[selinux-policy] Dontaudit access checks for all executables, gnome-shell is doing access(EXEC, X_OK) Make corosync t
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Oct 14 13:51:02 UTC 2011
commit e29441a5cc4d064fe0af069b277fa6265730288c
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Oct 14 09:50:55 2011 -0400
Dontaudit access checks for all executables, gnome-shell is doing access(EXEC, X_OK)
Make corosync to be able to relabelto cluster lib fies
Allow samba domains to search /var/run/nmbd
Allow dirsrv to use pam
Allow thumb to call getuid
chrome less likely to get mmap_zero bug so removing dontaudit
gimp help-browser has built in javascript
Best guess is that devices named /dev/bsr4096 should be labeled as cpu_device_t
Re-write glance policy
policy-F16.patch | 584 ++++++++++++++++++++++++------------
ptrace.patch | 846 +++++++++++++++++++++++++--------------------------
selinux-policy.spec | 13 +-
3 files changed, 830 insertions(+), 613 deletions(-)
---
diff --git a/policy-F16.patch b/policy-F16.patch
index 1eb543f..57b4a25 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -511,7 +511,7 @@ index 7a6f06f..e117271 100644
/usr/sbin/grub -- gen_context(system_u:object_r:bootloader_exec_t,s0)
diff --git a/policy/modules/admin/bootloader.if b/policy/modules/admin/bootloader.if
-index 63eb96b..17a9f6d 100644
+index 63eb96b..98307a8 100644
--- a/policy/modules/admin/bootloader.if
+++ b/policy/modules/admin/bootloader.if
@@ -19,6 +19,24 @@ interface(`bootloader_domtrans',`
@@ -539,6 +539,29 @@ index 63eb96b..17a9f6d 100644
########################################
## <summary>
## Execute bootloader interactively and do
+@@ -128,3 +146,22 @@ interface(`bootloader_create_runtime_file',`
+ allow $1 boot_runtime_t:file { create_file_perms rw_file_perms };
+ files_boot_filetrans($1, boot_runtime_t, file)
+ ')
++
++########################################
++## <summary>
++## Type transition files created in /etc
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`bootloader_filetrans_config',`
++ gen_require(`
++ type bootloader_etc_t;
++ ')
++
++ files_etc_filetrans($1,bootloader_etc_t,file, "lilo.conf")
++ files_etc_filetrans($1,bootloader_etc_t,file, "yaboot.conf")
++')
diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te
index d3da8f2..9e5a1d0 100644
--- a/policy/modules/admin/bootloader.te
@@ -1861,10 +1884,10 @@ index 0000000..bd83148
+## <summary>No Interfaces</summary>
diff --git a/policy/modules/admin/permissivedomains.te b/policy/modules/admin/permissivedomains.te
new file mode 100644
-index 0000000..a6beb8f
+index 0000000..f0dbe88
--- /dev/null
+++ b/policy/modules/admin/permissivedomains.te
-@@ -0,0 +1,268 @@
+@@ -0,0 +1,276 @@
+policy_module(permissivedomains,16)
+
+optional_policy(`
@@ -1876,6 +1899,14 @@ index 0000000..a6beb8f
+')
+
+optional_policy(`
++ gen_require(`
++ type pptp_t;
++ ')
++
++ permissive pptp_t;
++')
++
++optional_policy(`
+ gen_require(`
+ type bootloader_t;
+ ')
@@ -2218,7 +2249,7 @@ index 93ec175..0e42018 100644
')
')
diff --git a/policy/modules/admin/prelink.te b/policy/modules/admin/prelink.te
-index af55369..e83b341 100644
+index af55369..ec838bd 100644
--- a/policy/modules/admin/prelink.te
+++ b/policy/modules/admin/prelink.te
@@ -36,7 +36,7 @@ files_type(prelink_var_lib_t)
@@ -2260,7 +2291,7 @@ index af55369..e83b341 100644
selinux_get_enforce_mode(prelink_t)
libs_exec_ld_so(prelink_t)
-@@ -98,7 +102,14 @@ libs_delete_lib_symlinks(prelink_t)
+@@ -98,7 +102,15 @@ libs_delete_lib_symlinks(prelink_t)
miscfiles_read_localization(prelink_t)
@@ -2269,6 +2300,7 @@ index af55369..e83b341 100644
+userdom_manage_user_home_content(prelink_t)
+userdom_relabel_user_home_files(prelink_t)
+userdom_execmod_user_home_files(prelink_t)
++userdom_exec_user_home_content_files(prelink_t)
+
+systemd_read_unit_files(prelink_t)
+
@@ -2276,7 +2308,7 @@ index af55369..e83b341 100644
optional_policy(`
amanda_manage_lib(prelink_t)
-@@ -109,6 +120,15 @@ optional_policy(`
+@@ -109,6 +121,15 @@ optional_policy(`
')
optional_policy(`
@@ -2292,7 +2324,7 @@ index af55369..e83b341 100644
rpm_manage_tmp_files(prelink_t)
')
-@@ -129,6 +149,7 @@ optional_policy(`
+@@ -129,6 +150,7 @@ optional_policy(`
read_files_pattern(prelink_cron_system_t, prelink_cache_t, prelink_cache_t)
allow prelink_cron_system_t prelink_cache_t:file unlink;
@@ -2300,7 +2332,7 @@ index af55369..e83b341 100644
domtrans_pattern(prelink_cron_system_t, prelink_exec_t, prelink_t)
allow prelink_cron_system_t prelink_t:process noatsecure;
-@@ -148,17 +169,28 @@ optional_policy(`
+@@ -148,17 +170,29 @@ optional_policy(`
files_read_etc_files(prelink_cron_system_t)
files_search_var_lib(prelink_cron_system_t)
@@ -2329,6 +2361,7 @@ index af55369..e83b341 100644
+ optional_policy(`
+ dbus_read_config(prelink_t)
+ ')
++ miscfiles_read_man_pages(prelink_t)
+')
diff --git a/policy/modules/admin/quota.if b/policy/modules/admin/quota.if
index bf75d99..1698e8f 100644
@@ -4624,10 +4657,10 @@ index cd70958..e8c94b1 100644
-')
diff --git a/policy/modules/apps/execmem.fc b/policy/modules/apps/execmem.fc
new file mode 100644
-index 0000000..6f3570a
+index 0000000..5e09952
--- /dev/null
+++ b/policy/modules/apps/execmem.fc
-@@ -0,0 +1,48 @@
+@@ -0,0 +1,49 @@
+
+/usr/bin/aticonfig -- gen_context(system_u:object_r:execmem_exec_t,s0)
+/usr/bin/darcs -- gen_context(system_u:object_r:execmem_exec_t,s0)
@@ -4663,6 +4696,7 @@ index 0000000..6f3570a
+
+/usr/local/RealPlayer/realplay\.bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
+
++/usr/lib/gimp/[^/]+/plug-ins/help-browser -- gen_context(system_u:object_r:execmem_exec_t,s0)
+/usr/lib/wingide-[^/]+/bin/PyCore/python -- gen_context(system_u:object_r:execmem_exec_t,s0)
+/usr/lib/thunderbird-[^/]+/thunderbird-bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
+
@@ -7504,7 +7538,7 @@ index 93ac529..35b51ab 100644
+/usr/lib/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
+/usr/lib/xulrunner[^/]*/plugin-container -- gen_context(system_u:object_r:mozilla_plugin_exec_t,s0)
diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if
-index fbb5c5a..83fc139 100644
+index fbb5c5a..6c95832 100644
--- a/policy/modules/apps/mozilla.if
+++ b/policy/modules/apps/mozilla.if
@@ -29,6 +29,8 @@ interface(`mozilla_role',`
@@ -7550,7 +7584,7 @@ index fbb5c5a..83fc139 100644
+ allow $1 mozilla_plugin_t:fd use;
+
+ allow mozilla_plugin_t $1:unix_stream_socket rw_socket_perms;
-+ allow mozilla_plugin_t $1:shm rw_shm_perms;
++ allow mozilla_plugin_t $1:shm { rw_shm_perms destroy };
+ allow mozilla_plugin_t $1:sem create_sem_perms;
+
+ ps_process_pattern($1, mozilla_plugin_t)
@@ -7650,7 +7684,7 @@ index fbb5c5a..83fc139 100644
+ dontaudit $1 mozilla_plugin_t:unix_stream_socket { read write };
')
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
-index 2e9318b..d1b1280 100644
+index 2e9318b..8768af4 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -25,6 +25,7 @@ files_config_file(mozilla_conf_t)
@@ -7720,10 +7754,12 @@ index 2e9318b..d1b1280 100644
')
optional_policy(`
-@@ -297,15 +306,18 @@ optional_policy(`
+@@ -296,16 +305,19 @@ optional_policy(`
+ # mozilla_plugin local policy
#
- dontaudit mozilla_plugin_t self:capability { sys_ptrace };
+-dontaudit mozilla_plugin_t self:capability { sys_ptrace };
++dontaudit mozilla_plugin_t self:capability { sys_ptrace sys_nice };
+
allow mozilla_plugin_t self:process { setsched signal_perms execmem };
-allow mozilla_plugin_t self:fifo_file manage_fifo_file_perms;
@@ -8559,10 +8595,10 @@ index 0000000..1925bd9
+')
diff --git a/policy/modules/apps/nsplugin.te b/policy/modules/apps/nsplugin.te
new file mode 100644
-index 0000000..008fbe3
+index 0000000..f0773b4
--- /dev/null
+++ b/policy/modules/apps/nsplugin.te
-@@ -0,0 +1,340 @@
+@@ -0,0 +1,335 @@
+policy_module(nsplugin, 1.0.0)
+
+########################################
@@ -8773,11 +8809,6 @@ index 0000000..008fbe3
+')
+
+optional_policy(`
-+ pulseaudio_filetrans_admin_home_content(nsplugin_t)
-+ pulseaudio_filetrans_home_content(nsplugin_t)
-+')
-+
-+optional_policy(`
+ unconfined_execmem_signull(nsplugin_t)
+')
+
@@ -9080,7 +9111,7 @@ index 84f23dc..af5b87d 100644
/var/lib/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_lib_t,s0)
diff --git a/policy/modules/apps/pulseaudio.if b/policy/modules/apps/pulseaudio.if
-index f40c64d..9a5e99c 100644
+index f40c64d..a08cb82 100644
--- a/policy/modules/apps/pulseaudio.if
+++ b/policy/modules/apps/pulseaudio.if
@@ -35,6 +35,10 @@ interface(`pulseaudio_role',`
@@ -9094,10 +9125,13 @@ index f40c64d..9a5e99c 100644
allow $2 pulseaudio_t:dbus send_msg;
allow pulseaudio_t $2:dbus { acquire_svc send_msg };
')
-@@ -258,3 +262,63 @@ interface(`pulseaudio_manage_home_files',`
+@@ -257,4 +261,66 @@ interface(`pulseaudio_manage_home_files',`
+ userdom_search_user_home_dirs($1)
manage_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
read_lnk_files_pattern($1, pulseaudio_home_t, pulseaudio_home_t)
- ')
++ pulseaudio_filetrans_home_content($1)
++ pulseaudio_filetrans_admin_home_content($1)
++')
+
+########################################
+## <summary>
@@ -9157,7 +9191,7 @@ index f40c64d..9a5e99c 100644
+
+ userdom_admin_home_dir_filetrans($1, pulseaudio_home_t, dir, ".pulse")
+ userdom_admin_home_dir_filetrans($1, pulseaudio_home_t, file, ".pulse-cookie")
-+')
+ ')
diff --git a/policy/modules/apps/pulseaudio.te b/policy/modules/apps/pulseaudio.te
index d1eace5..8522ab4 100644
--- a/policy/modules/apps/pulseaudio.te
@@ -9419,7 +9453,7 @@ index 268d691..da3a26d 100644
+ domain_entry_file($1, qemu_exec_t)
+')
diff --git a/policy/modules/apps/qemu.te b/policy/modules/apps/qemu.te
-index 1813e16..83f68f0 100644
+index 1813e16..50a3a34 100644
--- a/policy/modules/apps/qemu.te
+++ b/policy/modules/apps/qemu.te
@@ -55,6 +55,7 @@ storage_raw_read_removable_device(qemu_t)
@@ -9430,7 +9464,7 @@ index 1813e16..83f68f0 100644
tunable_policy(`qemu_full_network',`
allow qemu_t self:udp_socket create_socket_perms;
-@@ -99,6 +100,18 @@ optional_policy(`
+@@ -99,6 +100,13 @@ optional_policy(`
')
optional_policy(`
@@ -9440,16 +9474,11 @@ index 1813e16..83f68f0 100644
+')
+
+optional_policy(`
-+ pulseaudio_manage_home_files(qemu_t)
-+ pulseaudio_stream_connect(qemu_t)
-+')
-+
-+optional_policy(`
+ virt_manage_home_files(qemu_t)
virt_manage_images(qemu_t)
virt_append_log(qemu_t)
')
-@@ -111,18 +124,3 @@ optional_policy(`
+@@ -111,18 +119,3 @@ optional_policy(`
xserver_read_xdm_pid(qemu_t)
xserver_stream_connect(qemu_t)
')
@@ -11299,10 +11328,10 @@ index 0000000..b78aa77
+
diff --git a/policy/modules/apps/thumb.te b/policy/modules/apps/thumb.te
new file mode 100644
-index 0000000..cc502a0
+index 0000000..b4001f1
--- /dev/null
+++ b/policy/modules/apps/thumb.te
-@@ -0,0 +1,73 @@
+@@ -0,0 +1,76 @@
+policy_module(thumb, 1.0.0)
+
+########################################
@@ -11349,6 +11378,8 @@ index 0000000..cc502a0
+files_read_etc_files(thumb_t)
+files_read_usr_files(thumb_t)
+
++auth_use_nsswitch(thumb_t)
++
+miscfiles_read_fonts(thumb_t)
+miscfiles_read_localization(thumb_t)
+
@@ -11357,6 +11388,7 @@ index 0000000..cc502a0
+userdom_read_user_tmp_files(thumb_t)
+userdom_read_user_home_content_files(thumb_t)
+userdom_write_user_tmp_files(thumb_t)
++userdom_read_home_audio_files(thumb_t)
+
+userdom_use_inherited_user_ptys(thumb_t)
+
@@ -11945,7 +11977,7 @@ index 223ad43..d95e720 100644
rsync_exec(yam_t)
')
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
-index 3fae11a..d653b7f 100644
+index 3fae11a..7bcafea 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -97,8 +97,6 @@ ifdef(`distro_redhat',`
@@ -11978,7 +12010,15 @@ index 3fae11a..d653b7f 100644
/lib/rcscripts/addons(/.*)? gen_context(system_u:object_r:bin_t,s0)
/lib/rcscripts/sh(/.*)? gen_context(system_u:object_r:bin_t,s0)
-@@ -179,6 +174,8 @@ ifdef(`distro_gentoo',`
+@@ -168,6 +163,7 @@ ifdef(`distro_gentoo',`
+ /opt/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)
+
+ /opt/google/talkplugin(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/opt/google/chrome(/.*)? gen_context(system_u:object_r:bin_t,s0)
+
+ /opt/gutenprint/cups/lib/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
+
+@@ -179,6 +175,8 @@ ifdef(`distro_gentoo',`
/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
')
@@ -11987,7 +12027,7 @@ index 3fae11a..d653b7f 100644
#
# /usr
#
-@@ -198,48 +195,51 @@ ifdef(`distro_gentoo',`
+@@ -198,48 +196,51 @@ ifdef(`distro_gentoo',`
/usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/qt.*/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/wicd/monitor\.py -- gen_context(system_u:object_r:bin_t, s0)
@@ -12081,7 +12121,7 @@ index 3fae11a..d653b7f 100644
/usr/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/libexec/git-core/git-shell -- gen_context(system_u:object_r:shell_exec_t,s0)
-@@ -247,9 +247,13 @@ ifdef(`distro_gentoo',`
+@@ -247,9 +248,13 @@ ifdef(`distro_gentoo',`
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
@@ -12096,7 +12136,7 @@ index 3fae11a..d653b7f 100644
/usr/local/linuxprinter/filters(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/sbin/scponlyc -- gen_context(system_u:object_r:shell_exec_t,s0)
-@@ -267,6 +271,10 @@ ifdef(`distro_gentoo',`
+@@ -267,6 +272,10 @@ ifdef(`distro_gentoo',`
/usr/share/cluster/.*\.sh gen_context(system_u:object_r:bin_t,s0)
/usr/share/cluster/ocf-shellfuncs -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/cluster/svclib_nfslock -- gen_context(system_u:object_r:bin_t,s0)
@@ -12107,7 +12147,7 @@ index 3fae11a..d653b7f 100644
/usr/share/e16/misc(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/gedit-2/plugins/externaltools/tools(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/gitolite/hooks/common/update -- gen_context(system_u:object_r:bin_t,s0)
-@@ -286,6 +294,7 @@ ifdef(`distro_gentoo',`
+@@ -286,6 +295,7 @@ ifdef(`distro_gentoo',`
/usr/share/smolt/client(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall/compiler\.pl -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall/configpath -- gen_context(system_u:object_r:bin_t,s0)
@@ -12115,7 +12155,7 @@ index 3fae11a..d653b7f 100644
/usr/share/shorewall-perl(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall-shell(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/shorewall-lite(/.*)? gen_context(system_u:object_r:bin_t,s0)
-@@ -293,8 +302,10 @@ ifdef(`distro_gentoo',`
+@@ -293,8 +303,10 @@ ifdef(`distro_gentoo',`
/usr/share/spamassassin/sa-update\.cron gen_context(system_u:object_r:bin_t,s0)
/usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/vhostmd/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -12127,7 +12167,7 @@ index 3fae11a..d653b7f 100644
ifdef(`distro_gentoo', `
/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? gen_context(system_u:object_r:bin_t,s0)
-@@ -306,10 +317,11 @@ ifdef(`distro_redhat', `
+@@ -306,10 +318,11 @@ ifdef(`distro_redhat', `
/etc/gdm/[^/]+ -d gen_context(system_u:object_r:bin_t,s0)
/etc/gdm/[^/]+/.* gen_context(system_u:object_r:bin_t,s0)
@@ -12141,7 +12181,7 @@ index 3fae11a..d653b7f 100644
/usr/lib/vmware-tools/(s)?bin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib/vmware-tools/(s)?bin64(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
-@@ -319,9 +331,11 @@ ifdef(`distro_redhat', `
+@@ -319,9 +332,11 @@ ifdef(`distro_redhat', `
/usr/share/clamav/clamd-gen -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/clamav/freshclam-sleep -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/createrepo(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -12153,7 +12193,7 @@ index 3fae11a..d653b7f 100644
/usr/share/pwlib/make/ptlib-config -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/pydict/pydict\.py -- gen_context(system_u:object_r:bin_t,s0)
/usr/share/rhn/rhn_applet/applet\.py -- gen_context(system_u:object_r:bin_t,s0)
-@@ -363,7 +377,7 @@ ifdef(`distro_redhat', `
+@@ -363,7 +378,7 @@ ifdef(`distro_redhat', `
ifdef(`distro_suse', `
/usr/lib/cron/run-crons -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib/samba/classic/.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -12162,7 +12202,7 @@ index 3fae11a..d653b7f 100644
/usr/share/apache2/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
')
-@@ -375,8 +389,9 @@ ifdef(`distro_suse', `
+@@ -375,8 +390,9 @@ ifdef(`distro_suse', `
/var/ftp/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/var/lib/asterisk/agi-bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -12173,13 +12213,13 @@ index 3fae11a..d653b7f 100644
/var/qmail/bin -d gen_context(system_u:object_r:bin_t,s0)
/var/qmail/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
-@@ -385,3 +400,4 @@ ifdef(`distro_suse', `
+@@ -385,3 +401,4 @@ ifdef(`distro_suse', `
ifdef(`distro_suse',`
/var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
')
+/usr/lib/ruby/gems/.*/agents(/.*)? gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/kernel/corecommands.if b/policy/modules/kernel/corecommands.if
-index 9e9263a..59c2125 100644
+index 9e9263a..650e796 100644
--- a/policy/modules/kernel/corecommands.if
+++ b/policy/modules/kernel/corecommands.if
@@ -203,7 +203,7 @@ interface(`corecmd_getattr_bin_files',`
@@ -12216,7 +12256,32 @@ index 9e9263a..59c2125 100644
## Read symbolic links in bin directories.
## </summary>
## <param name="domain">
-@@ -1049,6 +1067,7 @@ interface(`corecmd_manage_all_executables',`
+@@ -954,6 +972,24 @@ interface(`corecmd_exec_chroot',`
+
+ ########################################
+ ## <summary>
++## Do not audit attempts to access check executable files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain to not audit.
++## </summary>
++## </param>
++#
++interface(`corecmd_dontaudit_access_all_executables',`
++ gen_require(`
++ attribute exec_type;
++ ')
++
++ dontaudit $1 exec_type:file audit_access;
++')
++
++########################################
++## <summary>
+ ## Get the attributes of all executable files.
+ ## </summary>
+ ## <param name="domain">
+@@ -1049,6 +1085,7 @@ interface(`corecmd_manage_all_executables',`
type bin_t;
')
@@ -13386,7 +13451,7 @@ index 4f3b542..cf422f4 100644
corenet_udp_recvfrom_labeled($1, $2)
corenet_raw_recvfrom_labeled($1, $2)
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
-index 99b71cb..17d942f 100644
+index 99b71cb..740d4b1 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -11,11 +11,15 @@ attribute netif_type;
@@ -13553,7 +13618,7 @@ index 99b71cb..17d942f 100644
network_port(mpd, tcp,6600,s0)
network_port(msnp, tcp,1863,s0, udp,1863,s0)
network_port(mssql, tcp,1433-1434,s0, udp,1433-1434,s0)
-@@ -152,16 +199,25 @@ network_port(mysqlmanagerd, tcp,2273,s0)
+@@ -152,21 +199,31 @@ network_port(mysqlmanagerd, tcp,2273,s0)
network_port(nessus, tcp,1241,s0)
network_port(netport, tcp,3129,s0, udp,3129,s0)
network_port(netsupport, tcp,5404,s0, udp,5404,s0, tcp,5405,s0, udp,5405,s0)
@@ -13580,7 +13645,13 @@ index 99b71cb..17d942f 100644
network_port(pop, tcp,106,s0, tcp,109,s0, tcp,110,s0, tcp,143,s0, tcp,220,s0, tcp,993,s0, tcp,995,s0, tcp,1109,s0)
network_port(portmap, udp,111,s0, tcp,111,s0)
network_port(postfix_policyd, tcp,10031,s0)
-@@ -179,30 +235,35 @@ network_port(radacct, udp,1646,s0, udp,1813,s0)
+ network_port(postgresql, tcp,5432,s0)
+ network_port(postgrey, tcp,60000,s0)
++network_port(pptp, tcp, 1723,s0, udp, 1723, s0)
+ network_port(prelude, tcp,4690,s0, udp,4690,s0)
+ network_port(presence, tcp,5298-5299,s0, udp,5298-5299,s0)
+ network_port(printer, tcp,515,s0)
+@@ -179,30 +236,35 @@ network_port(radacct, udp,1646,s0, udp,1813,s0)
network_port(radius, udp,1645,s0, udp,1812,s0)
network_port(radsec, tcp,2083,s0)
network_port(razor, tcp,2703,s0)
@@ -13620,7 +13691,7 @@ index 99b71cb..17d942f 100644
network_port(tcs, tcp, 30003, s0)
network_port(telnetd, tcp,23,s0)
network_port(tftp, udp,69,s0)
-@@ -215,7 +276,7 @@ network_port(uucpd, tcp,540,s0)
+@@ -215,7 +277,7 @@ network_port(uucpd, tcp,540,s0)
network_port(varnishd, tcp,6081-6082,s0)
network_port(virt, tcp,16509,s0, udp,16509,s0, tcp,16514,s0, udp,16514,s0)
network_port(virt_migration, tcp,49152-49216,s0)
@@ -13629,7 +13700,7 @@ index 99b71cb..17d942f 100644
network_port(wccp, udp,2048,s0)
network_port(whois, tcp,43,s0, udp,43,s0, tcp, 4321, s0 , udp, 4321, s0 )
network_port(xdmcp, udp,177,s0, tcp,177,s0)
-@@ -229,6 +290,7 @@ network_port(zookeeper_client, tcp,2181,s0)
+@@ -229,6 +291,7 @@ network_port(zookeeper_client, tcp,2181,s0)
network_port(zookeeper_election, tcp,3888,s0)
network_port(zookeeper_leader, tcp,2888,s0)
network_port(zebra, tcp,2600-2604,s0, tcp,2606,s0, udp,2600-2604,s0, udp,2606,s0)
@@ -13637,7 +13708,7 @@ index 99b71cb..17d942f 100644
network_port(zope, tcp,8021,s0)
# Defaults for reserved ports. Earlier portcon entries take precedence;
-@@ -238,6 +300,12 @@ portcon tcp 512-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
+@@ -238,6 +301,12 @@ portcon tcp 512-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
portcon udp 512-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
portcon tcp 1-511 gen_context(system_u:object_r:reserved_port_t, s0)
portcon udp 1-511 gen_context(system_u:object_r:reserved_port_t, s0)
@@ -13650,7 +13721,7 @@ index 99b71cb..17d942f 100644
########################################
#
-@@ -282,9 +350,10 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
+@@ -282,9 +351,10 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
allow corenet_unconfined_type node_type:node *;
allow corenet_unconfined_type netif_type:netif *;
allow corenet_unconfined_type packet_type:packet *;
@@ -13714,10 +13785,16 @@ index 35fed4f..51ad69a 100644
#
diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
-index 6cf8784..935a96c 100644
+index 6cf8784..12bd6fc 100644
--- a/policy/modules/kernel/devices.fc
+++ b/policy/modules/kernel/devices.fc
-@@ -20,6 +20,7 @@
+@@ -15,11 +15,13 @@
+ /dev/atibm -c gen_context(system_u:object_r:mouse_device_t,s0)
+ /dev/audio.* -c gen_context(system_u:object_r:sound_device_t,s0)
+ /dev/autofs.* -c gen_context(system_u:object_r:autofs_device_t,s0)
++/dev/bsr.* -c gen_context(system_u:object_r:cpu_device_t,s0)
+ /dev/beep -c gen_context(system_u:object_r:sound_device_t,s0)
+ /dev/btrfs-control -c gen_context(system_u:object_r:lvm_control_t,s0)
/dev/controlD64 -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
/dev/crash -c gen_context(system_u:object_r:crash_device_t,mls_systemhigh)
/dev/dahdi/.* -c gen_context(system_u:object_r:sound_device_t,s0)
@@ -13725,7 +13802,7 @@ index 6cf8784..935a96c 100644
/dev/dmfm -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/dmmidi.* -c gen_context(system_u:object_r:sound_device_t,s0)
/dev/dsp.* -c gen_context(system_u:object_r:sound_device_t,s0)
-@@ -57,8 +58,10 @@
+@@ -57,8 +59,10 @@
/dev/lirc[0-9]+ -c gen_context(system_u:object_r:lirc_device_t,s0)
/dev/lircm -c gen_context(system_u:object_r:mouse_device_t,s0)
/dev/logibm -c gen_context(system_u:object_r:mouse_device_t,s0)
@@ -13736,7 +13813,7 @@ index 6cf8784..935a96c 100644
/dev/mem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
/dev/mergemem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
/dev/mga_vid.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0)
-@@ -126,6 +129,7 @@ ifdef(`distro_suse', `
+@@ -126,6 +130,7 @@ ifdef(`distro_suse', `
/dev/vttuner -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/vtx.* -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/watchdog -c gen_context(system_u:object_r:watchdog_device_t,s0)
@@ -13744,7 +13821,7 @@ index 6cf8784..935a96c 100644
/dev/winradio. -c gen_context(system_u:object_r:v4l_device_t,s0)
/dev/z90crypt -c gen_context(system_u:object_r:crypt_device_t,s0)
/dev/zero -c gen_context(system_u:object_r:zero_device_t,s0)
-@@ -187,8 +191,6 @@ ifdef(`distro_suse', `
+@@ -187,8 +192,6 @@ ifdef(`distro_suse', `
/lib/udev/devices/null -c gen_context(system_u:object_r:null_device_t,s0)
/lib/udev/devices/zero -c gen_context(system_u:object_r:zero_device_t,s0)
@@ -13753,7 +13830,7 @@ index 6cf8784..935a96c 100644
ifdef(`distro_redhat',`
# originally from named.fc
/var/named/chroot/dev -d gen_context(system_u:object_r:device_t,s0)
-@@ -196,3 +198,8 @@ ifdef(`distro_redhat',`
+@@ -196,3 +199,8 @@ ifdef(`distro_redhat',`
/var/named/chroot/dev/random -c gen_context(system_u:object_r:random_device_t,s0)
/var/named/chroot/dev/zero -c gen_context(system_u:object_r:zero_device_t,s0)
')
@@ -15285,7 +15362,7 @@ index 6a1e4d1..3ded83e 100644
+ dontaudit $1 domain:socket_class_set { read write };
')
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
-index fae1ab1..db2a183 100644
+index fae1ab1..02cf550 100644
--- a/policy/modules/kernel/domain.te
+++ b/policy/modules/kernel/domain.te
@@ -4,6 +4,21 @@ policy_module(domain, 1.9.1)
