243,8 +28459,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pass
+ apache_read_sys_content(passenger_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.if serefpolicy-3.9.7/policy/modules/services/pcscd.if
---- nsaserefpolicy/policy/modules/services/pcscd.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/pcscd.if 2010-11-05 14:02:26.751900858 +0100
+--- nsaserefpolicy/policy/modules/services/pcscd.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/pcscd.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run pcscd.
## </summary>
@@ -28258,8 +28474,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcsc
#
interface(`pcscd_domtrans',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.9.7/policy/modules/services/pcscd.te
---- nsaserefpolicy/policy/modules/services/pcscd.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/pcscd.te 2010-11-05 14:02:26.752900164 +0100
+--- nsaserefpolicy/policy/modules/services/pcscd.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/pcscd.te 2010-11-05 13:02:26.000000000 +0000
@@ -7,7 +7,6 @@
type pcscd_t;
@@ -28269,8 +28485,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcsc
# pid files
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.9.7/policy/modules/services/pegasus.te
---- nsaserefpolicy/policy/modules/services/pegasus.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/pegasus.te 2010-11-05 14:02:26.752900164 +0100
+--- nsaserefpolicy/policy/modules/services/pegasus.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/pegasus.te 2010-11-05 13:02:26.000000000 +0000
@@ -29,7 +29,7 @@
# Local policy
#
@@ -28364,8 +28580,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pega
+ xen_stream_connect_xenstore(pegasus_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.if serefpolicy-3.9.7/policy/modules/services/pingd.if
---- nsaserefpolicy/policy/modules/services/pingd.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/pingd.if 2010-11-05 14:02:26.753900028 +0100
+--- nsaserefpolicy/policy/modules/services/pingd.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/pingd.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run pingd.
## </summary>
@@ -28398,8 +28614,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ping
allow $1 pingd_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.te serefpolicy-3.9.7/policy/modules/services/pingd.te
---- nsaserefpolicy/policy/modules/services/pingd.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/pingd.te 2010-11-05 14:02:26.754900033 +0100
+--- nsaserefpolicy/policy/modules/services/pingd.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/pingd.te 2010-11-05 13:02:26.000000000 +0000
@@ -27,7 +27,7 @@
allow pingd_t self:capability net_raw;
@@ -28410,8 +28626,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ping
read_files_pattern(pingd_t, pingd_etc_t, pingd_etc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.fc serefpolicy-3.9.7/policy/modules/services/piranha.fc
---- nsaserefpolicy/policy/modules/services/piranha.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/piranha.fc 2010-11-05 14:02:26.754900033 +0100
+--- nsaserefpolicy/policy/modules/services/piranha.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/piranha.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,26 @@
+
+/etc/rc\.d/init\.d/pulse -- gen_context(system_u:object_r:piranha_pulse_initrc_exec_t,s0)
@@ -28440,8 +28656,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
+/var/run/pulse\.pid -- gen_context(system_u:object_r:piranha_pulse_var_run_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.if serefpolicy-3.9.7/policy/modules/services/piranha.if
---- nsaserefpolicy/policy/modules/services/piranha.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/piranha.if 2010-11-05 14:02:26.755899828 +0100
+--- nsaserefpolicy/policy/modules/services/piranha.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/piranha.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,173 @@
+## <summary>policy for piranha</summary>
+
@@ -28617,8 +28833,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
+ manage_lnk_files_pattern($1, piranha_log_t, piranha_log_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.te serefpolicy-3.9.7/policy/modules/services/piranha.te
---- nsaserefpolicy/policy/modules/services/piranha.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/piranha.te 2010-11-05 14:02:26.755899828 +0100
+--- nsaserefpolicy/policy/modules/services/piranha.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/piranha.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,214 @@
+policy_module(piranha, 1.0.0)
+
@@ -28835,8 +29051,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira
+
+sysnet_read_config(piranha_domain)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouthd.if serefpolicy-3.9.7/policy/modules/services/plymouthd.if
---- nsaserefpolicy/policy/modules/services/plymouthd.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/plymouthd.if 2010-11-05 14:02:26.757900046 +0100
+--- nsaserefpolicy/policy/modules/services/plymouthd.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/plymouthd.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,12 +5,12 @@
## Execute a domain transition to run plymouthd.
## </summary>
@@ -28998,8 +29214,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plym
admin_pattern($1, plymouthd_var_run_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouthd.te serefpolicy-3.9.7/policy/modules/services/plymouthd.te
---- nsaserefpolicy/policy/modules/services/plymouthd.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/plymouthd.te 2010-11-05 14:02:26.757900046 +0100
+--- nsaserefpolicy/policy/modules/services/plymouthd.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/plymouthd.te 2010-11-05 13:02:26.000000000 +0000
@@ -60,10 +60,14 @@
files_read_etc_files(plymouthd_t)
files_read_usr_files(plymouthd_t)
@@ -29033,8 +29249,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plym
hal_dontaudit_write_log(plymouth_t)
hal_dontaudit_rw_pipes(plymouth_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.fc serefpolicy-3.9.7/policy/modules/services/policykit.fc
---- nsaserefpolicy/policy/modules/services/policykit.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/policykit.fc 2010-11-05 14:02:26.758899911 +0100
+--- nsaserefpolicy/policy/modules/services/policykit.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/policykit.fc 2010-11-05 13:02:26.000000000 +0000
@@ -6,10 +6,13 @@
/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0)
/usr/libexec/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0)
@@ -29051,8 +29267,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
/var/run/PolicyKit(/.*)? gen_context(system_u:object_r:policykit_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.if serefpolicy-3.9.7/policy/modules/services/policykit.if
---- nsaserefpolicy/policy/modules/services/policykit.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/policykit.if 2010-11-05 14:02:26.759899915 +0100
+--- nsaserefpolicy/policy/modules/services/policykit.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/policykit.if 2010-11-05 13:02:26.000000000 +0000
@@ -17,18 +17,43 @@
class dbus send_msg;
')
@@ -29191,8 +29407,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
+ allow $1 policykit_auth_t:process signal;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.9.7/policy/modules/services/policykit.te
---- nsaserefpolicy/policy/modules/services/policykit.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/policykit.te 2010-11-05 14:02:26.759899915 +0100
+--- nsaserefpolicy/policy/modules/services/policykit.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/policykit.te 2010-11-05 13:02:26.000000000 +0000
@@ -24,6 +24,9 @@
type policykit_reload_t alias polkit_reload_t;
files_type(policykit_reload_t)
@@ -29388,8 +29604,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli
')
-
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portmap.te serefpolicy-3.9.7/policy/modules/services/portmap.te
---- nsaserefpolicy/policy/modules/services/portmap.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/portmap.te 2010-11-05 14:02:26.760900129 +0100
+--- nsaserefpolicy/policy/modules/services/portmap.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/portmap.te 2010-11-05 13:02:26.000000000 +0000
@@ -12,7 +12,6 @@
type portmap_helper_t;
type portmap_helper_exec_t;
@@ -29399,8 +29615,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
type portmap_tmp_t;
files_tmp_file(portmap_tmp_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.fc serefpolicy-3.9.7/policy/modules/services/portreserve.fc
---- nsaserefpolicy/policy/modules/services/portreserve.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/portreserve.fc 2010-11-05 14:02:26.761899994 +0100
+--- nsaserefpolicy/policy/modules/services/portreserve.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/portreserve.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,3 +1,6 @@
+
+/etc/rc\.d/init\.d/portreserve -- gen_context(system_u:object_r:portreserve_initrc_exec_t,s0)
@@ -29409,8 +29625,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
/sbin/portreserve -- gen_context(system_u:object_r:portreserve_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.if serefpolicy-3.9.7/policy/modules/services/portreserve.if
---- nsaserefpolicy/policy/modules/services/portreserve.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/portreserve.if 2010-11-05 14:02:26.761899994 +0100
+--- nsaserefpolicy/policy/modules/services/portreserve.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/portreserve.if 2010-11-05 13:02:26.000000000 +0000
@@ -18,6 +18,24 @@
domtrans_pattern($1, portreserve_exec_t, portreserve_t)
')
@@ -29495,8 +29711,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
+ admin_pattern($1, portreserve_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.9.7/policy/modules/services/portreserve.te
---- nsaserefpolicy/policy/modules/services/portreserve.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/portreserve.te 2010-11-05 14:02:26.762899929 +0100
+--- nsaserefpolicy/policy/modules/services/portreserve.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/portreserve.te 2010-11-05 13:02:26.000000000 +0000
@@ -9,6 +9,9 @@
type portreserve_exec_t;
init_daemon_domain(portreserve_t, portreserve_exec_t)
@@ -29523,8 +29739,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
+
+userdom_dontaudit_search_user_home_content(portreserve_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.9.7/policy/modules/services/postfix.fc
---- nsaserefpolicy/policy/modules/services/postfix.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/postfix.fc 2010-11-05 14:02:26.762899929 +0100
+--- nsaserefpolicy/policy/modules/services/postfix.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/postfix.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,4 +1,5 @@
# postfix
+/etc/rc\.d/init\.d/postfix -- gen_context(system_u:object_r:postfix_initrc_exec_t,s0)
@@ -29545,8 +29761,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
/usr/sbin/postfix -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postkick -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.9.7/policy/modules/services/postfix.if
---- nsaserefpolicy/policy/modules/services/postfix.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/postfix.if 2011-01-19 11:29:15.403042285 +0100
+--- nsaserefpolicy/policy/modules/services/postfix.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/postfix.if 2011-01-19 10:29:15.000000000 +0000
@@ -35,7 +35,7 @@
role system_r types postfix_$1_t;
@@ -29812,8 +30028,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+ role $2 types postfix_postdrop_t;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.if serefpolicy-3.9.7/policy/modules/services/postfixpolicyd.if
---- nsaserefpolicy/policy/modules/services/postfixpolicyd.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/postfixpolicyd.if 2010-11-05 14:02:26.765900012 +0100
+--- nsaserefpolicy/policy/modules/services/postfixpolicyd.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/postfixpolicyd.if 2010-11-05 13:02:26.000000000 +0000
@@ -20,8 +20,7 @@
interface(`postfixpolicyd_admin',`
gen_require(`
@@ -29825,8 +30041,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
allow $1 postfix_policyd_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.te serefpolicy-3.9.7/policy/modules/services/postfixpolicyd.te
---- nsaserefpolicy/policy/modules/services/postfixpolicyd.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/postfixpolicyd.te 2010-11-05 14:02:26.766899946 +0100
+--- nsaserefpolicy/policy/modules/services/postfixpolicyd.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/postfixpolicyd.te 2010-11-05 13:02:26.000000000 +0000
@@ -23,14 +23,14 @@
# Local Policy
#
@@ -29846,8 +30062,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
manage_files_pattern(postfix_policyd_t, postfix_policyd_var_run_t, postfix_policyd_var_run_t)
files_pid_filetrans(postfix_policyd_t, postfix_policyd_var_run_t, file)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.9.7/policy/modules/services/postfix.te
---- nsaserefpolicy/policy/modules/services/postfix.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/postfix.te 2011-01-20 10:59:50.971291246 +0100
+--- nsaserefpolicy/policy/modules/services/postfix.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/postfix.te 2011-01-27 13:24:28.292455000 +0000
@@ -5,6 +5,14 @@
# Declarations
#
@@ -30012,7 +30228,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
optional_policy(`
clamav_search_lib(postfix_local_t)
-@@ -304,9 +330,17 @@
+@@ -304,9 +330,21 @@
')
optional_policy(`
@@ -30024,13 +30240,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
')
+optional_policy(`
++ sendmail_rw_pipes(postfix_local_t)
++')
++
++optional_policy(`
+ zarafa_deliver_domtrans(postfix_local_t)
+')
+
########################################
#
# Postfix map local policy
-@@ -390,8 +424,8 @@
+@@ -390,8 +428,8 @@
# Postfix pipe local policy
#
@@ -30040,7 +30260,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
write_sock_files_pattern(postfix_pipe_t, postfix_private_t, postfix_private_t)
-@@ -401,6 +435,8 @@
+@@ -401,6 +439,8 @@
domtrans_pattern(postfix_pipe_t, postfix_postdrop_exec_t, postfix_postdrop_t)
@@ -30049,7 +30269,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
optional_policy(`
dovecot_domtrans_deliver(postfix_pipe_t)
')
-@@ -420,6 +456,7 @@
+@@ -420,6 +460,7 @@
optional_policy(`
spamassassin_domtrans_client(postfix_pipe_t)
@@ -30057,7 +30277,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
')
optional_policy(`
-@@ -436,6 +473,9 @@
+@@ -436,6 +477,9 @@
allow postfix_postdrop_t self:tcp_socket create;
allow postfix_postdrop_t self:udp_socket create_socket_perms;
@@ -30067,7 +30287,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
rw_fifo_files_pattern(postfix_postdrop_t, postfix_public_t, postfix_public_t)
postfix_list_spool(postfix_postdrop_t)
-@@ -519,7 +559,7 @@
+@@ -519,7 +563,7 @@
allow postfix_qmgr_t postfix_spool_bounce_t:dir list_dir_perms;
allow postfix_qmgr_t postfix_spool_bounce_t:file read_file_perms;
@@ -30076,7 +30296,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
corecmd_exec_bin(postfix_qmgr_t)
-@@ -539,7 +579,7 @@
+@@ -539,7 +583,7 @@
allow postfix_showq_t postfix_spool_maildrop_t:dir list_dir_perms;
allow postfix_showq_t postfix_spool_maildrop_t:file read_file_perms;
@@ -30085,7 +30305,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
# to write the mailq output, it really should not need read access!
term_use_all_ptys(postfix_showq_t)
-@@ -588,10 +628,16 @@
+@@ -588,10 +632,16 @@
# for OpenSSL certificates
files_read_usr_files(postfix_smtpd_t)
@@ -30102,7 +30322,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
')
optional_policy(`
-@@ -611,8 +657,8 @@
+@@ -611,8 +661,8 @@
# Postfix virtual local policy
#
@@ -30112,7 +30332,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
allow postfix_virtual_t postfix_spool_t:file rw_file_perms;
-@@ -630,3 +676,8 @@
+@@ -630,3 +680,8 @@
# For reading spamassasin
mta_read_config(postfix_virtual_t)
mta_manage_spool(postfix_virtual_t)
@@ -30122,8 +30342,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+userdom_home_filetrans_user_home_dir(postfix_virtual_t)
+userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, {file dir })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.9.7/policy/modules/services/postgresql.if
---- nsaserefpolicy/policy/modules/services/postgresql.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/postgresql.if 2011-01-19 17:48:56.480041380 +0100
+--- nsaserefpolicy/policy/modules/services/postgresql.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/postgresql.if 2011-01-19 16:48:56.000000000 +0000
@@ -10,7 +10,7 @@
## </summary>
## </param>
@@ -30461,8 +30681,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
postgresql_tcp_connect($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.9.7/policy/modules/services/postgresql.te
---- nsaserefpolicy/policy/modules/services/postgresql.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/postgresql.te 2011-01-19 17:48:56.482041108 +0100
+--- nsaserefpolicy/policy/modules/services/postgresql.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/postgresql.te 2011-01-19 16:48:56.000000000 +0000
@@ -1,4 +1,4 @@
-policy_module(postgresql, 1.11.1)
+policy_module(postgresql, 1.12.1)
@@ -30783,8 +31003,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.if serefpolicy-3.9.7/policy/modules/services/postgrey.if
---- nsaserefpolicy/policy/modules/services/postgrey.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/postgrey.if 2010-11-05 14:02:26.769900239 +0100
+--- nsaserefpolicy/policy/modules/services/postgrey.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/postgrey.if 2010-11-05 13:02:26.000000000 +0000
@@ -15,9 +15,9 @@
type postgrey_var_run_t, postgrey_t, postgrey_spool_t;
')
@@ -30817,8 +31037,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
allow $1 postgrey_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.9.7/policy/modules/services/ppp.if
---- nsaserefpolicy/policy/modules/services/ppp.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ppp.if 2010-11-05 14:02:26.770900453 +0100
+--- nsaserefpolicy/policy/modules/services/ppp.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ppp.if 2010-11-05 13:02:26.000000000 +0000
@@ -66,7 +66,6 @@
## </summary>
## </param>
@@ -30907,8 +31127,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
admin_pattern($1, pptp_var_run_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.9.7/policy/modules/services/ppp.te
---- nsaserefpolicy/policy/modules/services/ppp.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ppp.te 2010-11-05 14:02:26.770900453 +0100
+--- nsaserefpolicy/policy/modules/services/ppp.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ppp.te 2011-01-27 14:11:10.224455001 +0000
@@ -6,16 +6,16 @@
#
@@ -30932,15 +31152,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
## </desc>
gen_tunable(pppd_for_user, false)
-@@ -70,7 +70,7 @@
+@@ -70,9 +70,9 @@
# PPPD Local policy
#
-allow pppd_t self:capability { kill net_admin setuid setgid fsetid fowner net_raw dac_override };
+allow pppd_t self:capability { kill net_admin setuid setgid sys_admin fsetid fowner net_raw dac_override };
dontaudit pppd_t self:capability sys_tty_config;
- allow pppd_t self:process { getsched signal };
+-allow pppd_t self:process { getsched signal };
++allow pppd_t self:process { getsched setsched signal };
allow pppd_t self:fifo_file rw_fifo_file_perms;
+ allow pppd_t self:socket create_socket_perms;
+ allow pppd_t self:unix_dgram_socket create_socket_perms;
@@ -84,11 +84,11 @@
domtrans_pattern(pppd_t, pptp_exec_t, pptp_t)
@@ -30966,7 +31189,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
allow pppd_t pptp_t:process signal;
-@@ -194,6 +195,8 @@
+@@ -166,6 +167,8 @@
+ init_signal_script(pppd_t)
+
+ auth_use_nsswitch(pppd_t)
++auth_domtrans_chk_passwd(pppd_t
++auth_write_login_record(pppd_t)
+
+ logging_send_syslog_msg(pppd_t)
+ logging_send_audit_msgs(pppd_t)
+@@ -194,6 +197,8 @@
optional_policy(`
mta_send_mail(pppd_t)
@@ -30975,7 +31207,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
')
optional_policy(`
-@@ -243,9 +246,10 @@
+@@ -243,9 +248,10 @@
allow pptp_t pptp_log_t:file manage_file_perms;
logging_log_filetrans(pptp_t, pptp_log_t, file)
@@ -30988,8 +31220,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
kernel_list_proc(pptp_t)
kernel_read_kernel_sysctls(pptp_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.9.7/policy/modules/services/prelude.if
---- nsaserefpolicy/policy/modules/services/prelude.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/prelude.if 2010-11-05 14:02:26.771899829 +0100
+--- nsaserefpolicy/policy/modules/services/prelude.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/prelude.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run prelude.
