[selinux-policy] Move dontaudit sys_ptrace line from permissive.te to domain.te Remove policy for hal, it no longer e

[Daniel J Walsh]

commit 2453975e3d34aef55de4b48253d9418c05bf429d
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Thu Oct 13 15:43:15 2011 -0400

    Move dontaudit sys_ptrace line from permissive.te to domain.te
    Remove policy for hal, it no longer exists

 modules-mls.conf      |    7 -------
 modules-targeted.conf |    7 -------
 ptrace.patch          |   14 --------------
 selinux-policy.spec   |    8 ++++++--
 4 files changed, 6 insertions(+), 30 deletions(-)
---
diff --git a/modules-mls.conf b/modules-mls.conf
index 28ac668..b4ac026 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -620,13 +620,6 @@ gnome = module
 gnomeclock = module
 
 # Layer: services
-# Module: hal
-#
-# Hardware abstraction layer
-# 
-hal = module
-
-# Layer: services
 # Module: plymouthd
 #
 #  Plymouth
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 6930073..c806c9d 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -703,13 +703,6 @@ gnome = module
 gnomeclock = module
 
 # Layer: services
-# Module: hal
-#
-# Hardware abstraction layer
-# 
-hal = module
-
-# Layer: services
 # Module: hddtemp
 #
 # hddtemp hard disk temperature tool running as a daemon
diff --git a/ptrace.patch b/ptrace.patch
index a78dd8c..ab0d753 100644
--- a/ptrace.patch
+++ b/ptrace.patch
@@ -83,20 +83,6 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace serefpolicy-3
  allow ncftool_t self:process signal;
  
  allow ncftool_t self:fifo_file manage_fifo_file_perms;
-diff -up serefpolicy-3.10.0/policy/modules/admin/permissivedomains.te.ptrace serefpolicy-3.10.0/policy/modules/admin/permissivedomains.te
---- serefpolicy-3.10.0/policy/modules/admin/permissivedomains.te.ptrace	2011-10-11 16:42:15.590761731 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/permissivedomains.te	2011-10-11 16:43:18.809744020 -0400
-@@ -266,3 +266,10 @@ optional_policy(`
-       permissive virt_qmf_t;
- ')
- 
-+optional_policy(`
-+      gen_require(`
-+             attribute domain;
-+      ')
-+
-+      dontaudit domain self:capability sys_ptrace;
-+')
 diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace serefpolicy-3.10.0/policy/modules/admin/rpm.te
 --- serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace	2011-10-11 16:42:16.020761610 -0400
 +++ serefpolicy-3.10.0/policy/modules/admin/rpm.te	2011-10-11 16:42:16.085761591 -0400
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3956c6f..6dc825a 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.10.0
-Release: 39.2%{?dist}
+Release: 39.3%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -218,7 +218,7 @@ fi;
 if [ -e /etc/selinux/%2/.rebuild ]; then \
    rm /etc/selinux/%2/.rebuild; \
    if [ %1 -ne 1 ]; then \
-	/usr/sbin/semodule -n -s %2 -r hotplug howl java mono moilscanner gamin audio_entropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger qpidd 2>/dev/null; \
+	/usr/sbin/semodule -n -s %2 -r hal hotplug howl java mono moilscanner gamin audio_entropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger qpidd 2>/dev/null; \
    fi \
    /usr/sbin/semodule -B -s %2; \
 else \
@@ -480,6 +480,10 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Thu Oct 13 2011 Dan Walsh <dwalsh at redhat.com> 3.10.0-39.3
+- Move dontaudit sys_ptrace line from permissive.te to domain.te
+- Remove policy for hal, it no longer exists
+
 * Wed Oct 12 2011 Dan Walsh <dwalsh at redhat.com> 3.10.0-39.2
 - Don't check md5 size or mtime on certain config files