@@ -15378,7 +15455,7 @@ index fae1ab1..db2a183 100644
# Act upon any other process.
allow unconfined_domain_type domain:process ~{ transition dyntransition execmem execstack execheap };
-@@ -160,3 +197,118 @@ allow unconfined_domain_type domain:key *;
+@@ -160,3 +197,120 @@ allow unconfined_domain_type domain:key *;
# receive from all domains over labeled networking
domain_all_recvfrom_all_domains(unconfined_domain_type)
@@ -15497,6 +15574,8 @@ index fae1ab1..db2a183 100644
+optional_policy(`
+ seutil_dontaudit_read_config(domain)
+')
++
++dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
index c19518a..12e8e9c 100644
--- a/policy/modules/kernel/files.fc
@@ -21628,10 +21707,10 @@ index 0000000..8b2cdf3
+
diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
new file mode 100644
-index 0000000..e1113e0
+index 0000000..49f2c54
--- /dev/null
+++ b/policy/modules/roles/unconfineduser.te
-@@ -0,0 +1,503 @@
+@@ -0,0 +1,504 @@
+policy_module(unconfineduser, 1.0.0)
+
+########################################
@@ -21878,7 +21957,7 @@ index 0000000..e1113e0
+')
+
+optional_policy(`
-+ bootloader_run(unconfined_t, unconfined_r)
++ bootloader_filetrans_config(unconfined_t)
+')
+
+optional_policy(`
@@ -22035,6 +22114,7 @@ index 0000000..e1113e0
+
+optional_policy(`
+ pulseaudio_filetrans_admin_home_content(unconfined_usertype)
++ pulseaudio_filetrans_home_content(unconfined_usertype)
+')
+
+optional_policy(`
@@ -22723,7 +22803,7 @@ index 0b827c5..bfb68b2 100644
+ dontaudit $1 abrt_t:sock_file write;
+')
diff --git a/policy/modules/services/abrt.te b/policy/modules/services/abrt.te
-index 30861ec..bd5ff95 100644
+index 30861ec..b11c27f 100644
--- a/policy/modules/services/abrt.te
+++ b/policy/modules/services/abrt.te
@@ -5,7 +5,25 @@ policy_module(abrt, 1.2.0)
@@ -22982,7 +23062,7 @@ index 30861ec..bd5ff95 100644
userdom_dontaudit_read_user_home_content_files(abrt_helper_t)
userdom_dontaudit_read_user_tmp_files(abrt_helper_t)
dev_dontaudit_read_all_blk_files(abrt_helper_t)
-@@ -224,4 +315,126 @@ ifdef(`hide_broken_symptoms', `
+@@ -224,4 +315,128 @@ ifdef(`hide_broken_symptoms', `
dev_dontaudit_write_all_chr_files(abrt_helper_t)
dev_dontaudit_write_all_blk_files(abrt_helper_t)
fs_dontaudit_rw_anon_inodefs_files(abrt_helper_t)
@@ -22990,7 +23070,7 @@ index 30861ec..bd5ff95 100644
+ optional_policy(`
+ rpm_dontaudit_leaks(abrt_helper_t)
+ ')
-+')
+ ')
+
+ifdef(`hide_broken_symptoms',`
+ gen_require(`
@@ -23068,7 +23148,7 @@ index 30861ec..bd5ff95 100644
+
+optional_policy(`
+ mock_domtrans(abrt_retrace_worker_t)
- ')
++')
+
+########################################
+#
@@ -23088,6 +23168,8 @@ index 30861ec..bd5ff95 100644
+read_files_pattern(abrt_dump_oops_t, abrt_var_run_t, abrt_var_run_t)
+read_lnk_files_pattern(abrt_dump_oops_t, abrt_var_run_t, abrt_var_run_t)
+
++allow abrt_dump_oops_t abrt_etc_t:file read_file_perms;
++
+kernel_read_kernel_sysctls(abrt_dump_oops_t)
+kernel_read_ring_buffer(abrt_dump_oops_t)
+
@@ -29665,10 +29747,18 @@ index 5220c9d..a2e6830 100644
## <summary>
## Allow the specified domain to read corosync's log files.
diff --git a/policy/modules/services/corosync.te b/policy/modules/services/corosync.te
-index 04969e5..0e76440 100644
+index 04969e5..b55d7bf 100644
--- a/policy/modules/services/corosync.te
+++ b/policy/modules/services/corosync.te
-@@ -32,8 +32,8 @@ files_pid_file(corosync_var_run_t)
+@@ -8,6 +8,7 @@ policy_module(corosync, 1.0.0)
+ type corosync_t;
+ type corosync_exec_t;
+ init_daemon_domain(corosync_t, corosync_exec_t)
++domain_obj_id_change_exemption(corosync_t)
+
+ type corosync_initrc_exec_t;
+ init_script_file(corosync_initrc_exec_t)
+@@ -32,8 +33,8 @@ files_pid_file(corosync_var_run_t)
# corosync local policy
#
@@ -29679,7 +29769,7 @@ index 04969e5..0e76440 100644
allow corosync_t self:fifo_file rw_fifo_file_perms;
allow corosync_t self:sem create_sem_perms;
-@@ -41,9 +41,12 @@ allow corosync_t self:unix_stream_socket { create_stream_socket_perms connectto
+@@ -41,9 +42,12 @@ allow corosync_t self:unix_stream_socket { create_stream_socket_perms connectto
allow corosync_t self:unix_dgram_socket create_socket_perms;
allow corosync_t self:udp_socket create_socket_perms;
@@ -29692,7 +29782,7 @@ index 04969e5..0e76440 100644
manage_dirs_pattern(corosync_t, corosync_tmpfs_t, corosync_tmpfs_t)
manage_files_pattern(corosync_t, corosync_tmpfs_t, corosync_tmpfs_t)
-@@ -63,8 +66,11 @@ manage_sock_files_pattern(corosync_t, corosync_var_run_t, corosync_var_run_t)
+@@ -63,8 +67,11 @@ manage_sock_files_pattern(corosync_t, corosync_var_run_t, corosync_var_run_t)
files_pid_filetrans(corosync_t, corosync_var_run_t, { file sock_file })
kernel_read_system_state(corosync_t)
@@ -29704,7 +29794,7 @@ index 04969e5..0e76440 100644
corenet_udp_bind_netsupport_port(corosync_t)
-@@ -73,6 +79,7 @@ dev_read_urand(corosync_t)
+@@ -73,6 +80,7 @@ dev_read_urand(corosync_t)
domain_read_all_domains_state(corosync_t)
files_manage_mounttab(corosync_t)
@@ -29712,7 +29802,7 @@ index 04969e5..0e76440 100644
auth_use_nsswitch(corosync_t)
-@@ -83,19 +90,44 @@ logging_send_syslog_msg(corosync_t)
+@@ -83,19 +91,44 @@ logging_send_syslog_msg(corosync_t)
miscfiles_read_localization(corosync_t)
@@ -33818,10 +33908,10 @@ index 0000000..6fd8e9f
+')
diff --git a/policy/modules/services/dirsrv.te b/policy/modules/services/dirsrv.te
new file mode 100644
-index 0000000..43c82e7
+index 0000000..a5afe38
--- /dev/null
+++ b/policy/modules/services/dirsrv.te
-@@ -0,0 +1,185 @@
+@@ -0,0 +1,187 @@
+policy_module(dirsrv,1.0.0)
+
+########################################
@@ -33938,6 +34028,8 @@ index 0000000..43c82e7
+
+fs_getattr_all_fs(dirsrv_t)
+
++auth_use_pam(dirsrv_t)
++
+logging_send_syslog_msg(dirsrv_t)
+
+miscfiles_read_localization(dirsrv_t)
@@ -37541,10 +37633,10 @@ index 0000000..3b1870a
+
diff --git a/policy/modules/services/glance.te b/policy/modules/services/glance.te
new file mode 100644
-index 0000000..3d67b98
+index 0000000..45b7469
--- /dev/null
+++ b/policy/modules/services/glance.te
-@@ -0,0 +1,131 @@
+@@ -0,0 +1,104 @@
+policy_module(glance, 1.0.0)
+
+########################################
@@ -37552,7 +37644,9 @@ index 0000000..3d67b98
+# Declarations
+#
+
-+type glance_registry_t;
++attribute glance_domain;
++
++type glance_registry_t, glance_domain;
+type glance_registry_exec_t;
+init_daemon_domain(glance_registry_t, glance_registry_exec_t)
+
@@ -37562,7 +37656,7 @@ index 0000000..3d67b98
+type glance_registry_tmp_t;
+files_tmp_file(glance_registry_tmp_t)
+
-+type glance_api_t;
++type glance_api_t, glance_domain;
+type glance_api_exec_t;
+init_daemon_domain(glance_api_t, glance_api_exec_t)
+
@@ -37581,78 +37675,62 @@ index 0000000..3d67b98
+type glance_var_run_t;
+files_pid_file(glance_var_run_t)
+
-+########################################
++#######################################
+#
-+# glance-registry local policy
++# glance general domain local policy
+#
+
-+allow glance_registry_t self:fifo_file rw_fifo_file_perms;
-+allow glance_registry_t self:unix_stream_socket create_stream_socket_perms;
-+allow glance_registry_t self:tcp_socket create_stream_socket_perms;
++allow glance_domain self:fifo_file rw_fifo_file_perms;
++allow glance_domain self:unix_stream_socket create_stream_socket_perms;
++allow glance_domain self:tcp_socket create_stream_socket_perms;
+
-+manage_dirs_pattern(glance_registry_t, glance_registry_tmp_t, glance_registry_tmp_t)
-+manage_files_pattern(glance_registry_t, glance_registry_tmp_t, glance_registry_tmp_t)
-+files_tmp_filetrans(glance_registry_t, glance_registry_tmp_t, { file dir })
++manage_dirs_pattern(glance_domain, glance_log_t, glance_log_t)
++manage_files_pattern(glance_domain, glance_log_t, glance_log_t)
+
-+manage_dirs_pattern(glance_registry_t, glance_log_t, glance_log_t)
-+manage_files_pattern(glance_registry_t, glance_log_t, glance_log_t)
-+logging_log_filetrans(glance_registry_t, glance_log_t, { dir file })
++manage_dirs_pattern(glance_domain, glance_var_lib_t, glance_var_lib_t)
++manage_files_pattern(glance_domain, glance_var_lib_t, glance_var_lib_t)
+
-+manage_dirs_pattern(glance_registry_t, glance_var_lib_t, glance_var_lib_t)
-+manage_files_pattern(glance_registry_t, glance_var_lib_t, glance_var_lib_t)
-+files_var_lib_filetrans(glance_registry_t, glance_var_lib_t, { dir file })
++manage_dirs_pattern(glance_domain, glance_var_run_t, glance_var_run_t)
++manage_files_pattern(glance_domain, glance_var_run_t, glance_var_run_t)
+
-+manage_dirs_pattern(glance_registry_t, glance_var_run_t, glance_var_run_t)
-+manage_files_pattern(glance_registry_t, glance_var_run_t, glance_var_run_t)
-+files_pid_filetrans(glance_registry_t, glance_var_run_t, { dir file })
++kernel_read_system_state(glance_domain)
+
-+kernel_read_system_state(glance_registry_t)
++corecmd_exec_bin(glance_domain)
+
-+corecmd_exec_bin(glance_registry_t)
++dev_read_urand(glance_domain)
+
-+corenet_tcp_bind_generic_node(glance_registry_t)
-+corenet_tcp_bind_glance_registry_port(glance_registry_t)
++files_read_etc_files(glance_domain)
++files_read_usr_files(glance_domain)
++
++miscfiles_read_localization(glance_domain)
+
-+dev_read_urand(glance_registry_t)
++optional_policy(`
++ sysnet_dns_name_resolve(glance_domain)
++')
+
-+domain_use_interactive_fds(glance_registry_t)
++########################################
++#
++# glance-registry local policy
++#
+
-+files_read_etc_files(glance_registry_t)
-+files_read_usr_files(glance_registry_t)
++manage_dirs_pattern(glance_registry_t, glance_registry_tmp_t, glance_registry_tmp_t)
++manage_files_pattern(glance_registry_t, glance_registry_tmp_t, glance_registry_tmp_t)
++files_tmp_filetrans(glance_registry_t, glance_registry_tmp_t, { file dir })
+
-+miscfiles_read_localization(glance_registry_t)
++corenet_tcp_bind_generic_node(glance_registry_t)
++corenet_tcp_bind_glance_registry_port(glance_registry_t)
+
-+sysnet_dns_name_resolve(glance_registry_t)
+
+########################################
+#
+# glance-api local policy
+#
+
-+allow glance_api_t self:fifo_file rw_fifo_file_perms;
-+allow glance_api_t self:unix_stream_socket create_stream_socket_perms;
-+allow glance_api_t self:tcp_socket create_stream_socket_perms;
-+
+manage_dirs_pattern(glance_api_t, glance_tmp_t, glance_tmp_t)
+manage_files_pattern(glance_api_t, glance_tmp_t, glance_tmp_t)
+files_tmp_filetrans(glance_api_t, glance_tmp_t, { dir file })
+can_exec(glance_api_t, glance_tmp_t)
+
-+manage_dirs_pattern(glance_api_t, glance_log_t, glance_log_t)
-+manage_files_pattern(glance_api_t, glance_log_t, glance_log_t)
-+logging_log_filetrans(glance_api_t, glance_log_t, { dir file })
-+
-+manage_dirs_pattern(glance_api_t, glance_var_lib_t, glance_var_lib_t)
-+manage_files_pattern(glance_api_t, glance_var_lib_t, glance_var_lib_t)
-+files_var_lib_filetrans(glance_api_t, glance_var_lib_t, { dir file })
-+
-+manage_dirs_pattern(glance_api_t, glance_var_run_t, glance_var_run_t)
-+manage_files_pattern(glance_api_t, glance_var_run_t, glance_var_run_t)
-+files_pid_filetrans(glance_api_t, glance_var_run_t, { dir file })
-+
-+kernel_read_system_state(glance_api_t)
-+
-+corecmd_exec_bin(glance_api_t)
+corecmd_exec_shell(glance_api_t)
+
+corenet_tcp_bind_generic_node(glance_api_t)
@@ -37662,20 +37740,7 @@ index 0000000..3d67b98
+
+fs_getattr_xattr_fs(glance_api_t)
+
-+domain_use_interactive_fds(glance_api_t)
-+
-+files_read_etc_files(glance_api_t)
-+files_read_usr_files(glance_api_t)
-+
+libs_exec_ldconfig(glance_api_t)
-+
-+miscfiles_read_localization(glance_api_t)
-+
-+sysnet_read_config(glance_api_t)
-+
-+sysnet_dns_name_resolve(glance_api_t)
-+
-+
diff --git a/policy/modules/services/gnomeclock.fc b/policy/modules/services/gnomeclock.fc
index 462de63..5df751b 100644
--- a/policy/modules/services/gnomeclock.fc
@@ -41046,20 +41111,32 @@ index 0000000..5b84980
+')
diff --git a/policy/modules/services/matahari.fc b/policy/modules/services/matahari.fc
new file mode 100644
-index 0000000..c502d10
+index 0000000..ac84e59
--- /dev/null
+++ b/policy/modules/services/matahari.fc
-@@ -0,0 +1,15 @@
+@@ -0,0 +1,27 @@
+/etc/rc\.d/init\.d/matahari-host gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/matahari-net gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/matahari-service gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
+
+/usr/sbin/matahari-hostd -- gen_context(system_u:object_r:matahari_hostd_exec_t,s0)
+
++/usr/sbin/matahari-dbus-hostd -- gen_context(system_u:object_r:matahari_hostd_exec_t,s0)
++
++/usr/sbin/matahari-qmf-hostd -- gen_context(system_u:object_r:matahari_hostd_exec_t,s0)
++
+/usr/sbin/matahari-netd -- gen_context(system_u:object_r:matahari_netd_exec_t,s0)
+
++/usr/sbin/matahari-dbus-networkd -- gen_context(system_u:object_r:matahari_netd_exec_t,s0)
++
++/usr/sbin/matahari-qmf-networkd -- gen_context(system_u:object_r:matahari_netd_exec_t,s0)
++
+/usr/sbin/matahari-serviced -- gen_context(system_u:object_r:matahari_serviced_exec_t,s0)
+
++/usr/sbin/matahari-dbus-serviced -- gen_context(system_u:object_r:matahari_serviced_exec_t,s0)
++
++/usr/sbin/matahari-qmf-serviced -- gen_context(system_u:object_r:matahari_serviced_exec_t,s0)
++
+/var/lib/matahari(/.*)? gen_context(system_u:object_r:matahari_var_lib_t,s0)
+
+/var/run/matahari(/.*)? gen_context(system_u:object_r:matahari_var_run_t,s0)
@@ -42881,7 +42958,7 @@ index 343cee3..fff3a52 100644
+ mta_filetrans_admin_home_content($1)
+')
diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te
-index 64268e4..142fbfb 100644
+index 64268e4..4e45f74 100644
--- a/policy/modules/services/mta.te
+++ b/policy/modules/services/mta.te
@@ -20,14 +20,16 @@ files_type(etc_aliases_t)
@@ -43119,7 +43196,16 @@ index 64268e4..142fbfb 100644
# Create dead.letter in user home directories.
userdom_manage_user_home_content_files(user_mail_t)
userdom_user_home_dir_filetrans_user_home_content(user_mail_t, file)
-@@ -292,3 +314,44 @@ optional_policy(`
+@@ -277,6 +299,8 @@ userdom_dontaudit_append_user_tmp_files(user_mail_t)
+ # files in an appropriate place for mta_user_agent
+ userdom_read_user_tmp_files(mta_user_agent)
+
++dev_read_sysfs(user_mail_t)
++
+ tunable_policy(`use_samba_home_dirs',`
+ fs_manage_cifs_files(user_mail_t)
+ fs_manage_cifs_symlinks(user_mail_t)
+@@ -292,3 +316,44 @@ optional_policy(`
postfix_read_config(user_mail_t)
postfix_list_spool(user_mail_t)
')
@@ -48899,7 +48985,7 @@ index b524673..921a60f 100644
+ ppp_systemctl($1)
')
diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te
-index 2af42e7..605815a 100644
+index 2af42e7..399a452 100644
--- a/policy/modules/services/ppp.te
+++ b/policy/modules/services/ppp.te
@@ -6,16 +6,16 @@ policy_module(ppp, 1.12.0)
@@ -49045,13 +49131,16 @@ index 2af42e7..605815a 100644
dev_read_sysfs(pptp_t)
-@@ -266,6 +278,7 @@ corenet_raw_sendrecv_generic_node(pptp_t)
+@@ -265,9 +277,8 @@ corenet_tcp_sendrecv_generic_node(pptp_t)
+ corenet_raw_sendrecv_generic_node(pptp_t)
corenet_tcp_sendrecv_all_ports(pptp_t)
corenet_tcp_bind_generic_node(pptp_t)
- corenet_tcp_connect_generic_port(pptp_t)
-+corenet_tcp_connect_unreserved_ports(pptp_t)
- corenet_tcp_connect_all_reserved_ports(pptp_t)
+-corenet_tcp_connect_generic_port(pptp_t)
+-corenet_tcp_connect_all_reserved_ports(pptp_t)
corenet_sendrecv_generic_client_packets(pptp_t)
++corenet_tcp_connect_pptp_port(pptp_t)
+
+ files_read_etc_files(pptp_t)
diff --git a/policy/modules/services/prelude.if b/policy/modules/services/prelude.if
index 2316653..77ef768 100644
@@ -54098,7 +54187,7 @@ index 82cb169..0a29f68 100644
+ samba_systemctl($1)
')
diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te
-index e30bb63..49941ec 100644
+index e30bb63..f0f6907 100644
--- a/policy/modules/services/samba.te
+++ b/policy/modules/services/samba.te
@@ -85,6 +85,9 @@ files_config_file(samba_etc_t)
@@ -54331,7 +54420,7 @@ index e30bb63..49941ec 100644
allow nmbd_t swat_t:process signal;
-allow swat_t smbd_var_run_t:file { lock unlink };
-+allow swat_t nmbd_var_run_t:file read_file_perms;
++read_files_pattern(swat_t, nmbd_var_run_t, nmbd_var_run_t)
allow swat_t smbd_port_t:tcp_socket name_bind;
@@ -54367,6 +54456,15 @@ index e30bb63..49941ec 100644
optional_policy(`
cups_read_rw_config(swat_t)
cups_stream_connect(swat_t)
+@@ -783,7 +803,7 @@ allow winbind_t self:udp_socket create_socket_perms;
+
+ allow winbind_t nmbd_t:process { signal signull };
+
+-allow winbind_t nmbd_var_run_t:file read_file_perms;
++read_files_pattern(winbind_t, nmbd_var_run_t, nmbd_var_run_t)
+
+ allow winbind_t samba_etc_t:dir list_dir_perms;
+ read_files_pattern(winbind_t, samba_etc_t, samba_etc_t)
@@ -806,15 +826,16 @@ rw_files_pattern(winbind_t, smbd_tmp_t, smbd_tmp_t)
allow winbind_t winbind_log_t:file manage_file_perms;
logging_log_filetrans(winbind_t, winbind_log_t, file)
@@ -56471,7 +56569,7 @@ index 078bcd7..2d60774 100644
+/root/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0)
+/root/\.shosts gen_context(system_u:object_r:ssh_home_t,s0)
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
-index 22adaca..8e3e9de 100644
+index 22adaca..be6e1fa 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -32,10 +32,10 @@
@@ -56734,7 +56832,7 @@ index 22adaca..8e3e9de 100644
- allow $1 sshd_t:fifo_file { getattr read };
+ allow $1 sshd_t:fifo_file read_fifo_file_perms;
-+')
+ ')
+
+######################################
+## <summary>
@@ -56752,7 +56850,7 @@ index 22adaca..8e3e9de 100644
+ ')
+
+ allow $1 sshd_t:unix_dgram_socket rw_stream_socket_perms;
- ')
++')
+
########################################
## <summary>
@@ -56800,7 +56898,32 @@ index 22adaca..8e3e9de 100644
files_search_pids($1)
')
-@@ -680,6 +758,32 @@ interface(`ssh_domtrans_keygen',`
+@@ -643,6 +721,24 @@ interface(`ssh_agent_exec',`
+
+ ########################################
+ ## <summary>
++## Getattr ssh home directory
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`ssh_getattr_user_home_dir',`
++ gen_require(`
++ type ssh_home_t;
++ ')
++
++ allow $1 ssh_home_t:dir getattr;
++')
++
++########################################
++## <summary>
+ ## Read ssh home directory content
+ ## </summary>
+ ## <param name="domain">
+@@ -680,6 +776,32 @@ interface(`ssh_domtrans_keygen',`
domtrans_pattern($1, ssh_keygen_exec_t, ssh_keygen_t)
')
@@ -56833,7 +56956,7 @@ index 22adaca..8e3e9de 100644
########################################
## <summary>
## Read ssh server keys
-@@ -695,7 +799,7 @@ interface(`ssh_dontaudit_read_server_keys',`
+@@ -695,7 +817,7 @@ interface(`ssh_dontaudit_read_server_keys',`
type sshd_key_t;
')
@@ -56842,7 +56965,7 @@ index 22adaca..8e3e9de 100644
')
######################################
-@@ -735,3 +839,81 @@ interface(`ssh_delete_tmp',`
+@@ -735,3 +857,81 @@ interface(`ssh_delete_tmp',`
files_search_tmp($1)
delete_files_pattern($1, sshd_tmp_t, sshd_tmp_t)
')
@@ -61971,7 +62094,7 @@ index 130ced9..b6fb17a 100644
+ userdom_admin_home_dir_filetrans($1, user_fonts_cache_t, dir, ".fontconfig")
+')
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
-index 143c893..60e0e2d 100644
+index 143c893..de08586 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -26,27 +26,50 @@ gen_require(`
@@ -62431,7 +62554,7 @@ index 143c893..60e0e2d 100644
corecmd_exec_shell(xdm_t)
corecmd_exec_bin(xdm_t)
-+corecmd_dontaudit_access_check_bin(xdm_t)
++corecmd_dontaudit_access_all_executables(xdm_t)
corenet_all_recvfrom_unlabeled(xdm_t)
corenet_all_recvfrom_netlabel(xdm_t)
@@ -63540,7 +63663,7 @@ index 28ad538..59742f4 100644
-/var/run/user(/.*)? gen_context(system_u:object_r:var_auth_t,s0)
/var/(db|lib|adm)/sudo(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0)
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
-index 73554ec..f05a80f 100644
+index 73554ec..e3720d4 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -57,6 +57,8 @@ interface(`auth_use_pam',`
@@ -63626,7 +63749,7 @@ index 73554ec..f05a80f 100644
auth_use_pam($1)
init_rw_utmp($1)
-@@ -155,9 +177,84 @@ interface(`auth_login_pgm_domain',`
+@@ -155,9 +177,83 @@ interface(`auth_login_pgm_domain',`
seutil_read_config($1)
seutil_read_default_contexts($1)
@@ -63671,7 +63794,6 @@ index 73554ec..f05a80f 100644
+ optional_policy(`
+ ssh_agent_exec($1)
+ ssh_read_user_home_files($1)
-+ userdom_read_user_home_content_files($1)
+ ')
+')
+
@@ -63713,7 +63835,7 @@ index 73554ec..f05a80f 100644
')
########################################
-@@ -368,13 +465,15 @@ interface(`auth_domtrans_chk_passwd',`
+@@ -368,13 +464,15 @@ interface(`auth_domtrans_chk_passwd',`
')
optional_policy(`
@@ -63730,7 +63852,7 @@ index 73554ec..f05a80f 100644
')
########################################
-@@ -421,6 +520,25 @@ interface(`auth_run_chk_passwd',`
+@@ -421,6 +519,25 @@ interface(`auth_run_chk_passwd',`
auth_domtrans_chk_passwd($1)
role $2 types chkpwd_t;
@@ -63756,7 +63878,7 @@ index 73554ec..f05a80f 100644
')
########################################
-@@ -736,7 +854,47 @@ interface(`auth_rw_faillog',`
+@@ -736,7 +853,47 @@ interface(`auth_rw_faillog',`
')
logging_search_logs($1)
@@ -63805,7 +63927,7 @@ index 73554ec..f05a80f 100644
')
#######################################
-@@ -932,9 +1090,30 @@ interface(`auth_manage_var_auth',`
+@@ -932,9 +1089,30 @@ interface(`auth_manage_var_auth',`
')
files_search_var($1)
@@ -63839,7 +63961,7 @@ index 73554ec..f05a80f 100644
')