## </summary>
@@ -31076,8 +31308,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
+ admin_pattern($1, prelude_lml_tmp_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.9.7/policy/modules/services/prelude.te
---- nsaserefpolicy/policy/modules/services/prelude.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/prelude.te 2010-11-05 14:02:26.772900112 +0100
+--- nsaserefpolicy/policy/modules/services/prelude.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/prelude.te 2010-11-05 13:02:26.000000000 +0000
@@ -35,7 +35,6 @@
type prelude_correlator_t;
type prelude_correlator_exec_t;
@@ -31098,8 +31330,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
allow prelude_lml_t self:unix_stream_socket connectto;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.if serefpolicy-3.9.7/policy/modules/services/privoxy.if
---- nsaserefpolicy/policy/modules/services/privoxy.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/privoxy.if 2010-11-05 14:02:26.772900112 +0100
+--- nsaserefpolicy/policy/modules/services/privoxy.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/privoxy.if 2010-11-05 13:02:26.000000000 +0000
@@ -19,12 +19,11 @@
#
interface(`privoxy_admin',`
@@ -31116,8 +31348,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/priv
init_labeled_script_domtrans($1, privoxy_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.9.7/policy/modules/services/privoxy.te
---- nsaserefpolicy/policy/modules/services/privoxy.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/privoxy.te 2010-11-05 14:02:26.773900047 +0100
+--- nsaserefpolicy/policy/modules/services/privoxy.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/privoxy.te 2010-11-05 13:02:26.000000000 +0000
@@ -6,10 +6,10 @@
#
@@ -31147,8 +31379,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/priv
corenet_sendrecv_http_client_packets(privoxy_t)
corenet_sendrecv_ftp_client_packets(privoxy_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.fc serefpolicy-3.9.7/policy/modules/services/procmail.fc
---- nsaserefpolicy/policy/modules/services/procmail.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/procmail.fc 2010-11-05 14:02:26.773900047 +0100
+--- nsaserefpolicy/policy/modules/services/procmail.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/procmail.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,3 +1,5 @@
+HOME_DIR/\.procmailrc -- gen_context(system_u:object_r:procmail_home_t, s0)
+/root/\.procmailrc -- gen_context(system_u:object_r:procmail_home_t, s0)
@@ -31156,8 +31388,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
/usr/bin/procmail -- gen_context(system_u:object_r:procmail_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.if serefpolicy-3.9.7/policy/modules/services/procmail.if
---- nsaserefpolicy/policy/modules/services/procmail.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/procmail.if 2010-11-05 14:02:26.774900191 +0100
+--- nsaserefpolicy/policy/modules/services/procmail.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/procmail.if 2010-11-05 13:02:26.000000000 +0000
@@ -77,3 +77,22 @@
files_search_tmp($1)
rw_files_pattern($1, procmail_tmp_t, procmail_tmp_t)
@@ -31182,8 +31414,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
+ read_files_pattern($1, procmail_home_t, procmail_home_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.9.7/policy/modules/services/procmail.te
---- nsaserefpolicy/policy/modules/services/procmail.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/procmail.te 2010-11-05 14:02:26.775899916 +0100
+--- nsaserefpolicy/policy/modules/services/procmail.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/procmail.te 2010-11-05 13:02:26.000000000 +0000
@@ -10,6 +10,9 @@
application_domain(procmail_t, procmail_exec_t)
role system_r types procmail_t;
@@ -31242,8 +31474,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
pyzor_signal(procmail_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.if serefpolicy-3.9.7/policy/modules/services/psad.if
---- nsaserefpolicy/policy/modules/services/psad.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/psad.if 2010-11-05 14:02:26.775899916 +0100
+--- nsaserefpolicy/policy/modules/services/psad.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/psad.if 2010-11-05 13:02:26.000000000 +0000
@@ -91,7 +91,6 @@
files_search_etc($1)
manage_dirs_pattern($1, psad_etc_t, psad_etc_t)
@@ -31331,8 +31563,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad
admin_pattern($1, psad_tmp_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.te serefpolicy-3.9.7/policy/modules/services/psad.te
---- nsaserefpolicy/policy/modules/services/psad.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/psad.te 2010-11-05 14:02:26.776899851 +0100
+--- nsaserefpolicy/policy/modules/services/psad.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/psad.te 2010-11-05 13:02:26.000000000 +0000
@@ -53,9 +53,10 @@
logging_log_filetrans(psad_t, psad_var_log_t, { file dir })
@@ -31354,8 +31586,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad
fs_getattr_all_fs(psad_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/puppet.if serefpolicy-3.9.7/policy/modules/services/puppet.if
---- nsaserefpolicy/policy/modules/services/puppet.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/puppet.if 2010-11-05 14:02:26.776899851 +0100
+--- nsaserefpolicy/policy/modules/services/puppet.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/puppet.if 2010-11-05 13:02:26.000000000 +0000
@@ -21,7 +21,7 @@
## </summary>
## </param>
@@ -31366,8 +31598,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pupp
type puppet_tmp_t;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/puppet.te serefpolicy-3.9.7/policy/modules/services/puppet.te
---- nsaserefpolicy/policy/modules/services/puppet.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/puppet.te 2011-01-17 10:29:27.088040902 +0100
+--- nsaserefpolicy/policy/modules/services/puppet.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/puppet.te 2011-01-17 09:29:27.000000000 +0000
@@ -6,12 +6,19 @@
#
@@ -31475,8 +31707,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pupp
+ usermanage_domtrans_useradd(puppetmaster_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.9.7/policy/modules/services/pyzor.fc
---- nsaserefpolicy/policy/modules/services/pyzor.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/pyzor.fc 2010-11-05 14:02:26.778900139 +0100
+--- nsaserefpolicy/policy/modules/services/pyzor.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/pyzor.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,6 +1,10 @@
/etc/pyzor(/.*)? gen_context(system_u:object_r:pyzor_etc_t, s0)
+/etc/rc\.d/init\.d/pyzord -- gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
@@ -31489,8 +31721,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
/usr/bin/pyzor -- gen_context(system_u:object_r:pyzor_exec_t,s0)
/usr/bin/pyzord -- gen_context(system_u:object_r:pyzord_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.9.7/policy/modules/services/pyzor.if
---- nsaserefpolicy/policy/modules/services/pyzor.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/pyzor.if 2010-11-05 14:02:26.779899794 +0100
+--- nsaserefpolicy/policy/modules/services/pyzor.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/pyzor.if 2010-11-05 13:02:26.000000000 +0000
@@ -14,6 +14,7 @@
## User domain for the role
## </summary>
@@ -31557,8 +31789,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
+ admin_pattern($1, pyzor_var_lib_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.9.7/policy/modules/services/pyzor.te
---- nsaserefpolicy/policy/modules/services/pyzor.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/pyzor.te 2010-11-05 14:02:26.780901265 +0100
+--- nsaserefpolicy/policy/modules/services/pyzor.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/pyzor.te 2010-11-05 13:02:26.000000000 +0000
@@ -5,40 +5,62 @@
# Declarations
#
@@ -31684,8 +31916,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
kernel_read_kernel_sysctls(pyzord_t)
kernel_read_system_state(pyzord_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmail.if serefpolicy-3.9.7/policy/modules/services/qmail.if
---- nsaserefpolicy/policy/modules/services/qmail.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/qmail.if 2010-11-05 14:02:26.780901265 +0100
+--- nsaserefpolicy/policy/modules/services/qmail.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/qmail.if 2010-11-05 13:02:26.000000000 +0000
@@ -62,14 +62,13 @@
type qmail_inject_t, qmail_inject_exec_t;
')
@@ -31719,8 +31951,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmai
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmail.te serefpolicy-3.9.7/policy/modules/services/qmail.te
---- nsaserefpolicy/policy/modules/services/qmail.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/qmail.te 2010-11-05 14:02:26.781900083 +0100
+--- nsaserefpolicy/policy/modules/services/qmail.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/qmail.te 2010-11-05 13:02:26.000000000 +0000
@@ -60,7 +60,7 @@
########################################
#
@@ -31866,8 +32098,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmai
allow qmail_tcp_env_t qmail_smtpd_exec_t:file read_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.fc serefpolicy-3.9.7/policy/modules/services/qpidd.fc
---- nsaserefpolicy/policy/modules/services/qpidd.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/qpidd.fc 2010-11-05 14:02:26.782900087 +0100
+--- nsaserefpolicy/policy/modules/services/qpidd.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/qpidd.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,9 @@
+
+/usr/sbin/qpidd -- gen_context(system_u:object_r:qpidd_exec_t,s0)
@@ -31879,8 +32111,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid
+/var/run/qpidd(/.*)? gen_context(system_u:object_r:qpidd_var_run_t,s0)
+/var/run/qpidd\.pid gen_context(system_u:object_r:qpidd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.if serefpolicy-3.9.7/policy/modules/services/qpidd.if
---- nsaserefpolicy/policy/modules/services/qpidd.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/qpidd.if 2010-11-05 14:02:26.782900087 +0100
+--- nsaserefpolicy/policy/modules/services/qpidd.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/qpidd.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,228 @@
+## <summary>policy for qpidd</summary>
+
@@ -32111,8 +32343,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid
+ allow $1 qpidd_t:shm rw_shm_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.te serefpolicy-3.9.7/policy/modules/services/qpidd.te
---- nsaserefpolicy/policy/modules/services/qpidd.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/qpidd.te 2010-11-11 16:21:35.387148263 +0100
+--- nsaserefpolicy/policy/modules/services/qpidd.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/qpidd.te 2010-11-11 15:21:35.000000000 +0000
@@ -0,0 +1,63 @@
+policy_module(qpidd, 1.0.0)
+
@@ -32178,8 +32410,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid
+ corosync_stream_connect(qpidd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.if serefpolicy-3.9.7/policy/modules/services/radius.if
---- nsaserefpolicy/policy/modules/services/radius.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/radius.if 2010-11-05 14:02:26.783900161 +0100
+--- nsaserefpolicy/policy/modules/services/radius.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/radius.if 2010-11-05 13:02:26.000000000 +0000
@@ -38,7 +38,7 @@
type radiusd_initrc_exec_t;
')
@@ -32190,8 +32422,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
init_labeled_script_domtrans($1, radiusd_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-3.9.7/policy/modules/services/radius.te
---- nsaserefpolicy/policy/modules/services/radius.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/radius.te 2011-01-03 10:47:41.242042171 +0100
+--- nsaserefpolicy/policy/modules/services/radius.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/radius.te 2011-01-03 09:47:41.000000000 +0000
@@ -36,7 +36,7 @@
# gzip also needs chown access to preserve GID for radwtmp files
allow radiusd_t self:capability { chown dac_override fsetid kill setgid setuid sys_resource sys_tty_config };
@@ -32229,8 +32461,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.if serefpolicy-3.9.7/policy/modules/services/radvd.if
---- nsaserefpolicy/policy/modules/services/radvd.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/radvd.if 2010-11-05 14:02:26.785900100 +0100
+--- nsaserefpolicy/policy/modules/services/radvd.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/radvd.if 2010-11-05 13:02:26.000000000 +0000
@@ -19,8 +19,8 @@
#
interface(`radvd_admin',`
@@ -32243,16 +32475,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radv
allow $1 radvd_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.9.7/policy/modules/services/razor.fc
---- nsaserefpolicy/policy/modules/services/razor.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/razor.fc 2010-11-05 14:02:26.785900100 +0100
+--- nsaserefpolicy/policy/modules/services/razor.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/razor.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,3 +1,4 @@
+/root/\.razor(/.*)? gen_context(system_u:object_r:razor_home_t,s0)
HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:razor_home_t,s0)
/etc/razor(/.*)? gen_context(system_u:object_r:razor_etc_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.9.7/policy/modules/services/razor.if
---- nsaserefpolicy/policy/modules/services/razor.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/razor.if 2010-11-05 14:02:26.786899686 +0100
+--- nsaserefpolicy/policy/modules/services/razor.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/razor.if 2010-11-05 13:02:26.000000000 +0000
@@ -26,6 +26,7 @@
gen_require(`
type razor_exec_t, razor_etc_t, razor_log_t, razor_var_lib_t;
@@ -32332,8 +32564,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
+ read_files_pattern($1, razor_var_lib_t, razor_var_lib_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.9.7/policy/modules/services/razor.te
---- nsaserefpolicy/policy/modules/services/razor.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/razor.te 2010-11-05 14:02:26.787900179 +0100
+--- nsaserefpolicy/policy/modules/services/razor.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/razor.te 2010-11-05 13:02:26.000000000 +0000
@@ -5,118 +5,139 @@
# Declarations
#
@@ -32589,8 +32821,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
+ ')
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remotelogin.te serefpolicy-3.9.7/policy/modules/services/remotelogin.te
---- nsaserefpolicy/policy/modules/services/remotelogin.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/remotelogin.te 2010-11-08 15:02:52.263165602 +0100
+--- nsaserefpolicy/policy/modules/services/remotelogin.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/remotelogin.te 2010-11-08 14:02:52.000000000 +0000
@@ -49,6 +49,7 @@
fs_search_auto_mountpoints(remote_login_t)
@@ -32608,8 +32840,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remo
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/resmgr.if serefpolicy-3.9.7/policy/modules/services/resmgr.if
---- nsaserefpolicy/policy/modules/services/resmgr.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/resmgr.if 2010-11-05 14:02:26.788901161 +0100
+--- nsaserefpolicy/policy/modules/services/resmgr.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/resmgr.if 2010-11-05 13:02:26.000000000 +0000
@@ -16,7 +16,6 @@
type resmgrd_var_run_t, resmgrd_t;
')
@@ -32620,8 +32852,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/resm
+ stream_connect_pattern($1, resmgrd_var_run_t, resmgrd_var_run_t, resmgrd_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.fc serefpolicy-3.9.7/policy/modules/services/rgmanager.fc
---- nsaserefpolicy/policy/modules/services/rgmanager.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rgmanager.fc 2010-11-05 14:02:26.789900188 +0100
+--- nsaserefpolicy/policy/modules/services/rgmanager.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rgmanager.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,3 +1,5 @@
+/etc/rc\.d/init\.d/rgmanager -- gen_context(system_u:object_r:rgmanager_initrc_exec_t,s0)
+
@@ -32629,8 +32861,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
/var/log/cluster/rgmanager\.log -- gen_context(system_u:object_r:rgmanager_var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.if serefpolicy-3.9.7/policy/modules/services/rgmanager.if
---- nsaserefpolicy/policy/modules/services/rgmanager.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rgmanager.if 2010-11-05 14:02:26.790900192 +0100
+--- nsaserefpolicy/policy/modules/services/rgmanager.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rgmanager.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run rgmanager.
## </summary>
@@ -32709,8 +32941,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
+ admin_pattern($1, rgmanager_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.te serefpolicy-3.9.7/policy/modules/services/rgmanager.te
---- nsaserefpolicy/policy/modules/services/rgmanager.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rgmanager.te 2010-11-05 14:02:26.790900192 +0100
+--- nsaserefpolicy/policy/modules/services/rgmanager.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rgmanager.te 2010-11-05 13:02:26.000000000 +0000
@@ -6,17 +6,19 @@
#
@@ -32794,8 +33026,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma
mysql_stream_connect(rgmanager_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.fc serefpolicy-3.9.7/policy/modules/services/rhcs.fc
---- nsaserefpolicy/policy/modules/services/rhcs.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rhcs.fc 2010-11-05 14:02:26.791899778 +0100
+--- nsaserefpolicy/policy/modules/services/rhcs.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rhcs.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,14 +1,17 @@
/usr/sbin/dlm_controld -- gen_context(system_u:object_r:dlm_controld_exec_t,s0)
/usr/sbin/fenced -- gen_context(system_u:object_r:fenced_exec_t,s0)
@@ -32815,8 +33047,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
/var/log/cluster/fenced\.log.* -- gen_context(system_u:object_r:fenced_var_log_t,s0)
/var/log/cluster/gfs_controld\.log.* -- gen_context(system_u:object_r:gfs_controld_var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.if serefpolicy-3.9.7/policy/modules/services/rhcs.if
---- nsaserefpolicy/policy/modules/services/rhcs.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rhcs.if 2010-11-05 14:02:26.792900201 +0100
+--- nsaserefpolicy/policy/modules/services/rhcs.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rhcs.if 2010-11-05 13:02:26.000000000 +0000
@@ -13,7 +13,7 @@
#
template(`rhcs_domain_template',`
@@ -32982,8 +33214,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
+ read_files_pattern($1, cluster_var_lib_t, cluster_var_lib_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.te serefpolicy-3.9.7/policy/modules/services/rhcs.te
---- nsaserefpolicy/policy/modules/services/rhcs.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rhcs.te 2010-11-10 09:50:56.441148757 +0100
+--- nsaserefpolicy/policy/modules/services/rhcs.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rhcs.te 2010-11-10 08:50:56.000000000 +0000
@@ -6,13 +6,15 @@
#
@@ -33143,8 +33375,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs
corosync_stream_connect(cluster_domain)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.if serefpolicy-3.9.7/policy/modules/services/rhgb.if
---- nsaserefpolicy/policy/modules/services/rhgb.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rhgb.if 2010-11-05 14:02:26.794899791 +0100
+--- nsaserefpolicy/policy/modules/services/rhgb.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rhgb.if 2010-11-05 13:02:26.000000000 +0000
@@ -194,5 +194,6 @@
type rhgb_tmpfs_t;
')
@@ -33153,8 +33385,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb
allow $1 rhgb_tmpfs_t:file rw_file_perms;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-3.9.7/policy/modules/services/rhgb.te
---- nsaserefpolicy/policy/modules/services/rhgb.te 2010-10-12 22:42:47.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rhgb.te 2010-11-05 14:02:26.794899791 +0100
+--- nsaserefpolicy/policy/modules/services/rhgb.te 2010-10-12 20:42:47.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rhgb.te 2010-11-05 13:02:26.000000000 +0000
@@ -30,7 +30,7 @@
allow rhgb_t self:udp_socket create_socket_perms;
allow rhgb_t self:netlink_route_socket r_netlink_socket_perms;
@@ -33165,8 +33397,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb
manage_dirs_pattern(rhgb_t, rhgb_tmpfs_t, rhgb_tmpfs_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-3.9.7/policy/modules/services/ricci.fc
---- nsaserefpolicy/policy/modules/services/ricci.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ricci.fc 2010-11-05 14:02:26.795899865 +0100
+--- nsaserefpolicy/policy/modules/services/ricci.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ricci.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,3 +1,6 @@
+
+/etc/rc\.d/init\.d/ricci -- gen_context(system_u:object_r:ricci_initrc_exec_t,s0)
@@ -33175,8 +33407,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
/usr/libexec/ricci-modlog -- gen_context(system_u:object_r:ricci_modlog_exec_t,s0)
/usr/libexec/ricci-modrpm -- gen_context(system_u:object_r:ricci_modrpm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-3.9.7/policy/modules/services/ricci.if
---- nsaserefpolicy/policy/modules/services/ricci.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ricci.if 2010-11-05 14:02:26.796900289 +0100
+--- nsaserefpolicy/policy/modules/services/ricci.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ricci.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run ricci.
