[selinux-policy/f17] * Fri May 4 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-121 - Add labeling for /usr/share/jetty/b
Miroslav Grepl
mgrepl at fedoraproject.org
Fri May 4 16:35:59 UTC 2012
commit 674b294663b302ddc56ac5bd03dd2eb6379ae010
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Fri May 4 18:35:45 2012 +0200
* Fri May 4 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-121
- Add labeling for /usr/share/jetty/bin/jetty.sh
- Add jetty policy which contains file type definitios
- Allow jockey to use its own fifo_file and make this the default for all domains
- Allow mozilla_plugins to use spice (vnc_port/couchdb)
- asterisk wants to read the network state
- Blueman now uses /var/lib/blueman- Add label for nodejs_debug
- Allow mozilla_plugin_t to create ~/.pki directory and content
policy-F16.patch | 561 ++++++++++++++++++++++++++++++++++++++++++++-------
selinux-policy.spec | 11 +-
2 files changed, 494 insertions(+), 78 deletions(-)
---
diff --git a/policy-F16.patch b/policy-F16.patch
index 05241df..abfd643 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -63217,10 +63217,10 @@ index 0000000..efebae7
+')
diff --git a/policy/modules/apps/chrome.te b/policy/modules/apps/chrome.te
new file mode 100644
-index 0000000..27363a4
+index 0000000..da7bbf7
--- /dev/null
+++ b/policy/modules/apps/chrome.te
-@@ -0,0 +1,183 @@
+@@ -0,0 +1,184 @@
+policy_module(chrome,1.0.0)
+
+########################################
@@ -63399,6 +63399,7 @@ index 0000000..27363a4
+userdom_rw_inherited_user_tmpfs_files(chrome_sandbox_nacl_t)
+userdom_execute_user_tmpfs_files(chrome_sandbox_nacl_t)
+userdom_rw_inherited_user_tmp_files(chrome_sandbox_nacl_t)
++userdom_dontaudit_read_user_home_content_files(chrome_sandbox_nacl_t)
+
+optional_policy(`
+ gnome_dontaudit_write_config_files(chrome_sandbox_nacl_t)
@@ -66216,7 +66217,7 @@ index 0000000..fb58f33
+')
diff --git a/policy/modules/apps/jockey.te b/policy/modules/apps/jockey.te
new file mode 100644
-index 0000000..1c5ae9f
+index 0000000..b60050f
--- /dev/null
+++ b/policy/modules/apps/jockey.te
@@ -0,0 +1,38 @@
@@ -66242,7 +66243,7 @@ index 0000000..1c5ae9f
+#
+# jockey local policy
+#
-+
++allow jockey_t self:fifo_file rw_fifo_file_perms;
+
+manage_dirs_pattern(jockey_t, jockey_cache_t, jockey_cache_t)
+manage_files_pattern(jockey_t, jockey_cache_t, jockey_cache_t)
@@ -66856,7 +66857,7 @@ index fbb5c5a..637eb37 100644
')
+
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
-index 2e9318b..7253482 100644
+index 2e9318b..306dcce 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -12,6 +12,13 @@ policy_module(mozilla, 2.3.3)
@@ -67045,12 +67046,14 @@ index 2e9318b..7253482 100644
corenet_tcp_connect_pulseaudio_port(mozilla_plugin_t)
corenet_tcp_connect_http_port(mozilla_plugin_t)
corenet_tcp_connect_http_cache_port(mozilla_plugin_t)
-@@ -344,9 +367,15 @@ corenet_tcp_connect_squid_port(mozilla_plugin_t)
+@@ -344,9 +367,17 @@ corenet_tcp_connect_squid_port(mozilla_plugin_t)
corenet_tcp_connect_ipp_port(mozilla_plugin_t)
corenet_tcp_connect_mmcc_port(mozilla_plugin_t)
corenet_tcp_connect_speech_port(mozilla_plugin_t)
+corenet_tcp_connect_streaming_port(mozilla_plugin_t)
+corenet_tcp_connect_ftp_port(mozilla_plugin_t)
++corenet_tcp_connect_vnc_port(mozilla_plugin_t)
++corenet_tcp_connect_couchdb_port(mozilla_plugin_t)
+corenet_tcp_connect_all_ephemeral_ports(mozilla_plugin_t)
+corenet_tcp_bind_generic_node(mozilla_plugin_t)
+corenet_udp_bind_generic_node(mozilla_plugin_t)
@@ -67061,7 +67064,7 @@ index 2e9318b..7253482 100644
dev_read_video_dev(mozilla_plugin_t)
dev_write_video_dev(mozilla_plugin_t)
dev_read_sysfs(mozilla_plugin_t)
-@@ -355,6 +384,7 @@ dev_write_sound(mozilla_plugin_t)
+@@ -355,6 +386,7 @@ dev_write_sound(mozilla_plugin_t)
# for nvidia driver
dev_rw_xserver_misc(mozilla_plugin_t)
dev_dontaudit_rw_dri(mozilla_plugin_t)
@@ -67069,7 +67072,7 @@ index 2e9318b..7253482 100644
domain_use_interactive_fds(mozilla_plugin_t)
domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
-@@ -362,6 +392,7 @@ domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
+@@ -362,6 +394,7 @@ domain_dontaudit_read_all_domains_state(mozilla_plugin_t)
files_read_config_files(mozilla_plugin_t)
files_read_usr_files(mozilla_plugin_t)
files_list_mnt(mozilla_plugin_t)
@@ -67077,7 +67080,7 @@ index 2e9318b..7253482 100644
fs_getattr_all_fs(mozilla_plugin_t)
fs_list_dos(mozilla_plugin_t)
-@@ -383,35 +414,26 @@ sysnet_dns_name_resolve(mozilla_plugin_t)
+@@ -383,35 +416,26 @@ sysnet_dns_name_resolve(mozilla_plugin_t)
term_getattr_all_ttys(mozilla_plugin_t)
term_getattr_all_ptys(mozilla_plugin_t)
@@ -67091,6 +67094,7 @@ index 2e9318b..7253482 100644