########################################
-@@ -1387,6 +1566,25 @@ interface(`auth_setattr_login_records',`
+@@ -1387,6 +1565,25 @@ interface(`auth_setattr_login_records',`
########################################
## <summary>
@@ -63865,7 +63987,7 @@ index 73554ec..f05a80f 100644
## Read login records files (/var/log/wtmp).
## </summary>
## <param name="domain">
-@@ -1541,24 +1739,6 @@ interface(`auth_manage_login_records',`
+@@ -1541,24 +1738,6 @@ interface(`auth_manage_login_records',`
########################################
## <summary>
@@ -63890,7 +64012,7 @@ index 73554ec..f05a80f 100644
## Use nsswitch to look up user, password, group, or
## host information.
## </summary>
-@@ -1578,54 +1758,11 @@ interface(`auth_relabel_login_records',`
+@@ -1578,54 +1757,11 @@ interface(`auth_relabel_login_records',`
## <infoflow type="both" weight="10"/>
#
interface(`auth_use_nsswitch',`
@@ -63948,7 +64070,7 @@ index 73554ec..f05a80f 100644
')
########################################
-@@ -1659,3 +1796,33 @@ interface(`auth_unconfined',`
+@@ -1659,3 +1795,33 @@ interface(`auth_unconfined',`
typeattribute $1 can_write_shadow_passwords;
typeattribute $1 can_relabelto_shadow_passwords;
')
@@ -67520,11 +67642,77 @@ index e5836d3..eae9427 100644
-optional_policy(`
- unconfined_domain(ldconfig_t)
-')
+diff --git a/policy/modules/system/locallogin.fc b/policy/modules/system/locallogin.fc
+index be6a81b..ddae53a 100644
+--- a/policy/modules/system/locallogin.fc
++++ b/policy/modules/system/locallogin.fc
+@@ -1,3 +1,5 @@
++HOME_DIR/\.hushlogin -- gen_context(system_u:object_r:local_login_home_t,s0)
++/root/.\.hushlogin -- gen_context(system_u:object_r:local_login_home_t,s0)
+
+ /sbin/sulogin -- gen_context(system_u:object_r:sulogin_exec_t,s0)
+ /sbin/sushell -- gen_context(system_u:object_r:sulogin_exec_t,s0)
+diff --git a/policy/modules/system/locallogin.if b/policy/modules/system/locallogin.if
+index 0e3c2a9..3272623 100644
+--- a/policy/modules/system/locallogin.if
++++ b/policy/modules/system/locallogin.if
+@@ -129,3 +129,41 @@ interface(`locallogin_domtrans_sulogin',`
+
+ domtrans_pattern($1, sulogin_exec_t, sulogin_t)
+ ')
++
++########################################
++## <summary>
++## create local login content in the in the /root directory
++## with an correct label.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`locallogin_filetrans_admin_home_content',`
++ gen_require(`
++ type local_login_home_t;
++ ')
++
++ userdom_admin_home_dir_filetrans($1, local_login_home_t, file, ".hushlogin")
++')
++
++########################################
++## <summary>
++## Transition to local login named content
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`locallogin_filetrans_home_content',`
++ gen_require(`
++ type local_login_home_t;
++ ')
++
++ userdom_user_home_dir_filetrans($1, local_login_home_t, file, ".hushlogin")
++')
++
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
-index a0b379d..b823395 100644
+index a0b379d..bf90918 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
-@@ -32,9 +32,8 @@ role system_r types sulogin_t;
+@@ -17,6 +17,9 @@ type local_login_tmp_t;
+ files_tmp_file(local_login_tmp_t)
+ files_poly_parent(local_login_tmp_t)
+
++type local_login_home_t;
++userdom_user_home_content(local_login_home_t)
++
+ type sulogin_t;
+ type sulogin_exec_t;
+ domain_obj_id_change_exemption(sulogin_t)
+@@ -32,9 +35,8 @@ role system_r types sulogin_t;
# Local login local policy
#
@@ -67536,7 +67724,16 @@ index a0b379d..b823395 100644
allow local_login_t self:fd use;
allow local_login_t self:fifo_file rw_fifo_file_perms;
allow local_login_t self:sock_file read_sock_file_perms;
-@@ -73,6 +72,8 @@ dev_getattr_power_mgmt_dev(local_login_t)
+@@ -51,6 +53,8 @@ allow local_login_t self:key { search write link };
+ allow local_login_t local_login_lock_t:file manage_file_perms;
+ files_lock_filetrans(local_login_t, local_login_lock_t, file)
+
++allow local_login_t local_login_home_t:file read_file_perms;
++
+ allow local_login_t local_login_tmp_t:dir manage_dir_perms;
+ allow local_login_t local_login_tmp_t:file manage_file_perms;
+ files_tmp_filetrans(local_login_t, local_login_tmp_t, { file dir })
+@@ -73,6 +77,8 @@ dev_getattr_power_mgmt_dev(local_login_t)
dev_setattr_power_mgmt_dev(local_login_t)
dev_getattr_sound_dev(local_login_t)
dev_setattr_sound_dev(local_login_t)
@@ -67545,7 +67742,7 @@ index a0b379d..b823395 100644
dev_dontaudit_getattr_apm_bios_dev(local_login_t)
dev_dontaudit_setattr_apm_bios_dev(local_login_t)
dev_dontaudit_read_framebuffer(local_login_t)
-@@ -123,8 +124,10 @@ auth_rw_faillog(local_login_t)
+@@ -123,8 +129,10 @@ auth_rw_faillog(local_login_t)
auth_manage_pam_pid(local_login_t)
auth_manage_pam_console_data(local_login_t)
auth_domtrans_pam_console(local_login_t)
@@ -67556,7 +67753,7 @@ index a0b379d..b823395 100644
miscfiles_read_localization(local_login_t)
-@@ -156,6 +159,12 @@ tunable_policy(`use_samba_home_dirs',`
+@@ -156,6 +164,12 @@ tunable_policy(`use_samba_home_dirs',`
fs_read_cifs_symlinks(local_login_t)
')
@@ -67569,7 +67766,7 @@ index a0b379d..b823395 100644
optional_policy(`
alsa_domtrans(local_login_t)
')
-@@ -177,14 +186,6 @@ optional_policy(`
+@@ -177,14 +191,6 @@ optional_policy(`
')
optional_policy(`
@@ -67584,7 +67781,7 @@ index a0b379d..b823395 100644
unconfined_shell_domtrans(local_login_t)
')
-@@ -215,6 +216,7 @@ allow sulogin_t self:sem create_sem_perms;
+@@ -215,6 +221,7 @@ allow sulogin_t self:sem create_sem_perms;
allow sulogin_t self:msgq create_msgq_perms;
allow sulogin_t self:msg { send receive };
@@ -67592,7 +67789,7 @@ index a0b379d..b823395 100644
kernel_read_system_state(sulogin_t)
fs_search_auto_mountpoints(sulogin_t)
-@@ -223,13 +225,17 @@ fs_rw_tmpfs_chr_files(sulogin_t)
+@@ -223,13 +230,17 @@ fs_rw_tmpfs_chr_files(sulogin_t)
files_read_etc_files(sulogin_t)
# because file systems are not mounted:
files_dontaudit_search_isid_type_dirs(sulogin_t)
@@ -67610,7 +67807,7 @@ index a0b379d..b823395 100644
seutil_read_config(sulogin_t)
seutil_read_default_contexts(sulogin_t)
-@@ -238,14 +244,24 @@ userdom_use_unpriv_users_fds(sulogin_t)
+@@ -238,14 +249,24 @@ userdom_use_unpriv_users_fds(sulogin_t)
userdom_search_user_home_dirs(sulogin_t)
userdom_use_user_ptys(sulogin_t)
@@ -67637,7 +67834,7 @@ index a0b379d..b823395 100644
init_getpgid(sulogin_t)
', `
allow sulogin_t self:process setexec;
-@@ -256,11 +272,3 @@ ifdef(`sulogin_no_pam', `
+@@ -256,11 +277,3 @@ ifdef(`sulogin_no_pam', `
selinux_compute_relabel_context(sulogin_t)
selinux_compute_user_contexts(sulogin_t)
')
@@ -71188,10 +71385,10 @@ index 0000000..9eaa38e
+/var/run/initramfs(/.*)? <<none>>
diff --git a/policy/modules/system/systemd.if b/policy/modules/system/systemd.if
new file mode 100644
-index 0000000..764084e
+index 0000000..f642930
--- /dev/null
+++ b/policy/modules/system/systemd.if
-@@ -0,0 +1,477 @@
+@@ -0,0 +1,478 @@
+## <summary>SELinux policy for systemd components</summary>
+
+#######################################
@@ -71240,6 +71437,7 @@ index 0000000..764084e
+ can_exec($1, systemd_systemctl_exec_t)
+
+ systemd_list_unit_dirs($1)
++ init_list_pid_dirs($1)
+ init_read_state($1)
+ init_stream_send($1)
+')
@@ -71671,10 +71869,10 @@ index 0000000..764084e
+
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te
new file mode 100644
-index 0000000..3790267
+index 0000000..3e5e632
--- /dev/null
+++ b/policy/modules/system/systemd.te
-@@ -0,0 +1,370 @@
+@@ -0,0 +1,371 @@
+policy_module(systemd, 1.0.0)
+
+#######################################
@@ -71753,6 +71951,7 @@ index 0000000..3790267
+dev_read_sysfs(systemd_logind_t)
+dev_setattr_input_dev(systemd_logind_t)
+dev_setattr_mouse_dev(systemd_logind_t)
++dev_write_kmsg(systemd_logind_t)
+
+dev_getattr_all_chr_files(systemd_logind_t)
+dev_getattr_all_blk_files(systemd_logind_t)
@@ -77189,9 +77388,18 @@ index bdd500c..4719351 100644
define(`admin_pattern',`
diff --git a/policy/support/misc_patterns.spt b/policy/support/misc_patterns.spt
-index 22ca011..823794e 100644
+index 22ca011..18e1b2f 100644
--- a/policy/support/misc_patterns.spt
+++ b/policy/support/misc_patterns.spt
+@@ -4,7 +4,7 @@
+ define(`domain_transition_pattern',`
+ allow $1 $2:file { getattr open read execute };
+ allow $1 $3:process transition;
+- dontaudit $1 $3:process { noatsecure siginh rlimitinh };
++# dontaudit $1 $3:process { noatsecure siginh rlimitinh };
+ ')
+
+ # compatibility:
@@ -15,7 +15,7 @@ define(`spec_domtrans_pattern',`
domain_transition_pattern($1,$2,$3)
diff --git a/ptrace.patch b/ptrace.patch
index ab0d753..7b71930 100644
--- a/ptrace.patch
+++ b/ptrace.patch
@@ -1,6 +1,6 @@
diff -up serefpolicy-3.10.0/policy/global_tunables.ptrace serefpolicy-3.10.0/policy/global_tunables
---- serefpolicy-3.10.0/policy/global_tunables.ptrace 2011-10-11 16:42:15.566761738 -0400
-+++ serefpolicy-3.10.0/policy/global_tunables 2011-10-11 16:42:16.082761591 -0400
+--- serefpolicy-3.10.0/policy/global_tunables.ptrace 2011-10-14 09:46:28.474535144 -0400
++++ serefpolicy-3.10.0/policy/global_tunables 2011-10-14 09:46:29.088523377 -0400
@@ -6,6 +6,13 @@
## <desc>
@@ -16,8 +16,8 @@ diff -up serefpolicy-3.10.0/policy/global_tunables.ptrace serefpolicy-3.10.0/pol
## </p>
## </desc>
diff -up serefpolicy-3.10.0/policy/modules/admin/kdump.if.ptrace serefpolicy-3.10.0/policy/modules/admin/kdump.if
---- serefpolicy-3.10.0/policy/modules/admin/kdump.if.ptrace 2011-10-11 16:42:15.581761733 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/kdump.if 2011-10-11 16:42:16.083761591 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/kdump.if.ptrace 2011-10-14 09:46:28.489534857 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/kdump.if 2011-10-14 09:46:29.089523358 -0400
@@ -140,8 +140,11 @@ interface(`kdump_admin',`
type kdump_initrc_exec_t;
')
@@ -33,7 +33,7 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/kdump.if.ptrace serefpolicy-3.1
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/admin/kismet.if.ptrace serefpolicy-3.10.0/policy/modules/admin/kismet.if
--- serefpolicy-3.10.0/policy/modules/admin/kismet.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/kismet.if 2011-10-11 16:42:16.083761591 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/kismet.if 2011-10-14 09:46:29.090523338 -0400
@@ -239,7 +239,10 @@ interface(`kismet_admin',`
')
@@ -47,8 +47,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/kismet.if.ptrace serefpolicy-3.
kismet_manage_pid_files($1)
kismet_manage_lib($1)
diff -up serefpolicy-3.10.0/policy/modules/admin/kudzu.te.ptrace serefpolicy-3.10.0/policy/modules/admin/kudzu.te
---- serefpolicy-3.10.0/policy/modules/admin/kudzu.te.ptrace 2011-10-11 16:42:15.582761733 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/kudzu.te 2011-10-11 16:42:16.084761591 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/kudzu.te.ptrace 2011-10-14 09:46:28.491534818 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/kudzu.te 2011-10-14 09:46:29.090523338 -0400
@@ -20,7 +20,7 @@ files_pid_file(kudzu_var_run_t)
# Local policy
#
@@ -59,8 +59,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/kudzu.te.ptrace serefpolicy-3.1
allow kudzu_t self:process { signal_perms execmem };
allow kudzu_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/admin/logrotate.te.ptrace serefpolicy-3.10.0/policy/modules/admin/logrotate.te
---- serefpolicy-3.10.0/policy/modules/admin/logrotate.te.ptrace 2011-10-11 16:42:15.583761733 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/logrotate.te 2011-10-11 16:42:16.084761591 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/logrotate.te.ptrace 2011-10-14 09:46:28.492534798 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/logrotate.te 2011-10-14 09:46:29.091523318 -0400
@@ -30,8 +30,6 @@ files_type(logrotate_var_lib_t)
# Change ownership on log files.
@@ -71,8 +71,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/logrotate.te.ptrace serefpolicy
allow logrotate_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
diff -up serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace serefpolicy-3.10.0/policy/modules/admin/ncftool.te
---- serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace 2011-10-11 16:42:15.586761731 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/ncftool.te 2011-10-11 16:42:16.085761591 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace 2011-10-14 09:46:28.496534722 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/ncftool.te 2011-10-14 09:46:29.091523318 -0400
@@ -17,8 +17,7 @@ role system_r types ncftool_t;
# ncftool local policy
#
@@ -84,8 +84,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/ncftool.te.ptrace serefpolicy-3
allow ncftool_t self:fifo_file manage_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace serefpolicy-3.10.0/policy/modules/admin/rpm.te
---- serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace 2011-10-11 16:42:16.020761610 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-10-11 16:42:16.085761591 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace 2011-10-14 09:46:29.029524505 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/rpm.te 2011-10-14 09:46:29.092523299 -0400
@@ -248,7 +248,8 @@ optional_policy(`
# rpm-script Local policy
#
@@ -97,8 +97,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.ptrace serefpolicy-3.10.
allow rpm_script_t self:fd use;
allow rpm_script_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/admin/sectoolm.te.ptrace serefpolicy-3.10.0/policy/modules/admin/sectoolm.te
---- serefpolicy-3.10.0/policy/modules/admin/sectoolm.te.ptrace 2011-10-11 16:42:15.598761729 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/sectoolm.te 2011-10-11 16:42:16.086761591 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/sectoolm.te.ptrace 2011-10-14 09:46:28.510534454 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/sectoolm.te 2011-10-14 09:46:29.093523281 -0400
@@ -23,7 +23,7 @@ files_tmp_file(sectool_tmp_t)
# sectool local policy
#
@@ -109,8 +109,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/sectoolm.te.ptrace serefpolicy-
dontaudit sectoolm_t self:process { execstack execmem };
allow sectoolm_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/admin/shorewall.if.ptrace serefpolicy-3.10.0/policy/modules/admin/shorewall.if
---- serefpolicy-3.10.0/policy/modules/admin/shorewall.if.ptrace 2011-10-11 16:42:15.598761729 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/shorewall.if 2011-10-11 16:42:16.087761591 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/shorewall.if.ptrace 2011-10-14 09:46:28.511534435 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/shorewall.if 2011-10-14 09:46:29.093523281 -0400
@@ -139,8 +139,11 @@ interface(`shorewall_admin',`
type shorewall_tmp_t, shorewall_etc_t;
')
@@ -125,8 +125,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/shorewall.if.ptrace serefpolicy
init_labeled_script_domtrans($1, shorewall_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/admin/shorewall.te.ptrace serefpolicy-3.10.0/policy/modules/admin/shorewall.te
---- serefpolicy-3.10.0/policy/modules/admin/shorewall.te.ptrace 2011-10-11 16:42:15.599761728 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/shorewall.te 2011-10-11 16:42:16.087761591 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/shorewall.te.ptrace 2011-10-14 09:46:28.511534435 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/shorewall.te 2011-10-14 09:46:29.094523262 -0400
@@ -37,7 +37,7 @@ logging_log_file(shorewall_log_t)
# shorewall local policy
#
@@ -137,8 +137,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/shorewall.te.ptrace serefpolicy
allow shorewall_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/admin/sosreport.te.ptrace serefpolicy-3.10.0/policy/modules/admin/sosreport.te
---- serefpolicy-3.10.0/policy/modules/admin/sosreport.te.ptrace 2011-10-11 16:42:15.602761727 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/sosreport.te 2011-10-11 16:42:16.088761590 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/sosreport.te.ptrace 2011-10-14 09:46:28.514534377 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/sosreport.te 2011-10-14 09:46:29.095523243 -0400
@@ -21,7 +21,7 @@ files_tmpfs_file(sosreport_tmpfs_t)
# sosreport local policy
#
@@ -149,8 +149,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/sosreport.te.ptrace serefpolicy
allow sosreport_t self:fifo_file rw_fifo_file_perms;
allow sosreport_t self:tcp_socket create_stream_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.te.ptrace serefpolicy-3.10.0/policy/modules/admin/usermanage.te
---- serefpolicy-3.10.0/policy/modules/admin/usermanage.te.ptrace 2011-10-11 16:42:16.044761602 -0400
-+++ serefpolicy-3.10.0/policy/modules/admin/usermanage.te 2011-10-11 16:42:16.088761590 -0400
+--- serefpolicy-3.10.0/policy/modules/admin/usermanage.te.ptrace 2011-10-14 09:46:29.055524007 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/usermanage.te 2011-10-14 09:46:29.095523243 -0400
@@ -435,7 +435,8 @@ optional_policy(`
# Useradd local policy
#
@@ -162,8 +162,8 @@ diff -up serefpolicy-3.10.0/policy/modules/admin/usermanage.te.ptrace serefpolic
allow useradd_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow useradd_t self:process setfscreate;
diff -up serefpolicy-3.10.0/policy/modules/apps/chrome.te.ptrace serefpolicy-3.10.0/policy/modules/apps/chrome.te
---- serefpolicy-3.10.0/policy/modules/apps/chrome.te.ptrace 2011-10-11 16:42:15.612761725 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/chrome.te 2011-10-11 16:42:16.089761589 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/chrome.te.ptrace 2011-10-14 09:46:28.528534108 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/chrome.te 2011-10-14 09:46:29.096523224 -0400
@@ -21,7 +21,7 @@ ubac_constrained(chrome_sandbox_tmpfs_t)
#
# chrome_sandbox local policy
@@ -174,8 +174,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/chrome.te.ptrace serefpolicy-3.1
allow chrome_sandbox_t self:process setsched;
allow chrome_sandbox_t self:fifo_file manage_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.ptrace serefpolicy-3.10.0/policy/modules/apps/execmem.if
---- serefpolicy-3.10.0/policy/modules/apps/execmem.if.ptrace 2011-10-11 16:42:16.044761602 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-10-11 16:42:16.089761589 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.ptrace 2011-10-14 09:46:29.056523988 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/execmem.if 2011-10-14 09:46:29.097523205 -0400
@@ -59,7 +59,7 @@ template(`execmem_role_template',`
userdom_unpriv_usertype($1, $1_execmem_t)
@@ -186,8 +186,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.ptrace serefpolicy-3.
files_execmod_tmp($1_execmem_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/gnome.if.ptrace serefpolicy-3.10.0/policy/modules/apps/gnome.if
---- serefpolicy-3.10.0/policy/modules/apps/gnome.if.ptrace 2011-10-11 16:42:15.617761723 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/gnome.if 2011-10-11 16:42:16.090761589 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/gnome.if.ptrace 2011-10-14 09:46:28.534533994 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/gnome.if 2011-10-14 09:46:29.098523186 -0400
@@ -91,8 +91,7 @@ interface(`gnome_role_gkeyringd',`
auth_use_nsswitch($1_gkeyringd_t)
@@ -199,8 +199,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/gnome.if.ptrace serefpolicy-3.10
stream_connect_pattern($3, gkeyringd_tmp_t, gkeyringd_tmp_t, $1_gkeyringd_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/irc.if.ptrace serefpolicy-3.10.0/policy/modules/apps/irc.if
---- serefpolicy-3.10.0/policy/modules/apps/irc.if.ptrace 2011-10-11 16:42:15.620761723 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/irc.if 2011-10-11 16:42:16.091761589 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/irc.if.ptrace 2011-10-14 09:46:28.538533917 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/irc.if 2011-10-14 09:46:29.099523167 -0400
@@ -33,7 +33,7 @@ interface(`irc_role',`
domtrans_pattern($2, irssi_exec_t, irssi_t)
@@ -211,8 +211,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/irc.if.ptrace serefpolicy-3.10.0
manage_dirs_pattern($2, irssi_home_t, irssi_home_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/java.if.ptrace serefpolicy-3.10.0/policy/modules/apps/java.if
---- serefpolicy-3.10.0/policy/modules/apps/java.if.ptrace 2011-10-11 16:42:16.045761602 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/java.if 2011-10-11 16:42:16.091761589 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/java.if.ptrace 2011-10-14 09:46:29.056523988 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/java.if 2011-10-14 09:46:29.099523167 -0400
@@ -76,11 +76,11 @@ template(`java_role_template',`
userdom_manage_tmpfs_role($2)
userdom_manage_tmpfs($1_java_t)
@@ -228,8 +228,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/java.if.ptrace serefpolicy-3.10.
domtrans_pattern($3, java_exec_t, $1_java_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/kde.te.ptrace serefpolicy-3.10.0/policy/modules/apps/kde.te
---- serefpolicy-3.10.0/policy/modules/apps/kde.te.ptrace 2011-10-11 16:42:15.624761721 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/kde.te 2011-10-11 16:42:16.092761589 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/kde.te.ptrace 2011-10-14 09:46:28.542533840 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/kde.te 2011-10-14 09:46:29.100523148 -0400
@@ -13,9 +13,6 @@ dbus_system_domain(kdebacklighthelper_t,
#
# backlighthelper local policy
@@ -241,8 +241,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/kde.te.ptrace serefpolicy-3.10.0
kernel_read_system_state(kdebacklighthelper_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/livecd.te.ptrace serefpolicy-3.10.0/policy/modules/apps/livecd.te
---- serefpolicy-3.10.0/policy/modules/apps/livecd.te.ptrace 2011-10-11 16:42:15.626761720 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/livecd.te 2011-10-11 16:42:16.092761589 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/livecd.te.ptrace 2011-10-14 09:46:28.543533821 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/livecd.te 2011-10-14 09:46:29.100523148 -0400
@@ -20,7 +20,10 @@ files_tmp_file(livecd_tmp_t)
dontaudit livecd_t self:capability2 mac_admin;
@@ -256,8 +256,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/livecd.te.ptrace serefpolicy-3.1
manage_dirs_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/mono.if.ptrace serefpolicy-3.10.0/policy/modules/apps/mono.if
---- serefpolicy-3.10.0/policy/modules/apps/mono.if.ptrace 2011-10-11 16:42:16.045761602 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/mono.if 2011-10-11 16:42:16.093761589 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/mono.if.ptrace 2011-10-14 09:46:29.057523969 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/mono.if 2011-10-14 09:46:29.101523129 -0400
@@ -40,8 +40,8 @@ template(`mono_role_template',`
domain_interactive_fd($1_mono_t)
application_type($1_mono_t)
@@ -271,7 +271,7 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mono.if.ptrace serefpolicy-3.10.
diff -up serefpolicy-3.10.0/policy/modules/apps/mono.te.ptrace serefpolicy-3.10.0/policy/modules/apps/mono.te
--- serefpolicy-3.10.0/policy/modules/apps/mono.te.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/mono.te 2011-10-11 16:42:16.093761589 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/mono.te 2011-10-14 09:46:29.101523129 -0400
@@ -15,7 +15,7 @@ init_system_domain(mono_t, mono_exec_t)
# Local policy
#
@@ -282,8 +282,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mono.te.ptrace serefpolicy-3.10.
init_dbus_chat_script(mono_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.if.ptrace serefpolicy-3.10.0/policy/modules/apps/mozilla.if
---- serefpolicy-3.10.0/policy/modules/apps/mozilla.if.ptrace 2011-10-11 16:42:16.046761602 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.if 2011-10-11 16:42:16.094761589 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/mozilla.if.ptrace 2011-10-14 09:46:29.058523950 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/mozilla.if 2011-10-14 09:46:29.102523109 -0400
@@ -221,7 +221,7 @@ interface(`mozilla_domtrans_plugin',`
allow mozilla_plugin_t $1:sem create_sem_perms;
@@ -294,21 +294,20 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.if.ptrace serefpolicy-3.
########################################
diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.ptrace serefpolicy-3.10.0/policy/modules/apps/mozilla.te
---- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.ptrace 2011-10-11 16:42:16.023761608 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te 2011-10-11 16:42:16.094761589 -0400
-@@ -300,9 +300,6 @@ optional_policy(`
- #
+--- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.ptrace 2011-10-14 09:46:29.000000000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te 2011-10-14 09:47:46.696136674 -0400
+@@ -301,7 +301,7 @@ optional_policy(`
# mozilla_plugin local policy
#
--
--dontaudit mozilla_plugin_t self:capability { sys_ptrace };
--
+
+-dontaudit mozilla_plugin_t self:capability { sys_ptrace sys_nice };
++dontaudit mozilla_plugin_t self:capability sys_nice;
+
allow mozilla_plugin_t self:process { setsched signal_perms execmem };
allow mozilla_plugin_t self:netlink_route_socket r_netlink_socket_perms;
- allow mozilla_plugin_t self:tcp_socket create_stream_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.ptrace serefpolicy-3.10.0/policy/modules/apps/nsplugin.if
---- serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.ptrace 2011-10-11 16:42:16.047761602 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.if 2011-10-11 16:42:16.095761589 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.ptrace 2011-10-14 09:46:29.058523950 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.if 2011-10-14 09:46:29.104523070 -0400
@@ -93,7 +93,7 @@ ifdef(`hide_broken_symptoms', `
dontaudit nsplugin_t $2:shm destroy;
allow $2 nsplugin_t:sem rw_sem_perms;
@@ -319,8 +318,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.if.ptrace serefpolicy-3
# Connect to pulseaudit server
diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.ptrace serefpolicy-3.10.0/policy/modules/apps/nsplugin.te
---- serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.ptrace 2011-10-11 16:42:16.047761602 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.te 2011-10-11 16:42:16.096761589 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.ptrace 2011-10-14 09:46:29.059523931 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/nsplugin.te 2011-10-14 09:46:29.105523050 -0400
@@ -54,7 +54,7 @@ application_executable_file(nsplugin_con
#
dontaudit nsplugin_t self:capability { sys_nice sys_tty_config };
@@ -331,8 +330,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/nsplugin.te.ptrace serefpolicy-3
allow nsplugin_t self:sem create_sem_perms;
allow nsplugin_t self:shm create_shm_perms;
diff -up serefpolicy-3.10.0/policy/modules/apps/openoffice.if.ptrace serefpolicy-3.10.0/policy/modules/apps/openoffice.if
---- serefpolicy-3.10.0/policy/modules/apps/openoffice.if.ptrace 2011-10-11 16:42:15.634761718 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/openoffice.if 2011-10-11 16:42:16.096761589 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/openoffice.if.ptrace 2011-10-14 09:46:28.555533591 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/openoffice.if 2011-10-14 09:46:29.105523050 -0400
@@ -69,7 +69,7 @@ interface(`openoffice_role_template',`
allow $1_openoffice_t self:process { getsched sigkill execheap execmem execstack };
@@ -343,8 +342,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/openoffice.if.ptrace serefpolicy
domtrans_pattern($3, openoffice_exec_t, $1_openoffice_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.ptrace serefpolicy-3.10.0/policy/modules/apps/podsleuth.te
---- serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.ptrace 2011-10-11 16:42:16.023761608 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te 2011-10-11 16:42:16.097761589 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.ptrace 2011-10-14 09:46:29.035524391 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te 2011-10-14 09:46:29.106523031 -0400
@@ -27,7 +27,8 @@ ubac_constrained(podsleuth_tmpfs_t)
# podsleuth local policy
#
@@ -357,7 +356,7 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.ptrace serefpolicy-
allow podsleuth_t self:sem create_sem_perms;
diff -up serefpolicy-3.10.0/policy/modules/apps/uml.if.ptrace serefpolicy-3.10.0/policy/modules/apps/uml.if
--- serefpolicy-3.10.0/policy/modules/apps/uml.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/uml.if 2011-10-11 16:42:16.098761588 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/uml.if 2011-10-14 09:46:29.107523012 -0400
@@ -31,9 +31,9 @@ interface(`uml_role',`
allow $2 uml_t:unix_dgram_socket sendto;
allow uml_t $2:unix_dgram_socket sendto;
@@ -371,8 +370,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/uml.if.ptrace serefpolicy-3.10.0
allow $2 uml_ro_t:dir list_dir_perms;
read_files_pattern($2, uml_ro_t, uml_ro_t)
diff -up serefpolicy-3.10.0/policy/modules/apps/uml.te.ptrace serefpolicy-3.10.0/policy/modules/apps/uml.te
---- serefpolicy-3.10.0/policy/modules/apps/uml.te.ptrace 2011-10-11 16:42:15.645761715 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/uml.te 2011-10-11 16:42:16.098761588 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/uml.te.ptrace 2011-10-14 09:46:28.569533323 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/uml.te 2011-10-14 09:46:29.107523012 -0400
@@ -53,7 +53,7 @@ files_pid_file(uml_switch_var_run_t)
#
@@ -383,8 +382,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/uml.te.ptrace serefpolicy-3.10.0
allow uml_t self:unix_dgram_socket create_socket_perms;
# Use the network.
diff -up serefpolicy-3.10.0/policy/modules/apps/wine.if.ptrace serefpolicy-3.10.0/policy/modules/apps/wine.if
---- serefpolicy-3.10.0/policy/modules/apps/wine.if.ptrace 2011-10-11 16:42:16.050761600 -0400
-+++ serefpolicy-3.10.0/policy/modules/apps/wine.if 2011-10-11 16:42:16.099761587 -0400
+--- serefpolicy-3.10.0/policy/modules/apps/wine.if.ptrace 2011-10-14 09:46:29.062523874 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/wine.if 2011-10-14 09:46:29.109522974 -0400
@@ -100,7 +100,7 @@ template(`wine_role_template',`
role $2 types $1_wine_t;
@@ -395,8 +394,8 @@ diff -up serefpolicy-3.10.0/policy/modules/apps/wine.if.ptrace serefpolicy-3.10.
corecmd_bin_domtrans($1_wine_t, $1_t)
diff -up serefpolicy-3.10.0/policy/modules/kernel/domain.te.ptrace serefpolicy-3.10.0/policy/modules/kernel/domain.te
---- serefpolicy-3.10.0/policy/modules/kernel/domain.te.ptrace 2011-10-11 16:42:15.662761711 -0400
-+++ serefpolicy-3.10.0/policy/modules/kernel/domain.te 2011-10-11 16:42:16.225761551 -0400
+--- serefpolicy-3.10.0/policy/modules/kernel/domain.te.ptrace 2011-10-14 09:46:28.592532882 -0400
++++ serefpolicy-3.10.0/policy/modules/kernel/domain.te 2011-10-14 09:48:15.824664136 -0400
@@ -181,7 +181,10 @@ allow unconfined_domain_type domain:fifo
allow unconfined_domain_type unconfined_domain_type:dbus send_msg;
@@ -409,15 +408,14 @@ diff -up serefpolicy-3.10.0/policy/modules/kernel/domain.te.ptrace serefpolicy-3
# Create/access any System V IPC objects.
allow unconfined_domain_type domain:{ sem msgq shm } *;
-@@ -312,3 +315,5 @@ optional_policy(`
- optional_policy(`
- seutil_dontaudit_read_config(domain)
+@@ -314,3 +317,4 @@ optional_policy(`
')
-+
-+dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
+
+ dontaudit domain domain:process { noatsecure siginh rlimitinh } ;
++dontaudit domain self:capability sys_ptrace;
diff -up serefpolicy-3.10.0/policy/modules/kernel/kernel.te.ptrace serefpolicy-3.10.0/policy/modules/kernel/kernel.te
---- serefpolicy-3.10.0/policy/modules/kernel/kernel.te.ptrace 2011-10-11 16:42:15.670761708 -0400
-+++ serefpolicy-3.10.0/policy/modules/kernel/kernel.te 2011-10-11 16:42:16.101761586 -0400
+--- serefpolicy-3.10.0/policy/modules/kernel/kernel.te.ptrace 2011-10-14 09:46:28.603532671 -0400
++++ serefpolicy-3.10.0/policy/modules/kernel/kernel.te 2011-10-14 09:46:29.111522936 -0400
@@ -191,7 +191,11 @@ sid tcp_socket gen_context(system_u:obj
# kernel local policy
#
@@ -441,8 +439,8 @@ diff -up serefpolicy-3.10.0/policy/modules/kernel/kernel.te.ptrace serefpolicy-3
gen_require(`
bool secure_mode_insmod;
diff -up serefpolicy-3.10.0/policy/modules/roles/dbadm.te.ptrace serefpolicy-3.10.0/policy/modules/roles/dbadm.te
---- serefpolicy-3.10.0/policy/modules/roles/dbadm.te.ptrace 2011-10-11 16:42:15.678761705 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/dbadm.te 2011-10-11 16:42:16.102761586 -0400
+--- serefpolicy-3.10.0/policy/modules/roles/dbadm.te.ptrace 2011-10-14 09:46:28.612532498 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/dbadm.te 2011-10-14 09:46:29.112522917 -0400
@@ -28,7 +28,7 @@ userdom_base_user_template(dbadm)
# database admin local policy
#
@@ -454,7 +452,7 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/dbadm.te.ptrace serefpolicy-3.1
files_delete_generic_locks(dbadm_t)
diff -up serefpolicy-3.10.0/policy/modules/roles/logadm.te.ptrace serefpolicy-3.10.0/policy/modules/roles/logadm.te
--- serefpolicy-3.10.0/policy/modules/roles/logadm.te.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/logadm.te 2011-10-11 16:42:16.103761586 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/logadm.te 2011-10-14 09:46:29.113522898 -0400
@@ -14,6 +14,5 @@ userdom_base_user_template(logadm)
# logadmin local policy
#
@@ -464,8 +462,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/logadm.te.ptrace serefpolicy-3.