## </summary>
@@ -33379,8 +33611,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
+ admin_pattern($1, ricci_var_run_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.9.7/policy/modules/services/ricci.te
---- nsaserefpolicy/policy/modules/services/ricci.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ricci.te 2010-11-05 14:02:26.797900293 +0100
+--- nsaserefpolicy/policy/modules/services/ricci.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ricci.te 2010-11-05 13:02:26.000000000 +0000
@@ -7,9 +7,11 @@
type ricci_t;
@@ -33478,8 +33710,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
term_dontaudit_use_console(ricci_modstorage_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.fc serefpolicy-3.9.7/policy/modules/services/rlogin.fc
---- nsaserefpolicy/policy/modules/services/rlogin.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rlogin.fc 2010-11-05 14:02:26.798900297 +0100
+--- nsaserefpolicy/policy/modules/services/rlogin.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rlogin.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,4 +1,7 @@
HOME_DIR/\.rlogin -- gen_context(system_u:object_r:rlogind_home_t,s0)
+HOME_DIR/\.rhosts -- gen_context(system_u:object_r:rlogind_home_t,s0)
@@ -33489,8 +33721,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog
/usr/kerberos/sbin/klogind -- gen_context(system_u:object_r:rlogind_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.9.7/policy/modules/services/rlogin.te
---- nsaserefpolicy/policy/modules/services/rlogin.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rlogin.te 2010-11-05 14:02:26.799899953 +0100
+--- nsaserefpolicy/policy/modules/services/rlogin.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rlogin.te 2010-11-05 13:02:26.000000000 +0000
@@ -27,15 +27,14 @@
# Local policy
#
@@ -33536,8 +33768,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog
remotelogin_domtrans(rlogind_t)
remotelogin_signal(rlogind_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.fc serefpolicy-3.9.7/policy/modules/services/rpcbind.fc
---- nsaserefpolicy/policy/modules/services/rpcbind.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rpcbind.fc 2010-11-05 14:02:26.801900032 +0100
+--- nsaserefpolicy/policy/modules/services/rpcbind.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rpcbind.fc 2010-11-05 13:02:26.000000000 +0000
@@ -2,6 +2,7 @@
/sbin/rpcbind -- gen_context(system_u:object_r:rpcbind_exec_t,s0)
@@ -33547,8 +33779,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
/var/run/rpc.statd\.pid -- gen_context(system_u:object_r:rpcbind_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.9.7/policy/modules/services/rpcbind.if
---- nsaserefpolicy/policy/modules/services/rpcbind.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rpcbind.if 2010-11-05 14:02:26.802899966 +0100
+--- nsaserefpolicy/policy/modules/services/rpcbind.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rpcbind.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run rpcbind.
## </summary>
@@ -33588,8 +33820,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
+ admin_pattern($1, rpcbind_var_run_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.9.7/policy/modules/services/rpcbind.te
---- nsaserefpolicy/policy/modules/services/rpcbind.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rpcbind.te 2010-11-05 14:02:26.802899966 +0100
+--- nsaserefpolicy/policy/modules/services/rpcbind.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rpcbind.te 2010-11-05 13:02:26.000000000 +0000
@@ -43,6 +43,8 @@
kernel_read_network_state(rpcbind_t)
kernel_request_load_module(rpcbind_t)
@@ -33608,8 +33840,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
+ nis_use_ypbind(rpcbind_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.fc serefpolicy-3.9.7/policy/modules/services/rpc.fc
---- nsaserefpolicy/policy/modules/services/rpc.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rpc.fc 2010-11-22 10:58:18.582147817 +0100
+--- nsaserefpolicy/policy/modules/services/rpc.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rpc.fc 2010-11-22 09:58:18.000000000 +0000
@@ -29,3 +29,5 @@
/var/run/rpc\.statd(/.*)? gen_context(system_u:object_r:rpcd_var_run_t,s0)
@@ -33617,8 +33849,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
+
+/var/tmp/nfs_0 -- gen_context(system_u:object_r:gssd_tmp_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.9.7/policy/modules/services/rpc.if
---- nsaserefpolicy/policy/modules/services/rpc.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rpc.if 2010-11-05 14:02:26.800899957 +0100
+--- nsaserefpolicy/policy/modules/services/rpc.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rpc.if 2010-11-05 13:02:26.000000000 +0000
@@ -32,7 +32,11 @@
## </summary>
## </param>
@@ -33708,8 +33940,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
+ allow $1 var_lib_nfs_t:file relabel_file_perms;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.9.7/policy/modules/services/rpc.te
---- nsaserefpolicy/policy/modules/services/rpc.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rpc.te 2010-12-03 10:01:27.739040789 +0100
+--- nsaserefpolicy/policy/modules/services/rpc.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rpc.te 2010-12-03 09:01:27.000000000 +0000
@@ -6,18 +6,18 @@
#
@@ -33823,8 +34055,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.9.7/policy/modules/services/rshd.te
---- nsaserefpolicy/policy/modules/services/rshd.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rshd.te 2010-11-05 14:02:26.803899901 +0100
+--- nsaserefpolicy/policy/modules/services/rshd.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rshd.te 2010-11-05 13:02:26.000000000 +0000
@@ -66,6 +66,7 @@
seutil_read_default_contexts(rshd_t)
@@ -33834,8 +34066,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd
tunable_policy(`use_nfs_home_dirs',`
fs_read_nfs_files(rshd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.if serefpolicy-3.9.7/policy/modules/services/rsync.if
---- nsaserefpolicy/policy/modules/services/rsync.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rsync.if 2010-11-05 14:02:26.804899486 +0100
+--- nsaserefpolicy/policy/modules/services/rsync.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rsync.if 2010-11-05 13:02:26.000000000 +0000
@@ -109,9 +109,9 @@
## Read rsync config files.
## </summary>
@@ -33921,8 +34153,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
+ files_etc_filetrans($1, rsync_etc_t, $2)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.9.7/policy/modules/services/rsync.te
---- nsaserefpolicy/policy/modules/services/rsync.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rsync.te 2010-11-05 14:02:26.804899486 +0100
+--- nsaserefpolicy/policy/modules/services/rsync.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rsync.te 2010-11-05 13:02:26.000000000 +0000
@@ -7,6 +7,13 @@
## <desc>
@@ -33983,8 +34215,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
+
auth_can_read_shadow_passwords(rsync_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.if serefpolicy-3.9.7/policy/modules/services/rtkit.if
---- nsaserefpolicy/policy/modules/services/rtkit.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rtkit.if 2010-11-05 14:02:26.805899910 +0100
+--- nsaserefpolicy/policy/modules/services/rtkit.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rtkit.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run rtkit_daemon.
## </summary>
@@ -34034,8 +34266,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtki
allow rtkit_daemon_t $1:process { getsched setsched };
rtkit_daemon_dbus_chat($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.te serefpolicy-3.9.7/policy/modules/services/rtkit.te
---- nsaserefpolicy/policy/modules/services/rtkit.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rtkit.te 2010-11-05 14:02:26.805899910 +0100
+--- nsaserefpolicy/policy/modules/services/rtkit.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rtkit.te 2010-11-05 13:02:26.000000000 +0000
@@ -8,6 +8,7 @@
type rtkit_daemon_t;
type rtkit_daemon_exec_t;
@@ -34045,8 +34277,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtki
########################################
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.if serefpolicy-3.9.7/policy/modules/services/rwho.if
---- nsaserefpolicy/policy/modules/services/rwho.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rwho.if 2010-11-05 14:02:26.806899774 +0100
+--- nsaserefpolicy/policy/modules/services/rwho.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rwho.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run rwho.
## </summary>
@@ -34060,8 +34292,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho
#
interface(`rwho_domtrans',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.te serefpolicy-3.9.7/policy/modules/services/rwho.te
---- nsaserefpolicy/policy/modules/services/rwho.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/rwho.te 2010-11-05 14:02:26.806899774 +0100
+--- nsaserefpolicy/policy/modules/services/rwho.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/rwho.te 2010-11-05 13:02:26.000000000 +0000
@@ -55,6 +55,9 @@
init_read_utmp(rwho_t)
init_dontaudit_write_utmp(rwho_t)
@@ -34073,8 +34305,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho
sysnet_dns_name_resolve(rwho_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.9.7/policy/modules/services/samba.fc
---- nsaserefpolicy/policy/modules/services/samba.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/samba.fc 2010-11-05 14:02:26.807900128 +0100
+--- nsaserefpolicy/policy/modules/services/samba.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/samba.fc 2010-11-05 13:02:26.000000000 +0000
@@ -51,3 +51,7 @@
/var/run/winbindd(/.*)? gen_context(system_u:object_r:winbind_var_run_t,s0)
@@ -34084,8 +34316,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+/var/lib/samba/scripts(/.*)? gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.9.7/policy/modules/services/samba.if
---- nsaserefpolicy/policy/modules/services/samba.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/samba.if 2010-11-05 14:02:26.808899783 +0100
+--- nsaserefpolicy/policy/modules/services/samba.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/samba.if 2010-11-05 13:02:26.000000000 +0000
@@ -79,6 +79,25 @@
########################################
@@ -34319,8 +34551,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+ admin_pattern($1, samba_unconfined_script_exec_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.9.7/policy/modules/services/samba.te
---- nsaserefpolicy/policy/modules/services/samba.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/samba.te 2010-11-05 14:02:26.809900765 +0100
+--- nsaserefpolicy/policy/modules/services/samba.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/samba.te 2011-01-27 14:25:41.939455001 +0000
@@ -152,9 +152,6 @@
type winbind_log_t;
logging_log_file(winbind_log_t)
@@ -34331,7 +34563,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
type winbind_var_run_t;
files_pid_file(winbind_var_run_t)
-@@ -230,7 +227,7 @@
+@@ -224,13 +221,14 @@
+
+ optional_policy(`
+ kerberos_use(samba_net_t)
++ kerberos_etc_filetrans_keytab(samba_net_t)
+ ')
+
+ ########################################
#
# smbd Local policy
#
@@ -34340,7 +34579,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
dontaudit smbd_t self:capability sys_tty_config;
allow smbd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow smbd_t self:process setrlimit;
-@@ -263,7 +260,7 @@
+@@ -263,7 +261,7 @@
manage_dirs_pattern(smbd_t, samba_share_t, samba_share_t)
manage_files_pattern(smbd_t, samba_share_t, samba_share_t)
manage_lnk_files_pattern(smbd_t, samba_share_t, samba_share_t)
@@ -34349,7 +34588,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
manage_dirs_pattern(smbd_t, samba_var_t, samba_var_t)
manage_files_pattern(smbd_t, samba_var_t, samba_var_t)
-@@ -279,7 +276,7 @@
+@@ -279,7 +277,7 @@
manage_dirs_pattern(smbd_t, smbd_var_run_t, smbd_var_run_t)
manage_files_pattern(smbd_t, smbd_var_run_t, smbd_var_run_t)
manage_sock_files_pattern(smbd_t, smbd_var_run_t, smbd_var_run_t)
@@ -34358,7 +34597,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
allow smbd_t swat_t:process signal;
-@@ -323,10 +320,12 @@
+@@ -323,10 +321,12 @@
dev_getattr_all_chr_files(smbd_t)
fs_getattr_all_fs(smbd_t)
@@ -34371,7 +34610,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
auth_use_nsswitch(smbd_t)
auth_domtrans_chk_passwd(smbd_t)
-@@ -343,6 +342,7 @@
+@@ -343,6 +343,7 @@
files_search_spool(smbd_t)
# smbd seems to getattr all mountpoints
files_dontaudit_getattr_all_dirs(smbd_t)
@@ -34379,7 +34618,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
# Allow samba to list mnt_t for potential mounted dirs
files_list_mnt(smbd_t)
-@@ -385,12 +385,7 @@
+@@ -385,12 +386,7 @@
')
tunable_policy(`samba_enable_home_dirs',`
@@ -34393,7 +34632,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
')
# Support Samba sharing of NFS mount points
-@@ -445,8 +440,8 @@
+@@ -445,8 +441,8 @@
tunable_policy(`samba_create_home_dirs',`
allow smbd_t self:capability chown;
userdom_create_user_home_dirs(smbd_t)
@@ -34403,7 +34642,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
tunable_policy(`samba_export_all_ro',`
fs_read_noxattr_fs_files(smbd_t)
-@@ -462,8 +457,8 @@
+@@ -462,8 +458,8 @@
auth_manage_all_files_except_shadow(smbd_t)
fs_read_noxattr_fs_files(nmbd_t)
auth_manage_all_files_except_shadow(nmbd_t)
@@ -34413,7 +34652,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
########################################
#
-@@ -484,8 +479,9 @@
+@@ -484,8 +480,9 @@
allow nmbd_t self:unix_dgram_socket { create_socket_perms sendto };
allow nmbd_t self:unix_stream_socket { create_stream_socket_perms connectto };
@@ -34424,7 +34663,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
read_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
read_lnk_files_pattern(nmbd_t, samba_etc_t, samba_etc_t)
-@@ -560,13 +556,13 @@
+@@ -560,13 +557,13 @@
allow smbcontrol_t self:unix_stream_socket create_stream_socket_perms;
allow smbcontrol_t nmbd_t:process { signal signull };
@@ -34442,7 +34681,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
samba_read_config(smbcontrol_t)
samba_rw_var_files(smbcontrol_t)
samba_search_var(smbcontrol_t)
-@@ -677,7 +673,7 @@
+@@ -677,7 +674,7 @@
allow swat_t nmbd_t:process { signal signull };
allow nmbd_t swat_t:process signal;
@@ -34451,7 +34690,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
allow swat_t smbd_port_t:tcp_socket name_bind;
-@@ -692,12 +688,14 @@
+@@ -692,12 +689,14 @@
manage_files_pattern(swat_t, samba_etc_t, samba_secrets_t)
manage_files_pattern(swat_t, samba_var_t, samba_var_t)
@@ -34466,7 +34705,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
manage_dirs_pattern(swat_t, swat_tmp_t, swat_tmp_t)
manage_files_pattern(swat_t, swat_tmp_t, swat_tmp_t)
-@@ -710,6 +708,7 @@
+@@ -710,6 +709,7 @@
domtrans_pattern(swat_t, winbind_exec_t, winbind_t)
allow swat_t winbind_t:process { signal signull };
@@ -34474,7 +34713,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
allow swat_t winbind_var_run_t:dir { write add_name remove_name };
allow swat_t winbind_var_run_t:sock_file { create unlink };
-@@ -754,6 +753,8 @@
+@@ -754,6 +754,8 @@
miscfiles_read_localization(swat_t)
@@ -34483,7 +34722,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
optional_policy(`
cups_read_rw_config(swat_t)
cups_stream_connect(swat_t)
-@@ -806,14 +807,14 @@
+@@ -806,14 +808,14 @@
allow winbind_t winbind_log_t:file manage_file_perms;
logging_log_filetrans(winbind_t, winbind_log_t, file)
@@ -34503,7 +34742,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
kernel_read_kernel_sysctls(winbind_t)
kernel_read_system_state(winbind_t)
-@@ -833,6 +834,7 @@
+@@ -833,6 +835,7 @@
corenet_tcp_bind_generic_node(winbind_t)
corenet_udp_bind_generic_node(winbind_t)
corenet_tcp_connect_smbd_port(winbind_t)
@@ -34511,7 +34750,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
corenet_tcp_connect_epmap_port(winbind_t)
corenet_tcp_connect_all_unreserved_ports(winbind_t)
-@@ -922,6 +924,18 @@
+@@ -922,6 +925,18 @@
#
optional_policy(`
@@ -34530,7 +34769,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
type samba_unconfined_script_t;
type samba_unconfined_script_exec_t;
domain_type(samba_unconfined_script_t)
-@@ -932,9 +946,12 @@
+@@ -932,9 +947,12 @@
allow smbd_t samba_unconfined_script_exec_t:dir search_dir_perms;
allow smbd_t samba_unconfined_script_exec_t:file ioctl;
@@ -34545,8 +34784,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+ can_exec(smbd_t, samba_unconfined_script_exec_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.if serefpolicy-3.9.7/policy/modules/services/sasl.if
---- nsaserefpolicy/policy/modules/services/sasl.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/sasl.if 2010-11-15 16:25:30.783149535 +0100
+--- nsaserefpolicy/policy/modules/services/sasl.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/sasl.if 2010-11-15 15:25:30.000000000 +0000
@@ -38,11 +38,11 @@
#
interface(`sasl_admin',`
@@ -34572,8 +34811,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
admin_pattern($1, saslauthd_var_run_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.9.7/policy/modules/services/sasl.te
---- nsaserefpolicy/policy/modules/services/sasl.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/sasl.te 2010-11-15 16:27:08.408147870 +0100
+--- nsaserefpolicy/policy/modules/services/sasl.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/sasl.te 2010-11-15 15:27:08.000000000 +0000
@@ -19,9 +19,6 @@
type saslauthd_initrc_exec_t;
init_script_file(saslauthd_initrc_exec_t)
@@ -34617,8 +34856,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.fc serefpolicy-3.9.7/policy/modules/services/sendmail.fc
---- nsaserefpolicy/policy/modules/services/sendmail.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/sendmail.fc 2010-11-05 14:02:26.811900216 +0100
+--- nsaserefpolicy/policy/modules/services/sendmail.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/sendmail.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,4 +1,6 @@
+/etc/rc\.d/init\.d/sendmail -- gen_context(system_u:object_r:sendmail_initrc_exec_t,s0)
@@ -34627,8 +34866,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
/var/log/mail(/.*)? gen_context(system_u:object_r:sendmail_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.9.7/policy/modules/services/sendmail.if
---- nsaserefpolicy/policy/modules/services/sendmail.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/sendmail.if 2010-11-05 14:02:26.812900080 +0100
+--- nsaserefpolicy/policy/modules/services/sendmail.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/sendmail.if 2011-01-27 13:28:14.127455000 +0000
@@ -51,10 +51,24 @@
')
@@ -34727,8 +34966,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
+ admin_pattern($1, mail_spool_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.9.7/policy/modules/services/sendmail.te
---- nsaserefpolicy/policy/modules/services/sendmail.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/sendmail.te 2010-11-05 14:02:26.813899526 +0100
+--- nsaserefpolicy/policy/modules/services/sendmail.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/sendmail.te 2010-11-05 13:02:26.000000000 +0000
@@ -19,6 +19,9 @@
mta_mailserver_delivery(sendmail_t)
mta_mailserver_sender(sendmail_t)
@@ -34792,8 +35031,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
+ unconfined_domain_noaudit(unconfined_sendmail_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.9.7/policy/modules/services/setroubleshoot.if
---- nsaserefpolicy/policy/modules/services/setroubleshoot.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/setroubleshoot.if 2010-11-05 14:02:26.814900159 +0100
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/setroubleshoot.if 2010-11-05 13:02:26.000000000 +0000
@@ -105,6 +105,25 @@
########################################
@@ -34840,8 +35079,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
files_list_var_lib($1)
admin_pattern($1, setroubleshoot_var_lib_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.9.7/policy/modules/services/setroubleshoot.te
---- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/setroubleshoot.te 2010-11-05 14:02:26.814900159 +0100
+--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/setroubleshoot.te 2010-11-05 13:02:26.000000000 +0000
@@ -32,6 +32,8 @@
allow setroubleshootd_t self:capability { dac_override sys_nice sys_tty_config };
@@ -34904,8 +35143,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
rpm_signull(setroubleshoot_fixit_t)
rpm_read_db(setroubleshoot_fixit_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.if serefpolicy-3.9.7/policy/modules/services/smartmon.if
---- nsaserefpolicy/policy/modules/services/smartmon.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/smartmon.if 2010-11-05 14:02:26.815901421 +0100
+--- nsaserefpolicy/policy/modules/services/smartmon.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/smartmon.if 2010-11-05 13:02:26.000000000 +0000
@@ -15,6 +15,7 @@
type fsdaemon_tmp_t;
')
@@ -34924,9 +35163,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
init_labeled_script_domtrans($1, fsdaemon_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.9.7/policy/modules/services/smartmon.te
---- nsaserefpolicy/policy/modules/services/smartmon.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/smartmon.te 2010-11-15 14:09:02.659147830 +0100
-@@ -72,6 +72,7 @@
+--- nsaserefpolicy/policy/modules/services/smartmon.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/smartmon.te 2011-01-27 10:07:14.142455001 +0000
+@@ -72,16 +72,21 @@
files_read_etc_runtime_files(fsdaemon_t)
# for config
files_read_etc_files(fsdaemon_t)
@@ -34934,7 +35173,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
fs_getattr_all_fs(fsdaemon_t)
fs_search_auto_mountpoints(fsdaemon_t)
-@@ -81,7 +82,10 @@
++fs_read_removable_files(fsdaemon_t)
+
+ mls_file_read_all_levels(fsdaemon_t)
+ #mls_rangetrans_target(fsdaemon_t)
storage_raw_read_fixed_disk(fsdaemon_t)
storage_raw_write_fixed_disk(fsdaemon_t)
@@ -34946,8 +35188,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
term_dontaudit_search_ptys(fsdaemon_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smokeping.if serefpolicy-3.9.7/policy/modules/services/smokeping.if
---- nsaserefpolicy/policy/modules/services/smokeping.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/smokeping.if 2010-11-05 14:02:26.816899888 +0100
+--- nsaserefpolicy/policy/modules/services/smokeping.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/smokeping.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run smokeping.