-userdom_read_user_tmp_files(mozilla_plugin_t)
+userdom_rw_inherited_user_tmp_files(mozilla_plugin_t)
+userdom_rw_inherited_user_home_sock_files(mozilla_plugin_t)
++userdom_manage_home_certs(mozilla_plugin_t)
userdom_read_user_tmp_symlinks(mozilla_plugin_t)
+userdom_stream_connect(mozilla_plugin_t)
+userdom_dontaudit_rw_user_tmp_pipes(mozilla_plugin_t)
@@ -67098,7 +67102,6 @@ index 2e9318b..7253482 100644
userdom_read_user_home_content_files(mozilla_plugin_t)
userdom_read_user_home_content_symlinks(mozilla_plugin_t)
+userdom_read_home_certs(mozilla_plugin_t)
-+userdom_dontaudit_write_home_certs(mozilla_plugin_t)
+userdom_read_home_audio_files(mozilla_plugin_t)
-tunable_policy(`allow_execmem',`
@@ -67124,7 +67127,7 @@ index 2e9318b..7253482 100644
optional_policy(`
alsa_read_rw_config(mozilla_plugin_t)
-@@ -421,11 +443,19 @@ optional_policy(`
+@@ -421,11 +445,19 @@ optional_policy(`
optional_policy(`
dbus_system_bus_client(mozilla_plugin_t)
dbus_session_bus_client(mozilla_plugin_t)
@@ -67144,7 +67147,7 @@ index 2e9318b..7253482 100644
')
optional_policy(`
-@@ -438,18 +468,103 @@ optional_policy(`
+@@ -438,18 +470,103 @@ optional_policy(`
')
optional_policy(`
@@ -73546,7 +73549,7 @@ index 4f3b542..0ebac89 100644
+ dev_filetrans($1, ppp_device_t, chr_file, "ppp")
+')
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
-index 99b71cb..c3154ee 100644
+index 99b71cb..60d4823 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -11,11 +11,15 @@ attribute netif_type;
@@ -73728,12 +73731,13 @@ index 99b71cb..c3154ee 100644
network_port(mpd, tcp,6600,s0)
network_port(msnp, tcp,1863,s0, udp,1863,s0)
network_port(mssql, tcp,1433-1434,s0, udp,1433-1434,s0)
-@@ -152,21 +211,32 @@ network_port(mysqlmanagerd, tcp,2273,s0)
+@@ -152,21 +211,33 @@ network_port(mysqlmanagerd, tcp,2273,s0)
network_port(nessus, tcp,1241,s0)
network_port(netport, tcp,3129,s0, udp,3129,s0)
network_port(netsupport, tcp,5404,s0, udp,5404,s0, tcp,5405,s0, udp,5405,s0)
+network_port(nfs, tcp,2049,s0, udp,2049,s0, tcp,20048-20049,s0, udp,20048-20049,s0)
network_port(nmbd, udp,137,s0, udp,138,s0)
++network_port(nodejs_debug, tcp,5858,s0, udp,5858,s0)
network_port(ntop, tcp,3000-3001,s0, udp,3000-3001,s0)
network_port(ntp, udp,123,s0)
-network_port(oracledb, tcp, 1521,s0,udp, 1521,s0, tcp,2483,s0,udp,2483,s0, tcp,2484,s0, udp,2484,s0)
@@ -73762,7 +73766,7 @@ index 99b71cb..c3154ee 100644
network_port(prelude, tcp,4690,s0, udp,4690,s0)
network_port(presence, tcp,5298-5299,s0, udp,5298-5299,s0)
network_port(printer, tcp,515,s0)
-@@ -175,38 +245,46 @@ network_port(pulseaudio, tcp,4713,s0)
+@@ -175,38 +246,46 @@ network_port(pulseaudio, tcp,4713,s0)
network_port(puppet, tcp, 8140, s0)
network_port(pxe, udp,4011,s0)
network_port(pyzor, udp,24441,s0)
@@ -73815,7 +73819,7 @@ index 99b71cb..c3154ee 100644
network_port(traceroute, udp,64000-64010,s0)
network_port(transproxy, tcp,8081,s0)
network_port(ups, tcp,3493,s0)
-@@ -215,9 +293,12 @@ network_port(uucpd, tcp,540,s0)
+@@ -215,9 +294,12 @@ network_port(uucpd, tcp,540,s0)
network_port(varnishd, tcp,6081-6082,s0)
network_port(virt, tcp,16509,s0, udp,16509,s0, tcp,16514,s0, udp,16514,s0)
network_port(virt_migration, tcp,49152-49216,s0)
@@ -73829,7 +73833,7 @@ index 99b71cb..c3154ee 100644
network_port(xdmcp, udp,177,s0, tcp,177,s0)
network_port(xen, tcp,8002,s0)
network_port(xfs, tcp,7100,s0)
-@@ -229,6 +310,7 @@ network_port(zookeeper_client, tcp,2181,s0)
+@@ -229,6 +311,7 @@ network_port(zookeeper_client, tcp,2181,s0)
network_port(zookeeper_election, tcp,3888,s0)
network_port(zookeeper_leader, tcp,2888,s0)
network_port(zebra, tcp,2600-2604,s0, tcp,2606,s0, udp,2600-2604,s0, udp,2606,s0)
@@ -73837,7 +73841,7 @@ index 99b71cb..c3154ee 100644
network_port(zope, tcp,8021,s0)
# Defaults for reserved ports. Earlier portcon entries take precedence;
-@@ -238,6 +320,12 @@ portcon tcp 512-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
+@@ -238,6 +321,12 @@ portcon tcp 512-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
portcon udp 512-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
portcon tcp 1-511 gen_context(system_u:object_r:reserved_port_t, s0)
portcon udp 1-511 gen_context(system_u:object_r:reserved_port_t, s0)
@@ -73850,7 +73854,7 @@ index 99b71cb..c3154ee 100644
########################################
#
-@@ -282,9 +370,10 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
+@@ -282,9 +371,10 @@ typealias netif_t alias { lo_netif_t netif_lo_t };
allow corenet_unconfined_type node_type:node *;
allow corenet_unconfined_type netif_type:netif *;
allow corenet_unconfined_type packet_type:packet *;
@@ -75776,7 +75780,7 @@ index 6a1e4d1..ffaa90a 100644
+ dontaudit $1 domain:socket_class_set { read write };
