Blob Blame Raw
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.6.12/policy/modules/services/devicekit.te
--- nsaserefpolicy/policy/modules/services/devicekit.te	2009-05-21 08:27:59.000000000 -0400
+++ serefpolicy-3.6.12/policy/modules/services/devicekit.te	2009-05-21 12:57:07.000000000 -0400
@@ -55,7 +55,7 @@
 #
 # DeviceKit-Power local policy
 #
-allow devicekit_power_t self:capability { dac_override sys_tty_config sys_nice };
+allow devicekit_power_t self:capability { dac_override sys_ptrace sys_tty_config sys_nice };
 allow devicekit_power_t self:fifo_file rw_fifo_file_perms;
 allow devicekit_power_t self:unix_dgram_socket create_socket_perms;
 
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.6.12/policy/modules/services/pyzor.fc
--- nsaserefpolicy/policy/modules/services/pyzor.fc	2009-05-21 08:27:59.000000000 -0400
+++ serefpolicy-3.6.12/policy/modules/services/pyzor.fc	2009-05-21 08:32:24.000000000 -0400
@@ -3,6 +3,8 @@
 
 HOME_DIR/\.pyzor(/.*)?		gen_context(system_u:object_r:pyzor_home_t,s0)
 HOME_DIR/\.spamd(/.*)?		gen_context(system_u:object_r:pyzor_home_t,s0)
+/root/\.pyzor(/.*)?		gen_context(system_u:object_r:pyzor_home_t,s0)
+/root/\.spamd(/.*)?		gen_context(system_u:object_r:pyzor_home_t,s0)
 
 /usr/bin/pyzor		--	gen_context(system_u:object_r:pyzor_exec_t,s0)
 /usr/bin/pyzord		--	gen_context(system_u:object_r:pyzord_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.6.12/policy/modules/services/spamassassin.fc
--- nsaserefpolicy/policy/modules/services/spamassassin.fc	2009-05-21 08:27:59.000000000 -0400
+++ serefpolicy-3.6.12/policy/modules/services/spamassassin.fc	2009-05-21 08:31:58.000000000 -0400
@@ -1,3 +1,4 @@
+/root/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamc_home_t,s0)
 HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:spamc_home_t,s0)
 
 /etc/rc\.d/init\.d/spamd	--	gen_context(system_u:object_r:spamd_initrc_exec_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.12/policy/modules/services/virt.te
--- nsaserefpolicy/policy/modules/services/virt.te	2009-05-21 08:27:59.000000000 -0400
+++ serefpolicy-3.6.12/policy/modules/services/virt.te	2009-05-21 12:58:18.000000000 -0400
@@ -183,6 +183,7 @@
 seutil_read_default_contexts(virtd_t)
 
 term_getattr_pty_fs(virtd_t)
+term_use_generic_ptys(virtd_t)
 term_use_ptmx(virtd_t)
 
 auth_use_nsswitch(virtd_t)
@@ -323,9 +324,13 @@
 userdom_read_all_users_state(svirt_t)
 
 append_files_pattern(svirt_t, virt_log_t, virt_log_t)
+append_files_pattern(svirt_t, virt_var_lib_t, virt_var_lib_t)
 
 allow svirt_t self:udp_socket create_socket_perms;
 
+corecmd_exec_bin(svirt_t)
+corecmd_exec_shell(svirt_t)
+
 corenet_udp_sendrecv_generic_if(svirt_t)
 corenet_udp_sendrecv_generic_node(svirt_t)
 corenet_udp_sendrecv_all_ports(svirt_t)