+allow logadm_t self:capability { dac_override dac_read_search kill sys_nice };
logging_admin(logadm_t, logadm_r)
diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace serefpolicy-3.10.0/policy/modules/roles/sysadm.te
---- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace 2011-10-11 16:42:16.051761600 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-10-11 16:42:16.104761586 -0400
+--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace 2011-10-14 09:46:29.064523836 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te 2011-10-14 09:46:29.114522879 -0400
@@ -5,13 +5,6 @@ policy_module(sysadm, 2.2.1)
# Declarations
#
@@ -490,8 +488,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.ptrace serefpolicy-3.
')
diff -up serefpolicy-3.10.0/policy/modules/roles/webadm.te.ptrace serefpolicy-3.10.0/policy/modules/roles/webadm.te
---- serefpolicy-3.10.0/policy/modules/roles/webadm.te.ptrace 2011-10-11 16:42:15.683761705 -0400
-+++ serefpolicy-3.10.0/policy/modules/roles/webadm.te 2011-10-11 16:42:16.104761586 -0400
+--- serefpolicy-3.10.0/policy/modules/roles/webadm.te.ptrace 2011-10-14 09:46:28.618532384 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/webadm.te 2011-10-14 09:46:29.115522860 -0400
@@ -28,7 +28,7 @@ userdom_base_user_template(webadm)
# webadmin local policy
#
@@ -502,8 +500,8 @@ diff -up serefpolicy-3.10.0/policy/modules/roles/webadm.te.ptrace serefpolicy-3.
files_dontaudit_search_all_dirs(webadm_t)
files_manage_generic_locks(webadm_t)
diff -up serefpolicy-3.10.0/policy/modules/services/abrt.if.ptrace serefpolicy-3.10.0/policy/modules/services/abrt.if
---- serefpolicy-3.10.0/policy/modules/services/abrt.if.ptrace 2011-10-11 16:42:15.684761704 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/abrt.if 2011-10-11 16:42:16.106761585 -0400
+--- serefpolicy-3.10.0/policy/modules/services/abrt.if.ptrace 2011-10-14 09:46:28.620532345 -0400
++++ serefpolicy-3.10.0/policy/modules/services/abrt.if 2011-10-14 09:46:29.115522860 -0400
@@ -333,9 +333,13 @@ interface(`abrt_admin',`
type abrt_initrc_exec_t;
')
@@ -520,8 +518,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/abrt.if.ptrace serefpolicy-3
domain_system_change_exemption($1)
role_transition $2 abrt_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/accountsd.if.ptrace serefpolicy-3.10.0/policy/modules/services/accountsd.if
---- serefpolicy-3.10.0/policy/modules/services/accountsd.if.ptrace 2011-10-11 16:42:15.686761703 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/accountsd.if 2011-10-11 16:42:16.106761585 -0400
+--- serefpolicy-3.10.0/policy/modules/services/accountsd.if.ptrace 2011-10-14 09:46:28.622532306 -0400
++++ serefpolicy-3.10.0/policy/modules/services/accountsd.if 2011-10-14 09:46:29.116522841 -0400
@@ -138,8 +138,12 @@ interface(`accountsd_admin',`
type accountsd_t;
')
@@ -537,8 +535,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/accountsd.if.ptrace serefpol
accountsd_manage_lib_files($1)
')
diff -up serefpolicy-3.10.0/policy/modules/services/accountsd.te.ptrace serefpolicy-3.10.0/policy/modules/services/accountsd.te
---- serefpolicy-3.10.0/policy/modules/services/accountsd.te.ptrace 2011-10-11 16:42:15.686761703 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/accountsd.te 2011-10-11 16:42:16.107761584 -0400
+--- serefpolicy-3.10.0/policy/modules/services/accountsd.te.ptrace 2011-10-14 09:46:28.623532287 -0400
++++ serefpolicy-3.10.0/policy/modules/services/accountsd.te 2011-10-14 09:46:29.117522822 -0400
@@ -19,7 +19,7 @@ files_type(accountsd_var_lib_t)
# accountsd local policy
#
@@ -549,8 +547,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/accountsd.te.ptrace serefpol
allow accountsd_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/afs.if.ptrace serefpolicy-3.10.0/policy/modules/services/afs.if
---- serefpolicy-3.10.0/policy/modules/services/afs.if.ptrace 2011-10-11 16:42:15.686761703 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/afs.if 2011-10-11 16:42:16.107761584 -0400
+--- serefpolicy-3.10.0/policy/modules/services/afs.if.ptrace 2011-10-14 09:46:28.623532287 -0400
++++ serefpolicy-3.10.0/policy/modules/services/afs.if 2011-10-14 09:46:29.117522822 -0400
@@ -97,9 +97,13 @@ interface(`afs_admin',`
type afs_t, afs_initrc_exec_t;
')
@@ -568,7 +566,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/afs.if.ptrace serefpolicy-3.
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/aiccu.if.ptrace serefpolicy-3.10.0/policy/modules/services/aiccu.if
--- serefpolicy-3.10.0/policy/modules/services/aiccu.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/aiccu.if 2011-10-11 16:42:16.108761584 -0400
++++ serefpolicy-3.10.0/policy/modules/services/aiccu.if 2011-10-14 09:46:29.118522803 -0400
@@ -79,9 +79,13 @@ interface(`aiccu_admin',`
type aiccu_var_run_t;
')
@@ -585,8 +583,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/aiccu.if.ptrace serefpolicy-
domain_system_change_exemption($1)
role_transition $2 aiccu_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/aide.if.ptrace serefpolicy-3.10.0/policy/modules/services/aide.if
---- serefpolicy-3.10.0/policy/modules/services/aide.if.ptrace 2011-10-11 16:42:15.689761703 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/aide.if 2011-10-11 16:42:16.108761584 -0400
+--- serefpolicy-3.10.0/policy/modules/services/aide.if.ptrace 2011-10-14 09:46:28.626532230 -0400
++++ serefpolicy-3.10.0/policy/modules/services/aide.if 2011-10-14 09:46:29.119522783 -0400
@@ -61,9 +61,13 @@ interface(`aide_admin',`
type aide_t, aide_db_t, aide_log_t;
')
@@ -603,8 +601,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/aide.if.ptrace serefpolicy-3
admin_pattern($1, aide_db_t)
diff -up serefpolicy-3.10.0/policy/modules/services/aisexec.if.ptrace serefpolicy-3.10.0/policy/modules/services/aisexec.if
---- serefpolicy-3.10.0/policy/modules/services/aisexec.if.ptrace 2011-10-11 16:42:15.690761703 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/aisexec.if 2011-10-11 16:42:16.109761584 -0400
+--- serefpolicy-3.10.0/policy/modules/services/aisexec.if.ptrace 2011-10-14 09:46:28.627532211 -0400
++++ serefpolicy-3.10.0/policy/modules/services/aisexec.if 2011-10-14 09:46:29.119522783 -0400
@@ -82,9 +82,13 @@ interface(`aisexecd_admin',`
type aisexec_initrc_exec_t;
')
@@ -621,8 +619,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/aisexec.if.ptrace serefpolic
domain_system_change_exemption($1)
role_transition $2 aisexec_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/ajaxterm.if.ptrace serefpolicy-3.10.0/policy/modules/services/ajaxterm.if
---- serefpolicy-3.10.0/policy/modules/services/ajaxterm.if.ptrace 2011-10-11 16:42:15.691761702 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ajaxterm.if 2011-10-11 16:42:16.109761584 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ajaxterm.if.ptrace 2011-10-14 09:46:28.628532192 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ajaxterm.if 2011-10-14 09:46:29.120522763 -0400
@@ -76,9 +76,13 @@ interface(`ajaxterm_admin',`
type ajaxterm_t, ajaxterm_initrc_exec_t;
')
@@ -640,7 +638,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ajaxterm.if.ptrace serefpoli
role_transition $2 ajaxterm_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/amavis.if.ptrace serefpolicy-3.10.0/policy/modules/services/amavis.if
--- serefpolicy-3.10.0/policy/modules/services/amavis.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/amavis.if 2011-10-11 16:42:16.110761584 -0400
++++ serefpolicy-3.10.0/policy/modules/services/amavis.if 2011-10-14 09:46:29.121522744 -0400
@@ -231,9 +231,13 @@ interface(`amavis_admin',`
type amavis_initrc_exec_t;
')
@@ -657,8 +655,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/amavis.if.ptrace serefpolicy
domain_system_change_exemption($1)
role_transition $2 amavis_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/apache.if.ptrace serefpolicy-3.10.0/policy/modules/services/apache.if
---- serefpolicy-3.10.0/policy/modules/services/apache.if.ptrace 2011-10-11 16:42:16.076761593 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/apache.if 2011-10-11 16:42:16.111761584 -0400
+--- serefpolicy-3.10.0/policy/modules/services/apache.if.ptrace 2011-10-14 09:46:29.079523549 -0400
++++ serefpolicy-3.10.0/policy/modules/services/apache.if 2011-10-14 09:46:29.122522725 -0400
@@ -1297,9 +1297,13 @@ interface(`apache_admin',`
type httpd_unit_file_t;
')
@@ -676,7 +674,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/apache.if.ptrace serefpolicy
role_transition $2 httpd_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/apcupsd.if.ptrace serefpolicy-3.10.0/policy/modules/services/apcupsd.if
--- serefpolicy-3.10.0/policy/modules/services/apcupsd.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/apcupsd.if 2011-10-11 16:42:16.111761584 -0400
++++ serefpolicy-3.10.0/policy/modules/services/apcupsd.if 2011-10-14 09:46:29.123522706 -0400
@@ -146,9 +146,13 @@ interface(`apcupsd_admin',`
type apcupsd_initrc_exec_t;
')
@@ -693,8 +691,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/apcupsd.if.ptrace serefpolic
domain_system_change_exemption($1)
role_transition $2 apcupsd_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/apm.te.ptrace serefpolicy-3.10.0/policy/modules/services/apm.te
---- serefpolicy-3.10.0/policy/modules/services/apm.te.ptrace 2011-10-11 16:42:15.697761701 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/apm.te 2011-10-11 16:42:16.112761584 -0400
+--- serefpolicy-3.10.0/policy/modules/services/apm.te.ptrace 2011-10-14 09:46:28.636532038 -0400
++++ serefpolicy-3.10.0/policy/modules/services/apm.te 2011-10-14 09:46:29.123522706 -0400
@@ -60,7 +60,7 @@ logging_send_syslog_msg(apm_t)
# mknod: controlling an orderly resume of PCMCIA requires creating device
# nodes 254,{0,1,2} for some reason.
@@ -705,8 +703,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/apm.te.ptrace serefpolicy-3.
allow apmd_t self:fifo_file rw_fifo_file_perms;
allow apmd_t self:netlink_socket create_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/arpwatch.if.ptrace serefpolicy-3.10.0/policy/modules/services/arpwatch.if
---- serefpolicy-3.10.0/policy/modules/services/arpwatch.if.ptrace 2011-10-11 16:42:15.698761701 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/arpwatch.if 2011-10-11 16:42:16.113761583 -0400
+--- serefpolicy-3.10.0/policy/modules/services/arpwatch.if.ptrace 2011-10-14 09:46:28.636532038 -0400
++++ serefpolicy-3.10.0/policy/modules/services/arpwatch.if 2011-10-14 09:46:29.124522687 -0400
@@ -137,9 +137,13 @@ interface(`arpwatch_admin',`
type arpwatch_initrc_exec_t;
')
@@ -723,8 +721,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/arpwatch.if.ptrace serefpoli
domain_system_change_exemption($1)
role_transition $2 arpwatch_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/asterisk.if.ptrace serefpolicy-3.10.0/policy/modules/services/asterisk.if
---- serefpolicy-3.10.0/policy/modules/services/asterisk.if.ptrace 2011-10-11 16:42:15.699761701 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/asterisk.if 2011-10-11 16:42:16.113761583 -0400
+--- serefpolicy-3.10.0/policy/modules/services/asterisk.if.ptrace 2011-10-14 09:46:28.638532000 -0400
++++ serefpolicy-3.10.0/policy/modules/services/asterisk.if 2011-10-14 09:46:29.125522668 -0400
@@ -64,9 +64,13 @@ interface(`asterisk_admin',`
type asterisk_initrc_exec_t;
')
@@ -741,8 +739,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/asterisk.if.ptrace serefpoli
domain_system_change_exemption($1)
role_transition $2 asterisk_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/automount.if.ptrace serefpolicy-3.10.0/policy/modules/services/automount.if
---- serefpolicy-3.10.0/policy/modules/services/automount.if.ptrace 2011-10-11 16:42:15.700761701 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/automount.if 2011-10-11 16:42:16.114761582 -0400
+--- serefpolicy-3.10.0/policy/modules/services/automount.if.ptrace 2011-10-14 09:46:28.640531962 -0400
++++ serefpolicy-3.10.0/policy/modules/services/automount.if 2011-10-14 09:46:29.125522668 -0400
@@ -150,9 +150,13 @@ interface(`automount_admin',`
type automount_var_run_t, automount_initrc_exec_t;
')
@@ -759,8 +757,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/automount.if.ptrace serefpol
domain_system_change_exemption($1)
role_transition $2 automount_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/avahi.if.ptrace serefpolicy-3.10.0/policy/modules/services/avahi.if
---- serefpolicy-3.10.0/policy/modules/services/avahi.if.ptrace 2011-10-11 16:42:15.701761700 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/avahi.if 2011-10-11 16:42:16.114761582 -0400
+--- serefpolicy-3.10.0/policy/modules/services/avahi.if.ptrace 2011-10-14 09:46:28.641531943 -0400
++++ serefpolicy-3.10.0/policy/modules/services/avahi.if 2011-10-14 09:46:29.126522649 -0400
@@ -154,9 +154,13 @@ interface(`avahi_admin',`
type avahi_t, avahi_var_run_t, avahi_initrc_exec_t;
')
@@ -777,8 +775,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/avahi.if.ptrace serefpolicy-
domain_system_change_exemption($1)
role_transition $2 avahi_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/bind.if.ptrace serefpolicy-3.10.0/policy/modules/services/bind.if
---- serefpolicy-3.10.0/policy/modules/services/bind.if.ptrace 2011-10-11 16:42:15.702761699 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/bind.if 2011-10-11 16:42:16.115761582 -0400
+--- serefpolicy-3.10.0/policy/modules/services/bind.if.ptrace 2011-10-14 09:46:28.643531904 -0400
++++ serefpolicy-3.10.0/policy/modules/services/bind.if 2011-10-14 09:46:29.127522630 -0400
@@ -408,12 +408,20 @@ interface(`bind_admin',`
type dnssec_t, ndc_t, named_keytab_t;
')
@@ -804,7 +802,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/bind.if.ptrace serefpolicy-3
init_labeled_script_domtrans($1, named_initrc_exec_t)
diff -up serefpolicy-3.10.0/policy/modules/services/bitlbee.if.ptrace serefpolicy-3.10.0/policy/modules/services/bitlbee.if
--- serefpolicy-3.10.0/policy/modules/services/bitlbee.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/bitlbee.if 2011-10-11 16:42:16.116761582 -0400
++++ serefpolicy-3.10.0/policy/modules/services/bitlbee.if 2011-10-14 09:46:29.127522630 -0400
@@ -43,9 +43,13 @@ interface(`bitlbee_admin',`
type bitlbee_initrc_exec_t;
')
@@ -821,8 +819,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/bitlbee.if.ptrace serefpolic
domain_system_change_exemption($1)
role_transition $2 bitlbee_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/bluetooth.if.ptrace serefpolicy-3.10.0/policy/modules/services/bluetooth.if
---- serefpolicy-3.10.0/policy/modules/services/bluetooth.if.ptrace 2011-10-11 16:42:15.705761698 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/bluetooth.if 2011-10-11 16:42:16.116761582 -0400
+--- serefpolicy-3.10.0/policy/modules/services/bluetooth.if.ptrace 2011-10-14 09:46:28.645531865 -0400
++++ serefpolicy-3.10.0/policy/modules/services/bluetooth.if 2011-10-14 09:46:29.128522611 -0400
@@ -28,7 +28,11 @@ interface(`bluetooth_role',`
# allow ps to show cdrecord and allow the user to kill it
@@ -852,8 +850,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/bluetooth.if.ptrace serefpol
domain_system_change_exemption($1)
role_transition $2 bluetooth_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/boinc.if.ptrace serefpolicy-3.10.0/policy/modules/services/boinc.if
---- serefpolicy-3.10.0/policy/modules/services/boinc.if.ptrace 2011-10-11 16:42:15.706761698 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/boinc.if 2011-10-11 16:42:16.117761582 -0400
+--- serefpolicy-3.10.0/policy/modules/services/boinc.if.ptrace 2011-10-14 09:46:28.648531808 -0400
++++ serefpolicy-3.10.0/policy/modules/services/boinc.if 2011-10-14 09:46:29.129522592 -0400
@@ -137,9 +137,13 @@ interface(`boinc_admin',`
type boinc_t, boinc_initrc_exec_t, boinc_var_lib_t;
')
@@ -870,8 +868,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/boinc.if.ptrace serefpolicy-
domain_system_change_exemption($1)
role_transition $2 boinc_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.ptrace serefpolicy-3.10.0/policy/modules/services/boinc.te
---- serefpolicy-3.10.0/policy/modules/services/boinc.te.ptrace 2011-10-11 16:42:16.027761608 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/boinc.te 2011-10-11 16:42:16.117761582 -0400
+--- serefpolicy-3.10.0/policy/modules/services/boinc.te.ptrace 2011-10-14 09:46:29.039524313 -0400
++++ serefpolicy-3.10.0/policy/modules/services/boinc.te 2011-10-14 09:46:29.130522573 -0400
@@ -121,9 +121,13 @@ mta_send_mail(boinc_t)
domtrans_pattern(boinc_t, boinc_project_var_lib_t, boinc_project_t)
allow boinc_t boinc_project_t:process sigkill;
@@ -888,8 +886,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.ptrace serefpolicy-
allow boinc_project_t self:sem create_sem_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/bugzilla.if.ptrace serefpolicy-3.10.0/policy/modules/services/bugzilla.if
---- serefpolicy-3.10.0/policy/modules/services/bugzilla.if.ptrace 2011-10-11 16:42:15.707761698 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/bugzilla.if 2011-10-11 16:42:16.118761582 -0400
+--- serefpolicy-3.10.0/policy/modules/services/bugzilla.if.ptrace 2011-10-14 09:46:28.649531789 -0400
++++ serefpolicy-3.10.0/policy/modules/services/bugzilla.if 2011-10-14 09:46:29.130522573 -0400
@@ -62,9 +62,13 @@ interface(`bugzilla_admin',`
type httpd_bugzilla_htaccess_t, httpd_bugzilla_tmp_t;
')
@@ -906,8 +904,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/bugzilla.if.ptrace serefpoli
admin_pattern($1, httpd_bugzilla_tmp_t)
diff -up serefpolicy-3.10.0/policy/modules/services/callweaver.if.ptrace serefpolicy-3.10.0/policy/modules/services/callweaver.if
---- serefpolicy-3.10.0/policy/modules/services/callweaver.if.ptrace 2011-10-11 16:42:15.710761696 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/callweaver.if 2011-10-11 16:42:16.119761582 -0400
+--- serefpolicy-3.10.0/policy/modules/services/callweaver.if.ptrace 2011-10-14 09:46:28.652531732 -0400
++++ serefpolicy-3.10.0/policy/modules/services/callweaver.if 2011-10-14 09:46:29.131522554 -0400
@@ -336,9 +336,13 @@ interface(`callweaver_admin',`
type callweaver_spool_t;
')
@@ -925,7 +923,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/callweaver.if.ptrace serefpo
role_transition $2 callweaver_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/canna.if.ptrace serefpolicy-3.10.0/policy/modules/services/canna.if
--- serefpolicy-3.10.0/policy/modules/services/canna.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/canna.if 2011-10-11 16:42:16.119761582 -0400
++++ serefpolicy-3.10.0/policy/modules/services/canna.if 2011-10-14 09:46:29.132522535 -0400
@@ -42,9 +42,13 @@ interface(`canna_admin',`
type canna_var_run_t, canna_initrc_exec_t;
')
@@ -942,8 +940,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/canna.if.ptrace serefpolicy-
domain_system_change_exemption($1)
role_transition $2 canna_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/certmaster.if.ptrace serefpolicy-3.10.0/policy/modules/services/certmaster.if
---- serefpolicy-3.10.0/policy/modules/services/certmaster.if.ptrace 2011-10-11 16:42:15.713761696 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/certmaster.if 2011-10-11 16:42:16.120761581 -0400
+--- serefpolicy-3.10.0/policy/modules/services/certmaster.if.ptrace 2011-10-14 09:46:28.656531654 -0400
++++ serefpolicy-3.10.0/policy/modules/services/certmaster.if 2011-10-14 09:46:29.132522535 -0400
@@ -119,9 +119,13 @@ interface(`certmaster_admin',`
type certmaster_etc_rw_t, certmaster_var_log_t, certmaster_initrc_exec_t;
')
@@ -960,8 +958,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/certmaster.if.ptrace serefpo
domain_system_change_exemption($1)
role_transition $2 certmaster_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/certmonger.if.ptrace serefpolicy-3.10.0/policy/modules/services/certmonger.if
---- serefpolicy-3.10.0/policy/modules/services/certmonger.if.ptrace 2011-10-11 16:42:15.714761696 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/certmonger.if 2011-10-11 16:42:16.120761581 -0400
+--- serefpolicy-3.10.0/policy/modules/services/certmonger.if.ptrace 2011-10-14 09:46:28.657531635 -0400
++++ serefpolicy-3.10.0/policy/modules/services/certmonger.if 2011-10-14 09:46:29.133522515 -0400
@@ -158,7 +158,11 @@ interface(`certmonger_admin',`
')
@@ -976,8 +974,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/certmonger.if.ptrace serefpo
# Allow certmonger_t to restart the apache service
certmonger_initrc_domtrans($1)
diff -up serefpolicy-3.10.0/policy/modules/services/cgroup.if.ptrace serefpolicy-3.10.0/policy/modules/services/cgroup.if
---- serefpolicy-3.10.0/policy/modules/services/cgroup.if.ptrace 2011-10-11 16:42:15.716761695 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cgroup.if 2011-10-11 16:42:16.121761580 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cgroup.if.ptrace 2011-10-14 09:46:28.660531578 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cgroup.if 2011-10-14 09:46:29.134522495 -0400
@@ -171,15 +171,27 @@ interface(`cgroup_admin',`
type cgrules_etc_t, cgclear_t;
')
@@ -1010,8 +1008,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cgroup.if.ptrace serefpolicy
admin_pattern($1, cgrules_etc_t)
files_list_etc($1)
diff -up serefpolicy-3.10.0/policy/modules/services/cgroup.te.ptrace serefpolicy-3.10.0/policy/modules/services/cgroup.te
---- serefpolicy-3.10.0/policy/modules/services/cgroup.te.ptrace 2011-10-11 16:42:15.717761694 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cgroup.te 2011-10-11 16:42:16.121761580 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cgroup.te.ptrace 2011-10-14 09:46:28.660531578 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cgroup.te 2011-10-14 09:46:29.134522495 -0400
@@ -76,7 +76,8 @@ fs_unmount_cgroup(cgconfig_t)