')
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
-index fae1ab1..ee2a798 100644
+index fae1ab1..3bb079e 100644
--- a/policy/modules/kernel/domain.te
+++ b/policy/modules/kernel/domain.te
@@ -4,6 +4,21 @@ policy_module(domain, 1.9.1)
@@ -75801,9 +75805,12 @@ index fae1ab1..ee2a798 100644
## <desc>
## <p>
-@@ -87,22 +102,36 @@ allow domain self:dir list_dir_perms;
+@@ -86,23 +101,39 @@ neverallow ~{ domain unlabeled_t } *:process *;
+ allow domain self:dir list_dir_perms;
allow domain self:lnk_file { read_lnk_file_perms lock ioctl };
allow domain self:file rw_file_perms;
++allow domain self:fifo_file rw_fifo_file_perms;
++
kernel_read_proc_symlinks(domain)
+kernel_read_crypto_sysctls(domain)
+
@@ -75839,7 +75846,7 @@ index fae1ab1..ee2a798 100644
tunable_policy(`global_ssp',`
# enable reading of urandom for all domains:
-@@ -113,8 +142,13 @@ tunable_policy(`global_ssp',`
+@@ -113,8 +144,13 @@ tunable_policy(`global_ssp',`
')
optional_policy(`
@@ -75853,7 +75860,7 @@ index fae1ab1..ee2a798 100644
')
optional_policy(`
-@@ -125,6 +159,8 @@ optional_policy(`
+@@ -125,6 +161,8 @@ optional_policy(`
optional_policy(`
xserver_dontaudit_use_xdm_fds(domain)
xserver_dontaudit_rw_xdm_pipes(domain)
@@ -75862,7 +75869,7 @@ index fae1ab1..ee2a798 100644
')
########################################
-@@ -143,8 +179,13 @@ allow unconfined_domain_type domain:{ socket_class_set socket key_socket } *;
+@@ -143,8 +181,13 @@ allow unconfined_domain_type domain:{ socket_class_set socket key_socket } *;
allow unconfined_domain_type domain:fd use;
allow unconfined_domain_type domain:fifo_file rw_file_perms;
@@ -75877,7 +75884,7 @@ index fae1ab1..ee2a798 100644
# Create/access any System V IPC objects.
allow unconfined_domain_type domain:{ sem msgq shm } *;
-@@ -158,5 +199,261 @@ allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
+@@ -158,5 +201,261 @@ allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
# act on all domains keys
allow unconfined_domain_type domain:key *;
@@ -84920,10 +84927,10 @@ index deca9d3..ac92fce 100644
')
diff --git a/policy/modules/services/apache.fc b/policy/modules/services/apache.fc
-index 9e39aa5..8ec7232 100644
+index 9e39aa5..3a7cf29 100644
--- a/policy/modules/services/apache.fc
+++ b/policy/modules/services/apache.fc
-@@ -1,21 +1,33 @@
+@@ -1,39 +1,55 @@
HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
+HOME_DIR/((www)|(web)|(public_html))/cgi-bin(/.+)? gen_context(system_u:object_r:httpd_user_script_exec_t,s0)
+HOME_DIR/((www)|(web)|(public_html))(/.*)?/\.htaccess -- gen_context(system_u:object_r:httpd_user_htaccess_t,s0)
@@ -84958,8 +84965,11 @@ index 9e39aa5..8ec7232 100644
/srv/([^/]*/)?www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/srv/gallery2(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
-@@ -24,16 +36,18 @@ HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_u
+ /usr/bin/htsslpass -- gen_context(system_u:object_r:httpd_helper_exec_t,s0)
+ /usr/bin/mongrel_rails -- gen_context(system_u:object_r:httpd_exec_t,s0)
++/usr/bin/jetty -- gen_context(system_u:object_r:httpd_exec_t,s0)
++
/usr/lib/apache-ssl/.+ -- gen_context(system_u:object_r:httpd_exec_t,s0)
/usr/lib/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
-/usr/lib/dirsrv/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
@@ -84984,7 +84994,7 @@ index 9e39aa5..8ec7232 100644
/usr/sbin/httpd(\.worker)? -- gen_context(system_u:object_r:httpd_exec_t,s0)
/usr/sbin/lighttpd -- gen_context(system_u:object_r:httpd_exec_t,s0)
/usr/sbin/rotatelogs -- gen_context(system_u:object_r:httpd_rotatelogs_exec_t,s0)
-@@ -43,8 +57,9 @@ ifdef(`distro_suse', `
+@@ -43,8 +59,9 @@ ifdef(`distro_suse', `
/usr/sbin/httpd2-.* -- gen_context(system_u:object_r:httpd_exec_t,s0)
')
@@ -84996,7 +85006,7 @@ index 9e39aa5..8ec7232 100644
/usr/share/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/icecast(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/mythweb(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
-@@ -54,11 +69,15 @@ ifdef(`distro_suse', `
+@@ -54,9 +71,12 @@ ifdef(`distro_suse', `
/usr/share/ntop/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/openca/htdocs(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/selinux-policy[^/]*/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -85008,11 +85018,8 @@ index 9e39aa5..8ec7232 100644
+/usr/share/wordpress/wp-includes/.*\.php -- gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
/var/cache/httpd(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
-+/var/cache/jetty(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
/var/cache/lighttpd(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
- /var/cache/mason(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
- /var/cache/mediawiki(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
-@@ -73,28 +92,41 @@ ifdef(`distro_suse', `
+@@ -73,25 +93,35 @@ ifdef(`distro_suse', `
/var/cache/ssl.*\.sem -- gen_context(system_u:object_r:httpd_cache_t,s0)
/var/lib/cacti/rra(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -85023,7 +85030,6 @@ index 9e39aa5..8ec7232 100644
+/var/lib/drupal.* gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
/var/lib/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/var/lib/httpd(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
-+/var/lib/jetty(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0)
/var/lib/php/session(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/lib/squirrelmail/prefs(/.*)? gen_context(system_u:object_r:httpd_squirrelmail_t,s0)
+/var/lib/svn(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
@@ -85038,7 +85044,6 @@ index 9e39aa5..8ec7232 100644
-/var/log/piranha(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
+/var/log/cherokee(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
+/var/log/httpd(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
-+/var/log/jetty(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
+/var/log/lighttpd(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
+/var/log/php-fpm(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
+/var/log/roundcubemail(/.*)? gen_context(system_u:object_r:httpd_log_t,s0)
@@ -85054,11 +85059,7 @@ index 9e39aa5..8ec7232 100644
/var/run/apache.* gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/gcache_port -s gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/httpd.* gen_context(system_u:object_r:httpd_var_run_t,s0)
-+/var/run/jetty(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
- /var/run/lighttpd(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
- /var/run/mod_.* gen_context(system_u:object_r:httpd_var_run_t,s0)
- /var/run/wsgi.* -s gen_context(system_u:object_r:httpd_var_run_t,s0)
-@@ -104,8 +136,29 @@ ifdef(`distro_debian', `
+@@ -104,8 +134,29 @@ ifdef(`distro_debian', `
/var/spool/viewvc(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t, s0)
/var/www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -85835,7 +85836,7 @@ index 6480167..d0bf548 100644
+ filetrans_pattern($1, { httpd_user_content_t httpd_user_script_exec_t }, httpd_user_htaccess_t, file, ".htaccess")
')
diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te
-index 3136c6a..d4ba46f 100644
+index 3136c6a..e83fcc4 100644
--- a/policy/modules/services/apache.te
+++ b/policy/modules/services/apache.te
@@ -18,136 +18,268 @@ policy_module(apache, 2.2.1)
@@ -86587,7 +86588,7 @@ index 3136c6a..d4ba46f 100644
dbus_system_bus_client(httpd_t)
tunable_policy(`httpd_dbus_avahi',`
-@@ -537,8 +846,13 @@ optional_policy(`
+@@ -537,12 +846,21 @@ optional_policy(`
')
optional_policy(`
@@ -86602,7 +86603,15 @@ index 3136c6a..d4ba46f 100644
')
')
-@@ -556,7 +870,21 @@ optional_policy(`
+ optional_policy(`
++ jetty_admin(httpd_t)
++')
++
++optional_policy(`
+ kerberos_keytab_template(httpd, httpd_t)
+ ')
+
+@@ -556,7 +874,21 @@ optional_policy(`
')
optional_policy(`
@@ -86624,7 +86633,7 @@ index 3136c6a..d4ba46f 100644
mysql_stream_connect(httpd_t)
mysql_rw_db_sockets(httpd_t)
-@@ -567,6 +895,7 @@ optional_policy(`
+@@ -567,6 +899,7 @@ optional_policy(`
optional_policy(`
nagios_read_config(httpd_t)
@@ -86632,7 +86641,7 @@ index 3136c6a..d4ba46f 100644
')
optional_policy(`
-@@ -577,6 +906,29 @@ optional_policy(`
+@@ -577,6 +910,29 @@ optional_policy(`
')
optional_policy(`
@@ -86662,7 +86671,7 @@ index 3136c6a..d4ba46f 100644
# Allow httpd to work with postgresql
postgresql_stream_connect(httpd_t)
postgresql_unpriv_client(httpd_t)
-@@ -591,6 +943,11 @@ optional_policy(`
+@@ -591,6 +947,11 @@ optional_policy(`
')
optional_policy(`
@@ -86674,7 +86683,7 @@ index 3136c6a..d4ba46f 100644
snmp_dontaudit_read_snmp_var_lib_files(httpd_t)
snmp_dontaudit_write_snmp_var_lib_files(httpd_t)
')
-@@ -603,6 +960,12 @@ optional_policy(`
+@@ -603,6 +964,12 @@ optional_policy(`
yam_read_content(httpd_t)
')
@@ -86687,7 +86696,7 @@ index 3136c6a..d4ba46f 100644
########################################
#
# Apache helper local policy
-@@ -616,7 +979,11 @@ allow httpd_helper_t httpd_log_t:file append_file_perms;
+@@ -616,7 +983,11 @@ allow httpd_helper_t httpd_log_t:file append_file_perms;
logging_send_syslog_msg(httpd_helper_t)
@@ -86700,7 +86709,7 @@ index 3136c6a..d4ba46f 100644
########################################
#
-@@ -654,28 +1021,30 @@ libs_exec_lib_files(httpd_php_t)
+@@ -654,28 +1025,30 @@ libs_exec_lib_files(httpd_php_t)
userdom_use_unpriv_users_fds(httpd_php_t)
tunable_policy(`httpd_can_network_connect_db',`
@@ -86744,7 +86753,7 @@ index 3136c6a..d4ba46f 100644
')
########################################
-@@ -685,6 +1054,8 @@ optional_policy(`
+@@ -685,6 +1058,8 @@ optional_policy(`
allow httpd_suexec_t self:capability { setuid setgid };
allow httpd_suexec_t self:process signal_perms;
@@ -86753,7 +86762,7 @@ index 3136c6a..d4ba46f 100644
allow httpd_suexec_t self:unix_stream_socket create_stream_socket_perms;
domtrans_pattern(httpd_t, httpd_suexec_exec_t, httpd_suexec_t)
-@@ -699,17 +1070,22 @@ manage_dirs_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
+@@ -699,17 +1074,22 @@ manage_dirs_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
manage_files_pattern(httpd_suexec_t, httpd_suexec_tmp_t, httpd_suexec_tmp_t)
files_tmp_filetrans(httpd_suexec_t, httpd_suexec_tmp_t, { file dir })
@@ -86779,7 +86788,7 @@ index 3136c6a..d4ba46f 100644
files_read_etc_files(httpd_suexec_t)
files_read_usr_files(httpd_suexec_t)
-@@ -740,13 +1116,31 @@ tunable_policy(`httpd_can_network_connect',`
+@@ -740,13 +1120,31 @@ tunable_policy(`httpd_can_network_connect',`
corenet_sendrecv_all_client_packets(httpd_suexec_t)
')
@@ -86812,7 +86821,7 @@ index 3136c6a..d4ba46f 100644
fs_read_nfs_files(httpd_suexec_t)
fs_read_nfs_symlinks(httpd_suexec_t)
fs_exec_nfs_files(httpd_suexec_t)
-@@ -769,6 +1163,25 @@ optional_policy(`
+@@ -769,6 +1167,25 @@ optional_policy(`
dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
')
@@ -86838,7 +86847,7 @@ index 3136c6a..d4ba46f 100644
########################################
#
# Apache system script local policy
-@@ -789,12 +1202,17 @@ read_lnk_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_sp
+@@ -789,12 +1206,17 @@ read_lnk_files_pattern(httpd_sys_script_t, squirrelmail_spool_t, squirrelmail_sp
kernel_read_kernel_sysctls(httpd_sys_script_t)
@@ -86856,7 +86865,7 @@ index 3136c6a..d4ba46f 100644
ifdef(`distro_redhat',`
allow httpd_sys_script_t httpd_log_t:file append_file_perms;
')
-@@ -803,18 +1221,50 @@ tunable_policy(`httpd_can_sendmail',`
+@@ -803,18 +1225,50 @@ tunable_policy(`httpd_can_sendmail',`
mta_send_mail(httpd_sys_script_t)
')
@@ -86913,7 +86922,7 @@ index 3136c6a..d4ba46f 100644
corenet_tcp_sendrecv_all_ports(httpd_sys_script_t)
corenet_udp_sendrecv_all_ports(httpd_sys_script_t)
corenet_tcp_connect_all_ports(httpd_sys_script_t)
-@@ -822,14 +1272,39 @@ tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
+@@ -822,14 +1276,39 @@ tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
')
tunable_policy(`httpd_enable_homedirs',`
@@ -86954,7 +86963,7 @@ index 3136c6a..d4ba46f 100644
tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_read_cifs_files(httpd_sys_script_t)
fs_read_cifs_symlinks(httpd_sys_script_t)
-@@ -842,10 +1317,20 @@ optional_policy(`
+@@ -842,10 +1321,20 @@ optional_policy(`
optional_policy(`
mysql_stream_connect(httpd_sys_script_t)
mysql_rw_db_sockets(httpd_sys_script_t)
@@ -86975,7 +86984,7 @@ index 3136c6a..d4ba46f 100644
')
########################################
-@@ -891,11 +1376,142 @@ optional_policy(`
+@@ -891,11 +1380,142 @@ optional_policy(`
tunable_policy(`httpd_enable_cgi && httpd_unified',`
allow httpd_user_script_t httpdcontent:file entrypoint;
@@ -86999,7 +87008,7 @@ index 3136c6a..d4ba46f 100644
+ userdom_read_user_home_content_files(httpd_t)
+ userdom_read_user_home_content_files(httpd_suexec_t)
+ userdom_read_user_home_content_files(httpd_user_script_t)
-+')
+ ')
+
+########################################
+#
@@ -87098,7 +87107,7 @@ index 3136c6a..d4ba46f 100644
+
+optional_policy(`
+ nscd_socket_use(httpd_script_type)
- ')
++')
+
+read_files_pattern(httpd_t, httpd_content_type, httpd_content_type)
+
@@ -87594,7 +87603,7 @@ index 8b8143e..a04a8af 100644
domain_system_change_exemption($1)
role_transition $2 asterisk_initrc_exec_t system_r;
diff --git a/policy/modules/services/asterisk.te b/policy/modules/services/asterisk.te
-index b3b0176..8e66610 100644
+index b3b0176..31e5976 100644
--- a/policy/modules/services/asterisk.te
+++ b/policy/modules/services/asterisk.te
@@ -19,10 +19,11 @@ type asterisk_log_t;
@@ -87621,7 +87630,7 @@ index b3b0176..8e66610 100644
allow asterisk_t self:process { getsched setsched signal_perms getcap setcap };
allow asterisk_t self:fifo_file rw_fifo_file_perms;
allow asterisk_t self:sem create_sem_perms;
-@@ -76,10 +77,11 @@ fs_tmpfs_filetrans(asterisk_t, asterisk_tmpfs_t, { dir file lnk_file sock_file f
+@@ -76,11 +77,13 @@ fs_tmpfs_filetrans(asterisk_t, asterisk_tmpfs_t, { dir file lnk_file sock_file f
manage_files_pattern(asterisk_t, asterisk_var_lib_t, asterisk_var_lib_t)
files_var_lib_filetrans(asterisk_t, asterisk_var_lib_t, file)
@@ -87632,9 +87641,11 @@ index b3b0176..8e66610 100644
-files_pid_filetrans(asterisk_t, asterisk_var_run_t, file)
+files_pid_filetrans(asterisk_t, asterisk_var_run_t, { dir file })
++kernel_read_network_state(asterisk_t)
kernel_read_system_state(asterisk_t)
kernel_read_kernel_sysctls(asterisk_t)
-@@ -108,14 +110,19 @@ corenet_tcp_bind_generic_port(asterisk_t)
+ kernel_request_load_module(asterisk_t)
+@@ -108,14 +111,19 @@ corenet_tcp_bind_generic_port(asterisk_t)
corenet_udp_bind_generic_port(asterisk_t)
corenet_dontaudit_udp_bind_all_ports(asterisk_t)
corenet_sendrecv_generic_server_packets(asterisk_t)
@@ -87654,7 +87665,7 @@ index b3b0176..8e66610 100644
dev_read_urand(asterisk_t)
domain_use_interactive_fds(asterisk_t)
-@@ -125,6 +132,7 @@ files_search_spool(asterisk_t)
+@@ -125,6 +133,7 @@ files_search_spool(asterisk_t)
# demo files installed in /usr/share/asterisk/sounds/demo-instruct.gsm
# are labeled usr_t
files_read_usr_files(asterisk_t)
@@ -87662,7 +87673,7 @@ index b3b0176..8e66610 100644
fs_getattr_all_fs(asterisk_t)
fs_list_inotifyfs(asterisk_t)
-@@ -141,6 +149,10 @@ userdom_dontaudit_use_unpriv_user_fds(asterisk_t)
+@@ -141,6 +150,10 @@ userdom_dontaudit_use_unpriv_user_fds(asterisk_t)
userdom_dontaudit_search_user_home_dirs(asterisk_t)
optional_policy(`
@@ -88741,18 +88752,20 @@ index f4e7ad3..c323651 100644
dev_read_urand(bitlbee_t)
diff --git a/policy/modules/services/blueman.fc b/policy/modules/services/blueman.fc
new file mode 100644
-index 0000000..69f2b36
+index 0000000..98ba16a
--- /dev/null
+++ b/policy/modules/services/blueman.fc
-@@ -0,0 +1,2 @@
+@@ -0,0 +1,4 @@
++
++/usr/libexec/blueman-mechanism -- gen_context(system_u:object_r:blueman_exec_t,s0)
+
-+/usr/libexec/blueman-mechanism -- gen_context(system_u:object_r:blueman_exec_t,s0)
++/var/lib/blueman(/.*)? gen_context(system_u:object_r:blueman_var_lib_t,s0)
diff --git a/policy/modules/services/blueman.if b/policy/modules/services/blueman.if
new file mode 100644
-index 0000000..d694c0a
+index 0000000..a66b2ff
--- /dev/null
+++ b/policy/modules/services/blueman.if
-@@ -0,0 +1,41 @@
+@@ -0,0 +1,99 @@
+## <summary>policy for blueman</summary>
+
+########################################
@@ -88794,12 +88807,70 @@ index 0000000..d694c0a
+ allow $1 blueman_t:dbus send_msg;
+ allow blueman_t $1:dbus send_msg;
+')
++
++########################################
++## <summary>
++## Search blueman lib directories.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`blueman_search_lib',`
++ gen_require(`
++ type blueman_var_lib_t;
++ ')
++
++ allow $1 blueman_var_lib_t:dir search_dir_perms;
++ files_search_var_lib($1)
++')
++
++########################################
++## <summary>
++## Read blueman lib files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`blueman_read_lib_files',`
++ gen_require(`
++ type blueman_var_lib_t;
++ ')
++
++ files_search_var_lib($1)
++ read_files_pattern($1, blueman_var_lib_t, blueman_var_lib_t)
++')
++
++########################################
++## <summary>
++## Create, read, write, and delete
++## blueman lib files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`blueman_manage_lib_files',`
++ gen_require(`
++ type blueman_var_lib_t;
++ ')
++
++ files_search_var_lib($1)
++ manage_files_pattern($1, blueman_var_lib_t, blueman_var_lib_t)
++')
diff --git a/policy/modules/services/blueman.te b/policy/modules/services/blueman.te
new file mode 100644
-index 0000000..4b22dcf
+index 0000000..d5b66f6
--- /dev/null
+++ b/policy/modules/services/blueman.te
-@@ -0,0 +1,43 @@
+@@ -0,0 +1,52 @@
+policy_module(blueman, 1.0.0)
+
+########################################
@@ -88812,16 +88883,25 @@ index 0000000..4b22dcf
+dbus_system_domain(blueman_t, blueman_exec_t)
+init_daemon_domain(blueman_t, blueman_exec_t)
+
++type blueman_var_lib_t;
++files_type(blueman_var_lib_t)
++
+########################################
+#
+# blueman local policy
+#
+allow blueman_t self:fifo_file rw_fifo_file_perms;
+
++manage_dirs_pattern(blueman_t, blueman_var_lib_t, blueman_var_lib_t)
++manage_files_pattern(blueman_t, blueman_var_lib_t, blueman_var_lib_t)
++files_var_lib_filetrans(blueman_t, blueman_var_lib_t, { file dir })
++
+kernel_read_system_state(blueman_t)
+
+corecmd_exec_bin(blueman_t)
+
++dev_read_rand(blueman_t)
++dev_read_urand(blueman_t)
+dev_rw_wireless(blueman_t)
+
+domain_use_interactive_fds(blueman_t)
@@ -105190,6 +105270,331 @@ index da2127e..91bdd44 100644
+miscfiles_read_localization(jabberd_domain)
+
+sysnet_read_config(jabberd_domain)
+diff --git a/policy/modules/services/jetty.fc b/policy/modules/services/jetty.fc
+new file mode 100644