## </summary>
@@ -34961,8 +35203,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok
#
interface(`smokeping_domtrans',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smokeping.te serefpolicy-3.9.7/policy/modules/services/smokeping.te
---- nsaserefpolicy/policy/modules/services/smokeping.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/smokeping.te 2010-11-05 14:02:26.817900522 +0100
+--- nsaserefpolicy/policy/modules/services/smokeping.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/smokeping.te 2010-11-05 13:02:26.000000000 +0000
@@ -23,6 +23,7 @@
# smokeping local policy
#
@@ -34988,8 +35230,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok
getattr_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_run_t, smokeping_var_run_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.9.7/policy/modules/services/snmp.fc
---- nsaserefpolicy/policy/modules/services/snmp.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/snmp.fc 2010-11-05 14:02:26.817900522 +0100
+--- nsaserefpolicy/policy/modules/services/snmp.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/snmp.fc 2010-11-05 13:02:26.000000000 +0000
@@ -18,7 +18,7 @@
/var/log/snmpd\.log -- gen_context(system_u:object_r:snmpd_log_t,s0)
@@ -35000,8 +35242,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
/var/run/snmpd(/.*)? gen_context(system_u:object_r:snmpd_var_run_t,s0)
/var/run/snmpd\.pid -- gen_context(system_u:object_r:snmpd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.9.7/policy/modules/services/snmp.if
---- nsaserefpolicy/policy/modules/services/snmp.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/snmp.if 2010-11-15 17:52:51.789397645 +0100
+--- nsaserefpolicy/policy/modules/services/snmp.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/snmp.if 2010-11-15 16:52:51.000000000 +0000
@@ -11,12 +11,12 @@
## </param>
#
@@ -35082,8 +35324,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
init_labeled_script_domtrans($1, snmpd_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.9.7/policy/modules/services/snmp.te
---- nsaserefpolicy/policy/modules/services/snmp.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/snmp.te 2010-12-01 11:26:39.833041990 +0100
+--- nsaserefpolicy/policy/modules/services/snmp.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/snmp.te 2010-12-01 10:26:39.000000000 +0000
@@ -4,6 +4,7 @@
#
# Declarations
@@ -35139,8 +35381,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
rpm_read_db(snmpd_t)
rpm_dontaudit_manage_db(snmpd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.if serefpolicy-3.9.7/policy/modules/services/snort.if
---- nsaserefpolicy/policy/modules/services/snort.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/snort.if 2010-11-05 14:02:26.819900181 +0100
+--- nsaserefpolicy/policy/modules/services/snort.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/snort.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run snort.
## </summary>
@@ -35169,8 +35411,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor
+ files_list_pids($1)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.9.7/policy/modules/services/snort.te
---- nsaserefpolicy/policy/modules/services/snort.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/snort.te 2010-11-05 14:02:26.820899766 +0100
+--- nsaserefpolicy/policy/modules/services/snort.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/snort.te 2010-11-05 13:02:26.000000000 +0000
@@ -32,17 +32,17 @@
allow snort_t self:capability { setgid setuid net_admin net_raw dac_override };
dontaudit snort_t self:capability sys_tty_config;
@@ -35193,8 +35435,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor
manage_files_pattern(snort_t, snort_log_t, snort_log_t)
create_dirs_pattern(snort_t, snort_log_t, snort_log_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.if serefpolicy-3.9.7/policy/modules/services/soundserver.if
---- nsaserefpolicy/policy/modules/services/soundserver.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/soundserver.if 2010-11-05 14:02:26.820899766 +0100
+--- nsaserefpolicy/policy/modules/services/soundserver.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/soundserver.if 2010-11-05 13:02:26.000000000 +0000
@@ -33,9 +33,8 @@
#
interface(`soundserver_admin',`
@@ -35207,8 +35449,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soun
allow $1 soundd_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.9.7/policy/modules/services/spamassassin.fc
---- nsaserefpolicy/policy/modules/services/spamassassin.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/spamassassin.fc 2010-11-05 14:02:26.821901028 +0100
+--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/spamassassin.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,15 +1,27 @@
-HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamassassin_home_t,s0)
+HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0)
@@ -35240,8 +35482,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
+/var/spool/MD-Quarantine(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
+/var/spool/MIMEDefang(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.9.7/policy/modules/services/spamassassin.if
---- nsaserefpolicy/policy/modules/services/spamassassin.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/spamassassin.if 2010-11-05 14:02:26.822900124 +0100
+--- nsaserefpolicy/policy/modules/services/spamassassin.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/spamassassin.if 2010-11-05 13:02:26.000000000 +0000
@@ -14,6 +14,7 @@
## User domain for the role
## </summary>
@@ -35412,8 +35654,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
+ admin_pattern($1, spamd_var_run_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.9.7/policy/modules/services/spamassassin.te
---- nsaserefpolicy/policy/modules/services/spamassassin.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/spamassassin.te 2011-01-18 15:53:54.015042354 +0100
+--- nsaserefpolicy/policy/modules/services/spamassassin.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/spamassassin.te 2011-01-18 14:53:54.000000000 +0000
@@ -6,54 +6,93 @@
#
@@ -35802,8 +36044,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.9.7/policy/modules/services/squid.if
---- nsaserefpolicy/policy/modules/services/squid.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/squid.if 2010-11-05 14:02:26.824900133 +0100
+--- nsaserefpolicy/policy/modules/services/squid.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/squid.if 2010-11-05 13:02:26.000000000 +0000
@@ -71,7 +71,7 @@
type squid_t;
')
@@ -35832,8 +36074,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
allow $1 squid_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.9.7/policy/modules/services/squid.te
---- nsaserefpolicy/policy/modules/services/squid.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/squid.te 2011-01-03 09:56:25.203041423 +0100
+--- nsaserefpolicy/policy/modules/services/squid.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/squid.te 2011-01-03 08:56:25.000000000 +0000
@@ -6,17 +6,17 @@
#
@@ -35868,8 +36110,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
sysnet_dns_name_resolve(httpd_squid_script_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.9.7/policy/modules/services/ssh.fc
---- nsaserefpolicy/policy/modules/services/ssh.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ssh.fc 2011-01-04 16:00:04.335042667 +0100
+--- nsaserefpolicy/policy/modules/services/ssh.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ssh.fc 2011-01-04 15:00:04.000000000 +0000
@@ -1,4 +1,9 @@
HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+HOME_DIR/\.shosts gen_context(system_u:object_r:ssh_home_t,s0)
@@ -35892,8 +36134,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
+/root/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+/root/\.shosts gen_context(system_u:object_r:ssh_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.9.7/policy/modules/services/ssh.if
---- nsaserefpolicy/policy/modules/services/ssh.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ssh.if 2010-11-05 14:02:26.826900421 +0100
+--- nsaserefpolicy/policy/modules/services/ssh.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ssh.if 2010-11-05 13:02:26.000000000 +0000
@@ -32,10 +32,10 @@
## </param>
#
@@ -36180,8 +36422,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
+ allow $1 sshd_t:process signull;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.9.7/policy/modules/services/ssh.te
---- nsaserefpolicy/policy/modules/services/ssh.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ssh.te 2011-01-14 14:36:35.619041519 +0100
+--- nsaserefpolicy/policy/modules/services/ssh.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ssh.te 2011-01-14 13:36:35.000000000 +0000
@@ -6,26 +6,32 @@
#
@@ -36548,8 +36790,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.9.7/policy/modules/services/sssd.if
---- nsaserefpolicy/policy/modules/services/sssd.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/sssd.if 2010-11-05 14:02:26.828899941 +0100
+--- nsaserefpolicy/policy/modules/services/sssd.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/sssd.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run sssd.
## </summary>
@@ -36604,8 +36846,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd
# Allow sssd_t to restart the apache service
sssd_initrc_domtrans($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.9.7/policy/modules/services/sssd.te
---- nsaserefpolicy/policy/modules/services/sssd.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/sssd.te 2010-11-05 14:02:26.829899876 +0100
+--- nsaserefpolicy/policy/modules/services/sssd.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/sssd.te 2010-11-05 13:02:26.000000000 +0000
@@ -28,9 +28,11 @@
#
# sssd local policy
@@ -36647,8 +36889,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd
dbus_system_bus_client(sssd_t)
dbus_connect_system_bus(sssd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.if serefpolicy-3.9.7/policy/modules/services/stunnel.if
---- nsaserefpolicy/policy/modules/services/stunnel.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/stunnel.if 2010-11-05 14:02:26.829899876 +0100
+--- nsaserefpolicy/policy/modules/services/stunnel.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/stunnel.if 2010-11-05 13:02:26.000000000 +0000
@@ -20,6 +20,6 @@
type stunnel_t;
')
@@ -36658,8 +36900,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stun
allow $1 stunnel_t:tcp_socket rw_socket_perms;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-3.9.7/policy/modules/services/stunnel.te
---- nsaserefpolicy/policy/modules/services/stunnel.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/stunnel.te 2010-11-05 14:02:26.830900090 +0100
+--- nsaserefpolicy/policy/modules/services/stunnel.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/stunnel.te 2010-11-05 13:02:26.000000000 +0000
@@ -6,17 +6,7 @@
#
@@ -36716,8 +36958,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stun
+
allow stunnel_t stunnel_port_t:tcp_socket name_bind;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.9.7/policy/modules/services/sysstat.te
---- nsaserefpolicy/policy/modules/services/sysstat.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/sysstat.te 2010-11-05 14:02:26.830900090 +0100
+--- nsaserefpolicy/policy/modules/services/sysstat.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/sysstat.te 2010-11-05 13:02:26.000000000 +0000
@@ -8,7 +8,6 @@
type sysstat_t;
type sysstat_exec_t;
@@ -36745,8 +36987,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/syss
+ nscd_socket_use(sysstat_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tcpd.te serefpolicy-3.9.7/policy/modules/services/tcpd.te
---- nsaserefpolicy/policy/modules/services/tcpd.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/tcpd.te 2010-11-05 14:02:26.831899676 +0100
+--- nsaserefpolicy/policy/modules/services/tcpd.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/tcpd.te 2010-11-05 13:02:26.000000000 +0000
@@ -7,7 +7,6 @@
type tcpd_t;
type tcpd_exec_t;
@@ -36756,8 +36998,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tcpd
type tcpd_tmp_t;
files_tmp_file(tcpd_tmp_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.9.7/policy/modules/services/telnet.te
---- nsaserefpolicy/policy/modules/services/telnet.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/telnet.te 2010-11-05 14:02:26.832901077 +0100
+--- nsaserefpolicy/policy/modules/services/telnet.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/telnet.te 2010-11-05 13:02:26.000000000 +0000
@@ -8,7 +8,6 @@
type telnetd_t;
type telnetd_exec_t;
@@ -36824,8 +37066,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/teln
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.if serefpolicy-3.9.7/policy/modules/services/tftp.if
---- nsaserefpolicy/policy/modules/services/tftp.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/tftp.if 2010-11-05 14:02:26.832901077 +0100
+--- nsaserefpolicy/policy/modules/services/tftp.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/tftp.if 2010-11-05 13:02:26.000000000 +0000
@@ -16,6 +16,26 @@
')
@@ -36903,8 +37145,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
admin_pattern($1, tftpdir_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-3.9.7/policy/modules/services/tftp.te
---- nsaserefpolicy/policy/modules/services/tftp.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/tftp.te 2010-11-05 14:02:26.833899754 +0100
+--- nsaserefpolicy/policy/modules/services/tftp.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/tftp.te 2010-11-05 13:02:26.000000000 +0000
@@ -6,10 +6,10 @@
#
@@ -36950,8 +37192,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd.if serefpolicy-3.9.7/policy/modules/services/tgtd.if
---- nsaserefpolicy/policy/modules/services/tgtd.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/tgtd.if 2010-11-05 14:02:26.833899754 +0100
+--- nsaserefpolicy/policy/modules/services/tgtd.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/tgtd.if 2010-11-05 13:02:26.000000000 +0000
@@ -11,18 +11,36 @@
#####################################
@@ -36998,8 +37240,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd
+ allow $1 tgtd_t:sem create_sem_perms;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd.te serefpolicy-3.9.7/policy/modules/services/tgtd.te
---- nsaserefpolicy/policy/modules/services/tgtd.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/tgtd.te 2010-11-05 14:02:26.834909187 +0100
+--- nsaserefpolicy/policy/modules/services/tgtd.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/tgtd.te 2010-11-05 13:02:26.000000000 +0000
@@ -29,7 +29,7 @@
allow tgtd_t self:capability sys_resource;
allow tgtd_t self:process { setrlimit signal };
@@ -37029,8 +37271,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd
+ iscsi_manage_semaphores(tgtd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.if serefpolicy-3.9.7/policy/modules/services/tor.if
---- nsaserefpolicy/policy/modules/services/tor.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/tor.if 2010-11-05 14:02:26.836911291 +0100
+--- nsaserefpolicy/policy/modules/services/tor.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/tor.if 2010-11-05 13:02:26.000000000 +0000
@@ -42,7 +42,7 @@
type tor_initrc_exec_t;
')
@@ -37041,8 +37283,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
init_labeled_script_domtrans($1, tor_initrc_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.9.7/policy/modules/services/tor.te
---- nsaserefpolicy/policy/modules/services/tor.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/tor.te 2010-11-05 14:02:26.837650644 +0100
+--- nsaserefpolicy/policy/modules/services/tor.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/tor.te 2010-11-05 13:02:26.000000000 +0000
@@ -6,10 +6,10 @@
#
@@ -37100,8 +37342,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.if serefpolicy-3.9.7/policy/modules/services/tuned.if
---- nsaserefpolicy/policy/modules/services/tuned.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/tuned.if 2010-11-05 14:02:26.838654629 +0100
+--- nsaserefpolicy/policy/modules/services/tuned.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/tuned.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run tuned.
## </summary>
@@ -37133,8 +37375,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tune
admin_pattern($1, tuned_var_run_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.te serefpolicy-3.9.7/policy/modules/services/tuned.te
---- nsaserefpolicy/policy/modules/services/tuned.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/tuned.te 2010-11-05 14:02:26.839651282 +0100
+--- nsaserefpolicy/policy/modules/services/tuned.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/tuned.te 2010-11-05 13:02:26.000000000 +0000
@@ -24,6 +24,7 @@
#
@@ -37155,8 +37397,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tune
optional_policy(`
sysnet_domtrans_ifconfig(tuned_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucspitcp.if serefpolicy-3.9.7/policy/modules/services/ucspitcp.if
---- nsaserefpolicy/policy/modules/services/ucspitcp.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ucspitcp.if 2010-11-05 14:02:26.840650028 +0100
+--- nsaserefpolicy/policy/modules/services/ucspitcp.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ucspitcp.if 2010-11-05 13:02:26.000000000 +0000
@@ -20,7 +20,7 @@
## </summary>
## </param>
@@ -37177,8 +37419,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucsp
+ domtrans_pattern(ucspitcp_t, $2, $1)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucspitcp.te serefpolicy-3.9.7/policy/modules/services/ucspitcp.te
---- nsaserefpolicy/policy/modules/services/ucspitcp.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ucspitcp.te 2010-11-05 14:02:26.840650028 +0100
+--- nsaserefpolicy/policy/modules/services/ucspitcp.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ucspitcp.te 2010-11-05 13:02:26.000000000 +0000
@@ -8,12 +8,10 @@
type rblsmtpd_t;
type rblsmtpd_exec_t;
@@ -37201,8 +37443,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucsp
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.fc serefpolicy-3.9.7/policy/modules/services/ulogd.fc
---- nsaserefpolicy/policy/modules/services/ulogd.fc 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ulogd.fc 2010-11-18 15:54:36.152398675 +0100
+--- nsaserefpolicy/policy/modules/services/ulogd.fc 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ulogd.fc 2010-11-18 14:54:36.000000000 +0000
@@ -1,7 +1,7 @@
/etc/rc\.d/init\.d/ulogd -- gen_context(system_u:object_r:ulogd_initrc_exec_t,s0)
/etc/ulogd.conf -- gen_context(system_u:object_r:ulogd_etc_t,s0)
@@ -37213,8 +37455,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulog
/var/log/ulogd(/.*)? gen_context(system_u:object_r:ulogd_var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.if serefpolicy-3.9.7/policy/modules/services/ulogd.if
---- nsaserefpolicy/policy/modules/services/ulogd.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ulogd.if 2010-11-05 14:02:26.841650103 +0100
+--- nsaserefpolicy/policy/modules/services/ulogd.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ulogd.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run ulogd.