# cgred personal policy.
#
@@ -1023,8 +1021,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cgroup.te.ptrace serefpolicy
allow cgred_t self:unix_dgram_socket { write create connect };
diff -up serefpolicy-3.10.0/policy/modules/services/chronyd.if.ptrace serefpolicy-3.10.0/policy/modules/services/chronyd.if
---- serefpolicy-3.10.0/policy/modules/services/chronyd.if.ptrace 2011-10-11 16:42:15.718761694 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/chronyd.if 2011-10-11 16:42:16.122761580 -0400
+--- serefpolicy-3.10.0/policy/modules/services/chronyd.if.ptrace 2011-10-14 09:46:28.661531559 -0400
++++ serefpolicy-3.10.0/policy/modules/services/chronyd.if 2011-10-14 09:46:29.135522476 -0400
@@ -217,9 +217,13 @@ interface(`chronyd_admin',`
type chronyd_keys_t;
')
@@ -1041,8 +1039,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/chronyd.if.ptrace serefpolic
domain_system_change_exemption($1)
role_transition $2 chronyd_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/clamav.if.ptrace serefpolicy-3.10.0/policy/modules/services/clamav.if
---- serefpolicy-3.10.0/policy/modules/services/clamav.if.ptrace 2011-10-11 16:42:15.720761694 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/clamav.if 2011-10-11 16:42:16.123761580 -0400
+--- serefpolicy-3.10.0/policy/modules/services/clamav.if.ptrace 2011-10-14 09:46:28.664531502 -0400
++++ serefpolicy-3.10.0/policy/modules/services/clamav.if 2011-10-14 09:46:29.135522476 -0400
@@ -176,13 +176,19 @@ interface(`clamav_admin',`
type freshclam_t, freshclam_var_log_t;
')
@@ -1067,8 +1065,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/clamav.if.ptrace serefpolicy
init_labeled_script_domtrans($1, clamd_initrc_exec_t)
diff -up serefpolicy-3.10.0/policy/modules/services/cmirrord.if.ptrace serefpolicy-3.10.0/policy/modules/services/cmirrord.if
---- serefpolicy-3.10.0/policy/modules/services/cmirrord.if.ptrace 2011-10-11 16:42:15.723761693 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cmirrord.if 2011-10-11 16:42:16.123761580 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cmirrord.if.ptrace 2011-10-14 09:46:28.668531424 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cmirrord.if 2011-10-14 09:46:29.136522457 -0400
@@ -101,9 +101,13 @@ interface(`cmirrord_admin',`
type cmirrord_t, cmirrord_initrc_exec_t, cmirrord_var_run_t;
')
@@ -1085,8 +1083,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cmirrord.if.ptrace serefpoli
domain_system_change_exemption($1)
role_transition $2 cmirrord_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/cobbler.if.ptrace serefpolicy-3.10.0/policy/modules/services/cobbler.if
---- serefpolicy-3.10.0/policy/modules/services/cobbler.if.ptrace 2011-10-11 16:42:15.724761692 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cobbler.if 2011-10-11 16:42:16.124761580 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cobbler.if.ptrace 2011-10-14 09:46:28.669531405 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cobbler.if 2011-10-14 09:46:29.137522438 -0400
@@ -189,9 +189,13 @@ interface(`cobblerd_admin',`
type httpd_cobbler_content_ra_t, httpd_cobbler_content_rw_t;
')
@@ -1103,8 +1101,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cobbler.if.ptrace serefpolic
admin_pattern($1, cobbler_etc_t)
diff -up serefpolicy-3.10.0/policy/modules/services/cobbler.te.ptrace serefpolicy-3.10.0/policy/modules/services/cobbler.te
---- serefpolicy-3.10.0/policy/modules/services/cobbler.te.ptrace 2011-10-11 16:42:15.724761692 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cobbler.te 2011-10-11 16:42:16.124761580 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cobbler.te.ptrace 2011-10-14 09:46:28.670531386 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cobbler.te 2011-10-14 09:46:29.138522419 -0400
@@ -60,7 +60,7 @@ files_tmp_file(cobbler_tmp_t)
#
@@ -1115,8 +1113,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cobbler.te.ptrace serefpolic
allow cobblerd_t self:process { getsched setsched signal };
allow cobblerd_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/collectd.if.ptrace serefpolicy-3.10.0/policy/modules/services/collectd.if
---- serefpolicy-3.10.0/policy/modules/services/collectd.if.ptrace 2011-10-11 16:42:15.725761692 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/collectd.if 2011-10-11 16:42:16.125761580 -0400
+--- serefpolicy-3.10.0/policy/modules/services/collectd.if.ptrace 2011-10-14 09:46:28.671531367 -0400
++++ serefpolicy-3.10.0/policy/modules/services/collectd.if 2011-10-14 09:46:29.139522400 -0400
@@ -142,9 +142,13 @@ interface(`collectd_admin',`
type collectd_var_lib_t;
')
@@ -1133,8 +1131,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/collectd.if.ptrace serefpoli
domain_system_change_exemption($1)
role_transition $2 collectd_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/consolekit.te.ptrace serefpolicy-3.10.0/policy/modules/services/consolekit.te
---- serefpolicy-3.10.0/policy/modules/services/consolekit.te.ptrace 2011-10-11 16:42:15.727761692 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/consolekit.te 2011-10-11 16:42:16.125761580 -0400
+--- serefpolicy-3.10.0/policy/modules/services/consolekit.te.ptrace 2011-10-14 09:46:28.673531329 -0400
++++ serefpolicy-3.10.0/policy/modules/services/consolekit.te 2011-10-14 09:46:29.140522381 -0400
@@ -23,7 +23,8 @@ files_tmpfs_file(consolekit_tmpfs_t)
# consolekit local policy
#
@@ -1156,8 +1154,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/consolekit.te.ptrace serefpo
unconfined_stream_connect(consolekit_t)
')
diff -up serefpolicy-3.10.0/policy/modules/services/corosync.if.ptrace serefpolicy-3.10.0/policy/modules/services/corosync.if
---- serefpolicy-3.10.0/policy/modules/services/corosync.if.ptrace 2011-10-11 16:42:15.728761692 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/corosync.if 2011-10-11 16:42:16.126761580 -0400
+--- serefpolicy-3.10.0/policy/modules/services/corosync.if.ptrace 2011-10-14 09:46:28.674531310 -0400
++++ serefpolicy-3.10.0/policy/modules/services/corosync.if 2011-10-14 09:46:29.141522362 -0400
@@ -101,9 +101,13 @@ interface(`corosyncd_admin',`
type corosync_initrc_exec_t;
')
@@ -1174,9 +1172,9 @@ diff -up serefpolicy-3.10.0/policy/modules/services/corosync.if.ptrace serefpoli
domain_system_change_exemption($1)
role_transition $2 corosync_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/corosync.te.ptrace serefpolicy-3.10.0/policy/modules/services/corosync.te
---- serefpolicy-3.10.0/policy/modules/services/corosync.te.ptrace 2011-10-11 16:42:15.729761692 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/corosync.te 2011-10-11 16:42:16.126761580 -0400
-@@ -32,7 +32,7 @@ files_pid_file(corosync_var_run_t)
+--- serefpolicy-3.10.0/policy/modules/services/corosync.te.ptrace 2011-10-14 09:46:28.675531291 -0400
++++ serefpolicy-3.10.0/policy/modules/services/corosync.te 2011-10-14 09:46:29.142522343 -0400
+@@ -33,7 +33,7 @@ files_pid_file(corosync_var_run_t)
# corosync local policy
#
@@ -1186,8 +1184,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/corosync.te.ptrace serefpoli
allow corosync_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/cron.if.ptrace serefpolicy-3.10.0/policy/modules/services/cron.if
---- serefpolicy-3.10.0/policy/modules/services/cron.if.ptrace 2011-10-11 16:42:15.732761690 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cron.if 2011-10-11 16:42:16.127761579 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cron.if.ptrace 2011-10-14 09:46:28.679531213 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cron.if 2011-10-14 09:46:29.143522324 -0400
@@ -140,7 +140,11 @@ interface(`cron_role',`
# crontab shows up in user ps
@@ -1226,8 +1224,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cron.if.ptrace serefpolicy-3
# Run helper programs as the user domain
#corecmd_bin_domtrans(admin_crontab_t, $2)
diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.ptrace serefpolicy-3.10.0/policy/modules/services/cron.te
---- serefpolicy-3.10.0/policy/modules/services/cron.te.ptrace 2011-10-11 16:42:16.027761608 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cron.te 2011-10-11 16:42:16.128761578 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cron.te.ptrace 2011-10-14 09:46:29.040524294 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cron.te 2011-10-14 09:46:29.145522286 -0400
@@ -350,7 +350,6 @@ optional_policy(`
#
@@ -1237,8 +1235,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.ptrace serefpolicy-3
allow system_cronjob_t self:process { signal_perms getsched setsched };
allow system_cronjob_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/ctdbd.if.ptrace serefpolicy-3.10.0/policy/modules/services/ctdbd.if
---- serefpolicy-3.10.0/policy/modules/services/ctdbd.if.ptrace 2011-10-11 16:42:15.734761690 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ctdbd.if 2011-10-11 16:42:16.128761578 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ctdbd.if.ptrace 2011-10-14 09:46:28.681531175 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ctdbd.if 2011-10-14 09:46:29.146522267 -0400
@@ -236,8 +236,11 @@ interface(`ctdbd_admin',`
type ctdbd_log_t, ctdbd_var_lib_t, ctdbd_var_run_t;
')
@@ -1253,8 +1251,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ctdbd.if.ptrace serefpolicy-
ctdbd_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ctdbd.te.ptrace serefpolicy-3.10.0/policy/modules/services/ctdbd.te
---- serefpolicy-3.10.0/policy/modules/services/ctdbd.te.ptrace 2011-10-11 16:42:15.734761690 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ctdbd.te 2011-10-11 16:42:16.129761578 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ctdbd.te.ptrace 2011-10-14 09:46:28.682531156 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ctdbd.te 2011-10-14 09:46:29.146522267 -0400
@@ -33,7 +33,7 @@ files_pid_file(ctdbd_var_run_t)
# ctdbd local policy
#
@@ -1265,8 +1263,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ctdbd.te.ptrace serefpolicy-
allow ctdbd_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/cups.if.ptrace serefpolicy-3.10.0/policy/modules/services/cups.if
---- serefpolicy-3.10.0/policy/modules/services/cups.if.ptrace 2011-10-11 16:42:15.735761690 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cups.if 2011-10-11 16:42:16.130761578 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cups.if.ptrace 2011-10-14 09:46:28.683531137 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cups.if 2011-10-14 09:46:29.147522248 -0400
@@ -327,9 +327,13 @@ interface(`cups_admin',`
type ptal_var_run_t;
')
@@ -1283,8 +1281,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cups.if.ptrace serefpolicy-3
domain_system_change_exemption($1)
role_transition $2 cupsd_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/cvs.if.ptrace serefpolicy-3.10.0/policy/modules/services/cvs.if
---- serefpolicy-3.10.0/policy/modules/services/cvs.if.ptrace 2011-10-11 16:42:15.737761690 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cvs.if 2011-10-11 16:42:16.131761578 -0400
+--- serefpolicy-3.10.0/policy/modules/services/cvs.if.ptrace 2011-10-14 09:46:28.685531099 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cvs.if 2011-10-14 09:46:29.148522228 -0400
@@ -80,9 +80,13 @@ interface(`cvs_admin',`
type cvs_data_t, cvs_var_run_t;
')
@@ -1302,7 +1300,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cvs.if.ptrace serefpolicy-3.
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/cyrus.if.ptrace serefpolicy-3.10.0/policy/modules/services/cyrus.if
--- serefpolicy-3.10.0/policy/modules/services/cyrus.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/cyrus.if 2011-10-11 16:42:16.131761578 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cyrus.if 2011-10-14 09:46:29.148522228 -0400
@@ -62,9 +62,13 @@ interface(`cyrus_admin',`
type cyrus_var_run_t, cyrus_initrc_exec_t;
')
@@ -1319,8 +1317,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/cyrus.if.ptrace serefpolicy-
domain_system_change_exemption($1)
role_transition $2 cyrus_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/dbus.if.ptrace serefpolicy-3.10.0/policy/modules/services/dbus.if
---- serefpolicy-3.10.0/policy/modules/services/dbus.if.ptrace 2011-10-11 16:42:15.740761689 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/dbus.if 2011-10-11 16:42:16.132761578 -0400
+--- serefpolicy-3.10.0/policy/modules/services/dbus.if.ptrace 2011-10-14 09:46:28.690531003 -0400
++++ serefpolicy-3.10.0/policy/modules/services/dbus.if 2011-10-14 09:46:29.149522208 -0400
@@ -71,7 +71,11 @@ template(`dbus_role_template',`
domtrans_pattern($3, dbusd_exec_t, $1_dbusd_t)
@@ -1335,8 +1333,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dbus.if.ptrace serefpolicy-3
# cjp: this seems very broken
corecmd_bin_domtrans($1_dbusd_t, $1_t)
diff -up serefpolicy-3.10.0/policy/modules/services/ddclient.if.ptrace serefpolicy-3.10.0/policy/modules/services/ddclient.if
---- serefpolicy-3.10.0/policy/modules/services/ddclient.if.ptrace 2011-10-11 16:42:15.742761687 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ddclient.if 2011-10-11 16:42:16.132761578 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ddclient.if.ptrace 2011-10-14 09:46:28.693530945 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ddclient.if 2011-10-14 09:46:29.150522189 -0400
@@ -68,9 +68,13 @@ interface(`ddclient_admin',`
type ddclient_var_run_t;
')
@@ -1353,8 +1351,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ddclient.if.ptrace serefpoli
domain_system_change_exemption($1)
role_transition $2 ddclient_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/denyhosts.if.ptrace serefpolicy-3.10.0/policy/modules/services/denyhosts.if
---- serefpolicy-3.10.0/policy/modules/services/denyhosts.if.ptrace 2011-10-11 16:42:15.744761687 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/denyhosts.if 2011-10-11 16:42:16.133761578 -0400
+--- serefpolicy-3.10.0/policy/modules/services/denyhosts.if.ptrace 2011-10-14 09:46:28.694530926 -0400
++++ serefpolicy-3.10.0/policy/modules/services/denyhosts.if 2011-10-14 09:46:29.151522170 -0400
@@ -67,9 +67,13 @@ interface(`denyhosts_admin',`
type denyhosts_var_log_t, denyhosts_initrc_exec_t;
')
@@ -1371,8 +1369,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/denyhosts.if.ptrace serefpol
domain_system_change_exemption($1)
role_transition $2 denyhosts_initrc_exec_t system_r;
diff -up serefpolicy-3.10.0/policy/modules/services/devicekit.if.ptrace serefpolicy-3.10.0/policy/modules/services/devicekit.if
---- serefpolicy-3.10.0/policy/modules/services/devicekit.if.ptrace 2011-10-11 16:42:15.745761687 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/devicekit.if 2011-10-11 16:42:16.133761578 -0400
+--- serefpolicy-3.10.0/policy/modules/services/devicekit.if.ptrace 2011-10-14 09:46:28.696530888 -0400
++++ serefpolicy-3.10.0/policy/modules/services/devicekit.if 2011-10-14 09:46:29.151522170 -0400
@@ -308,13 +308,18 @@ interface(`devicekit_admin',`
type devicekit_var_lib_t, devicekit_var_run_t, devicekit_tmp_t;
')
@@ -1396,8 +1394,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/devicekit.if.ptrace serefpol
admin_pattern($1, devicekit_tmp_t)
diff -up serefpolicy-3.10.0/policy/modules/services/devicekit.te.ptrace serefpolicy-3.10.0/policy/modules/services/devicekit.te
---- serefpolicy-3.10.0/policy/modules/services/devicekit.te.ptrace 2011-10-11 16:42:15.746761687 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/devicekit.te 2011-10-11 16:42:16.134761577 -0400
+--- serefpolicy-3.10.0/policy/modules/services/devicekit.te.ptrace 2011-10-14 09:46:28.697530869 -0400
++++ serefpolicy-3.10.0/policy/modules/services/devicekit.te 2011-10-14 09:46:29.152522151 -0400
@@ -65,7 +65,8 @@ optional_policy(`
# DeviceKit disk local policy
#
@@ -1418,8 +1416,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/devicekit.te.ptrace serefpol
allow devicekit_power_t self:fifo_file rw_fifo_file_perms;
allow devicekit_power_t self:unix_dgram_socket create_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/dhcp.if.ptrace serefpolicy-3.10.0/policy/modules/services/dhcp.if
---- serefpolicy-3.10.0/policy/modules/services/dhcp.if.ptrace 2011-10-11 16:42:15.747761687 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/dhcp.if 2011-10-11 16:42:16.135761576 -0400
+--- serefpolicy-3.10.0/policy/modules/services/dhcp.if.ptrace 2011-10-14 09:46:28.698530850 -0400
++++ serefpolicy-3.10.0/policy/modules/services/dhcp.if 2011-10-14 09:46:29.153522132 -0400
@@ -105,8 +105,11 @@ interface(`dhcpd_admin',`
type dhcpd_var_run_t, dhcpd_initrc_exec_t;
')
@@ -1435,7 +1433,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dhcp.if.ptrace serefpolicy-3
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/dictd.if.ptrace serefpolicy-3.10.0/policy/modules/services/dictd.if
--- serefpolicy-3.10.0/policy/modules/services/dictd.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/dictd.if 2011-10-11 16:42:16.135761576 -0400
++++ serefpolicy-3.10.0/policy/modules/services/dictd.if 2011-10-14 09:46:29.153522132 -0400
@@ -38,8 +38,11 @@ interface(`dictd_admin',`
type dictd_var_run_t, dictd_initrc_exec_t;
')
@@ -1450,8 +1448,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dictd.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, dictd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/dnsmasq.if.ptrace serefpolicy-3.10.0/policy/modules/services/dnsmasq.if
---- serefpolicy-3.10.0/policy/modules/services/dnsmasq.if.ptrace 2011-10-11 16:42:15.752761685 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/dnsmasq.if 2011-10-11 16:42:16.136761576 -0400
+--- serefpolicy-3.10.0/policy/modules/services/dnsmasq.if.ptrace 2011-10-14 09:46:28.704530734 -0400
++++ serefpolicy-3.10.0/policy/modules/services/dnsmasq.if 2011-10-14 09:46:29.154522113 -0400
@@ -281,8 +281,11 @@ interface(`dnsmasq_admin',`
type dnsmasq_initrc_exec_t;
')
@@ -1466,8 +1464,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dnsmasq.if.ptrace serefpolic
init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/dovecot.if.ptrace serefpolicy-3.10.0/policy/modules/services/dovecot.if
---- serefpolicy-3.10.0/policy/modules/services/dovecot.if.ptrace 2011-10-11 16:42:15.754761685 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/dovecot.if 2011-10-11 16:42:16.136761576 -0400
+--- serefpolicy-3.10.0/policy/modules/services/dovecot.if.ptrace 2011-10-14 09:46:28.706530696 -0400
++++ serefpolicy-3.10.0/policy/modules/services/dovecot.if 2011-10-14 09:46:29.155522094 -0400
@@ -119,8 +119,11 @@ interface(`dovecot_admin',`
type dovecot_cert_t, dovecot_passwd_t, dovecot_initrc_exec_t;
')
@@ -1482,8 +1480,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dovecot.if.ptrace serefpolic
init_labeled_script_domtrans($1, dovecot_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/drbd.if.ptrace serefpolicy-3.10.0/policy/modules/services/drbd.if
---- serefpolicy-3.10.0/policy/modules/services/drbd.if.ptrace 2011-10-11 16:42:15.755761684 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/drbd.if 2011-10-11 16:42:16.137761576 -0400
+--- serefpolicy-3.10.0/policy/modules/services/drbd.if.ptrace 2011-10-14 09:46:28.709530639 -0400
++++ serefpolicy-3.10.0/policy/modules/services/drbd.if 2011-10-14 09:46:29.155522094 -0400
@@ -120,8 +120,11 @@ interface(`drbd_admin',`
type drbd_var_lib_t;
')
@@ -1498,8 +1496,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/drbd.if.ptrace serefpolicy-3
files_search_var_lib($1)
admin_pattern($1, drbd_var_lib_t)
diff -up serefpolicy-3.10.0/policy/modules/services/dspam.if.ptrace serefpolicy-3.10.0/policy/modules/services/dspam.if
---- serefpolicy-3.10.0/policy/modules/services/dspam.if.ptrace 2011-10-11 16:42:15.756761683 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/dspam.if 2011-10-11 16:42:16.138761576 -0400
+--- serefpolicy-3.10.0/policy/modules/services/dspam.if.ptrace 2011-10-14 09:46:28.711530601 -0400
++++ serefpolicy-3.10.0/policy/modules/services/dspam.if 2011-10-14 09:46:29.156522075 -0400
@@ -244,8 +244,11 @@ interface(`dspam_admin',`
type dspam_var_run_t;
')
@@ -1514,8 +1512,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/dspam.if.ptrace serefpolicy-
dspam_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/exim.if.ptrace serefpolicy-3.10.0/policy/modules/services/exim.if
---- serefpolicy-3.10.0/policy/modules/services/exim.if.ptrace 2011-10-11 16:42:15.758761683 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/exim.if 2011-10-11 16:42:16.139761576 -0400
+--- serefpolicy-3.10.0/policy/modules/services/exim.if.ptrace 2011-10-14 09:46:28.712530582 -0400
++++ serefpolicy-3.10.0/policy/modules/services/exim.if 2011-10-14 09:46:29.157522056 -0400
@@ -260,8 +260,11 @@ interface(`exim_admin',`
type exim_tmp_t, exim_spool_t, exim_var_run_t;
')
@@ -1530,8 +1528,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/exim.if.ptrace serefpolicy-3
exim_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/fail2ban.if.ptrace serefpolicy-3.10.0/policy/modules/services/fail2ban.if
---- serefpolicy-3.10.0/policy/modules/services/fail2ban.if.ptrace 2011-10-11 16:42:15.760761683 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/fail2ban.if 2011-10-11 16:42:16.139761576 -0400
+--- serefpolicy-3.10.0/policy/modules/services/fail2ban.if.ptrace 2011-10-14 09:46:28.714530543 -0400
++++ serefpolicy-3.10.0/policy/modules/services/fail2ban.if 2011-10-14 09:46:29.158522037 -0400
@@ -199,8 +199,11 @@ interface(`fail2ban_admin',`
type fail2ban_client_t;
')
@@ -1546,8 +1544,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/fail2ban.if.ptrace serefpoli
init_labeled_script_domtrans($1, fail2ban_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/fcoemon.if.ptrace serefpolicy-3.10.0/policy/modules/services/fcoemon.if
---- serefpolicy-3.10.0/policy/modules/services/fcoemon.if.ptrace 2011-10-11 16:42:15.761761683 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/fcoemon.if 2011-10-11 16:42:16.140761576 -0400
+--- serefpolicy-3.10.0/policy/modules/services/fcoemon.if.ptrace 2011-10-14 09:46:28.716530504 -0400
++++ serefpolicy-3.10.0/policy/modules/services/fcoemon.if 2011-10-14 09:46:29.158522037 -0400
@@ -81,8 +81,11 @@ interface(`fcoemon_admin',`
type fcoemon_var_run_t;
')
@@ -1562,8 +1560,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/fcoemon.if.ptrace serefpolic
files_search_pids($1)
admin_pattern($1, fcoemon_var_run_t)
diff -up serefpolicy-3.10.0/policy/modules/services/fetchmail.if.ptrace serefpolicy-3.10.0/policy/modules/services/fetchmail.if
---- serefpolicy-3.10.0/policy/modules/services/fetchmail.if.ptrace 2011-10-11 16:42:15.762761682 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/fetchmail.if 2011-10-11 16:42:16.140761576 -0400
+--- serefpolicy-3.10.0/policy/modules/services/fetchmail.if.ptrace 2011-10-14 09:46:28.717530485 -0400
++++ serefpolicy-3.10.0/policy/modules/services/fetchmail.if 2011-10-14 09:46:29.159522018 -0400
@@ -18,8 +18,11 @@ interface(`fetchmail_admin',`
type fetchmail_var_run_t;
')
@@ -1578,8 +1576,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/fetchmail.if.ptrace serefpol
files_list_etc($1)
admin_pattern($1, fetchmail_etc_t)
diff -up serefpolicy-3.10.0/policy/modules/services/firewalld.if.ptrace serefpolicy-3.10.0/policy/modules/services/firewalld.if
---- serefpolicy-3.10.0/policy/modules/services/firewalld.if.ptrace 2011-10-11 16:42:15.763761681 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/firewalld.if 2011-10-11 16:42:16.141761575 -0400
+--- serefpolicy-3.10.0/policy/modules/services/firewalld.if.ptrace 2011-10-14 09:46:28.719530447 -0400
++++ serefpolicy-3.10.0/policy/modules/services/firewalld.if 2011-10-14 09:46:29.159522018 -0400
@@ -62,8 +62,11 @@ interface(`firewalld_admin',`
type firewalld_initrc_exec_t;
')
@@ -1594,8 +1592,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/firewalld.if.ptrace serefpol
firewalld_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/fprintd.te.ptrace serefpolicy-3.10.0/policy/modules/services/fprintd.te
---- serefpolicy-3.10.0/policy/modules/services/fprintd.te.ptrace 2011-10-11 16:42:15.765761681 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/fprintd.te 2011-10-11 16:42:16.141761575 -0400
+--- serefpolicy-3.10.0/policy/modules/services/fprintd.te.ptrace 2011-10-14 09:46:28.721530409 -0400
++++ serefpolicy-3.10.0/policy/modules/services/fprintd.te 2011-10-14 09:46:29.160521999 -0400
@@ -17,7 +17,8 @@ files_type(fprintd_var_lib_t)
# Local policy
#
@@ -1607,8 +1605,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/fprintd.te.ptrace serefpolic
allow fprintd_t self:process { getsched setsched signal };
diff -up serefpolicy-3.10.0/policy/modules/services/ftp.if.ptrace serefpolicy-3.10.0/policy/modules/services/ftp.if
---- serefpolicy-3.10.0/policy/modules/services/ftp.if.ptrace 2011-10-11 16:42:15.766761681 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ftp.if 2011-10-11 16:42:16.142761574 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ftp.if.ptrace 2011-10-14 09:46:28.722530390 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ftp.if 2011-10-14 09:46:29.161521980 -0400
@@ -237,8 +237,11 @@ interface(`ftp_admin',`
type ftpd_initrc_exec_t;
')
@@ -1623,8 +1621,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ftp.if.ptrace serefpolicy-3.
init_labeled_script_domtrans($1, ftpd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/git.if.ptrace serefpolicy-3.10.0/policy/modules/services/git.if
---- serefpolicy-3.10.0/policy/modules/services/git.if.ptrace 2011-10-11 16:42:15.768761681 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/git.if 2011-10-11 16:42:16.142761574 -0400
+--- serefpolicy-3.10.0/policy/modules/services/git.if.ptrace 2011-10-14 09:46:28.725530332 -0400
++++ serefpolicy-3.10.0/policy/modules/services/git.if 2011-10-14 09:46:29.162521961 -0400
@@ -42,8 +42,11 @@ interface(`git_session_role',`
domtrans_pattern($2, gitd_exec_t, git_session_t)
@@ -1639,8 +1637,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/git.if.ptrace serefpolicy-3.
########################################
diff -up serefpolicy-3.10.0/policy/modules/services/glance.if.ptrace serefpolicy-3.10.0/policy/modules/services/glance.if
---- serefpolicy-3.10.0/policy/modules/services/glance.if.ptrace 2011-10-11 16:42:15.770761679 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/glance.if 2011-10-11 16:42:16.143761574 -0400
+--- serefpolicy-3.10.0/policy/modules/services/glance.if.ptrace 2011-10-14 09:46:28.727530293 -0400
++++ serefpolicy-3.10.0/policy/modules/services/glance.if 2011-10-14 09:46:29.163521941 -0400
@@ -245,10 +245,14 @@ interface(`glance_admin',`
type glance_api_initrc_exec_t;
')
@@ -1659,8 +1657,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/glance.if.ptrace serefpolicy
init_labeled_script_domtrans($1, glance_registry_initrc_exec_t)
diff -up serefpolicy-3.10.0/policy/modules/services/gnomeclock.te.ptrace serefpolicy-3.10.0/policy/modules/services/gnomeclock.te
---- serefpolicy-3.10.0/policy/modules/services/gnomeclock.te.ptrace 2011-10-11 16:42:15.771761679 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/gnomeclock.te 2011-10-11 16:42:16.144761574 -0400
+--- serefpolicy-3.10.0/policy/modules/services/gnomeclock.te.ptrace 2011-10-14 09:46:28.729530255 -0400
++++ serefpolicy-3.10.0/policy/modules/services/gnomeclock.te 2011-10-14 09:46:29.163521941 -0400
@@ -14,7 +14,7 @@ dbus_system_domain(gnomeclock_t, gnomecl
# gnomeclock local policy
#
@@ -1671,8 +1669,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/gnomeclock.te.ptrace serefpo
allow gnomeclock_t self:fifo_file rw_fifo_file_perms;
allow gnomeclock_t self:unix_stream_socket create_stream_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/gpsd.te.ptrace serefpolicy-3.10.0/policy/modules/services/gpsd.te
---- serefpolicy-3.10.0/policy/modules/services/gpsd.te.ptrace 2011-10-11 16:42:15.773761679 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/gpsd.te 2011-10-11 16:42:16.144761574 -0400
+--- serefpolicy-3.10.0/policy/modules/services/gpsd.te.ptrace 2011-10-14 09:46:28.731530217 -0400
++++ serefpolicy-3.10.0/policy/modules/services/gpsd.te 2011-10-14 09:46:29.164521921 -0400
@@ -25,7 +25,7 @@ files_pid_file(gpsd_var_run_t)
#
@@ -1683,8 +1681,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/gpsd.te.ptrace serefpolicy-3
allow gpsd_t self:shm create_shm_perms;
allow gpsd_t self:unix_dgram_socket { create_socket_perms sendto };
diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.ptrace serefpolicy-3.10.0/policy/modules/services/hadoop.if
---- serefpolicy-3.10.0/policy/modules/services/hadoop.if.ptrace 2011-10-11 16:42:16.028761607 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/hadoop.if 2011-10-11 16:42:16.145761574 -0400
+--- serefpolicy-3.10.0/policy/modules/services/hadoop.if.ptrace 2011-10-14 09:46:29.040524294 -0400
++++ serefpolicy-3.10.0/policy/modules/services/hadoop.if 2011-10-14 09:46:29.165521902 -0400
@@ -222,14 +222,21 @@ interface(`hadoop_role',`
hadoop_domtrans($2)
role $1 types hadoop_t;
@@ -1710,8 +1708,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.ptrace serefpolicy
########################################
diff -up serefpolicy-3.10.0/policy/modules/services/hal.if.ptrace serefpolicy-3.10.0/policy/modules/services/hal.if
---- serefpolicy-3.10.0/policy/modules/services/hal.if.ptrace 2011-10-11 16:42:15.776761679 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/hal.if 2011-10-11 16:42:16.146761574 -0400
+--- serefpolicy-3.10.0/policy/modules/services/hal.if.ptrace 2011-10-14 09:46:28.735530141 -0400
++++ serefpolicy-3.10.0/policy/modules/services/hal.if 2011-10-14 09:46:29.166521883 -0400
@@ -70,7 +70,9 @@ interface(`hal_ptrace',`
type hald_t;
')
@@ -1724,8 +1722,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hal.if.ptrace serefpolicy-3.
########################################
diff -up serefpolicy-3.10.0/policy/modules/services/hal.te.ptrace serefpolicy-3.10.0/policy/modules/services/hal.te
---- serefpolicy-3.10.0/policy/modules/services/hal.te.ptrace 2011-10-11 16:42:15.776761679 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/hal.te 2011-10-11 16:42:16.146761574 -0400
+--- serefpolicy-3.10.0/policy/modules/services/hal.te.ptrace 2011-10-14 09:46:28.735530141 -0400
++++ serefpolicy-3.10.0/policy/modules/services/hal.te 2011-10-14 09:46:29.167521864 -0400
@@ -64,7 +64,7 @@ typealias hald_var_run_t alias pmtools_v
# execute openvt which needs setuid
@@ -1736,8 +1734,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hal.te.ptrace serefpolicy-3.
allow hald_t self:fifo_file rw_fifo_file_perms;
allow hald_t self:unix_stream_socket { create_stream_socket_perms connectto };
diff -up serefpolicy-3.10.0/policy/modules/services/hddtemp.if.ptrace serefpolicy-3.10.0/policy/modules/services/hddtemp.if
---- serefpolicy-3.10.0/policy/modules/services/hddtemp.if.ptrace 2011-10-11 16:42:15.777761679 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/hddtemp.if 2011-10-11 16:42:16.147761574 -0400
+--- serefpolicy-3.10.0/policy/modules/services/hddtemp.if.ptrace 2011-10-14 09:46:28.736530122 -0400
++++ serefpolicy-3.10.0/policy/modules/services/hddtemp.if 2011-10-14 09:46:29.167521864 -0400
@@ -60,8 +60,11 @@ interface(`hddtemp_admin',`
type hddtemp_t, hddtemp_etc_t, hddtemp_initrc_exec_t;
')
@@ -1752,8 +1750,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/hddtemp.if.ptrace serefpolic
init_labeled_script_domtrans($1, hddtemp_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/icecast.if.ptrace serefpolicy-3.10.0/policy/modules/services/icecast.if
---- serefpolicy-3.10.0/policy/modules/services/icecast.if.ptrace 2011-10-11 16:42:15.778761679 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/icecast.if 2011-10-11 16:42:16.148761574 -0400
+--- serefpolicy-3.10.0/policy/modules/services/icecast.if.ptrace 2011-10-14 09:46:28.737530102 -0400
++++ serefpolicy-3.10.0/policy/modules/services/icecast.if 2011-10-14 09:46:29.168521845 -0400
@@ -173,8 +173,11 @@ interface(`icecast_admin',`
type icecast_t, icecast_initrc_exec_t;
')
@@ -1768,8 +1766,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/icecast.if.ptrace serefpolic
# Allow icecast_t to restart the apache service
icecast_initrc_domtrans($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ifplugd.if.ptrace serefpolicy-3.10.0/policy/modules/services/ifplugd.if
---- serefpolicy-3.10.0/policy/modules/services/ifplugd.if.ptrace 2011-10-11 16:42:15.779761678 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ifplugd.if 2011-10-11 16:42:16.148761574 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ifplugd.if.ptrace 2011-10-14 09:46:28.738530082 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ifplugd.if 2011-10-14 09:46:29.169521826 -0400
@@ -117,7 +117,7 @@ interface(`ifplugd_admin',`
type ifplugd_initrc_exec_t;
')
@@ -1780,8 +1778,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ifplugd.if.ptrace serefpolic
init_labeled_script_domtrans($1, ifplugd_initrc_exec_t)
diff -up serefpolicy-3.10.0/policy/modules/services/ifplugd.te.ptrace serefpolicy-3.10.0/policy/modules/services/ifplugd.te
---- serefpolicy-3.10.0/policy/modules/services/ifplugd.te.ptrace 2011-10-11 16:42:15.779761678 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ifplugd.te 2011-10-11 16:42:16.149761574 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ifplugd.te.ptrace 2011-10-14 09:46:28.739530063 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ifplugd.te 2011-10-14 09:46:29.170521807 -0400
@@ -26,7 +26,7 @@ files_pid_file(ifplugd_var_run_t)
#
@@ -1792,8 +1790,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ifplugd.te.ptrace serefpolic
allow ifplugd_t self:fifo_file rw_fifo_file_perms;
allow ifplugd_t self:tcp_socket create_stream_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/inn.if.ptrace serefpolicy-3.10.0/policy/modules/services/inn.if
---- serefpolicy-3.10.0/policy/modules/services/inn.if.ptrace 2011-10-11 16:42:15.781761676 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/inn.if 2011-10-11 16:42:16.149761574 -0400
+--- serefpolicy-3.10.0/policy/modules/services/inn.if.ptrace 2011-10-14 09:46:28.741530025 -0400
++++ serefpolicy-3.10.0/policy/modules/services/inn.if 2011-10-14 09:46:29.170521807 -0400
@@ -202,8 +202,11 @@ interface(`inn_admin',`
type innd_initrc_exec_t;
')
@@ -1808,8 +1806,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/inn.if.ptrace serefpolicy-3.
init_labeled_script_domtrans($1, innd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/jabber.if.ptrace serefpolicy-3.10.0/policy/modules/services/jabber.if
---- serefpolicy-3.10.0/policy/modules/services/jabber.if.ptrace 2011-10-11 16:42:15.784761676 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/jabber.if 2011-10-11 16:42:16.150761573 -0400
+--- serefpolicy-3.10.0/policy/modules/services/jabber.if.ptrace 2011-10-14 09:46:28.744529968 -0400
++++ serefpolicy-3.10.0/policy/modules/services/jabber.if 2011-10-14 09:46:29.171521788 -0400
@@ -143,10 +143,14 @@ interface(`jabber_admin',`
type jabberd_initrc_exec_t, jabberd_router_t;
')
@@ -1828,8 +1826,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/jabber.if.ptrace serefpolicy
init_labeled_script_domtrans($1, jabberd_initrc_exec_t)
diff -up serefpolicy-3.10.0/policy/modules/services/kerberos.if.ptrace serefpolicy-3.10.0/policy/modules/services/kerberos.if
---- serefpolicy-3.10.0/policy/modules/services/kerberos.if.ptrace 2011-10-11 16:42:15.785761676 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/kerberos.if 2011-10-11 16:42:16.150761573 -0400
+--- serefpolicy-3.10.0/policy/modules/services/kerberos.if.ptrace 2011-10-14 09:46:28.746529930 -0400
++++ serefpolicy-3.10.0/policy/modules/services/kerberos.if 2011-10-14 09:46:29.172521769 -0400
@@ -340,13 +340,18 @@ interface(`kerberos_admin',`
type krb5kdc_var_run_t, krb5_host_rcache_t;
')
@@ -1853,8 +1851,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/kerberos.if.ptrace serefpoli
init_labeled_script_domtrans($1, kerberos_initrc_exec_t)
diff -up serefpolicy-3.10.0/policy/modules/services/kerneloops.if.ptrace serefpolicy-3.10.0/policy/modules/services/kerneloops.if
---- serefpolicy-3.10.0/policy/modules/services/kerneloops.if.ptrace 2011-10-11 16:42:15.786761676 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/kerneloops.if 2011-10-11 16:42:16.151761573 -0400
+--- serefpolicy-3.10.0/policy/modules/services/kerneloops.if.ptrace 2011-10-14 09:46:28.747529911 -0400
++++ serefpolicy-3.10.0/policy/modules/services/kerneloops.if 2011-10-14 09:46:29.172521769 -0400
@@ -101,8 +101,11 @@ interface(`kerneloops_admin',`
type kerneloops_t, kerneloops_initrc_exec_t, kerneloops_tmp_t;
')
@@ -1869,8 +1867,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/kerneloops.if.ptrace serefpo
init_labeled_script_domtrans($1, kerneloops_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ksmtuned.if.ptrace serefpolicy-3.10.0/policy/modules/services/ksmtuned.if
---- serefpolicy-3.10.0/policy/modules/services/ksmtuned.if.ptrace 2011-10-11 16:42:15.788761674 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ksmtuned.if 2011-10-11 16:42:16.151761573 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ksmtuned.if.ptrace 2011-10-14 09:46:28.750529852 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ksmtuned.if 2011-10-14 09:46:29.173521750 -0400
@@ -58,8 +58,11 @@ interface(`ksmtuned_admin',`
type ksmtuned_t, ksmtuned_var_run_t, ksmtuned_initrc_exec_t;
')
@@ -1885,8 +1883,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ksmtuned.if.ptrace serefpoli
files_list_pids($1)
admin_pattern($1, ksmtuned_var_run_t)
diff -up serefpolicy-3.10.0/policy/modules/services/ksmtuned.te.ptrace serefpolicy-3.10.0/policy/modules/services/ksmtuned.te
---- serefpolicy-3.10.0/policy/modules/services/ksmtuned.te.ptrace 2011-10-11 16:42:15.789761674 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ksmtuned.te 2011-10-11 16:42:16.152761572 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ksmtuned.te.ptrace 2011-10-14 09:46:28.751529833 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ksmtuned.te 2011-10-14 09:46:29.174521731 -0400
@@ -23,7 +23,7 @@ files_pid_file(ksmtuned_var_run_t)
# ksmtuned local policy
#
@@ -1897,8 +1895,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ksmtuned.te.ptrace serefpoli
manage_dirs_pattern(ksmtuned_t, ksmtuned_log_t, ksmtuned_log_t)
diff -up serefpolicy-3.10.0/policy/modules/services/l2tpd.if.ptrace serefpolicy-3.10.0/policy/modules/services/l2tpd.if
---- serefpolicy-3.10.0/policy/modules/services/l2tpd.if.ptrace 2011-10-11 16:42:15.790761674 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/l2tpd.if 2011-10-11 16:42:16.152761572 -0400
+--- serefpolicy-3.10.0/policy/modules/services/l2tpd.if.ptrace 2011-10-14 09:46:28.752529814 -0400
++++ serefpolicy-3.10.0/policy/modules/services/l2tpd.if 2011-10-14 09:46:29.174521731 -0400
@@ -101,8 +101,11 @@ interface(`l2tpd_admin',`
type l2tpd_var_run_t;
')
@@ -1913,8 +1911,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/l2tpd.if.ptrace serefpolicy-
l2tpd_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ldap.if.ptrace serefpolicy-3.10.0/policy/modules/services/ldap.if
---- serefpolicy-3.10.0/policy/modules/services/ldap.if.ptrace 2011-10-11 16:42:15.792761674 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ldap.if 2011-10-11 16:42:16.153761571 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ldap.if.ptrace 2011-10-14 09:46:28.754529776 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ldap.if 2011-10-14 09:46:29.175521712 -0400
@@ -174,8 +174,11 @@ interface(`ldap_admin',`
type slapd_initrc_exec_t;
')
@@ -1930,7 +1928,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ldap.if.ptrace serefpolicy-3
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/lircd.if.ptrace serefpolicy-3.10.0/policy/modules/services/lircd.if
--- serefpolicy-3.10.0/policy/modules/services/lircd.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/lircd.if 2011-10-11 16:42:16.154761571 -0400
++++ serefpolicy-3.10.0/policy/modules/services/lircd.if 2011-10-14 09:46:29.176521693 -0400
@@ -80,8 +80,11 @@ interface(`lircd_admin',`
type lircd_initrc_exec_t, lircd_etc_t;
')
@@ -1945,8 +1943,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/lircd.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, lircd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/lldpad.if.ptrace serefpolicy-3.10.0/policy/modules/services/lldpad.if
---- serefpolicy-3.10.0/policy/modules/services/lldpad.if.ptrace 2011-10-11 16:42:15.795761672 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/lldpad.if 2011-10-11 16:42:16.154761571 -0400
+--- serefpolicy-3.10.0/policy/modules/services/lldpad.if.ptrace 2011-10-14 09:46:28.759529681 -0400
++++ serefpolicy-3.10.0/policy/modules/services/lldpad.if 2011-10-14 09:46:29.176521693 -0400
@@ -180,8 +180,11 @@ interface(`lldpad_admin',`
type lldpad_var_run_t;
')
@@ -1961,8 +1959,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/lldpad.if.ptrace serefpolicy
lldpad_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/lpd.if.ptrace serefpolicy-3.10.0/policy/modules/services/lpd.if
---- serefpolicy-3.10.0/policy/modules/services/lpd.if.ptrace 2011-10-11 16:42:15.796761672 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/lpd.if 2011-10-11 16:42:16.155761571 -0400
+--- serefpolicy-3.10.0/policy/modules/services/lpd.if.ptrace 2011-10-14 09:46:28.760529661 -0400
++++ serefpolicy-3.10.0/policy/modules/services/lpd.if 2011-10-14 09:46:29.178521654 -0400
@@ -28,7 +28,10 @@ interface(`lpd_role',`
dontaudit lpr_t $2:unix_stream_socket { read write };
@@ -1976,8 +1974,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/lpd.if.ptrace serefpolicy-3.
optional_policy(`
cups_read_config($2)
diff -up serefpolicy-3.10.0/policy/modules/services/mailscanner.if.ptrace serefpolicy-3.10.0/policy/modules/services/mailscanner.if
---- serefpolicy-3.10.0/policy/modules/services/mailscanner.if.ptrace 2011-10-11 16:42:15.799761672 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/mailscanner.if 2011-10-11 16:42:16.155761571 -0400
+--- serefpolicy-3.10.0/policy/modules/services/mailscanner.if.ptrace 2011-10-14 09:46:28.763529603 -0400
++++ serefpolicy-3.10.0/policy/modules/services/mailscanner.if 2011-10-14 09:46:29.178521654 -0400
@@ -47,8 +47,11 @@ interface(`mailscanner_admin',`
role_transition $2 mscan_initrc_exec_t system_r;
allow $2 system_r;
@@ -1992,8 +1990,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mailscanner.if.ptrace serefp
admin_pattern($1, mscan_etc_t)
files_list_etc($1)
diff -up serefpolicy-3.10.0/policy/modules/services/matahari.if.ptrace serefpolicy-3.10.0/policy/modules/services/matahari.if
---- serefpolicy-3.10.0/policy/modules/services/matahari.if.ptrace 2011-10-11 16:42:15.800761672 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/matahari.if 2011-10-11 16:42:16.156761571 -0400
+--- serefpolicy-3.10.0/policy/modules/services/matahari.if.ptrace 2011-10-14 09:46:28.765529565 -0400
++++ serefpolicy-3.10.0/policy/modules/services/matahari.if 2011-10-14 09:46:29.179521635 -0400
@@ -229,13 +229,18 @@ interface(`matahari_admin',`
role_transition $2 matahari_initrc_exec_t system_r;
allow $2 system_r;
@@ -2017,8 +2015,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/matahari.if.ptrace serefpoli
files_search_var_lib($1)
diff -up serefpolicy-3.10.0/policy/modules/services/matahari.te.ptrace serefpolicy-3.10.0/policy/modules/services/matahari.te
---- serefpolicy-3.10.0/policy/modules/services/matahari.te.ptrace 2011-10-11 16:42:15.800761672 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/matahari.te 2011-10-11 16:42:16.156761571 -0400
+--- serefpolicy-3.10.0/policy/modules/services/matahari.te.ptrace 2011-10-14 09:46:28.765529565 -0400
++++ serefpolicy-3.10.0/policy/modules/services/matahari.te 2011-10-14 09:46:29.180521616 -0400
@@ -24,9 +24,6 @@ files_pid_file(matahari_var_run_t)
#
# matahari_hostd local policy
@@ -2030,8 +2028,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/matahari.te.ptrace serefpoli
dev_read_sysfs(matahari_hostd_t)
diff -up serefpolicy-3.10.0/policy/modules/services/memcached.if.ptrace serefpolicy-3.10.0/policy/modules/services/memcached.if
---- serefpolicy-3.10.0/policy/modules/services/memcached.if.ptrace 2011-10-11 16:42:15.801761671 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/memcached.if 2011-10-11 16:42:16.157761571 -0400
+--- serefpolicy-3.10.0/policy/modules/services/memcached.if.ptrace 2011-10-14 09:46:28.767529527 -0400
++++ serefpolicy-3.10.0/policy/modules/services/memcached.if 2011-10-14 09:46:29.180521616 -0400
@@ -59,8 +59,11 @@ interface(`memcached_admin',`
type memcached_t, memcached_initrc_exec_t, memcached_var_run_t;
')
@@ -2046,8 +2044,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/memcached.if.ptrace serefpol
init_labeled_script_domtrans($1, memcached_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/mock.if.ptrace serefpolicy-3.10.0/policy/modules/services/mock.if
---- serefpolicy-3.10.0/policy/modules/services/mock.if.ptrace 2011-10-11 16:42:15.804761670 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/mock.if 2011-10-11 16:42:16.158761571 -0400
+--- serefpolicy-3.10.0/policy/modules/services/mock.if.ptrace 2011-10-14 09:46:28.770529470 -0400
++++ serefpolicy-3.10.0/policy/modules/services/mock.if 2011-10-14 09:46:29.181521597 -0400
@@ -245,7 +245,10 @@ interface(`mock_role',`
mock_run($2, $1)
@@ -2078,8 +2076,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mock.if.ptrace serefpolicy-3
files_list_var_lib($1)
diff -up serefpolicy-3.10.0/policy/modules/services/mock.te.ptrace serefpolicy-3.10.0/policy/modules/services/mock.te
---- serefpolicy-3.10.0/policy/modules/services/mock.te.ptrace 2011-10-11 16:42:15.805761670 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/mock.te 2011-10-11 16:42:16.158761571 -0400
+--- serefpolicy-3.10.0/policy/modules/services/mock.te.ptrace 2011-10-14 09:46:28.771529451 -0400
++++ serefpolicy-3.10.0/policy/modules/services/mock.te 2011-10-14 09:46:29.182521578 -0400
@@ -41,7 +41,7 @@ files_config_file(mock_etc_t)
# mock local policy
#
@@ -2099,8 +2097,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mock.te.ptrace serefpolicy-3
allow mock_build_t self:process { fork setsched setpgid signal_perms };
allow mock_build_t self:netlink_audit_socket { create_socket_perms nlmsg_relay };
diff -up serefpolicy-3.10.0/policy/modules/services/mojomojo.if.ptrace serefpolicy-3.10.0/policy/modules/services/mojomojo.if
---- serefpolicy-3.10.0/policy/modules/services/mojomojo.if.ptrace 2011-10-11 16:42:15.806761670 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/mojomojo.if 2011-10-11 16:42:16.159761570 -0400
+--- serefpolicy-3.10.0/policy/modules/services/mojomojo.if.ptrace 2011-10-14 09:46:28.772529431 -0400
++++ serefpolicy-3.10.0/policy/modules/services/mojomojo.if 2011-10-14 09:46:29.182521578 -0400
@@ -24,8 +24,11 @@ interface(`mojomojo_admin',`
type httpd_mojomojo_script_exec_t;
')
@@ -2116,7 +2114,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mojomojo.if.ptrace serefpoli
admin_pattern($1, httpd_mojomojo_tmp_t)
diff -up serefpolicy-3.10.0/policy/modules/services/mpd.if.ptrace serefpolicy-3.10.0/policy/modules/services/mpd.if
--- serefpolicy-3.10.0/policy/modules/services/mpd.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/mpd.if 2011-10-11 16:42:16.159761570 -0400
++++ serefpolicy-3.10.0/policy/modules/services/mpd.if 2011-10-14 09:46:29.183521559 -0400
@@ -244,8 +244,11 @@ interface(`mpd_admin',`
type mpd_tmpfs_t;
')
@@ -2131,8 +2129,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mpd.if.ptrace serefpolicy-3.
mpd_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/munin.if.ptrace serefpolicy-3.10.0/policy/modules/services/munin.if
---- serefpolicy-3.10.0/policy/modules/services/munin.if.ptrace 2011-10-11 16:42:15.811761668 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/munin.if 2011-10-11 16:42:16.160761569 -0400
+--- serefpolicy-3.10.0/policy/modules/services/munin.if.ptrace 2011-10-14 09:46:28.779529297 -0400
++++ serefpolicy-3.10.0/policy/modules/services/munin.if 2011-10-14 09:46:29.184521540 -0400
@@ -183,8 +183,11 @@ interface(`munin_admin',`
type httpd_munin_content_t, munin_initrc_exec_t;
')
@@ -2147,8 +2145,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/munin.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, munin_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/mysql.if.ptrace serefpolicy-3.10.0/policy/modules/services/mysql.if
---- serefpolicy-3.10.0/policy/modules/services/mysql.if.ptrace 2011-10-11 16:42:15.812761668 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/mysql.if 2011-10-11 16:42:16.160761569 -0400
+--- serefpolicy-3.10.0/policy/modules/services/mysql.if.ptrace 2011-10-14 09:46:28.780529278 -0400
++++ serefpolicy-3.10.0/policy/modules/services/mysql.if 2011-10-14 09:46:29.185521521 -0400
@@ -389,8 +389,11 @@ interface(`mysql_admin',`
type mysqld_etc_t;
')
@@ -2163,8 +2161,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mysql.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, mysqld_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/mysql.te.ptrace serefpolicy-3.10.0/policy/modules/services/mysql.te
---- serefpolicy-3.10.0/policy/modules/services/mysql.te.ptrace 2011-10-11 16:42:15.813761668 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/mysql.te 2011-10-11 16:42:16.161761569 -0400
+--- serefpolicy-3.10.0/policy/modules/services/mysql.te.ptrace 2011-10-14 09:46:28.781529259 -0400
++++ serefpolicy-3.10.0/policy/modules/services/mysql.te 2011-10-14 09:46:29.186521502 -0400
@@ -158,7 +158,6 @@ optional_policy(`
#
@@ -2174,8 +2172,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/mysql.te.ptrace serefpolicy-
allow mysqld_safe_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/nagios.if.ptrace serefpolicy-3.10.0/policy/modules/services/nagios.if
---- serefpolicy-3.10.0/policy/modules/services/nagios.if.ptrace 2011-10-11 16:42:15.814761668 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/nagios.if 2011-10-11 16:42:16.162761569 -0400
+--- serefpolicy-3.10.0/policy/modules/services/nagios.if.ptrace 2011-10-14 09:46:28.782529240 -0400
++++ serefpolicy-3.10.0/policy/modules/services/nagios.if 2011-10-14 09:46:29.186521502 -0400
@@ -225,8 +225,11 @@ interface(`nagios_admin',`
type nagios_etc_t, nrpe_etc_t, nagios_spool_t;
')
@@ -2190,8 +2188,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nagios.if.ptrace serefpolicy
init_labeled_script_domtrans($1, nagios_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/networkmanager.te.ptrace serefpolicy-3.10.0/policy/modules/services/networkmanager.te
---- serefpolicy-3.10.0/policy/modules/services/networkmanager.te.ptrace 2011-10-11 16:42:15.817761668 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/networkmanager.te 2011-10-11 16:42:16.162761569 -0400
+--- serefpolicy-3.10.0/policy/modules/services/networkmanager.te.ptrace 2011-10-14 09:46:28.786529162 -0400
++++ serefpolicy-3.10.0/policy/modules/services/networkmanager.te 2011-10-14 09:46:29.187521483 -0400
@@ -44,13 +44,17 @@ init_system_domain(wpa_cli_t, wpa_cli_ex
# networkmanager will ptrace itself if gdb is installed
@@ -2214,8 +2212,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/networkmanager.te.ptrace ser
allow NetworkManager_t self:unix_dgram_socket { sendto create_socket_perms };
allow NetworkManager_t self:unix_stream_socket create_stream_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/nis.if.ptrace serefpolicy-3.10.0/policy/modules/services/nis.if
---- serefpolicy-3.10.0/policy/modules/services/nis.if.ptrace 2011-10-11 16:42:15.818761667 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/nis.if 2011-10-11 16:42:16.163761569 -0400
+--- serefpolicy-3.10.0/policy/modules/services/nis.if.ptrace 2011-10-14 09:46:28.787529143 -0400
++++ serefpolicy-3.10.0/policy/modules/services/nis.if 2011-10-14 09:46:29.188521464 -0400
@@ -390,16 +390,22 @@ interface(`nis_admin',`
type ypbind_initrc_exec_t, nis_initrc_exec_t, ypxfr_t;
')
@@ -2244,8 +2242,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nis.if.ptrace serefpolicy-3.
nis_initrc_domtrans($1)
diff -up serefpolicy-3.10.0/policy/modules/services/nscd.if.ptrace serefpolicy-3.10.0/policy/modules/services/nscd.if
---- serefpolicy-3.10.0/policy/modules/services/nscd.if.ptrace 2011-10-11 16:42:15.819761666 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/nscd.if 2011-10-11 16:42:16.164761569 -0400
+--- serefpolicy-3.10.0/policy/modules/services/nscd.if.ptrace 2011-10-14 09:46:28.788529124 -0400
++++ serefpolicy-3.10.0/policy/modules/services/nscd.if 2011-10-14 09:46:29.189521445 -0400
@@ -321,8 +321,11 @@ interface(`nscd_admin',`
type nscd_initrc_exec_t;
')
@@ -2260,8 +2258,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nscd.if.ptrace serefpolicy-3
init_labeled_script_domtrans($1, nscd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/nscd.te.ptrace serefpolicy-3.10.0/policy/modules/services/nscd.te
---- serefpolicy-3.10.0/policy/modules/services/nscd.te.ptrace 2011-10-11 16:42:15.820761665 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/nscd.te 2011-10-11 16:42:16.164761569 -0400
+--- serefpolicy-3.10.0/policy/modules/services/nscd.te.ptrace 2011-10-14 09:46:28.789529105 -0400
++++ serefpolicy-3.10.0/policy/modules/services/nscd.te 2011-10-14 09:46:29.190521426 -0400
@@ -40,7 +40,7 @@ logging_log_file(nscd_log_t)
# Local policy
#
@@ -2272,8 +2270,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nscd.te.ptrace serefpolicy-3
allow nscd_t self:process { getattr getcap setcap setsched signal_perms };
allow nscd_t self:fifo_file read_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/nslcd.if.ptrace serefpolicy-3.10.0/policy/modules/services/nslcd.if
---- serefpolicy-3.10.0/policy/modules/services/nslcd.if.ptrace 2011-10-11 16:42:15.820761665 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/nslcd.if 2011-10-11 16:42:16.165761569 -0400
+--- serefpolicy-3.10.0/policy/modules/services/nslcd.if.ptrace 2011-10-14 09:46:28.790529086 -0400
++++ serefpolicy-3.10.0/policy/modules/services/nslcd.if 2011-10-14 09:46:29.190521426 -0400
@@ -98,7 +98,10 @@ interface(`nslcd_admin',`
')
@@ -2287,8 +2285,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/nslcd.if.ptrace serefpolicy-
# Allow nslcd_t to restart the apache service
nslcd_initrc_domtrans($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ntp.if.ptrace serefpolicy-3.10.0/policy/modules/services/ntp.if
---- serefpolicy-3.10.0/policy/modules/services/ntp.if.ptrace 2011-10-11 16:42:15.822761665 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ntp.if 2011-10-11 16:42:16.165761569 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ntp.if.ptrace 2011-10-14 09:46:28.792529048 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ntp.if 2011-10-14 09:46:29.191521406 -0400
@@ -204,8 +204,11 @@ interface(`ntp_admin',`
type ntpd_key_t, ntpd_var_run_t, ntpd_initrc_exec_t;
')
@@ -2303,8 +2301,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ntp.if.ptrace serefpolicy-3.