+index 0000000..1725b7e
+--- /dev/null
++++ b/policy/modules/services/jetty.fc
+@@ -0,0 +1,9 @@
++
++/var/cache/jetty(/.*)? gen_context(system_u:object_r:jetty_cache_t,s0)
++
++/var/lib/jetty(/.*)? gen_context(system_u:object_r:jetty_var_lib_t,s0)
++
++/var/log/jetty(/.*)? gen_context(system_u:object_r:jetty_log_t,s0)
++
++/var/run/jetty(/.*)? gen_context(system_u:object_r:jetty_var_run_t,s0)
++
+diff --git a/policy/modules/services/jetty.if b/policy/modules/services/jetty.if
+new file mode 100644
+index 0000000..eb95780
+--- /dev/null
++++ b/policy/modules/services/jetty.if
+@@ -0,0 +1,273 @@
++
++## <summary>policy for jetty</summary>
++
++########################################
++## <summary>
++## Search jetty cache directories.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`jetty_search_cache',`
++ gen_require(`
++ type jetty_cache_t;
++ ')
++
++ allow $1 jetty_cache_t:dir search_dir_perms;
++ files_search_var($1)
++')
++
++########################################
++## <summary>
++## Read jetty cache files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`jetty_read_cache_files',`
++ gen_require(`
++ type jetty_cache_t;
++ ')
++
++ files_search_var($1)
++ read_files_pattern($1, jetty_cache_t jetty_cache_t)
++')
++
++########################################
++## <summary>
++## Create, read, write, and delete
++## jetty cache files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`jetty_manage_cache_files',`
++ gen_require(`
++ type jetty_cache_t;
++ ')
++
++ files_search_var($1)
++ manage_files_pattern($1, jetty_cache_t, jetty_cache_t)
++')
++
++########################################
++## <summary>
++## Manage jetty cache dirs.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`jetty_manage_cache_dirs',`
++ gen_require(`
++ type jetty_cache_t;
++ ')
++
++ files_search_var($1)
++ manage_dirs_pattern($1, jetty_cache_t, jetty_cache_t)
++')
++
++########################################
++## <summary>
++## Read jetty's log files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`jetty_read_log',`
++ gen_require(`
++ type jetty_log_t;
++ ')
++
++ logging_search_logs($1)
++ read_files_pattern($1, jetty_log_t, jetty_log_t)
++')
++
++########################################
++## <summary>
++## Append to jetty log files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`jetty_append_log',`
++ gen_require(`
++ type jetty_log_t;
++ ')
++
++ logging_search_logs($1)
++ append_files_pattern($1, jetty_log_t, jetty_log_t)
++')
++
++########################################
++## <summary>
++## Manage jetty log files
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`jetty_manage_log',`
++ gen_require(`
++ type jetty_log_t;
++ ')
++
++ logging_search_logs($1)
++ manage_dirs_pattern($1, jetty_log_t, jetty_log_t)
++ manage_files_pattern($1, jetty_log_t, jetty_log_t)
++ manage_lnk_files_pattern($1, jetty_log_t, jetty_log_t)
++')
++
++########################################
++## <summary>
++## Search jetty lib directories.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`jetty_search_lib',`
++ gen_require(`
++ type jetty_var_lib_t;
++ ')
++
++ allow $1 jetty_var_lib_t:dir search_dir_perms;
++ files_search_var_lib($1)
++')
++
++########################################
++## <summary>
++## Read jetty lib files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`jetty_read_lib_files',`
++ gen_require(`
++ type jetty_var_lib_t;
++ ')
++
++ files_search_var_lib($1)
++ read_files_pattern($1, jetty_var_lib_t, jetty_var_lib_t)
++')
++
++########################################
++## <summary>
++## Manage jetty lib files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`jetty_manage_lib_files',`
++ gen_require(`
++ type jetty_var_lib_t;
++ ')
++
++ files_search_var_lib($1)
++ manage_files_pattern($1, jetty_var_lib_t, jetty_var_lib_t)
++')
++
++########################################
++## <summary>
++## Manage jetty lib directories.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`jetty_manage_lib_dirs',`
++ gen_require(`
++ type jetty_var_lib_t;
++ ')
++
++ files_search_var_lib($1)
++ manage_dirs_pattern($1, jetty_var_lib_t, jetty_var_lib_t)
++')
++
++########################################
++## <summary>
++## Read jetty PID files.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`jetty_read_pid_files',`
++ gen_require(`
++ type jetty_var_run_t;
++ ')
++
++ files_search_pids($1)
++ allow $1 jetty_var_run_t:file read_file_perms;
++')
++
++
++########################################
++## <summary>
++## All of the rules required to administrate
++## an jetty environment
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++## <param name="role">
++## <summary>
++## Role allowed access.
