diff --git a/modules-minimum.conf b/modules-minimum.conf
index 8d53b4c..c94436d 100644
--- a/modules-minimum.conf
+++ b/modules-minimum.conf
@@ -1943,6 +1943,13 @@ munin = module
#
bitlbee = module
+# Layer: system
+# Module: sosreport
+#
+# sosreport debuggin information generator
+#
+sosreport = module
+
# Layer: services
# Module: soundserver
#
diff --git a/modules-mls.conf b/modules-mls.conf
index c966444..4492967 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -1816,6 +1816,13 @@ munin = module
#
bitlbee = module
+# Layer: system
+# Module: sosreport
+#
+# sosreport debuggin information generator
+#
+sosreport = module
+
# Layer: services
# Module: soundserver
#
diff --git a/modules-targeted.conf b/modules-targeted.conf
index 8d53b4c..c94436d 100644
--- a/modules-targeted.conf
+++ b/modules-targeted.conf
@@ -1943,6 +1943,13 @@ munin = module
#
bitlbee = module
+# Layer: system
+# Module: sosreport
+#
+# sosreport debuggin information generator
+#
+sosreport = module
+
# Layer: services
# Module: soundserver
#
diff --git a/policy-20100106.patch b/policy-20100106.patch
index 181449e..2baa5bf 100644
--- a/policy-20100106.patch
+++ b/policy-20100106.patch
@@ -4590,7 +4590,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.6.32/policy/modules/roles/unconfineduser.te
--- nsaserefpolicy/policy/modules/roles/unconfineduser.te 2010-01-18 18:24:22.722530039 +0100
-+++ serefpolicy-3.6.32/policy/modules/roles/unconfineduser.te 2010-03-11 22:33:59.863510767 +0100
++++ serefpolicy-3.6.32/policy/modules/roles/unconfineduser.te 2010-03-15 18:09:26.443629787 +0100
@@ -39,6 +39,8 @@
type unconfined_exec_t;
init_system_domain(unconfined_t, unconfined_exec_t)
@@ -4633,12 +4633,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -405,7 +415,8 @@
+@@ -405,7 +415,7 @@
type unconfined_execmem_t;
type nsplugin_exec_t;
')
- domtrans_pattern(unconfined_t, mozilla_exec_t, unconfined_execmem_t)
-+ #nsplugin_exec_domtrans(unconfined_t, unconfined_execmem_t)
+ #domtrans_pattern(unconfined_t, mozilla_exec_t, unconfined_execmem_t)
domtrans_pattern(unconfined_t, nsplugin_exec_t, unconfined_execmem_t)
')
@@ -4691,7 +4690,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
######################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.6.32/policy/modules/services/abrt.te
--- nsaserefpolicy/policy/modules/services/abrt.te 2010-01-18 18:24:22.727540243 +0100
-+++ serefpolicy-3.6.32/policy/modules/services/abrt.te 2010-03-15 11:24:00.710614337 +0100
++++ serefpolicy-3.6.32/policy/modules/services/abrt.te 2010-03-15 22:25:29.436449382 +0100
@@ -96,16 +96,19 @@
corenet_tcp_connect_ftp_port(abrt_t)
corenet_tcp_connect_all_ports(abrt_t)
@@ -4721,7 +4720,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_search_all(abrt_t)
sysnet_read_config(abrt_t)
-@@ -176,6 +180,16 @@
+@@ -173,9 +177,23 @@
+ ')
+
+ optional_policy(`
++ sosreport_domtrans(abrt_t)
++')
++
++optional_policy(`
sssd_stream_connect(abrt_t)
')
@@ -4738,7 +4744,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
permissive abrt_t;
########################################
-@@ -200,10 +214,16 @@
+@@ -200,10 +218,16 @@
files_read_etc_files(abrt_helper_t)
files_dontaudit_all_non_security_leaks(abrt_helper_t)
@@ -13748,7 +13754,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.6.32/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2010-01-18 18:24:22.933540325 +0100
-+++ serefpolicy-3.6.32/policy/modules/system/init.if 2010-03-15 17:17:02.854604441 +0100
++++ serefpolicy-3.6.32/policy/modules/system/init.if 2010-03-15 17:34:09.965647341 +0100
@@ -165,6 +165,7 @@
type init_t;