init_labeled_script_domtrans($1, ntpd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/oident.if.ptrace serefpolicy-3.10.0/policy/modules/services/oident.if
---- serefpolicy-3.10.0/policy/modules/services/oident.if.ptrace 2011-10-11 16:42:15.827761663 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/oident.if 2011-10-11 16:42:16.166761568 -0400
+--- serefpolicy-3.10.0/policy/modules/services/oident.if.ptrace 2011-10-14 09:46:28.797528951 -0400
++++ serefpolicy-3.10.0/policy/modules/services/oident.if 2011-10-14 09:46:29.192521387 -0400
@@ -89,8 +89,11 @@ interface(`oident_admin',`
type oidentd_t, oidentd_initrc_exec_t, oidentd_config_t;
')
@@ -2320,7 +2318,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/oident.if.ptrace serefpolicy
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/openvpn.if.ptrace serefpolicy-3.10.0/policy/modules/services/openvpn.if
--- serefpolicy-3.10.0/policy/modules/services/openvpn.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/openvpn.if 2011-10-11 16:42:16.167761567 -0400
++++ serefpolicy-3.10.0/policy/modules/services/openvpn.if 2011-10-14 09:46:29.192521387 -0400
@@ -144,8 +144,11 @@ interface(`openvpn_admin',`
type openvpn_var_run_t, openvpn_initrc_exec_t;
')
@@ -2335,8 +2333,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/openvpn.if.ptrace serefpolic
init_labeled_script_domtrans($1, openvpn_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/pads.if.ptrace serefpolicy-3.10.0/policy/modules/services/pads.if
---- serefpolicy-3.10.0/policy/modules/services/pads.if.ptrace 2011-10-11 16:42:15.830761663 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/pads.if 2011-10-11 16:42:16.167761567 -0400
+--- serefpolicy-3.10.0/policy/modules/services/pads.if.ptrace 2011-10-14 09:46:28.801528875 -0400
++++ serefpolicy-3.10.0/policy/modules/services/pads.if 2011-10-14 09:46:29.193521367 -0400
@@ -31,8 +31,11 @@ interface(`pads_admin',`
type pads_var_run_t;
')
@@ -2351,8 +2349,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/pads.if.ptrace serefpolicy-3
init_labeled_script_domtrans($1, pads_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/pingd.if.ptrace serefpolicy-3.10.0/policy/modules/services/pingd.if
---- serefpolicy-3.10.0/policy/modules/services/pingd.if.ptrace 2011-10-11 16:42:15.833761662 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/pingd.if 2011-10-11 16:42:16.168761567 -0400
+--- serefpolicy-3.10.0/policy/modules/services/pingd.if.ptrace 2011-10-14 09:46:28.805528799 -0400
++++ serefpolicy-3.10.0/policy/modules/services/pingd.if 2011-10-14 09:46:29.194521347 -0400
@@ -80,8 +80,11 @@ interface(`pingd_admin',`
type pingd_initrc_exec_t;
')
@@ -2367,8 +2365,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/pingd.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, pingd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/piranha.te.ptrace serefpolicy-3.10.0/policy/modules/services/piranha.te
---- serefpolicy-3.10.0/policy/modules/services/piranha.te.ptrace 2011-10-11 16:42:15.835761661 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/piranha.te 2011-10-11 16:42:16.168761567 -0400
+--- serefpolicy-3.10.0/policy/modules/services/piranha.te.ptrace 2011-10-14 09:46:28.807528760 -0400
++++ serefpolicy-3.10.0/policy/modules/services/piranha.te 2011-10-14 09:46:29.195521328 -0400
@@ -65,7 +65,11 @@ init_domtrans_script(piranha_fos_t)
#
@@ -2383,8 +2381,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/piranha.te.ptrace serefpolic
allow piranha_web_t self:netlink_route_socket r_netlink_socket_perms;
allow piranha_web_t self:sem create_sem_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/plymouthd.if.ptrace serefpolicy-3.10.0/policy/modules/services/plymouthd.if
---- serefpolicy-3.10.0/policy/modules/services/plymouthd.if.ptrace 2011-10-11 16:42:15.836761661 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/plymouthd.if 2011-10-11 16:42:16.169761567 -0400
+--- serefpolicy-3.10.0/policy/modules/services/plymouthd.if.ptrace 2011-10-14 09:46:28.808528740 -0400
++++ serefpolicy-3.10.0/policy/modules/services/plymouthd.if 2011-10-14 09:46:29.196521310 -0400
@@ -291,8 +291,11 @@ interface(`plymouthd_admin',`
type plymouthd_var_run_t;
')
@@ -2399,8 +2397,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/plymouthd.if.ptrace serefpol
files_list_var_lib($1)
admin_pattern($1, plymouthd_spool_t)
diff -up serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace serefpolicy-3.10.0/policy/modules/services/policykit.te
---- serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace 2011-10-11 16:42:15.838761661 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/policykit.te 2011-10-11 16:42:16.170761567 -0400
+--- serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace 2011-10-14 09:46:28.811528683 -0400
++++ serefpolicy-3.10.0/policy/modules/services/policykit.te 2011-10-14 09:46:29.197521291 -0400
@@ -38,7 +38,7 @@ files_pid_file(policykit_var_run_t)
# policykit local policy
#
@@ -2420,8 +2418,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/policykit.te.ptrace serefpol
allow policykit_resolve_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/polipo.if.ptrace serefpolicy-3.10.0/policy/modules/services/polipo.if
---- serefpolicy-3.10.0/policy/modules/services/polipo.if.ptrace 2011-10-11 16:42:15.839761661 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/polipo.if 2011-10-11 16:42:16.171761567 -0400
+--- serefpolicy-3.10.0/policy/modules/services/polipo.if.ptrace 2011-10-14 09:46:28.812528664 -0400
++++ serefpolicy-3.10.0/policy/modules/services/polipo.if 2011-10-14 09:46:29.197521291 -0400
@@ -32,8 +32,11 @@ template(`polipo_role',`
# Policy
#
@@ -2450,7 +2448,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/polipo.if.ptrace serefpolicy
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/portreserve.if.ptrace serefpolicy-3.10.0/policy/modules/services/portreserve.if
--- serefpolicy-3.10.0/policy/modules/services/portreserve.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/portreserve.if 2011-10-11 16:42:16.171761567 -0400
++++ serefpolicy-3.10.0/policy/modules/services/portreserve.if 2011-10-14 09:46:29.198521272 -0400
@@ -104,8 +104,11 @@ interface(`portreserve_admin',`
type portreserve_initrc_exec_t;
')
@@ -2465,8 +2463,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/portreserve.if.ptrace serefp
portreserve_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/postfix.if.ptrace serefpolicy-3.10.0/policy/modules/services/postfix.if
---- serefpolicy-3.10.0/policy/modules/services/postfix.if.ptrace 2011-10-11 16:42:15.843761659 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/postfix.if 2011-10-11 16:42:16.172761567 -0400
+--- serefpolicy-3.10.0/policy/modules/services/postfix.if.ptrace 2011-10-14 09:46:28.817528569 -0400
++++ serefpolicy-3.10.0/policy/modules/services/postfix.if 2011-10-14 09:46:29.199521253 -0400
@@ -729,25 +729,36 @@ interface(`postfix_admin',`
type postfix_smtpd_t, postfix_var_run_t;
')
@@ -2512,8 +2510,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/postfix.if.ptrace serefpolic
postfix_run_map($1, $2)
diff -up serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if.ptrace serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if
---- serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if.ptrace 2011-10-11 16:42:15.844761659 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if 2011-10-11 16:42:16.172761567 -0400
+--- serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if.ptrace 2011-10-14 09:46:28.818528550 -0400
++++ serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if 2011-10-14 09:46:29.200521234 -0400
@@ -23,8 +23,11 @@ interface(`postfixpolicyd_admin',`
type postfix_policyd_var_run_t, postfix_policyd_initrc_exec_t;
')
@@ -2528,8 +2526,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/postfixpolicyd.if.ptrace ser
init_labeled_script_domtrans($1, postfix_policyd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/postgresql.if.ptrace serefpolicy-3.10.0/policy/modules/services/postgresql.if
---- serefpolicy-3.10.0/policy/modules/services/postgresql.if.ptrace 2011-10-11 16:42:15.846761659 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/postgresql.if 2011-10-11 16:42:16.173761566 -0400
+--- serefpolicy-3.10.0/policy/modules/services/postgresql.if.ptrace 2011-10-14 09:46:28.820528510 -0400
++++ serefpolicy-3.10.0/policy/modules/services/postgresql.if 2011-10-14 09:46:29.200521234 -0400
@@ -541,8 +541,11 @@ interface(`postgresql_admin',`
typeattribute $1 sepgsql_admin_type;
@@ -2544,8 +2542,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/postgresql.if.ptrace serefpo
init_labeled_script_domtrans($1, postgresql_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/postgrey.if.ptrace serefpolicy-3.10.0/policy/modules/services/postgrey.if
---- serefpolicy-3.10.0/policy/modules/services/postgrey.if.ptrace 2011-10-11 16:42:15.848761657 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/postgrey.if 2011-10-11 16:42:16.174761565 -0400
+--- serefpolicy-3.10.0/policy/modules/services/postgrey.if.ptrace 2011-10-14 09:46:28.823528453 -0400
++++ serefpolicy-3.10.0/policy/modules/services/postgrey.if 2011-10-14 09:46:29.202521196 -0400
@@ -62,8 +62,11 @@ interface(`postgrey_admin',`
type postgrey_var_lib_t, postgrey_var_run_t;
')
@@ -2560,8 +2558,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/postgrey.if.ptrace serefpoli
init_labeled_script_domtrans($1, postgrey_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ppp.if.ptrace serefpolicy-3.10.0/policy/modules/services/ppp.if
---- serefpolicy-3.10.0/policy/modules/services/ppp.if.ptrace 2011-10-11 16:42:15.849761657 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ppp.if 2011-10-11 16:42:16.174761565 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ppp.if.ptrace 2011-10-14 09:46:28.825528415 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ppp.if 2011-10-14 09:46:29.202521196 -0400
@@ -386,10 +386,14 @@ interface(`ppp_admin',`
type pppd_initrc_exec_t, pppd_etc_rw_t;
')
@@ -2580,8 +2578,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ppp.if.ptrace serefpolicy-3.
ppp_initrc_domtrans($1)
diff -up serefpolicy-3.10.0/policy/modules/services/prelude.if.ptrace serefpolicy-3.10.0/policy/modules/services/prelude.if
---- serefpolicy-3.10.0/policy/modules/services/prelude.if.ptrace 2011-10-11 16:42:15.850761657 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/prelude.if 2011-10-11 16:42:16.175761565 -0400
+--- serefpolicy-3.10.0/policy/modules/services/prelude.if.ptrace 2011-10-14 09:46:28.826528396 -0400
++++ serefpolicy-3.10.0/policy/modules/services/prelude.if 2011-10-14 09:46:29.203521177 -0400
@@ -118,13 +118,18 @@ interface(`prelude_admin',`
type prelude_lml_t;
')
@@ -2606,7 +2604,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/prelude.if.ptrace serefpolic
init_labeled_script_domtrans($1, prelude_initrc_exec_t)
diff -up serefpolicy-3.10.0/policy/modules/services/privoxy.if.ptrace serefpolicy-3.10.0/policy/modules/services/privoxy.if
--- serefpolicy-3.10.0/policy/modules/services/privoxy.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/privoxy.if 2011-10-11 16:42:16.175761565 -0400
++++ serefpolicy-3.10.0/policy/modules/services/privoxy.if 2011-10-14 09:46:29.204521158 -0400
@@ -23,8 +23,11 @@ interface(`privoxy_admin',`
type privoxy_etc_rw_t, privoxy_var_run_t;
')
@@ -2621,8 +2619,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/privoxy.if.ptrace serefpolic
init_labeled_script_domtrans($1, privoxy_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/psad.if.ptrace serefpolicy-3.10.0/policy/modules/services/psad.if
---- serefpolicy-3.10.0/policy/modules/services/psad.if.ptrace 2011-10-11 16:42:15.853761657 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/psad.if 2011-10-11 16:42:16.176761565 -0400
+--- serefpolicy-3.10.0/policy/modules/services/psad.if.ptrace 2011-10-14 09:46:28.830528320 -0400
++++ serefpolicy-3.10.0/policy/modules/services/psad.if 2011-10-14 09:46:29.204521158 -0400
@@ -295,8 +295,11 @@ interface(`psad_admin',`
type psad_tmp_t;
')
@@ -2637,8 +2635,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/psad.if.ptrace serefpolicy-3
init_labeled_script_domtrans($1, psad_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/puppet.te.ptrace serefpolicy-3.10.0/policy/modules/services/puppet.te
---- serefpolicy-3.10.0/policy/modules/services/puppet.te.ptrace 2011-10-11 16:42:15.856761655 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/puppet.te 2011-10-11 16:42:16.177761565 -0400
+--- serefpolicy-3.10.0/policy/modules/services/puppet.te.ptrace 2011-10-14 09:46:28.833528261 -0400
++++ serefpolicy-3.10.0/policy/modules/services/puppet.te 2011-10-14 09:46:29.205521138 -0400
@@ -62,7 +62,7 @@ files_tmp_file(puppetmaster_tmp_t)
# Puppet personal policy
#
@@ -2649,8 +2647,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/puppet.te.ptrace serefpolicy
allow puppet_t self:fifo_file rw_fifo_file_perms;
allow puppet_t self:netlink_route_socket create_netlink_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/pyzor.if.ptrace serefpolicy-3.10.0/policy/modules/services/pyzor.if
---- serefpolicy-3.10.0/policy/modules/services/pyzor.if.ptrace 2011-10-11 16:42:15.857761655 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/pyzor.if 2011-10-11 16:42:16.178761565 -0400
+--- serefpolicy-3.10.0/policy/modules/services/pyzor.if.ptrace 2011-10-14 09:46:28.834528242 -0400
++++ serefpolicy-3.10.0/policy/modules/services/pyzor.if 2011-10-14 09:46:29.206521119 -0400
@@ -29,7 +29,10 @@ interface(`pyzor_role',`
# allow ps to show pyzor and allow the user to kill it
@@ -2677,8 +2675,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/pyzor.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, pyzord_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/qpid.if.ptrace serefpolicy-3.10.0/policy/modules/services/qpid.if
---- serefpolicy-3.10.0/policy/modules/services/qpid.if.ptrace 2011-10-11 16:42:15.860761655 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/qpid.if 2011-10-11 16:42:16.178761565 -0400
+--- serefpolicy-3.10.0/policy/modules/services/qpid.if.ptrace 2011-10-14 09:46:28.839528147 -0400
++++ serefpolicy-3.10.0/policy/modules/services/qpid.if 2011-10-14 09:46:29.207521099 -0400
@@ -177,8 +177,11 @@ interface(`qpidd_admin',`
type qpidd_t, qpidd_initrc_exec_t;
')
@@ -2694,7 +2692,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/qpid.if.ptrace serefpolicy-3
qpidd_initrc_domtrans($1)
diff -up serefpolicy-3.10.0/policy/modules/services/radius.if.ptrace serefpolicy-3.10.0/policy/modules/services/radius.if
--- serefpolicy-3.10.0/policy/modules/services/radius.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/radius.if 2011-10-11 16:42:16.179761565 -0400
++++ serefpolicy-3.10.0/policy/modules/services/radius.if 2011-10-14 09:46:29.207521099 -0400
@@ -38,8 +38,11 @@ interface(`radius_admin',`
type radiusd_initrc_exec_t;
')
@@ -2709,8 +2707,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/radius.if.ptrace serefpolicy
init_labeled_script_domtrans($1, radiusd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/radvd.if.ptrace serefpolicy-3.10.0/policy/modules/services/radvd.if
---- serefpolicy-3.10.0/policy/modules/services/radvd.if.ptrace 2011-10-11 16:42:15.862761655 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/radvd.if 2011-10-11 16:42:16.179761565 -0400
+--- serefpolicy-3.10.0/policy/modules/services/radvd.if.ptrace 2011-10-14 09:46:28.840528128 -0400
++++ serefpolicy-3.10.0/policy/modules/services/radvd.if 2011-10-14 09:46:29.208521079 -0400
@@ -23,8 +23,11 @@ interface(`radvd_admin',`
type radvd_var_run_t;
')
@@ -2725,8 +2723,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/radvd.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, radvd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/razor.if.ptrace serefpolicy-3.10.0/policy/modules/services/razor.if
---- serefpolicy-3.10.0/policy/modules/services/razor.if.ptrace 2011-10-11 16:42:15.863761655 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/razor.if 2011-10-11 16:42:16.180761564 -0400
+--- serefpolicy-3.10.0/policy/modules/services/razor.if.ptrace 2011-10-14 09:46:28.842528089 -0400
++++ serefpolicy-3.10.0/policy/modules/services/razor.if 2011-10-14 09:46:29.209521060 -0400
@@ -132,7 +132,10 @@ interface(`razor_role',`
# allow ps to show razor and allow the user to kill it
@@ -2740,8 +2738,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/razor.if.ptrace serefpolicy-
manage_dirs_pattern($2, razor_home_t, razor_home_t)
manage_files_pattern($2, razor_home_t, razor_home_t)
diff -up serefpolicy-3.10.0/policy/modules/services/rgmanager.if.ptrace serefpolicy-3.10.0/policy/modules/services/rgmanager.if
---- serefpolicy-3.10.0/policy/modules/services/rgmanager.if.ptrace 2011-10-11 16:42:15.866761652 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/rgmanager.if 2011-10-11 16:42:16.181761563 -0400
+--- serefpolicy-3.10.0/policy/modules/services/rgmanager.if.ptrace 2011-10-14 09:46:28.845528031 -0400
++++ serefpolicy-3.10.0/policy/modules/services/rgmanager.if 2011-10-14 09:46:29.210521041 -0400
@@ -117,8 +117,11 @@ interface(`rgmanager_admin',`
type rgmanager_tmpfs_t, rgmanager_var_log_t, rgmanager_var_run_t;
')
@@ -2756,8 +2754,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rgmanager.if.ptrace serefpol
init_labeled_script_domtrans($1, rgmanager_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/rgmanager.te.ptrace serefpolicy-3.10.0/policy/modules/services/rgmanager.te
---- serefpolicy-3.10.0/policy/modules/services/rgmanager.te.ptrace 2011-10-11 16:42:15.866761652 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/rgmanager.te 2011-10-11 16:42:16.181761563 -0400
+--- serefpolicy-3.10.0/policy/modules/services/rgmanager.te.ptrace 2011-10-14 09:46:28.847527993 -0400
++++ serefpolicy-3.10.0/policy/modules/services/rgmanager.te 2011-10-14 09:46:29.211521022 -0400
@@ -37,7 +37,6 @@ files_pid_file(rgmanager_var_run_t)
#
@@ -2767,8 +2765,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rgmanager.te.ptrace serefpol
dontaudit rgmanager_t self:process ptrace;
diff -up serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if.ptrace serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if
---- serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if.ptrace 2011-10-11 16:42:15.871761652 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if 2011-10-11 16:42:16.182761563 -0400
+--- serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if.ptrace 2011-10-14 09:46:28.852527898 -0400
++++ serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if 2011-10-14 09:46:29.212521003 -0400
@@ -284,8 +284,11 @@ interface(`rhsmcertd_admin',`
type rhsmcertd_var_run_t;
')
@@ -2783,8 +2781,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rhsmcertd.if.ptrace serefpol
rhsmcertd_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ricci.if.ptrace serefpolicy-3.10.0/policy/modules/services/ricci.if
---- serefpolicy-3.10.0/policy/modules/services/ricci.if.ptrace 2011-10-11 16:42:15.873761650 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ricci.if 2011-10-11 16:42:16.182761563 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ricci.if.ptrace 2011-10-14 09:46:28.854527859 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ricci.if 2011-10-14 09:46:29.213520984 -0400
@@ -245,8 +245,11 @@ interface(`ricci_admin',`
type ricci_var_lib_t, ricci_var_log_t, ricci_var_run_t;
')
@@ -2800,7 +2798,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ricci.if.ptrace serefpolicy-
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/roundup.if.ptrace serefpolicy-3.10.0/policy/modules/services/roundup.if
--- serefpolicy-3.10.0/policy/modules/services/roundup.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/roundup.if 2011-10-11 16:42:16.183761563 -0400
++++ serefpolicy-3.10.0/policy/modules/services/roundup.if 2011-10-14 09:46:29.213520984 -0400
@@ -23,8 +23,11 @@ interface(`roundup_admin',`
type roundup_initrc_exec_t;
')
@@ -2815,8 +2813,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/roundup.if.ptrace serefpolic
init_labeled_script_domtrans($1, roundup_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/rpcbind.if.ptrace serefpolicy-3.10.0/policy/modules/services/rpcbind.if
---- serefpolicy-3.10.0/policy/modules/services/rpcbind.if.ptrace 2011-10-11 16:42:15.878761650 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/rpcbind.if 2011-10-11 16:42:16.184761563 -0400
+--- serefpolicy-3.10.0/policy/modules/services/rpcbind.if.ptrace 2011-10-14 09:46:28.860527744 -0400
++++ serefpolicy-3.10.0/policy/modules/services/rpcbind.if 2011-10-14 09:46:29.214520965 -0400
@@ -155,8 +155,11 @@ interface(`rpcbind_admin',`
type rpcbind_initrc_exec_t;
')
@@ -2831,8 +2829,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rpcbind.if.ptrace serefpolic
init_labeled_script_domtrans($1, rpcbind_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/rtkit.te.ptrace serefpolicy-3.10.0/policy/modules/services/rtkit.te
---- serefpolicy-3.10.0/policy/modules/services/rtkit.te.ptrace 2011-10-11 16:42:15.881761648 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/rtkit.te 2011-10-11 16:42:16.184761563 -0400
+--- serefpolicy-3.10.0/policy/modules/services/rtkit.te.ptrace 2011-10-14 09:46:28.864527668 -0400
++++ serefpolicy-3.10.0/policy/modules/services/rtkit.te 2011-10-14 09:46:29.215520946 -0400
@@ -15,7 +15,7 @@ init_system_domain(rtkit_daemon_t, rtkit
# rtkit_daemon local policy
#
@@ -2843,8 +2841,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rtkit.te.ptrace serefpolicy-
kernel_read_system_state(rtkit_daemon_t)
diff -up serefpolicy-3.10.0/policy/modules/services/rwho.if.ptrace serefpolicy-3.10.0/policy/modules/services/rwho.if
---- serefpolicy-3.10.0/policy/modules/services/rwho.if.ptrace 2011-10-11 16:42:15.881761648 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/rwho.if 2011-10-11 16:42:16.185761563 -0400
+--- serefpolicy-3.10.0/policy/modules/services/rwho.if.ptrace 2011-10-14 09:46:28.864527668 -0400
++++ serefpolicy-3.10.0/policy/modules/services/rwho.if 2011-10-14 09:46:29.216520927 -0400
@@ -138,8 +138,11 @@ interface(`rwho_admin',`
type rwho_initrc_exec_t;
')
@@ -2859,8 +2857,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/rwho.if.ptrace serefpolicy-3
init_labeled_script_domtrans($1, rwho_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/samba.if.ptrace serefpolicy-3.10.0/policy/modules/services/samba.if
---- serefpolicy-3.10.0/policy/modules/services/samba.if.ptrace 2011-10-11 16:42:15.883761648 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/samba.if 2011-10-11 16:42:16.186761563 -0400
+--- serefpolicy-3.10.0/policy/modules/services/samba.if.ptrace 2011-10-14 09:46:28.866527629 -0400
++++ serefpolicy-3.10.0/policy/modules/services/samba.if 2011-10-14 09:46:29.216520927 -0400
@@ -784,13 +784,18 @@ interface(`samba_admin',`
type winbind_var_run_t, winbind_tmp_t, samba_unconfined_script_t;
')
@@ -2885,7 +2883,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/samba.if.ptrace serefpolicy-
samba_run_smbcontrol($1, $2, $3)
diff -up serefpolicy-3.10.0/policy/modules/services/samhain.if.ptrace serefpolicy-3.10.0/policy/modules/services/samhain.if
--- serefpolicy-3.10.0/policy/modules/services/samhain.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/samhain.if 2011-10-11 16:42:16.187761563 -0400
++++ serefpolicy-3.10.0/policy/modules/services/samhain.if 2011-10-14 09:46:29.218520889 -0400
@@ -271,10 +271,14 @@ interface(`samhain_admin',`
type samhain_initrc_exec_t, samhain_log_t, samhain_var_run_t;
')
@@ -2904,8 +2902,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/samhain.if.ptrace serefpolic
files_list_var_lib($1)
diff -up serefpolicy-3.10.0/policy/modules/services/sanlock.if.ptrace serefpolicy-3.10.0/policy/modules/services/sanlock.if
---- serefpolicy-3.10.0/policy/modules/services/sanlock.if.ptrace 2011-10-11 16:42:15.885761648 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/sanlock.if 2011-10-11 16:42:16.187761563 -0400
+--- serefpolicy-3.10.0/policy/modules/services/sanlock.if.ptrace 2011-10-14 09:46:28.870527552 -0400
++++ serefpolicy-3.10.0/policy/modules/services/sanlock.if 2011-10-14 09:46:29.218520889 -0400
@@ -99,8 +99,11 @@ interface(`sanlock_admin',`
type sanlock_initrc_exec_t;
')
@@ -2920,8 +2918,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sanlock.if.ptrace serefpolic
sanlock_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/sasl.if.ptrace serefpolicy-3.10.0/policy/modules/services/sasl.if
---- serefpolicy-3.10.0/policy/modules/services/sasl.if.ptrace 2011-10-11 16:42:15.886761647 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/sasl.if 2011-10-11 16:42:16.188761563 -0400
+--- serefpolicy-3.10.0/policy/modules/services/sasl.if.ptrace 2011-10-14 09:46:28.871527533 -0400
++++ serefpolicy-3.10.0/policy/modules/services/sasl.if 2011-10-14 09:46:29.219520870 -0400
@@ -42,8 +42,11 @@ interface(`sasl_admin',`
type saslauthd_initrc_exec_t;
')
@@ -2936,8 +2934,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sasl.if.ptrace serefpolicy-3
init_labeled_script_domtrans($1, saslauthd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/sblim.if.ptrace serefpolicy-3.10.0/policy/modules/services/sblim.if
---- serefpolicy-3.10.0/policy/modules/services/sblim.if.ptrace 2011-10-11 16:42:15.888761646 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/sblim.if 2011-10-11 16:42:16.188761563 -0400
+--- serefpolicy-3.10.0/policy/modules/services/sblim.if.ptrace 2011-10-14 09:46:28.873527495 -0400
++++ serefpolicy-3.10.0/policy/modules/services/sblim.if 2011-10-14 09:46:29.220520851 -0400
@@ -65,11 +65,15 @@ interface(`sblim_admin',`
type sblim_var_run_t;
')
@@ -2958,8 +2956,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sblim.if.ptrace serefpolicy-
files_search_pids($1)
admin_pattern($1, sblim_var_run_t)
diff -up serefpolicy-3.10.0/policy/modules/services/sblim.te.ptrace serefpolicy-3.10.0/policy/modules/services/sblim.te
---- serefpolicy-3.10.0/policy/modules/services/sblim.te.ptrace 2011-10-11 16:42:15.888761646 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/sblim.te 2011-10-11 16:42:16.189761562 -0400
+--- serefpolicy-3.10.0/policy/modules/services/sblim.te.ptrace 2011-10-14 09:46:28.873527495 -0400
++++ serefpolicy-3.10.0/policy/modules/services/sblim.te 2011-10-14 09:46:29.221520832 -0400
@@ -24,7 +24,7 @@ files_pid_file(sblim_var_run_t)
#
@@ -2970,8 +2968,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sblim.te.ptrace serefpolicy-
allow sblim_gatherd_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/sendmail.if.ptrace serefpolicy-3.10.0/policy/modules/services/sendmail.if
---- serefpolicy-3.10.0/policy/modules/services/sendmail.if.ptrace 2011-10-11 16:42:15.889761646 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/sendmail.if 2011-10-11 16:42:16.189761562 -0400
+--- serefpolicy-3.10.0/policy/modules/services/sendmail.if.ptrace 2011-10-14 09:46:28.874527476 -0400
++++ serefpolicy-3.10.0/policy/modules/services/sendmail.if 2011-10-14 09:46:29.221520832 -0400
@@ -334,10 +334,14 @@ interface(`sendmail_admin',`
type mail_spool_t;
')
@@ -2990,8 +2988,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sendmail.if.ptrace serefpoli
sendmail_initrc_domtrans($1)
diff -up serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if.ptrace serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if
---- serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if.ptrace 2011-10-11 16:42:15.890761646 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if 2011-10-11 16:42:16.190761562 -0400
+--- serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if.ptrace 2011-10-14 09:46:28.875527457 -0400
++++ serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if 2011-10-14 09:46:29.222520812 -0400
@@ -140,8 +140,11 @@ interface(`setroubleshoot_admin',`
type setroubleshoot_var_lib_t;
')
@@ -3006,8 +3004,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/setroubleshoot.if.ptrace ser
logging_list_logs($1)
admin_pattern($1, setroubleshoot_var_log_t)
diff -up serefpolicy-3.10.0/policy/modules/services/smartmon.if.ptrace serefpolicy-3.10.0/policy/modules/services/smartmon.if
---- serefpolicy-3.10.0/policy/modules/services/smartmon.if.ptrace 2011-10-11 16:42:15.892761646 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/smartmon.if 2011-10-11 16:42:16.190761562 -0400
+--- serefpolicy-3.10.0/policy/modules/services/smartmon.if.ptrace 2011-10-14 09:46:28.877527419 -0400
++++ serefpolicy-3.10.0/policy/modules/services/smartmon.if 2011-10-14 09:46:29.223520792 -0400
@@ -42,8 +42,11 @@ interface(`smartmon_admin',`
type fsdaemon_initrc_exec_t;
')
@@ -3023,7 +3021,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/smartmon.if.ptrace serefpoli
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/smokeping.if.ptrace serefpolicy-3.10.0/policy/modules/services/smokeping.if
--- serefpolicy-3.10.0/policy/modules/services/smokeping.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/smokeping.if 2011-10-11 16:42:16.191761561 -0400
++++ serefpolicy-3.10.0/policy/modules/services/smokeping.if 2011-10-14 09:46:29.224520773 -0400
@@ -153,8 +153,11 @@ interface(`smokeping_admin',`
type smokeping_t, smokeping_initrc_exec_t;
')
@@ -3038,8 +3036,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/smokeping.if.ptrace serefpol
smokeping_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/snmp.if.ptrace serefpolicy-3.10.0/policy/modules/services/snmp.if
---- serefpolicy-3.10.0/policy/modules/services/snmp.if.ptrace 2011-10-11 16:42:15.893761645 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/snmp.if 2011-10-11 16:42:16.192761560 -0400
+--- serefpolicy-3.10.0/policy/modules/services/snmp.if.ptrace 2011-10-14 09:46:28.880527360 -0400
++++ serefpolicy-3.10.0/policy/modules/services/snmp.if 2011-10-14 09:46:29.225520754 -0400
@@ -168,8 +168,11 @@ interface(`snmp_admin',`
type snmpd_var_lib_t, snmpd_var_run_t;
')
@@ -3054,8 +3052,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/snmp.if.ptrace serefpolicy-3
init_labeled_script_domtrans($1, snmpd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/snmp.te.ptrace serefpolicy-3.10.0/policy/modules/services/snmp.te
---- serefpolicy-3.10.0/policy/modules/services/snmp.te.ptrace 2011-10-11 16:42:15.894761644 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/snmp.te 2011-10-11 16:42:16.192761560 -0400
+--- serefpolicy-3.10.0/policy/modules/services/snmp.te.ptrace 2011-10-14 09:46:28.880527360 -0400
++++ serefpolicy-3.10.0/policy/modules/services/snmp.te 2011-10-14 09:46:29.225520754 -0400
@@ -26,7 +26,8 @@ files_type(snmpd_var_lib_t)
# Local policy
#
@@ -3067,8 +3065,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/snmp.te.ptrace serefpolicy-3
allow snmpd_t self:process { signal_perms getsched setsched };
allow snmpd_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/services/snort.if.ptrace serefpolicy-3.10.0/policy/modules/services/snort.if
---- serefpolicy-3.10.0/policy/modules/services/snort.if.ptrace 2011-10-11 16:42:15.894761644 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/snort.if 2011-10-11 16:42:16.193761560 -0400
+--- serefpolicy-3.10.0/policy/modules/services/snort.if.ptrace 2011-10-14 09:46:28.881527341 -0400
++++ serefpolicy-3.10.0/policy/modules/services/snort.if 2011-10-14 09:46:29.226520735 -0400
@@ -41,8 +41,11 @@ interface(`snort_admin',`
type snort_etc_t, snort_initrc_exec_t;
')
@@ -3083,8 +3081,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/snort.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, snort_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/soundserver.if.ptrace serefpolicy-3.10.0/policy/modules/services/soundserver.if
---- serefpolicy-3.10.0/policy/modules/services/soundserver.if.ptrace 2011-10-11 16:42:15.896761644 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/soundserver.if 2011-10-11 16:42:16.194761560 -0400
+--- serefpolicy-3.10.0/policy/modules/services/soundserver.if.ptrace 2011-10-14 09:46:28.882527322 -0400
++++ serefpolicy-3.10.0/policy/modules/services/soundserver.if 2011-10-14 09:46:29.227520716 -0400
@@ -37,8 +37,11 @@ interface(`soundserver_admin',`
type soundd_tmp_t, soundd_var_run_t;
')
@@ -3099,8 +3097,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/soundserver.if.ptrace serefp
init_labeled_script_domtrans($1, soundd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/spamassassin.if.ptrace serefpolicy-3.10.0/policy/modules/services/spamassassin.if
---- serefpolicy-3.10.0/policy/modules/services/spamassassin.if.ptrace 2011-10-11 16:42:15.897761644 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/spamassassin.if 2011-10-11 16:42:16.194761560 -0400
+--- serefpolicy-3.10.0/policy/modules/services/spamassassin.if.ptrace 2011-10-14 09:46:28.883527303 -0400
++++ serefpolicy-3.10.0/policy/modules/services/spamassassin.if 2011-10-14 09:46:29.228520697 -0400
@@ -27,12 +27,12 @@ interface(`spamassassin_role',`
domtrans_pattern($2, spamassassin_exec_t, spamassassin_t)
@@ -3130,8 +3128,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/spamassassin.if.ptrace seref
init_labeled_script_domtrans($1, spamd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/squid.if.ptrace serefpolicy-3.10.0/policy/modules/services/squid.if
---- serefpolicy-3.10.0/policy/modules/services/squid.if.ptrace 2011-10-11 16:42:15.899761644 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/squid.if 2011-10-11 16:42:16.195761560 -0400
+--- serefpolicy-3.10.0/policy/modules/services/squid.if.ptrace 2011-10-14 09:46:28.885527265 -0400
++++ serefpolicy-3.10.0/policy/modules/services/squid.if 2011-10-14 09:46:29.228520697 -0400
@@ -209,8 +209,11 @@ interface(`squid_admin',`
type squid_log_t, squid_var_run_t, squid_initrc_exec_t;
')
@@ -3146,8 +3144,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/squid.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, squid_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ssh.if.ptrace serefpolicy-3.10.0/policy/modules/services/ssh.if
---- serefpolicy-3.10.0/policy/modules/services/ssh.if.ptrace 2011-10-11 16:42:16.055761600 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ssh.if 2011-10-11 16:42:16.196761560 -0400
+--- serefpolicy-3.10.0/policy/modules/services/ssh.if.ptrace 2011-10-14 09:46:29.066523798 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ssh.if 2011-10-14 09:46:29.229520678 -0400
@@ -367,7 +367,7 @@ template(`ssh_role_template',`
# allow ps to show ssh
@@ -3167,8 +3165,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ssh.if.ptrace serefpolicy-3.