++## </summary>
++## </param>
++## <rolecap/>
++#
++interface(`jetty_admin',`
++ gen_require(`
++ type jetty_cache_t;
++ type jetty_log_t;
++ type jetty_var_lib_t;
++ type jetty_var_run_t;
++ ')
++
++ files_search_var($1)
++ admin_pattern($1, jetty_cache_t)
++
++ logging_search_logs($1)
++ admin_pattern($1, jetty_log_t)
++
++ files_search_var_lib($1)
++ admin_pattern($1, jetty_var_lib_t)
++
++ files_search_pids($1)
++ admin_pattern($1, jetty_var_run_t)
++')
+diff --git a/policy/modules/services/jetty.te b/policy/modules/services/jetty.te
+new file mode 100644
+index 0000000..af510ea
+--- /dev/null
++++ b/policy/modules/services/jetty.te
+@@ -0,0 +1,25 @@
++policy_module(jetty, 1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type jetty_cache_t;
++files_type(jetty_cache_t)
++
++type jetty_log_t;
++logging_log_file(jetty_log_t)
++
++type jetty_var_lib_t;
++files_type(jetty_var_lib_t)
++
++type jetty_var_run_t;
++files_pid_file(jetty_var_run_t)
++
++########################################
++#
++# jetty local policy
++#
++
++# No local policy. This module just contains type definitions
diff --git a/policy/modules/services/kerberos.fc b/policy/modules/services/kerberos.fc
index 3525d24..033de90 100644
--- a/policy/modules/services/kerberos.fc
@@ -113855,10 +114260,10 @@ index 0000000..d3b9544
+')
diff --git a/policy/modules/services/obex.te b/policy/modules/services/obex.te
new file mode 100644
-index 0000000..21a4f33
+index 0000000..016a6cc
--- /dev/null
+++ b/policy/modules/services/obex.te
-@@ -0,0 +1,27 @@
+@@ -0,0 +1,28 @@
+policy_module(obex,1.0.0)
+
+########################################
@@ -113877,6 +114282,7 @@ index 0000000..21a4f33
+#
+
+allow obex_t self:fifo_file rw_fifo_file_perms;
++allow obex_t self:socket create_socket_perms;
+
+dev_read_urand(obex_t)
+
@@ -148230,7 +148636,7 @@ index db75976..ce61aed 100644
+
+/var/run/user(/.*)? gen_context(system_u:object_r:user_tmp_t,s0)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index 4b2878a..1c1102f 100644
+index 4b2878a..cc989a4 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -30,9 +30,11 @@ template(`userdom_base_user_template',`
@@ -150723,7 +151129,7 @@ index 4b2878a..1c1102f 100644
## Create keys for all user domains.
## </summary>
## <param name="domain">
-@@ -3194,3 +3982,1291 @@ interface(`userdom_dbus_send_all_users',`
+@@ -3194,3 +3982,1292 @@ interface(`userdom_dbus_send_all_users',`
allow $1 userdomain:dbus send_msg;
')
@@ -151538,6 +151944,7 @@ index 4b2878a..1c1102f 100644
+ ')
+
+ allow $1 home_cert_t:dir list_dir_perms;
++ manage_dirs_pattern($1, home_cert_t, home_cert_t)
+ manage_files_pattern($1, home_cert_t, home_cert_t)
+ manage_lnk_files_pattern($1, home_cert_t, home_cert_t)
+
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 870242e..1a98549 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
-Release: 120%{?dist}
+Release: 121%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -490,6 +490,15 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Fri May 4 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-121
+- Add labeling for /usr/share/jetty/bin/jetty.sh
+- Add jetty policy which contains file type definitios
+- Allow jockey to use its own fifo_file and make this the default for all domains
+- Allow mozilla_plugins to use spice (vnc_port/couchdb)
+- asterisk wants to read the network state
+- Blueman now uses /var/lib/blueman- Add label for nodejs_debug
+- Allow mozilla_plugin_t to create ~/.pki directory and content
+
* Wed May 2 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-120
- Add clamscan_can_scan_system boolean
- Allow mysqld to read kernel network state
More information about the scm-commits
mailing list