## </summary>
@@ -37266,8 +37508,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulog
admin_pattern($1, ulogd_modules_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.te serefpolicy-3.9.7/policy/modules/services/ulogd.te
---- nsaserefpolicy/policy/modules/services/ulogd.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/ulogd.te 2010-11-18 15:54:25.278399433 +0100
+--- nsaserefpolicy/policy/modules/services/ulogd.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/ulogd.te 2010-11-18 14:54:25.000000000 +0000
@@ -29,8 +29,13 @@
# ulogd local policy
#
@@ -37305,8 +37547,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulog
+ postgresql_tcp_connect(ulogd_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uptime.te serefpolicy-3.9.7/policy/modules/services/uptime.te
---- nsaserefpolicy/policy/modules/services/uptime.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/uptime.te 2010-11-05 14:02:26.843650531 +0100
+--- nsaserefpolicy/policy/modules/services/uptime.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/uptime.te 2010-11-05 13:02:26.000000000 +0000
@@ -25,7 +25,7 @@
dontaudit uptimed_t self:capability sys_tty_config;
@@ -37317,16 +37559,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/upti
allow uptimed_t uptimed_etc_t:file read_file_perms;
files_search_etc(uptimed_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbmuxd.fc serefpolicy-3.9.7/policy/modules/services/usbmuxd.fc
---- nsaserefpolicy/policy/modules/services/usbmuxd.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/usbmuxd.fc 2010-11-05 14:02:26.843650531 +0100
+--- nsaserefpolicy/policy/modules/services/usbmuxd.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/usbmuxd.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,3 +1,3 @@
/usr/sbin/usbmuxd -- gen_context(system_u:object_r:usbmuxd_exec_t,s0)
-/var/run/usbmuxd -s gen_context(system_u:object_r:usbmuxd_var_run_t,s0)
+/var/run/usbmuxd.* gen_context(system_u:object_r:usbmuxd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbmuxd.if serefpolicy-3.9.7/policy/modules/services/usbmuxd.if
---- nsaserefpolicy/policy/modules/services/usbmuxd.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/usbmuxd.if 2010-11-05 14:02:26.844649697 +0100
+--- nsaserefpolicy/policy/modules/services/usbmuxd.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/usbmuxd.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run usbmuxd.
## </summary>
@@ -37340,8 +37582,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbm
#
interface(`usbmuxd_domtrans',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.if serefpolicy-3.9.7/policy/modules/services/uucp.if
---- nsaserefpolicy/policy/modules/services/uucp.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/uucp.if 2010-11-05 14:02:26.845650680 +0100
+--- nsaserefpolicy/policy/modules/services/uucp.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/uucp.if 2010-11-05 13:02:26.000000000 +0000
@@ -2,6 +2,25 @@
########################################
@@ -37378,8 +37620,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp
logging_list_logs($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.9.7/policy/modules/services/uucp.te
---- nsaserefpolicy/policy/modules/services/uucp.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/uucp.te 2010-11-11 16:29:17.192152387 +0100
+--- nsaserefpolicy/policy/modules/services/uucp.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/uucp.te 2010-11-11 15:29:17.000000000 +0000
@@ -7,7 +7,6 @@
type uucpd_t;
type uucpd_exec_t;
@@ -37422,8 +37664,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp
files_read_etc_files(uux_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varnishd.if serefpolicy-3.9.7/policy/modules/services/varnishd.if
---- nsaserefpolicy/policy/modules/services/varnishd.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/varnishd.if 2010-11-05 14:02:26.847655717 +0100
+--- nsaserefpolicy/policy/modules/services/varnishd.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/varnishd.if 2010-11-05 13:02:26.000000000 +0000
@@ -21,7 +21,7 @@
#######################################
@@ -37517,8 +37759,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varn
-
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varnishd.te serefpolicy-3.9.7/policy/modules/services/varnishd.te
---- nsaserefpolicy/policy/modules/services/varnishd.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/varnishd.te 2010-11-05 14:02:26.848652508 +0100
+--- nsaserefpolicy/policy/modules/services/varnishd.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/varnishd.te 2010-11-05 13:02:26.000000000 +0000
@@ -6,10 +6,10 @@
#
@@ -37563,16 +37805,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varn
manage_dirs_pattern(varnishlog_t, varnishlog_log_t, varnishlog_log_t)
manage_files_pattern(varnishlog_t, varnishlog_log_t, varnishlog_log_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vdagent.fc serefpolicy-3.9.7/policy/modules/services/vdagent.fc
---- nsaserefpolicy/policy/modules/services/vdagent.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/vdagent.fc 2010-11-05 14:02:26.849652932 +0100
+--- nsaserefpolicy/policy/modules/services/vdagent.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/vdagent.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,4 @@
+
+/sbin/vdagent -- gen_context(system_u:object_r:vdagent_exec_t,s0)
+
+/var/run/spice-vdagentd(/.*)? gen_context(system_u:object_r:vdagent_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vdagent.if serefpolicy-3.9.7/policy/modules/services/vdagent.if
---- nsaserefpolicy/policy/modules/services/vdagent.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/vdagent.if 2010-11-05 14:02:26.850651958 +0100
+--- nsaserefpolicy/policy/modules/services/vdagent.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/vdagent.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,39 @@
+## <summary>The spice guest agent daemon.</summary>
+
@@ -37614,8 +37856,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vdag
+ stream_connect_pattern($1, vdagent_var_run_t, vdagent_var_run_t, vdagent_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vdagent.te serefpolicy-3.9.7/policy/modules/services/vdagent.te
---- nsaserefpolicy/policy/modules/services/vdagent.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/vdagent.te 2010-11-05 14:02:26.851650566 +0100
+--- nsaserefpolicy/policy/modules/services/vdagent.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/vdagent.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,38 @@
+policy_module(vdagent,1.0.0)
+
@@ -37656,8 +37898,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vdag
+
+userdom_use_user_ptys(vdagent_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.if serefpolicy-3.9.7/policy/modules/services/vhostmd.if
---- nsaserefpolicy/policy/modules/services/vhostmd.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/vhostmd.if 2010-11-05 14:02:26.852650151 +0100
+--- nsaserefpolicy/policy/modules/services/vhostmd.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/vhostmd.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run vhostmd.
## </summary>
@@ -37723,8 +37965,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhos
-
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.te serefpolicy-3.9.7/policy/modules/services/vhostmd.te
---- nsaserefpolicy/policy/modules/services/vhostmd.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/vhostmd.te 2010-11-05 14:02:26.853652671 +0100
+--- nsaserefpolicy/policy/modules/services/vhostmd.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/vhostmd.te 2010-11-05 13:02:26.000000000 +0000
@@ -25,7 +25,7 @@
allow vhostmd_t self:capability { dac_override ipc_lock setuid setgid };
@@ -37752,8 +37994,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhos
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.9.7/policy/modules/services/virt.fc
---- nsaserefpolicy/policy/modules/services/virt.fc 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/virt.fc 2010-11-05 14:02:26.854649322 +0100
+--- nsaserefpolicy/policy/modules/services/virt.fc 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/virt.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,3 +1,4 @@
+HOME_DIR/.libvirt(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
HOME_DIR/.virtinst(/.*)? gen_context(system_u:object_r:virt_content_t,s0)
@@ -37783,8 +38025,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
/var/vdsm(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.9.7/policy/modules/services/virt.if
---- nsaserefpolicy/policy/modules/services/virt.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/virt.if 2010-11-05 14:02:26.855650654 +0100
+--- nsaserefpolicy/policy/modules/services/virt.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/virt.if 2010-11-05 13:02:26.000000000 +0000
@@ -14,13 +14,14 @@
template(`virt_domain_template',`
gen_require(`
@@ -38049,8 +38291,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
+ dontaudit $1 virtd_t:fifo_file write_fifo_file_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.9.7/policy/modules/services/virt.te
---- nsaserefpolicy/policy/modules/services/virt.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/virt.te 2011-01-07 14:27:06.569042442 +0100
+--- nsaserefpolicy/policy/modules/services/virt.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/virt.te 2011-01-24 17:03:49.945455001 +0000
@@ -5,57 +5,66 @@
# Declarations
#
@@ -38234,13 +38476,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
xen_rw_image_files(svirt_t)
')
-@@ -174,22 +205,28 @@
+@@ -174,22 +205,31 @@
#
allow virtd_t self:capability { chown dac_override fowner ipc_lock kill mknod net_admin net_raw setpcap setuid setgid sys_admin sys_nice sys_ptrace };
-allow virtd_t self:process { getcap getsched setcap sigkill signal signull execmem setexec setfscreate setsched };
--
+allow virtd_t self:process { getcap getsched setcap sigkill signal signull execmem setexec setfscreate setsockcreate setsched };
+
++allow virtd_t self:fifo_file { manage_fifo_file_perms relabelfrom
++relabelto };
allow virtd_t self:fifo_file rw_fifo_file_perms;
allow virtd_t self:unix_stream_socket create_stream_socket_perms;
allow virtd_t self:tcp_socket create_stream_socket_perms;
@@ -38267,7 +38511,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
read_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
read_lnk_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
-@@ -200,8 +237,14 @@
+@@ -200,8 +240,14 @@
manage_files_pattern(virtd_t, virt_image_type, virt_image_type)
manage_blk_files_pattern(virtd_t, virt_image_type, virt_image_type)
@@ -38284,7 +38528,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t)
manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
-@@ -220,6 +263,7 @@
+@@ -220,6 +266,7 @@
kernel_read_system_state(virtd_t)
kernel_read_network_state(virtd_t)
kernel_rw_net_sysctls(virtd_t)
@@ -38292,7 +38536,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
kernel_request_load_module(virtd_t)
kernel_search_debugfs(virtd_t)
-@@ -243,18 +287,27 @@
+@@ -243,18 +290,27 @@
dev_rw_kvm(virtd_t)
dev_getattr_all_chr_files(virtd_t)
dev_rw_mtrr(virtd_t)
@@ -38321,7 +38565,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
fs_list_auto_mountpoints(virtd_t)
fs_getattr_xattr_fs(virtd_t)
-@@ -262,6 +315,18 @@
+@@ -262,6 +318,18 @@
fs_list_inotifyfs(virtd_t)
fs_manage_cgroup_dirs(virtd_t)
fs_rw_cgroup_files(virtd_t)
@@ -38340,14 +38584,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
mcs_process_set_categories(virtd_t)
-@@ -285,16 +350,26 @@
+@@ -285,16 +353,26 @@
modutils_manage_module_config(virtd_t)
logging_send_syslog_msg(virtd_t)
+logging_send_audit_msgs(virtd_t)
-
-+selinux_validate_context(virtd_t)
+
++selinux_validate_context(virtd_t)
+
+seutil_read_config(virtd_t)
seutil_read_default_contexts(virtd_t)
+seutil_read_file_contexts(virtd_t)
@@ -38367,7 +38611,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
tunable_policy(`virt_use_nfs',`
fs_manage_nfs_dirs(virtd_t)
-@@ -313,6 +388,10 @@
+@@ -313,6 +391,10 @@
')
optional_policy(`
@@ -38378,7 +38622,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
dbus_system_bus_client(virtd_t)
optional_policy(`
-@@ -365,6 +444,8 @@
+@@ -365,6 +447,8 @@
qemu_signal(virtd_t)
qemu_kill(virtd_t)
qemu_setsched(virtd_t)
@@ -38387,7 +38631,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
')
optional_policy(`
-@@ -396,12 +477,25 @@
+@@ -396,12 +480,25 @@
allow virt_domain self:capability { dac_read_search dac_override kill };
allow virt_domain self:process { execmem execstack signal getsched signull };
@@ -38414,7 +38658,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
append_files_pattern(virt_domain, virt_log_t, virt_log_t)
append_files_pattern(virt_domain, virt_var_lib_t, virt_var_lib_t)
-@@ -422,6 +516,7 @@
+@@ -422,6 +519,7 @@
corenet_tcp_bind_virt_migration_port(virt_domain)
corenet_tcp_connect_virt_migration_port(virt_domain)
@@ -38422,7 +38666,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
dev_read_rand(virt_domain)
dev_read_sound(virt_domain)
dev_read_urand(virt_domain)
-@@ -429,10 +524,12 @@
+@@ -429,10 +527,12 @@
dev_rw_ksm(virt_domain)
dev_rw_kvm(virt_domain)
dev_rw_qemu(virt_domain)
@@ -38435,7 +38679,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
files_read_usr_files(virt_domain)
files_read_var_files(virt_domain)
files_search_all(virt_domain)
-@@ -440,6 +537,11 @@
+@@ -440,6 +540,11 @@
fs_getattr_tmpfs(virt_domain)
fs_rw_anon_inodefs_files(virt_domain)
fs_rw_tmpfs_files(virt_domain)
@@ -38447,7 +38691,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
term_use_all_terms(virt_domain)
term_getattr_pty_fs(virt_domain)
-@@ -457,8 +559,117 @@
+@@ -457,8 +562,117 @@
')
optional_policy(`
@@ -38566,8 +38810,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt
+ userdom_search_admin_dir(virsh_ssh_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vnstatd.fc serefpolicy-3.9.7/policy/modules/services/vnstatd.fc
---- nsaserefpolicy/policy/modules/services/vnstatd.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/vnstatd.fc 2010-11-05 14:02:26.858649759 +0100
+--- nsaserefpolicy/policy/modules/services/vnstatd.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/vnstatd.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,8 @@
+
+/usr/bin/vnstat -- gen_context(system_u:object_r:vnstat_exec_t,s0)
@@ -38578,8 +38822,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vnst
+
+/var/run/vnstat\.pid gen_context(system_u:object_r:vnstatd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vnstatd.if serefpolicy-3.9.7/policy/modules/services/vnstatd.if
---- nsaserefpolicy/policy/modules/services/vnstatd.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/vnstatd.if 2010-11-05 14:02:26.860912096 +0100
+--- nsaserefpolicy/policy/modules/services/vnstatd.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/vnstatd.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,144 @@
+## <summary>policy for vnstatd</summary>
+
@@ -38726,8 +38970,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vnst
+ admin_pattern($1, vnstatd_var_lib_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vnstatd.te serefpolicy-3.9.7/policy/modules/services/vnstatd.te
---- nsaserefpolicy/policy/modules/services/vnstatd.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/vnstatd.te 2010-11-05 14:02:26.861909866 +0100
+--- nsaserefpolicy/policy/modules/services/vnstatd.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/vnstatd.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,72 @@
+policy_module(vnstatd, 1.0.0)
+
@@ -38802,8 +39046,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vnst
+
+miscfiles_read_localization(vnstat_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.9.7/policy/modules/services/w3c.te
---- nsaserefpolicy/policy/modules/services/w3c.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/w3c.te 2010-11-05 14:02:26.862913781 +0100
+--- nsaserefpolicy/policy/modules/services/w3c.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/w3c.te 2010-11-05 13:02:26.000000000 +0000
@@ -7,11 +7,18 @@
apache_content_template(w3c_validator)
@@ -38830,8 +39074,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.
+
+apache_dontaudit_rw_tmp_files(httpd_w3c_validator_script_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xfs.if serefpolicy-3.9.7/policy/modules/services/xfs.if
---- nsaserefpolicy/policy/modules/services/xfs.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/xfs.if 2010-11-05 14:02:26.863913437 +0100
+--- nsaserefpolicy/policy/modules/services/xfs.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/xfs.if 2010-11-05 13:02:26.000000000 +0000
@@ -1,4 +1,4 @@
-## <summary>X Windows Font Server </summary>
+## <summary>X Windows Font Server</summary>
@@ -38839,8 +39083,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xfs.
########################################
## <summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.9.7/policy/modules/services/xserver.fc
---- nsaserefpolicy/policy/modules/services/xserver.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/xserver.fc 2010-11-15 10:56:07.500397354 +0100
+--- nsaserefpolicy/policy/modules/services/xserver.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/xserver.fc 2010-11-15 09:56:07.000000000 +0000
@@ -2,13 +2,23 @@
# HOME_DIR
#
@@ -38964,8 +39208,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+/var/lib/pqsql/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.9.7/policy/modules/services/xserver.if
---- nsaserefpolicy/policy/modules/services/xserver.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/xserver.if 2011-01-07 14:01:38.250051627 +0100
+--- nsaserefpolicy/policy/modules/services/xserver.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/xserver.if 2011-01-27 14:22:56.898455000 +0000
@@ -19,9 +19,10 @@
interface(`xserver_restricted_role',`
gen_require(`
@@ -39355,7 +39599,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
')
########################################
-@@ -805,7 +869,25 @@
+@@ -805,7 +869,26 @@
')
files_search_pids($1)
@@ -39378,11 +39622,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+ type xdm_var_run_t;
+ ')
+
++ dontaudit $1 xdm_var_run_t:dir search_dir_perms;
+ dontaudit $1 xdm_var_run_t:file read_file_perms;
')
########################################
-@@ -897,7 +979,7 @@
+@@ -897,7 +980,7 @@
')
logging_search_logs($1)
@@ -39391,7 +39636,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
')
########################################
-@@ -916,7 +998,7 @@
+@@ -916,7 +999,7 @@
type xserver_log_t;
')
@@ -39400,7 +39645,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
')
########################################
-@@ -963,6 +1045,45 @@
+@@ -963,6 +1046,45 @@
########################################
## <summary>
@@ -39446,7 +39691,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
## Read xdm temporary files.
## </summary>
## <param name="domain">
-@@ -976,7 +1097,7 @@
+@@ -976,7 +1098,7 @@
type xdm_tmp_t;
')
@@ -39455,7 +39700,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
read_files_pattern($1, xdm_tmp_t, xdm_tmp_t)
')
-@@ -1038,6 +1159,24 @@
+@@ -1038,6 +1160,24 @@
########################################
## <summary>
@@ -39480,7 +39725,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
## Do not audit attempts to get the attributes of
## xdm temporary named sockets.
## </summary>
-@@ -1052,7 +1191,7 @@
+@@ -1052,7 +1192,7 @@
type xdm_tmp_t;
')
@@ -39489,7 +39734,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
')
########################################
-@@ -1070,8 +1209,10 @@
+@@ -1070,8 +1210,10 @@
type xserver_t, xserver_exec_t;
')
@@ -39501,7 +39746,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
')
########################################
-@@ -1185,6 +1326,26 @@
+@@ -1185,6 +1327,26 @@
files_search_tmp($1)
stream_connect_pattern($1, xserver_tmp_t, xserver_tmp_t, xserver_t)
@@ -39528,7 +39773,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
')
########################################
-@@ -1210,7 +1371,7 @@
+@@ -1210,7 +1372,7 @@
## <summary>
## Interface to provide X object permissions on a given X server to
## an X client domain. Gives the domain permission to read the
@@ -39537,7 +39782,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
## </summary>
## <param name="domain">
## <summary>
-@@ -1220,13 +1381,23 @@
+@@ -1220,13 +1382,23 @@
#
interface(`xserver_manage_core_devices',`
gen_require(`
@@ -39562,7 +39807,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
')
########################################
-@@ -1243,10 +1414,355 @@
+@@ -1243,10 +1415,355 @@
#
interface(`xserver_unconfined',`
gen_require(`
@@ -39921,8 +40166,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+ manage_files_pattern($1, user_fonts_config_t, user_fonts_config_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.9.7/policy/modules/services/xserver.te
---- nsaserefpolicy/policy/modules/services/xserver.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/xserver.te 2011-01-04 13:27:45.006041467 +0100
+--- nsaserefpolicy/policy/modules/services/xserver.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/xserver.te 2011-01-04 12:27:45.000000000 +0000
@@ -26,27 +26,50 @@
#
@@ -41006,8 +41251,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+ unconfined_getpgid(xserver_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.if serefpolicy-3.9.7/policy/modules/services/zabbix.if
---- nsaserefpolicy/policy/modules/services/zabbix.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/zabbix.if 2010-11-05 14:02:26.874901891 +0100
+--- nsaserefpolicy/policy/modules/services/zabbix.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/zabbix.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run zabbix.