# allow ps to show ssh
ps_process_pattern($3, $1_ssh_agent_t)
diff -up serefpolicy-3.10.0/policy/modules/services/sssd.if.ptrace serefpolicy-3.10.0/policy/modules/services/sssd.if
---- serefpolicy-3.10.0/policy/modules/services/sssd.if.ptrace 2011-10-11 16:42:15.902761644 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/sssd.if 2011-10-11 16:42:16.196761560 -0400
+--- serefpolicy-3.10.0/policy/modules/services/sssd.if.ptrace 2011-10-14 09:46:28.890527168 -0400
++++ serefpolicy-3.10.0/policy/modules/services/sssd.if 2011-10-14 09:46:29.230520659 -0400
@@ -232,8 +232,11 @@ interface(`sssd_admin',`
type sssd_t, sssd_public_t, sssd_initrc_exec_t;
')
@@ -3183,8 +3181,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/sssd.if.ptrace serefpolicy-3
# Allow sssd_t to restart the apache service
sssd_initrc_domtrans($1)
diff -up serefpolicy-3.10.0/policy/modules/services/tcsd.if.ptrace serefpolicy-3.10.0/policy/modules/services/tcsd.if
---- serefpolicy-3.10.0/policy/modules/services/tcsd.if.ptrace 2011-10-11 16:42:15.905761641 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/tcsd.if 2011-10-11 16:42:16.197761560 -0400
+--- serefpolicy-3.10.0/policy/modules/services/tcsd.if.ptrace 2011-10-14 09:46:28.895527073 -0400
++++ serefpolicy-3.10.0/policy/modules/services/tcsd.if 2011-10-14 09:46:29.231520640 -0400
@@ -137,8 +137,11 @@ interface(`tcsd_admin',`
type tcsd_var_lib_t;
')
@@ -3199,8 +3197,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/tcsd.if.ptrace serefpolicy-3
tcsd_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/tftp.if.ptrace serefpolicy-3.10.0/policy/modules/services/tftp.if
---- serefpolicy-3.10.0/policy/modules/services/tftp.if.ptrace 2011-10-11 16:42:15.907761641 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/tftp.if 2011-10-11 16:42:16.197761560 -0400
+--- serefpolicy-3.10.0/policy/modules/services/tftp.if.ptrace 2011-10-14 09:46:28.897527035 -0400
++++ serefpolicy-3.10.0/policy/modules/services/tftp.if 2011-10-14 09:46:29.231520640 -0400
@@ -109,8 +109,11 @@ interface(`tftp_admin',`
type tftpd_t, tftpdir_t, tftpdir_rw_t, tftpd_var_run_t;
')
@@ -3215,8 +3213,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/tftp.if.ptrace serefpolicy-3
files_list_var_lib($1)
admin_pattern($1, tftpdir_rw_t)
diff -up serefpolicy-3.10.0/policy/modules/services/tor.if.ptrace serefpolicy-3.10.0/policy/modules/services/tor.if
---- serefpolicy-3.10.0/policy/modules/services/tor.if.ptrace 2011-10-11 16:42:15.909761641 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/tor.if 2011-10-11 16:42:16.198761559 -0400
+--- serefpolicy-3.10.0/policy/modules/services/tor.if.ptrace 2011-10-14 09:46:28.899526997 -0400
++++ serefpolicy-3.10.0/policy/modules/services/tor.if 2011-10-14 09:46:29.232520621 -0400
@@ -42,8 +42,11 @@ interface(`tor_admin',`
type tor_initrc_exec_t;
')
@@ -3231,8 +3229,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/tor.if.ptrace serefpolicy-3.
init_labeled_script_domtrans($1, tor_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/tuned.if.ptrace serefpolicy-3.10.0/policy/modules/services/tuned.if
---- serefpolicy-3.10.0/policy/modules/services/tuned.if.ptrace 2011-10-11 16:42:15.910761641 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/tuned.if 2011-10-11 16:42:16.198761559 -0400
+--- serefpolicy-3.10.0/policy/modules/services/tuned.if.ptrace 2011-10-14 09:46:28.900526978 -0400
++++ serefpolicy-3.10.0/policy/modules/services/tuned.if 2011-10-14 09:46:29.233520602 -0400
@@ -115,8 +115,11 @@ interface(`tuned_admin',`
type tuned_t, tuned_var_run_t, tuned_initrc_exec_t;
')
@@ -3248,7 +3246,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/tuned.if.ptrace serefpolicy-
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/ulogd.if.ptrace serefpolicy-3.10.0/policy/modules/services/ulogd.if
--- serefpolicy-3.10.0/policy/modules/services/ulogd.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/ulogd.if 2011-10-11 16:42:16.199761558 -0400
++++ serefpolicy-3.10.0/policy/modules/services/ulogd.if 2011-10-14 09:46:29.234520583 -0400
@@ -123,8 +123,11 @@ interface(`ulogd_admin',`
type ulogd_var_log_t, ulogd_initrc_exec_t;
')
@@ -3264,7 +3262,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/ulogd.if.ptrace serefpolicy-
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/uucp.if.ptrace serefpolicy-3.10.0/policy/modules/services/uucp.if
--- serefpolicy-3.10.0/policy/modules/services/uucp.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/uucp.if 2011-10-11 16:42:16.200761558 -0400
++++ serefpolicy-3.10.0/policy/modules/services/uucp.if 2011-10-14 09:46:29.234520583 -0400
@@ -99,8 +99,11 @@ interface(`uucp_admin',`
type uucpd_var_run_t;
')
@@ -3279,8 +3277,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/uucp.if.ptrace serefpolicy-3
logging_list_logs($1)
admin_pattern($1, uucpd_log_t)
diff -up serefpolicy-3.10.0/policy/modules/services/uuidd.if.ptrace serefpolicy-3.10.0/policy/modules/services/uuidd.if
---- serefpolicy-3.10.0/policy/modules/services/uuidd.if.ptrace 2011-10-11 16:42:15.915761639 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/uuidd.if 2011-10-11 16:42:16.200761558 -0400
+--- serefpolicy-3.10.0/policy/modules/services/uuidd.if.ptrace 2011-10-14 09:46:28.906526862 -0400
++++ serefpolicy-3.10.0/policy/modules/services/uuidd.if 2011-10-14 09:46:29.235520564 -0400
@@ -177,8 +177,11 @@ interface(`uuidd_admin',`
type uuidd_var_run_t;
')
@@ -3296,7 +3294,7 @@ diff -up serefpolicy-3.10.0/policy/modules/services/uuidd.if.ptrace serefpolicy-
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/varnishd.if.ptrace serefpolicy-3.10.0/policy/modules/services/varnishd.if
--- serefpolicy-3.10.0/policy/modules/services/varnishd.if.ptrace 2011-06-27 14:18:04.000000000 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/varnishd.if 2011-10-11 16:42:16.201761558 -0400
++++ serefpolicy-3.10.0/policy/modules/services/varnishd.if 2011-10-14 09:46:29.236520544 -0400
@@ -155,8 +155,11 @@ interface(`varnishd_admin_varnishlog',`
type varnishlog_var_run_t;
')
@@ -3324,8 +3322,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/varnishd.if.ptrace serefpoli
init_labeled_script_domtrans($1, varnishd_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/vdagent.if.ptrace serefpolicy-3.10.0/policy/modules/services/vdagent.if
---- serefpolicy-3.10.0/policy/modules/services/vdagent.if.ptrace 2011-10-11 16:42:15.917761639 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/vdagent.if 2011-10-11 16:42:16.202761558 -0400
+--- serefpolicy-3.10.0/policy/modules/services/vdagent.if.ptrace 2011-10-14 09:46:28.908526824 -0400
++++ serefpolicy-3.10.0/policy/modules/services/vdagent.if 2011-10-14 09:46:29.236520544 -0400
@@ -118,8 +118,11 @@ interface(`vdagent_admin',`
type vdagent_var_run_t;
')
@@ -3340,8 +3338,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/vdagent.if.ptrace serefpolic
files_search_pids($1)
admin_pattern($1, vdagent_var_run_t)
diff -up serefpolicy-3.10.0/policy/modules/services/vhostmd.if.ptrace serefpolicy-3.10.0/policy/modules/services/vhostmd.if
---- serefpolicy-3.10.0/policy/modules/services/vhostmd.if.ptrace 2011-10-11 16:42:15.918761638 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/vhostmd.if 2011-10-11 16:42:16.202761558 -0400
+--- serefpolicy-3.10.0/policy/modules/services/vhostmd.if.ptrace 2011-10-14 09:46:28.909526805 -0400
++++ serefpolicy-3.10.0/policy/modules/services/vhostmd.if 2011-10-14 09:46:29.237520524 -0400
@@ -210,8 +210,11 @@ interface(`vhostmd_admin',`
type vhostmd_t, vhostmd_initrc_exec_t;
')
@@ -3356,8 +3354,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/vhostmd.if.ptrace serefpolic
vhostmd_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/virt.if.ptrace serefpolicy-3.10.0/policy/modules/services/virt.if
---- serefpolicy-3.10.0/policy/modules/services/virt.if.ptrace 2011-10-11 16:42:15.920761637 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/virt.if 2011-10-11 16:42:16.203761558 -0400
+--- serefpolicy-3.10.0/policy/modules/services/virt.if.ptrace 2011-10-14 09:46:28.911526767 -0400
++++ serefpolicy-3.10.0/policy/modules/services/virt.if 2011-10-14 09:46:29.238520505 -0400
@@ -618,10 +618,14 @@ interface(`virt_admin',`
type virt_lxc_t;
')
@@ -3385,8 +3383,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/virt.if.ptrace serefpolicy-3
########################################
diff -up serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace serefpolicy-3.10.0/policy/modules/services/virt.te
---- serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace 2011-10-11 16:42:16.006761613 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/virt.te 2011-10-11 16:42:16.204761558 -0400
+--- serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace 2011-10-14 09:46:29.010524870 -0400
++++ serefpolicy-3.10.0/policy/modules/services/virt.te 2011-10-14 09:46:29.239520486 -0400
@@ -247,7 +247,7 @@ optional_policy(`
# virtd local policy
#
@@ -3405,8 +3403,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/virt.te.ptrace serefpolicy-3
allow virtd_t svirt_lxc_domain:process { signal_perms };
allow virtd_lxc_t svirt_lxc_domain:process { getattr getsched setsched transition signal signull sigkill };
diff -up serefpolicy-3.10.0/policy/modules/services/vnstatd.if.ptrace serefpolicy-3.10.0/policy/modules/services/vnstatd.if
---- serefpolicy-3.10.0/policy/modules/services/vnstatd.if.ptrace 2011-10-11 16:42:15.922761637 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/vnstatd.if 2011-10-11 16:42:16.204761558 -0400
+--- serefpolicy-3.10.0/policy/modules/services/vnstatd.if.ptrace 2011-10-14 09:46:28.915526689 -0400
++++ serefpolicy-3.10.0/policy/modules/services/vnstatd.if 2011-10-14 09:46:29.240520467 -0400
@@ -136,8 +136,11 @@ interface(`vnstatd_admin',`
type vnstatd_t, vnstatd_var_lib_t;
')
@@ -3421,8 +3419,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/vnstatd.if.ptrace serefpolic
files_list_var_lib($1)
admin_pattern($1, vnstatd_var_lib_t)
diff -up serefpolicy-3.10.0/policy/modules/services/wdmd.if.ptrace serefpolicy-3.10.0/policy/modules/services/wdmd.if
---- serefpolicy-3.10.0/policy/modules/services/wdmd.if.ptrace 2011-10-11 16:42:15.924761637 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/wdmd.if 2011-10-11 16:42:16.205761557 -0400
+--- serefpolicy-3.10.0/policy/modules/services/wdmd.if.ptrace 2011-10-14 09:46:28.917526651 -0400
++++ serefpolicy-3.10.0/policy/modules/services/wdmd.if 2011-10-14 09:46:29.241520448 -0400
@@ -62,8 +62,11 @@ interface(`wdmd_admin',`
type wdmd_initrc_exec_t;
')
@@ -3437,8 +3435,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/wdmd.if.ptrace serefpolicy-3
wdmd_initrc_domtrans($1)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace serefpolicy-3.10.0/policy/modules/services/xserver.te
---- serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace 2011-10-11 16:42:16.063761597 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-10-11 16:42:16.206761556 -0400
+--- serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace 2011-10-14 09:46:29.069523739 -0400
++++ serefpolicy-3.10.0/policy/modules/services/xserver.te 2011-10-14 09:46:29.242520429 -0400
@@ -417,8 +417,13 @@ optional_policy(`
# XDM Local policy
#
@@ -3466,8 +3464,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.ptrace serefpolic
allow xserver_t self:process ~{ ptrace setcurrent setexec setfscreate setrlimit execmem execstack execheap };
allow xserver_t self:fd use;
diff -up serefpolicy-3.10.0/policy/modules/services/zabbix.if.ptrace serefpolicy-3.10.0/policy/modules/services/zabbix.if
---- serefpolicy-3.10.0/policy/modules/services/zabbix.if.ptrace 2011-10-11 16:42:15.929761635 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/zabbix.if 2011-10-11 16:42:16.207761556 -0400
+--- serefpolicy-3.10.0/policy/modules/services/zabbix.if.ptrace 2011-10-14 09:46:28.923526537 -0400
++++ serefpolicy-3.10.0/policy/modules/services/zabbix.if 2011-10-14 09:46:29.243520410 -0400
@@ -142,8 +142,11 @@ interface(`zabbix_admin',`
type zabbix_initrc_exec_t;
')
@@ -3482,8 +3480,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/zabbix.if.ptrace serefpolicy
init_labeled_script_domtrans($1, zabbix_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/services/zebra.if.ptrace serefpolicy-3.10.0/policy/modules/services/zebra.if
---- serefpolicy-3.10.0/policy/modules/services/zebra.if.ptrace 2011-10-11 16:42:15.931761635 -0400
-+++ serefpolicy-3.10.0/policy/modules/services/zebra.if 2011-10-11 16:42:16.207761556 -0400
+--- serefpolicy-3.10.0/policy/modules/services/zebra.if.ptrace 2011-10-14 09:46:28.926526478 -0400
++++ serefpolicy-3.10.0/policy/modules/services/zebra.if 2011-10-14 09:46:29.244520391 -0400
@@ -64,8 +64,11 @@ interface(`zebra_admin',`
type zebra_conf_t, zebra_var_run_t, zebra_initrc_exec_t;
')
@@ -3498,8 +3496,8 @@ diff -up serefpolicy-3.10.0/policy/modules/services/zebra.if.ptrace serefpolicy-
init_labeled_script_domtrans($1, zebra_initrc_exec_t)
domain_system_change_exemption($1)
diff -up serefpolicy-3.10.0/policy/modules/system/hotplug.te.ptrace serefpolicy-3.10.0/policy/modules/system/hotplug.te
---- serefpolicy-3.10.0/policy/modules/system/hotplug.te.ptrace 2011-10-11 16:42:15.941761633 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/hotplug.te 2011-10-11 16:42:16.208761556 -0400
+--- serefpolicy-3.10.0/policy/modules/system/hotplug.te.ptrace 2011-10-14 09:46:28.938526248 -0400
++++ serefpolicy-3.10.0/policy/modules/system/hotplug.te 2011-10-14 09:46:29.245520372 -0400
@@ -23,7 +23,7 @@ files_pid_file(hotplug_var_run_t)
#
@@ -3510,8 +3508,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/hotplug.te.ptrace serefpolicy-
dontaudit hotplug_t self:capability { dac_override dac_read_search };
allow hotplug_t self:process { setpgid getsession getattr signal_perms };
diff -up serefpolicy-3.10.0/policy/modules/system/init.if.ptrace serefpolicy-3.10.0/policy/modules/system/init.if
---- serefpolicy-3.10.0/policy/modules/system/init.if.ptrace 2011-10-11 16:42:15.942761632 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/init.if 2011-10-11 16:42:16.209761556 -0400
+--- serefpolicy-3.10.0/policy/modules/system/init.if.ptrace 2011-10-14 09:46:28.940526210 -0400
++++ serefpolicy-3.10.0/policy/modules/system/init.if 2011-10-14 09:46:29.246520353 -0400
@@ -1123,7 +1123,9 @@ interface(`init_ptrace',`
type init_t;
')
@@ -3524,8 +3522,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/init.if.ptrace serefpolicy-3.1
########################################
diff -up serefpolicy-3.10.0/policy/modules/system/init.te.ptrace serefpolicy-3.10.0/policy/modules/system/init.te
---- serefpolicy-3.10.0/policy/modules/system/init.te.ptrace 2011-10-11 16:42:16.031761606 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/init.te 2011-10-11 16:42:16.209761556 -0400
+--- serefpolicy-3.10.0/policy/modules/system/init.te.ptrace 2011-10-14 09:46:29.044524218 -0400
++++ serefpolicy-3.10.0/policy/modules/system/init.te 2011-10-14 09:46:29.247520334 -0400
@@ -121,7 +121,7 @@ ifdef(`enable_mls',`
#
@@ -3546,8 +3544,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/init.te.ptrace serefpolicy-3.1
allow initrc_t self:passwd rootok;
allow initrc_t self:key manage_key_perms;
diff -up serefpolicy-3.10.0/policy/modules/system/ipsec.te.ptrace serefpolicy-3.10.0/policy/modules/system/ipsec.te
---- serefpolicy-3.10.0/policy/modules/system/ipsec.te.ptrace 2011-10-11 16:42:15.946761630 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/ipsec.te 2011-10-11 16:42:16.210761556 -0400
+--- serefpolicy-3.10.0/policy/modules/system/ipsec.te.ptrace 2011-10-14 09:46:28.944526134 -0400
++++ serefpolicy-3.10.0/policy/modules/system/ipsec.te 2011-10-14 09:46:29.248520315 -0400
@@ -73,7 +73,7 @@ role system_r types setkey_t;
#
@@ -3579,8 +3577,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/ipsec.te.ptrace serefpolicy-3.
domain_dontaudit_getattr_all_pipes(ipsec_mgmt_t)
diff -up serefpolicy-3.10.0/policy/modules/system/iscsi.te.ptrace serefpolicy-3.10.0/policy/modules/system/iscsi.te
---- serefpolicy-3.10.0/policy/modules/system/iscsi.te.ptrace 2011-10-11 16:42:15.948761630 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/iscsi.te 2011-10-11 16:42:16.211761556 -0400
+--- serefpolicy-3.10.0/policy/modules/system/iscsi.te.ptrace 2011-10-14 09:46:28.946526096 -0400
++++ serefpolicy-3.10.0/policy/modules/system/iscsi.te 2011-10-14 09:46:29.249520296 -0400
@@ -31,7 +31,6 @@ files_pid_file(iscsi_var_run_t)
#
@@ -3590,9 +3588,9 @@ diff -up serefpolicy-3.10.0/policy/modules/system/iscsi.te.ptrace serefpolicy-3.
allow iscsid_t self:fifo_file rw_fifo_file_perms;
allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto };
diff -up serefpolicy-3.10.0/policy/modules/system/locallogin.te.ptrace serefpolicy-3.10.0/policy/modules/system/locallogin.te
---- serefpolicy-3.10.0/policy/modules/system/locallogin.te.ptrace 2011-10-11 16:42:15.950761629 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/locallogin.te 2011-10-11 16:42:16.211761556 -0400
-@@ -32,7 +32,7 @@ role system_r types sulogin_t;
+--- serefpolicy-3.10.0/policy/modules/system/locallogin.te.ptrace 2011-10-14 09:46:28.951525999 -0400
++++ serefpolicy-3.10.0/policy/modules/system/locallogin.te 2011-10-14 09:46:29.249520296 -0400
+@@ -35,7 +35,7 @@ role system_r types sulogin_t;
# Local login local policy
#
@@ -3602,8 +3600,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/locallogin.te.ptrace serefpoli
allow local_login_t self:fd use;
allow local_login_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/system/logging.if.ptrace serefpolicy-3.10.0/policy/modules/system/logging.if
---- serefpolicy-3.10.0/policy/modules/system/logging.if.ptrace 2011-10-11 16:42:15.952761628 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/logging.if 2011-10-11 16:42:16.212761555 -0400
+--- serefpolicy-3.10.0/policy/modules/system/logging.if.ptrace 2011-10-14 09:46:28.952525980 -0400
++++ serefpolicy-3.10.0/policy/modules/system/logging.if 2011-10-14 09:46:29.250520277 -0400
@@ -1095,9 +1095,13 @@ interface(`logging_admin_audit',`
type auditd_initrc_exec_t;
')
@@ -3637,8 +3635,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/logging.if.ptrace serefpolicy-
manage_dirs_pattern($1, klogd_var_run_t, klogd_var_run_t)
manage_files_pattern($1, klogd_var_run_t, klogd_var_run_t)
diff -up serefpolicy-3.10.0/policy/modules/system/mount.te.ptrace serefpolicy-3.10.0/policy/modules/system/mount.te
---- serefpolicy-3.10.0/policy/modules/system/mount.te.ptrace 2011-10-11 16:42:15.959761626 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/mount.te 2011-10-11 16:42:16.212761555 -0400
+--- serefpolicy-3.10.0/policy/modules/system/mount.te.ptrace 2011-10-14 09:46:28.962525788 -0400
++++ serefpolicy-3.10.0/policy/modules/system/mount.te 2011-10-14 09:46:29.251520257 -0400
@@ -48,7 +48,11 @@ role system_r types showmount_t;
# setuid/setgid needed to mount cifs
@@ -3653,8 +3651,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/mount.te.ptrace serefpolicy-3.
allow mount_t self:unix_stream_socket create_stream_socket_perms;
allow mount_t self:unix_dgram_socket create_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/system/sysnetwork.te.ptrace serefpolicy-3.10.0/policy/modules/system/sysnetwork.te
---- serefpolicy-3.10.0/policy/modules/system/sysnetwork.te.ptrace 2011-10-11 16:42:15.966761624 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/sysnetwork.te 2011-10-11 16:42:16.213761554 -0400
+--- serefpolicy-3.10.0/policy/modules/system/sysnetwork.te.ptrace 2011-10-14 09:46:28.970525636 -0400
++++ serefpolicy-3.10.0/policy/modules/system/sysnetwork.te 2011-10-14 09:46:29.252520237 -0400
@@ -51,10 +51,13 @@ files_config_file(net_conf_t)
# DHCP client local policy
#
@@ -3672,8 +3670,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/sysnetwork.te.ptrace serefpoli
allow dhcpc_t self:fifo_file rw_fifo_file_perms;
allow dhcpc_t self:tcp_socket create_stream_socket_perms;
diff -up serefpolicy-3.10.0/policy/modules/system/udev.te.ptrace serefpolicy-3.10.0/policy/modules/system/udev.te
---- serefpolicy-3.10.0/policy/modules/system/udev.te.ptrace 2011-10-11 16:42:15.970761624 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/udev.te 2011-10-11 16:42:16.214761554 -0400
+--- serefpolicy-3.10.0/policy/modules/system/udev.te.ptrace 2011-10-14 09:46:28.974525558 -0400
++++ serefpolicy-3.10.0/policy/modules/system/udev.te 2011-10-14 09:46:29.252520237 -0400
@@ -34,7 +34,7 @@ ifdef(`enable_mcs',`
# Local policy
#
@@ -3697,8 +3695,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/udev.te.ptrace serefpolicy-3.1
allow udev_t self:fd use;
allow udev_t self:fifo_file rw_fifo_file_perms;
diff -up serefpolicy-3.10.0/policy/modules/system/unconfined.if.ptrace serefpolicy-3.10.0/policy/modules/system/unconfined.if
---- serefpolicy-3.10.0/policy/modules/system/unconfined.if.ptrace 2011-10-11 16:42:15.988761619 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/unconfined.if 2011-10-11 16:42:16.214761554 -0400
+--- serefpolicy-3.10.0/policy/modules/system/unconfined.if.ptrace 2011-10-14 09:46:28.992525214 -0400
++++ serefpolicy-3.10.0/policy/modules/system/unconfined.if 2011-10-14 09:46:29.253520218 -0400
@@ -18,7 +18,12 @@ interface(`unconfined_domain_noaudit',`
')
@@ -3714,8 +3712,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/unconfined.if.ptrace serefpoli
allow $1 self:fifo_file { manage_fifo_file_perms relabelfrom relabelto };
diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace serefpolicy-3.10.0/policy/modules/system/userdomain.if
---- serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace 2011-10-11 16:42:16.065761597 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-10-11 16:42:16.216761554 -0400
+--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace 2011-10-14 09:46:29.071523701 -0400
++++ serefpolicy-3.10.0/policy/modules/system/userdomain.if 2011-10-14 09:46:29.255520180 -0400
@@ -40,7 +40,10 @@ template(`userdom_base_user_template',`
role $1_r types $1_t;
allow system_r $1_r;
@@ -3761,8 +3759,8 @@ diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.ptrace serefpoli
########################################
diff -up serefpolicy-3.10.0/policy/modules/system/xen.te.ptrace serefpolicy-3.10.0/policy/modules/system/xen.te
---- serefpolicy-3.10.0/policy/modules/system/xen.te.ptrace 2011-10-11 16:42:15.977761622 -0400
-+++ serefpolicy-3.10.0/policy/modules/system/xen.te 2011-10-11 16:42:16.217761554 -0400
+--- serefpolicy-3.10.0/policy/modules/system/xen.te.ptrace 2011-10-14 09:46:28.984525366 -0400
++++ serefpolicy-3.10.0/policy/modules/system/xen.te 2011-10-14 09:46:29.256520161 -0400
@@ -206,7 +206,6 @@ tunable_policy(`xend_run_qemu',`
#
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 6dc825a..e67752e 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
-Release: 39.3%{?dist}
+Release: 40%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -480,6 +480,17 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Fri Oct 14 2011 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-40
+- Dontaudit access checks for all executables, gnome-shell is doing access(EXEC, X_OK)
+- Make corosync to be able to relabelto cluster lib fies
+- Allow samba domains to search /var/run/nmbd
+- Allow dirsrv to use pam
+- Allow thumb to call getuid
+- chrome less likely to get mmap_zero bug so removing dontaudit
+- gimp help-browser has built in javascript
+- Best guess is that devices named /dev/bsr4096 should be labeled as cpu_device_t
+- Re-write glance policy
+
* Thu Oct 13 2011 Dan Walsh <dwalsh at redhat.com> 3.10.0-39.3
- Move dontaudit sys_ptrace line from permissive.te to domain.te
- Remove policy for hal, it no longer exists
More information about the scm-commits
mailing list