role system_r;
@@ -13801,18 +13807,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-@@ -701,6 +707,10 @@
- ifdef(`enable_mls',`
- range_transition $1 init_script_file_type:process s0 - mls_systemhigh;
- ')
-+
-+ ifdef(`hide_broken_symptoms', `
-+ dontaudit init_script_file_type $1:fifo_file rw_inherited_fifo_file_perms;
-+ ')
- ')
-
- ########################################
-@@ -775,8 +785,10 @@
+@@ -775,8 +781,10 @@
interface(`init_labeled_script_domtrans',`
gen_require(`
type initrc_t;
@@ -13823,7 +13818,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
domtrans_pattern($1, $2, initrc_t)
files_search_etc($1)
')
-@@ -1686,3 +1698,26 @@
+@@ -1686,3 +1694,26 @@
allow $1 initrc_t:sem rw_sem_perms;
')
@@ -14758,6 +14753,223 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
miscfiles_read_localization(load_policy_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.fc serefpolicy-3.6.32/policy/modules/system/sosreport.fc
+--- nsaserefpolicy/policy/modules/system/sosreport.fc 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/system/sosreport.fc 2010-03-15 22:24:08.238477345 +0100
+@@ -0,0 +1,2 @@
++
++/usr/sbin/sosreport -- gen_context(system_u:object_r:sosreport_exec_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.if serefpolicy-3.6.32/policy/modules/system/sosreport.if
+--- nsaserefpolicy/policy/modules/system/sosreport.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/system/sosreport.if 2010-03-15 22:24:08.248663221 +0100
+@@ -0,0 +1,74 @@
++
++## policy for sosreport
++
++########################################
++##
++## Execute a domain transition to run sosreport.
++##
++##
++##
++## Domain allowed to transition.
++##
++##
++#
++interface(`sosreport_domtrans',`
++ gen_require(`
++ type sosreport_t, sosreport_exec_t;
++ ')
++
++ domtrans_pattern($1, sosreport_exec_t, sosreport_t)
++')
++
++
++########################################
++##
++## Execute sosreport in the sosreport domain, and
++## allow the specified role the sosreport domain.
++##
++##
++##
++## Domain allowed access
++##
++##
++##
++##
++## The role to be allowed the sosreport domain.
++##
++##
++#
++interface(`sosreport_run',`
++ gen_require(`
++ type sosreport_t;
++ ')
++
++ sosreport_domtrans($1)
++ role $2 types sosreport_t;
++')
++
++########################################
++##
++## Role access for sosreport
++##
++##
++##
++## Role allowed access
++##
++##
++##
++##
++## User domain for the role
++##
++##
++#
++interface(`sosreport_role',`
++ gen_require(`
++ type sosreport_t;
++ ')
++
++ role $1 types sosreport_t;
++
++ sosreport_domtrans($2)
++
++ ps_process_pattern($2, sosreport_t)
++ allow $2 sosreport_t:process signal;
++')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.te serefpolicy-3.6.32/policy/modules/system/sosreport.te
+--- nsaserefpolicy/policy/modules/system/sosreport.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.6.32/policy/modules/system/sosreport.te 2010-03-15 22:24:08.281168472 +0100
+@@ -0,0 +1,129 @@
++
++policy_module(sosreport,1.0.0)
++
++########################################
++#
++# Declarations
++#
++
++type sosreport_t;
++type sosreport_exec_t;
++application_domain(sosreport_t, sosreport_exec_t)
++role system_r types sosreport_t;
++
++type sosreport_tmp_t;
++files_tmp_file(sosreport_tmp_t)
++
++type sosreport_tmpfs_t;
++files_tmpfs_file(sosreport_tmpfs_t)
++
++########################################
++#
++# sosreport local policy
++#
++
++allow sosreport_t self:capability { kill net_admin net_raw setuid sys_nice sys_ptrace dac_override };
++allow sosreport_t self:process { setsched signull };