## </summary>
@@ -41033,8 +41278,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabb
#
interface(`zabbix_append_log',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.te serefpolicy-3.9.7/policy/modules/services/zabbix.te
---- nsaserefpolicy/policy/modules/services/zabbix.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/zabbix.te 2010-11-05 14:02:26.875930111 +0100
+--- nsaserefpolicy/policy/modules/services/zabbix.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/zabbix.te 2010-11-05 13:02:26.000000000 +0000
@@ -26,11 +26,11 @@
#
@@ -41050,8 +41295,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabb
logging_log_filetrans(zabbix_t, zabbix_log_t, file)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zarafa.fc serefpolicy-3.9.7/policy/modules/services/zarafa.fc
---- nsaserefpolicy/policy/modules/services/zarafa.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/zarafa.fc 2010-11-05 14:02:26.877912101 +0100
+--- nsaserefpolicy/policy/modules/services/zarafa.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/zarafa.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,27 @@
+
+/etc/zarafa(/.*)? gen_context(system_u:object_r:zarafa_etc_t,s0)
@@ -41081,8 +41326,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zara
+/var/run/zarafa-ical\.pid -- gen_context(system_u:object_r:zarafa_ical_var_run_t,s0)
+/var/run/zarafa-monitor\.pid -- gen_context(system_u:object_r:zarafa_monitor_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zarafa.if serefpolicy-3.9.7/policy/modules/services/zarafa.if
---- nsaserefpolicy/policy/modules/services/zarafa.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/zarafa.if 2010-11-15 17:44:44.958149688 +0100
+--- nsaserefpolicy/policy/modules/services/zarafa.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/zarafa.if 2010-11-15 16:44:44.000000000 +0000
@@ -0,0 +1,122 @@
+## <summary>policy for zarafa services</summary>
+
@@ -41207,8 +41452,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zara
+ allow $1 zarafa_etc_t:dir search_dir_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zarafa.te serefpolicy-3.9.7/policy/modules/services/zarafa.te
---- nsaserefpolicy/policy/modules/services/zarafa.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/services/zarafa.te 2010-11-05 14:02:26.879901005 +0100
+--- nsaserefpolicy/policy/modules/services/zarafa.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/zarafa.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,132 @@
+policy_module(zarafa, 1.0.0)
+
@@ -41343,8 +41588,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zara
+ apache_content_template(zarafa)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.if serefpolicy-3.9.7/policy/modules/services/zebra.if
---- nsaserefpolicy/policy/modules/services/zebra.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/zebra.if 2010-11-05 14:02:26.880902057 +0100
+--- nsaserefpolicy/policy/modules/services/zebra.if 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/zebra.if 2010-11-05 13:02:26.000000000 +0000
@@ -38,8 +38,7 @@
')
@@ -41366,8 +41611,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
allow $1 zebra_t:process { ptrace signal_perms };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.te serefpolicy-3.9.7/policy/modules/services/zebra.te
---- nsaserefpolicy/policy/modules/services/zebra.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/zebra.te 2010-11-05 14:02:26.882915824 +0100
+--- nsaserefpolicy/policy/modules/services/zebra.te 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/zebra.te 2010-11-05 13:02:26.000000000 +0000
@@ -6,11 +6,10 @@
#
@@ -41393,8 +41638,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
manage_sock_files_pattern(zebra_t, zebra_log_t, zebra_log_t)
logging_log_filetrans(zebra_t, zebra_log_t, { sock_file file dir })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.if serefpolicy-3.9.7/policy/modules/services/zosremote.if
---- nsaserefpolicy/policy/modules/services/zosremote.if 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/zosremote.if 2010-11-05 14:02:26.883916178 +0100
+--- nsaserefpolicy/policy/modules/services/zosremote.if 2010-10-12 20:42:49.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/zosremote.if 2010-11-05 13:02:26.000000000 +0000
@@ -5,9 +5,9 @@
## Execute a domain transition to run audispd-zos-remote.
## </summary>
@@ -41416,8 +41661,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosr
interface(`zosremote_run',`
gen_require(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.te serefpolicy-3.9.7/policy/modules/services/zosremote.te
---- nsaserefpolicy/policy/modules/services/zosremote.te 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/zosremote.te 2010-11-05 14:02:26.885650437 +0100
+--- nsaserefpolicy/policy/modules/services/zosremote.te 2010-10-12 20:42:48.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/services/zosremote.te 2010-11-05 13:02:26.000000000 +0000
@@ -16,7 +16,7 @@
#
@@ -41428,8 +41673,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosr
files_read_etc_files(zos_remote_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.if serefpolicy-3.9.7/policy/modules/system/application.if
---- nsaserefpolicy/policy/modules/system/application.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/application.if 2010-11-05 14:02:26.886652606 +0100
+--- nsaserefpolicy/policy/modules/system/application.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/application.if 2010-11-05 13:02:26.000000000 +0000
@@ -130,3 +130,75 @@
allow $1 application_domain_type:process signull;
@@ -41507,8 +41752,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic
+ allow $1 application_domain_type:process signal;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.9.7/policy/modules/system/application.te
---- nsaserefpolicy/policy/modules/system/application.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/application.te 2010-11-05 14:02:26.888650938 +0100
+--- nsaserefpolicy/policy/modules/system/application.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/application.te 2010-11-05 13:02:26.000000000 +0000
@@ -6,6 +6,22 @@
# Executables to be run by user
attribute application_exec_type;
@@ -41533,8 +41778,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic
ssh_sigchld(application_domain_type)
ssh_rw_stream_sockets(application_domain_type)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.9.7/policy/modules/system/authlogin.fc
---- nsaserefpolicy/policy/modules/system/authlogin.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/authlogin.fc 2010-11-10 15:15:09.909147820 +0100
+--- nsaserefpolicy/policy/modules/system/authlogin.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/authlogin.fc 2010-11-10 14:15:09.000000000 +0000
@@ -10,6 +10,7 @@
/sbin/pam_console_apply -- gen_context(system_u:object_r:pam_console_exec_t,s0)
/sbin/pam_timestamp_check -- gen_context(system_u:object_r:pam_exec_t,s0)
@@ -41560,8 +41805,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
/var/run/sepermit(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0)
/var/run/sudo(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.9.7/policy/modules/system/authlogin.if
---- nsaserefpolicy/policy/modules/system/authlogin.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/authlogin.if 2010-12-06 18:48:01.075041215 +0100
+--- nsaserefpolicy/policy/modules/system/authlogin.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/authlogin.if 2011-01-24 18:06:09.106455000 +0000
@@ -57,6 +57,8 @@
auth_exec_pam($1)
auth_use_nsswitch($1)
@@ -41824,8 +42069,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.9.7/policy/modules/system/authlogin.te
---- nsaserefpolicy/policy/modules/system/authlogin.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/authlogin.te 2011-01-14 17:03:47.552042420 +0100
+--- nsaserefpolicy/policy/modules/system/authlogin.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/authlogin.te 2011-01-14 16:03:47.000000000 +0000
@@ -5,9 +5,17 @@
# Declarations
#
@@ -41869,8 +42114,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.if serefpolicy-3.9.7/policy/modules/system/daemontools.if
---- nsaserefpolicy/policy/modules/system/daemontools.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/daemontools.if 2010-11-05 14:02:26.896650555 +0100
+--- nsaserefpolicy/policy/modules/system/daemontools.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/daemontools.if 2010-11-05 13:02:26.000000000 +0000
@@ -71,6 +71,32 @@
domtrans_pattern($1, svc_start_exec_t, svc_start_t)
')
@@ -41952,8 +42197,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemon
+ allow $1 svc_run_t:process sigchld;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.te serefpolicy-3.9.7/policy/modules/system/daemontools.te
---- nsaserefpolicy/policy/modules/system/daemontools.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/daemontools.te 2010-11-05 14:02:26.898650214 +0100
+--- nsaserefpolicy/policy/modules/system/daemontools.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/daemontools.te 2010-11-05 13:02:26.000000000 +0000
@@ -38,7 +38,10 @@
# multilog creates /service/*/log/status
manage_files_pattern(svc_multilog_t, svc_svc_t, svc_svc_t)
@@ -42027,8 +42272,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemon
daemontools_domtrans_run(svc_start_t)
daemontools_manage_svc(svc_start_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.9.7/policy/modules/system/fstools.fc
---- nsaserefpolicy/policy/modules/system/fstools.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/fstools.fc 2010-11-05 14:02:26.899653781 +0100
+--- nsaserefpolicy/policy/modules/system/fstools.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/fstools.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,4 +1,3 @@
-/sbin/badblocks -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/blkid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -42043,8 +42288,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
/sbin/partprobe -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.9.7/policy/modules/system/fstools.te
---- nsaserefpolicy/policy/modules/system/fstools.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/fstools.te 2010-11-05 14:02:26.900650642 +0100
+--- nsaserefpolicy/policy/modules/system/fstools.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/fstools.te 2010-11-05 13:02:26.000000000 +0000
@@ -55,6 +55,7 @@
kernel_read_system_state(fsadm_t)
@@ -42099,8 +42344,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
xen_rw_image_files(fsadm_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-3.9.7/policy/modules/system/getty.te
---- nsaserefpolicy/policy/modules/system/getty.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/getty.te 2010-11-05 14:02:26.901654069 +0100
+--- nsaserefpolicy/policy/modules/system/getty.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/getty.te 2010-11-05 13:02:26.000000000 +0000
@@ -83,7 +83,7 @@
term_setattr_all_ttys(getty_t)
term_setattr_unallocated_ttys(getty_t)
@@ -42111,8 +42356,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.
auth_rw_login_records(getty_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.9.7/policy/modules/system/hostname.te
---- nsaserefpolicy/policy/modules/system/hostname.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/hostname.te 2010-11-05 14:02:26.903651285 +0100
+--- nsaserefpolicy/policy/modules/system/hostname.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/hostname.te 2010-11-05 13:02:26.000000000 +0000
@@ -28,15 +28,18 @@
# Early devtmpfs, before udev relabel
dev_dontaudit_rw_generic_chr_files(hostname_t)
@@ -42144,8 +42389,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna
xen_dontaudit_use_fds(hostname_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplug.te serefpolicy-3.9.7/policy/modules/system/hotplug.te
---- nsaserefpolicy/policy/modules/system/hotplug.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/hotplug.te 2010-11-05 14:02:26.904650451 +0100
+--- nsaserefpolicy/policy/modules/system/hotplug.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/hotplug.te 2010-11-05 13:02:26.000000000 +0000
@@ -23,7 +23,7 @@
#
@@ -42175,8 +42420,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplu
files_read_kernel_modules(hotplug_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.9.7/policy/modules/system/init.fc
---- nsaserefpolicy/policy/modules/system/init.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/init.fc 2010-11-05 14:02:26.905652830 +0100
+--- nsaserefpolicy/policy/modules/system/init.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/init.fc 2010-11-05 13:02:26.000000000 +0000
@@ -24,7 +24,19 @@
#
# /sbin
@@ -42208,8 +42453,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.f
#
# /var
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.9.7/policy/modules/system/init.if
---- nsaserefpolicy/policy/modules/system/init.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/init.if 2010-11-05 14:02:26.908900853 +0100
+--- nsaserefpolicy/policy/modules/system/init.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/init.if 2010-11-05 13:02:26.000000000 +0000
@@ -105,7 +105,11 @@
role system_r types $1;
@@ -42593,8 +42838,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
+ allow $1 init_t:unix_stream_socket rw_stream_socket_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.9.7/policy/modules/system/init.te
---- nsaserefpolicy/policy/modules/system/init.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/init.te 2011-01-18 16:02:55.265042266 +0100
+--- nsaserefpolicy/policy/modules/system/init.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/init.te 2011-01-18 15:02:55.000000000 +0000
@@ -16,6 +16,27 @@
## </desc>
gen_tunable(init_upstart, false)
@@ -43283,8 +43528,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
+')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.9.7/policy/modules/system/ipsec.fc
---- nsaserefpolicy/policy/modules/system/ipsec.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/ipsec.fc 2010-11-05 14:02:26.914652800 +0100
+--- nsaserefpolicy/policy/modules/system/ipsec.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/ipsec.fc 2010-11-05 13:02:26.000000000 +0000
@@ -25,6 +25,7 @@
/usr/libexec/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0)
/usr/libexec/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
@@ -43303,8 +43548,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
/var/racoon(/.*)? gen_context(system_u:object_r:ipsec_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.9.7/policy/modules/system/ipsec.if
---- nsaserefpolicy/policy/modules/system/ipsec.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/ipsec.if 2010-11-05 14:02:26.916651272 +0100
+--- nsaserefpolicy/policy/modules/system/ipsec.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/ipsec.if 2010-11-05 13:02:26.000000000 +0000
@@ -20,6 +20,24 @@
########################################
@@ -43413,8 +43658,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
+ allow ipsec_mgmt_t $1:dbus send_msg;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.9.7/policy/modules/system/ipsec.te
---- nsaserefpolicy/policy/modules/system/ipsec.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/ipsec.te 2010-11-05 14:02:26.919650447 +0100
+--- nsaserefpolicy/policy/modules/system/ipsec.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/ipsec.te 2010-11-05 13:02:26.000000000 +0000
@@ -72,7 +72,7 @@
#
@@ -43578,8 +43823,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
userdom_use_user_terminals(setkey_t)
+userdom_read_user_tmp_files(setkey_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.9.7/policy/modules/system/iptables.fc
---- nsaserefpolicy/policy/modules/system/iptables.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/iptables.fc 2010-11-05 14:02:26.921652063 +0100
+--- nsaserefpolicy/policy/modules/system/iptables.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/iptables.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,12 +1,19 @@
/etc/rc\.d/init\.d/ip6?tables -- gen_context(system_u:object_r:iptables_initrc_exec_t,s0)
-/etc/sysconfig/ip6?tables.* -- gen_context(system_u:object_r:iptables_conf_t,s0)
@@ -43603,8 +43848,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
/usr/sbin/iptables -- gen_context(system_u:object_r:iptables_exec_t,s0)
/usr/sbin/iptables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.9.7/policy/modules/system/iptables.if
---- nsaserefpolicy/policy/modules/system/iptables.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/iptables.if 2010-11-05 14:02:26.923650186 +0100
+--- nsaserefpolicy/policy/modules/system/iptables.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/iptables.if 2010-11-05 13:02:26.000000000 +0000
@@ -17,6 +17,10 @@
corecmd_search_bin($1)
@@ -43617,8 +43862,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.9.7/policy/modules/system/iptables.te
---- nsaserefpolicy/policy/modules/system/iptables.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/iptables.te 2011-01-19 17:05:39.017042745 +0100
+--- nsaserefpolicy/policy/modules/system/iptables.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/iptables.te 2011-01-19 16:05:39.000000000 +0000
@@ -13,9 +13,6 @@
type iptables_initrc_exec_t;
init_script_file(iptables_initrc_exec_t)
@@ -43710,8 +43955,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-3.9.7/policy/modules/system/iscsi.if
---- nsaserefpolicy/policy/modules/system/iscsi.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/iscsi.if 2010-11-05 14:02:26.925901558 +0100
+--- nsaserefpolicy/policy/modules/system/iscsi.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/iscsi.if 2010-11-05 13:02:26.000000000 +0000
@@ -56,3 +56,21 @@
allow $1 iscsi_var_lib_t:dir list_dir_perms;
files_search_var_lib($1)
@@ -43735,8 +43980,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
+ allow $1 iscsid_t:sem create_sem_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.9.7/policy/modules/system/iscsi.te
---- nsaserefpolicy/policy/modules/system/iscsi.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/iscsi.te 2011-01-03 08:52:59.886042530 +0100
+--- nsaserefpolicy/policy/modules/system/iscsi.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/iscsi.te 2011-01-03 07:52:59.000000000 +0000
@@ -31,6 +31,7 @@
#
@@ -43766,8 +44011,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
+ tgtd_manage_semaphores(iscsid_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/kdump.if serefpolicy-3.9.7/policy/modules/system/kdump.if
---- nsaserefpolicy/policy/modules/system/kdump.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/kdump.if 2010-11-11 16:27:21.214147846 +0100
+--- nsaserefpolicy/policy/modules/system/kdump.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/kdump.if 2010-11-11 15:27:21.000000000 +0000
@@ -75,6 +75,24 @@
allow $1 kdump_etc_t:file manage_file_perms;
')
@@ -43802,8 +44047,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/kdump.
admin_pattern($1, kdump_etc_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/kdump.te serefpolicy-3.9.7/policy/modules/system/kdump.te
---- nsaserefpolicy/policy/modules/system/kdump.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/kdump.te 2010-11-05 14:02:26.927901357 +0100
+--- nsaserefpolicy/policy/modules/system/kdump.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/kdump.te 2010-11-05 13:02:26.000000000 +0000
@@ -29,6 +29,8 @@
kernel_read_system_state(kdump_t)
@@ -43814,8 +44059,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/kdump.
dev_read_framebuffer(kdump_t)
dev_read_sysfs(kdump_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.9.7/policy/modules/system/libraries.fc
---- nsaserefpolicy/policy/modules/system/libraries.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/libraries.fc 2010-11-11 16:35:08.158148222 +0100
+--- nsaserefpolicy/policy/modules/system/libraries.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/libraries.fc 2010-11-11 15:35:08.000000000 +0000
@@ -44,6 +44,7 @@
/lib/security/pam_poldi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -44055,8 +44300,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
+/opt/google/picasa/.*\.yti -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/opt/google/talkplugin/.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.if serefpolicy-3.9.7/policy/modules/system/libraries.if
---- nsaserefpolicy/policy/modules/system/libraries.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/libraries.if 2010-11-05 14:02:26.930900462 +0100
+--- nsaserefpolicy/policy/modules/system/libraries.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/libraries.if 2010-11-05 13:02:26.000000000 +0000
@@ -46,6 +46,26 @@
########################################
@@ -44140,8 +44385,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.9.7/policy/modules/system/libraries.te
---- nsaserefpolicy/policy/modules/system/libraries.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/libraries.te 2010-11-05 14:02:26.930900462 +0100
+--- nsaserefpolicy/policy/modules/system/libraries.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/libraries.te 2010-11-05 13:02:26.000000000 +0000
@@ -61,7 +61,7 @@
manage_files_pattern(ldconfig_t, ldconfig_cache_t, ldconfig_cache_t)
@@ -44195,15 +44440,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.fc serefpolicy-3.9.7/policy/modules/system/locallogin.fc
---- nsaserefpolicy/policy/modules/system/locallogin.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/locallogin.fc 2010-11-05 14:02:26.931899768 +0100
+--- nsaserefpolicy/policy/modules/system/locallogin.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/locallogin.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,2 +1,3 @@
/sbin/sulogin -- gen_context(system_u:object_r:sulogin_exec_t,s0)
+/sbin/sushell -- gen_context(system_u:object_r:sulogin_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.9.7/policy/modules/system/locallogin.te
---- nsaserefpolicy/policy/modules/system/locallogin.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/locallogin.te 2010-11-05 14:02:26.932901937 +0100
+--- nsaserefpolicy/policy/modules/system/locallogin.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/locallogin.te 2010-11-05 13:02:26.000000000 +0000
@@ -32,9 +32,8 @@
# Local login local policy
#
@@ -44314,8 +44559,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locall
- nscd_socket_use(sulogin_t)
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.9.7/policy/modules/system/logging.fc
---- nsaserefpolicy/policy/modules/system/logging.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/logging.fc 2011-01-03 10:28:51.710042336 +0100
+--- nsaserefpolicy/policy/modules/system/logging.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/logging.fc 2011-01-03 09:28:51.000000000 +0000
@@ -17,6 +17,10 @@
/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0)
@@ -44365,8 +44610,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+
+/var/webmin(/.*)? gen_context(system_u:object_r:var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.9.7/policy/modules/system/logging.if
---- nsaserefpolicy/policy/modules/system/logging.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/logging.if 2010-11-05 14:02:26.934900130 +0100
+--- nsaserefpolicy/policy/modules/system/logging.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/logging.if 2010-11-05 13:02:26.000000000 +0000
@@ -545,6 +545,25 @@
########################################
@@ -44439,8 +44684,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
domain_system_change_exemption($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.9.7/policy/modules/system/logging.te
---- nsaserefpolicy/policy/modules/system/logging.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/logging.te 2010-11-15 18:53:42.100148434 +0100
+--- nsaserefpolicy/policy/modules/system/logging.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/logging.te 2010-11-15 17:53:42.000000000 +0000
@@ -60,6 +60,7 @@
type syslogd_t;
type syslogd_exec_t;
@@ -44556,8 +44801,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.9.7/policy/modules/system/lvm.fc
---- nsaserefpolicy/policy/modules/system/lvm.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/lvm.fc 2010-12-07 13:48:49.058043850 +0100
+--- nsaserefpolicy/policy/modules/system/lvm.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/lvm.fc 2010-12-07 12:48:49.000000000 +0000
@@ -28,10 +28,12 @@
#
/lib/lvm-10/.* -- gen_context(system_u:object_r:lvm_exec_t,s0)
@@ -44577,8 +44822,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc
/var/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0)
+/var/run/clvmd\.pid -- gen_context(system_u:object_r:clvmd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.if serefpolicy-3.9.7/policy/modules/system/lvm.if
---- nsaserefpolicy/policy/modules/system/lvm.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/lvm.if 2010-11-05 14:02:26.936899930 +0100
+--- nsaserefpolicy/policy/modules/system/lvm.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/lvm.if 2010-11-05 13:02:26.000000000 +0000
@@ -123,3 +123,21 @@
corecmd_search_bin($1)
domtrans_pattern($1, clvmd_exec_t, clvmd_t)
@@ -44602,8 +44847,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.if
+ allow $1 clvmd_tmpfs_t:file rw_file_perms;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.9.7/policy/modules/system/lvm.te
---- nsaserefpolicy/policy/modules/system/lvm.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/lvm.te 2010-11-05 14:02:26.937899865 +0100
+--- nsaserefpolicy/policy/modules/system/lvm.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/lvm.te 2010-11-05 13:02:26.000000000 +0000
@@ -12,6 +12,9 @@
type clvmd_initrc_exec_t;
init_script_file(clvmd_initrc_exec_t)
@@ -44712,8 +44957,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.9.7/policy/modules/system/miscfiles.fc
---- nsaserefpolicy/policy/modules/system/miscfiles.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/miscfiles.fc 2010-12-15 15:00:52.060042188 +0100
+--- nsaserefpolicy/policy/modules/system/miscfiles.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/miscfiles.fc 2010-12-15 14:00:52.000000000 +0000
@@ -9,7 +9,9 @@
# /etc
#
@@ -44741,8 +44986,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
ifdef(`distro_debian',`
/var/lib/msttcorefonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.9.7/policy/modules/system/miscfiles.if
---- nsaserefpolicy/policy/modules/system/miscfiles.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/miscfiles.if 2010-11-05 14:02:26.939900153 +0100
+--- nsaserefpolicy/policy/modules/system/miscfiles.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/miscfiles.if 2010-11-05 13:02:26.000000000 +0000
@@ -414,9 +414,6 @@
allow $1 locale_t:dir list_dir_perms;
read_files_pattern($1, locale_t, locale_t)
@@ -44754,8 +44999,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.te serefpolicy-3.9.7/policy/modules/system/miscfiles.te
---- nsaserefpolicy/policy/modules/system/miscfiles.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/miscfiles.te 2010-11-05 14:02:26.939900153 +0100
+--- nsaserefpolicy/policy/modules/system/miscfiles.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/miscfiles.te 2010-11-05 13:02:26.000000000 +0000
@@ -4,7 +4,6 @@
#
# Declarations
@@ -44773,8 +45018,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
# fonts_t is the type of various font
# files in /usr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.if serefpolicy-3.9.7/policy/modules/system/modutils.if
---- nsaserefpolicy/policy/modules/system/modutils.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/modutils.if 2010-11-05 14:02:26.940899668 +0100
+--- nsaserefpolicy/policy/modules/system/modutils.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/modutils.if 2010-11-05 13:02:26.000000000 +0000
@@ -39,6 +39,26 @@
########################################
@@ -44803,8 +45048,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
## loading modules.
## </summary>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.9.7/policy/modules/system/modutils.te
---- nsaserefpolicy/policy/modules/system/modutils.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/modutils.te 2010-11-11 16:32:03.059397712 +0100
+--- nsaserefpolicy/policy/modules/system/modutils.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/modutils.te 2010-11-11 15:32:03.000000000 +0000
@@ -18,8 +18,12 @@
type insmod_exec_t;
application_domain(insmod_t, insmod_exec_t)
@@ -44929,8 +45174,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
dev_rw_xserver_misc(insmod_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.9.7/policy/modules/system/mount.fc
---- nsaserefpolicy/policy/modules/system/mount.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/mount.fc 2010-11-05 14:02:26.941900022 +0100
+--- nsaserefpolicy/policy/modules/system/mount.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/mount.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,4 +1,10 @@
/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
@@ -44944,8 +45189,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+/var/cache/davfs2(/.*)? gen_context(system_u:object_r:mount_var_run_t,s0)
+/var/run/davfs2(/.*)? gen_context(system_u:object_r:mount_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.9.7/policy/modules/system/mount.if
---- nsaserefpolicy/policy/modules/system/mount.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/mount.if 2011-01-03 09:33:07.158042280 +0100
+--- nsaserefpolicy/policy/modules/system/mount.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/mount.if 2011-01-03 08:33:07.000000000 +0000
@@ -16,6 +16,16 @@
')
@@ -45176,8 +45421,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+ role $2 types showmount_t;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.9.7/policy/modules/system/mount.te
---- nsaserefpolicy/policy/modules/system/mount.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/mount.te 2010-12-03 11:49:11.847041869 +0100
+--- nsaserefpolicy/policy/modules/system/mount.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/mount.te 2010-12-03 10:49:11.000000000 +0000
@@ -17,8 +17,15 @@
init_system_domain(mount_t, mount_exec_t)
role system_r types mount_t;
@@ -45499,8 +45744,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+
+userdom_use_user_terminals(showmount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.fc serefpolicy-3.9.7/policy/modules/system/raid.fc
---- nsaserefpolicy/policy/modules/system/raid.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/raid.fc 2011-01-20 11:41:48.070291082 +0100
+--- nsaserefpolicy/policy/modules/system/raid.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/raid.fc 2011-01-20 10:41:48.000000000 +0000
@@ -1,4 +1,10 @@
-/dev/.mdadm.map -- gen_context(system_u:object_r:mdadm_map_t,s0)
+/dev/.mdadm\.map -- gen_context(system_u:object_r:mdadm_var_run_t,s0)
@@ -45514,8 +45759,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.f
/sbin/mdadm -- gen_context(system_u:object_r:mdadm_exec_t,s0)
/sbin/mdmpd -- gen_context(system_u:object_r:mdadm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.9.7/policy/modules/system/raid.te
---- nsaserefpolicy/policy/modules/system/raid.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/raid.te 2011-01-20 11:45:34.382042496 +0100
+--- nsaserefpolicy/policy/modules/system/raid.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/raid.te 2011-01-20 10:45:34.000000000 +0000
@@ -10,11 +10,9 @@
init_daemon_domain(mdadm_t, mdadm_exec_t)
role system_r types mdadm_t;
@@ -45576,8 +45821,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.t
term_dontaudit_list_ptys(mdadm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.9.7/policy/modules/system/selinuxutil.fc
---- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/selinuxutil.fc 2010-11-05 14:02:26.945899900 +0100
+--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/selinuxutil.fc 2010-11-05 13:02:26.000000000 +0000
@@ -6,13 +6,13 @@
/etc/selinux(/.*)? gen_context(system_u:object_r:selinux_config_t,s0)
/etc/selinux/([^/]*/)?contexts(/.*)? gen_context(system_u:object_r:default_context_t,s0)
@@ -45618,8 +45863,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+/etc/share/selinux/targeted(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
+/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.9.7/policy/modules/system/selinuxutil.if
---- nsaserefpolicy/policy/modules/system/selinuxutil.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/selinuxutil.if 2011-01-18 15:36:34.754042402 +0100
+--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/selinuxutil.if 2011-01-18 14:36:34.000000000 +0000
@@ -85,6 +85,10 @@
corecmd_search_bin($1)
@@ -46025,8 +46270,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.9.7/policy/modules/system/selinuxutil.te
---- nsaserefpolicy/policy/modules/system/selinuxutil.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/selinuxutil.te 2011-01-20 12:33:22.741042639 +0100
+--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/selinuxutil.te 2011-01-20 11:33:22.000000000 +0000
@@ -1,4 +1,4 @@
-policy_module(selinuxutil, 1.14.0)
+policy_module(selinuxutil, 1.14.1)
@@ -46466,8 +46711,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+ unconfined_domain(setfiles_mac_t)
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-3.9.7/policy/modules/system/setrans.te
---- nsaserefpolicy/policy/modules/system/setrans.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/setrans.te 2010-11-05 14:02:26.949900686 +0100
+--- nsaserefpolicy/policy/modules/system/setrans.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/setrans.te 2010-11-05 13:02:26.000000000 +0000
@@ -12,6 +12,7 @@
type setrans_t;
type setrans_exec_t;
@@ -46489,14 +46734,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
kernel_read_kernel_sysctls(setrans_t)
kernel_read_proc_symlinks(setrans_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.fc serefpolicy-3.9.7/policy/modules/system/sosreport.fc
---- nsaserefpolicy/policy/modules/system/sosreport.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/system/sosreport.fc 2010-11-05 14:02:26.950899852 +0100
+--- nsaserefpolicy/policy/modules/system/sosreport.fc 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/sosreport.fc 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,2 @@
+
+/usr/sbin/sosreport -- gen_context(system_u:object_r:sosreport_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.if serefpolicy-3.9.7/policy/modules/system/sosreport.if
---- nsaserefpolicy/policy/modules/system/sosreport.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/system/sosreport.if 2010-11-05 14:02:26.950899852 +0100
+--- nsaserefpolicy/policy/modules/system/sosreport.if 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/sosreport.if 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,131 @@
+
+## <summary>policy for sosreport</summary>
@@ -46630,8 +46875,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosrep
+ allow $1 sosreport_tmp_t:file append;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.te serefpolicy-3.9.7/policy/modules/system/sosreport.te
---- nsaserefpolicy/policy/modules/system/sosreport.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.9.7/policy/modules/system/sosreport.te 2010-11-05 14:02:26.951899996 +0100
+--- nsaserefpolicy/policy/modules/system/sosreport.te 1970-01-01 00:00:00.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/sosreport.te 2010-11-05 13:02:26.000000000 +0000
@@ -0,0 +1,154 @@
+policy_module(sosreport,1.0.0)
+
@@ -46788,8 +47033,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosrep
+ unconfined_domain(sosreport_t)
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.9.7/policy/modules/system/sysnetwork.fc
---- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/sysnetwork.fc 2010-11-05 14:02:26.952900210 +0100
+--- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/sysnetwork.fc 2010-11-05 13:02:26.000000000 +0000
@@ -64,3 +64,5 @@
ifdef(`distro_gentoo',`
/var/lib/dhcpc(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
@@ -46797,8 +47042,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.9.7/policy/modules/system/sysnetwork.if
---- nsaserefpolicy/policy/modules/system/sysnetwork.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/sysnetwork.if 2010-11-05 14:02:26.953899935 +0100
+--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/sysnetwork.if 2010-11-05 13:02:26.000000000 +0000
@@ -60,6 +60,24 @@
netutils_run(dhcpc_t, $2)
netutils_run_ping(dhcpc_t, $2)
@@ -47039,8 +47284,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+ role_transition $1 dhcpc_exec_t system_r;
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.9.7/policy/modules/system/sysnetwork.te
---- nsaserefpolicy/policy/modules/system/sysnetwork.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/sysnetwork.te 2010-12-15 15:07:53.873042139 +0100
+--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/sysnetwork.te 2010-12-15 14:07:53.000000000 +0000
@@ -5,6 +5,13 @@
# Declarations
#
@@ -47222,16 +47467,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+ ')
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.9.7/policy/modules/system/udev.fc
---- nsaserefpolicy/policy/modules/system/udev.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/udev.fc 2010-11-05 14:02:26.954900289 +0100
+--- nsaserefpolicy/policy/modules/system/udev.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/udev.fc 2010-11-05 13:02:26.000000000 +0000
@@ -22,3 +22,4 @@
/usr/bin/udevinfo -- gen_context(system_u:object_r:udev_exec_t,s0)
/var/run/PackageKit/udev(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
+/var/run/libgpod(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.9.7/policy/modules/system/udev.if
---- nsaserefpolicy/policy/modules/system/udev.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/udev.if 2010-11-05 14:02:26.955899944 +0100
+--- nsaserefpolicy/policy/modules/system/udev.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/udev.if 2010-11-05 13:02:26.000000000 +0000
@@ -34,6 +34,7 @@
')
@@ -47288,8 +47533,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.i
+')
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.9.7/policy/modules/system/udev.te
---- nsaserefpolicy/policy/modules/system/udev.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/udev.te 2010-11-05 14:02:26.956899879 +0100
+--- nsaserefpolicy/policy/modules/system/udev.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/udev.te 2010-11-05 13:02:26.000000000 +0000
@@ -52,6 +52,7 @@
allow udev_t self:unix_stream_socket connectto;
allow udev_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -47390,8 +47635,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.9.7/policy/modules/system/unconfined.fc
---- nsaserefpolicy/policy/modules/system/unconfined.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/unconfined.fc 2010-11-05 14:02:26.956899879 +0100
+--- nsaserefpolicy/policy/modules/system/unconfined.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/unconfined.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,15 +1 @@
# Add programs here which should not be confined by SELinux
-# e.g.:
@@ -47409,8 +47654,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
-/usr/lib32/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.9.7/policy/modules/system/unconfined.if
---- nsaserefpolicy/policy/modules/system/unconfined.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/unconfined.if 2010-11-05 14:02:26.957900721 +0100
+--- nsaserefpolicy/policy/modules/system/unconfined.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/unconfined.if 2010-11-05 13:02:26.000000000 +0000
@@ -12,27 +12,33 @@
#
interface(`unconfined_domain_noaudit',`
@@ -47897,8 +48142,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
- allow $1 unconfined_t:dbus acquire_svc;
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.9.7/policy/modules/system/unconfined.te
---- nsaserefpolicy/policy/modules/system/unconfined.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/unconfined.te 2010-11-05 14:02:26.958900376 +0100
+--- nsaserefpolicy/policy/modules/system/unconfined.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/unconfined.te 2010-11-05 13:02:26.000000000 +0000
@@ -4,231 +4,4 @@
#
# Declarations
@@ -48133,8 +48378,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
-')
+attribute unconfined_services;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.9.7/policy/modules/system/userdomain.fc
---- nsaserefpolicy/policy/modules/system/userdomain.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/userdomain.fc 2010-11-05 14:02:26.959899962 +0100
+--- nsaserefpolicy/policy/modules/system/userdomain.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/userdomain.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,4 +1,17 @@
HOME_DIR -d gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
+HOME_DIR -l gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
@@ -48155,8 +48400,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+HOME_DIR/\.gvfs(/.*)? <<none>>
+HOME_DIR/\.debug(/.*)? <<none>>
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.9.7/policy/modules/system/userdomain.if
---- nsaserefpolicy/policy/modules/system/userdomain.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/userdomain.if 2010-12-09 12:46:35.007042321 +0100
+--- nsaserefpolicy/policy/modules/system/userdomain.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/userdomain.if 2011-01-27 14:49:04.055455000 +0000
@@ -30,8 +30,9 @@
')
@@ -48597,7 +48842,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
##############################
#
-@@ -500,73 +567,78 @@
+@@ -500,73 +567,80 @@
# evolution and gnome-session try to create a netlink socket
dontaudit $1_t self:netlink_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
dontaudit $1_t self:netlink_route_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown nlmsg_read nlmsg_write };
@@ -48618,15 +48863,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+ kernel_get_sysvipc_info($1_usertype)
# Find CDROM devices:
- kernel_read_device_sysctls($1_t)
+-
+- corecmd_exec_bin($1_t)
+-
+- corenet_udp_bind_generic_node($1_t)
+- corenet_udp_bind_generic_port($1_t)
+ kernel_read_device_sysctls($1_usertype)
+ kernel_request_load_module($1_usertype)
-
-- corecmd_exec_bin($1_t)
++ kernel_read_software_raid_state($1_usertype)
++
+ corenet_udp_bind_generic_node($1_usertype)
+ corenet_udp_bind_generic_port($1_usertype)
-
-- corenet_udp_bind_generic_node($1_t)
-- corenet_udp_bind_generic_port($1_t)
++
+ dev_read_rand($1_usertype)
+ dev_write_sound($1_usertype)
+ dev_read_sound($1_usertype)
@@ -48653,6 +48901,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
- files_read_var_lib_files($1_t)
+ files_read_var_files($1_usertype)
+ files_read_var_symlinks($1_usertype)
++ files_read_var_lib_symlinks($1_usertype)
+ files_read_generic_spool($1_usertype)
+ files_read_var_lib_files($1_usertype)
# Stat lost+found.
@@ -48716,7 +48965,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
tunable_policy(`user_ttyfile_stat',`
-@@ -574,67 +646,110 @@
+@@ -574,67 +648,110 @@
')
optional_policy(`
@@ -48730,19 +48979,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
# Allow graphical boot to check battery lifespan
- apm_stream_connect($1_t)
+ apm_stream_connect($1_usertype)
-+ ')
-+
-+ optional_policy(`
-+ canna_stream_connect($1_usertype)
')
optional_policy(`
- canna_stream_connect($1_t)
-+ chrome_role($1_r, $1_usertype)
++ canna_stream_connect($1_usertype)
')
optional_policy(`
- dbus_system_bus_client($1_t)
++ chrome_role($1_r, $1_usertype)
++ ')
++
++ optional_policy(`
+ dbus_system_bus_client($1_usertype)
+
+ allow $1_usertype $1_usertype:dbus send_msg;
@@ -48807,24 +49056,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
- inetd_use_fds($1_t)
- inetd_rw_tcp_sockets($1_t)
+ git_session_role($1_r, $1_usertype)
++ ')
++
++ optional_policy(`
++ inetd_use_fds($1_usertype)
++ inetd_rw_tcp_sockets($1_usertype)
')
optional_policy(`
- inn_read_config($1_t)
- inn_read_news_lib($1_t)
- inn_read_news_spool($1_t)
-+ inetd_use_fds($1_usertype)
-+ inetd_rw_tcp_sockets($1_usertype)
++ inn_read_config($1_usertype)
++ inn_read_news_lib($1_usertype)
++ inn_read_news_spool($1_usertype)
')
optional_policy(`
- locate_read_lib_files($1_t)
-+ inn_read_config($1_usertype)
-+ inn_read_news_lib($1_usertype)
-+ inn_read_news_spool($1_usertype)
-+ ')
-+
-+ optional_policy(`
+ locate_read_lib_files($1_usertype)
')
@@ -48845,7 +49094,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
optional_policy(`
-@@ -650,41 +765,50 @@
+@@ -650,41 +767,50 @@
optional_policy(`
# to allow monitoring of pcmcia status
@@ -48872,42 +49121,42 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
optional_policy(`
- resmgr_stream_connect($1_t)
+ resmgr_stream_connect($1_usertype)
-+ ')
-+
-+ optional_policy(`
-+ rpc_dontaudit_getattr_exports($1_usertype)
-+ rpc_manage_nfs_rw_content($1_usertype)
-+ ')
-+
-+ optional_policy(`
-+ rpcbind_stream_connect($1_usertype)
')
optional_policy(`
- rpc_dontaudit_getattr_exports($1_t)
- rpc_manage_nfs_rw_content($1_t)
-+ samba_stream_connect_winbind($1_usertype)
++ rpc_dontaudit_getattr_exports($1_usertype)
++ rpc_manage_nfs_rw_content($1_usertype)
')
optional_policy(`
- samba_stream_connect_winbind($1_t)
-+ sandbox_transition($1_usertype, $1_r)
++ rpcbind_stream_connect($1_usertype)
')
optional_policy(`
- slrnpull_search_spool($1_t)
-+ seunshare_role_template($1, $1_r, $1_t)
++ samba_stream_connect_winbind($1_usertype)
')
optional_policy(`
- usernetctl_run($1_t,$1_r)
-+ slrnpull_search_spool($1_usertype)
++ sandbox_transition($1_usertype, $1_r)
')
+
++ optional_policy(`
++ seunshare_role_template($1, $1_r, $1_t)
++ ')
++
++ optional_policy(`
++ slrnpull_search_spool($1_usertype)
++ ')
++
')
#######################################
-@@ -712,13 +836,26 @@
+@@ -712,13 +838,26 @@
userdom_base_user_template($1)
@@ -48921,7 +49170,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
- userdom_manage_tmpfs_role($1_r, $1_t)
+ ifelse(`$1',`unconfined',`',`
+ gen_tunable(allow_$1_exec_content, true)
-+
+
+- userdom_exec_user_tmp_files($1_t)
+- userdom_exec_user_home_content_files($1_t)
+ tunable_policy(`allow_$1_exec_content',`
+ userdom_exec_user_tmp_files($1_usertype)
+ userdom_exec_user_home_content_files($1_usertype)
@@ -48929,9 +49180,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+ tunable_policy(`allow_$1_exec_content && use_nfs_home_dirs',`
+ fs_exec_nfs_files($1_usertype)
+ ')
-
-- userdom_exec_user_tmp_files($1_t)
-- userdom_exec_user_home_content_files($1_t)
++
+ tunable_policy(`allow_$1_exec_content && use_samba_home_dirs',`
+ fs_exec_cifs_files($1_usertype)
+ ')
@@ -48939,7 +49188,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
userdom_change_password_template($1)
-@@ -736,72 +873,71 @@
+@@ -736,72 +875,71 @@
allow $1_t self:context contains;
@@ -49048,7 +49297,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
')
-@@ -833,6 +969,9 @@
+@@ -833,6 +971,9 @@
typeattribute $1_t unpriv_userdomain;
domain_interactive_fd($1_t)
@@ -49058,7 +49307,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
##############################
#
# Local policy
-@@ -874,45 +1013,107 @@
+@@ -874,45 +1015,107 @@
#
auth_role($1_r, $1_t)
@@ -49123,40 +49372,40 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+ abrt_dbus_chat($1_usertype)
+ abrt_run_helper($1_usertype, $1_r)
+ ')
-+
-+ optional_policy(`
-+ consolekit_dontaudit_read_log($1_usertype)
-+ consolekit_dbus_chat($1_usertype)
-+ ')
-+
-+ optional_policy(`
-+ cups_dbus_chat($1_usertype)
-+ cups_dbus_chat_config($1_usertype)
-+ ')
optional_policy(`
- consolekit_dbus_chat($1_t)
-+ devicekit_dbus_chat($1_usertype)
-+ devicekit_dbus_chat_disk($1_usertype)
-+ devicekit_dbus_chat_power($1_usertype)
++ consolekit_dontaudit_read_log($1_usertype)
++ consolekit_dbus_chat($1_usertype)
')
optional_policy(`
- cups_dbus_chat($1_t)
-+ fprintd_dbus_chat($1_t)
++ cups_dbus_chat($1_usertype)
++ cups_dbus_chat_config($1_usertype)
')
- ')
-
- optional_policy(`
-- java_role($1_r, $1_t)
-+ openoffice_role_template($1, $1_r, $1_usertype)
++
++ optional_policy(`
++ devicekit_dbus_chat($1_usertype)
++ devicekit_dbus_chat_disk($1_usertype)
++ devicekit_dbus_chat_power($1_usertype)
++ ')
++
++ optional_policy(`
++ fprintd_dbus_chat($1_t)
++ ')
+ ')
+
+ optional_policy(`
-+ policykit_role($1_r, $1_usertype)
++ openoffice_role_template($1, $1_r, $1_usertype)
+ ')
+
+ optional_policy(`
++ policykit_role($1_r, $1_usertype)
+ ')
+
+ optional_policy(`
+- java_role($1_r, $1_t)
+ pulseaudio_role($1_r, $1_usertype)
+ ')
+
@@ -49177,7 +49426,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
')
-@@ -947,7 +1148,7 @@
+@@ -947,7 +1150,7 @@
#
# Inherit rules for ordinary users.
@@ -49186,7 +49435,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
userdom_common_user_template($1)
##############################
-@@ -956,54 +1157,77 @@
+@@ -956,54 +1159,77 @@
#
# port access is audited even if dac would not have allowed it, so dontaudit it here
@@ -49202,8 +49451,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
-
- ifndef(`enable_mls',`
- fs_exec_noxattr($1_t)
-+ storage_rw_fuse($1_t)
-
+-
- tunable_policy(`user_rw_noexattrfile',`
- fs_manage_noxattr_fs_files($1_t)
- fs_manage_noxattr_fs_dirs($1_t)
@@ -49214,7 +49462,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
- storage_raw_read_removable_device($1_t)
- ')
- ')
--
++ storage_rw_fuse($1_t)
+
- tunable_policy(`user_dmesg',`
- kernel_read_ring_buffer($1_t)
- ',`
@@ -49294,7 +49543,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
')
-@@ -1039,7 +1263,7 @@
+@@ -1039,7 +1265,7 @@
template(`userdom_admin_user_template',`
gen_require(`
attribute admindomain;
@@ -49303,7 +49552,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
##############################
-@@ -1074,6 +1298,9 @@
+@@ -1074,6 +1300,9 @@
# Skip authentication when pam_rootok is specified.
allow $1_t self:passwd rootok;
@@ -49313,7 +49562,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
kernel_read_software_raid_state($1_t)
kernel_getattr_core_if($1_t)
kernel_getattr_message_if($1_t)
-@@ -1088,6 +1315,7 @@
+@@ -1088,6 +1317,7 @@
kernel_sigstop_unlabeled($1_t)
kernel_signull_unlabeled($1_t)
kernel_sigchld_unlabeled($1_t)
@@ -49321,7 +49570,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
corenet_tcp_bind_generic_port($1_t)
# allow setting up tunnels
-@@ -1119,10 +1347,13 @@
+@@ -1119,10 +1349,13 @@
domain_sigchld_all_domains($1_t)
# for lsof
domain_getattr_all_sockets($1_t)
@@ -49335,7 +49584,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
fs_set_all_quotas($1_t)
fs_exec_noxattr($1_t)
-@@ -1142,6 +1373,7 @@
+@@ -1142,6 +1375,7 @@
logging_send_syslog_msg($1_t)
modutils_domtrans_insmod($1_t)
@@ -49343,7 +49592,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
# The following rule is temporary until such time that a complete
# policy management infrastructure is in place so that an administrator
-@@ -1210,6 +1442,8 @@
+@@ -1210,6 +1444,8 @@
dev_relabel_all_dev_nodes($1)
files_create_boot_flag($1)
@@ -49352,7 +49601,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
# Necessary for managing /boot/efi
fs_manage_dos_files($1)
-@@ -1237,6 +1471,7 @@
+@@ -1237,6 +1473,7 @@
seutil_run_checkpolicy($1,$2)
seutil_run_loadpolicy($1,$2)
seutil_run_semanage($1,$2)
@@ -49360,7 +49609,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
seutil_run_setfiles($1, $2)
optional_policy(`
-@@ -1275,12 +1510,15 @@
+@@ -1275,12 +1512,15 @@
interface(`userdom_user_home_content',`
gen_require(`
type user_home_t;
@@ -49377,7 +49626,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -1391,6 +1629,7 @@
+@@ -1391,6 +1631,7 @@
')
allow $1 user_home_dir_t:dir search_dir_perms;
@@ -49385,7 +49634,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
files_search_home($1)
')
-@@ -1437,6 +1676,14 @@
+@@ -1437,6 +1678,14 @@
allow $1 user_home_dir_t:dir list_dir_perms;
files_search_home($1)
@@ -49400,7 +49649,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -1452,9 +1699,11 @@
+@@ -1452,9 +1701,11 @@
interface(`userdom_dontaudit_list_user_home_dirs',`
gen_require(`
type user_home_dir_t;
@@ -49412,7 +49661,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -1511,6 +1760,42 @@
+@@ -1511,6 +1762,42 @@
allow $1 user_home_dir_t:dir relabelto;
')
@@ -49455,7 +49704,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
########################################
## <summary>
## Create directories in the home dir root with
-@@ -1585,6 +1870,8 @@
+@@ -1585,6 +1872,8 @@
')
dontaudit $1 user_home_t:dir search_dir_perms;
@@ -49464,7 +49713,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -1599,10 +1886,12 @@
+@@ -1599,10 +1888,12 @@
#
interface(`userdom_list_user_home_content',`
gen_require(`
@@ -49479,33 +49728,69 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -1645,6 +1934,25 @@
+@@ -1645,34 +1936,53 @@
########################################
## <summary>
+-## Do not audit attempts to set the
+-## attributes of user home files.
+## Set the attributes of user home files.
-+## </summary>
-+## <param name="domain">
-+## <summary>
+ ## </summary>
+ ## <param name="domain">
+ ## <summary>
+-## Domain to not audit.
+## Domain allowed access.
-+## </summary>
-+## </param>
+ ## </summary>
+ ## </param>
+## <rolecap/>
-+#
+ #
+-interface(`userdom_dontaudit_setattr_user_home_content_files',`
+interface(`userdom_setattr_user_home_content_files',`
+ gen_require(`
+ type user_home_t;
+ ')
+
+- dontaudit $1 user_home_t:file setattr_file_perms;
++ allow $1 user_home_t:file setattr;
+ ')
+
+ ########################################
+ ## <summary>
+-## Mmap user home files.
++## Do not audit attempts to set the
++## attributes of user home files.
+ ## </summary>
+ ## <param name="domain">
+ ## <summary>
+-## Domain allowed access.
++## Domain to not audit.
+ ## </summary>
+ ## </param>
+ #
+-interface(`userdom_mmap_user_home_content_files',`
++interface(`userdom_dontaudit_setattr_user_home_content_files',`
+ gen_require(`
+ type user_home_t;
+ ')
+
-+ allow $1 user_home_t:file setattr;
++ dontaudit $1 user_home_t:file setattr_file_perms;
+')
+
+########################################
+## <summary>
- ## Do not audit attempts to set the
- ## attributes of user home files.
- ## </summary>
-@@ -1696,12 +2004,32 @@
++## Mmap user home files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`userdom_mmap_user_home_content_files',`
+ gen_require(`
+ type user_home_dir_t, user_home_t;
+ ')
+@@ -1696,12 +2006,32 @@
type user_home_dir_t, user_home_t;
')
@@ -49538,7 +49823,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Do not audit attempts to read user home files.
## </summary>
## <param name="domain">
-@@ -1712,11 +2040,14 @@
+@@ -1712,11 +2042,14 @@
#
interface(`userdom_dontaudit_read_user_home_content_files',`
gen_require(`
@@ -49556,7 +49841,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -1806,8 +2137,7 @@
+@@ -1806,8 +2139,7 @@
type user_home_dir_t, user_home_t;
')
@@ -49566,7 +49851,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -1823,20 +2153,14 @@
+@@ -1823,20 +2155,14 @@
#
interface(`userdom_exec_user_home_content_files',`
gen_require(`
@@ -49591,7 +49876,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
########################################
## <summary>
-@@ -2178,7 +2502,7 @@
+@@ -2178,7 +2504,7 @@
type user_tmp_t;
')
@@ -49600,7 +49885,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2431,13 +2755,14 @@
+@@ -2431,13 +2757,14 @@
')
read_files_pattern($1, user_tmpfs_t, user_tmpfs_t)
@@ -49616,7 +49901,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## </summary>
## <param name="domain">
## <summary>
-@@ -2458,26 +2783,6 @@
+@@ -2458,26 +2785,6 @@
########################################
## <summary>
@@ -49643,7 +49928,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
## Get the attributes of a user domain tty.
## </summary>
## <param name="domain">
-@@ -2811,7 +3116,7 @@
+@@ -2811,7 +3118,7 @@
domain_entry_file_spec_domtrans($1, unpriv_userdomain)
allow unpriv_userdomain $1:fd use;
@@ -49652,7 +49937,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
allow unpriv_userdomain $1:process sigchld;
')
-@@ -2827,11 +3132,13 @@
+@@ -2827,11 +3134,13 @@
#
interface(`userdom_search_user_home_content',`
gen_require(`
@@ -49668,7 +49953,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2913,7 +3220,7 @@
+@@ -2913,7 +3222,7 @@
type user_devpts_t;
')
@@ -49677,7 +49962,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -2968,7 +3275,45 @@
+@@ -2968,7 +3277,45 @@
type user_tmp_t;
')
@@ -49724,7 +50009,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
########################################
-@@ -3005,6 +3350,7 @@
+@@ -3005,6 +3352,7 @@
')
read_files_pattern($1, userdomain, userdomain)
@@ -49732,7 +50017,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
kernel_search_proc($1)
')
-@@ -3135,3 +3481,855 @@
+@@ -3135,3 +3483,855 @@
allow $1 userdomain:dbus send_msg;
')
@@ -50589,8 +50874,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+ type_transition $1 user_tmp_t:process $2;
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.9.7/policy/modules/system/userdomain.te
---- nsaserefpolicy/policy/modules/system/userdomain.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/userdomain.te 2011-01-19 17:11:05.486042455 +0100
+--- nsaserefpolicy/policy/modules/system/userdomain.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/userdomain.te 2011-01-19 16:11:05.000000000 +0000
@@ -43,6 +43,13 @@
## <desc>
@@ -50677,8 +50962,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+# Nautilus causes this avc
+dontaudit unpriv_userdomain self:dir setattr;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.9.7/policy/modules/system/xen.fc
---- nsaserefpolicy/policy/modules/system/xen.fc 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/xen.fc 2010-11-05 14:02:26.965900198 +0100
+--- nsaserefpolicy/policy/modules/system/xen.fc 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/xen.fc 2010-11-05 13:02:26.000000000 +0000
@@ -1,7 +1,5 @@
/dev/xen/tapctrl.* -p gen_context(system_u:object_r:xenctl_t,s0)
@@ -50688,8 +50973,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc
ifdef(`distro_debian',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.9.7/policy/modules/system/xen.if
---- nsaserefpolicy/policy/modules/system/xen.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/xen.if 2010-11-05 14:02:26.966899853 +0100
+--- nsaserefpolicy/policy/modules/system/xen.if 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/xen.if 2010-11-05 13:02:26.000000000 +0000
@@ -87,6 +87,26 @@
## </summary>
## </param>
@@ -50738,8 +51023,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
files_search_pids($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.9.7/policy/modules/system/xen.te
---- nsaserefpolicy/policy/modules/system/xen.te 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/system/xen.te 2010-11-05 14:02:26.967899788 +0100
+--- nsaserefpolicy/policy/modules/system/xen.te 2010-10-12 20:42:50.000000000 +0000
++++ serefpolicy-3.9.7/policy/modules/system/xen.te 2010-11-05 13:02:26.000000000 +0000
@@ -4,6 +4,7 @@
#
# Declarations
@@ -50931,8 +51216,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
- ')
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns.spt serefpolicy-3.9.7/policy/support/misc_patterns.spt
---- nsaserefpolicy/policy/support/misc_patterns.spt 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/support/misc_patterns.spt 2010-11-05 14:02:26.967899788 +0100
+--- nsaserefpolicy/policy/support/misc_patterns.spt 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/support/misc_patterns.spt 2010-11-05 13:02:26.000000000 +0000
@@ -15,7 +15,7 @@
domain_transition_pattern($1,$2,$3)
@@ -50957,8 +51242,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.9.7/policy/support/obj_perm_sets.spt
---- nsaserefpolicy/policy/support/obj_perm_sets.spt 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/support/obj_perm_sets.spt 2010-11-05 14:02:26.968900141 +0100
+--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2010-10-12 20:42:51.000000000 +0000
++++ serefpolicy-3.9.7/policy/support/obj_perm_sets.spt 2010-11-05 13:02:26.000000000 +0000
@@ -28,7 +28,7 @@
#
# All socket classes.
@@ -51069,8 +51354,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets
+define(`all_passwd_perms', `{ passwd chfn chsh rootok crontab } ')
+define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.9.7/policy/users
---- nsaserefpolicy/policy/users 2010-10-12 22:42:47.000000000 +0200
-+++ serefpolicy-3.9.7/policy/users 2010-11-05 14:02:26.970900360 +0100
+--- nsaserefpolicy/policy/users 2010-10-12 20:42:47.000000000 +0000
++++ serefpolicy-3.9.7/policy/users 2010-11-05 13:02:26.000000000 +0000
@@ -15,7 +15,7 @@
# and a user process should never be assigned the system user
# identity.
diff --git a/selinux-policy.spec b/selinux-policy.spec
index bac5edf..7c788e2 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -21,7 +21,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.9.7
-Release: 25%{?dist}
+Release: 26%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -472,6 +472,14 @@ exit 0
%endif
%changelog
+* Thu Jan 27 2011 Miroslav Grepl <mgrepl at redhat.com> 3.9.7-26
+- Add execmem_exec_t label for gimp
+- Allow nagios plugin to read /proc/meminfo
+- Fix label for /usr/lib/debug
+- Add label for /usr/lib/bjlib
+- Fixes for confined users
+- Change oracle_port_t to oracledb_port_t to prevent conflict with satellite
+
* Thu Jan 20 2011 Miroslav Grepl <mgrepl at redhat.com> 3.9.7-25
- .forward.* Needs to be labeled mail_home_t
- .forward file can cause postfix_local to execute local content
More information about the scm-commits
mailing list