++
++allow sosreport_t self:fifo_file rw_fifo_file_perms;
++allow sosreport_t self:tcp_socket create_stream_socket_perms;
++allow sosreport_t self:udp_socket create_socket_perms;
++allow sosreport_t self:unix_dgram_socket create_socket_perms;
++allow sosreport_t self:netlink_route_socket r_netlink_socket_perms;
++allow sosreport_t self:unix_stream_socket create_stream_socket_perms;
++
++# sosreport tmp files
++manage_dirs_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
++manage_files_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
++manage_lnk_files_pattern(sosreport_t, sosreport_tmp_t, sosreport_tmp_t)
++files_tmp_filetrans(sosreport_t, sosreport_tmp_t, { file dir })
++
++manage_files_pattern(sosreport_t, sosreport_tmpfs_t, sosreport_tmpfs_t)
++fs_tmpfs_filetrans(sosreport_t, sosreport_tmpfs_t,file)
++
++kernel_read_device_sysctls(sosreport_t)
++kernel_read_hotplug_sysctls(sosreport_t)
++kernel_read_kernel_sysctls(sosreport_t)
++kernel_read_modprobe_sysctls(sosreport_t)
++kernel_read_net_sysctls(sosreport_t)
++kernel_read_network_state(sosreport_t)
++kernel_read_rpc_sysctls(sosreport_t)
++kernel_read_software_raid_state(sosreport_t)
++kernel_read_unix_sysctls(sosreport_t)
++kernel_read_vm_sysctls(sosreport_t)
++kernel_search_debugfs(sosreport_t)
++
++corecmd_exec_all_executables(sosreport_t)
++
++dev_getattr_all_chr_files(sosreport_t)
++dev_getattr_all_blk_files(sosreport_t)
++
++dev_read_rand(sosreport_t)
++dev_read_urand(sosreport_t)
++dev_read_raw_memory(sosreport_t)
++dev_read_sysfs(sosreport_t)
++
++domain_getattr_all_domains(sosreport_t)
++domain_read_all_domains_state(sosreport_t)
++
++# for blkid.tab
++files_manage_etc_runtime_files(sosreport_t)
++files_etc_filetrans_etc_runtime(sosreport_t, file)
++
++files_exec_etc_files(sosreport_t)
++files_list_all(sosreport_t)
++files_read_config_files(sosreport_t)
++files_read_etc_files(sosreport_t)
++files_read_generic_tmp_files(sosreport_t)
++files_read_usr_files(sosreport_t)
++files_read_var_lib_files(sosreport_t)
++files_read_var_symlinks(sosreport_t)
++files_read_kernel_modules(sosreport_t)
++
++fs_getattr_all_fs(sosreport_t)
++
++# cjp: some config files do not have configfile attribute
++# sosreport needs to read various files on system
++auth_read_all_files_except_shadow(sosreport_t)
++auth_use_nsswitch(sosreport_t)
++
++init_domtrans_script(sosreport_t)
++
++libs_domtrans_ldconfig(sosreport_t)
++
++logging_read_all_logs(sosreport_t)
++logging_send_syslog_msg(sosreport_t)
++
++miscfiles_read_localization(sosreport_t)
++
++# needed by modinfo
++modutils_read_module_deps(sosreport_t)
++
++sysnet_read_config(sosreport_t)
++
++optional_policy(`
++ cups_stream_connect(sosreport_t)
++')
++
++optional_policy(`
++ lvm_domtrans(sosreport_t)
++')
++
++optional_policy(`
++ pulseaudio_stream_connect(sosreport_t)
++')
++
++optional_policy(`
++ rpm_exec(sosreport_t)
++ rpm_dontaudit_manage_db(sosreport_t)
++ rpm_read_db(sosreport_t)
++')
++
++optional_policy(`
++ xserver_stream_connect(sosreport_t)
++')
++
++optional_policy(`
++ unconfined_domain_noaudit(sosreport_t)
++')
++
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.6.32/policy/modules/system/sysnetwork.fc
--- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2010-01-18 18:24:22.968540028 +0100
+++ serefpolicy-3.6.32/policy/modules/system/sysnetwork.fc 2010-03-01 16:01:07.867490672 +0100
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 26022dd..bd60839 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.6.32
-Release: 102%{?dist}
+Release: 103%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz