From 00ee854fbd74df5443dba4238f18ff4252987ac0 Mon Sep 17 00:00:00 2001 From: Miroslav Grepl Date: Jan 24 2011 18:55:58 +0000 Subject: - Add label for /root/.screen --- diff --git a/policy-F13.patch b/policy-F13.patch index 1374a6f..3f2246a 100644 --- a/policy-F13.patch +++ b/policy-F13.patch @@ -1,6 +1,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/sepgsql_contexts serefpolicy-3.7.19/config/appconfig-mcs/sepgsql_contexts ---- nsaserefpolicy/config/appconfig-mcs/sepgsql_contexts 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/config/appconfig-mcs/sepgsql_contexts 2011-01-19 19:02:35.494057572 +0100 +--- nsaserefpolicy/config/appconfig-mcs/sepgsql_contexts 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/config/appconfig-mcs/sepgsql_contexts 2011-01-19 18:02:35.000000000 +0000 @@ -0,0 +1,40 @@ +# +# Initial security label for SE-PostgreSQL (MCS) @@ -43,8 +43,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/sepgsql +db_language *.plperl system_u:object_r:sepgsql_safe_lang_t:s0 +db_language *.* system_u:object_r:sepgsql_lang_t:s0 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/sepgsql_contexts serefpolicy-3.7.19/config/appconfig-mls/sepgsql_contexts ---- nsaserefpolicy/config/appconfig-mls/sepgsql_contexts 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/config/appconfig-mls/sepgsql_contexts 2011-01-19 19:02:35.494057572 +0100 +--- nsaserefpolicy/config/appconfig-mls/sepgsql_contexts 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/config/appconfig-mls/sepgsql_contexts 2011-01-19 18:02:35.000000000 +0000 @@ -0,0 +1,40 @@ +# +# Initial security label for SE-PostgreSQL (MLS) @@ -87,8 +87,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/sepgsql +db_language *.plperl system_u:object_r:sepgsql_safe_lang_t:s0 +db_language *.* system_u:object_r:sepgsql_lang_t:s0 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/sepgsql_contexts serefpolicy-3.7.19/config/appconfig-standard/sepgsql_contexts ---- nsaserefpolicy/config/appconfig-standard/sepgsql_contexts 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/config/appconfig-standard/sepgsql_contexts 2011-01-19 19:02:35.495292665 +0100 +--- nsaserefpolicy/config/appconfig-standard/sepgsql_contexts 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/config/appconfig-standard/sepgsql_contexts 2011-01-19 18:02:35.000000000 +0000 @@ -0,0 +1,40 @@ +# +# Initial security label for SE-PostgreSQL (none-MLS) @@ -131,8 +131,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/se +db_language *.plperl system_u:object_r:sepgsql_safe_lang_t +db_language *.* system_u:object_r:sepgsql_lang_t diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.7.19/Makefile ---- nsaserefpolicy/Makefile 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/Makefile 2011-01-19 19:02:35.498308180 +0100 +--- nsaserefpolicy/Makefile 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/Makefile 2011-01-19 18:02:35.000000000 +0000 @@ -244,7 +244,7 @@ appdir := $(contextpath) user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts) @@ -143,8 +143,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.7.19/ all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d) diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-3.7.19/man/man8/ftpd_selinux.8 ---- nsaserefpolicy/man/man8/ftpd_selinux.8 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/man/man8/ftpd_selinux.8 2010-09-09 15:08:15.357085367 +0200 +--- nsaserefpolicy/man/man8/ftpd_selinux.8 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/man/man8/ftpd_selinux.8 2010-09-09 13:08:15.000000000 +0000 @@ -15,7 +15,7 @@ semanage fcontext -a -t public_content_t "/var/ftp(/.*)?" .TP @@ -164,8 +164,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 sere .SH BOOLEANS .PP diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.7.19/policy/flask/access_vectors ---- nsaserefpolicy/policy/flask/access_vectors 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/flask/access_vectors 2011-01-19 19:02:35.500042367 +0100 +--- nsaserefpolicy/policy/flask/access_vectors 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/flask/access_vectors 2011-01-19 18:02:35.000000000 +0000 @@ -816,3 +816,32 @@ class x_keyboard @@ -200,8 +200,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors + execute +} diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/security_classes serefpolicy-3.7.19/policy/flask/security_classes ---- nsaserefpolicy/policy/flask/security_classes 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/flask/security_classes 2011-01-19 19:02:35.501042440 +0100 +--- nsaserefpolicy/policy/flask/security_classes 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/flask/security_classes 2011-01-19 18:02:35.000000000 +0000 @@ -125,4 +125,10 @@ class x_pointer # userspace class x_keyboard # userspace @@ -214,8 +214,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/security_classe + # FLASK diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.7.19/policy/global_tunables ---- nsaserefpolicy/policy/global_tunables 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/global_tunables 2011-01-18 18:06:48.149053065 +0100 +--- nsaserefpolicy/policy/global_tunables 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/global_tunables 2011-01-18 17:06:48.000000000 +0000 @@ -61,15 +61,6 @@ ## @@ -266,8 +266,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables seref +gen_tunable(mmap_low_allowed, false) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.7.19/policy/mcs ---- nsaserefpolicy/policy/mcs 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/mcs 2011-01-19 19:02:35.502042304 +0100 +--- nsaserefpolicy/policy/mcs 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/mcs 2011-01-19 18:02:35.000000000 +0000 @@ -86,10 +86,10 @@ (( h1 dom h2 ) and ( l2 eq h2 )); @@ -330,8 +330,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.7.1 ( h1 dom h2 ); diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.7.19/policy/mls ---- nsaserefpolicy/policy/mls 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/mls 2011-01-19 19:02:35.504042381 +0100 +--- nsaserefpolicy/policy/mls 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/mls 2011-01-19 18:02:35.000000000 +0000 @@ -208,12 +208,14 @@ (( l1 eq l2 ) or (( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )) or @@ -466,16 +466,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.7.1 (( t3 == mlsdbupgrade ) and ( l1 domby l2 )) or (( t3 == mlsdbdowngrade ) and ( l1 dom l2 )) or diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/accountsd.fc serefpolicy-3.7.19/policy/modules/admin/accountsd.fc ---- nsaserefpolicy/policy/modules/admin/accountsd.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/admin/accountsd.fc 2010-05-28 09:41:59.944611136 +0200 +--- nsaserefpolicy/policy/modules/admin/accountsd.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/accountsd.fc 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,4 @@ + +/usr/libexec/accounts-daemon -- gen_context(system_u:object_r:accountsd_exec_t,s0) + +/var/lib/AccountsService(/.*)? gen_context(system_u:object_r:accountsd_var_lib_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/accountsd.if serefpolicy-3.7.19/policy/modules/admin/accountsd.if ---- nsaserefpolicy/policy/modules/admin/accountsd.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/admin/accountsd.if 2010-05-28 09:41:59.944611136 +0200 +--- nsaserefpolicy/policy/modules/admin/accountsd.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/accountsd.if 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,164 @@ +## policy for accountsd + @@ -642,8 +642,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/account + accountsd_manage_var_lib($1) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/accountsd.te serefpolicy-3.7.19/policy/modules/admin/accountsd.te ---- nsaserefpolicy/policy/modules/admin/accountsd.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/admin/accountsd.te 2010-08-24 15:44:39.211083773 +0200 +--- nsaserefpolicy/policy/modules/admin/accountsd.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/accountsd.te 2010-08-24 13:44:39.000000000 +0000 @@ -0,0 +1,62 @@ +policy_module(accountsd,1.0.0) + @@ -708,8 +708,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/account + xserver_dbus_chat_xdm(accountsd_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-3.7.19/policy/modules/admin/acct.te ---- nsaserefpolicy/policy/modules/admin/acct.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/acct.te 2010-05-28 09:41:59.946611004 +0200 +--- nsaserefpolicy/policy/modules/admin/acct.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/acct.te 2010-05-28 07:41:59.000000000 +0000 @@ -43,6 +43,7 @@ fs_getattr_xattr_fs(acct_t) @@ -719,8 +719,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te corecmd_exec_bin(acct_t) corecmd_exec_shell(acct_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.7.19/policy/modules/admin/alsa.te ---- nsaserefpolicy/policy/modules/admin/alsa.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/alsa.te 2010-05-28 09:41:59.946611004 +0200 +--- nsaserefpolicy/policy/modules/admin/alsa.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/alsa.te 2010-05-28 07:41:59.000000000 +0000 @@ -52,6 +52,8 @@ files_read_usr_files(alsa_t) @@ -731,8 +731,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te auth_use_nsswitch(alsa_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.7.19/policy/modules/admin/anaconda.te ---- nsaserefpolicy/policy/modules/admin/anaconda.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/anaconda.te 2010-05-28 09:41:59.947613243 +0200 +--- nsaserefpolicy/policy/modules/admin/anaconda.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/anaconda.te 2010-05-28 07:41:59.000000000 +0000 @@ -29,8 +29,10 @@ logging_send_syslog_msg(anaconda_t) @@ -754,8 +754,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anacond optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.if serefpolicy-3.7.19/policy/modules/admin/bootloader.if ---- nsaserefpolicy/policy/modules/admin/bootloader.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/bootloader.if 2010-11-02 18:30:14.260901576 +0100 +--- nsaserefpolicy/policy/modules/admin/bootloader.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/bootloader.if 2010-11-02 17:30:14.000000000 +0000 @@ -18,6 +18,24 @@ domtrans_pattern($1, bootloader_exec_t, bootloader_t) ') @@ -782,8 +782,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloa ## ## Execute bootloader interactively and do diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.if serefpolicy-3.7.19/policy/modules/admin/brctl.if ---- nsaserefpolicy/policy/modules/admin/brctl.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/brctl.if 2010-10-13 09:27:42.212650392 +0200 +--- nsaserefpolicy/policy/modules/admin/brctl.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/brctl.if 2010-10-13 07:27:42.000000000 +0000 @@ -17,3 +17,29 @@ domtrans_pattern($1, brctl_exec_t, brctl_t) @@ -815,8 +815,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.i +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.7.19/policy/modules/admin/certwatch.te ---- nsaserefpolicy/policy/modules/admin/certwatch.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/certwatch.te 2010-07-19 15:48:02.471151653 +0200 +--- nsaserefpolicy/policy/modules/admin/certwatch.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/certwatch.te 2010-07-19 13:48:02.000000000 +0000 @@ -36,7 +36,7 @@ miscfiles_read_localization(certwatch_t) @@ -835,8 +835,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwat pcscd_read_pub_files(certwatch_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.if serefpolicy-3.7.19/policy/modules/admin/consoletype.if ---- nsaserefpolicy/policy/modules/admin/consoletype.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/consoletype.if 2010-05-28 09:41:59.948610734 +0200 +--- nsaserefpolicy/policy/modules/admin/consoletype.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/consoletype.if 2010-05-28 07:41:59.000000000 +0000 @@ -19,6 +19,9 @@ corecmd_search_bin($1) @@ -848,8 +848,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/console ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.7.19/policy/modules/admin/consoletype.te ---- nsaserefpolicy/policy/modules/admin/consoletype.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/consoletype.te 2010-06-15 07:03:31.488859559 +0200 +--- nsaserefpolicy/policy/modules/admin/consoletype.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/consoletype.te 2010-06-15 05:03:31.000000000 +0000 @@ -10,7 +10,6 @@ type consoletype_exec_t; application_executable_file(consoletype_exec_t) @@ -868,8 +868,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/console optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-3.7.19/policy/modules/admin/dmesg.te ---- nsaserefpolicy/policy/modules/admin/dmesg.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/dmesg.te 2011-01-03 08:59:40.202042256 +0100 +--- nsaserefpolicy/policy/modules/admin/dmesg.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/dmesg.te 2011-01-03 07:59:40.000000000 +0000 @@ -24,6 +24,7 @@ kernel_read_ring_buffer(dmesg_t) kernel_clear_ring_buffer(dmesg_t) @@ -892,8 +892,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.t ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.7.19/policy/modules/admin/firstboot.te ---- nsaserefpolicy/policy/modules/admin/firstboot.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/firstboot.te 2010-09-01 16:15:20.344336196 +0200 +--- nsaserefpolicy/policy/modules/admin/firstboot.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/firstboot.te 2010-09-01 14:15:20.000000000 +0000 @@ -77,6 +77,7 @@ miscfiles_read_localization(firstboot_t) @@ -927,8 +927,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstbo xserver_unconfined(firstboot_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.7.19/policy/modules/admin/kismet.te ---- nsaserefpolicy/policy/modules/admin/kismet.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/kismet.te 2010-05-28 09:41:59.951610956 +0200 +--- nsaserefpolicy/policy/modules/admin/kismet.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/kismet.te 2010-05-28 07:41:59.000000000 +0000 @@ -45,6 +45,7 @@ manage_dirs_pattern(kismet_t, kismet_home_t, kismet_home_t) manage_files_pattern(kismet_t, kismet_home_t, kismet_home_t) @@ -938,8 +938,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet. manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.7.19/policy/modules/admin/logrotate.te ---- nsaserefpolicy/policy/modules/admin/logrotate.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/logrotate.te 2010-09-21 15:36:04.691635808 +0200 +--- nsaserefpolicy/policy/modules/admin/logrotate.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/logrotate.te 2010-09-21 13:36:04.000000000 +0000 @@ -32,7 +32,7 @@ # Change ownership on log files. allow logrotate_t self:capability { chown dac_override dac_read_search kill fsetid fowner sys_resource sys_nice }; @@ -1065,8 +1065,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota varnishd_manage_log(logrotate_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.fc serefpolicy-3.7.19/policy/modules/admin/logwatch.fc ---- nsaserefpolicy/policy/modules/admin/logwatch.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/logwatch.fc 2010-06-21 10:14:20.553072833 +0200 +--- nsaserefpolicy/policy/modules/admin/logwatch.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/logwatch.fc 2010-06-21 08:14:20.000000000 +0000 @@ -1,7 +1,14 @@ + +/usr/sbin/epylog -- gen_context(system_u:object_r:logwatch_exec_t,s0) @@ -1083,8 +1083,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc + +/var/run/epylog\.pid -- gen_context(system_u:object_r:logwatch_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.7.19/policy/modules/admin/logwatch.te ---- nsaserefpolicy/policy/modules/admin/logwatch.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/logwatch.te 2010-10-25 10:18:24.897901204 +0200 +--- nsaserefpolicy/policy/modules/admin/logwatch.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/logwatch.te 2010-10-25 08:18:24.000000000 +0000 @@ -20,6 +20,9 @@ type logwatch_tmp_t; files_tmp_file(logwatch_tmp_t) @@ -1149,8 +1149,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mcelog.te serefpolicy-3.7.19/policy/modules/admin/mcelog.te ---- nsaserefpolicy/policy/modules/admin/mcelog.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/mcelog.te 2010-05-28 09:41:59.952610471 +0200 +--- nsaserefpolicy/policy/modules/admin/mcelog.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/mcelog.te 2010-05-28 07:41:59.000000000 +0000 @@ -25,6 +25,8 @@ files_read_etc_files(mcelog_t) @@ -1161,8 +1161,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mcelog. miscfiles_read_localization(mcelog_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.7.19/policy/modules/admin/mrtg.te ---- nsaserefpolicy/policy/modules/admin/mrtg.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/mrtg.te 2010-05-28 09:41:59.952610471 +0200 +--- nsaserefpolicy/policy/modules/admin/mrtg.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/mrtg.te 2010-05-28 07:41:59.000000000 +0000 @@ -116,6 +116,7 @@ userdom_use_user_terminals(mrtg_t) userdom_dontaudit_read_user_home_content_files(mrtg_t) @@ -1172,14 +1172,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te netutils_domtrans_ping(mrtg_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool.fc serefpolicy-3.7.19/policy/modules/admin/ncftool.fc ---- nsaserefpolicy/policy/modules/admin/ncftool.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/admin/ncftool.fc 2010-08-13 09:45:26.896085235 +0200 +--- nsaserefpolicy/policy/modules/admin/ncftool.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/ncftool.fc 2010-08-13 07:45:26.000000000 +0000 @@ -0,0 +1,2 @@ + +/usr/bin/ncftool -- gen_context(system_u:object_r:ncftool_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool.if serefpolicy-3.7.19/policy/modules/admin/ncftool.if ---- nsaserefpolicy/policy/modules/admin/ncftool.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/admin/ncftool.if 2010-08-04 14:43:25.607335716 +0200 +--- nsaserefpolicy/policy/modules/admin/ncftool.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/ncftool.if 2010-08-04 12:43:25.000000000 +0000 @@ -0,0 +1,78 @@ + +## policy for ncftool @@ -1260,8 +1260,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool.te serefpolicy-3.7.19/policy/modules/admin/ncftool.te ---- nsaserefpolicy/policy/modules/admin/ncftool.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/admin/ncftool.te 2010-08-13 08:38:27.092085187 +0200 +--- nsaserefpolicy/policy/modules/admin/ncftool.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/ncftool.te 2010-08-13 06:38:27.000000000 +0000 @@ -0,0 +1,100 @@ + +policy_module(ncftool,1.0.0) @@ -1364,8 +1364,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/ncftool + netutils_domtrans(ncftool_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.fc serefpolicy-3.7.19/policy/modules/admin/netutils.fc ---- nsaserefpolicy/policy/modules/admin/netutils.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/netutils.fc 2010-05-28 09:41:59.953610894 +0200 +--- nsaserefpolicy/policy/modules/admin/netutils.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/netutils.fc 2010-05-28 07:41:59.000000000 +0000 @@ -9,6 +9,8 @@ /usr/bin/nmap -- gen_context(system_u:object_r:traceroute_exec_t,s0) /usr/bin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0) @@ -1376,8 +1376,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil /usr/sbin/tcpdump -- gen_context(system_u:object_r:netutils_exec_t,s0) +/usr/sbin/send_arp -- gen_context(system_u:object_r:ping_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.if serefpolicy-3.7.19/policy/modules/admin/netutils.if ---- nsaserefpolicy/policy/modules/admin/netutils.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/netutils.if 2010-12-15 14:42:55.632042421 +0100 +--- nsaserefpolicy/policy/modules/admin/netutils.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/netutils.if 2010-12-15 13:42:55.000000000 +0000 @@ -41,6 +41,7 @@ ') @@ -1424,8 +1424,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil ') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.7.19/policy/modules/admin/netutils.te ---- nsaserefpolicy/policy/modules/admin/netutils.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/netutils.te 2010-07-13 11:08:40.256752721 +0200 +--- nsaserefpolicy/policy/modules/admin/netutils.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/netutils.te 2010-07-13 09:08:40.000000000 +0000 @@ -44,6 +44,7 @@ allow netutils_t self:packet_socket create_socket_perms; allow netutils_t self:udp_socket create_socket_perms; @@ -1522,8 +1522,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil + term_dontaudit_use_all_ptys(traceroute_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.fc serefpolicy-3.7.19/policy/modules/admin/prelink.fc ---- nsaserefpolicy/policy/modules/admin/prelink.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/prelink.fc 2010-05-28 09:41:59.955610693 +0200 +--- nsaserefpolicy/policy/modules/admin/prelink.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/prelink.fc 2010-05-28 07:41:59.000000000 +0000 @@ -1,3 +1,4 @@ +/etc/cron\.daily/prelink -- gen_context(system_u:object_r:prelink_cron_system_exec_t,s0) @@ -1537,8 +1537,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink +/var/lib/misc/prelink.* -- gen_context(system_u:object_r:prelink_var_lib_t,s0) +/var/lib/prelink(/.*)? gen_context(system_u:object_r:prelink_var_lib_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.if serefpolicy-3.7.19/policy/modules/admin/prelink.if ---- nsaserefpolicy/policy/modules/admin/prelink.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/prelink.if 2010-05-28 09:41:59.955610693 +0200 +--- nsaserefpolicy/policy/modules/admin/prelink.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/prelink.if 2010-05-28 07:41:59.000000000 +0000 @@ -17,6 +17,30 @@ corecmd_search_bin($1) @@ -1585,8 +1585,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink + relabel_files_pattern($1, prelink_var_lib_t, prelink_var_lib_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.7.19/policy/modules/admin/prelink.te ---- nsaserefpolicy/policy/modules/admin/prelink.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/prelink.te 2010-09-16 15:32:42.205637133 +0200 +--- nsaserefpolicy/policy/modules/admin/prelink.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/prelink.te 2010-09-16 13:32:42.000000000 +0000 @@ -21,8 +21,21 @@ type prelink_tmp_t; files_tmp_file(prelink_tmp_t) @@ -1732,8 +1732,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/quota.te serefpolicy-3.7.19/policy/modules/admin/quota.te ---- nsaserefpolicy/policy/modules/admin/quota.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/quota.te 2010-05-28 09:41:59.956610558 +0200 +--- nsaserefpolicy/policy/modules/admin/quota.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/quota.te 2010-05-28 07:41:59.000000000 +0000 @@ -39,6 +39,7 @@ kernel_list_proc(quota_t) kernel_read_proc_symlinks(quota_t) @@ -1743,8 +1743,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/quota.t dev_read_sysfs(quota_t) dev_getattr_all_blk_files(quota_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.7.19/policy/modules/admin/readahead.te ---- nsaserefpolicy/policy/modules/admin/readahead.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/readahead.te 2010-08-10 16:20:02.216085125 +0200 +--- nsaserefpolicy/policy/modules/admin/readahead.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/readahead.te 2010-08-10 14:20:02.000000000 +0000 @@ -52,6 +52,7 @@ files_list_non_security(readahead_t) @@ -1766,8 +1766,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe fs_dontaudit_read_ramfs_pipes(readahead_t) fs_dontaudit_read_ramfs_files(readahead_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.7.19/policy/modules/admin/rpm.fc ---- nsaserefpolicy/policy/modules/admin/rpm.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/rpm.fc 2010-08-05 16:24:23.494085276 +0200 +--- nsaserefpolicy/policy/modules/admin/rpm.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/rpm.fc 2010-08-05 14:24:23.000000000 +0000 @@ -1,18 +1,20 @@ /bin/rpm -- gen_context(system_u:object_r:rpm_exec_t,s0) @@ -1822,8 +1822,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc ifdef(`distro_suse', ` /usr/bin/online_update -- gen_context(system_u:object_r:rpm_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.7.19/policy/modules/admin/rpm.if ---- nsaserefpolicy/policy/modules/admin/rpm.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/rpm.if 2010-11-11 15:55:49.911148064 +0100 +--- nsaserefpolicy/policy/modules/admin/rpm.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/rpm.if 2010-11-11 14:55:49.000000000 +0000 @@ -13,11 +13,36 @@ interface(`rpm_domtrans',` gen_require(` @@ -2296,8 +2296,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.7.19/policy/modules/admin/rpm.te ---- nsaserefpolicy/policy/modules/admin/rpm.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/rpm.te 2011-01-07 10:32:51.757290974 +0100 +--- nsaserefpolicy/policy/modules/admin/rpm.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/rpm.te 2011-01-07 09:32:51.000000000 +0000 @@ -1,6 +1,8 @@ policy_module(rpm, 1.10.0) @@ -2599,8 +2599,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te optional_policy(` java_domtrans_unconfined(rpm_script_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sectoolm.te serefpolicy-3.7.19/policy/modules/admin/sectoolm.te ---- nsaserefpolicy/policy/modules/admin/sectoolm.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/sectoolm.te 2010-06-28 16:05:26.150150582 +0200 +--- nsaserefpolicy/policy/modules/admin/sectoolm.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/sectoolm.te 2010-06-28 14:05:26.000000000 +0000 @@ -85,6 +85,7 @@ sysnet_domtrans_ifconfig(sectoolm_t) @@ -2610,8 +2610,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sectool optional_policy(` mount_exec(sectoolm_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.fc serefpolicy-3.7.19/policy/modules/admin/shorewall.fc ---- nsaserefpolicy/policy/modules/admin/shorewall.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/shorewall.fc 2011-01-04 15:04:49.174051690 +0100 +--- nsaserefpolicy/policy/modules/admin/shorewall.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/shorewall.fc 2011-01-04 14:04:49.000000000 +0000 @@ -11,4 +11,6 @@ /var/lib/shorewall6(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0) /var/lib/shorewall-lite(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0) @@ -2620,8 +2620,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewa + /var/log/shorewall.* gen_context(system_u:object_r:shorewall_log_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.if serefpolicy-3.7.19/policy/modules/admin/shorewall.if ---- nsaserefpolicy/policy/modules/admin/shorewall.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/shorewall.if 2010-09-09 13:43:11.957085205 +0200 +--- nsaserefpolicy/policy/modules/admin/shorewall.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/shorewall.if 2010-09-09 11:43:11.000000000 +0000 @@ -18,47 +18,27 @@ domtrans_pattern($1, shorewall_exec_t, shorewall_t) ') @@ -2746,8 +2746,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewa admin_pattern($1, shorewall_var_lib_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewall.te serefpolicy-3.7.19/policy/modules/admin/shorewall.te ---- nsaserefpolicy/policy/modules/admin/shorewall.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/shorewall.te 2010-08-17 10:55:12.906334026 +0200 +--- nsaserefpolicy/policy/modules/admin/shorewall.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/shorewall.te 2010-08-17 08:55:12.000000000 +0000 @@ -59,6 +59,9 @@ manage_dirs_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t) manage_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t) @@ -2783,8 +2783,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shorewa optional_policy(` iptables_domtrans(shorewall_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.fc serefpolicy-3.7.19/policy/modules/admin/shutdown.fc ---- nsaserefpolicy/policy/modules/admin/shutdown.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/admin/shutdown.fc 2010-05-28 09:41:59.962611422 +0200 +--- nsaserefpolicy/policy/modules/admin/shutdown.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/shutdown.fc 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,5 @@ +/etc/nologin -- gen_context(system_u:object_r:shutdown_etc_t,s0) + @@ -2792,8 +2792,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow + +/var/run/shutdown\.pid -- gen_context(system_u:object_r:shutdown_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.if serefpolicy-3.7.19/policy/modules/admin/shutdown.if ---- nsaserefpolicy/policy/modules/admin/shutdown.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/admin/shutdown.if 2010-05-28 09:41:59.963611216 +0200 +--- nsaserefpolicy/policy/modules/admin/shutdown.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/shutdown.if 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,136 @@ + +## policy for shutdown @@ -2932,8 +2932,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow + allow $1 shutdown_exec_t:file getattr; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdown.te serefpolicy-3.7.19/policy/modules/admin/shutdown.te ---- nsaserefpolicy/policy/modules/admin/shutdown.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/admin/shutdown.te 2011-01-14 14:43:24.000042258 +0100 +--- nsaserefpolicy/policy/modules/admin/shutdown.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/shutdown.te 2011-01-14 13:43:24.000000000 +0000 @@ -0,0 +1,70 @@ +policy_module(shutdown,1.0.0) + @@ -3006,8 +3006,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/shutdow + xserver_dontaudit_write_log(shutdown_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltclient.te serefpolicy-3.7.19/policy/modules/admin/smoltclient.te ---- nsaserefpolicy/policy/modules/admin/smoltclient.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/smoltclient.te 2010-10-26 13:48:18.337651044 +0200 +--- nsaserefpolicy/policy/modules/admin/smoltclient.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/smoltclient.te 2010-10-26 11:48:18.000000000 +0000 @@ -46,6 +46,7 @@ files_getattr_generic_locks(smoltclient_t) @@ -3017,16 +3017,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/smoltcl auth_use_nsswitch(smoltclient_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.fc serefpolicy-3.7.19/policy/modules/admin/sudo.fc ---- nsaserefpolicy/policy/modules/admin/sudo.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/sudo.fc 2010-09-13 15:54:07.362085420 +0200 +--- nsaserefpolicy/policy/modules/admin/sudo.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/sudo.fc 2010-09-13 13:54:07.000000000 +0000 @@ -1,2 +1,4 @@ /usr/bin/sudo(edit)? -- gen_context(system_u:object_r:sudo_exec_t,s0) + +/var/db/sudo(/.*)? gen_context(system_u:object_r:sudo_db_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.7.19/policy/modules/admin/sudo.if ---- nsaserefpolicy/policy/modules/admin/sudo.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/sudo.if 2010-10-05 16:40:27.236667890 +0200 +--- nsaserefpolicy/policy/modules/admin/sudo.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/sudo.if 2010-10-05 14:40:27.000000000 +0000 @@ -32,6 +32,7 @@ gen_require(` @@ -3084,8 +3084,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if tunable_policy(`use_nfs_home_dirs',` fs_manage_nfs_files($1_sudo_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.te serefpolicy-3.7.19/policy/modules/admin/sudo.te ---- nsaserefpolicy/policy/modules/admin/sudo.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/sudo.te 2010-09-13 15:54:35.371085087 +0200 +--- nsaserefpolicy/policy/modules/admin/sudo.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/sudo.te 2010-09-13 13:54:35.000000000 +0000 @@ -8,3 +8,6 @@ type sudo_exec_t; @@ -3094,8 +3094,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.te +type sudo_db_t; +files_type(sudo_db_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.7.19/policy/modules/admin/su.if ---- nsaserefpolicy/policy/modules/admin/su.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/su.if 2010-05-28 09:41:59.965611225 +0200 +--- nsaserefpolicy/policy/modules/admin/su.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/su.if 2010-05-28 07:41:59.000000000 +0000 @@ -58,6 +58,10 @@ allow $2 $1_su_t:fifo_file rw_file_perms; allow $2 $1_su_t:process sigchld; @@ -3136,8 +3136,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s ifdef(`distro_redhat',` # RHEL5 and possibly newer releases incl. Fedora diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.7.19/policy/modules/admin/tmpreaper.te ---- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/tmpreaper.te 2010-05-28 09:41:59.965611225 +0200 +--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/tmpreaper.te 2010-05-28 07:41:59.000000000 +0000 @@ -26,8 +26,11 @@ files_read_etc_files(tmpreaper_t) files_read_var_lib_files(tmpreaper_t) @@ -3192,8 +3192,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap unconfined_domain(tmpreaper_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.7.19/policy/modules/admin/usermanage.if ---- nsaserefpolicy/policy/modules/admin/usermanage.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/usermanage.if 2010-05-28 09:41:59.966611090 +0200 +--- nsaserefpolicy/policy/modules/admin/usermanage.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/usermanage.if 2010-05-28 07:41:59.000000000 +0000 @@ -18,6 +18,10 @@ files_search_usr($1) corecmd_search_bin($1) @@ -3250,8 +3250,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman nscd_run(useradd_t, $2) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.7.19/policy/modules/admin/usermanage.te ---- nsaserefpolicy/policy/modules/admin/usermanage.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/usermanage.te 2011-01-07 10:29:10.209292372 +0100 +--- nsaserefpolicy/policy/modules/admin/usermanage.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/usermanage.te 2011-01-07 09:29:10.000000000 +0000 @@ -197,8 +197,8 @@ selinux_compute_relabel_context(groupadd_t) selinux_compute_user_contexts(groupadd_t) @@ -3377,8 +3377,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.7.19/policy/modules/admin/vbetool.te ---- nsaserefpolicy/policy/modules/admin/vbetool.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/vbetool.te 2010-09-24 15:13:09.516386658 +0200 +--- nsaserefpolicy/policy/modules/admin/vbetool.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/vbetool.te 2010-09-24 13:13:09.000000000 +0000 @@ -6,6 +6,13 @@ # Declarations # @@ -3417,8 +3417,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool hal_rw_pid_files(vbetool_t) hal_write_log(vbetool_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.7.19/policy/modules/admin/vpn.if ---- nsaserefpolicy/policy/modules/admin/vpn.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/vpn.if 2010-05-28 09:41:59.968610889 +0200 +--- nsaserefpolicy/policy/modules/admin/vpn.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/vpn.if 2010-05-28 07:41:59.000000000 +0000 @@ -110,7 +110,7 @@ ## ## @@ -3451,8 +3451,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if + allow $1 vpnc_t:tun_socket relabelfrom; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.7.19/policy/modules/admin/vpn.te ---- nsaserefpolicy/policy/modules/admin/vpn.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/admin/vpn.te 2010-10-08 10:44:30.399901187 +0200 +--- nsaserefpolicy/policy/modules/admin/vpn.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/admin/vpn.te 2010-10-08 08:44:30.000000000 +0000 @@ -31,7 +31,7 @@ allow vpnc_t self:rawip_socket create_socket_perms; allow vpnc_t self:unix_dgram_socket create_socket_perms; @@ -3488,8 +3488,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te + networkmanager_attach_tun_iface(vpnc_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats.te serefpolicy-3.7.19/policy/modules/apps/awstats.te ---- nsaserefpolicy/policy/modules/apps/awstats.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/awstats.te 2010-07-13 09:35:08.639752643 +0200 +--- nsaserefpolicy/policy/modules/apps/awstats.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/awstats.te 2010-07-13 07:35:08.000000000 +0000 @@ -45,6 +45,7 @@ dev_read_urand(awstats_t) @@ -3499,8 +3499,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats. # e.g. /usr/share/awstats/lang/awstats-en.txt files_read_usr_files(awstats_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cdrecord.te serefpolicy-3.7.19/policy/modules/apps/cdrecord.te ---- nsaserefpolicy/policy/modules/apps/cdrecord.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/cdrecord.te 2010-11-23 10:23:24.860149261 +0100 +--- nsaserefpolicy/policy/modules/apps/cdrecord.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/cdrecord.te 2010-11-23 09:23:24.000000000 +0000 @@ -28,7 +28,7 @@ # @@ -3511,15 +3511,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cdrecord allow cdrecord_t self:unix_stream_socket create_stream_socket_perms; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.fc serefpolicy-3.7.19/policy/modules/apps/chrome.fc ---- nsaserefpolicy/policy/modules/apps/chrome.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/chrome.fc 2010-05-28 09:41:59.969610893 +0200 +--- nsaserefpolicy/policy/modules/apps/chrome.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/chrome.fc 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,3 @@ + /opt/google/chrome/chrome-sandbox -- gen_context(system_u:object_r:chrome_sandbox_exec_t,s0) + +/usr/lib(64)?/chromium-browser/chrome-sandbox -- gen_context(system_u:object_r:chrome_sandbox_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.if serefpolicy-3.7.19/policy/modules/apps/chrome.if ---- nsaserefpolicy/policy/modules/apps/chrome.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/chrome.if 2010-12-01 11:41:01.779291928 +0100 +--- nsaserefpolicy/policy/modules/apps/chrome.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/chrome.if 2010-12-01 10:41:01.000000000 +0000 @@ -0,0 +1,91 @@ + +## policy for chrome @@ -3613,8 +3613,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.i +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.te serefpolicy-3.7.19/policy/modules/apps/chrome.te ---- nsaserefpolicy/policy/modules/apps/chrome.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/chrome.te 2010-12-06 17:06:13.870042468 +0100 +--- nsaserefpolicy/policy/modules/apps/chrome.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/chrome.te 2010-12-06 16:06:13.000000000 +0000 @@ -0,0 +1,91 @@ +policy_module(chrome,1.0.0) + @@ -3708,8 +3708,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.t + fs_dontaudit_append_cifs_files(chrome_sandbox_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqselector.te serefpolicy-3.7.19/policy/modules/apps/cpufreqselector.te ---- nsaserefpolicy/policy/modules/apps/cpufreqselector.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/cpufreqselector.te 2010-05-28 09:41:59.971610832 +0200 +--- nsaserefpolicy/policy/modules/apps/cpufreqselector.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/cpufreqselector.te 2010-05-28 07:41:59.000000000 +0000 @@ -25,8 +25,10 @@ dev_rw_sysfs(cpufreqselector_t) @@ -3723,8 +3723,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/cpufreqs optional_policy(` dbus_system_domain(cpufreqselector_t, cpufreqselector_exec_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.fc serefpolicy-3.7.19/policy/modules/apps/execmem.fc ---- nsaserefpolicy/policy/modules/apps/execmem.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/execmem.fc 2010-08-17 15:04:07.036334389 +0200 +--- nsaserefpolicy/policy/modules/apps/execmem.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/execmem.fc 2010-08-17 13:04:07.000000000 +0000 @@ -0,0 +1,47 @@ + +/usr/bin/aticonfig -- gen_context(system_u:object_r:execmem_exec_t,s0) @@ -3774,8 +3774,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem. +/opt/google/chrome/google-chrome -- gen_context(system_u:object_r:execmem_exec_t,s0) +/opt/Komodo-Edit-5/lib/mozilla/komodo-bin -- gen_context(system_u:object_r:execmem_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.if serefpolicy-3.7.19/policy/modules/apps/execmem.if ---- nsaserefpolicy/policy/modules/apps/execmem.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/execmem.if 2010-05-28 09:41:59.972612093 +0200 +--- nsaserefpolicy/policy/modules/apps/execmem.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/execmem.if 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,110 @@ +## execmem domain + @@ -3888,8 +3888,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem. + domtrans_pattern($1, execmem_exec_t, $2) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem.te serefpolicy-3.7.19/policy/modules/apps/execmem.te ---- nsaserefpolicy/policy/modules/apps/execmem.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/execmem.te 2010-05-28 09:41:59.973610840 +0200 +--- nsaserefpolicy/policy/modules/apps/execmem.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/execmem.te 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,11 @@ + +policy_module(execmem, 1.0.0) @@ -3903,15 +3903,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/execmem. +application_executable_file(execmem_exec_t) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.fc serefpolicy-3.7.19/policy/modules/apps/firewallgui.fc ---- nsaserefpolicy/policy/modules/apps/firewallgui.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/firewallgui.fc 2010-05-28 09:41:59.974610705 +0200 +--- nsaserefpolicy/policy/modules/apps/firewallgui.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/firewallgui.fc 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,3 @@ + +/usr/share/system-config-firewall/system-config-firewall-mechanism.py -- gen_context(system_u:object_r:firewallgui_exec_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.if serefpolicy-3.7.19/policy/modules/apps/firewallgui.if ---- nsaserefpolicy/policy/modules/apps/firewallgui.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/firewallgui.if 2010-05-28 09:41:59.974610705 +0200 +--- nsaserefpolicy/policy/modules/apps/firewallgui.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/firewallgui.if 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,23 @@ + +## policy for firewallgui @@ -3937,8 +3937,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewall + allow firewallgui_t $1:dbus send_msg; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewallgui.te serefpolicy-3.7.19/policy/modules/apps/firewallgui.te ---- nsaserefpolicy/policy/modules/apps/firewallgui.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/firewallgui.te 2010-11-11 15:54:48.726147945 +0100 +--- nsaserefpolicy/policy/modules/apps/firewallgui.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/firewallgui.te 2010-11-11 14:54:48.000000000 +0000 @@ -0,0 +1,70 @@ + +policy_module(firewallgui,1.0.0) @@ -4011,8 +4011,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/firewall + rpm_dontaudit_search_db(firewallgui_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.fc serefpolicy-3.7.19/policy/modules/apps/gitosis.fc ---- nsaserefpolicy/policy/modules/apps/gitosis.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/gitosis.fc 2010-06-08 14:54:39.156860589 +0200 +--- nsaserefpolicy/policy/modules/apps/gitosis.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/gitosis.fc 2010-06-08 12:54:39.000000000 +0000 @@ -1,3 +1,5 @@ /usr/bin/gitosis-serve -- gen_context(system_u:object_r:gitosis_exec_t,s0) +/usr/bin/gl-auth-command -- gen_context(system_u:object_r:gitosis_exec_t,s0) @@ -4020,8 +4020,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis. /var/lib/gitosis(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0) +/var/lib/gitolite(/.*)? gen_context(system_u:object_r:gitosis_var_lib_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.if serefpolicy-3.7.19/policy/modules/apps/gitosis.if ---- nsaserefpolicy/policy/modules/apps/gitosis.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/gitosis.if 2010-05-28 09:41:59.975610499 +0200 +--- nsaserefpolicy/policy/modules/apps/gitosis.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/gitosis.if 2010-05-28 07:41:59.000000000 +0000 @@ -62,7 +62,7 @@ files_search_var_lib($1) read_files_pattern($1, gitosis_var_lib_t, gitosis_var_lib_t) @@ -4032,8 +4032,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis. ###################################### diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis.te serefpolicy-3.7.19/policy/modules/apps/gitosis.te ---- nsaserefpolicy/policy/modules/apps/gitosis.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/gitosis.te 2010-06-08 14:54:39.156860589 +0200 +--- nsaserefpolicy/policy/modules/apps/gitosis.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/gitosis.te 2010-06-08 12:54:39.000000000 +0000 @@ -26,12 +26,17 @@ manage_lnk_files_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t) manage_dirs_pattern(gitosis_t, gitosis_var_lib_t, gitosis_var_lib_t) @@ -4054,8 +4054,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gitosis. + +sysnet_read_config(gitosis_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.7.19/policy/modules/apps/gnome.fc ---- nsaserefpolicy/policy/modules/apps/gnome.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/gnome.fc 2010-09-09 13:47:27.008335639 +0200 +--- nsaserefpolicy/policy/modules/apps/gnome.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/gnome.fc 2010-09-09 11:47:27.000000000 +0000 @@ -1,8 +1,31 @@ -HOME_DIR/\.config/gtk-.* gen_context(system_u:object_r:gnome_home_t,s0) +HOME_DIR/\.cache(/.*)? gen_context(system_u:object_r:cache_home_t,s0) @@ -4091,8 +4091,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc +/usr/libexec/gnome-system-monitor-mechanism -- gen_context(system_u:object_r:gnomesystemmm_exec_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.7.19/policy/modules/apps/gnome.if ---- nsaserefpolicy/policy/modules/apps/gnome.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/gnome.if 2010-10-18 14:45:15.884901735 +0200 +--- nsaserefpolicy/policy/modules/apps/gnome.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/gnome.if 2010-10-18 12:45:15.000000000 +0000 @@ -74,6 +74,24 @@ ######################################## @@ -4567,8 +4567,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if + allow gconfdefaultsm_t $1:dbus send_msg; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.7.19/policy/modules/apps/gnome.te ---- nsaserefpolicy/policy/modules/apps/gnome.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/gnome.te 2010-06-01 13:55:21.432171932 +0200 +--- nsaserefpolicy/policy/modules/apps/gnome.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/gnome.te 2010-06-01 11:55:21.000000000 +0000 @@ -7,18 +7,33 @@ # @@ -4720,8 +4720,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te + policykit_read_reload(gnomesystemmm_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.7.19/policy/modules/apps/gpg.fc ---- nsaserefpolicy/policy/modules/apps/gpg.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/gpg.fc 2010-05-28 09:41:59.978610931 +0200 +--- nsaserefpolicy/policy/modules/apps/gpg.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/gpg.fc 2010-05-28 07:41:59.000000000 +0000 @@ -1,4 +1,5 @@ HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:gpg_secret_t,s0) +/root/\.gnupg(/.+)? gen_context(system_u:object_r:gpg_secret_t,s0) @@ -4729,8 +4729,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s /usr/bin/gpg(2)? -- gen_context(system_u:object_r:gpg_exec_t,s0) /usr/bin/gpg-agent -- gen_context(system_u:object_r:gpg_agent_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.7.19/policy/modules/apps/gpg.if ---- nsaserefpolicy/policy/modules/apps/gpg.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/gpg.if 2011-01-04 15:08:31.384041746 +0100 +--- nsaserefpolicy/policy/modules/apps/gpg.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/gpg.if 2011-01-04 14:08:31.000000000 +0000 @@ -21,6 +21,7 @@ type gpg_agent_t, gpg_agent_exec_t; type gpg_agent_tmp_t; @@ -4883,8 +4883,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.7.19/policy/modules/apps/gpg.te ---- nsaserefpolicy/policy/modules/apps/gpg.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/gpg.te 2010-08-24 14:03:22.764083542 +0200 +--- nsaserefpolicy/policy/modules/apps/gpg.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/gpg.te 2010-08-24 12:03:22.000000000 +0000 @@ -5,6 +5,7 @@ # # Declarations @@ -5184,8 +5184,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.fc serefpolicy-3.7.19/policy/modules/apps/irc.fc ---- nsaserefpolicy/policy/modules/apps/irc.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/irc.fc 2010-05-28 09:41:59.980610940 +0200 +--- nsaserefpolicy/policy/modules/apps/irc.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/irc.fc 2010-05-28 07:41:59.000000000 +0000 @@ -2,10 +2,17 @@ # /home # @@ -5205,8 +5205,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.fc s +/usr/bin/irssi -- gen_context(system_u:object_r:irssi_exec_t,s0) /usr/bin/tinyirc -- gen_context(system_u:object_r:irc_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.if serefpolicy-3.7.19/policy/modules/apps/irc.if ---- nsaserefpolicy/policy/modules/apps/irc.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/irc.if 2010-05-28 09:41:59.981611014 +0200 +--- nsaserefpolicy/policy/modules/apps/irc.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/irc.if 2010-05-28 07:41:59.000000000 +0000 @@ -18,14 +18,51 @@ interface(`irc_role',` gen_require(` @@ -5260,8 +5260,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.if s ') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te serefpolicy-3.7.19/policy/modules/apps/irc.te ---- nsaserefpolicy/policy/modules/apps/irc.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/irc.te 2010-05-28 09:41:59.981611014 +0200 +--- nsaserefpolicy/policy/modules/apps/irc.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/irc.te 2010-05-28 07:41:59.000000000 +0000 @@ -25,6 +25,30 @@ ######################################## @@ -5378,8 +5378,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te s +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.7.19/policy/modules/apps/java.fc ---- nsaserefpolicy/policy/modules/apps/java.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/java.fc 2010-05-28 09:41:59.982610809 +0200 +--- nsaserefpolicy/policy/modules/apps/java.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/java.fc 2010-05-28 07:41:59.000000000 +0000 @@ -9,6 +9,7 @@ # # /usr @@ -5400,8 +5400,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc +/usr/java/eclipse[^/]*/eclipse -- gen_context(system_u:object_r:java_exec_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.7.19/policy/modules/apps/java.if ---- nsaserefpolicy/policy/modules/apps/java.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/java.if 2010-05-28 09:41:59.982610809 +0200 +--- nsaserefpolicy/policy/modules/apps/java.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/java.if 2010-05-28 07:41:59.000000000 +0000 @@ -72,6 +72,7 @@ domain_interactive_fd($1_java_t) @@ -5428,8 +5428,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.7.19/policy/modules/apps/java.te ---- nsaserefpolicy/policy/modules/apps/java.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/java.te 2010-09-09 12:48:28.290335334 +0200 +--- nsaserefpolicy/policy/modules/apps/java.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/java.te 2010-09-09 10:48:28.000000000 +0000 @@ -147,6 +147,15 @@ init_dbus_chat_script(unconfined_java_t) @@ -5447,20 +5447,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te + ') ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.fc serefpolicy-3.7.19/policy/modules/apps/kdumpgui.fc ---- nsaserefpolicy/policy/modules/apps/kdumpgui.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/kdumpgui.fc 2010-05-28 09:41:59.984611027 +0200 +--- nsaserefpolicy/policy/modules/apps/kdumpgui.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/kdumpgui.fc 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,2 @@ + +/usr/share/system-config-kdump/system-config-kdump-backend.py -- gen_context(system_u:object_r:kdumpgui_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.if serefpolicy-3.7.19/policy/modules/apps/kdumpgui.if ---- nsaserefpolicy/policy/modules/apps/kdumpgui.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/kdumpgui.if 2010-05-28 09:41:59.984611027 +0200 +--- nsaserefpolicy/policy/modules/apps/kdumpgui.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/kdumpgui.if 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,2 @@ +## system-config-kdump policy + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui.te serefpolicy-3.7.19/policy/modules/apps/kdumpgui.te ---- nsaserefpolicy/policy/modules/apps/kdumpgui.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/kdumpgui.te 2010-07-28 15:15:45.207071864 +0200 +--- nsaserefpolicy/policy/modules/apps/kdumpgui.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/kdumpgui.te 2010-07-28 13:15:45.000000000 +0000 @@ -0,0 +1,69 @@ +policy_module(kdumpgui,1.0.0) + @@ -5532,14 +5532,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/kdumpgui + policykit_dbus_chat(kdumpgui_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.7.19/policy/modules/apps/livecd.fc ---- nsaserefpolicy/policy/modules/apps/livecd.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/livecd.fc 2010-05-28 09:41:59.986610896 +0200 +--- nsaserefpolicy/policy/modules/apps/livecd.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/livecd.fc 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,2 @@ + +/usr/bin/livecd-creator -- gen_context(system_u:object_r:livecd_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.7.19/policy/modules/apps/livecd.if ---- nsaserefpolicy/policy/modules/apps/livecd.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/livecd.if 2010-05-28 09:41:59.986610896 +0200 +--- nsaserefpolicy/policy/modules/apps/livecd.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/livecd.if 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,127 @@ + +## policy for livecd @@ -5669,8 +5669,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.i +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.7.19/policy/modules/apps/livecd.te ---- nsaserefpolicy/policy/modules/apps/livecd.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/livecd.te 2010-05-28 09:41:59.987610690 +0200 +--- nsaserefpolicy/policy/modules/apps/livecd.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/livecd.te 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,34 @@ +policy_module(livecd, 1.0.0) + @@ -5707,8 +5707,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.t +seutil_domtrans_setfiles_mac(livecd_t) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.if serefpolicy-3.7.19/policy/modules/apps/loadkeys.if ---- nsaserefpolicy/policy/modules/apps/loadkeys.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/loadkeys.if 2010-05-28 09:41:59.987610690 +0200 +--- nsaserefpolicy/policy/modules/apps/loadkeys.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/loadkeys.if 2010-05-28 07:41:59.000000000 +0000 @@ -17,6 +17,9 @@ corecmd_search_bin($1) @@ -5720,8 +5720,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.7.19/policy/modules/apps/loadkeys.te ---- nsaserefpolicy/policy/modules/apps/loadkeys.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/loadkeys.te 2010-05-28 09:41:59.988610625 +0200 +--- nsaserefpolicy/policy/modules/apps/loadkeys.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/loadkeys.te 2010-05-28 07:41:59.000000000 +0000 @@ -40,8 +40,12 @@ miscfiles_read_localization(loadkeys_t) @@ -5737,8 +5737,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys + dev_dontaudit_rw_lvm_control(loadkeys_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawiki.fc serefpolicy-3.7.19/policy/modules/apps/mediawiki.fc ---- nsaserefpolicy/policy/modules/apps/mediawiki.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/mediawiki.fc 2010-10-08 10:46:51.423650902 +0200 +--- nsaserefpolicy/policy/modules/apps/mediawiki.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/mediawiki.fc 2010-10-08 08:46:51.000000000 +0000 @@ -0,0 +1,10 @@ + +/usr/lib(64)?/mediawiki/math/texvc -- gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0) @@ -5751,8 +5751,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawik + +/usr/share/mediawiki(/.*)? gen_context(system_u:object_r:httpd_mediawiki_content_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawiki.if serefpolicy-3.7.19/policy/modules/apps/mediawiki.if ---- nsaserefpolicy/policy/modules/apps/mediawiki.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/mediawiki.if 2010-10-08 10:48:32.947650792 +0200 +--- nsaserefpolicy/policy/modules/apps/mediawiki.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/mediawiki.if 2010-10-08 08:48:32.000000000 +0000 @@ -0,0 +1,40 @@ +## Mediawiki policy + @@ -5795,8 +5795,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawik + delete_files_pattern($1, httpd_mediawiki_tmp_t, httpd_mediawiki_tmp_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawiki.te serefpolicy-3.7.19/policy/modules/apps/mediawiki.te ---- nsaserefpolicy/policy/modules/apps/mediawiki.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/mediawiki.te 2010-10-08 10:46:51.423650902 +0200 +--- nsaserefpolicy/policy/modules/apps/mediawiki.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/mediawiki.te 2010-10-08 08:46:51.000000000 +0000 @@ -0,0 +1,35 @@ + +policy_module(mediawiki, 1.0.0) @@ -5834,8 +5834,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mediawik +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.7.19/policy/modules/apps/mono.if ---- nsaserefpolicy/policy/modules/apps/mono.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/mono.if 2010-05-28 09:41:59.988610625 +0200 +--- nsaserefpolicy/policy/modules/apps/mono.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/mono.if 2010-05-28 07:41:59.000000000 +0000 @@ -40,16 +40,19 @@ domain_interactive_fd($1_mono_t) application_type($1_mono_t) @@ -5858,8 +5858,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if optional_policy(` xserver_role($1_r, $1_mono_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.7.19/policy/modules/apps/mozilla.fc ---- nsaserefpolicy/policy/modules/apps/mozilla.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/mozilla.fc 2010-05-28 09:41:59.989610908 +0200 +--- nsaserefpolicy/policy/modules/apps/mozilla.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/mozilla.fc 2010-05-28 07:41:59.000000000 +0000 @@ -1,6 +1,7 @@ HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) HOME_DIR/\.java(/.*)? gen_context(system_u:object_r:mozilla_home_t,s0) @@ -5877,8 +5877,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla. /usr/bin/mozilla-bin-[0-9].* -- gen_context(system_u:object_r:mozilla_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.7.19/policy/modules/apps/mozilla.if ---- nsaserefpolicy/policy/modules/apps/mozilla.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/mozilla.if 2010-05-28 09:41:59.989610908 +0200 +--- nsaserefpolicy/policy/modules/apps/mozilla.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/mozilla.if 2010-05-28 07:41:59.000000000 +0000 @@ -48,6 +48,12 @@ mozilla_dbus_chat($2) @@ -5960,8 +5960,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla. + domtrans_pattern($1, mozilla_exec_t, $2) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.7.19/policy/modules/apps/mozilla.te ---- nsaserefpolicy/policy/modules/apps/mozilla.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/mozilla.te 2010-05-28 09:41:59.990610633 +0200 +--- nsaserefpolicy/policy/modules/apps/mozilla.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/mozilla.te 2010-05-28 07:41:59.000000000 +0000 @@ -91,6 +91,7 @@ corenet_raw_sendrecv_generic_node(mozilla_t) corenet_tcp_sendrecv_http_port(mozilla_t) @@ -6021,8 +6021,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla. thunderbird_domtrans(mozilla_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.7.19/policy/modules/apps/mplayer.if ---- nsaserefpolicy/policy/modules/apps/mplayer.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/mplayer.if 2010-05-28 09:41:59.991610847 +0200 +--- nsaserefpolicy/policy/modules/apps/mplayer.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/mplayer.if 2010-05-28 07:41:59.000000000 +0000 @@ -102,3 +102,39 @@ read_files_pattern($1, mplayer_home_t, mplayer_home_t) userdom_search_user_home_dirs($1) @@ -6064,8 +6064,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer. + domtrans_pattern($1, mplayer_exec_t, $2) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.te serefpolicy-3.7.19/policy/modules/apps/mplayer.te ---- nsaserefpolicy/policy/modules/apps/mplayer.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/mplayer.te 2010-05-28 09:41:59.992610642 +0200 +--- nsaserefpolicy/policy/modules/apps/mplayer.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/mplayer.te 2010-05-28 07:41:59.000000000 +0000 @@ -152,11 +152,15 @@ allow mplayer_t self:process { signal_perms getsched }; @@ -6142,16 +6142,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer. +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/namespace.fc serefpolicy-3.7.19/policy/modules/apps/namespace.fc ---- nsaserefpolicy/policy/modules/apps/namespace.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/namespace.fc 2011-01-14 14:26:59.318042402 +0100 +--- nsaserefpolicy/policy/modules/apps/namespace.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/namespace.fc 2011-01-14 13:26:59.000000000 +0000 @@ -0,0 +1,3 @@ + +/etc/security/namespace.init -- gen_context(system_u:object_r:namespace_init_exec_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/namespace.if serefpolicy-3.7.19/policy/modules/apps/namespace.if ---- nsaserefpolicy/policy/modules/apps/namespace.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/namespace.if 2011-01-14 14:26:59.318042402 +0100 -@@ -0,0 +1,46 @@ +--- nsaserefpolicy/policy/modules/apps/namespace.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/namespace.if 2011-01-24 18:13:36.414455001 +0000 +@@ -0,0 +1,47 @@ + +## policy for namespace + @@ -6197,10 +6197,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/namespac + + namespace_init_domtrans($1) + role $2 types namespace_init_t; ++ +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/namespace.te serefpolicy-3.7.19/policy/modules/apps/namespace.te ---- nsaserefpolicy/policy/modules/apps/namespace.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/namespace.te 2011-01-14 14:26:59.318042402 +0100 +--- nsaserefpolicy/policy/modules/apps/namespace.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/namespace.te 2011-01-14 13:26:59.000000000 +0000 @@ -0,0 +1,38 @@ +policy_module(namespace,1.0.0) + @@ -6241,8 +6242,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/namespac +userdom_relabelto_user_home_files(namespace_init_t) +userdom_user_home_dir_filetrans_user_home_content(namespace_init_t, { dir file lnk_file fifo_file sock_file }) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.7.19/policy/modules/apps/nsplugin.fc ---- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/nsplugin.fc 2010-05-28 09:41:59.992610642 +0200 +--- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/nsplugin.fc 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,10 @@ +HOME_DIR/\.adobe(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0) +HOME_DIR/\.macromedia(/.*)? gen_context(system_u:object_r:nsplugin_home_t,s0) @@ -6255,8 +6256,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin +/usr/lib(64)?/nspluginwrapper/plugin-config -- gen_context(system_u:object_r:nsplugin_config_exec_t,s0) +/usr/lib(64)?/mozilla/plugins-wrapped(/.*)? gen_context(system_u:object_r:nsplugin_rw_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.7.19/policy/modules/apps/nsplugin.if ---- nsaserefpolicy/policy/modules/apps/nsplugin.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/nsplugin.if 2010-07-09 08:54:14.254135234 +0200 +--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/nsplugin.if 2010-07-09 06:54:14.000000000 +0000 @@ -0,0 +1,393 @@ + +## policy for nsplugin @@ -6652,8 +6653,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin + domtrans_pattern($1, nsplugin_exec_t, $2) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.7.19/policy/modules/apps/nsplugin.te ---- nsaserefpolicy/policy/modules/apps/nsplugin.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/nsplugin.te 2010-08-05 10:55:36.778085667 +0200 +--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/nsplugin.te 2010-08-05 08:55:36.000000000 +0000 @@ -0,0 +1,299 @@ + +policy_module(nsplugin, 1.0.0) @@ -6955,16 +6956,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.7.19/policy/modules/apps/openoffice.fc ---- nsaserefpolicy/policy/modules/apps/openoffice.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/openoffice.fc 2010-05-28 09:41:59.995610655 +0200 +--- nsaserefpolicy/policy/modules/apps/openoffice.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/openoffice.fc 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,4 @@ +/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0) +/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0) +/opt/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.7.19/policy/modules/apps/openoffice.if ---- nsaserefpolicy/policy/modules/apps/openoffice.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/openoffice.if 2010-05-28 09:41:59.995610655 +0200 +--- nsaserefpolicy/policy/modules/apps/openoffice.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/openoffice.if 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,129 @@ +## Openoffice + @@ -7096,8 +7097,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi + domtrans_pattern($1, openoffice_exec_t, $2) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.7.19/policy/modules/apps/openoffice.te ---- nsaserefpolicy/policy/modules/apps/openoffice.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/openoffice.te 2010-05-28 09:41:59.996611008 +0200 +--- nsaserefpolicy/policy/modules/apps/openoffice.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/openoffice.te 2010-05-28 07:41:59.000000000 +0000 @@ -0,0 +1,17 @@ + +policy_module(openoffice, 1.0.0) @@ -7117,8 +7118,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi +# + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleuth.te serefpolicy-3.7.19/policy/modules/apps/podsleuth.te ---- nsaserefpolicy/policy/modules/apps/podsleuth.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/podsleuth.te 2010-08-09 15:09:14.103084679 +0200 +--- nsaserefpolicy/policy/modules/apps/podsleuth.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/podsleuth.te 2010-08-09 13:09:14.000000000 +0000 @@ -28,7 +28,7 @@ # podsleuth local policy # @@ -7153,8 +7154,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/podsleut optional_policy(` dbus_system_bus_client(podsleuth_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.if serefpolicy-3.7.19/policy/modules/apps/pulseaudio.if ---- nsaserefpolicy/policy/modules/apps/pulseaudio.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/pulseaudio.if 2010-09-16 14:32:51.711386965 +0200 +--- nsaserefpolicy/policy/modules/apps/pulseaudio.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/pulseaudio.if 2010-09-16 12:32:51.000000000 +0000 @@ -17,7 +17,7 @@ # interface(`pulseaudio_role',` @@ -7241,8 +7242,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud + allow $1 pulseaudio_t:process signull; ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaudio.te serefpolicy-3.7.19/policy/modules/apps/pulseaudio.te ---- nsaserefpolicy/policy/modules/apps/pulseaudio.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/pulseaudio.te 2010-06-14 18:32:15.573218388 +0200 +--- nsaserefpolicy/policy/modules/apps/pulseaudio.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/pulseaudio.te 2010-06-14 16:32:15.000000000 +0000 @@ -41,9 +41,11 @@ manage_dirs_pattern(pulseaudio_t, pulseaudio_home_t, pulseaudio_home_t) manage_files_pattern(pulseaudio_t, pulseaudio_home_t, pulseaudio_home_t) @@ -7283,8 +7284,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/pulseaud + sandbox_manage_tmpfs_files(pulseaudio_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc serefpolicy-3.7.19/policy/modules/apps/qemu.fc ---- nsaserefpolicy/policy/modules/apps/qemu.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/qemu.fc 2010-05-28 09:41:59.999610811 +0200 +--- nsaserefpolicy/policy/modules/apps/qemu.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/qemu.fc 2010-05-28 07:41:59.000000000 +0000 @@ -1,2 +1,4 @@ -/usr/bin/qemu.* -- gen_context(system_u:object_r:qemu_exec_t,s0) +/usr/bin/qemu -- gen_context(system_u:object_r:qemu_exec_t,s0) @@ -7292,8 +7293,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.fc +/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0) /usr/libexec/qemu.* -- gen_context(system_u:object_r:qemu_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if serefpolicy-3.7.19/policy/modules/apps/qemu.if ---- nsaserefpolicy/policy/modules/apps/qemu.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/qemu.if 2010-10-13 09:36:16.697649887 +0200 +--- nsaserefpolicy/policy/modules/apps/qemu.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/qemu.if 2010-10-13 07:36:16.000000000 +0000 @@ -127,12 +127,14 @@ template(`qemu_role',` gen_require(` @@ -7455,8 +7456,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.if + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.7.19/policy/modules/apps/qemu.te ---- nsaserefpolicy/policy/modules/apps/qemu.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/qemu.te 2010-12-20 15:25:40.428041440 +0100 +--- nsaserefpolicy/policy/modules/apps/qemu.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/qemu.te 2010-12-20 14:25:40.000000000 +0000 @@ -50,9 +50,12 @@ # # qemu local policy @@ -7494,19 +7495,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te + allow unconfined_qemu_t qemu_exec_t:file execmod; ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.fc serefpolicy-3.7.19/policy/modules/apps/sambagui.fc ---- nsaserefpolicy/policy/modules/apps/sambagui.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/sambagui.fc 2010-05-28 09:42:00.002611802 +0200 +--- nsaserefpolicy/policy/modules/apps/sambagui.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/sambagui.fc 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1 @@ +/usr/share/system-config-samba/system-config-samba-mechanism.py -- gen_context(system_u:object_r:sambagui_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.if serefpolicy-3.7.19/policy/modules/apps/sambagui.if ---- nsaserefpolicy/policy/modules/apps/sambagui.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/sambagui.if 2010-05-28 09:42:00.002611802 +0200 +--- nsaserefpolicy/policy/modules/apps/sambagui.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/sambagui.if 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,2 @@ +## system-config-samba policy + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui.te serefpolicy-3.7.19/policy/modules/apps/sambagui.te ---- nsaserefpolicy/policy/modules/apps/sambagui.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/sambagui.te 2011-01-04 14:04:57.892041466 +0100 +--- nsaserefpolicy/policy/modules/apps/sambagui.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/sambagui.te 2011-01-04 13:04:57.000000000 +0000 @@ -0,0 +1,63 @@ +policy_module(sambagui,1.0.0) + @@ -7572,13 +7573,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sambagui + policykit_dbus_chat(sambagui_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.fc serefpolicy-3.7.19/policy/modules/apps/sandbox.fc ---- nsaserefpolicy/policy/modules/apps/sandbox.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/sandbox.fc 2011-01-18 16:44:18.484041288 +0100 +--- nsaserefpolicy/policy/modules/apps/sandbox.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/sandbox.fc 2011-01-18 15:44:18.000000000 +0000 @@ -0,0 +1 @@ +/usr/share/sandbox/start -- gen_context(system_u:object_r:sandbox_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.if serefpolicy-3.7.19/policy/modules/apps/sandbox.if ---- nsaserefpolicy/policy/modules/apps/sandbox.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/sandbox.if 2011-01-18 17:53:26.407042087 +0100 +--- nsaserefpolicy/policy/modules/apps/sandbox.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/sandbox.if 2011-01-18 16:53:26.000000000 +0000 @@ -0,0 +1,332 @@ + +## policy for sandbox @@ -7913,8 +7914,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox. + allow $1 sandbox_file_type:dir list_dir_perms; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox.te serefpolicy-3.7.19/policy/modules/apps/sandbox.te ---- nsaserefpolicy/policy/modules/apps/sandbox.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/sandbox.te 2011-01-18 16:43:18.742041999 +0100 +--- nsaserefpolicy/policy/modules/apps/sandbox.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/sandbox.te 2011-01-18 15:43:18.000000000 +0000 @@ -0,0 +1,450 @@ +policy_module(sandbox,1.0.0) + @@ -8367,30 +8368,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/sandbox. +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.fc serefpolicy-3.7.19/policy/modules/apps/screen.fc ---- nsaserefpolicy/policy/modules/apps/screen.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/screen.fc 2011-01-14 14:38:24.501042642 +0100 -@@ -2,6 +2,7 @@ +--- nsaserefpolicy/policy/modules/apps/screen.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/screen.fc 2011-01-24 17:04:52.066455001 +0000 +@@ -2,6 +2,9 @@ # /home # HOME_DIR/\.screenrc -- gen_context(system_u:object_r:screen_home_t,s0) +HOME_DIR/\.screen(/.*)? gen_context(system_u:object_r:screen_home_t,s0) ++ ++/root/\.screen(/.*)? gen_context(system_u:object_r:screen_home_t,s0) # # /usr diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.7.19/policy/modules/apps/screen.if ---- nsaserefpolicy/policy/modules/apps/screen.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/screen.if 2011-01-18 16:05:04.096041318 +0100 -@@ -64,6 +64,9 @@ +--- nsaserefpolicy/policy/modules/apps/screen.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/screen.if 2011-01-24 17:07:42.523455001 +0000 +@@ -64,6 +64,10 @@ files_pid_filetrans($1_screen_t, screen_var_run_t, dir) allow $1_screen_t screen_home_t:dir list_dir_perms; + manage_dirs_pattern($1_screen_t, screen_home_t, screen_home_t) + manage_fifo_files_pattern($1_screen_t, screen_home_t, screen_home_t) + userdom_user_home_dir_filetrans($1_screen_t, screen_home_t, dir) ++ userdom_admin_home_dir_filetrans($1_screen_t, screen_home_t, dir) read_files_pattern($1_screen_t, screen_home_t, screen_home_t) read_lnk_files_pattern($1_screen_t, screen_home_t, screen_home_t) -@@ -113,6 +116,7 @@ +@@ -113,6 +117,7 @@ dev_read_urand($1_screen_t) domain_use_interactive_fds($1_screen_t) @@ -8399,8 +8403,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.i files_search_tmp($1_screen_t) files_search_home($1_screen_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.if serefpolicy-3.7.19/policy/modules/apps/seunshare.if ---- nsaserefpolicy/policy/modules/apps/seunshare.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/seunshare.if 2010-05-28 09:42:00.006611051 +0200 +--- nsaserefpolicy/policy/modules/apps/seunshare.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/seunshare.if 2010-05-28 07:42:00.000000000 +0000 @@ -2,30 +2,12 @@ ######################################## @@ -8505,8 +8509,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar + ') ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshare.te serefpolicy-3.7.19/policy/modules/apps/seunshare.te ---- nsaserefpolicy/policy/modules/apps/seunshare.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/seunshare.te 2010-08-25 16:06:59.968119755 +0200 +--- nsaserefpolicy/policy/modules/apps/seunshare.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/seunshare.te 2010-08-25 14:06:59.000000000 +0000 @@ -6,40 +6,45 @@ # Declarations # @@ -8571,8 +8575,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/seunshar ') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-3.7.19/policy/modules/apps/slocate.te ---- nsaserefpolicy/policy/modules/apps/slocate.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/slocate.te 2010-05-28 09:42:00.007614268 +0200 +--- nsaserefpolicy/policy/modules/apps/slocate.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/slocate.te 2010-05-28 07:42:00.000000000 +0000 @@ -30,6 +30,7 @@ manage_files_pattern(locate_t, locate_var_lib_t, locate_var_lib_t) @@ -8594,8 +8598,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate. # getpwnam auth_use_nsswitch(locate_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathy.fc serefpolicy-3.7.19/policy/modules/apps/telepathy.fc ---- nsaserefpolicy/policy/modules/apps/telepathy.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/telepathy.fc 2010-07-21 16:06:37.364385112 +0200 +--- nsaserefpolicy/policy/modules/apps/telepathy.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/telepathy.fc 2010-07-21 14:06:37.000000000 +0000 @@ -0,0 +1,14 @@ +#HOME_DIR/\.mission-control(/.*)? gen_context(system_u:object_r:telepathy_mission_control_home_t, s0) +#HOME_DIR/\.cache/\.mc_connections -- gen_context(system_u:object_r:telepathy_mission_control_cache_home_t, s0) @@ -8612,8 +8616,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepath +#/usr/libexec/telepathy-stream-engine -- gen_context(system_u:object_r:telepathy_stream_engine_exec_t, s0) +#/usr/libexec/telepathy-sunshine -- gen_context(system_u:object_r:telepathy_sunshine_exec_t, s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathy.if serefpolicy-3.7.19/policy/modules/apps/telepathy.if ---- nsaserefpolicy/policy/modules/apps/telepathy.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/telepathy.if 2010-10-18 15:46:49.026650859 +0200 +--- nsaserefpolicy/policy/modules/apps/telepathy.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/telepathy.if 2010-10-18 13:46:49.000000000 +0000 @@ -0,0 +1,184 @@ + +## Telepathy framework. @@ -8800,8 +8804,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepath + files_search_tmp($1) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepathy.te serefpolicy-3.7.19/policy/modules/apps/telepathy.te ---- nsaserefpolicy/policy/modules/apps/telepathy.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/apps/telepathy.te 2010-07-13 15:32:42.439502750 +0200 +--- nsaserefpolicy/policy/modules/apps/telepathy.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/telepathy.te 2010-07-13 13:32:42.000000000 +0000 @@ -0,0 +1,302 @@ + +policy_module(telepathy, 1.0.0) @@ -9106,16 +9110,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/telepath + xserver_rw_xdm_pipes(telepathy_domain) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.fc serefpolicy-3.7.19/policy/modules/apps/userhelper.fc ---- nsaserefpolicy/policy/modules/apps/userhelper.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/userhelper.fc 2010-05-28 09:42:00.011611282 +0200 +--- nsaserefpolicy/policy/modules/apps/userhelper.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/userhelper.fc 2010-05-28 07:42:00.000000000 +0000 @@ -7,3 +7,4 @@ # /usr # /usr/sbin/userhelper -- gen_context(system_u:object_r:userhelper_exec_t,s0) +/usr/bin/consolehelper -- gen_context(system_u:object_r:consolehelper_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.if serefpolicy-3.7.19/policy/modules/apps/userhelper.if ---- nsaserefpolicy/policy/modules/apps/userhelper.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/userhelper.if 2010-05-28 09:42:00.012610867 +0200 +--- nsaserefpolicy/policy/modules/apps/userhelper.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/userhelper.if 2010-05-28 07:42:00.000000000 +0000 @@ -25,6 +25,7 @@ gen_require(` attribute userhelper_type; @@ -9184,8 +9188,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp + ') +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.te serefpolicy-3.7.19/policy/modules/apps/userhelper.te ---- nsaserefpolicy/policy/modules/apps/userhelper.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/userhelper.te 2010-05-28 09:42:00.013611081 +0200 +--- nsaserefpolicy/policy/modules/apps/userhelper.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/userhelper.te 2010-05-28 07:42:00.000000000 +0000 @@ -7,9 +7,51 @@ # @@ -9239,8 +9243,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp + xserver_stream_connect(consolehelper_domain) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.7.19/policy/modules/apps/vmware.fc ---- nsaserefpolicy/policy/modules/apps/vmware.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/vmware.fc 2010-08-18 13:26:32.541085116 +0200 +--- nsaserefpolicy/policy/modules/apps/vmware.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/vmware.fc 2010-08-18 11:26:32.000000000 +0000 @@ -66,5 +66,6 @@ /var/log/vmware.* -- gen_context(system_u:object_r:vmware_log_t,s0) /var/log/vnetlib.* -- gen_context(system_u:object_r:vmware_log_t,s0) @@ -9249,8 +9253,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.f /var/run/vmnat.* -s gen_context(system_u:object_r:vmware_var_run_t,s0) /var/run/vmware.* gen_context(system_u:object_r:vmware_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.if serefpolicy-3.7.19/policy/modules/apps/vmware.if ---- nsaserefpolicy/policy/modules/apps/vmware.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/vmware.if 2010-05-28 09:42:00.013611081 +0200 +--- nsaserefpolicy/policy/modules/apps/vmware.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/vmware.if 2010-05-28 07:42:00.000000000 +0000 @@ -84,3 +84,22 @@ logging_search_logs($1) append_files_pattern($1, vmware_log_t, vmware_log_t) @@ -9275,8 +9279,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.i +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.7.19/policy/modules/apps/vmware.te ---- nsaserefpolicy/policy/modules/apps/vmware.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/vmware.te 2011-01-14 14:42:02.815042356 +0100 +--- nsaserefpolicy/policy/modules/apps/vmware.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/vmware.te 2011-01-14 13:42:02.000000000 +0000 @@ -29,6 +29,10 @@ type vmware_host_exec_t; init_daemon_domain(vmware_host_t, vmware_host_exec_t) @@ -9349,8 +9353,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.t ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalizer.te serefpolicy-3.7.19/policy/modules/apps/webalizer.te ---- nsaserefpolicy/policy/modules/apps/webalizer.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/webalizer.te 2011-01-03 14:33:53.133051854 +0100 +--- nsaserefpolicy/policy/modules/apps/webalizer.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/webalizer.te 2011-01-03 13:33:53.000000000 +0000 @@ -85,6 +85,7 @@ userdom_use_user_terminals(webalizer_t) userdom_use_unpriv_users_fds(webalizer_t) @@ -9369,8 +9373,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/webalize +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.7.19/policy/modules/apps/wine.fc ---- nsaserefpolicy/policy/modules/apps/wine.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/wine.fc 2010-05-28 09:42:00.014611294 +0200 +--- nsaserefpolicy/policy/modules/apps/wine.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/wine.fc 2010-05-28 07:42:00.000000000 +0000 @@ -2,6 +2,7 @@ /opt/cxoffice/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0) @@ -9380,8 +9384,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc /opt/google/picasa(/.*)?/bin/notepad -- gen_context(system_u:object_r:wine_exec_t,s0) /opt/google/picasa(/.*)?/bin/progman -- gen_context(system_u:object_r:wine_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.7.19/policy/modules/apps/wine.if ---- nsaserefpolicy/policy/modules/apps/wine.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/wine.if 2010-05-28 09:42:00.015611019 +0200 +--- nsaserefpolicy/policy/modules/apps/wine.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/wine.if 2010-05-28 07:42:00.000000000 +0000 @@ -35,6 +35,8 @@ role $1 types wine_t; @@ -9408,8 +9412,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if optional_policy(` xserver_role($1_r, $1_wine_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.7.19/policy/modules/apps/wine.te ---- nsaserefpolicy/policy/modules/apps/wine.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/wine.te 2010-09-09 14:18:56.313334508 +0200 +--- nsaserefpolicy/policy/modules/apps/wine.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/wine.te 2010-09-09 12:18:56.000000000 +0000 @@ -1,6 +1,13 @@ policy_module(wine, 1.6.1) @@ -9454,8 +9458,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if serefpolicy-3.7.19/policy/modules/apps/wm.if ---- nsaserefpolicy/policy/modules/apps/wm.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/apps/wm.if 2010-05-28 09:42:00.017610539 +0200 +--- nsaserefpolicy/policy/modules/apps/wm.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/apps/wm.if 2010-05-28 07:42:00.000000000 +0000 @@ -30,6 +30,7 @@ template(`wm_role_template',` gen_require(` @@ -9506,8 +9510,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.if se ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.7.19/policy/modules/kernel/corecommands.fc ---- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/corecommands.fc 2011-01-14 14:27:46.058042202 +0100 +--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/corecommands.fc 2011-01-14 13:27:46.000000000 +0000 @@ -9,8 +9,11 @@ /bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0) /bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0) @@ -9664,8 +9668,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco +/usr/local/Brother/(.*/)?inf/brprintconf.* -- gen_context(system_u:object_r:bin_t,s0) +/usr/local/Brother/(.*/)?inf/setup.* -- gen_context(system_u:object_r:bin_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.7.19/policy/modules/kernel/corecommands.if ---- nsaserefpolicy/policy/modules/kernel/corecommands.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/corecommands.if 2010-10-08 11:10:25.398900803 +0200 +--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/corecommands.if 2010-10-08 09:10:25.000000000 +0000 @@ -179,6 +179,24 @@ dontaudit $1 bin_t:dir write; ') @@ -9708,8 +9712,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco manage_lnk_files_pattern($1, bin_t, bin_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.7.19/policy/modules/kernel/corenetwork.te.in ---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/corenetwork.te.in 2011-01-17 10:37:03.828041865 +0100 +--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/corenetwork.te.in 2011-01-17 09:37:03.000000000 +0000 @@ -25,6 +25,7 @@ # type tun_tap_device_t; @@ -9899,8 +9903,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene +allow corenet_unconfined_type port_type:{ tcp_socket udp_socket rawip_socket } name_bind; allow corenet_unconfined_type node_type:{ tcp_socket udp_socket rawip_socket } node_bind; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.m4 serefpolicy-3.7.19/policy/modules/kernel/corenetwork.te.m4 ---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.m4 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/corenetwork.te.m4 2010-07-14 10:38:30.694409837 +0200 +--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.m4 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/corenetwork.te.m4 2010-07-14 08:38:30.000000000 +0000 @@ -10,7 +10,7 @@ # # return the low port in a range. @@ -9920,8 +9924,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene portcon $2 $3 gen_context(system_u:object_r:$1,$4) ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.7.19/policy/modules/kernel/devices.fc ---- nsaserefpolicy/policy/modules/kernel/devices.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/devices.fc 2010-06-03 09:52:19.227159326 +0200 +--- nsaserefpolicy/policy/modules/kernel/devices.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/devices.fc 2010-06-03 07:52:19.000000000 +0000 @@ -70,6 +70,7 @@ /dev/modem -c gen_context(system_u:object_r:modem_device_t,s0) /dev/mpu401.* -c gen_context(system_u:object_r:sound_device_t,s0) @@ -9961,8 +9965,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device +# +/sys(/.*)? gen_context(system_u:object_r:sysfs_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.7.19/policy/modules/kernel/devices.if ---- nsaserefpolicy/policy/modules/kernel/devices.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/devices.if 2011-01-18 17:18:36.853041461 +0100 +--- nsaserefpolicy/policy/modules/kernel/devices.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/devices.if 2011-01-18 16:18:36.000000000 +0000 @@ -407,7 +407,7 @@ ######################################## @@ -10327,8 +10331,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device ## ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.7.19/policy/modules/kernel/devices.te ---- nsaserefpolicy/policy/modules/kernel/devices.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/devices.te 2010-06-03 09:52:19.246160621 +0200 +--- nsaserefpolicy/policy/modules/kernel/devices.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/devices.te 2010-06-03 07:52:19.000000000 +0000 @@ -1,5 +1,5 @@ -policy_module(devices, 1.9.3) @@ -10372,8 +10376,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device allow devices_unconfined_type mtrr_device_t:file *; + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.7.19/policy/modules/kernel/domain.if ---- nsaserefpolicy/policy/modules/kernel/domain.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/domain.if 2011-01-14 14:56:43.663041883 +0100 +--- nsaserefpolicy/policy/modules/kernel/domain.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/domain.if 2011-01-14 13:56:43.000000000 +0000 @@ -611,7 +611,7 @@ ######################################## @@ -10454,8 +10458,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain + dontaudit $1 domain:socket_class_set { read write }; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.7.19/policy/modules/kernel/domain.te ---- nsaserefpolicy/policy/modules/kernel/domain.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/domain.te 2011-01-14 14:56:31.997041208 +0100 +--- nsaserefpolicy/policy/modules/kernel/domain.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/domain.te 2011-01-14 13:56:31.000000000 +0000 @@ -5,6 +5,21 @@ # # Declarations @@ -10623,8 +10627,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain + userdom_relabelto_user_home_files(polydomain) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.7.19/policy/modules/kernel/files.fc ---- nsaserefpolicy/policy/modules/kernel/files.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/files.fc 2010-10-25 11:09:58.145663420 +0200 +--- nsaserefpolicy/policy/modules/kernel/files.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/files.fc 2010-10-25 09:09:58.000000000 +0000 @@ -18,6 +18,7 @@ /fsckoptions -- gen_context(system_u:object_r:etc_runtime_t,s0) /halt -- gen_context(system_u:object_r:etc_runtime_t,s0) @@ -10743,8 +10747,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files. +/nsr(/.*)? gen_context(system_u:object_r:var_t,s0) +/nsr/logs(/.*)? gen_context(system_u:object_r:var_log_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.7.19/policy/modules/kernel/files.if ---- nsaserefpolicy/policy/modules/kernel/files.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/files.if 2010-12-01 14:00:25.783042277 +0100 +--- nsaserefpolicy/policy/modules/kernel/files.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/files.if 2011-01-24 18:04:53.791455000 +0000 @@ -1053,10 +1053,8 @@ relabel_lnk_files_pattern($1, { file_type $2 }, { file_type $2 }) relabel_fifo_files_pattern($1, { file_type $2 }, { file_type $2 }) @@ -11798,8 +11802,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files. + allow $1 file_type:kernel_service create_files_as; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.7.19/policy/modules/kernel/files.te ---- nsaserefpolicy/policy/modules/kernel/files.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/files.te 2010-05-28 09:42:00.032610673 +0200 +--- nsaserefpolicy/policy/modules/kernel/files.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/files.te 2010-05-28 07:42:00.000000000 +0000 @@ -1,4 +1,4 @@ - + @@ -11846,15 +11850,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files. ######################################## # diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.fc serefpolicy-3.7.19/policy/modules/kernel/filesystem.fc ---- nsaserefpolicy/policy/modules/kernel/filesystem.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.fc 2010-08-10 16:17:05.636084991 +0200 +--- nsaserefpolicy/policy/modules/kernel/filesystem.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.fc 2010-08-10 14:17:05.000000000 +0000 @@ -1 +1,3 @@ /dev/shm -d gen_context(system_u:object_r:tmpfs_t,s0) + +/cgroup(/.*)? gen_context(system_u:object_r:cgroup_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.7.19/policy/modules/kernel/filesystem.if ---- nsaserefpolicy/policy/modules/kernel/filesystem.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.if 2011-01-18 17:41:41.159293424 +0100 +--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.if 2011-01-18 16:41:41.000000000 +0000 @@ -559,6 +559,24 @@ ######################################## @@ -12409,8 +12413,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.7.19/policy/modules/kernel/filesystem.te ---- nsaserefpolicy/policy/modules/kernel/filesystem.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.te 2011-01-14 11:10:52.101041649 +0100 +--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/filesystem.te 2011-01-14 10:10:52.000000000 +0000 @@ -53,6 +53,7 @@ fs_type(anon_inodefs_t) files_mountpoint(anon_inodefs_t) @@ -12449,8 +12453,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy ######################################## # diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.7.19/policy/modules/kernel/kernel.if ---- nsaserefpolicy/policy/modules/kernel/kernel.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/kernel.if 2011-01-19 19:02:35.507042391 +0100 +--- nsaserefpolicy/policy/modules/kernel/kernel.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/kernel.if 2011-01-19 18:02:35.000000000 +0000 @@ -534,6 +534,37 @@ ######################################## @@ -12648,8 +12652,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.7.19/policy/modules/kernel/kernel.te ---- nsaserefpolicy/policy/modules/kernel/kernel.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/kernel.te 2011-01-18 18:00:20.345042656 +0100 +--- nsaserefpolicy/policy/modules/kernel/kernel.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/kernel.te 2011-01-18 17:00:20.000000000 +0000 @@ -46,15 +46,6 @@ sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh) @@ -12753,8 +12757,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel # # Unlabeled process local policy diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.if serefpolicy-3.7.19/policy/modules/kernel/mcs.if ---- nsaserefpolicy/policy/modules/kernel/mcs.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/mcs.if 2010-09-23 12:59:03.197386946 +0200 +--- nsaserefpolicy/policy/modules/kernel/mcs.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/mcs.if 2010-09-23 10:59:03.000000000 +0000 @@ -102,3 +102,29 @@ typeattribute $1 mcssetcats; @@ -12786,16 +12790,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.if + typeattribute $1 mcsuntrustedproc; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mcs.te serefpolicy-3.7.19/policy/modules/kernel/mcs.te ---- nsaserefpolicy/policy/modules/kernel/mcs.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/mcs.te 2010-09-23 12:58:14.301386891 +0200 +--- nsaserefpolicy/policy/modules/kernel/mcs.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/mcs.te 2010-09-23 10:58:14.000000000 +0000 @@ -11,3 +11,4 @@ attribute mcssetcats; attribute mcswriteall; attribute mcsreadall; +attribute mcsuntrustedproc; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.7.19/policy/modules/kernel/selinux.if ---- nsaserefpolicy/policy/modules/kernel/selinux.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/selinux.if 2010-05-28 09:42:00.040610567 +0200 +--- nsaserefpolicy/policy/modules/kernel/selinux.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/selinux.if 2010-05-28 07:42:00.000000000 +0000 @@ -40,7 +40,7 @@ # because of this statement, any module which @@ -12854,8 +12858,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu + mls_trusted_object($1) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.7.19/policy/modules/kernel/storage.fc ---- nsaserefpolicy/policy/modules/kernel/storage.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/storage.fc 2010-05-28 09:42:00.041610572 +0200 +--- nsaserefpolicy/policy/modules/kernel/storage.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/storage.fc 2010-05-28 07:42:00.000000000 +0000 @@ -20,6 +20,7 @@ /dev/gscd -b gen_context(system_u:object_r:removable_device_t,s0) /dev/hitcd -b gen_context(system_u:object_r:removable_device_t,s0) @@ -12865,8 +12869,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag /dev/jsfd -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) /dev/jsflash -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.7.19/policy/modules/kernel/storage.if ---- nsaserefpolicy/policy/modules/kernel/storage.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/storage.if 2010-08-06 12:20:38.267333652 +0200 +--- nsaserefpolicy/policy/modules/kernel/storage.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/storage.if 2010-08-06 10:20:38.000000000 +0000 @@ -101,6 +101,8 @@ dev_list_all_dev_nodes($1) allow $1 fixed_disk_device_t:blk_file read_blk_file_perms; @@ -12913,8 +12917,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag ## devices device nodes. ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.7.19/policy/modules/kernel/terminal.if ---- nsaserefpolicy/policy/modules/kernel/terminal.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/kernel/terminal.if 2010-09-16 15:33:56.220637065 +0200 +--- nsaserefpolicy/policy/modules/kernel/terminal.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/kernel/terminal.if 2010-09-16 13:33:56.000000000 +0000 @@ -292,9 +292,11 @@ interface(`term_dontaudit_use_console',` gen_require(` @@ -13022,8 +13026,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/auditadm.te serefpolicy-3.7.19/policy/modules/roles/auditadm.te ---- nsaserefpolicy/policy/modules/roles/auditadm.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/roles/auditadm.te 2010-05-28 09:42:00.043610790 +0200 +--- nsaserefpolicy/policy/modules/roles/auditadm.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/roles/auditadm.te 2010-05-28 07:42:00.000000000 +0000 @@ -29,10 +29,13 @@ logging_manage_audit_config(auditadm_t) logging_run_auditctl(auditadm_t, auditadm_r) @@ -13039,8 +13043,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/auditad consoletype_exec(auditadm_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.te serefpolicy-3.7.19/policy/modules/roles/guest.te ---- nsaserefpolicy/policy/modules/roles/guest.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/roles/guest.te 2010-10-01 15:18:58.435349564 +0200 +--- nsaserefpolicy/policy/modules/roles/guest.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/roles/guest.te 2010-10-01 13:18:58.000000000 +0000 @@ -10,17 +10,15 @@ userdom_restricted_user_template(guest) @@ -13064,8 +13068,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/guest.t -#gen_user(guest_u,, guest_r, s0, s0) +gen_user(guest_u, user, guest_r, s0, s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/secadm.te serefpolicy-3.7.19/policy/modules/roles/secadm.te ---- nsaserefpolicy/policy/modules/roles/secadm.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/roles/secadm.te 2010-05-28 09:42:00.044610794 +0200 +--- nsaserefpolicy/policy/modules/roles/secadm.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/roles/secadm.te 2010-05-28 07:42:00.000000000 +0000 @@ -10,6 +10,8 @@ userdom_unpriv_user_template(secadm) @@ -13076,9 +13080,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/secadm. ######################################## # diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.7.19/policy/modules/roles/staff.te ---- nsaserefpolicy/policy/modules/roles/staff.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/roles/staff.te 2010-12-15 14:43:54.408042196 +0100 -@@ -9,25 +9,58 @@ +--- nsaserefpolicy/policy/modules/roles/staff.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/roles/staff.te 2011-01-24 18:49:52.457455001 +0000 +@@ -9,25 +9,66 @@ role staff_r; userdom_unpriv_user_template(staff) @@ -13108,6 +13112,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t +netutils_signal_ping(staff_t) +netutils_kill_ping(staff_t) + ++ifdef(`distro_ ++redhat',` ++#FIXME ++tunable_policy(`allow_polyinstantiation',` ++ seutil_role_allow_setfiles(staff_r) ++ ') ++') ++ optional_policy(` apache_role(staff_r, staff_t) ') @@ -13137,7 +13149,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t bluetooth_role(staff_r, staff_t) ') -@@ -99,12 +132,18 @@ +@@ -99,12 +140,18 @@ oident_manage_user_content(staff_t) oident_relabel_user_content(staff_t) ') @@ -13156,7 +13168,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t pyzor_role(staff_r, staff_t) ') -@@ -119,22 +158,27 @@ +@@ -119,22 +166,27 @@ optional_policy(` screen_role_template(staff, staff_r, staff_t) ') @@ -13184,7 +13196,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t optional_policy(` sudo_role_template(staff, staff_r, staff_t) -@@ -145,6 +189,11 @@ +@@ -145,6 +197,11 @@ userdom_dontaudit_use_user_terminals(staff_t) ') @@ -13196,7 +13208,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t optional_policy(` thunderbird_role(staff_r, staff_t) ') -@@ -169,6 +218,77 @@ +@@ -169,6 +226,77 @@ wireshark_role(staff_r, staff_t) ') @@ -13275,8 +13287,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t + userhelper_console_role_template(staff, staff_r, staff_usertype) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.te serefpolicy-3.7.19/policy/modules/roles/sysadm.te ---- nsaserefpolicy/policy/modules/roles/sysadm.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/roles/sysadm.te 2011-01-19 18:18:43.216042333 +0100 +--- nsaserefpolicy/policy/modules/roles/sysadm.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/roles/sysadm.te 2011-01-19 17:18:43.000000000 +0000 @@ -28,17 +28,29 @@ corecmd_exec_shell(sysadm_t) @@ -13624,8 +13636,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm. +modutils_read_module_deps(sysadm_t) +miscfiles_read_hwdata(sysadm_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.fc serefpolicy-3.7.19/policy/modules/roles/unconfineduser.fc ---- nsaserefpolicy/policy/modules/roles/unconfineduser.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/roles/unconfineduser.fc 2010-05-28 09:42:00.047610527 +0200 +--- nsaserefpolicy/policy/modules/roles/unconfineduser.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/roles/unconfineduser.fc 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,10 @@ +# Add programs here which should not be confined by SELinux +# e.g.: @@ -13638,8 +13650,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi +/usr/sbin/xrdp -- gen_context(system_u:object_r:unconfined_exec_t,s0) +/usr/sbin/xrdp-sesman -- gen_context(system_u:object_r:unconfined_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.if serefpolicy-3.7.19/policy/modules/roles/unconfineduser.if ---- nsaserefpolicy/policy/modules/roles/unconfineduser.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/roles/unconfineduser.if 2010-10-05 17:05:35.898651111 +0200 +--- nsaserefpolicy/policy/modules/roles/unconfineduser.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/roles/unconfineduser.if 2010-10-05 15:05:35.000000000 +0000 @@ -0,0 +1,706 @@ +## Unconfiend user role + @@ -14348,8 +14360,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfineduser.te serefpolicy-3.7.19/policy/modules/roles/unconfineduser.te ---- nsaserefpolicy/policy/modules/roles/unconfineduser.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/roles/unconfineduser.te 2011-01-14 14:20:39.378128074 +0100 +--- nsaserefpolicy/policy/modules/roles/unconfineduser.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/roles/unconfineduser.te 2011-01-14 13:20:39.000000000 +0000 @@ -0,0 +1,453 @@ +policy_module(unconfineduser, 1.0.0) + @@ -14805,8 +14817,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unconfi +gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.te serefpolicy-3.7.19/policy/modules/roles/unprivuser.te ---- nsaserefpolicy/policy/modules/roles/unprivuser.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/roles/unprivuser.te 2010-12-15 14:45:10.473042920 +0100 +--- nsaserefpolicy/policy/modules/roles/unprivuser.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/roles/unprivuser.te 2010-12-15 13:45:10.000000000 +0000 @@ -13,10 +13,13 @@ userdom_unpriv_user_template(user) @@ -14866,8 +14878,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivu xserver_role(user_r, user_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest.te serefpolicy-3.7.19/policy/modules/roles/xguest.te ---- nsaserefpolicy/policy/modules/roles/xguest.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/roles/xguest.te 2010-11-02 17:09:32.420901767 +0100 +--- nsaserefpolicy/policy/modules/roles/xguest.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/roles/xguest.te 2010-11-02 16:09:32.000000000 +0000 @@ -15,7 +15,7 @@ ## @@ -15017,8 +15029,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/xguest. + +gen_user(xguest_u, user, xguest_r, s0, s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.fc serefpolicy-3.7.19/policy/modules/services/abrt.fc ---- nsaserefpolicy/policy/modules/services/abrt.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/abrt.fc 2010-07-14 12:41:50.667159114 +0200 +--- nsaserefpolicy/policy/modules/services/abrt.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/abrt.fc 2010-07-14 10:41:50.000000000 +0000 @@ -1,11 +1,21 @@ -/etc/abrt(/.*)? gen_context(system_u:object_r:abrt_etc_t,s0) -/etc/rc\.d/init\.d/abrt -- gen_context(system_u:object_r:abrt_initrc_exec_t,s0) @@ -15047,8 +15059,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt + +/var/spool/abrt(/.*)? gen_context(system_u:object_r:abrt_var_cache_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.if serefpolicy-3.7.19/policy/modules/services/abrt.if ---- nsaserefpolicy/policy/modules/services/abrt.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/abrt.if 2010-09-16 14:47:19.835637495 +0200 +--- nsaserefpolicy/policy/modules/services/abrt.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/abrt.if 2010-09-16 12:47:19.000000000 +0000 @@ -21,7 +21,7 @@ ###################################### @@ -15314,8 +15326,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt files_search_var($1) admin_pattern($1, abrt_var_cache_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.7.19/policy/modules/services/abrt.te ---- nsaserefpolicy/policy/modules/services/abrt.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/abrt.te 2011-01-07 14:18:16.592043328 +0100 +--- nsaserefpolicy/policy/modules/services/abrt.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/abrt.te 2011-01-07 13:18:16.000000000 +0000 @@ -1,11 +1,19 @@ -policy_module(abrt, 1.0.1) @@ -15587,8 +15599,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt + allow abrt_t domain:process setrlimit; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.if serefpolicy-3.7.19/policy/modules/services/afs.if ---- nsaserefpolicy/policy/modules/services/afs.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/afs.if 2010-09-16 15:14:41.650636974 +0200 +--- nsaserefpolicy/policy/modules/services/afs.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/afs.if 2010-09-16 13:14:41.000000000 +0000 @@ -97,8 +97,8 @@ type afs_t, afs_initrc_exec_t; ') @@ -15601,8 +15613,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs. # Allow afs_admin to restart the afs service afs_initrc_domtrans($1) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs.te serefpolicy-3.7.19/policy/modules/services/afs.te ---- nsaserefpolicy/policy/modules/services/afs.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/afs.te 2010-05-28 09:42:00.053610763 +0200 +--- nsaserefpolicy/policy/modules/services/afs.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/afs.te 2010-05-28 07:42:00.000000000 +0000 @@ -88,9 +88,14 @@ fs_getattr_xattr_fs(afs_t) @@ -15619,8 +15631,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/afs. corenet_all_recvfrom_netlabel(afs_t) corenet_tcp_sendrecv_generic_if(afs_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.fc serefpolicy-3.7.19/policy/modules/services/aiccu.fc ---- nsaserefpolicy/policy/modules/services/aiccu.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/aiccu.fc 2010-06-14 11:26:52.511056371 +0200 +--- nsaserefpolicy/policy/modules/services/aiccu.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/aiccu.fc 2010-06-14 09:26:52.000000000 +0000 @@ -0,0 +1,6 @@ +/etc/aiccu\.conf -- gen_context(system_u:object_r:aiccu_etc_t,s0) +/etc/rc\.d/init\.d/aiccu -- gen_context(system_u:object_r:aiccu_initrc_exec_t,s0) @@ -15629,8 +15641,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc + +/var/run/aiccu\.pid -- gen_context(system_u:object_r:aiccu_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.if serefpolicy-3.7.19/policy/modules/services/aiccu.if ---- nsaserefpolicy/policy/modules/services/aiccu.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/aiccu.if 2010-06-14 11:26:09.814056575 +0200 +--- nsaserefpolicy/policy/modules/services/aiccu.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/aiccu.if 2010-06-14 09:26:09.000000000 +0000 @@ -0,0 +1,118 @@ +## Automatic IPv6 Connectivity Client Utility. + @@ -15751,8 +15763,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc + files_search_pids($1) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aiccu.te serefpolicy-3.7.19/policy/modules/services/aiccu.te ---- nsaserefpolicy/policy/modules/services/aiccu.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/aiccu.te 2010-09-16 09:55:09.026658234 +0200 +--- nsaserefpolicy/policy/modules/services/aiccu.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/aiccu.te 2010-09-16 07:55:09.000000000 +0000 @@ -0,0 +1,72 @@ + +policy_module(aiccu, 1.0.0) @@ -15827,8 +15839,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aicc +sysnet_dns_name_resolve(aiccu_t) +sysnet_domtrans_ifconfig(aiccu_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.fc serefpolicy-3.7.19/policy/modules/services/aisexec.fc ---- nsaserefpolicy/policy/modules/services/aisexec.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/aisexec.fc 2010-05-28 09:42:00.055610771 +0200 +--- nsaserefpolicy/policy/modules/services/aisexec.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/aisexec.fc 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,10 @@ + +/etc/rc\.d/init\.d/openais -- gen_context(system_u:object_r:aisexec_initrc_exec_t,s0) @@ -15841,8 +15853,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aise + +/var/run/aisexec\.pid -- gen_context(system_u:object_r:aisexec_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.if serefpolicy-3.7.19/policy/modules/services/aisexec.if ---- nsaserefpolicy/policy/modules/services/aisexec.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/aisexec.if 2010-05-28 09:42:00.056610845 +0200 +--- nsaserefpolicy/policy/modules/services/aisexec.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/aisexec.if 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,106 @@ +## SELinux policy for Aisexec Cluster Engine + @@ -15951,8 +15963,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aise + admin_pattern($1, aisexec_tmpfs_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aisexec.te serefpolicy-3.7.19/policy/modules/services/aisexec.te ---- nsaserefpolicy/policy/modules/services/aisexec.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/aisexec.te 2010-07-19 15:48:59.455151640 +0200 +--- nsaserefpolicy/policy/modules/services/aisexec.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/aisexec.te 2010-07-19 13:48:59.000000000 +0000 @@ -0,0 +1,114 @@ + +policy_module(aisexec,1.0.0) @@ -16069,8 +16081,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aise +userdom_rw_semaphores(aisexec_t) +userdom_rw_unpriv_user_shared_mem(aisexec_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.if serefpolicy-3.7.19/policy/modules/services/amavis.if ---- nsaserefpolicy/policy/modules/services/amavis.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/amavis.if 2010-08-20 13:59:09.305084875 +0200 +--- nsaserefpolicy/policy/modules/services/amavis.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/amavis.if 2010-08-20 11:59:09.000000000 +0000 @@ -56,7 +56,7 @@ ') @@ -16081,8 +16093,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.7.19/policy/modules/services/apache.fc ---- nsaserefpolicy/policy/modules/services/apache.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/apache.fc 2010-07-13 09:55:52.782503046 +0200 +--- nsaserefpolicy/policy/modules/services/apache.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/apache.fc 2010-07-13 07:55:52.000000000 +0000 @@ -3,6 +3,7 @@ /etc/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0) /etc/apache-ssl(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0) @@ -16142,8 +16154,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac +/var/www/svn/conf(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.7.19/policy/modules/services/apache.if ---- nsaserefpolicy/policy/modules/services/apache.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/apache.if 2010-11-02 16:55:03.289650829 +0100 +--- nsaserefpolicy/policy/modules/services/apache.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/apache.if 2010-11-02 15:55:03.000000000 +0000 @@ -13,17 +13,13 @@ # template(`apache_content_template',` @@ -16642,8 +16654,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac + allow $1 httpd_suexec_exec_t:file getattr; ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.7.19/policy/modules/services/apache.te ---- nsaserefpolicy/policy/modules/services/apache.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/apache.te 2011-01-18 17:21:06.301042684 +0100 +--- nsaserefpolicy/policy/modules/services/apache.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/apache.te 2011-01-18 16:21:06.000000000 +0000 @@ -19,11 +19,13 @@ # Declarations # @@ -17302,8 +17314,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac +typealias httpd_var_run_t alias httpd_fastcgi_var_run_t; + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.7.19/policy/modules/services/apcupsd.te ---- nsaserefpolicy/policy/modules/services/apcupsd.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/apcupsd.te 2010-05-28 09:42:00.061610936 +0200 +--- nsaserefpolicy/policy/modules/services/apcupsd.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/apcupsd.te 2010-05-28 07:42:00.000000000 +0000 @@ -95,6 +95,10 @@ ') @@ -17316,8 +17328,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu mta_system_content(apcupsd_tmp_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-3.7.19/policy/modules/services/apm.te ---- nsaserefpolicy/policy/modules/services/apm.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/apm.te 2010-07-19 15:49:29.576151384 +0200 +--- nsaserefpolicy/policy/modules/services/apm.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/apm.te 2010-07-19 13:49:29.000000000 +0000 @@ -63,6 +63,7 @@ dontaudit apmd_t self:capability { setuid dac_override dac_read_search sys_ptrace sys_tty_config }; allow apmd_t self:process { signal_perms getsession }; @@ -17335,8 +17347,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm. dev_read_urand(apmd_t) dev_rw_apm_bios(apmd_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.if serefpolicy-3.7.19/policy/modules/services/arpwatch.if ---- nsaserefpolicy/policy/modules/services/arpwatch.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/arpwatch.if 2010-09-16 15:05:24.621637181 +0200 +--- nsaserefpolicy/policy/modules/services/arpwatch.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/arpwatch.if 2010-09-16 13:05:24.000000000 +0000 @@ -137,7 +137,7 @@ type arpwatch_initrc_exec_t; ') @@ -17347,8 +17359,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw arpwatch_initrc_domtrans($1) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.te serefpolicy-3.7.19/policy/modules/services/arpwatch.te ---- nsaserefpolicy/policy/modules/services/arpwatch.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/arpwatch.te 2010-07-23 14:06:57.786138760 +0200 +--- nsaserefpolicy/policy/modules/services/arpwatch.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/arpwatch.te 2010-07-23 12:06:57.000000000 +0000 @@ -34,6 +34,7 @@ allow arpwatch_t self:tcp_socket { connect create_stream_socket_perms }; allow arpwatch_t self:udp_socket create_socket_perms; @@ -17379,8 +17391,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw fs_getattr_all_fs(arpwatch_t) fs_search_auto_mountpoints(arpwatch_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.if serefpolicy-3.7.19/policy/modules/services/asterisk.if ---- nsaserefpolicy/policy/modules/services/asterisk.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/asterisk.if 2010-09-16 15:05:49.748637209 +0200 +--- nsaserefpolicy/policy/modules/services/asterisk.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/asterisk.if 2010-09-16 13:05:49.000000000 +0000 @@ -1,5 +1,24 @@ ## Asterisk IP telephony server @@ -17416,8 +17428,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste init_labeled_script_domtrans($1, asterisk_initrc_exec_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.7.19/policy/modules/services/asterisk.te ---- nsaserefpolicy/policy/modules/services/asterisk.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/asterisk.te 2010-05-28 09:42:00.064610809 +0200 +--- nsaserefpolicy/policy/modules/services/asterisk.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/asterisk.te 2010-05-28 07:42:00.000000000 +0000 @@ -40,12 +40,13 @@ # @@ -17528,8 +17540,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste ') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-3.7.19/policy/modules/services/automount.if ---- nsaserefpolicy/policy/modules/services/automount.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/automount.if 2010-09-16 15:06:07.893637088 +0200 +--- nsaserefpolicy/policy/modules/services/automount.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/automount.if 2010-09-16 13:06:07.000000000 +0000 @@ -68,7 +68,8 @@ type automount_t; ') @@ -17550,8 +17562,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto init_labeled_script_domtrans($1, automount_initrc_exec_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.7.19/policy/modules/services/automount.te ---- nsaserefpolicy/policy/modules/services/automount.te 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/automount.te 2010-05-28 09:42:00.065610953 +0200 +--- nsaserefpolicy/policy/modules/services/automount.te 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/automount.te 2010-05-28 07:42:00.000000000 +0000 @@ -146,6 +146,7 @@ # Run mount in the mount_t domain. @@ -17561,8 +17573,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto userdom_dontaudit_use_unpriv_user_fds(automount_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.7.19/policy/modules/services/avahi.if ---- nsaserefpolicy/policy/modules/services/avahi.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/avahi.if 2010-05-28 09:42:00.065610953 +0200 +--- nsaserefpolicy/policy/modules/services/avahi.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/avahi.if 2010-05-28 07:42:00.000000000 +0000 @@ -90,6 +90,7 @@ class dbus send_msg; ') @@ -17572,8 +17584,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah allow avahi_t $1:dbus send_msg; ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.7.19/policy/modules/services/avahi.te ---- nsaserefpolicy/policy/modules/services/avahi.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/avahi.te 2010-06-15 18:00:13.770018228 +0200 +--- nsaserefpolicy/policy/modules/services/avahi.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/avahi.te 2010-06-15 16:00:13.000000000 +0000 @@ -104,6 +104,10 @@ ') @@ -17586,8 +17598,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.7.19/policy/modules/services/bind.if ---- nsaserefpolicy/policy/modules/services/bind.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/bind.if 2010-08-13 08:08:10.688085038 +0200 +--- nsaserefpolicy/policy/modules/services/bind.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/bind.if 2010-08-13 06:08:10.000000000 +0000 @@ -269,6 +269,27 @@ allow $1 named_var_run_t:dir setattr; ') @@ -17636,8 +17648,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind admin_pattern($1, named_var_run_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.7.19/policy/modules/services/bind.te ---- nsaserefpolicy/policy/modules/services/bind.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/bind.te 2010-08-13 07:59:53.335085221 +0200 +--- nsaserefpolicy/policy/modules/services/bind.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/bind.te 2010-08-13 05:59:53.000000000 +0000 @@ -240,6 +240,7 @@ sysnet_dns_name_resolve(ndc_t) @@ -17647,8 +17659,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind term_dontaudit_use_console(ndc_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.7.19/policy/modules/services/bitlbee.te ---- nsaserefpolicy/policy/modules/services/bitlbee.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/bitlbee.te 2011-01-04 16:26:00.197041921 +0100 +--- nsaserefpolicy/policy/modules/services/bitlbee.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/bitlbee.te 2011-01-04 15:26:00.000000000 +0000 @@ -27,19 +27,21 @@ # # Local policy @@ -17694,8 +17706,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl sysnet_dns_name_resolve(bitlbee_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.7.19/policy/modules/services/bluetooth.if ---- nsaserefpolicy/policy/modules/services/bluetooth.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/bluetooth.if 2010-06-25 15:39:19.963137669 +0200 +--- nsaserefpolicy/policy/modules/services/bluetooth.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/bluetooth.if 2010-06-25 13:39:19.000000000 +0000 @@ -117,6 +117,27 @@ ######################################## @@ -17744,8 +17756,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue admin_pattern($1, bluetooth_var_lib_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.7.19/policy/modules/services/bluetooth.te ---- nsaserefpolicy/policy/modules/services/bluetooth.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/bluetooth.te 2010-10-01 15:18:25.436349626 +0200 +--- nsaserefpolicy/policy/modules/services/bluetooth.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/bluetooth.te 2010-10-01 13:18:25.000000000 +0000 @@ -148,6 +148,10 @@ userdom_dontaudit_search_user_home_dirs(bluetooth_t) @@ -17758,8 +17770,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue dbus_connect_system_bus(bluetooth_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.fc serefpolicy-3.7.19/policy/modules/services/boinc.fc ---- nsaserefpolicy/policy/modules/services/boinc.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/boinc.fc 2010-08-24 11:08:39.309083977 +0200 +--- nsaserefpolicy/policy/modules/services/boinc.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/boinc.fc 2010-08-24 09:08:39.000000000 +0000 @@ -0,0 +1,8 @@ + +/etc/rc\.d/init\.d/boinc-client -- gen_context(system_u:object_r:boinc_initrc_exec_t,s0) @@ -17770,8 +17782,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin +/var/lib/boinc/projects(/.*)? gen_context(system_u:object_r:boinc_project_var_lib_t,s0) +/var/lib/boinc/slots(/.*)? gen_context(system_u:object_r:boinc_project_var_lib_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.if serefpolicy-3.7.19/policy/modules/services/boinc.if ---- nsaserefpolicy/policy/modules/services/boinc.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/boinc.if 2010-09-16 15:15:07.962637079 +0200 +--- nsaserefpolicy/policy/modules/services/boinc.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/boinc.if 2010-09-16 13:15:07.000000000 +0000 @@ -0,0 +1,151 @@ + +## policy for boinc @@ -17925,8 +17937,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin + admin_pattern($1, boinc_var_lib_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boinc.te serefpolicy-3.7.19/policy/modules/services/boinc.te ---- nsaserefpolicy/policy/modules/services/boinc.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/boinc.te 2010-12-09 12:27:20.801041392 +0100 +--- nsaserefpolicy/policy/modules/services/boinc.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/boinc.te 2010-12-09 11:27:20.000000000 +0000 @@ -0,0 +1,179 @@ + +policy_module(boinc,1.0.0) @@ -18108,16 +18120,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/boin + java_exec(boinc_project_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugzilla.fc serefpolicy-3.7.19/policy/modules/services/bugzilla.fc ---- nsaserefpolicy/policy/modules/services/bugzilla.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/bugzilla.fc 2010-05-28 09:42:00.069610831 +0200 +--- nsaserefpolicy/policy/modules/services/bugzilla.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/bugzilla.fc 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,4 @@ + +/usr/share/bugzilla(/.*)? -d gen_context(system_u:object_r:httpd_bugzilla_content_t,s0) +/usr/share/bugzilla(/.*)? -- gen_context(system_u:object_r:httpd_bugzilla_script_exec_t,s0) +/var/lib/bugzilla(/.*)? gen_context(system_u:object_r:httpd_bugzilla_rw_content_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugzilla.if serefpolicy-3.7.19/policy/modules/services/bugzilla.if ---- nsaserefpolicy/policy/modules/services/bugzilla.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/bugzilla.if 2010-05-28 09:42:00.069610831 +0200 +--- nsaserefpolicy/policy/modules/services/bugzilla.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/bugzilla.if 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,39 @@ +## Bugzilla server + @@ -18159,8 +18171,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugz + dontaudit $1 httpd_bugzilla_script_t:unix_stream_socket { read write }; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugzilla.te serefpolicy-3.7.19/policy/modules/services/bugzilla.te ---- nsaserefpolicy/policy/modules/services/bugzilla.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/bugzilla.te 2010-05-28 09:42:00.070610905 +0200 +--- nsaserefpolicy/policy/modules/services/bugzilla.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/bugzilla.te 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,57 @@ + +policy_module(bugzilla, 1.0) @@ -18220,8 +18232,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bugz +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.fc serefpolicy-3.7.19/policy/modules/services/cachefilesd.fc ---- nsaserefpolicy/policy/modules/services/cachefilesd.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/cachefilesd.fc 2010-05-28 09:42:00.070610905 +0200 +--- nsaserefpolicy/policy/modules/services/cachefilesd.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cachefilesd.fc 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,29 @@ +############################################################################### +# @@ -18253,8 +18265,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach + +/var/run/cachefilesd\.pid -- gen_context(system_u:object_r:cachefiles_var_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.if serefpolicy-3.7.19/policy/modules/services/cachefilesd.if ---- nsaserefpolicy/policy/modules/services/cachefilesd.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/cachefilesd.if 2010-05-28 09:42:00.071610839 +0200 +--- nsaserefpolicy/policy/modules/services/cachefilesd.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cachefilesd.if 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,41 @@ +############################################################################### +# @@ -18298,8 +18310,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach + allow cachefilesd_t $1:process sigchld; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cachefilesd.te serefpolicy-3.7.19/policy/modules/services/cachefilesd.te ---- nsaserefpolicy/policy/modules/services/cachefilesd.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/cachefilesd.te 2010-05-28 09:42:00.071610839 +0200 +--- nsaserefpolicy/policy/modules/services/cachefilesd.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cachefilesd.te 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,147 @@ +############################################################################### +# @@ -18449,8 +18461,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cach + +dev_search_sysfs(cachefiles_kernel_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs.te serefpolicy-3.7.19/policy/modules/services/ccs.te ---- nsaserefpolicy/policy/modules/services/ccs.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ccs.te 2010-05-28 09:42:00.072610704 +0200 +--- nsaserefpolicy/policy/modules/services/ccs.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ccs.te 2010-05-28 07:42:00.000000000 +0000 @@ -114,5 +114,15 @@ ') @@ -18468,8 +18480,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ccs. unconfined_use_fds(ccs_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.7.19/policy/modules/services/certmaster.if ---- nsaserefpolicy/policy/modules/services/certmaster.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/certmaster.if 2010-12-01 14:03:22.438042558 +0100 +--- nsaserefpolicy/policy/modules/services/certmaster.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/certmaster.if 2010-12-01 13:03:22.000000000 +0000 @@ -18,6 +18,25 @@ domtrans_pattern($1, certmaster_exec_t, certmaster_t) ') @@ -18497,8 +18509,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert ## ## read certmaster logs. diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.fc serefpolicy-3.7.19/policy/modules/services/certmonger.fc ---- nsaserefpolicy/policy/modules/services/certmonger.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/certmonger.fc 2010-05-28 09:42:00.073610778 +0200 +--- nsaserefpolicy/policy/modules/services/certmonger.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/certmonger.fc 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,6 @@ +/etc/rc\.d/init\.d/certmonger -- gen_context(system_u:object_r:certmonger_initrc_exec_t,s0) + @@ -18507,8 +18519,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert +/var/run/certmonger.pid -- gen_context(system_u:object_r:certmonger_var_run_t,s0) +/var/lib/certmonger(/.*)? gen_context(system_u:object_r:certmonger_var_lib_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.if serefpolicy-3.7.19/policy/modules/services/certmonger.if ---- nsaserefpolicy/policy/modules/services/certmonger.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/certmonger.if 2010-06-28 14:44:32.157401643 +0200 +--- nsaserefpolicy/policy/modules/services/certmonger.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/certmonger.if 2010-06-28 12:44:32.000000000 +0000 @@ -0,0 +1,218 @@ + +## Certificate status monitor and PKI enrollment client @@ -18729,8 +18741,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert + admin_pattern($1, certmonger_var_run_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmonger.te serefpolicy-3.7.19/policy/modules/services/certmonger.te ---- nsaserefpolicy/policy/modules/services/certmonger.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/certmonger.te 2010-12-15 15:05:16.296042554 +0100 +--- nsaserefpolicy/policy/modules/services/certmonger.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/certmonger.te 2010-12-15 14:05:16.000000000 +0000 @@ -0,0 +1,92 @@ +policy_module(certmonger,1.0.0) + @@ -18825,8 +18837,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cert +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.fc serefpolicy-3.7.19/policy/modules/services/cgroup.fc ---- nsaserefpolicy/policy/modules/services/cgroup.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/cgroup.fc 2010-08-10 16:13:34.251005312 +0200 +--- nsaserefpolicy/policy/modules/services/cgroup.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cgroup.fc 2010-08-10 14:13:34.000000000 +0000 @@ -0,0 +1,10 @@ +/etc/cgconfig.conf -- gen_context(system_u:object_r:cgconfig_etc_t,s0) +/etc/cgrules.conf -- gen_context(system_u:object_r:cgrules_etc_t,s0) @@ -18839,8 +18851,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro + +/var/run/cgred.* gen_context(system_u:object_r:cgred_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.if serefpolicy-3.7.19/policy/modules/services/cgroup.if ---- nsaserefpolicy/policy/modules/services/cgroup.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/cgroup.if 2010-08-10 16:13:34.251334760 +0200 +--- nsaserefpolicy/policy/modules/services/cgroup.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cgroup.if 2010-08-10 14:13:34.000000000 +0000 @@ -0,0 +1,147 @@ +## libcg is a library that abstracts the control group file system in Linux. + @@ -18990,8 +19002,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro + role_transition $2 cgred_initrc_exec_t system_r; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgroup.te serefpolicy-3.7.19/policy/modules/services/cgroup.te ---- nsaserefpolicy/policy/modules/services/cgroup.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/cgroup.te 2010-08-10 16:14:55.451084972 +0200 +--- nsaserefpolicy/policy/modules/services/cgroup.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cgroup.te 2010-08-10 14:14:55.000000000 +0000 @@ -0,0 +1,79 @@ +policy_module(cgroup, 1.0.0) + @@ -19073,8 +19085,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cgro + +miscfiles_read_localization(cgred_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.if serefpolicy-3.7.19/policy/modules/services/chronyd.if ---- nsaserefpolicy/policy/modules/services/chronyd.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/chronyd.if 2010-06-28 18:44:16.191151821 +0200 +--- nsaserefpolicy/policy/modules/services/chronyd.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/chronyd.if 2010-06-28 16:44:16.000000000 +0000 @@ -19,6 +19,24 @@ domtrans_pattern($1, chronyd_exec_t, chronyd_t) ') @@ -19188,8 +19200,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chro ') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chronyd.te serefpolicy-3.7.19/policy/modules/services/chronyd.te ---- nsaserefpolicy/policy/modules/services/chronyd.te 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/chronyd.te 2011-01-14 14:47:12.321041202 +0100 +--- nsaserefpolicy/policy/modules/services/chronyd.te 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/chronyd.te 2011-01-14 13:47:12.000000000 +0000 @@ -16,6 +16,9 @@ type chronyd_keys_t; files_type(chronyd_keys_t) @@ -19243,8 +19255,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/chro gpsd_rw_shm(chronyd_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.7.19/policy/modules/services/clamav.fc ---- nsaserefpolicy/policy/modules/services/clamav.fc 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/clamav.fc 2011-01-19 17:06:42.240041373 +0100 +--- nsaserefpolicy/policy/modules/services/clamav.fc 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/clamav.fc 2011-01-19 16:06:42.000000000 +0000 @@ -10,6 +10,7 @@ /var/clamav(/.*)? gen_context(system_u:object_r:clamd_var_lib_t,s0) @@ -19254,8 +19266,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam /var/log/clamav/freshclam.* -- gen_context(system_u:object_r:freshclam_var_log_t,s0) /var/log/clamd.* gen_context(system_u:object_r:clamd_var_log_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.7.19/policy/modules/services/clamav.if ---- nsaserefpolicy/policy/modules/services/clamav.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/clamav.if 2010-10-18 15:38:09.251650866 +0200 +--- nsaserefpolicy/policy/modules/services/clamav.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/clamav.if 2010-10-18 13:38:09.000000000 +0000 @@ -49,12 +49,12 @@ # interface(`clamav_append_log',` @@ -19273,8 +19285,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.7.19/policy/modules/services/clamav.te ---- nsaserefpolicy/policy/modules/services/clamav.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/clamav.te 2010-12-09 12:46:16.374042098 +0100 +--- nsaserefpolicy/policy/modules/services/clamav.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/clamav.te 2010-12-09 11:46:16.000000000 +0000 @@ -1,6 +1,13 @@ policy_module(clamav, 1.7.1) @@ -19392,16 +19404,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam optional_policy(` amavis_read_spool_files(clamscan_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.fc serefpolicy-3.7.19/policy/modules/services/clogd.fc ---- nsaserefpolicy/policy/modules/services/clogd.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/clogd.fc 2010-05-28 09:42:00.079610731 +0200 +--- nsaserefpolicy/policy/modules/services/clogd.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/clogd.fc 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,4 @@ + +/usr/sbin/clogd -- gen_context(system_u:object_r:clogd_exec_t,s0) + +/var/run/clogd\.pid -- gen_context(system_u:object_r:clogd_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.if serefpolicy-3.7.19/policy/modules/services/clogd.if ---- nsaserefpolicy/policy/modules/services/clogd.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/clogd.if 2010-10-13 09:52:30.479899693 +0200 +--- nsaserefpolicy/policy/modules/services/clogd.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/clogd.if 2010-10-13 07:52:30.000000000 +0000 @@ -0,0 +1,82 @@ +## clogd - clustered mirror log server + @@ -19486,8 +19498,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clog +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clogd.te serefpolicy-3.7.19/policy/modules/services/clogd.te ---- nsaserefpolicy/policy/modules/services/clogd.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/clogd.te 2010-05-28 09:42:00.080611084 +0200 +--- nsaserefpolicy/policy/modules/services/clogd.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/clogd.te 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,65 @@ + +policy_module(clogd,1.0.0) @@ -19555,8 +19567,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clog + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmirrord.fc serefpolicy-3.7.19/policy/modules/services/cmirrord.fc ---- nsaserefpolicy/policy/modules/services/cmirrord.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/cmirrord.fc 2010-05-28 12:23:32.682860590 +0200 +--- nsaserefpolicy/policy/modules/services/cmirrord.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cmirrord.fc 2010-05-28 10:23:32.000000000 +0000 @@ -0,0 +1,6 @@ + +/etc/rc\.d/init\.d/cmirrord -- gen_context(system_u:object_r:cmirrord_initrc_exec_t,s0) @@ -19565,8 +19577,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmir + +/var/run/cmirrord\.pid -- gen_context(system_u:object_r:cmirrord_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmirrord.if serefpolicy-3.7.19/policy/modules/services/cmirrord.if ---- nsaserefpolicy/policy/modules/services/cmirrord.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/cmirrord.if 2010-05-28 12:30:40.719860805 +0200 +--- nsaserefpolicy/policy/modules/services/cmirrord.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cmirrord.if 2010-05-28 10:30:40.000000000 +0000 @@ -0,0 +1,118 @@ + +## policy for cmirrord @@ -19687,8 +19699,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmir + +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmirrord.te serefpolicy-3.7.19/policy/modules/services/cmirrord.te ---- nsaserefpolicy/policy/modules/services/cmirrord.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/cmirrord.te 2010-09-15 15:45:43.101636923 +0200 +--- nsaserefpolicy/policy/modules/services/cmirrord.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cmirrord.te 2010-09-15 13:45:43.000000000 +0000 @@ -0,0 +1,62 @@ + +policy_module(cmirrord,1.0.0) @@ -19753,8 +19765,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cmir + corosync_stream_connect(cmirrord_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.fc serefpolicy-3.7.19/policy/modules/services/cobbler.fc ---- nsaserefpolicy/policy/modules/services/cobbler.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/cobbler.fc 2011-01-07 11:32:18.772301640 +0100 +--- nsaserefpolicy/policy/modules/services/cobbler.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cobbler.fc 2011-01-07 10:32:18.000000000 +0000 @@ -1,7 +1,33 @@ -/etc/cobbler(/.*)? gen_context(system_u:object_r:cobbler_etc_t, s0) -/etc/rc\.d/init\.d/cobblerd -- gen_context(system_u:object_r:cobblerd_initrc_exec_t, s0) @@ -19795,8 +19807,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb -/var/lib/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t, s0) -/var/log/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_log_t, s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.if serefpolicy-3.7.19/policy/modules/services/cobbler.if ---- nsaserefpolicy/policy/modules/services/cobbler.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/cobbler.if 2011-01-19 17:25:53.443041687 +0100 +--- nsaserefpolicy/policy/modules/services/cobbler.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cobbler.if 2011-01-19 16:25:53.000000000 +0000 @@ -1,12 +1,12 @@ ## Cobbler installation server. ## @@ -19988,8 +20000,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb + ') ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobbler.te serefpolicy-3.7.19/policy/modules/services/cobbler.te ---- nsaserefpolicy/policy/modules/services/cobbler.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/cobbler.te 2010-12-01 13:46:59.993291958 +0100 +--- nsaserefpolicy/policy/modules/services/cobbler.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cobbler.te 2010-12-01 12:46:59.000000000 +0000 @@ -1,5 +1,4 @@ - -policy_module(cobbler, 1.0.0) @@ -20221,8 +20233,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cobb +manage_dirs_pattern(cobblerd_t, httpd_cobbler_content_rw_t, httpd_cobbler_content_rw_t) +manage_files_pattern(cobblerd_t, httpd_cobbler_content_rw_t, httpd_cobbler_content_rw_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.7.19/policy/modules/services/consolekit.fc ---- nsaserefpolicy/policy/modules/services/consolekit.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/consolekit.fc 2010-05-28 09:42:00.084613262 +0200 +--- nsaserefpolicy/policy/modules/services/consolekit.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/consolekit.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,5 +1,7 @@ /usr/sbin/console-kit-daemon -- gen_context(system_u:object_r:consolekit_exec_t,s0) @@ -20233,8 +20245,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons +/var/run/console-kit-daemon\.pid -- gen_context(system_u:object_r:consolekit_var_run_t,s0) +/var/run/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.7.19/policy/modules/services/consolekit.if ---- nsaserefpolicy/policy/modules/services/consolekit.if 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/consolekit.if 2010-10-05 16:31:31.267651526 +0200 +--- nsaserefpolicy/policy/modules/services/consolekit.if 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/consolekit.if 2010-10-05 14:31:31.000000000 +0000 @@ -55,5 +55,62 @@ ') @@ -20299,8 +20311,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.7.19/policy/modules/services/consolekit.te ---- nsaserefpolicy/policy/modules/services/consolekit.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/consolekit.te 2010-06-15 18:01:58.476767291 +0200 +--- nsaserefpolicy/policy/modules/services/consolekit.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/consolekit.te 2010-06-15 16:01:58.000000000 +0000 @@ -16,12 +16,15 @@ type consolekit_var_run_t; files_pid_file(consolekit_var_run_t) @@ -20406,8 +20418,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons unconfined_stream_connect(consolekit_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.fc serefpolicy-3.7.19/policy/modules/services/corosync.fc ---- nsaserefpolicy/policy/modules/services/corosync.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/corosync.fc 2010-05-28 09:42:00.087610617 +0200 +--- nsaserefpolicy/policy/modules/services/corosync.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/corosync.fc 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,15 @@ + +/etc/rc\.d/init\.d/corosync -- gen_context(system_u:object_r:corosync_initrc_exec_t,s0) @@ -20425,8 +20437,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro +/var/run/corosync\.pid -- gen_context(system_u:object_r:corosync_var_run_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.if serefpolicy-3.7.19/policy/modules/services/corosync.if ---- nsaserefpolicy/policy/modules/services/corosync.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/corosync.if 2010-09-16 17:00:39.809386936 +0200 +--- nsaserefpolicy/policy/modules/services/corosync.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/corosync.if 2010-09-16 15:00:39.000000000 +0000 @@ -0,0 +1,127 @@ +## SELinux policy for Corosync Cluster Engine + @@ -20556,8 +20568,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/corosync.te serefpolicy-3.7.19/policy/modules/services/corosync.te ---- nsaserefpolicy/policy/modules/services/corosync.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/corosync.te 2010-11-08 15:05:45.930398628 +0100 +--- nsaserefpolicy/policy/modules/services/corosync.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/corosync.te 2010-11-08 14:05:45.000000000 +0000 @@ -0,0 +1,145 @@ + +policy_module(corosync,1.0.0) @@ -20705,8 +20717,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/coro + ricci_rw_modclusterd_tmpfs_files(corosync_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.7.19/policy/modules/services/cron.fc ---- nsaserefpolicy/policy/modules/services/cron.fc 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/cron.fc 2010-05-28 09:42:00.088610900 +0200 +--- nsaserefpolicy/policy/modules/services/cron.fc 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cron.fc 2010-05-28 07:42:00.000000000 +0000 @@ -14,7 +14,7 @@ /var/run/anacron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) /var/run/atd\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) @@ -20725,8 +20737,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron + +/var/log/mcelog.* -- gen_context(system_u:object_r:cron_log_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.7.19/policy/modules/services/cron.if ---- nsaserefpolicy/policy/modules/services/cron.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/cron.if 2010-09-16 14:41:50.412386895 +0200 +--- nsaserefpolicy/policy/modules/services/cron.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cron.if 2010-09-16 12:41:50.000000000 +0000 @@ -12,6 +12,12 @@ ## # @@ -20955,8 +20967,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron + manage_files_pattern($1, system_cronjob_var_lib_t, system_cronjob_var_lib_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.7.19/policy/modules/services/cron.te ---- nsaserefpolicy/policy/modules/services/cron.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/cron.te 2010-11-18 15:47:35.785397612 +0100 +--- nsaserefpolicy/policy/modules/services/cron.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cron.te 2010-11-18 14:47:35.000000000 +0000 @@ -38,8 +38,10 @@ type cron_var_lib_t; files_type(cron_var_lib_t) @@ -21274,8 +21286,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron tunable_policy(`fcron_crond', ` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.7.19/policy/modules/services/cups.fc ---- nsaserefpolicy/policy/modules/services/cups.fc 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/cups.fc 2010-05-28 09:42:00.091610700 +0200 +--- nsaserefpolicy/policy/modules/services/cups.fc 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cups.fc 2010-05-28 07:42:00.000000000 +0000 @@ -13,10 +13,14 @@ /etc/cups/certs/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0) /etc/rc\.d/init\.d/cups -- gen_context(system_u:object_r:cupsd_initrc_exec_t,s0) @@ -21324,8 +21336,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups + +/usr/local/linuxprinter/ppd(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.7.19/policy/modules/services/cups.if ---- nsaserefpolicy/policy/modules/services/cups.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/cups.if 2010-10-13 09:46:06.858649491 +0200 +--- nsaserefpolicy/policy/modules/services/cups.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cups.if 2010-10-13 07:46:06.000000000 +0000 @@ -6,7 +6,7 @@ ## ## @@ -21355,8 +21367,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups files_list_tmp($1) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.7.19/policy/modules/services/cups.te ---- nsaserefpolicy/policy/modules/services/cups.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/cups.te 2010-11-11 16:08:06.457149130 +0100 +--- nsaserefpolicy/policy/modules/services/cups.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cups.te 2010-11-11 15:08:06.000000000 +0000 @@ -16,6 +16,7 @@ type cupsd_t; type cupsd_exec_t; @@ -21637,8 +21649,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups logging_send_syslog_msg(hplip_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.7.19/policy/modules/services/cvs.te ---- nsaserefpolicy/policy/modules/services/cvs.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/cvs.te 2010-05-28 09:42:00.093610497 +0200 +--- nsaserefpolicy/policy/modules/services/cvs.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cvs.te 2010-05-28 07:42:00.000000000 +0000 @@ -93,6 +93,7 @@ auth_can_read_shadow_passwords(cvs_t) tunable_policy(`allow_cvs_read_shadow',` @@ -21654,8 +21666,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs. + files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir }) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.fc serefpolicy-3.7.19/policy/modules/services/cyrus.fc ---- nsaserefpolicy/policy/modules/services/cyrus.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/cyrus.fc 2010-07-14 12:43:21.905172641 +0200 +--- nsaserefpolicy/policy/modules/services/cyrus.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cyrus.fc 2010-07-14 10:43:21.000000000 +0000 @@ -1,4 +1,4 @@ -/etc/rc\.d/init\.d/cyrus -- gen_context(system_u:object_r:cyrus_initrc_exec_t,s0) +/etc/rc\.d/init\.d/cyrus-imapd -- gen_context(system_u:object_r:cyrus_initrc_exec_t,s0) @@ -21663,8 +21675,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru /usr/lib(64)?/cyrus-imapd/cyrus-master -- gen_context(system_u:object_r:cyrus_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.7.19/policy/modules/services/cyrus.te ---- nsaserefpolicy/policy/modules/services/cyrus.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/cyrus.te 2010-08-24 14:09:21.658222360 +0200 +--- nsaserefpolicy/policy/modules/services/cyrus.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/cyrus.te 2010-08-24 12:09:21.000000000 +0000 @@ -27,7 +27,7 @@ # Local policy # @@ -21691,8 +21703,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru snmp_dontaudit_write_snmp_var_lib_files(cyrus_t) snmp_stream_connect(cyrus_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.7.19/policy/modules/services/dbus.if ---- nsaserefpolicy/policy/modules/services/dbus.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/dbus.if 2010-05-28 09:42:00.095610713 +0200 +--- nsaserefpolicy/policy/modules/services/dbus.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/dbus.if 2010-05-28 07:42:00.000000000 +0000 @@ -42,8 +42,10 @@ gen_require(` class dbus { send_msg acquire_svc }; @@ -21886,8 +21898,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.7.19/policy/modules/services/dbus.te ---- nsaserefpolicy/policy/modules/services/dbus.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/dbus.te 2010-05-28 09:42:00.096610787 +0200 +--- nsaserefpolicy/policy/modules/services/dbus.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/dbus.te 2010-05-28 07:42:00.000000000 +0000 @@ -86,6 +86,7 @@ dev_read_sysfs(system_dbusd_t) @@ -21936,8 +21948,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus + xserver_append_xdm_home_files(session_bus_type) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.fc serefpolicy-3.7.19/policy/modules/services/denyhosts.fc ---- nsaserefpolicy/policy/modules/services/denyhosts.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/denyhosts.fc 2010-05-28 09:42:00.096610787 +0200 +--- nsaserefpolicy/policy/modules/services/denyhosts.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/denyhosts.fc 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,7 @@ +/etc/rc\.d/init\.d/denyhosts -- gen_context(system_u:object_r:denyhosts_initrc_exec_t, s0) + @@ -21947,8 +21959,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/deny +/var/lock/subsys/denyhosts -- gen_context(system_u:object_r:denyhosts_var_lock_t, s0) +/var/log/denyhosts(/.*)? gen_context(system_u:object_r:denyhosts_var_log_t, s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.if serefpolicy-3.7.19/policy/modules/services/denyhosts.if ---- nsaserefpolicy/policy/modules/services/denyhosts.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/denyhosts.if 2010-05-28 09:42:00.097610580 +0200 +--- nsaserefpolicy/policy/modules/services/denyhosts.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/denyhosts.if 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,87 @@ +## Deny Hosts. +## @@ -22038,8 +22050,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/deny + admin_pattern($1, denyhosts_var_lock_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/denyhosts.te serefpolicy-3.7.19/policy/modules/services/denyhosts.te ---- nsaserefpolicy/policy/modules/services/denyhosts.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/denyhosts.te 2010-07-13 09:14:58.230502484 +0200 +--- nsaserefpolicy/policy/modules/services/denyhosts.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/denyhosts.te 2010-07-13 07:14:58.000000000 +0000 @@ -0,0 +1,81 @@ + +policy_module(denyhosts, 1.0.0) @@ -22123,8 +22135,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/deny + gnome_dontaudit_search_config(denyhosts_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.fc serefpolicy-3.7.19/policy/modules/services/devicekit.fc ---- nsaserefpolicy/policy/modules/services/devicekit.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/devicekit.fc 2010-05-28 09:42:00.098611422 +0200 +--- nsaserefpolicy/policy/modules/services/devicekit.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/devicekit.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,8 +1,14 @@ /usr/libexec/devkit-daemon -- gen_context(system_u:object_r:devicekit_exec_t,s0) /usr/libexec/devkit-disks-daemon -- gen_context(system_u:object_r:devicekit_disk_exec_t,s0) @@ -22142,8 +22154,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi +/var/run/udisks(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0) +/var/run/upower(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.if serefpolicy-3.7.19/policy/modules/services/devicekit.if ---- nsaserefpolicy/policy/modules/services/devicekit.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/devicekit.if 2010-09-16 14:43:03.179637274 +0200 +--- nsaserefpolicy/policy/modules/services/devicekit.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/devicekit.if 2010-09-16 12:43:03.000000000 +0000 @@ -139,6 +139,26 @@ ######################################## @@ -22193,8 +22205,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi admin_pattern($1, devicekit_tmp_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devicekit.te serefpolicy-3.7.19/policy/modules/services/devicekit.te ---- nsaserefpolicy/policy/modules/services/devicekit.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/devicekit.te 2010-10-05 16:46:24.302651295 +0200 +--- nsaserefpolicy/policy/modules/services/devicekit.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/devicekit.te 2010-10-05 14:46:24.000000000 +0000 @@ -42,6 +42,8 @@ files_read_etc_files(devicekit_t) @@ -22438,8 +22450,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/devi vbetool_domtrans(devicekit_power_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.if serefpolicy-3.7.19/policy/modules/services/dhcp.if ---- nsaserefpolicy/policy/modules/services/dhcp.if 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/dhcp.if 2010-09-16 17:18:21.454637263 +0200 +--- nsaserefpolicy/policy/modules/services/dhcp.if 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/dhcp.if 2010-09-16 15:18:21.000000000 +0000 @@ -77,7 +77,7 @@ # interface(`dhcpd_admin',` @@ -22450,8 +22462,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.7.19/policy/modules/services/dhcp.te ---- nsaserefpolicy/policy/modules/services/dhcp.te 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/dhcp.te 2010-10-18 16:03:31.352650791 +0200 +--- nsaserefpolicy/policy/modules/services/dhcp.te 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/dhcp.te 2010-10-18 14:03:31.000000000 +0000 @@ -74,6 +74,8 @@ corenet_sendrecv_dhcpd_server_packets(dhcpd_t) corenet_sendrecv_pxe_server_packets(dhcpd_t) @@ -22473,8 +22485,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp dbus_connect_system_bus(dhcpd_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv-admin.fc serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.fc ---- nsaserefpolicy/policy/modules/services/dirsrv-admin.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.fc 2010-11-15 14:19:02.503399070 +0100 +--- nsaserefpolicy/policy/modules/services/dirsrv-admin.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.fc 2010-11-15 13:19:02.000000000 +0000 @@ -0,0 +1,11 @@ +/etc/dirsrv/admin-serv(/.*)? gen_context(system_u:object_r:dirsrvadmin_config_t,s0) + @@ -22488,8 +22500,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs +/usr/lib64/dirsrv/dsgw-cgi-bin(/.*)? gen_context(system_u:object_r:httpd_dirsrvadmin_script_exec_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv-admin.if serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.if ---- nsaserefpolicy/policy/modules/services/dirsrv-admin.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.if 2010-11-15 14:19:02.504398934 +0100 +--- nsaserefpolicy/policy/modules/services/dirsrv-admin.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.if 2010-11-15 13:19:02.000000000 +0000 @@ -0,0 +1,95 @@ +## Administration Server for Directory Server, dirsrv-admin. + @@ -22587,8 +22599,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs + manage_dirs_pattern($1, dirsrvadmin_tmp_t, dirsrvadmin_tmp_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv-admin.te serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.te ---- nsaserefpolicy/policy/modules/services/dirsrv-admin.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.te 2010-11-15 14:19:02.523147846 +0100 +--- nsaserefpolicy/policy/modules/services/dirsrv-admin.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/dirsrv-admin.te 2010-11-15 13:19:02.000000000 +0000 @@ -0,0 +1,92 @@ +policy_module(dirsrv-admin,1.0.0) + @@ -22683,8 +22695,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs +dirsrv_manage_config(httpd_dirsrvadmin_script_t) +dirsrv_read_share(httpd_dirsrvadmin_script_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv.fc serefpolicy-3.7.19/policy/modules/services/dirsrv.fc ---- nsaserefpolicy/policy/modules/services/dirsrv.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/dirsrv.fc 2010-11-15 14:19:02.524147919 +0100 +--- nsaserefpolicy/policy/modules/services/dirsrv.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/dirsrv.fc 2010-11-15 13:19:02.000000000 +0000 @@ -0,0 +1,20 @@ +/etc/dirsrv(/.*) gen_context(system_u:object_r:dirsrv_config_t,s0) + @@ -22707,8 +22719,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs + +/var/log/dirsrv/ldap-agent.log gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv.if serefpolicy-3.7.19/policy/modules/services/dirsrv.if ---- nsaserefpolicy/policy/modules/services/dirsrv.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/dirsrv.if 2011-01-20 12:07:54.246042815 +0100 +--- nsaserefpolicy/policy/modules/services/dirsrv.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/dirsrv.if 2011-01-20 11:07:54.000000000 +0000 @@ -0,0 +1,212 @@ +## policy for dirsrv + @@ -22923,8 +22935,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs + stream_connect_pattern($1, dirsrv_var_run_t, dirsrv_var_run_t, dirsrv_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirsrv.te serefpolicy-3.7.19/policy/modules/services/dirsrv.te ---- nsaserefpolicy/policy/modules/services/dirsrv.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/dirsrv.te 2011-01-14 16:32:12.778042378 +0100 +--- nsaserefpolicy/policy/modules/services/dirsrv.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/dirsrv.te 2011-01-14 15:32:12.000000000 +0000 @@ -0,0 +1,180 @@ +policy_module(dirsrv,1.0.0) + @@ -23107,8 +23119,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dirs + rpcbind_stream_connect(initrc_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbdns.if serefpolicy-3.7.19/policy/modules/services/djbdns.if ---- nsaserefpolicy/policy/modules/services/djbdns.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/djbdns.if 2010-05-28 09:42:00.101610733 +0200 +--- nsaserefpolicy/policy/modules/services/djbdns.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/djbdns.if 2010-05-28 07:42:00.000000000 +0000 @@ -26,6 +26,8 @@ daemontools_read_svc(djbdns_$1_t) @@ -23159,8 +23171,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbd + allow $1 djbdns_tinydn_t:key link; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbdns.te serefpolicy-3.7.19/policy/modules/services/djbdns.te ---- nsaserefpolicy/policy/modules/services/djbdns.te 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/djbdns.te 2010-05-28 09:42:00.101610733 +0200 +--- nsaserefpolicy/policy/modules/services/djbdns.te 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/djbdns.te 2010-05-28 07:42:00.000000000 +0000 @@ -42,3 +42,11 @@ files_search_var(djbdns_axfrdns_t) @@ -23174,8 +23186,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbd +init_dontaudit_use_script_fds(djbdns_tinydns_t) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.fc serefpolicy-3.7.19/policy/modules/services/dnsmasq.fc ---- nsaserefpolicy/policy/modules/services/dnsmasq.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/dnsmasq.fc 2010-05-28 09:42:00.102610946 +0200 +--- nsaserefpolicy/policy/modules/services/dnsmasq.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/dnsmasq.fc 2010-05-28 07:42:00.000000000 +0000 @@ -6,5 +6,7 @@ /var/lib/misc/dnsmasq\.leases -- gen_context(system_u:object_r:dnsmasq_lease_t,s0) /var/lib/dnsmasq(/.*)? gen_context(system_u:object_r:dnsmasq_lease_t,s0) @@ -23185,8 +23197,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm /var/run/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0) /var/run/libvirt/network(/.*)? gen_context(system_u:object_r:dnsmasq_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.7.19/policy/modules/services/dnsmasq.if ---- nsaserefpolicy/policy/modules/services/dnsmasq.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/dnsmasq.if 2010-05-28 09:42:00.102610946 +0200 +--- nsaserefpolicy/policy/modules/services/dnsmasq.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/dnsmasq.if 2010-05-28 07:42:00.000000000 +0000 @@ -111,7 +111,7 @@ type dnsmasq_etc_t; ') @@ -23206,8 +23218,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.7.19/policy/modules/services/dnsmasq.te ---- nsaserefpolicy/policy/modules/services/dnsmasq.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/dnsmasq.te 2010-10-13 08:36:11.278650255 +0200 +--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/dnsmasq.te 2010-10-13 06:36:11.000000000 +0000 @@ -19,6 +19,9 @@ type dnsmasq_lease_t; files_type(dnsmasq_lease_t) @@ -23268,8 +23280,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.7.19/policy/modules/services/dovecot.fc ---- nsaserefpolicy/policy/modules/services/dovecot.fc 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/dovecot.fc 2010-07-08 14:31:14.740152947 +0200 +--- nsaserefpolicy/policy/modules/services/dovecot.fc 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/dovecot.fc 2010-07-08 12:31:14.000000000 +0000 @@ -3,6 +3,7 @@ # /etc # @@ -23298,8 +23310,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove /var/spool/dovecot(/.*)? gen_context(system_u:object_r:dovecot_spool_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.7.19/policy/modules/services/dovecot.if ---- nsaserefpolicy/policy/modules/services/dovecot.if 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/dovecot.if 2010-12-01 11:47:10.200042400 +0100 +--- nsaserefpolicy/policy/modules/services/dovecot.if 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/dovecot.if 2010-12-01 10:47:10.000000000 +0000 @@ -1,5 +1,24 @@ ## Dovecot POP and IMAP mail server @@ -23345,8 +23357,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove admin_pattern($1, dovecot_spool_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.7.19/policy/modules/services/dovecot.te ---- nsaserefpolicy/policy/modules/services/dovecot.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/dovecot.te 2011-01-14 14:46:52.457041882 +0100 +--- nsaserefpolicy/policy/modules/services/dovecot.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/dovecot.te 2011-01-14 13:46:52.000000000 +0000 @@ -9,6 +9,9 @@ type dovecot_exec_t; init_daemon_domain(dovecot_t, dovecot_exec_t) @@ -23572,8 +23584,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove + sendmail_domtrans(dovecot_deliver_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.fc serefpolicy-3.7.19/policy/modules/services/exim.fc ---- nsaserefpolicy/policy/modules/services/exim.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/exim.fc 2010-05-28 09:42:00.105610536 +0200 +--- nsaserefpolicy/policy/modules/services/exim.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/exim.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,3 +1,6 @@ + +/etc/rc\.d/init\.d/exim -- gen_context(system_u:object_r:exim_initrc_exec_t,s0) @@ -23582,8 +23594,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim /var/log/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_log_t,s0) /var/run/exim[0-9]?\.pid -- gen_context(system_u:object_r:exim_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.7.19/policy/modules/services/exim.if ---- nsaserefpolicy/policy/modules/services/exim.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/exim.if 2010-09-16 15:15:56.330386661 +0200 +--- nsaserefpolicy/policy/modules/services/exim.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/exim.if 2010-09-16 13:15:56.000000000 +0000 @@ -20,6 +20,24 @@ ######################################## @@ -23657,8 +23669,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim + admin_pattern($1, exim_var_run_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.7.19/policy/modules/services/exim.te ---- nsaserefpolicy/policy/modules/services/exim.te 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/exim.te 2010-12-01 13:21:05.137040781 +0100 +--- nsaserefpolicy/policy/modules/services/exim.te 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/exim.te 2010-12-01 12:21:05.000000000 +0000 @@ -36,6 +36,9 @@ application_executable_file(exim_exec_t) mta_agent_executable(exim_exec_t) @@ -23689,8 +23701,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.7.19/policy/modules/services/fail2ban.if ---- nsaserefpolicy/policy/modules/services/fail2ban.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/fail2ban.if 2010-05-28 09:42:00.108611036 +0200 +--- nsaserefpolicy/policy/modules/services/fail2ban.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/fail2ban.if 2010-05-28 07:42:00.000000000 +0000 @@ -138,6 +138,26 @@ ######################################## @@ -23719,8 +23731,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail ## an fail2ban environment ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.7.19/policy/modules/services/fail2ban.te ---- nsaserefpolicy/policy/modules/services/fail2ban.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/fail2ban.te 2010-10-08 10:29:01.304899702 +0200 +--- nsaserefpolicy/policy/modules/services/fail2ban.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/fail2ban.te 2010-10-08 08:29:01.000000000 +0000 @@ -29,8 +29,9 @@ # fail2ban local policy # @@ -23751,8 +23763,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail iptables_domtrans(fail2ban_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.if serefpolicy-3.7.19/policy/modules/services/fetchmail.if ---- nsaserefpolicy/policy/modules/services/fetchmail.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/fetchmail.if 2010-09-16 14:46:13.627387014 +0200 +--- nsaserefpolicy/policy/modules/services/fetchmail.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/fetchmail.if 2010-09-16 12:46:13.000000000 +0000 @@ -18,6 +18,7 @@ type fetchmail_var_run_t; ') @@ -23762,8 +23774,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetc files_list_etc($1) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fprintd.te serefpolicy-3.7.19/policy/modules/services/fprintd.te ---- nsaserefpolicy/policy/modules/services/fprintd.te 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/fprintd.te 2010-11-02 17:13:59.386650147 +0100 +--- nsaserefpolicy/policy/modules/services/fprintd.te 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/fprintd.te 2010-11-02 16:13:59.000000000 +0000 @@ -18,9 +18,9 @@ # Local policy # @@ -23793,8 +23805,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fpri ') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.fc serefpolicy-3.7.19/policy/modules/services/ftp.fc ---- nsaserefpolicy/policy/modules/services/ftp.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ftp.fc 2010-07-19 17:37:44.247151964 +0200 +--- nsaserefpolicy/policy/modules/services/ftp.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ftp.fc 2010-07-19 15:37:44.000000000 +0000 @@ -13,6 +13,8 @@ /usr/kerberos/sbin/ftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0) @@ -23814,8 +23826,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp. /var/log/muddleftpd\.log.* -- gen_context(system_u:object_r:xferlog_t,s0) /var/log/proftpd(/.*)? gen_context(system_u:object_r:xferlog_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.if serefpolicy-3.7.19/policy/modules/services/ftp.if ---- nsaserefpolicy/policy/modules/services/ftp.if 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ftp.if 2010-05-28 09:42:00.110611252 +0200 +--- nsaserefpolicy/policy/modules/services/ftp.if 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ftp.if 2010-05-28 07:42:00.000000000 +0000 @@ -115,6 +115,44 @@ role $2 types ftpdctl_t; ') @@ -23862,8 +23874,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp. ## ## All of the rules required to administrate diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.7.19/policy/modules/services/ftp.te ---- nsaserefpolicy/policy/modules/services/ftp.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ftp.te 2010-06-09 23:01:26.359209225 +0200 +--- nsaserefpolicy/policy/modules/services/ftp.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ftp.te 2010-06-09 21:01:26.000000000 +0000 @@ -41,11 +41,51 @@ ## @@ -24113,8 +24125,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp. + fs_read_nfs_symlinks(ftpd_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.fc serefpolicy-3.7.19/policy/modules/services/git.fc ---- nsaserefpolicy/policy/modules/services/git.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/git.fc 2010-06-30 13:03:56.351618002 +0200 +--- nsaserefpolicy/policy/modules/services/git.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/git.fc 2010-06-30 11:03:56.000000000 +0000 @@ -1,3 +1,12 @@ +HOME_DIR/public_git(/.*)? gen_context(system_u:object_r:git_session_content_t, s0) +HOME_DIR/\.gitconfig -- gen_context(system_u:object_r:git_session_content_t, s0) @@ -24130,8 +24142,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git. +/var/www/git(/.*)? gen_context(system_u:object_r:httpd_git_content_t,s0) +/var/www/git/gitweb.cgi gen_context(system_u:object_r:httpd_git_script_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.if serefpolicy-3.7.19/policy/modules/services/git.if ---- nsaserefpolicy/policy/modules/services/git.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/git.if 2010-05-28 09:42:00.113610772 +0200 +--- nsaserefpolicy/policy/modules/services/git.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/git.if 2010-05-28 07:42:00.000000000 +0000 @@ -1 +1,525 @@ -## GIT revision control system +## Fast Version Control System. @@ -24660,8 +24672,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git. +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.7.19/policy/modules/services/git.te ---- nsaserefpolicy/policy/modules/services/git.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/git.te 2010-05-28 09:42:00.113610772 +0200 +--- nsaserefpolicy/policy/modules/services/git.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/git.te 2010-05-28 07:42:00.000000000 +0000 @@ -1,9 +1,193 @@ -policy_module(git, 1.0) @@ -24860,8 +24872,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git. +gen_user(git_shell_u, user, git_shell_r, s0, s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.7.19/policy/modules/services/gnomeclock.if ---- nsaserefpolicy/policy/modules/services/gnomeclock.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/gnomeclock.if 2010-05-28 09:42:00.114610776 +0200 +--- nsaserefpolicy/policy/modules/services/gnomeclock.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/gnomeclock.if 2010-05-28 07:42:00.000000000 +0000 @@ -63,3 +63,24 @@ allow $1 gnomeclock_t:dbus send_msg; allow gnomeclock_t $1:dbus send_msg; @@ -24888,8 +24900,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnom + dontaudit gnomeclock_t $1:dbus send_msg; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.7.19/policy/modules/services/gpm.te ---- nsaserefpolicy/policy/modules/services/gpm.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/gpm.te 2010-10-13 08:34:38.732649366 +0200 +--- nsaserefpolicy/policy/modules/services/gpm.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/gpm.te 2010-10-13 06:34:38.000000000 +0000 @@ -70,6 +70,7 @@ userdom_dontaudit_use_unpriv_user_fds(gpm_t) @@ -24899,8 +24911,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm. optional_policy(` seutil_sigchld_newrole(gpm_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.7.19/policy/modules/services/gpsd.te ---- nsaserefpolicy/policy/modules/services/gpsd.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/gpsd.te 2010-05-28 09:42:00.114610776 +0200 +--- nsaserefpolicy/policy/modules/services/gpsd.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/gpsd.te 2010-05-28 07:42:00.000000000 +0000 @@ -57,9 +57,14 @@ miscfiles_read_localization(gpsd_t) @@ -24917,8 +24929,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd ') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.7.19/policy/modules/services/hal.if ---- nsaserefpolicy/policy/modules/services/hal.if 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/hal.if 2010-09-16 15:08:39.708386708 +0200 +--- nsaserefpolicy/policy/modules/services/hal.if 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/hal.if 2010-09-16 13:08:39.000000000 +0000 @@ -51,6 +51,7 @@ type hald_t; ') @@ -24964,8 +24976,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal. ## ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.7.19/policy/modules/services/hal.te ---- nsaserefpolicy/policy/modules/services/hal.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/hal.te 2010-09-01 12:01:45.692083773 +0200 +--- nsaserefpolicy/policy/modules/services/hal.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/hal.te 2010-09-01 10:01:45.000000000 +0000 @@ -55,6 +55,9 @@ type hald_var_lib_t; files_type(hald_var_lib_t) @@ -25122,8 +25134,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal. # # Local hald dccm policy diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.if serefpolicy-3.7.19/policy/modules/services/icecast.if ---- nsaserefpolicy/policy/modules/services/icecast.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/icecast.if 2010-09-16 14:50:20.457637118 +0200 +--- nsaserefpolicy/policy/modules/services/icecast.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/icecast.if 2010-09-16 12:50:20.000000000 +0000 @@ -173,6 +173,7 @@ type icecast_t, icecast_initrc_exec_t; ') @@ -25133,8 +25145,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icec # Allow icecast_t to restart the apache service diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icecast.te serefpolicy-3.7.19/policy/modules/services/icecast.te ---- nsaserefpolicy/policy/modules/services/icecast.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/icecast.te 2010-09-09 12:23:45.726084993 +0200 +--- nsaserefpolicy/policy/modules/services/icecast.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/icecast.te 2010-09-09 10:23:45.000000000 +0000 @@ -6,6 +6,14 @@ # Declarations # @@ -25178,8 +25190,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/icec rtkit_scheduled(icecast_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-3.7.19/policy/modules/services/inn.te ---- nsaserefpolicy/policy/modules/services/inn.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/inn.te 2010-05-28 09:42:00.117610715 +0200 +--- nsaserefpolicy/policy/modules/services/inn.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/inn.te 2010-05-28 07:42:00.000000000 +0000 @@ -106,6 +106,7 @@ userdom_dontaudit_use_unpriv_user_fds(innd_t) @@ -25189,8 +25201,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn. mta_send_mail(innd_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.fc serefpolicy-3.7.19/policy/modules/services/jabber.fc ---- nsaserefpolicy/policy/modules/services/jabber.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/jabber.fc 2010-09-24 14:38:41.409386147 +0200 +--- nsaserefpolicy/policy/modules/services/jabber.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/jabber.fc 2010-09-24 12:38:41.000000000 +0000 @@ -2,5 +2,14 @@ /usr/sbin/jabberd -- gen_context(system_u:object_r:jabberd_exec_t,s0) @@ -25207,8 +25219,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb /var/lib/jabber(/.*)? gen_context(system_u:object_r:jabberd_var_lib_t,s0) /var/log/jabber(/.*)? gen_context(system_u:object_r:jabberd_log_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.if serefpolicy-3.7.19/policy/modules/services/jabber.if ---- nsaserefpolicy/policy/modules/services/jabber.if 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/jabber.if 2010-09-24 14:58:50.065385991 +0200 +--- nsaserefpolicy/policy/modules/services/jabber.if 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/jabber.if 2010-09-24 12:58:50.000000000 +0000 @@ -1,17 +1,96 @@ ## Jabber instant messaging server @@ -25330,8 +25342,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb domain_system_change_exemption($1) role_transition $2 jabberd_initrc_exec_t system_r; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.te serefpolicy-3.7.19/policy/modules/services/jabber.te ---- nsaserefpolicy/policy/modules/services/jabber.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/jabber.te 2010-12-01 13:18:43.455040817 +0100 +--- nsaserefpolicy/policy/modules/services/jabber.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/jabber.te 2010-12-01 12:18:43.000000000 +0000 @@ -6,13 +6,19 @@ # Declarations # @@ -25503,8 +25515,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb +sysnet_read_config(jabberd_domain) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.7.19/policy/modules/services/kerberos.fc ---- nsaserefpolicy/policy/modules/services/kerberos.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/kerberos.fc 2010-07-23 13:43:56.367388499 +0200 +--- nsaserefpolicy/policy/modules/services/kerberos.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/kerberos.fc 2010-07-23 11:43:56.000000000 +0000 @@ -8,7 +8,7 @@ /etc/krb5kdc/kadm5\.keytab -- gen_context(system_u:object_r:krb5_keytab_t,s0) /etc/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0) @@ -25515,8 +25527,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb /etc/rc\.d/init\.d/krb524d -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0) /etc/rc\.d/init\.d/krb5kdc -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.7.19/policy/modules/services/kerberos.if ---- nsaserefpolicy/policy/modules/services/kerberos.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/kerberos.if 2010-09-02 15:07:11.046335422 +0200 +--- nsaserefpolicy/policy/modules/services/kerberos.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/kerberos.if 2010-09-02 13:07:11.000000000 +0000 @@ -74,7 +74,7 @@ ') @@ -25538,8 +25550,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb allow $1 self:tcp_socket create_socket_perms; allow $1 self:udp_socket create_socket_perms; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.7.19/policy/modules/services/kerberos.te ---- nsaserefpolicy/policy/modules/services/kerberos.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/kerberos.te 2011-01-20 12:02:37.297292519 +0100 +--- nsaserefpolicy/policy/modules/services/kerberos.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/kerberos.te 2011-01-20 11:02:37.000000000 +0000 @@ -36,6 +36,7 @@ domain_obj_id_change_exemption(kpropd_t) @@ -25667,8 +25679,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb allow kpropd_t krb5_keytab_t:file read_file_perms; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.fc serefpolicy-3.7.19/policy/modules/services/ksmtuned.fc ---- nsaserefpolicy/policy/modules/services/ksmtuned.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ksmtuned.fc 2010-05-28 09:42:00.119610652 +0200 +--- nsaserefpolicy/policy/modules/services/ksmtuned.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ksmtuned.fc 2010-05-28 07:42:00.000000000 +0000 @@ -3,3 +3,5 @@ /usr/sbin/ksmtuned -- gen_context(system_u:object_r:ksmtuned_exec_t,s0) @@ -25676,8 +25688,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt + +/var/log/ksmtuned.* gen_context(system_u:object_r:ksmtuned_log_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.if serefpolicy-3.7.19/policy/modules/services/ksmtuned.if ---- nsaserefpolicy/policy/modules/services/ksmtuned.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ksmtuned.if 2010-06-28 14:28:28.265152638 +0200 +--- nsaserefpolicy/policy/modules/services/ksmtuned.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ksmtuned.if 2010-06-28 12:28:28.000000000 +0000 @@ -59,8 +59,8 @@ type ksmtuned_initrc_exec_t; ') @@ -25690,8 +25702,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt files_list_pids($1) admin_pattern($1, ksmtuned_var_run_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmtuned.te serefpolicy-3.7.19/policy/modules/services/ksmtuned.te ---- nsaserefpolicy/policy/modules/services/ksmtuned.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ksmtuned.te 2010-11-02 17:00:40.709901203 +0100 +--- nsaserefpolicy/policy/modules/services/ksmtuned.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ksmtuned.te 2010-11-02 16:00:40.000000000 +0000 @@ -10,6 +10,9 @@ type ksmtuned_exec_t; init_daemon_domain(ksmtuned_t, ksmtuned_exec_t) @@ -25732,8 +25744,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ksmt miscfiles_read_localization(ksmtuned_t) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.fc serefpolicy-3.7.19/policy/modules/services/ldap.fc ---- nsaserefpolicy/policy/modules/services/ldap.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ldap.fc 2010-07-14 12:46:27.722157993 +0200 +--- nsaserefpolicy/policy/modules/services/ldap.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ldap.fc 2010-07-14 10:46:27.000000000 +0000 @@ -1,6 +1,8 @@ /etc/ldap/slapd\.conf -- gen_context(system_u:object_r:slapd_etc_t,s0) @@ -25750,8 +25762,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap /var/run/slapd\.pid -- gen_context(system_u:object_r:slapd_var_run_t,s0) +#/var/run/slapd.* -s gen_context(system_u:object_r:slapd_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.if serefpolicy-3.7.19/policy/modules/services/ldap.if ---- nsaserefpolicy/policy/modules/services/ldap.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ldap.if 2010-09-16 15:00:27.926637062 +0200 +--- nsaserefpolicy/policy/modules/services/ldap.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ldap.if 2010-09-16 13:00:27.000000000 +0000 @@ -1,5 +1,43 @@ ## OpenLDAP directory server @@ -25856,8 +25868,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.7.19/policy/modules/services/ldap.te ---- nsaserefpolicy/policy/modules/services/ldap.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ldap.te 2010-08-13 08:23:10.016085503 +0200 +--- nsaserefpolicy/policy/modules/services/ldap.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ldap.te 2010-08-13 06:23:10.000000000 +0000 @@ -11,7 +11,7 @@ init_daemon_domain(slapd_t, slapd_exec_t) @@ -25902,8 +25914,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap manage_sock_files_pattern(slapd_t, slapd_var_run_t, slapd_var_run_t) files_pid_filetrans(slapd_t, slapd_var_run_t, { file sock_file }) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.7.19/policy/modules/services/lircd.te ---- nsaserefpolicy/policy/modules/services/lircd.te 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/lircd.te 2010-06-16 22:26:45.652869735 +0200 +--- nsaserefpolicy/policy/modules/services/lircd.te 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/lircd.te 2010-06-16 20:26:45.000000000 +0000 @@ -24,8 +24,11 @@ # lircd local policy # @@ -25955,8 +25967,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lirc +sysnet_dns_name_resolve(lircd_t) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-3.7.19/policy/modules/services/lpd.if ---- nsaserefpolicy/policy/modules/services/lpd.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/lpd.if 2010-09-16 15:34:23.589636742 +0200 +--- nsaserefpolicy/policy/modules/services/lpd.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/lpd.if 2010-09-16 13:34:23.000000000 +0000 @@ -153,7 +153,7 @@ ') @@ -25967,8 +25979,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd. ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memcached.if serefpolicy-3.7.19/policy/modules/services/memcached.if ---- nsaserefpolicy/policy/modules/services/memcached.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/memcached.if 2010-09-16 14:51:54.584636864 +0200 +--- nsaserefpolicy/policy/modules/services/memcached.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/memcached.if 2010-09-16 12:51:54.000000000 +0000 @@ -59,6 +59,7 @@ gen_require(` type memcached_t; @@ -25985,8 +25997,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/memc admin_pattern($1, memcached_var_run_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.fc serefpolicy-3.7.19/policy/modules/services/milter.fc ---- nsaserefpolicy/policy/modules/services/milter.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/milter.fc 2010-12-20 15:10:54.057041234 +0100 +--- nsaserefpolicy/policy/modules/services/milter.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/milter.fc 2010-12-20 14:10:54.000000000 +0000 @@ -1,10 +1,15 @@ +/etc/mail/dkim-milter/keys(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0) + @@ -26004,8 +26016,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt /var/run/milter-greylist\.pid -- gen_context(system_u:object_r:greylist_milter_data_t,s0) /var/run/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_data_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.7.19/policy/modules/services/milter.if ---- nsaserefpolicy/policy/modules/services/milter.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/milter.if 2010-09-09 10:52:57.640084901 +0200 +--- nsaserefpolicy/policy/modules/services/milter.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/milter.if 2010-09-09 08:52:57.000000000 +0000 @@ -37,6 +37,8 @@ files_read_etc_files($1_milter_t) @@ -26064,8 +26076,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt + delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.te serefpolicy-3.7.19/policy/modules/services/milter.te ---- nsaserefpolicy/policy/modules/services/milter.te 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/milter.te 2010-09-09 10:52:57.643085262 +0200 +--- nsaserefpolicy/policy/modules/services/milter.te 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/milter.te 2010-09-09 08:52:57.000000000 +0000 @@ -10,6 +10,13 @@ attribute milter_domains; attribute milter_data_type; @@ -26122,8 +26134,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milt mta_send_mail(spamass_milter_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/modemmanager.te serefpolicy-3.7.19/policy/modules/services/modemmanager.te ---- nsaserefpolicy/policy/modules/services/modemmanager.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/modemmanager.te 2010-10-01 15:17:59.179349157 +0200 +--- nsaserefpolicy/policy/modules/services/modemmanager.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/modemmanager.te 2010-10-01 13:17:59.000000000 +0000 @@ -16,8 +16,8 @@ # # ModemManager local policy @@ -26158,8 +26170,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mode udev_read_db(modemmanager_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.fc serefpolicy-3.7.19/policy/modules/services/mpd.fc ---- nsaserefpolicy/policy/modules/services/mpd.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/mpd.fc 2010-06-28 14:07:11.647362394 +0200 +--- nsaserefpolicy/policy/modules/services/mpd.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/mpd.fc 2010-06-28 12:07:11.000000000 +0000 @@ -0,0 +1,11 @@ + + @@ -26173,8 +26185,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd. +/var/lib/mpd/music(/.*)? gen_context(system_u:object_r:mpd_data_t,s0) +/var/lib/mpd/playlists(/.*)? gen_context(system_u:object_r:mpd_data_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.if serefpolicy-3.7.19/policy/modules/services/mpd.if ---- nsaserefpolicy/policy/modules/services/mpd.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/mpd.if 2010-09-16 14:59:09.494386932 +0200 +--- nsaserefpolicy/policy/modules/services/mpd.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/mpd.if 2010-09-16 12:59:09.000000000 +0000 @@ -0,0 +1,295 @@ + +## policy for daemon for playing music @@ -26472,8 +26484,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd. + admin_pattern($1, mpd_tmpfs_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd.te serefpolicy-3.7.19/policy/modules/services/mpd.te ---- nsaserefpolicy/policy/modules/services/mpd.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/mpd.te 2011-01-07 14:17:21.054042273 +0100 +--- nsaserefpolicy/policy/modules/services/mpd.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/mpd.te 2011-01-07 13:17:21.000000000 +0000 @@ -0,0 +1,141 @@ + +policy_module(mpd,1.0.0) @@ -26617,8 +26629,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mpd. + xserver_dontaudit_read_xdm_pid(mpd_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.7.19/policy/modules/services/mta.fc ---- nsaserefpolicy/policy/modules/services/mta.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/mta.fc 2011-01-20 10:58:55.708051696 +0100 +--- nsaserefpolicy/policy/modules/services/mta.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/mta.fc 2011-01-20 09:58:55.000000000 +0000 @@ -1,4 +1,5 @@ -HOME_DIR/\.forward -- gen_context(system_u:object_r:mail_forward_t,s0) +HOME_DIR/\.forward[^/]* -- gen_context(system_u:object_r:mail_home_t,s0) @@ -26636,8 +26648,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta. /usr/lib/courier/bin/sendmail -- gen_context(system_u:object_r:sendmail_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.7.19/policy/modules/services/mta.if ---- nsaserefpolicy/policy/modules/services/mta.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/mta.if 2010-09-09 11:00:37.517335104 +0200 +--- nsaserefpolicy/policy/modules/services/mta.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/mta.if 2010-09-09 09:00:37.000000000 +0000 @@ -144,6 +144,30 @@ ') ') @@ -26868,8 +26880,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta. ## ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.7.19/policy/modules/services/mta.te ---- nsaserefpolicy/policy/modules/services/mta.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/mta.te 2011-01-04 15:53:26.314042349 +0100 +--- nsaserefpolicy/policy/modules/services/mta.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/mta.te 2011-01-04 14:53:26.000000000 +0000 @@ -21,8 +21,8 @@ type etc_mail_t; files_config_file(etc_mail_t) @@ -27069,8 +27081,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta. + exim_manage_log(user_mail_domain) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.7.19/policy/modules/services/munin.fc ---- nsaserefpolicy/policy/modules/services/munin.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/munin.fc 2010-12-20 18:11:37.421042409 +0100 +--- nsaserefpolicy/policy/modules/services/munin.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/munin.fc 2010-12-20 17:11:37.000000000 +0000 @@ -6,6 +6,65 @@ /usr/share/munin/munin-.* -- gen_context(system_u:object_r:munin_exec_t,s0) /usr/share/munin/plugins/.* -- gen_context(system_u:object_r:munin_exec_t,s0) @@ -27138,8 +27150,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni +/var/www/html/munin(/.*)? gen_context(system_u:object_r:httpd_munin_content_t,s0) +/var/www/html/munin/cgi(/.*)? gen_context(system_u:object_r:httpd_munin_script_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.7.19/policy/modules/services/munin.if ---- nsaserefpolicy/policy/modules/services/munin.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/munin.if 2010-09-16 15:01:01.167395899 +0200 +--- nsaserefpolicy/policy/modules/services/munin.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/munin.if 2010-09-16 13:01:01.000000000 +0000 @@ -16,8 +16,7 @@ type munin_var_run_t, munin_t; ') @@ -27235,8 +27247,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni ## ## All of the rules required to administrate diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.7.19/policy/modules/services/munin.te ---- nsaserefpolicy/policy/modules/services/munin.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/munin.te 2010-12-20 16:38:45.976041956 +0100 +--- nsaserefpolicy/policy/modules/services/munin.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/munin.te 2010-12-20 15:38:45.000000000 +0000 @@ -28,12 +28,26 @@ type munin_var_run_t alias lrrd_var_run_t; files_pid_file(munin_var_run_t) @@ -27471,8 +27483,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni + +auth_use_nsswitch(munin_system_plugin_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.7.19/policy/modules/services/mysql.if ---- nsaserefpolicy/policy/modules/services/mysql.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/mysql.if 2010-09-16 15:01:43.198637084 +0200 +--- nsaserefpolicy/policy/modules/services/mysql.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/mysql.if 2010-09-16 13:01:43.000000000 +0000 @@ -73,6 +73,7 @@ type mysqld_t, mysqld_var_run_t, mysqld_db_t; ') @@ -27482,8 +27494,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq stream_connect_pattern($1, mysqld_db_t, mysqld_var_run_t, mysqld_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.7.19/policy/modules/services/mysql.te ---- nsaserefpolicy/policy/modules/services/mysql.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/mysql.te 2011-01-17 10:32:43.704041892 +0100 +--- nsaserefpolicy/policy/modules/services/mysql.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/mysql.te 2011-01-17 09:32:43.000000000 +0000 @@ -65,6 +65,7 @@ manage_dirs_pattern(mysqld_t, mysqld_db_t, mysqld_db_t) @@ -27528,8 +27540,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq mysql_manage_db_files(mysqld_safe_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.7.19/policy/modules/services/nagios.fc ---- nsaserefpolicy/policy/modules/services/nagios.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/nagios.fc 2010-05-28 09:42:00.131610831 +0200 +--- nsaserefpolicy/policy/modules/services/nagios.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/nagios.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,16 +1,89 @@ /etc/nagios(/.*)? gen_context(system_u:object_r:nagios_etc_t,s0) /etc/nagios/nrpe\.cfg -- gen_context(system_u:object_r:nrpe_etc_t,s0) @@ -27626,8 +27638,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi +# unconfined plugins +/usr/lib(64)?/nagios/plugins/check_by_ssh -- gen_context(system_u:object_r:nagios_unconfined_plugin_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.7.19/policy/modules/services/nagios.if ---- nsaserefpolicy/policy/modules/services/nagios.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/nagios.if 2010-12-03 10:05:34.581045938 +0100 +--- nsaserefpolicy/policy/modules/services/nagios.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/nagios.if 2010-12-03 09:05:34.000000000 +0000 @@ -64,8 +64,8 @@ ######################################## @@ -27816,8 +27828,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi + admin_pattern($1, nrpe_etc_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.7.19/policy/modules/services/nagios.te ---- nsaserefpolicy/policy/modules/services/nagios.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/nagios.te 2010-12-15 15:55:10.404042137 +0100 +--- nsaserefpolicy/policy/modules/services/nagios.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/nagios.te 2010-12-15 14:55:10.000000000 +0000 @@ -10,13 +10,12 @@ type nagios_exec_t; init_daemon_domain(nagios_t, nagios_exec_t) @@ -28220,8 +28232,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi + init_read_utmp(nagios_system_plugin_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.7.19/policy/modules/services/networkmanager.fc ---- nsaserefpolicy/policy/modules/services/networkmanager.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/networkmanager.fc 2010-10-25 13:45:54.246900872 +0200 +--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/networkmanager.fc 2010-10-25 11:45:54.000000000 +0000 @@ -1,12 +1,33 @@ +/etc/rc\.d/init\.d/wicd -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t, s0) +/etc/NetworkManager/dispatcher\.d(/.*) gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0) @@ -28257,8 +28269,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw +/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.7.19/policy/modules/services/networkmanager.if ---- nsaserefpolicy/policy/modules/services/networkmanager.if 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/networkmanager.if 2010-06-28 18:01:28.875149888 +0200 +--- nsaserefpolicy/policy/modules/services/networkmanager.if 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/networkmanager.if 2010-06-28 16:01:28.000000000 +0000 @@ -100,6 +100,27 @@ ######################################## @@ -28403,8 +28415,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw + append_files_pattern($1, NetworkManager_log_t, NetworkManager_log_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.7.19/policy/modules/services/networkmanager.te ---- nsaserefpolicy/policy/modules/services/networkmanager.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/networkmanager.te 2010-11-10 10:33:17.378148982 +0100 +--- nsaserefpolicy/policy/modules/services/networkmanager.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/networkmanager.te 2010-11-10 09:33:17.000000000 +0000 @@ -19,6 +19,9 @@ type NetworkManager_tmp_t; files_tmp_file(NetworkManager_tmp_t) @@ -28668,8 +28680,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.7.19/policy/modules/services/nis.fc ---- nsaserefpolicy/policy/modules/services/nis.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/nis.fc 2010-07-23 15:46:13.779074299 +0200 +--- nsaserefpolicy/policy/modules/services/nis.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/nis.fc 2010-07-23 13:46:13.000000000 +0000 @@ -1,4 +1,7 @@ - +/etc/rc\.d/init\.d/ypbind -- gen_context(system_u:object_r:ypbind_initrc_exec_t,s0) @@ -28693,8 +28705,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis. +/var/run/ypserv.* -- gen_context(system_u:object_r:ypserv_var_run_t,s0) +/var/run/yppass.* -- gen_context(system_u:object_r:yppasswdd_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.7.19/policy/modules/services/nis.if ---- nsaserefpolicy/policy/modules/services/nis.if 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/nis.if 2010-08-06 12:16:38.934083793 +0200 +--- nsaserefpolicy/policy/modules/services/nis.if 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/nis.if 2010-08-06 10:16:38.000000000 +0000 @@ -28,7 +28,7 @@ type var_yp_t; ') @@ -28879,8 +28891,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis. admin_pattern($1, ypbind_tmp_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.7.19/policy/modules/services/nis.te ---- nsaserefpolicy/policy/modules/services/nis.te 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/nis.te 2010-05-28 09:42:00.137610990 +0200 +--- nsaserefpolicy/policy/modules/services/nis.te 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/nis.te 2010-05-28 07:42:00.000000000 +0000 @@ -1,11 +1,14 @@ -policy_module(nis, 1.9.0) @@ -28966,8 +28978,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis. corenet_udp_bind_all_rpc_ports(ypxfr_t) corenet_dontaudit_tcp_bind_all_reserved_ports(ypxfr_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.7.19/policy/modules/services/nscd.if ---- nsaserefpolicy/policy/modules/services/nscd.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/nscd.if 2010-11-11 16:02:13.620399037 +0100 +--- nsaserefpolicy/policy/modules/services/nscd.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/nscd.if 2010-11-11 15:02:13.000000000 +0000 @@ -112,11 +112,33 @@ allow $1 self:unix_stream_socket create_socket_perms; @@ -29012,8 +29024,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.7.19/policy/modules/services/nscd.te ---- nsaserefpolicy/policy/modules/services/nscd.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/nscd.te 2010-06-01 17:15:11.443159955 +0200 +--- nsaserefpolicy/policy/modules/services/nscd.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/nscd.te 2010-06-01 15:15:11.000000000 +0000 @@ -1,10 +1,17 @@ -policy_module(nscd, 1.10.0) @@ -29079,8 +29091,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd + unconfined_dontaudit_rw_packet_sockets(nscd_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.if serefpolicy-3.7.19/policy/modules/services/nslcd.if ---- nsaserefpolicy/policy/modules/services/nslcd.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/nslcd.if 2010-09-16 15:03:19.430636930 +0200 +--- nsaserefpolicy/policy/modules/services/nslcd.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/nslcd.if 2010-09-16 13:03:19.000000000 +0000 @@ -106,9 +106,9 @@ role_transition $2 nslcd_initrc_exec_t system_r; allow $2 system_r; @@ -29096,8 +29108,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslc + admin_pattern($1, nslcd_var_run_t, nslcd_var_run_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslcd.te serefpolicy-3.7.19/policy/modules/services/nslcd.te ---- nsaserefpolicy/policy/modules/services/nslcd.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/nslcd.te 2010-05-28 09:42:00.139610787 +0200 +--- nsaserefpolicy/policy/modules/services/nslcd.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/nslcd.te 2010-05-28 07:42:00.000000000 +0000 @@ -35,6 +35,8 @@ manage_sock_files_pattern(nslcd_t, nslcd_var_run_t, nslcd_var_run_t) files_pid_filetrans(nslcd_t, nslcd_var_run_t, { file dir }) @@ -29108,8 +29120,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nslc auth_use_nsswitch(nslcd_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop.if serefpolicy-3.7.19/policy/modules/services/ntop.if ---- nsaserefpolicy/policy/modules/services/ntop.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ntop.if 2010-06-28 14:35:14.462401509 +0200 +--- nsaserefpolicy/policy/modules/services/ntop.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ntop.if 2010-06-28 12:35:14.000000000 +0000 @@ -1 +1,157 @@ ## Network Top + @@ -29269,8 +29281,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop + allow $2 system_r; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop.te serefpolicy-3.7.19/policy/modules/services/ntop.te ---- nsaserefpolicy/policy/modules/services/ntop.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ntop.te 2010-05-28 09:42:00.140610931 +0200 +--- nsaserefpolicy/policy/modules/services/ntop.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ntop.te 2010-05-28 07:42:00.000000000 +0000 @@ -11,12 +11,12 @@ init_daemon_domain(ntop_t, ntop_exec_t) application_domain(ntop_t, ntop_exec_t) @@ -29361,8 +29373,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntop ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.7.19/policy/modules/services/ntp.if ---- nsaserefpolicy/policy/modules/services/ntp.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ntp.if 2010-09-16 15:06:24.157386834 +0200 +--- nsaserefpolicy/policy/modules/services/ntp.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ntp.if 2010-09-16 13:06:24.000000000 +0000 @@ -144,7 +144,7 @@ type ntpd_initrc_exec_t; ') @@ -29373,8 +29385,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp. init_labeled_script_domtrans($1, ntpd_initrc_exec_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.7.19/policy/modules/services/ntp.te ---- nsaserefpolicy/policy/modules/services/ntp.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ntp.te 2010-05-28 09:42:00.141610585 +0200 +--- nsaserefpolicy/policy/modules/services/ntp.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ntp.te 2010-05-28 07:42:00.000000000 +0000 @@ -97,9 +97,12 @@ dev_read_sysfs(ntpd_t) # for SSP @@ -29389,8 +29401,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp. term_use_ptmx(ntpd_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut.te serefpolicy-3.7.19/policy/modules/services/nut.te ---- nsaserefpolicy/policy/modules/services/nut.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/nut.te 2010-08-25 16:39:24.497085412 +0200 +--- nsaserefpolicy/policy/modules/services/nut.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/nut.te 2010-08-25 14:39:24.000000000 +0000 @@ -67,13 +67,15 @@ allow nut_upsmon_t self:fifo_file rw_fifo_file_perms; allow nut_upsmon_t self:unix_dgram_socket { create_socket_perms sendto }; @@ -29420,8 +29432,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nut. # # Local policy for upsdrvctl diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.7.19/policy/modules/services/nx.fc ---- nsaserefpolicy/policy/modules/services/nx.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/nx.fc 2010-05-28 09:42:00.142610728 +0200 +--- nsaserefpolicy/policy/modules/services/nx.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/nx.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,7 +1,15 @@ /opt/NX/bin/nxserver -- gen_context(system_u:object_r:nx_server_exec_t,s0) @@ -29441,8 +29453,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.f + /usr/libexec/nx/nxserver -- gen_context(system_u:object_r:nx_server_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.if serefpolicy-3.7.19/policy/modules/services/nx.if ---- nsaserefpolicy/policy/modules/services/nx.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/nx.if 2010-05-28 09:42:00.143610940 +0200 +--- nsaserefpolicy/policy/modules/services/nx.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/nx.if 2010-05-28 07:42:00.000000000 +0000 @@ -17,3 +17,70 @@ spec_domtrans_pattern($1, nx_server_exec_t, nx_server_t) @@ -29515,8 +29527,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.i + filetrans_pattern($1, nx_server_var_lib_t, $2, $3) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.7.19/policy/modules/services/nx.te ---- nsaserefpolicy/policy/modules/services/nx.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/nx.te 2010-05-28 09:42:00.144610804 +0200 +--- nsaserefpolicy/policy/modules/services/nx.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/nx.te 2010-05-28 07:42:00.000000000 +0000 @@ -25,6 +25,12 @@ type nx_server_var_run_t; files_pid_file(nx_server_var_run_t) @@ -29552,8 +29564,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.t kernel_read_kernel_sysctls(nx_server_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.7.19/policy/modules/services/oddjob.fc ---- nsaserefpolicy/policy/modules/services/oddjob.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/oddjob.fc 2010-05-28 09:42:00.144610804 +0200 +--- nsaserefpolicy/policy/modules/services/oddjob.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/oddjob.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,4 +1,5 @@ /usr/lib(64)?/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0) +/usr/libexec/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0) @@ -29561,8 +29573,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj /usr/sbin/oddjobd -- gen_context(system_u:object_r:oddjob_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.7.19/policy/modules/services/oddjob.if ---- nsaserefpolicy/policy/modules/services/oddjob.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/oddjob.if 2010-09-16 15:10:11.324637049 +0200 +--- nsaserefpolicy/policy/modules/services/oddjob.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/oddjob.if 2010-09-16 13:10:11.000000000 +0000 @@ -22,6 +22,25 @@ domtrans_pattern($1, oddjob_exec_t, oddjob_t) ') @@ -29623,8 +29635,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj ## ## Execute a domain transition to run oddjob_mkhomedir. diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.7.19/policy/modules/services/oddjob.te ---- nsaserefpolicy/policy/modules/services/oddjob.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/oddjob.te 2010-05-28 09:42:00.145610598 +0200 +--- nsaserefpolicy/policy/modules/services/oddjob.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/oddjob.te 2010-05-28 07:42:00.000000000 +0000 @@ -100,8 +100,7 @@ # Add/remove user home directories @@ -29637,8 +29649,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj +userdom_manage_user_home_content(oddjob_mkhomedir_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oident.te serefpolicy-3.7.19/policy/modules/services/oident.te ---- nsaserefpolicy/policy/modules/services/oident.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/oident.te 2010-05-28 09:42:00.146610252 +0200 +--- nsaserefpolicy/policy/modules/services/oident.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/oident.te 2010-05-28 07:42:00.000000000 +0000 @@ -49,6 +49,7 @@ kernel_read_network_state(oidentd_t) kernel_read_network_state_symlinks(oidentd_t) @@ -29648,8 +29660,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oide logging_send_syslog_msg(oidentd_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.7.19/policy/modules/services/openvpn.te ---- nsaserefpolicy/policy/modules/services/openvpn.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/openvpn.te 2010-12-01 11:53:50.004042761 +0100 +--- nsaserefpolicy/policy/modules/services/openvpn.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/openvpn.te 2010-12-01 10:53:50.000000000 +0000 @@ -25,6 +25,9 @@ type openvpn_etc_rw_t; files_config_file(openvpn_etc_rw_t) @@ -29715,8 +29727,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open + unconfined_attach_tun_iface(openvpn_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.if serefpolicy-3.7.19/policy/modules/services/pads.if ---- nsaserefpolicy/policy/modules/services/pads.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/pads.if 2010-09-16 15:10:56.276637029 +0200 +--- nsaserefpolicy/policy/modules/services/pads.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/pads.if 2010-09-16 13:10:56.000000000 +0000 @@ -39,6 +39,9 @@ role_transition $2 pads_initrc_exec_t system_r; allow $2 system_r; @@ -29728,8 +29740,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads admin_pattern($1, pads_config_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/passenger.fc serefpolicy-3.7.19/policy/modules/services/passenger.fc ---- nsaserefpolicy/policy/modules/services/passenger.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/passenger.fc 2010-12-21 08:32:58.717040259 +0100 +--- nsaserefpolicy/policy/modules/services/passenger.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/passenger.fc 2010-12-21 07:32:58.000000000 +0000 @@ -0,0 +1,16 @@ + +/usr/lib(64)?/ruby/gems/.*/passenger-.*/ext/apache2/ApplicationPoolServerExecutable -- gen_context(system_u:object_r:passenger_exec_t,s0) @@ -29748,8 +29760,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pass + +/var/run/passenger(/.*)? gen_context(system_u:object_r:passenger_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/passenger.if serefpolicy-3.7.19/policy/modules/services/passenger.if ---- nsaserefpolicy/policy/modules/services/passenger.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/passenger.if 2010-12-21 07:41:31.411042063 +0100 +--- nsaserefpolicy/policy/modules/services/passenger.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/passenger.if 2010-12-21 06:41:31.000000000 +0000 @@ -0,0 +1,67 @@ +## Passenger policy + @@ -29819,8 +29831,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pass + read_lnk_files_pattern($1, passenger_var_lib_t, passenger_var_lib_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/passenger.te serefpolicy-3.7.19/policy/modules/services/passenger.te ---- nsaserefpolicy/policy/modules/services/passenger.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/passenger.te 2010-12-21 08:02:12.321042395 +0100 +--- nsaserefpolicy/policy/modules/services/passenger.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/passenger.te 2010-12-21 07:02:12.000000000 +0000 @@ -0,0 +1,76 @@ +policy_module(passanger, 1.0.0) + @@ -29899,8 +29911,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pass + apache_read_sys_content(passenger_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.7.19/policy/modules/services/pcscd.te ---- nsaserefpolicy/policy/modules/services/pcscd.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/pcscd.te 2010-08-17 15:11:28.402085340 +0200 +--- nsaserefpolicy/policy/modules/services/pcscd.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/pcscd.te 2010-08-17 13:11:28.000000000 +0000 @@ -42,6 +42,7 @@ corenet_tcp_sendrecv_all_ports(pcscd_t) corenet_tcp_connect_http_port(pcscd_t) @@ -29910,8 +29922,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcsc dev_rw_smartcard(pcscd_t) dev_rw_usbfs(pcscd_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.7.19/policy/modules/services/pegasus.te ---- nsaserefpolicy/policy/modules/services/pegasus.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/pegasus.te 2010-05-28 09:42:00.147610884 +0200 +--- nsaserefpolicy/policy/modules/services/pegasus.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/pegasus.te 2010-05-28 07:42:00.000000000 +0000 @@ -30,7 +30,7 @@ # Local policy # @@ -29984,8 +29996,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pega + xen_stream_connect_xenstore(pegasus_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.fc serefpolicy-3.7.19/policy/modules/services/piranha.fc ---- nsaserefpolicy/policy/modules/services/piranha.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/piranha.fc 2010-08-05 10:49:22.814085304 +0200 +--- nsaserefpolicy/policy/modules/services/piranha.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/piranha.fc 2010-08-05 08:49:22.000000000 +0000 @@ -0,0 +1,27 @@ + +/etc/rc\.d/init\.d/pulse -- gen_context(system_u:object_r:piranha_pulse_initrc_exec_t,s0) @@ -30015,8 +30027,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.if serefpolicy-3.7.19/policy/modules/services/piranha.if ---- nsaserefpolicy/policy/modules/services/piranha.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/piranha.if 2010-05-28 09:42:00.149610331 +0200 +--- nsaserefpolicy/policy/modules/services/piranha.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/piranha.if 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,175 @@ + +## policy for piranha @@ -30194,8 +30206,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira + manage_lnk_files_pattern($1, piranha_log_t, piranha_log_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/piranha.te serefpolicy-3.7.19/policy/modules/services/piranha.te ---- nsaserefpolicy/policy/modules/services/piranha.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/piranha.te 2010-09-09 13:14:39.486084912 +0200 +--- nsaserefpolicy/policy/modules/services/piranha.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/piranha.te 2010-09-09 11:14:39.000000000 +0000 @@ -0,0 +1,230 @@ + +policy_module(piranha,1.0.0) @@ -30428,8 +30440,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pira + +sysnet_read_config(piranha_domain) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouthd.fc serefpolicy-3.7.19/policy/modules/services/plymouthd.fc ---- nsaserefpolicy/policy/modules/services/plymouthd.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/plymouthd.fc 2010-05-28 09:42:00.150610614 +0200 +--- nsaserefpolicy/policy/modules/services/plymouthd.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/plymouthd.fc 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,9 @@ +/bin/plymouth -- gen_context(system_u:object_r:plymouth_exec_t, s0) + @@ -30441,8 +30453,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plym + +/var/run/plymouth(/.*)? gen_context(system_u:object_r:plymouthd_var_run_t, s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouthd.if serefpolicy-3.7.19/policy/modules/services/plymouthd.if ---- nsaserefpolicy/policy/modules/services/plymouthd.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/plymouthd.if 2010-09-16 15:18:22.185386928 +0200 +--- nsaserefpolicy/policy/modules/services/plymouthd.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/plymouthd.if 2010-09-16 13:18:22.000000000 +0000 @@ -0,0 +1,326 @@ +## policy for plymouthd + @@ -30771,8 +30783,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plym + allow $1 plymouthd_t:unix_stream_socket connectto; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plymouthd.te serefpolicy-3.7.19/policy/modules/services/plymouthd.te ---- nsaserefpolicy/policy/modules/services/plymouthd.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/plymouthd.te 2010-05-28 09:42:00.151610478 +0200 +--- nsaserefpolicy/policy/modules/services/plymouthd.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/plymouthd.te 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,109 @@ +policy_module(plymouthd, 1.0.0) + @@ -30884,8 +30896,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/plym +') +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.fc serefpolicy-3.7.19/policy/modules/services/policykit.fc ---- nsaserefpolicy/policy/modules/services/policykit.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/policykit.fc 2010-05-28 09:42:00.152610621 +0200 +--- nsaserefpolicy/policy/modules/services/policykit.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/policykit.fc 2010-05-28 07:42:00.000000000 +0000 @@ -6,10 +6,13 @@ /usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:policykit_auth_exec_t,s0) /usr/libexec/polkit-grant-helper.* -- gen_context(system_u:object_r:policykit_grant_exec_t,s0) @@ -30902,8 +30914,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli /var/run/PolicyKit(/.*)? gen_context(system_u:object_r:policykit_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.if serefpolicy-3.7.19/policy/modules/services/policykit.if ---- nsaserefpolicy/policy/modules/services/policykit.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/policykit.if 2010-05-28 09:42:00.152610621 +0200 +--- nsaserefpolicy/policy/modules/services/policykit.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/policykit.if 2010-05-28 07:42:00.000000000 +0000 @@ -17,12 +17,37 @@ class dbus send_msg; ') @@ -31001,8 +31013,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli + allow $1 policykit_auth_t:process signal; ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.7.19/policy/modules/services/policykit.te ---- nsaserefpolicy/policy/modules/services/policykit.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/policykit.te 2010-09-09 11:05:30.401085346 +0200 +--- nsaserefpolicy/policy/modules/services/policykit.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/policykit.te 2010-09-09 09:05:30.000000000 +0000 @@ -25,6 +25,9 @@ type policykit_reload_t alias polkit_reload_t; files_type(policykit_reload_t) @@ -31186,8 +31198,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/poli allow policykit_resolve_t self:unix_stream_socket create_stream_socket_perms; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.fc serefpolicy-3.7.19/policy/modules/services/portreserve.fc ---- nsaserefpolicy/policy/modules/services/portreserve.fc 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/portreserve.fc 2010-05-28 09:42:00.154610557 +0200 +--- nsaserefpolicy/policy/modules/services/portreserve.fc 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/portreserve.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,3 +1,6 @@ + +/etc/rc\.d/init\.d/portreserve -- gen_context(system_u:object_r:portreserve_initrc_exec_t,s0) @@ -31196,8 +31208,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port /sbin/portreserve -- gen_context(system_u:object_r:portreserve_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.if serefpolicy-3.7.19/policy/modules/services/portreserve.if ---- nsaserefpolicy/policy/modules/services/portreserve.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/portreserve.if 2010-09-16 15:19:05.465636901 +0200 +--- nsaserefpolicy/policy/modules/services/portreserve.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/portreserve.if 2010-09-16 13:19:05.000000000 +0000 @@ -18,6 +18,24 @@ domtrans_pattern($1, portreserve_exec_t, portreserve_t) ') @@ -31265,8 +31277,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port + admin_pattern($1, portreserve_var_run_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.7.19/policy/modules/services/portreserve.te ---- nsaserefpolicy/policy/modules/services/portreserve.te 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/portreserve.te 2010-07-09 09:55:59.073135212 +0200 +--- nsaserefpolicy/policy/modules/services/portreserve.te 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/portreserve.te 2010-07-09 07:55:59.000000000 +0000 @@ -10,6 +10,9 @@ type portreserve_exec_t; init_daemon_domain(portreserve_t, portreserve_exec_t) @@ -31284,8 +31296,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port + +userdom_dontaudit_search_user_home_content(portreserve_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.7.19/policy/modules/services/postfix.fc ---- nsaserefpolicy/policy/modules/services/postfix.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/postfix.fc 2010-05-28 09:42:00.155610840 +0200 +--- nsaserefpolicy/policy/modules/services/postfix.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/postfix.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,4 +1,5 @@ # postfix +/etc/rc\.d/init\.d/postfix -- gen_context(system_u:object_r:postfix_initrc_exec_t,s0) @@ -31306,8 +31318,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post /usr/sbin/postfix -- gen_context(system_u:object_r:postfix_master_exec_t,s0) /usr/sbin/postkick -- gen_context(system_u:object_r:postfix_master_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.7.19/policy/modules/services/postfix.if ---- nsaserefpolicy/policy/modules/services/postfix.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/postfix.if 2011-01-19 11:28:09.917041062 +0100 +--- nsaserefpolicy/policy/modules/services/postfix.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/postfix.if 2011-01-19 10:28:09.000000000 +0000 @@ -35,7 +35,7 @@ role system_r types postfix_$1_t; @@ -31722,8 +31734,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post + admin_pattern($1, postfix_public_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.7.19/policy/modules/services/postfix.te ---- nsaserefpolicy/policy/modules/services/postfix.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/postfix.te 2011-01-20 10:59:48.876041237 +0100 +--- nsaserefpolicy/policy/modules/services/postfix.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/postfix.te 2011-01-20 09:59:48.000000000 +0000 @@ -6,6 +6,15 @@ # Declarations # @@ -32151,8 +32163,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post +userdom_home_filetrans_user_home_dir(postfix_virtual_t) +userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, {file dir }) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.7.19/policy/modules/services/postgresql.if ---- nsaserefpolicy/policy/modules/services/postgresql.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/postgresql.if 2011-01-19 19:02:35.510042541 +0100 +--- nsaserefpolicy/policy/modules/services/postgresql.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/postgresql.if 2011-01-19 18:02:35.000000000 +0000 @@ -10,7 +10,7 @@ ## ## @@ -32508,8 +32520,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post postgresql_tcp_connect($1) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.7.19/policy/modules/services/postgresql.te ---- nsaserefpolicy/policy/modules/services/postgresql.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/postgresql.te 2011-01-19 19:02:35.513051840 +0100 +--- nsaserefpolicy/policy/modules/services/postgresql.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/postgresql.te 2011-01-19 18:02:35.000000000 +0000 @@ -1,5 +1,4 @@ - -policy_module(postgresql, 1.10.2) @@ -32842,8 +32854,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.7.19/policy/modules/services/ppp.if ---- nsaserefpolicy/policy/modules/services/ppp.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ppp.if 2010-10-13 09:40:56.718900943 +0200 +--- nsaserefpolicy/policy/modules/services/ppp.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ppp.if 2010-10-13 07:40:56.000000000 +0000 @@ -281,7 +281,7 @@ type pppd_var_run_t; ') @@ -32884,8 +32896,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp. admin_pattern($1, pptp_log_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.7.19/policy/modules/services/ppp.te ---- nsaserefpolicy/policy/modules/services/ppp.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ppp.te 2010-05-28 09:42:00.159610853 +0200 +--- nsaserefpolicy/policy/modules/services/ppp.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ppp.te 2010-05-28 07:42:00.000000000 +0000 @@ -71,7 +71,7 @@ # PPPD Local policy # @@ -32905,8 +32917,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp. optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.7.19/policy/modules/services/prelude.if ---- nsaserefpolicy/policy/modules/services/prelude.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/prelude.if 2010-09-16 15:12:53.251386792 +0200 +--- nsaserefpolicy/policy/modules/services/prelude.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/prelude.if 2010-09-16 13:12:53.000000000 +0000 @@ -136,9 +136,15 @@ allow $2 system_r; @@ -32924,8 +32936,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel admin_pattern($1, prelude_lml_var_run_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.if serefpolicy-3.7.19/policy/modules/services/privoxy.if ---- nsaserefpolicy/policy/modules/services/privoxy.if 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/privoxy.if 2010-09-16 15:24:54.424637062 +0200 +--- nsaserefpolicy/policy/modules/services/privoxy.if 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/privoxy.if 2010-09-16 13:24:54.000000000 +0000 @@ -24,7 +24,7 @@ type privoxy_initrc_exec_t; ') @@ -32936,8 +32948,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/priv init_labeled_script_domtrans($1, privoxy_initrc_exec_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.fc serefpolicy-3.7.19/policy/modules/services/procmail.fc ---- nsaserefpolicy/policy/modules/services/procmail.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/procmail.fc 2010-05-28 09:42:00.159610853 +0200 +--- nsaserefpolicy/policy/modules/services/procmail.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/procmail.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,3 +1,5 @@ +HOME_DIR/\.procmailrc -- gen_context(system_u:object_r:procmail_home_t, s0) +/root/\.procmailrc -- gen_context(system_u:object_r:procmail_home_t, s0) @@ -32945,8 +32957,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc /usr/bin/procmail -- gen_context(system_u:object_r:procmail_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.if serefpolicy-3.7.19/policy/modules/services/procmail.if ---- nsaserefpolicy/policy/modules/services/procmail.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/procmail.if 2010-07-19 15:50:57.889151415 +0200 +--- nsaserefpolicy/policy/modules/services/procmail.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/procmail.if 2010-07-19 13:50:57.000000000 +0000 @@ -77,3 +77,22 @@ files_search_tmp($1) rw_files_pattern($1, procmail_tmp_t, procmail_tmp_t) @@ -32971,8 +32983,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc + read_files_pattern($1, procmail_home_t, procmail_home_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.7.19/policy/modules/services/procmail.te ---- nsaserefpolicy/policy/modules/services/procmail.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/procmail.te 2010-05-28 09:42:00.161610790 +0200 +--- nsaserefpolicy/policy/modules/services/procmail.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/procmail.te 2010-05-28 07:42:00.000000000 +0000 @@ -11,6 +11,9 @@ application_domain(procmail_t, procmail_exec_t) role system_r types procmail_t; @@ -33053,8 +33065,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.if serefpolicy-3.7.19/policy/modules/services/psad.if ---- nsaserefpolicy/policy/modules/services/psad.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/psad.if 2010-10-18 15:26:34.337901390 +0200 +--- nsaserefpolicy/policy/modules/services/psad.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/psad.if 2010-10-18 13:26:34.000000000 +0000 @@ -174,6 +174,26 @@ append_files_pattern($1, psad_var_log_t, psad_var_log_t) ') @@ -33105,8 +33117,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad allow $1 psad_t:process { ptrace signal_perms }; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.te serefpolicy-3.7.19/policy/modules/services/psad.te ---- nsaserefpolicy/policy/modules/services/psad.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/psad.te 2010-06-03 10:24:19.786161096 +0200 +--- nsaserefpolicy/policy/modules/services/psad.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/psad.te 2010-06-03 08:24:19.000000000 +0000 @@ -86,6 +86,7 @@ dev_read_urand(psad_t) @@ -33116,8 +33128,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad fs_getattr_all_fs(psad_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/puppet.te serefpolicy-3.7.19/policy/modules/services/puppet.te ---- nsaserefpolicy/policy/modules/services/puppet.te 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/puppet.te 2011-01-17 10:29:24.948041219 +0100 +--- nsaserefpolicy/policy/modules/services/puppet.te 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/puppet.te 2011-01-17 09:29:24.000000000 +0000 @@ -14,6 +14,13 @@ ## gen_tunable(puppet_manage_all_files, false) @@ -33183,8 +33195,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pupp + usermanage_domtrans_useradd(puppetmaster_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.7.19/policy/modules/services/pyzor.fc ---- nsaserefpolicy/policy/modules/services/pyzor.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/pyzor.fc 2010-05-28 09:42:00.162610723 +0200 +--- nsaserefpolicy/policy/modules/services/pyzor.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/pyzor.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,6 +1,10 @@ /etc/pyzor(/.*)? gen_context(system_u:object_r:pyzor_etc_t, s0) +/etc/rc\.d/init\.d/pyzord -- gen_context(system_u:object_r:pyzord_initrc_exec_t,s0) @@ -33197,8 +33209,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo /usr/bin/pyzor -- gen_context(system_u:object_r:pyzor_exec_t,s0) /usr/bin/pyzord -- gen_context(system_u:object_r:pyzord_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.7.19/policy/modules/services/pyzor.if ---- nsaserefpolicy/policy/modules/services/pyzor.if 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/pyzor.if 2010-05-28 09:42:00.162610723 +0200 +--- nsaserefpolicy/policy/modules/services/pyzor.if 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/pyzor.if 2010-05-28 07:42:00.000000000 +0000 @@ -88,3 +88,50 @@ corecmd_search_bin($1) can_exec($1, pyzor_exec_t) @@ -33251,8 +33263,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.7.19/policy/modules/services/pyzor.te ---- nsaserefpolicy/policy/modules/services/pyzor.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/pyzor.te 2010-05-28 09:42:00.163610797 +0200 +--- nsaserefpolicy/policy/modules/services/pyzor.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/pyzor.te 2010-05-28 07:42:00.000000000 +0000 @@ -6,6 +6,38 @@ # Declarations # @@ -33318,8 +33330,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmail.te serefpolicy-3.7.19/policy/modules/services/qmail.te ---- nsaserefpolicy/policy/modules/services/qmail.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/qmail.te 2010-09-01 12:03:11.253344636 +0200 +--- nsaserefpolicy/policy/modules/services/qmail.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/qmail.te 2010-09-01 10:03:11.000000000 +0000 @@ -125,6 +125,10 @@ spamassassin_domtrans_client(qmail_local_t) ') @@ -33332,8 +33344,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmai # # qmail-lspawn local policy diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.fc serefpolicy-3.7.19/policy/modules/services/qpidd.fc ---- nsaserefpolicy/policy/modules/services/qpidd.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/qpidd.fc 2010-05-28 09:42:00.163610797 +0200 +--- nsaserefpolicy/policy/modules/services/qpidd.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/qpidd.fc 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,9 @@ + +/usr/sbin/qpidd -- gen_context(system_u:object_r:qpidd_exec_t,s0) @@ -33345,8 +33357,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid +/var/run/qpidd(/.*)? gen_context(system_u:object_r:qpidd_var_run_t,s0) +/var/run/qpidd\.pid gen_context(system_u:object_r:qpidd_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.if serefpolicy-3.7.19/policy/modules/services/qpidd.if ---- nsaserefpolicy/policy/modules/services/qpidd.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/qpidd.if 2010-09-16 15:23:19.343636970 +0200 +--- nsaserefpolicy/policy/modules/services/qpidd.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/qpidd.if 2010-09-16 13:23:19.000000000 +0000 @@ -0,0 +1,231 @@ + +## policy for qpidd @@ -33580,8 +33592,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid + allow $1 qpidd_t:shm rw_shm_perms; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpidd.te serefpolicy-3.7.19/policy/modules/services/qpidd.te ---- nsaserefpolicy/policy/modules/services/qpidd.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/qpidd.te 2010-11-11 16:21:18.340430870 +0100 +--- nsaserefpolicy/policy/modules/services/qpidd.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/qpidd.te 2010-11-11 15:21:18.000000000 +0000 @@ -0,0 +1,63 @@ +policy_module(qpidd,1.0.0) + @@ -33647,8 +33659,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qpid + corosync_stream_connect(qpidd_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.if serefpolicy-3.7.19/policy/modules/services/radius.if ---- nsaserefpolicy/policy/modules/services/radius.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/radius.if 2010-09-16 15:25:26.911637199 +0200 +--- nsaserefpolicy/policy/modules/services/radius.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/radius.if 2010-09-16 13:25:26.000000000 +0000 @@ -38,7 +38,7 @@ type radiusd_initrc_exec_t; ') @@ -33659,8 +33671,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi init_labeled_script_domtrans($1, radiusd_initrc_exec_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-3.7.19/policy/modules/services/radius.te ---- nsaserefpolicy/policy/modules/services/radius.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/radius.te 2011-01-03 10:47:38.474042362 +0100 +--- nsaserefpolicy/policy/modules/services/radius.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/radius.te 2011-01-03 09:47:38.000000000 +0000 @@ -37,7 +37,7 @@ # gzip also needs chown access to preserve GID for radwtmp files allow radiusd_t self:capability { chown dac_override fsetid kill setgid setuid sys_resource sys_tty_config }; @@ -33687,16 +33699,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.7.19/policy/modules/services/razor.fc ---- nsaserefpolicy/policy/modules/services/razor.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/razor.fc 2010-05-28 09:42:00.165610873 +0200 +--- nsaserefpolicy/policy/modules/services/razor.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/razor.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,3 +1,4 @@ +/root/\.razor(/.*)? gen_context(system_u:object_r:razor_home_t,s0) HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:razor_home_t,s0) /etc/razor(/.*)? gen_context(system_u:object_r:razor_etc_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.7.19/policy/modules/services/razor.if ---- nsaserefpolicy/policy/modules/services/razor.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/razor.if 2010-09-16 15:26:20.599637115 +0200 +--- nsaserefpolicy/policy/modules/services/razor.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/razor.if 2010-09-16 13:26:20.000000000 +0000 @@ -157,3 +157,44 @@ domtrans_pattern($1, razor_exec_t, razor_t) @@ -33743,8 +33755,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.7.19/policy/modules/services/razor.te ---- nsaserefpolicy/policy/modules/services/razor.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/razor.te 2010-05-28 09:42:00.166610736 +0200 +--- nsaserefpolicy/policy/modules/services/razor.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/razor.te 2010-05-28 07:42:00.000000000 +0000 @@ -6,6 +6,32 @@ # Declarations # @@ -33797,8 +33809,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo + ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remotelogin.te serefpolicy-3.7.19/policy/modules/services/remotelogin.te ---- nsaserefpolicy/policy/modules/services/remotelogin.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/remotelogin.te 2010-11-08 15:03:03.626165758 +0100 +--- nsaserefpolicy/policy/modules/services/remotelogin.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/remotelogin.te 2010-11-08 14:03:03.000000000 +0000 @@ -50,6 +50,7 @@ fs_search_auto_mountpoints(remote_login_t) @@ -33808,8 +33820,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remo auth_rw_login_records(remote_login_t) auth_rw_faillog(remote_login_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/resmgr.if serefpolicy-3.7.19/policy/modules/services/resmgr.if ---- nsaserefpolicy/policy/modules/services/resmgr.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/resmgr.if 2010-09-16 15:29:11.862636875 +0200 +--- nsaserefpolicy/policy/modules/services/resmgr.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/resmgr.if 2010-09-16 13:29:11.000000000 +0000 @@ -16,7 +16,6 @@ type resmgrd_var_run_t, resmgrd_t; ') @@ -33820,8 +33832,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/resm + stream_connect_pattern($1, resmgrd_var_run_t, resmgrd_var_run_t, resmgrd_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.fc serefpolicy-3.7.19/policy/modules/services/rgmanager.fc ---- nsaserefpolicy/policy/modules/services/rgmanager.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/rgmanager.fc 2010-05-28 09:42:00.167610740 +0200 +--- nsaserefpolicy/policy/modules/services/rgmanager.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rgmanager.fc 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,10 @@ + +/etc/rc\.d/init\.d/rgmanager -- gen_context(system_u:object_r:rgmanager_initrc_exec_t,s0) @@ -33834,8 +33846,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma + +/var/run/cluster/rgmanager\.sk -s gen_context(system_u:object_r:rgmanager_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.if serefpolicy-3.7.19/policy/modules/services/rgmanager.if ---- nsaserefpolicy/policy/modules/services/rgmanager.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/rgmanager.if 2010-09-16 15:26:59.814637060 +0200 +--- nsaserefpolicy/policy/modules/services/rgmanager.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rgmanager.if 2010-09-16 13:26:59.000000000 +0000 @@ -0,0 +1,141 @@ +## SELinux policy for rgmanager + @@ -33979,8 +33991,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma + admin_pattern($1, rgmanager_var_run_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgmanager.te serefpolicy-3.7.19/policy/modules/services/rgmanager.te ---- nsaserefpolicy/policy/modules/services/rgmanager.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/rgmanager.te 2010-06-15 18:40:09.964045327 +0200 +--- nsaserefpolicy/policy/modules/services/rgmanager.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rgmanager.te 2010-06-15 16:40:09.000000000 +0000 @@ -0,0 +1,223 @@ + +policy_module(rgmanager, 1.0.0) @@ -34206,8 +34218,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rgma + xen_domtrans_xm(rgmanager_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.fc serefpolicy-3.7.19/policy/modules/services/rhcs.fc ---- nsaserefpolicy/policy/modules/services/rhcs.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/rhcs.fc 2010-09-16 17:00:39.815401517 +0200 +--- nsaserefpolicy/policy/modules/services/rhcs.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rhcs.fc 2010-09-16 15:00:39.000000000 +0000 @@ -0,0 +1,26 @@ +/usr/sbin/dlm_controld -- gen_context(system_u:object_r:dlm_controld_exec_t,s0) +/usr/sbin/fenced -- gen_context(system_u:object_r:fenced_exec_t,s0) @@ -34236,8 +34248,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs +/var/run/qdiskd\.pid -- gen_context(system_u:object_r:qdiskd_var_run_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.if serefpolicy-3.7.19/policy/modules/services/rhcs.if ---- nsaserefpolicy/policy/modules/services/rhcs.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/rhcs.if 2010-10-13 08:11:31.778899963 +0200 +--- nsaserefpolicy/policy/modules/services/rhcs.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rhcs.if 2010-10-13 06:11:31.000000000 +0000 @@ -0,0 +1,458 @@ +## RHCS - Red Hat Cluster Suite + @@ -34698,8 +34710,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs + read_files_pattern($1, cluster_var_lib_t, cluster_var_lib_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs.te serefpolicy-3.7.19/policy/modules/services/rhcs.te ---- nsaserefpolicy/policy/modules/services/rhcs.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/services/rhcs.te 2010-11-10 09:52:06.897160419 +0100 +--- nsaserefpolicy/policy/modules/services/rhcs.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rhcs.te 2010-11-10 08:52:06.000000000 +0000 @@ -0,0 +1,259 @@ + +policy_module(rhcs,1.1.0) @@ -34961,8 +34973,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhcs + corosync_stream_connect(cluster_domain) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.fc serefpolicy-3.7.19/policy/modules/services/ricci.fc ---- nsaserefpolicy/policy/modules/services/ricci.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ricci.fc 2010-07-21 13:56:07.915385135 +0200 +--- nsaserefpolicy/policy/modules/services/ricci.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ricci.fc 2010-07-21 11:56:07.000000000 +0000 @@ -1,3 +1,6 @@ + +/etc/rc\.d/init\.d/ricci -- gen_context(system_u:object_r:ricci_initrc_exec_t,s0) @@ -34971,8 +34983,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc /usr/libexec/ricci-modlog -- gen_context(system_u:object_r:ricci_modlog_exec_t,s0) /usr/libexec/ricci-modrpm -- gen_context(system_u:object_r:ricci_modrpm_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-3.7.19/policy/modules/services/ricci.if ---- nsaserefpolicy/policy/modules/services/ricci.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ricci.if 2010-09-16 15:29:32.734636961 +0200 +--- nsaserefpolicy/policy/modules/services/ricci.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ricci.if 2010-09-16 13:29:32.000000000 +0000 @@ -18,6 +18,24 @@ domtrans_pattern($1, ricci_exec_t, ricci_t) ') @@ -35118,8 +35130,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc + admin_pattern($1, ricci_var_run_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.7.19/policy/modules/services/ricci.te ---- nsaserefpolicy/policy/modules/services/ricci.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ricci.te 2010-08-09 14:14:31.795085246 +0200 +--- nsaserefpolicy/policy/modules/services/ricci.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ricci.te 2010-08-09 12:14:31.000000000 +0000 @@ -11,6 +11,9 @@ domain_type(ricci_t) init_daemon_domain(ricci_t, ricci_exec_t) @@ -35277,8 +35289,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc ccs_read_config(ricci_modstorage_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.fc serefpolicy-3.7.19/policy/modules/services/rlogin.fc ---- nsaserefpolicy/policy/modules/services/rlogin.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/rlogin.fc 2010-05-28 09:42:00.174610693 +0200 +--- nsaserefpolicy/policy/modules/services/rlogin.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rlogin.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,4 +1,7 @@ HOME_DIR/\.rlogin -- gen_context(system_u:object_r:rlogind_home_t,s0) +HOME_DIR/\.rhosts -- gen_context(system_u:object_r:rlogind_home_t,s0) @@ -35288,8 +35300,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog /usr/kerberos/sbin/klogind -- gen_context(system_u:object_r:rlogind_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.7.19/policy/modules/services/rlogin.te ---- nsaserefpolicy/policy/modules/services/rlogin.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/rlogin.te 2010-09-02 15:07:41.711106623 +0200 +--- nsaserefpolicy/policy/modules/services/rlogin.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rlogin.te 2010-09-02 13:07:41.000000000 +0000 @@ -69,6 +69,7 @@ fs_getattr_xattr_fs(rlogind_t) fs_search_auto_mountpoints(rlogind_t) @@ -35307,8 +35319,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog remotelogin_domtrans(rlogind_t) remotelogin_signal(rlogind_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.fc serefpolicy-3.7.19/policy/modules/services/rpcbind.fc ---- nsaserefpolicy/policy/modules/services/rpcbind.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/rpcbind.fc 2010-08-20 13:48:39.185084889 +0200 +--- nsaserefpolicy/policy/modules/services/rpcbind.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rpcbind.fc 2010-08-20 11:48:39.000000000 +0000 @@ -2,6 +2,7 @@ /sbin/rpcbind -- gen_context(system_u:object_r:rpcbind_exec_t,s0) @@ -35318,8 +35330,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb /var/run/rpc.statd\.pid -- gen_context(system_u:object_r:rpcbind_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.7.19/policy/modules/services/rpcbind.if ---- nsaserefpolicy/policy/modules/services/rpcbind.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/rpcbind.if 2010-09-16 15:30:57.838386767 +0200 +--- nsaserefpolicy/policy/modules/services/rpcbind.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rpcbind.if 2010-09-16 13:30:57.000000000 +0000 @@ -34,8 +34,7 @@ ') @@ -35347,8 +35359,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb + admin_pattern($1, rpcbind_var_run_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.7.19/policy/modules/services/rpcbind.te ---- nsaserefpolicy/policy/modules/services/rpcbind.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/rpcbind.te 2010-08-30 20:25:53.722333587 +0200 +--- nsaserefpolicy/policy/modules/services/rpcbind.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rpcbind.te 2010-08-30 18:25:53.000000000 +0000 @@ -44,6 +44,8 @@ kernel_read_network_state(rpcbind_t) kernel_request_load_module(rpcbind_t) @@ -35367,8 +35379,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb + nis_use_ypbind(rpcbind_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.7.19/policy/modules/services/rpc.if ---- nsaserefpolicy/policy/modules/services/rpc.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/rpc.if 2010-10-13 09:43:18.320901313 +0200 +--- nsaserefpolicy/policy/modules/services/rpc.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rpc.if 2010-10-13 07:43:18.000000000 +0000 @@ -246,6 +246,32 @@ allow rpcd_t $1:process signal; ') @@ -35409,8 +35421,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc. + allow $1 var_lib_nfs_t:file relabel_file_perms; ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.7.19/policy/modules/services/rpc.te ---- nsaserefpolicy/policy/modules/services/rpc.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/rpc.te 2010-09-24 12:39:25.042386720 +0200 +--- nsaserefpolicy/policy/modules/services/rpc.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rpc.te 2010-09-24 10:39:25.000000000 +0000 @@ -80,6 +80,7 @@ corecmd_exec_bin(rpcd_t) @@ -35480,8 +35492,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc. optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.if serefpolicy-3.7.19/policy/modules/services/rsync.if ---- nsaserefpolicy/policy/modules/services/rsync.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/rsync.if 2010-06-16 23:07:29.041110161 +0200 +--- nsaserefpolicy/policy/modules/services/rsync.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rsync.if 2010-06-16 21:07:29.000000000 +0000 @@ -119,25 +119,68 @@ type rsync_etc_t; ') @@ -35561,8 +35573,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn + files_etc_filetrans($1, rsync_etc_t, $2) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.7.19/policy/modules/services/rsync.te ---- nsaserefpolicy/policy/modules/services/rsync.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/rsync.te 2010-05-28 09:42:00.177610912 +0200 +--- nsaserefpolicy/policy/modules/services/rsync.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rsync.te 2010-05-28 07:42:00.000000000 +0000 @@ -8,6 +8,13 @@ ## @@ -35623,8 +35635,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn + auth_can_read_shadow_passwords(rsync_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.if serefpolicy-3.7.19/policy/modules/services/rtkit.if ---- nsaserefpolicy/policy/modules/services/rtkit.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/rtkit.if 2010-05-28 09:42:00.177610912 +0200 +--- nsaserefpolicy/policy/modules/services/rtkit.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rtkit.if 2010-05-28 07:42:00.000000000 +0000 @@ -41,6 +41,27 @@ ######################################## @@ -35654,8 +35666,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtki ## ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtkit.te serefpolicy-3.7.19/policy/modules/services/rtkit.te ---- nsaserefpolicy/policy/modules/services/rtkit.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/rtkit.te 2010-06-15 18:00:58.428018646 +0200 +--- nsaserefpolicy/policy/modules/services/rtkit.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rtkit.te 2010-06-15 16:00:58.000000000 +0000 @@ -32,5 +32,9 @@ miscfiles_read_localization(rtkit_daemon_t) @@ -35667,8 +35679,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rtki policykit_dbus_chat(rtkit_daemon_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.te serefpolicy-3.7.19/policy/modules/services/rwho.te ---- nsaserefpolicy/policy/modules/services/rwho.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/rwho.te 2010-09-09 13:17:41.097085184 +0200 +--- nsaserefpolicy/policy/modules/services/rwho.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/rwho.te 2010-09-09 11:17:41.000000000 +0000 @@ -56,6 +56,8 @@ init_read_utmp(rwho_t) init_dontaudit_write_utmp(rwho_t) @@ -35679,8 +35691,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho sysnet_dns_name_resolve(rwho_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.7.19/policy/modules/services/samba.fc ---- nsaserefpolicy/policy/modules/services/samba.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/samba.fc 2010-08-10 16:58:12.349085082 +0200 +--- nsaserefpolicy/policy/modules/services/samba.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/samba.fc 2010-08-10 14:58:12.000000000 +0000 @@ -36,13 +36,16 @@ /var/log/samba(/.*)? gen_context(system_u:object_r:samba_log_t,s0) @@ -35709,8 +35721,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb +/var/lib/samba/scripts(/.*)? gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.7.19/policy/modules/services/samba.if ---- nsaserefpolicy/policy/modules/services/samba.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/samba.if 2010-09-16 16:51:08.806636988 +0200 +--- nsaserefpolicy/policy/modules/services/samba.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/samba.if 2010-09-16 14:51:08.000000000 +0000 @@ -62,6 +62,25 @@ ######################################## @@ -35908,8 +35920,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb + admin_pattern($1, samba_unconfined_script_exec_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.7.19/policy/modules/services/samba.te ---- nsaserefpolicy/policy/modules/services/samba.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/samba.te 2010-10-26 10:38:39.378650869 +0200 +--- nsaserefpolicy/policy/modules/services/samba.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/samba.te 2010-10-26 08:38:39.000000000 +0000 @@ -66,6 +66,13 @@ ## gen_tunable(samba_share_nfs, false) @@ -36294,8 +36306,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb + can_exec(smbd_t, samba_unconfined_script_exec_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.fc serefpolicy-3.7.19/policy/modules/services/sasl.fc ---- nsaserefpolicy/policy/modules/services/sasl.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/sasl.fc 2010-07-14 12:47:11.116159544 +0200 +--- nsaserefpolicy/policy/modules/services/sasl.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/sasl.fc 2010-07-14 10:47:11.000000000 +0000 @@ -1,4 +1,4 @@ -/etc/rc\.d/init\.d/sasl -- gen_context(system_u:object_r:saslauthd_initrc_exec_t,s0) +/etc/rc\.d/init\.d/saslauthd -- gen_context(system_u:object_r:saslauthd_initrc_exec_t,s0) @@ -36303,8 +36315,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl # # /usr diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.if serefpolicy-3.7.19/policy/modules/services/sasl.if ---- nsaserefpolicy/policy/modules/services/sasl.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/sasl.if 2010-09-16 16:45:19.599637162 +0200 +--- nsaserefpolicy/policy/modules/services/sasl.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/sasl.if 2010-09-16 14:45:19.000000000 +0000 @@ -42,7 +42,7 @@ type saslauthd_initrc_exec_t; ') @@ -36315,8 +36327,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl init_labeled_script_domtrans($1, saslauthd_initrc_exec_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.7.19/policy/modules/services/sasl.te ---- nsaserefpolicy/policy/modules/services/sasl.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/sasl.te 2010-05-28 09:42:00.182610859 +0200 +--- nsaserefpolicy/policy/modules/services/sasl.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/sasl.te 2010-05-28 07:42:00.000000000 +0000 @@ -50,6 +50,9 @@ kernel_read_kernel_sysctls(saslauthd_t) kernel_read_system_state(saslauthd_t) @@ -36328,8 +36340,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl corenet_all_recvfrom_netlabel(saslauthd_t) corenet_tcp_sendrecv_generic_if(saslauthd_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.fc serefpolicy-3.7.19/policy/modules/services/sendmail.fc ---- nsaserefpolicy/policy/modules/services/sendmail.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/sendmail.fc 2010-05-28 09:42:00.182610859 +0200 +--- nsaserefpolicy/policy/modules/services/sendmail.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/sendmail.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,4 +1,6 @@ +/etc/rc\.d/init\.d/sendmail -- gen_context(system_u:object_r:sendmail_initrc_exec_t,s0) @@ -36338,8 +36350,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send /var/log/mail(/.*)? gen_context(system_u:object_r:sendmail_log_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.7.19/policy/modules/services/sendmail.if ---- nsaserefpolicy/policy/modules/services/sendmail.if 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/sendmail.if 2010-09-16 16:48:16.015637212 +0200 +--- nsaserefpolicy/policy/modules/services/sendmail.if 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/sendmail.if 2010-09-16 14:48:16.000000000 +0000 @@ -51,10 +51,24 @@ ') @@ -36458,8 +36470,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send + admin_pattern($1, mail_spool_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.7.19/policy/modules/services/sendmail.te ---- nsaserefpolicy/policy/modules/services/sendmail.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/sendmail.te 2010-05-28 09:42:00.184610725 +0200 +--- nsaserefpolicy/policy/modules/services/sendmail.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/sendmail.te 2010-05-28 07:42:00.000000000 +0000 @@ -20,6 +20,9 @@ mta_mailserver_delivery(sendmail_t) mta_mailserver_sender(sendmail_t) @@ -36549,8 +36561,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send ') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.7.19/policy/modules/services/setroubleshoot.fc ---- nsaserefpolicy/policy/modules/services/setroubleshoot.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/setroubleshoot.fc 2010-05-28 09:42:00.184610725 +0200 +--- nsaserefpolicy/policy/modules/services/setroubleshoot.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/setroubleshoot.fc 2010-05-28 07:42:00.000000000 +0000 @@ -5,3 +5,5 @@ /var/log/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_log_t,s0) @@ -36558,8 +36570,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr + +/usr/share/setroubleshoot/SetroubleshootFixit\.py* -- gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.7.19/policy/modules/services/setroubleshoot.if ---- nsaserefpolicy/policy/modules/services/setroubleshoot.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/setroubleshoot.if 2010-09-16 16:20:10.904636972 +0200 +--- nsaserefpolicy/policy/modules/services/setroubleshoot.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/setroubleshoot.if 2010-09-16 14:20:10.000000000 +0000 @@ -16,8 +16,8 @@ ') @@ -36698,8 +36710,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr + admin_pattern($1, setroubleshoot_var_run_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.7.19/policy/modules/services/setroubleshoot.te ---- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/setroubleshoot.te 2010-05-28 09:42:00.186610872 +0200 +--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/setroubleshoot.te 2010-05-28 07:42:00.000000000 +0000 @@ -22,13 +22,19 @@ type setroubleshoot_var_run_t; files_pid_file(setroubleshoot_var_run_t) @@ -36848,8 +36860,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr + userdom_read_all_users_state(setroubleshoot_fixit_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.if serefpolicy-3.7.19/policy/modules/services/smartmon.if ---- nsaserefpolicy/policy/modules/services/smartmon.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/smartmon.if 2010-09-16 16:45:57.103387039 +0200 +--- nsaserefpolicy/policy/modules/services/smartmon.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/smartmon.if 2010-09-16 14:45:57.000000000 +0000 @@ -15,6 +15,7 @@ type fsdaemon_tmp_t; ') @@ -36868,8 +36880,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar init_labeled_script_domtrans($1, fsdaemon_initrc_exec_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.7.19/policy/modules/services/smartmon.te ---- nsaserefpolicy/policy/modules/services/smartmon.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/smartmon.te 2010-11-15 14:09:31.283147945 +0100 +--- nsaserefpolicy/policy/modules/services/smartmon.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/smartmon.te 2010-11-15 13:09:31.000000000 +0000 @@ -73,6 +73,7 @@ files_read_etc_runtime_files(fsdaemon_t) # for config @@ -36889,8 +36901,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar term_dontaudit_search_ptys(fsdaemon_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smokeping.te serefpolicy-3.7.19/policy/modules/services/smokeping.te ---- nsaserefpolicy/policy/modules/services/smokeping.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/smokeping.te 2010-10-05 16:58:22.852651336 +0200 +--- nsaserefpolicy/policy/modules/services/smokeping.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/smokeping.te 2010-10-05 14:58:22.000000000 +0000 @@ -24,6 +24,7 @@ # smokeping local policy # @@ -36916,8 +36928,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smok getattr_files_pattern(httpd_smokeping_cgi_script_t, smokeping_var_run_t, smokeping_var_run_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.7.19/policy/modules/services/snmp.if ---- nsaserefpolicy/policy/modules/services/snmp.if 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/snmp.if 2010-11-15 17:53:35.780147148 +0100 +--- nsaserefpolicy/policy/modules/services/snmp.if 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/snmp.if 2010-11-15 16:53:35.000000000 +0000 @@ -62,11 +62,32 @@ type snmpd_var_lib_t; ') @@ -36970,8 +36982,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp init_labeled_script_domtrans($1, snmpd_initrc_exec_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.7.19/policy/modules/services/snmp.te ---- nsaserefpolicy/policy/modules/services/snmp.te 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/snmp.te 2010-12-01 11:26:42.353042721 +0100 +--- nsaserefpolicy/policy/modules/services/snmp.te 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/snmp.te 2010-12-01 10:26:42.000000000 +0000 @@ -25,14 +25,15 @@ # # Local policy @@ -36999,8 +37011,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp auth_use_nsswitch(snmpd_t) auth_read_all_dirs_except_shadow(snmpd_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.if serefpolicy-3.7.19/policy/modules/services/snort.if ---- nsaserefpolicy/policy/modules/services/snort.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/snort.if 2010-09-16 16:42:05.561636781 +0200 +--- nsaserefpolicy/policy/modules/services/snort.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/snort.if 2010-09-16 14:42:05.000000000 +0000 @@ -5,9 +5,9 @@ ## Execute a domain transition to run snort. ## @@ -37014,8 +37026,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor # interface(`snort_domtrans',` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.7.19/policy/modules/services/snort.te ---- nsaserefpolicy/policy/modules/services/snort.te 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/snort.te 2010-05-28 09:42:00.188610878 +0200 +--- nsaserefpolicy/policy/modules/services/snort.te 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/snort.te 2010-05-28 07:42:00.000000000 +0000 @@ -62,6 +62,7 @@ kernel_read_proc_symlinks(snort_t) kernel_request_load_module(snort_t) @@ -37035,8 +37047,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor domain_use_interactive_fds(snort_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.7.19/policy/modules/services/spamassassin.fc ---- nsaserefpolicy/policy/modules/services/spamassassin.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/spamassassin.fc 2010-12-20 16:58:16.259041911 +0100 +--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/spamassassin.fc 2010-12-20 15:58:16.000000000 +0000 @@ -1,15 +1,28 @@ -HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamassassin_home_t,s0) +HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:spamc_home_t,s0) @@ -37069,8 +37081,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam +/var/spool/MD-Quarantine(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0) +/var/spool/MIMEDefang(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.7.19/policy/modules/services/spamassassin.if ---- nsaserefpolicy/policy/modules/services/spamassassin.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/spamassassin.if 2010-09-16 16:51:58.958637037 +0200 +--- nsaserefpolicy/policy/modules/services/spamassassin.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/spamassassin.if 2010-09-16 14:51:58.000000000 +0000 @@ -14,6 +14,7 @@ ## User domain for the role ## @@ -37233,8 +37245,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam + admin_pattern($1, spamd_var_run_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.7.19/policy/modules/services/spamassassin.te ---- nsaserefpolicy/policy/modules/services/spamassassin.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/spamassassin.te 2011-01-18 15:53:51.928042302 +0100 +--- nsaserefpolicy/policy/modules/services/spamassassin.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/spamassassin.te 2011-01-18 14:53:51.000000000 +0000 @@ -20,6 +20,35 @@ ## gen_tunable(spamd_enable_home_dirs, true) @@ -37554,8 +37566,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam udev_read_db(spamd_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.7.19/policy/modules/services/squid.if ---- nsaserefpolicy/policy/modules/services/squid.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/squid.if 2010-09-16 16:33:25.875637032 +0200 +--- nsaserefpolicy/policy/modules/services/squid.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/squid.if 2010-09-16 14:33:25.000000000 +0000 @@ -71,7 +71,7 @@ type squid_t; ') @@ -37574,8 +37586,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi interface(`squid_dontaudit_search_cache',` gen_require(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.7.19/policy/modules/services/squid.te ---- nsaserefpolicy/policy/modules/services/squid.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/squid.te 2011-01-03 09:56:23.355040924 +0100 +--- nsaserefpolicy/policy/modules/services/squid.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/squid.te 2011-01-03 08:56:23.000000000 +0000 @@ -14,6 +14,13 @@ ## gen_tunable(squid_connect_any, false) @@ -37639,8 +37651,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi -allow squid_t tmpfs_t:file { read write }; -') dnl end TODO diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.7.19/policy/modules/services/ssh.fc ---- nsaserefpolicy/policy/modules/services/ssh.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ssh.fc 2011-01-04 16:00:55.694041145 +0100 +--- nsaserefpolicy/policy/modules/services/ssh.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ssh.fc 2011-01-04 15:00:55.000000000 +0000 @@ -1,4 +1,9 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0) +HOME_DIR/\.shosts gen_context(system_u:object_r:ssh_home_t,s0) @@ -37659,8 +37671,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh. +/root/\.ssh(/.*)? gen_context(system_u:object_r:home_ssh_t,s0) +/root/\.shosts gen_context(system_u:object_r:home_ssh_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.7.19/policy/modules/services/ssh.if ---- nsaserefpolicy/policy/modules/services/ssh.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ssh.if 2010-11-02 17:20:27.771899311 +0100 +--- nsaserefpolicy/policy/modules/services/ssh.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ssh.if 2010-11-02 16:20:27.000000000 +0000 @@ -36,6 +36,7 @@ gen_require(` attribute ssh_server; @@ -38025,8 +38037,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh. + admin_pattern($1, sshd_var_run_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.7.19/policy/modules/services/ssh.te ---- nsaserefpolicy/policy/modules/services/ssh.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ssh.te 2011-01-14 14:36:33.523041523 +0100 +--- nsaserefpolicy/policy/modules/services/ssh.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ssh.te 2011-01-14 13:36:33.000000000 +0000 @@ -34,13 +34,12 @@ ssh_server_template(sshd) init_daemon_domain(sshd_t, sshd_exec_t) @@ -38220,8 +38232,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh. tunable_policy(`ssh_sysadm_login',` # Relabel and access ptys created by sshd diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.if serefpolicy-3.7.19/policy/modules/services/sssd.if ---- nsaserefpolicy/policy/modules/services/sssd.if 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/sssd.if 2010-09-16 16:48:33.455636869 +0200 +--- nsaserefpolicy/policy/modules/services/sssd.if 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/sssd.if 2010-09-16 14:48:33.000000000 +0000 @@ -89,6 +89,7 @@ type sssd_var_run_t; ') @@ -38262,8 +38274,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd # Allow sssd_t to restart the apache service sssd_initrc_domtrans($1) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.7.19/policy/modules/services/sssd.te ---- nsaserefpolicy/policy/modules/services/sssd.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/sssd.te 2010-08-18 13:10:17.920085544 +0200 +--- nsaserefpolicy/policy/modules/services/sssd.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/sssd.te 2010-08-18 11:10:17.000000000 +0000 @@ -29,9 +29,12 @@ # # sssd local policy @@ -38296,8 +38308,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd dbus_system_bus_client(sssd_t) dbus_connect_system_bus(sssd_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sysstat.te serefpolicy-3.7.19/policy/modules/services/sysstat.te ---- nsaserefpolicy/policy/modules/services/sysstat.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/sysstat.te 2010-07-27 15:46:39.210073648 +0200 +--- nsaserefpolicy/policy/modules/services/sysstat.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/sysstat.te 2010-07-27 13:46:39.000000000 +0000 @@ -20,7 +20,7 @@ # @@ -38316,8 +38328,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/syss + nscd_socket_use(sysstat_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.if serefpolicy-3.7.19/policy/modules/services/tftp.if ---- nsaserefpolicy/policy/modules/services/tftp.if 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/tftp.if 2010-12-01 13:48:17.722042535 +0100 +--- nsaserefpolicy/policy/modules/services/tftp.if 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/tftp.if 2010-12-01 12:48:17.000000000 +0000 @@ -16,6 +16,26 @@ ') @@ -38395,8 +38407,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp admin_pattern($1, tftpdir_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-3.7.19/policy/modules/services/tftp.te ---- nsaserefpolicy/policy/modules/services/tftp.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/tftp.te 2010-12-01 13:48:12.460043191 +0100 +--- nsaserefpolicy/policy/modules/services/tftp.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/tftp.te 2010-12-01 12:48:12.000000000 +0000 @@ -1,5 +1,4 @@ - -policy_module(tftp, 1.11.3) @@ -38449,8 +38461,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd.if serefpolicy-3.7.19/policy/modules/services/tgtd.if ---- nsaserefpolicy/policy/modules/services/tgtd.if 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/tgtd.if 2010-09-15 15:55:31.098636967 +0200 +--- nsaserefpolicy/policy/modules/services/tgtd.if 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/tgtd.if 2010-09-15 13:55:31.000000000 +0000 @@ -26,3 +26,21 @@ allow $1 tgtd_t:sem rw_sem_perms; @@ -38474,8 +38486,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd + allow $1 tgtd_t:sem create_sem_perms; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd.te serefpolicy-3.7.19/policy/modules/services/tgtd.te ---- nsaserefpolicy/policy/modules/services/tgtd.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/tgtd.te 2010-09-15 15:54:21.234637075 +0200 +--- nsaserefpolicy/policy/modules/services/tgtd.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/tgtd.te 2010-09-15 13:54:21.000000000 +0000 @@ -38,7 +38,7 @@ allow tgtd_t self:unix_dgram_socket create_socket_perms; @@ -38505,8 +38517,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tgtd + iscsi_manage_semaphores(tgtd_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.if serefpolicy-3.7.19/policy/modules/services/tor.if ---- nsaserefpolicy/policy/modules/services/tor.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/tor.if 2010-09-16 16:46:52.559636983 +0200 +--- nsaserefpolicy/policy/modules/services/tor.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/tor.if 2010-09-16 14:46:52.000000000 +0000 @@ -42,7 +42,7 @@ type tor_initrc_exec_t; ') @@ -38517,8 +38529,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor. init_labeled_script_domtrans($1, tor_initrc_exec_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.7.19/policy/modules/services/tor.te ---- nsaserefpolicy/policy/modules/services/tor.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/tor.te 2010-09-13 12:47:18.717085060 +0200 +--- nsaserefpolicy/policy/modules/services/tor.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/tor.te 2010-09-13 10:47:18.000000000 +0000 @@ -43,8 +43,11 @@ # @@ -38549,8 +38561,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor. tunable_policy(`tor_bind_all_unreserved_ports', ` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.fc serefpolicy-3.7.19/policy/modules/services/tuned.fc ---- nsaserefpolicy/policy/modules/services/tuned.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/tuned.fc 2010-07-13 13:49:47.453752782 +0200 +--- nsaserefpolicy/policy/modules/services/tuned.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/tuned.fc 2010-07-13 11:49:47.000000000 +0000 @@ -5,4 +5,5 @@ /var/log/tuned(/.*)? gen_context(system_u:object_r:tuned_log_t,s0) /var/log/tuned\.log -- gen_context(system_u:object_r:tuned_log_t,s0) @@ -38558,8 +38570,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tune +/var/run/tuned(/.*)? -- gen_context(system_u:object_r:tuned_var_run_t,s0) /var/run/tuned\.pid -- gen_context(system_u:object_r:tuned_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tuned.te serefpolicy-3.7.19/policy/modules/services/tuned.te ---- nsaserefpolicy/policy/modules/services/tuned.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/tuned.te 2010-07-13 14:01:29.318753228 +0200 +--- nsaserefpolicy/policy/modules/services/tuned.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/tuned.te 2010-07-13 12:01:29.000000000 +0000 @@ -25,13 +25,17 @@ # @@ -38591,8 +38603,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tune optional_policy(` sysnet_domtrans_ifconfig(tuned_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucspitcp.if serefpolicy-3.7.19/policy/modules/services/ucspitcp.if ---- nsaserefpolicy/policy/modules/services/ucspitcp.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ucspitcp.if 2010-09-16 15:55:14.630636773 +0200 +--- nsaserefpolicy/policy/modules/services/ucspitcp.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ucspitcp.if 2010-09-16 13:55:14.000000000 +0000 @@ -31,8 +31,5 @@ role system_r types $1; @@ -38604,8 +38616,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucsp + domtrans_pattern(ucspitcp_t, $2, $1) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucspitcp.te serefpolicy-3.7.19/policy/modules/services/ucspitcp.te ---- nsaserefpolicy/policy/modules/services/ucspitcp.te 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ucspitcp.te 2010-05-28 09:42:00.197610559 +0200 +--- nsaserefpolicy/policy/modules/services/ucspitcp.te 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ucspitcp.te 2010-05-28 07:42:00.000000000 +0000 @@ -92,3 +92,8 @@ daemontools_service_domain(ucspitcp_t, ucspitcp_exec_t) daemontools_read_svc(ucspitcp_t) @@ -38616,8 +38628,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ucsp +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulogd.te serefpolicy-3.7.19/policy/modules/services/ulogd.te ---- nsaserefpolicy/policy/modules/services/ulogd.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/ulogd.te 2010-08-24 14:41:34.195084825 +0200 +--- nsaserefpolicy/policy/modules/services/ulogd.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/ulogd.te 2010-08-24 12:41:34.000000000 +0000 @@ -32,6 +32,9 @@ allow ulogd_t self:capability net_admin; @@ -38649,16 +38661,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ulog + postgresql_tcp_connect(ulogd_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/usbmuxd.fc serefpolicy-3.7.19/policy/modules/services/usbmuxd.fc ---- nsaserefpolicy/policy/modules/services/usbmuxd.fc 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/usbmuxd.fc 2010-05-28 09:42:00.198610771 +0200 +--- nsaserefpolicy/policy/modules/services/usbmuxd.fc 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/usbmuxd.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,3 +1,3 @@ /usr/sbin/usbmuxd -- gen_context(system_u:object_r:usbmuxd_exec_t,s0) -/var/run/usbmuxd -s gen_context(system_u:object_r:usbmuxd_var_run_t,s0) +/var/run/usbmuxd.* gen_context(system_u:object_r:usbmuxd_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.if serefpolicy-3.7.19/policy/modules/services/uucp.if ---- nsaserefpolicy/policy/modules/services/uucp.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/uucp.if 2010-09-16 16:47:05.182637460 +0200 +--- nsaserefpolicy/policy/modules/services/uucp.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/uucp.if 2010-09-16 14:47:05.000000000 +0000 @@ -1,5 +1,24 @@ ## Unix to Unix Copy @@ -38694,8 +38706,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp logging_list_logs($1) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.7.19/policy/modules/services/uucp.te ---- nsaserefpolicy/policy/modules/services/uucp.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/uucp.te 2010-11-11 16:29:14.234398746 +0100 +--- nsaserefpolicy/policy/modules/services/uucp.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/uucp.te 2010-11-11 15:29:14.000000000 +0000 @@ -84,6 +84,7 @@ corenet_udp_sendrecv_generic_node(uucpd_t) corenet_tcp_sendrecv_all_ports(uucpd_t) @@ -38725,8 +38737,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp files_read_etc_files(uux_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varnishd.if serefpolicy-3.7.19/policy/modules/services/varnishd.if ---- nsaserefpolicy/policy/modules/services/varnishd.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/varnishd.if 2010-05-28 09:42:00.198610771 +0200 +--- nsaserefpolicy/policy/modules/services/varnishd.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/varnishd.if 2010-05-28 07:42:00.000000000 +0000 @@ -56,6 +56,25 @@ read_files_pattern($1, varnishd_etc_t, varnishd_etc_t) ') @@ -38754,8 +38766,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varn ## ## Read varnish logs. diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varnishd.te serefpolicy-3.7.19/policy/modules/services/varnishd.te ---- nsaserefpolicy/policy/modules/services/varnishd.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/varnishd.te 2010-08-04 15:24:49.633084903 +0200 +--- nsaserefpolicy/policy/modules/services/varnishd.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/varnishd.te 2010-08-04 13:24:49.000000000 +0000 @@ -52,6 +52,7 @@ # @@ -38765,8 +38777,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/varn allow varnishd_t self:fifo_file rw_fifo_file_perms; allow varnishd_t self:tcp_socket create_stream_socket_perms; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.fc serefpolicy-3.7.19/policy/modules/services/vhostmd.fc ---- nsaserefpolicy/policy/modules/services/vhostmd.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/vhostmd.fc 2010-07-21 10:49:49.095135392 +0200 +--- nsaserefpolicy/policy/modules/services/vhostmd.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/vhostmd.fc 2010-07-21 08:49:49.000000000 +0000 @@ -1,5 +1,5 @@ -/etc/rc.d/init.d/vhostmd -- gen_context(system_u:object_r:vhostmd_initrc_exec_t,s0) +/etc/rc\.d/init\.d/vhostmd -- gen_context(system_u:object_r:vhostmd_initrc_exec_t,s0) @@ -38776,8 +38788,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhos -/var/run/vhostmd.pid -- gen_context(system_u:object_r:vhostmd_var_run_t,s0) +/var/run/vhostmd\.pid -- gen_context(system_u:object_r:vhostmd_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.if serefpolicy-3.7.19/policy/modules/services/vhostmd.if ---- nsaserefpolicy/policy/modules/services/vhostmd.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/vhostmd.if 2010-09-16 16:16:14.800637139 +0200 +--- nsaserefpolicy/policy/modules/services/vhostmd.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/vhostmd.if 2010-09-16 14:16:14.000000000 +0000 @@ -51,8 +51,8 @@ type vhostmd_tmpfs_t; ') @@ -38828,8 +38840,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhos role_transition $2 vhostmd_initrc_exec_t system_r; allow $2 system_r; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhostmd.te serefpolicy-3.7.19/policy/modules/services/vhostmd.te ---- nsaserefpolicy/policy/modules/services/vhostmd.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/vhostmd.te 2010-08-10 16:37:30.997085210 +0200 +--- nsaserefpolicy/policy/modules/services/vhostmd.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/vhostmd.te 2010-08-10 14:37:30.000000000 +0000 @@ -45,6 +45,8 @@ corenet_tcp_connect_soundd_port(vhostmd_t) @@ -38849,8 +38861,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/vhos optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.fc serefpolicy-3.7.19/policy/modules/services/virt.fc ---- nsaserefpolicy/policy/modules/services/virt.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/virt.fc 2010-08-18 14:33:42.065085583 +0200 +--- nsaserefpolicy/policy/modules/services/virt.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/virt.fc 2010-08-18 12:33:42.000000000 +0000 @@ -12,18 +12,19 @@ /etc/xen/[^/]* -d gen_context(system_u:object_r:virt_etc_rw_t,s0) /etc/xen/.*/.* gen_context(system_u:object_r:virt_etc_rw_t,s0) @@ -38875,8 +38887,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt /var/vdsm(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.if serefpolicy-3.7.19/policy/modules/services/virt.if ---- nsaserefpolicy/policy/modules/services/virt.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/virt.if 2010-09-23 12:59:31.493386880 +0200 +--- nsaserefpolicy/policy/modules/services/virt.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/virt.if 2010-09-23 10:59:31.000000000 +0000 @@ -21,6 +21,8 @@ type $1_t, virt_domain; domain_type($1_t) @@ -39090,8 +39102,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt + dontaudit $1 virtd_t:fifo_file write; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.7.19/policy/modules/services/virt.te ---- nsaserefpolicy/policy/modules/services/virt.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/virt.te 2011-01-07 14:27:09.212042336 +0100 +--- nsaserefpolicy/policy/modules/services/virt.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/virt.te 2011-01-24 17:03:51.777455001 +0000 @@ -1,5 +1,5 @@ -policy_module(virt, 1.3.2) @@ -39218,13 +39230,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt xen_rw_image_files(svirt_t) ') -@@ -179,22 +203,30 @@ +@@ -179,22 +203,32 @@ # allow virtd_t self:capability { chown dac_override fowner ipc_lock kill mknod net_admin net_raw setpcap setuid setgid sys_admin sys_nice sys_ptrace }; -allow virtd_t self:process { getcap getsched setcap sigkill signal signull execmem setexec setfscreate setsched }; +allow virtd_t self:process { getcap getsched setcap sigkill signal signull execmem setexec setfscreate setsockcreate setsched }; ++allow virtd_t self:fifo_file { manage_fifo_file_perms relabelfrom ++relabelto }; allow virtd_t self:fifo_file rw_fifo_file_perms; allow virtd_t self:unix_stream_socket create_stream_socket_perms; allow virtd_t self:tcp_socket create_stream_socket_perms; @@ -39252,7 +39266,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt read_files_pattern(virtd_t, virt_etc_t, virt_etc_t) read_lnk_files_pattern(virtd_t, virt_etc_t, virt_etc_t) -@@ -205,8 +237,14 @@ +@@ -205,8 +239,14 @@ manage_files_pattern(virtd_t, virt_image_type, virt_image_type) manage_blk_files_pattern(virtd_t, virt_image_type, virt_image_type) @@ -39269,7 +39283,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t) manage_files_pattern(virtd_t, virt_log_t, virt_log_t) -@@ -225,6 +263,7 @@ +@@ -225,6 +265,7 @@ kernel_read_system_state(virtd_t) kernel_read_network_state(virtd_t) kernel_rw_net_sysctls(virtd_t) @@ -39277,7 +39291,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt kernel_request_load_module(virtd_t) kernel_search_debugfs(virtd_t) -@@ -248,18 +287,27 @@ +@@ -248,18 +289,27 @@ dev_rw_kvm(virtd_t) dev_getattr_all_chr_files(virtd_t) dev_rw_mtrr(virtd_t) @@ -39306,7 +39320,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt fs_list_auto_mountpoints(virtd_t) fs_getattr_xattr_fs(virtd_t) -@@ -267,6 +315,18 @@ +@@ -267,6 +317,18 @@ fs_list_inotifyfs(virtd_t) fs_manage_cgroup_dirs(virtd_t) fs_rw_cgroup_files(virtd_t) @@ -39325,7 +39339,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt mcs_process_set_categories(virtd_t) -@@ -290,16 +350,26 @@ +@@ -290,16 +352,26 @@ modutils_manage_module_config(virtd_t) logging_send_syslog_msg(virtd_t) @@ -39352,7 +39366,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt tunable_policy(`virt_use_nfs',` fs_manage_nfs_dirs(virtd_t) -@@ -318,6 +388,10 @@ +@@ -318,6 +390,10 @@ ') optional_policy(` @@ -39363,7 +39377,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt dbus_system_bus_client(virtd_t) optional_policy(` -@@ -370,6 +444,8 @@ +@@ -370,6 +446,8 @@ qemu_signal(virtd_t) qemu_kill(virtd_t) qemu_setsched(virtd_t) @@ -39372,7 +39386,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt ') optional_policy(` -@@ -407,6 +483,19 @@ +@@ -407,6 +485,19 @@ allow virt_domain self:unix_dgram_socket { create_socket_perms sendto }; allow virt_domain self:tcp_socket create_stream_socket_perms; @@ -39392,7 +39406,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt append_files_pattern(virt_domain, virt_log_t, virt_log_t) append_files_pattern(virt_domain, virt_var_lib_t, virt_var_lib_t) -@@ -427,6 +516,7 @@ +@@ -427,6 +518,7 @@ corenet_tcp_bind_virt_migration_port(virt_domain) corenet_tcp_connect_virt_migration_port(virt_domain) @@ -39400,7 +39414,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt dev_read_rand(virt_domain) dev_read_sound(virt_domain) dev_read_urand(virt_domain) -@@ -434,10 +524,12 @@ +@@ -434,10 +526,12 @@ dev_rw_ksm(virt_domain) dev_rw_kvm(virt_domain) dev_rw_qemu(virt_domain) @@ -39413,7 +39427,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt files_read_usr_files(virt_domain) files_read_var_files(virt_domain) files_search_all(virt_domain) -@@ -445,6 +537,11 @@ +@@ -445,6 +539,11 @@ fs_getattr_tmpfs(virt_domain) fs_rw_anon_inodefs_files(virt_domain) fs_rw_tmpfs_files(virt_domain) @@ -39425,7 +39439,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt term_use_all_terms(virt_domain) term_getattr_pty_fs(virt_domain) -@@ -462,8 +559,13 @@ +@@ -462,8 +561,13 @@ ') optional_policy(` @@ -39440,8 +39454,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt ') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.7.19/policy/modules/services/w3c.te ---- nsaserefpolicy/policy/modules/services/w3c.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/w3c.te 2010-06-16 16:52:11.832865080 +0200 +--- nsaserefpolicy/policy/modules/services/w3c.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/w3c.te 2010-06-16 14:52:11.000000000 +0000 @@ -8,11 +8,18 @@ apache_content_template(w3c_validator) @@ -39468,8 +39482,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c. + +apache_dontaudit_rw_tmp_files(httpd_w3c_validator_script_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xfs.if serefpolicy-3.7.19/policy/modules/services/xfs.if ---- nsaserefpolicy/policy/modules/services/xfs.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/xfs.if 2010-09-16 15:50:24.207636935 +0200 +--- nsaserefpolicy/policy/modules/services/xfs.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/xfs.if 2010-09-16 13:50:24.000000000 +0000 @@ -1,4 +1,4 @@ -## X Windows Font Server +## X Windows Font Server @@ -39477,8 +39491,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xfs. ######################################## ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.7.19/policy/modules/services/xserver.fc ---- nsaserefpolicy/policy/modules/services/xserver.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/xserver.fc 2010-10-01 15:30:07.992599971 +0200 +--- nsaserefpolicy/policy/modules/services/xserver.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/xserver.fc 2010-10-01 13:30:07.000000000 +0000 @@ -2,13 +2,23 @@ # HOME_DIR # @@ -39602,8 +39616,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser +/var/lib/pqsql/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.7.19/policy/modules/services/xserver.if ---- nsaserefpolicy/policy/modules/services/xserver.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/xserver.if 2011-01-07 14:00:01.543041896 +0100 +--- nsaserefpolicy/policy/modules/services/xserver.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/xserver.if 2011-01-07 13:00:01.000000000 +0000 @@ -19,9 +19,10 @@ interface(`xserver_restricted_role',` gen_require(` @@ -40372,8 +40386,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser + manage_files_pattern($1, user_fonts_config_t, user_fonts_config_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.7.19/policy/modules/services/xserver.te ---- nsaserefpolicy/policy/modules/services/xserver.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/xserver.te 2010-11-02 18:15:31.232651388 +0100 +--- nsaserefpolicy/policy/modules/services/xserver.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/xserver.te 2010-11-02 17:15:31.000000000 +0000 @@ -1,5 +1,5 @@ -policy_module(xserver, 3.3.2) @@ -41317,8 +41331,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser + fs_append_cifs_files(xdmhomewriter) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.if serefpolicy-3.7.19/policy/modules/services/zebra.if ---- nsaserefpolicy/policy/modules/services/zebra.if 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/zebra.if 2010-09-16 15:45:27.161386642 +0200 +--- nsaserefpolicy/policy/modules/services/zebra.if 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/zebra.if 2010-09-16 13:45:27.000000000 +0000 @@ -38,8 +38,7 @@ ') @@ -41330,8 +41344,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosremote.if serefpolicy-3.7.19/policy/modules/services/zosremote.if ---- nsaserefpolicy/policy/modules/services/zosremote.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/services/zosremote.if 2010-09-16 15:54:12.998637035 +0200 +--- nsaserefpolicy/policy/modules/services/zosremote.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/services/zosremote.if 2010-09-16 13:54:12.000000000 +0000 @@ -5,9 +5,9 @@ ## Execute a domain transition to run audispd-zos-remote. ## @@ -41345,8 +41359,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zosr # interface(`zosremote_domtrans',` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.if serefpolicy-3.7.19/policy/modules/system/application.if ---- nsaserefpolicy/policy/modules/system/application.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/application.if 2011-01-18 17:37:24.656040920 +0100 +--- nsaserefpolicy/policy/modules/system/application.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/application.if 2011-01-18 16:37:24.000000000 +0000 @@ -130,3 +130,76 @@ allow $1 application_domain_type:process signull; @@ -41425,8 +41439,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.7.19/policy/modules/system/application.te ---- nsaserefpolicy/policy/modules/system/application.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/application.te 2010-05-28 09:42:00.208611712 +0200 +--- nsaserefpolicy/policy/modules/system/application.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/application.te 2010-05-28 07:42:00.000000000 +0000 @@ -7,6 +7,22 @@ # Executables to be run by user attribute application_exec_type; @@ -41451,8 +41465,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic ssh_sigchld(application_domain_type) ssh_rw_stream_sockets(application_domain_type) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.7.19/policy/modules/system/authlogin.fc ---- nsaserefpolicy/policy/modules/system/authlogin.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/authlogin.fc 2010-11-10 15:15:13.229148284 +0100 +--- nsaserefpolicy/policy/modules/system/authlogin.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/authlogin.fc 2010-11-10 14:15:13.000000000 +0000 @@ -10,6 +10,7 @@ /sbin/pam_console_apply -- gen_context(system_u:object_r:pam_console_exec_t,s0) /sbin/pam_timestamp_check -- gen_context(system_u:object_r:pam_exec_t,s0) @@ -41470,8 +41484,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo /var/run/pam_ssh(/.*)? gen_context(system_u:object_r:var_auth_t,s0) /var/run/sepermit(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.7.19/policy/modules/system/authlogin.if ---- nsaserefpolicy/policy/modules/system/authlogin.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/authlogin.if 2011-01-14 14:33:19.234041121 +0100 +--- nsaserefpolicy/policy/modules/system/authlogin.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/authlogin.if 2011-01-14 13:33:19.000000000 +0000 @@ -41,7 +41,6 @@ ## # @@ -41622,8 +41636,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.7.19/policy/modules/system/authlogin.te ---- nsaserefpolicy/policy/modules/system/authlogin.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/authlogin.te 2011-01-14 14:32:33.697042630 +0100 +--- nsaserefpolicy/policy/modules/system/authlogin.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/authlogin.te 2011-01-14 13:32:33.000000000 +0000 @@ -6,9 +6,17 @@ # Declarations # @@ -41666,8 +41680,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo + ') +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.if serefpolicy-3.7.19/policy/modules/system/daemontools.if ---- nsaserefpolicy/policy/modules/system/daemontools.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/daemontools.if 2010-05-28 09:42:00.211610814 +0200 +--- nsaserefpolicy/policy/modules/system/daemontools.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/daemontools.if 2010-05-28 07:42:00.000000000 +0000 @@ -71,6 +71,32 @@ domtrans_pattern($1, svc_start_exec_t, svc_start_t) ') @@ -41749,8 +41763,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemon + allow $1 svc_run_t:process sigchld; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemontools.te serefpolicy-3.7.19/policy/modules/system/daemontools.te ---- nsaserefpolicy/policy/modules/system/daemontools.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/daemontools.te 2010-05-28 09:42:00.211610814 +0200 +--- nsaserefpolicy/policy/modules/system/daemontools.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/daemontools.te 2010-05-28 07:42:00.000000000 +0000 @@ -39,7 +39,10 @@ # multilog creates /service/*/log/status manage_files_pattern(svc_multilog_t, svc_svc_t, svc_svc_t) @@ -41824,8 +41838,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/daemon daemontools_domtrans_run(svc_start_t) daemontools_manage_svc(svc_start_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.7.19/policy/modules/system/fstools.fc ---- nsaserefpolicy/policy/modules/system/fstools.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/fstools.fc 2010-05-28 09:42:00.212610747 +0200 +--- nsaserefpolicy/policy/modules/system/fstools.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/fstools.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,4 +1,3 @@ -/sbin/badblocks -- gen_context(system_u:object_r:fsadm_exec_t,s0) /sbin/blkid -- gen_context(system_u:object_r:fsadm_exec_t,s0) @@ -41840,8 +41854,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool /sbin/partprobe -- gen_context(system_u:object_r:fsadm_exec_t,s0) /sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.7.19/policy/modules/system/fstools.te ---- nsaserefpolicy/policy/modules/system/fstools.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/fstools.te 2010-08-30 20:22:56.254334577 +0200 +--- nsaserefpolicy/policy/modules/system/fstools.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/fstools.te 2010-08-30 18:22:56.000000000 +0000 @@ -118,6 +118,8 @@ fs_search_tmpfs(fsadm_t) fs_getattr_tmpfs_dirs(fsadm_t) @@ -41887,8 +41901,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool xen_rw_image_files(fsadm_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-3.7.19/policy/modules/system/getty.te ---- nsaserefpolicy/policy/modules/system/getty.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/getty.te 2010-05-28 09:42:00.213610890 +0200 +--- nsaserefpolicy/policy/modules/system/getty.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/getty.te 2010-05-28 07:42:00.000000000 +0000 @@ -84,7 +84,7 @@ term_setattr_all_ttys(getty_t) term_setattr_unallocated_ttys(getty_t) @@ -41899,8 +41913,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty. auth_rw_login_records(getty_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.7.19/policy/modules/system/hostname.te ---- nsaserefpolicy/policy/modules/system/hostname.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/hostname.te 2010-05-28 09:42:00.214610824 +0200 +--- nsaserefpolicy/policy/modules/system/hostname.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/hostname.te 2010-05-28 07:42:00.000000000 +0000 @@ -27,15 +27,18 @@ dev_read_sysfs(hostname_t) @@ -41932,8 +41946,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna xen_dontaudit_use_fds(hostname_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplug.te serefpolicy-3.7.19/policy/modules/system/hotplug.te ---- nsaserefpolicy/policy/modules/system/hotplug.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/hotplug.te 2010-08-11 15:18:19.642089570 +0200 +--- nsaserefpolicy/policy/modules/system/hotplug.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/hotplug.te 2010-08-11 13:18:19.000000000 +0000 @@ -24,7 +24,7 @@ # @@ -41953,8 +41967,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplu files_read_kernel_modules(hotplug_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.7.19/policy/modules/system/init.fc ---- nsaserefpolicy/policy/modules/system/init.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/init.fc 2010-05-28 09:42:00.214610824 +0200 +--- nsaserefpolicy/policy/modules/system/init.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/init.fc 2010-05-28 07:42:00.000000000 +0000 @@ -44,6 +44,9 @@ /usr/sbin/apachectl -- gen_context(system_u:object_r:initrc_exec_t,s0) @@ -41966,8 +41980,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.f # # /var diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.7.19/policy/modules/system/init.if ---- nsaserefpolicy/policy/modules/system/init.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/init.if 2011-01-14 14:25:37.423041886 +0100 +--- nsaserefpolicy/policy/modules/system/init.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/init.if 2011-01-14 13:25:37.000000000 +0000 @@ -193,8 +193,10 @@ gen_require(` attribute direct_run_init, direct_init, direct_init_entry; @@ -42315,8 +42329,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i + manage_files_pattern($1, initrc_state_t, initrc_state_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.7.19/policy/modules/system/init.te ---- nsaserefpolicy/policy/modules/system/init.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/init.te 2011-01-18 16:03:10.193041196 +0100 +--- nsaserefpolicy/policy/modules/system/init.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/init.te 2011-01-18 15:03:10.000000000 +0000 @@ -1,5 +1,5 @@ -policy_module(init, 1.14.2) @@ -42836,8 +42850,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t + fail2ban_read_lib_files(daemon) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.7.19/policy/modules/system/ipsec.fc ---- nsaserefpolicy/policy/modules/system/ipsec.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/ipsec.fc 2010-08-04 14:47:49.067094603 +0200 +--- nsaserefpolicy/policy/modules/system/ipsec.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/ipsec.fc 2010-08-04 12:47:49.000000000 +0000 @@ -25,6 +25,7 @@ /usr/libexec/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0) /usr/libexec/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0) @@ -42856,8 +42870,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec. /var/run/pluto(/.*)? gen_context(system_u:object_r:ipsec_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.7.19/policy/modules/system/ipsec.if ---- nsaserefpolicy/policy/modules/system/ipsec.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/ipsec.if 2010-08-11 11:42:38.707085427 +0200 +--- nsaserefpolicy/policy/modules/system/ipsec.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/ipsec.if 2010-08-11 09:42:38.000000000 +0000 @@ -18,6 +18,24 @@ domtrans_pattern($1, ipsec_exec_t, ipsec_t) ') @@ -42963,8 +42977,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec. + allow ipsec_mgmt_t $1:dbus send_msg; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.7.19/policy/modules/system/ipsec.te ---- nsaserefpolicy/policy/modules/system/ipsec.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/ipsec.te 2010-08-10 17:44:19.793085351 +0200 +--- nsaserefpolicy/policy/modules/system/ipsec.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/ipsec.te 2010-08-10 15:44:19.000000000 +0000 @@ -73,7 +73,7 @@ # @@ -43124,8 +43138,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec. userdom_use_user_terminals(setkey_t) +userdom_read_user_tmp_files(setkey_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.7.19/policy/modules/system/iptables.fc ---- nsaserefpolicy/policy/modules/system/iptables.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/iptables.fc 2010-07-13 08:46:46.673502862 +0200 +--- nsaserefpolicy/policy/modules/system/iptables.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/iptables.fc 2010-07-13 06:46:46.000000000 +0000 @@ -1,13 +1,19 @@ /etc/rc\.d/init\.d/ip6?tables -- gen_context(system_u:object_r:iptables_initrc_exec_t,s0) -/etc/sysconfig/ip6?tables.* -- gen_context(system_u:object_r:iptables_conf_t,s0) @@ -43149,8 +43163,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl /usr/sbin/iptables-restore -- gen_context(system_u:object_r:iptables_exec_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.7.19/policy/modules/system/iptables.if ---- nsaserefpolicy/policy/modules/system/iptables.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/iptables.if 2010-05-28 09:42:00.220610773 +0200 +--- nsaserefpolicy/policy/modules/system/iptables.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/iptables.if 2010-05-28 07:42:00.000000000 +0000 @@ -17,6 +17,10 @@ corecmd_search_bin($1) @@ -43163,8 +43177,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.7.19/policy/modules/system/iptables.te ---- nsaserefpolicy/policy/modules/system/iptables.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/iptables.te 2010-09-09 13:43:36.973085060 +0200 +--- nsaserefpolicy/policy/modules/system/iptables.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/iptables.te 2010-09-09 11:43:36.000000000 +0000 @@ -14,9 +14,6 @@ type iptables_initrc_exec_t; init_script_file(iptables_initrc_exec_t) @@ -43263,8 +43277,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.if serefpolicy-3.7.19/policy/modules/system/iscsi.if ---- nsaserefpolicy/policy/modules/system/iscsi.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/iscsi.if 2010-05-28 09:42:00.221610567 +0200 +--- nsaserefpolicy/policy/modules/system/iscsi.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/iscsi.if 2010-05-28 07:42:00.000000000 +0000 @@ -56,3 +56,21 @@ allow $1 iscsi_var_lib_t:dir list_dir_perms; files_search_var_lib($1) @@ -43288,8 +43302,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi. + allow $1 iscsid_t:sem create_sem_perms; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.7.19/policy/modules/system/iscsi.te ---- nsaserefpolicy/policy/modules/system/iscsi.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/iscsi.te 2011-01-03 08:55:36.369042409 +0100 +--- nsaserefpolicy/policy/modules/system/iscsi.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/iscsi.te 2011-01-03 07:55:36.000000000 +0000 @@ -32,7 +32,9 @@ # @@ -43329,8 +43343,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi. + tgtd_manage_semaphores(iscsid_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/kdump.te serefpolicy-3.7.19/policy/modules/system/kdump.te ---- nsaserefpolicy/policy/modules/system/kdump.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/kdump.te 2010-08-11 11:35:47.007335356 +0200 +--- nsaserefpolicy/policy/modules/system/kdump.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/kdump.te 2010-08-11 09:35:47.000000000 +0000 @@ -28,8 +28,10 @@ files_read_etc_runtime_files(kdump_t) files_read_kernel_img(kdump_t) @@ -43343,8 +43357,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/kdump. dev_read_framebuffer(kdump_t) dev_read_sysfs(kdump_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.7.19/policy/modules/system/libraries.fc ---- nsaserefpolicy/policy/modules/system/libraries.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/libraries.fc 2011-01-03 15:19:24.272041163 +0100 +--- nsaserefpolicy/policy/modules/system/libraries.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/libraries.fc 2011-01-03 14:19:24.000000000 +0000 @@ -127,17 +127,23 @@ /usr/lib64/altivec/libavcodec\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/cedega/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -43573,8 +43587,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar +/opt/google/picasa/.*\.dll -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/google/picasa/.*\.yti -- gen_context(system_u:object_r:textrel_shlib_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.7.19/policy/modules/system/libraries.te ---- nsaserefpolicy/policy/modules/system/libraries.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/libraries.te 2010-05-28 09:42:00.223612180 +0200 +--- nsaserefpolicy/policy/modules/system/libraries.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/libraries.te 2010-05-28 07:42:00.000000000 +0000 @@ -62,7 +62,7 @@ manage_files_pattern(ldconfig_t, ldconfig_cache_t, ldconfig_cache_t) @@ -43612,16 +43626,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar ifdef(`distro_gentoo',` # leaked fds from portage diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.fc serefpolicy-3.7.19/policy/modules/system/locallogin.fc ---- nsaserefpolicy/policy/modules/system/locallogin.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/locallogin.fc 2010-07-14 11:26:45.251159071 +0200 +--- nsaserefpolicy/policy/modules/system/locallogin.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/locallogin.fc 2010-07-14 09:26:45.000000000 +0000 @@ -1,2 +1,4 @@ /sbin/sulogin -- gen_context(system_u:object_r:sulogin_exec_t,s0) +/sbin/sushell -- gen_context(system_u:object_r:sulogin_exec_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.7.19/policy/modules/system/locallogin.te ---- nsaserefpolicy/policy/modules/system/locallogin.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/locallogin.te 2010-05-28 09:42:00.245611274 +0200 +--- nsaserefpolicy/policy/modules/system/locallogin.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/locallogin.te 2010-05-28 07:42:00.000000000 +0000 @@ -33,9 +33,8 @@ # Local login local policy # @@ -43724,8 +43738,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locall - nscd_socket_use(sulogin_t) -') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.7.19/policy/modules/system/logging.fc ---- nsaserefpolicy/policy/modules/system/logging.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/logging.fc 2011-01-03 10:28:54.454042244 +0100 +--- nsaserefpolicy/policy/modules/system/logging.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/logging.fc 2011-01-03 09:28:54.000000000 +0000 @@ -17,6 +17,10 @@ /sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) /sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0) @@ -43767,8 +43781,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin + +/var/webmin(/.*)? gen_context(system_u:object_r:var_log_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.7.19/policy/modules/system/logging.if ---- nsaserefpolicy/policy/modules/system/logging.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/logging.if 2010-09-16 15:43:30.178636919 +0200 +--- nsaserefpolicy/policy/modules/system/logging.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/logging.if 2010-09-16 13:43:30.000000000 +0000 @@ -545,6 +545,25 @@ ######################################## @@ -43867,8 +43881,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin init_labeled_script_domtrans($1, syslogd_initrc_exec_t) domain_system_change_exemption($1) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.7.19/policy/modules/system/logging.te ---- nsaserefpolicy/policy/modules/system/logging.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/logging.te 2010-08-18 13:16:17.741085184 +0200 +--- nsaserefpolicy/policy/modules/system/logging.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/logging.te 2010-08-18 11:16:17.000000000 +0000 @@ -61,6 +61,7 @@ type syslogd_t; type syslogd_exec_t; @@ -43961,8 +43975,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.7.19/policy/modules/system/lvm.fc ---- nsaserefpolicy/policy/modules/system/lvm.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/lvm.fc 2010-12-07 14:22:23.642042343 +0100 +--- nsaserefpolicy/policy/modules/system/lvm.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/lvm.fc 2010-12-07 13:22:23.000000000 +0000 @@ -28,10 +28,12 @@ # /lib/lvm-10/.* -- gen_context(system_u:object_r:lvm_exec_t,s0) @@ -43984,8 +43998,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc /var/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.if serefpolicy-3.7.19/policy/modules/system/lvm.if ---- nsaserefpolicy/policy/modules/system/lvm.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/lvm.if 2010-09-02 13:55:45.873084762 +0200 +--- nsaserefpolicy/policy/modules/system/lvm.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/lvm.if 2010-09-02 11:55:45.000000000 +0000 @@ -34,7 +34,7 @@ type lvm_exec_t; ') @@ -44019,8 +44033,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.if + allow $1 clvmd_tmpfs_t:file unlink; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.7.19/policy/modules/system/lvm.te ---- nsaserefpolicy/policy/modules/system/lvm.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/lvm.te 2010-09-02 13:43:13.984335270 +0200 +--- nsaserefpolicy/policy/modules/system/lvm.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/lvm.te 2010-09-02 11:43:13.000000000 +0000 @@ -13,6 +13,9 @@ type clvmd_initrc_exec_t; init_script_file(clvmd_initrc_exec_t) @@ -44121,8 +44135,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.7.19/policy/modules/system/miscfiles.fc ---- nsaserefpolicy/policy/modules/system/miscfiles.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/miscfiles.fc 2010-12-20 14:52:26.229042213 +0100 +--- nsaserefpolicy/policy/modules/system/miscfiles.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/miscfiles.fc 2010-12-20 13:52:26.000000000 +0000 @@ -9,7 +9,9 @@ # /etc # @@ -44150,8 +44164,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi ifdef(`distro_debian',` /var/lib/msttcorefonts(/.*)? gen_context(system_u:object_r:fonts_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.7.19/policy/modules/system/miscfiles.if ---- nsaserefpolicy/policy/modules/system/miscfiles.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/miscfiles.if 2010-08-13 08:51:13.070085230 +0200 +--- nsaserefpolicy/policy/modules/system/miscfiles.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/miscfiles.if 2010-08-13 06:51:13.000000000 +0000 @@ -1,5 +1,49 @@ ## Miscelaneous files. @@ -44230,8 +44244,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.te serefpolicy-3.7.19/policy/modules/system/miscfiles.te ---- nsaserefpolicy/policy/modules/system/miscfiles.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/miscfiles.te 2010-08-13 08:20:38.726085384 +0200 +--- nsaserefpolicy/policy/modules/system/miscfiles.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/miscfiles.te 2010-08-13 06:20:38.000000000 +0000 @@ -6,11 +6,13 @@ # Declarations # @@ -44248,8 +44262,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi # # fonts_t is the type of various font diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.if serefpolicy-3.7.19/policy/modules/system/modutils.if ---- nsaserefpolicy/policy/modules/system/modutils.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/modutils.if 2010-06-16 22:16:32.597859978 +0200 +--- nsaserefpolicy/policy/modules/system/modutils.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/modutils.if 2010-06-16 20:16:32.000000000 +0000 @@ -37,6 +37,26 @@ allow $1 modules_dep_t:file read_file_perms; ') @@ -44278,8 +44292,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti ## ## Read the configuration options used when diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.7.19/policy/modules/system/modutils.te ---- nsaserefpolicy/policy/modules/system/modutils.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/modutils.te 2010-12-07 10:05:17.730292521 +0100 +--- nsaserefpolicy/policy/modules/system/modutils.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/modutils.te 2010-12-07 09:05:17.000000000 +0000 @@ -19,8 +19,12 @@ type insmod_exec_t; application_domain(insmod_t, insmod_exec_t) @@ -44399,8 +44413,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti dev_rw_xserver_misc(insmod_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.7.19/policy/modules/system/mount.fc ---- nsaserefpolicy/policy/modules/system/mount.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/mount.fc 2010-05-28 09:42:00.508610668 +0200 +--- nsaserefpolicy/policy/modules/system/mount.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/mount.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,4 +1,10 @@ /bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0) /bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0) @@ -44414,8 +44428,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount. +/var/cache/davfs2(/.*)? gen_context(system_u:object_r:mount_var_run_t,s0) +/var/run/davfs2(/.*)? gen_context(system_u:object_r:mount_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.7.19/policy/modules/system/mount.if ---- nsaserefpolicy/policy/modules/system/mount.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/mount.if 2010-05-28 09:42:00.509611579 +0200 +--- nsaserefpolicy/policy/modules/system/mount.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/mount.if 2010-05-28 07:42:00.000000000 +0000 @@ -16,6 +16,14 @@ ') @@ -44614,8 +44628,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount. + role $2 types showmount_t; ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.7.19/policy/modules/system/mount.te ---- nsaserefpolicy/policy/modules/system/mount.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/mount.te 2010-12-01 14:32:13.850040866 +0100 +--- nsaserefpolicy/policy/modules/system/mount.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/mount.te 2010-12-01 13:32:13.000000000 +0000 @@ -18,8 +18,15 @@ init_system_domain(mount_t, mount_exec_t) role system_r types mount_t; @@ -44914,8 +44928,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount. + +userdom_use_user_terminals(showmount_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.fc serefpolicy-3.7.19/policy/modules/system/raid.fc ---- nsaserefpolicy/policy/modules/system/raid.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/raid.fc 2011-01-20 11:41:49.880042636 +0100 +--- nsaserefpolicy/policy/modules/system/raid.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/raid.fc 2011-01-20 10:41:49.000000000 +0000 @@ -1,5 +1,10 @@ /dev/.mdadm.map -- gen_context(system_u:object_r:mdadm_map_t,s0) @@ -44928,8 +44942,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.f /sbin/mdmpd -- gen_context(system_u:object_r:mdadm_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.7.19/policy/modules/system/raid.te ---- nsaserefpolicy/policy/modules/system/raid.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/raid.te 2011-01-20 11:45:32.007043992 +0100 +--- nsaserefpolicy/policy/modules/system/raid.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/raid.te 2011-01-20 10:45:32.000000000 +0000 @@ -26,6 +26,7 @@ dontaudit mdadm_t self:capability sys_tty_config; allow mdadm_t self:process { sigchld sigkill sigstop signull signal }; @@ -44955,8 +44969,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.t term_dontaudit_list_ptys(mdadm_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.7.19/policy/modules/system/selinuxutil.fc ---- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/selinuxutil.fc 2010-05-28 09:42:00.511610748 +0200 +--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/selinuxutil.fc 2010-05-28 07:42:00.000000000 +0000 @@ -6,13 +6,13 @@ /etc/selinux(/.*)? gen_context(system_u:object_r:selinux_config_t,s0) /etc/selinux/([^/]*/)?contexts(/.*)? gen_context(system_u:object_r:default_context_t,s0) @@ -44997,8 +45011,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu +/etc/share/selinux/targeted(/.*)? gen_context(system_u:object_r:semanage_store_t,s0) +/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.7.19/policy/modules/system/selinuxutil.if ---- nsaserefpolicy/policy/modules/system/selinuxutil.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/selinuxutil.if 2011-01-18 15:44:52.758042314 +0100 +--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/selinuxutil.if 2011-01-24 18:44:51.054455001 +0000 @@ -199,6 +199,10 @@ role $2 types newrole_t; @@ -45049,10 +45063,36 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu ') ######################################## -@@ -545,6 +574,53 @@ +@@ -543,6 +572,77 @@ + role $2 types setfiles_t; + ') - ######################################## - ## ++####################################### ++## ++## Allow access for a role to setfiles_t private type ++## ++## ++## ++## Domain allowed access. ++## ++## ++## ++## ++## The role to be allowed the setfiles domain. ++## ++## ++## ++# ++interface(`seutil_role_allow_setfiles',` ++ gen_require(` ++ type setfiles_t; ++ ') ++ ++ role $1 types setfiles_t; ++') ++ ++######################################## ++## +## Execute setfiles in the setfiles domain. +## +## @@ -45098,12 +45138,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu + role $2 types setfiles_mac_t; +') + -+######################################## -+## + ######################################## + ## ## Execute setfiles in the caller domain. - ## - ## -@@ -690,6 +766,7 @@ +@@ -690,6 +790,7 @@ ') files_search_etc($1) @@ -45111,7 +45149,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu manage_files_pattern($1, selinux_config_t, selinux_config_t) read_lnk_files_pattern($1, selinux_config_t, selinux_config_t) ') -@@ -1009,6 +1086,26 @@ +@@ -1009,6 +1110,26 @@ ######################################## ## @@ -45138,7 +45176,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu ## Execute semanage in the semanage domain, and ## allow the specified role the semanage domain, ## and use the caller's terminal. -@@ -1020,7 +1117,7 @@ +@@ -1020,7 +1141,7 @@ ## ## ## @@ -45147,7 +45185,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu ## ## ## -@@ -1038,6 +1135,54 @@ +@@ -1038,6 +1159,54 @@ ######################################## ## @@ -45202,7 +45240,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu ## Full management of the semanage ## module store. ## -@@ -1149,3 +1294,194 @@ +@@ -1149,3 +1318,194 @@ selinux_dontaudit_get_fs_mount($1) seutil_dontaudit_read_config($1) ') @@ -45398,8 +45436,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu +') +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.7.19/policy/modules/system/selinuxutil.te ---- nsaserefpolicy/policy/modules/system/selinuxutil.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/selinuxutil.te 2011-01-20 12:32:53.438042580 +0100 +--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/selinuxutil.te 2011-01-20 11:32:53.000000000 +0000 @@ -23,6 +23,9 @@ type selinux_config_t; files_type(selinux_config_t) @@ -45838,8 +45876,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu + unconfined_domain(setfiles_mac_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-3.7.19/policy/modules/system/setrans.te ---- nsaserefpolicy/policy/modules/system/setrans.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/setrans.te 2010-05-28 09:42:00.515611599 +0200 +--- nsaserefpolicy/policy/modules/system/setrans.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/setrans.te 2010-05-28 07:42:00.000000000 +0000 @@ -13,6 +13,7 @@ type setrans_t; type setrans_exec_t; @@ -45849,14 +45887,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran type setrans_initrc_exec_t; init_script_file(setrans_initrc_exec_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.fc serefpolicy-3.7.19/policy/modules/system/sosreport.fc ---- nsaserefpolicy/policy/modules/system/sosreport.fc 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/system/sosreport.fc 2010-05-28 09:42:00.516610554 +0200 +--- nsaserefpolicy/policy/modules/system/sosreport.fc 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/sosreport.fc 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,2 @@ + +/usr/sbin/sosreport -- gen_context(system_u:object_r:sosreport_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.if serefpolicy-3.7.19/policy/modules/system/sosreport.if ---- nsaserefpolicy/policy/modules/system/sosreport.if 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/system/sosreport.if 2010-05-28 09:42:00.516610554 +0200 +--- nsaserefpolicy/policy/modules/system/sosreport.if 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/sosreport.if 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,131 @@ + +## policy for sosreport @@ -45990,8 +46028,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosrep + allow $1 sosreport_tmp_t:file append; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosreport.te serefpolicy-3.7.19/policy/modules/system/sosreport.te ---- nsaserefpolicy/policy/modules/system/sosreport.te 1970-01-01 01:00:00.000000000 +0100 -+++ serefpolicy-3.7.19/policy/modules/system/sosreport.te 2010-05-28 09:42:00.517610628 +0200 +--- nsaserefpolicy/policy/modules/system/sosreport.te 1970-01-01 00:00:00.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/sosreport.te 2010-05-28 07:42:00.000000000 +0000 @@ -0,0 +1,155 @@ + +policy_module(sosreport,1.0.0) @@ -46149,8 +46187,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sosrep + unconfined_domain(sosreport_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.7.19/policy/modules/system/sysnetwork.fc ---- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/sysnetwork.fc 2010-05-28 09:42:00.517610628 +0200 +--- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/sysnetwork.fc 2010-05-28 07:42:00.000000000 +0000 @@ -64,3 +64,5 @@ ifdef(`distro_gentoo',` /var/lib/dhcpc(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0) @@ -46158,8 +46196,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet + +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.7.19/policy/modules/system/sysnetwork.if ---- nsaserefpolicy/policy/modules/system/sysnetwork.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/sysnetwork.if 2010-08-04 14:40:49.949335299 +0200 +--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/sysnetwork.if 2010-08-04 12:40:49.000000000 +0000 @@ -60,25 +60,24 @@ netutils_run(dhcpc_t, $2) netutils_run_ping(dhcpc_t, $2) @@ -46390,8 +46428,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet + role_transition $1 dhcpc_exec_t system_r; ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.7.19/policy/modules/system/sysnetwork.te ---- nsaserefpolicy/policy/modules/system/sysnetwork.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/sysnetwork.te 2011-01-07 10:38:30.725042747 +0100 +--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/sysnetwork.te 2011-01-07 09:38:30.000000000 +0000 @@ -1,11 +1,18 @@ -policy_module(sysnetwork, 1.10.3) @@ -46550,16 +46588,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet + ') +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.fc serefpolicy-3.7.19/policy/modules/system/udev.fc ---- nsaserefpolicy/policy/modules/system/udev.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/udev.fc 2010-05-28 09:42:00.520610847 +0200 +--- nsaserefpolicy/policy/modules/system/udev.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/udev.fc 2010-05-28 07:42:00.000000000 +0000 @@ -22,3 +22,4 @@ /usr/bin/udevinfo -- gen_context(system_u:object_r:udev_exec_t,s0) /var/run/PackageKit/udev(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0) +/var/run/libgpod(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.7.19/policy/modules/system/udev.if ---- nsaserefpolicy/policy/modules/system/udev.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/udev.if 2010-09-16 15:27:33.814637102 +0200 +--- nsaserefpolicy/policy/modules/system/udev.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/udev.if 2010-09-16 13:27:33.000000000 +0000 @@ -88,8 +88,7 @@ ') @@ -46597,8 +46635,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.i ## udev pid files. ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.7.19/policy/modules/system/udev.te ---- nsaserefpolicy/policy/modules/system/udev.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/udev.te 2011-01-14 14:25:52.533041029 +0100 +--- nsaserefpolicy/policy/modules/system/udev.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/udev.te 2011-01-14 13:25:52.000000000 +0000 @@ -50,6 +50,7 @@ allow udev_t self:unix_stream_socket connectto; allow udev_t self:netlink_kobject_uevent_socket create_socket_perms; @@ -46657,8 +46695,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.7.19/policy/modules/system/unconfined.fc ---- nsaserefpolicy/policy/modules/system/unconfined.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/unconfined.fc 2010-05-28 09:42:00.522610784 +0200 +--- nsaserefpolicy/policy/modules/system/unconfined.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/unconfined.fc 2010-05-28 07:42:00.000000000 +0000 @@ -1,15 +1 @@ # Add programs here which should not be confined by SELinux -# e.g.: @@ -46676,8 +46714,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf -/usr/lib32/openoffice/program/[^/]+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) -') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.7.19/policy/modules/system/unconfined.if ---- nsaserefpolicy/policy/modules/system/unconfined.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/unconfined.if 2010-05-28 09:42:00.523610857 +0200 +--- nsaserefpolicy/policy/modules/system/unconfined.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/unconfined.if 2010-05-28 07:42:00.000000000 +0000 @@ -12,14 +12,13 @@ # interface(`unconfined_domain_noaudit',` @@ -47173,8 +47211,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf - allow $1 unconfined_t:dbus acquire_svc; -') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.7.19/policy/modules/system/unconfined.te ---- nsaserefpolicy/policy/modules/system/unconfined.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/unconfined.te 2010-05-28 09:42:00.524610720 +0200 +--- nsaserefpolicy/policy/modules/system/unconfined.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/unconfined.te 2010-05-28 07:42:00.000000000 +0000 @@ -5,227 +5,5 @@ # # Declarations @@ -47405,8 +47443,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf - ') -') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.7.19/policy/modules/system/userdomain.fc ---- nsaserefpolicy/policy/modules/system/userdomain.fc 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/userdomain.fc 2010-09-15 15:41:19.167386857 +0200 +--- nsaserefpolicy/policy/modules/system/userdomain.fc 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/userdomain.fc 2010-09-15 13:41:19.000000000 +0000 @@ -1,4 +1,18 @@ HOME_DIR -d gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh) +HOME_DIR -l gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh) @@ -47428,8 +47466,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo +HOME_DIR/\.debug(/.*)? <> + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.7.19/policy/modules/system/userdomain.if ---- nsaserefpolicy/policy/modules/system/userdomain.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/userdomain.if 2010-12-09 12:46:32.622291524 +0100 +--- nsaserefpolicy/policy/modules/system/userdomain.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/userdomain.if 2010-12-09 11:46:32.000000000 +0000 @@ -30,8 +30,9 @@ ') @@ -49734,8 +49772,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo + allow $1 user_tmp_t:file delete_file_perms; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.7.19/policy/modules/system/userdomain.te ---- nsaserefpolicy/policy/modules/system/userdomain.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/userdomain.te 2011-01-19 17:11:07.574292106 +0100 +--- nsaserefpolicy/policy/modules/system/userdomain.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/userdomain.te 2011-01-19 16:11:07.000000000 +0000 @@ -29,18 +29,18 @@ ## @@ -49849,8 +49887,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo +# Nautilus causes this avc +dontaudit unpriv_userdomain self:dir setattr; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.7.19/policy/modules/system/xen.if ---- nsaserefpolicy/policy/modules/system/xen.if 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/xen.if 2010-09-16 14:34:16.094636765 +0200 +--- nsaserefpolicy/policy/modules/system/xen.if 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/xen.if 2010-09-16 12:34:16.000000000 +0000 @@ -213,8 +213,9 @@ interface(`xen_domtrans_xm',` gen_require(` @@ -49872,8 +49910,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if files_search_pids($1) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.7.19/policy/modules/system/xen.te ---- nsaserefpolicy/policy/modules/system/xen.te 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/modules/system/xen.te 2010-07-23 14:36:40.882388397 +0200 +--- nsaserefpolicy/policy/modules/system/xen.te 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/modules/system/xen.te 2010-07-23 12:36:40.000000000 +0000 @@ -5,6 +5,7 @@ # # Declarations @@ -49949,8 +49987,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te fs_list_auto_mountpoints(xend_t) files_search_mnt(xend_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns.spt serefpolicy-3.7.19/policy/support/misc_patterns.spt ---- nsaserefpolicy/policy/support/misc_patterns.spt 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/support/misc_patterns.spt 2010-05-28 09:42:00.532611375 +0200 +--- nsaserefpolicy/policy/support/misc_patterns.spt 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/support/misc_patterns.spt 2010-05-28 07:42:00.000000000 +0000 @@ -15,7 +15,7 @@ domain_transition_pattern($1,$2,$3) @@ -49975,8 +50013,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns # diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.7.19/policy/support/obj_perm_sets.spt ---- nsaserefpolicy/policy/support/obj_perm_sets.spt 2010-04-13 20:44:37.000000000 +0200 -+++ serefpolicy-3.7.19/policy/support/obj_perm_sets.spt 2010-05-28 09:42:00.533610400 +0200 +--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2010-04-13 18:44:37.000000000 +0000 ++++ serefpolicy-3.7.19/policy/support/obj_perm_sets.spt 2010-05-28 07:42:00.000000000 +0000 @@ -28,7 +28,7 @@ # # All socket classes. @@ -50087,8 +50125,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets +define(`all_passwd_perms', `{ passwd chfn chsh rootok crontab } ') +define(`all_association_perms', `{ sendto recvfrom setcontext polmatch } ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.7.19/policy/users ---- nsaserefpolicy/policy/users 2010-04-13 20:44:36.000000000 +0200 -+++ serefpolicy-3.7.19/policy/users 2010-05-28 09:42:00.534610823 +0200 +--- nsaserefpolicy/policy/users 2010-04-13 18:44:36.000000000 +0000 ++++ serefpolicy-3.7.19/policy/users 2010-05-28 07:42:00.000000000 +0000 @@ -6,7 +6,7 @@ # # gen_user(username, prefix, role_set, mls_defaultlevel, mls_range, [mcs_catetories]) diff --git a/selinux-policy.spec b/selinux-policy.spec index 8caf73e..95d142f 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -20,7 +20,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 3.7.19 -Release: 85%{?dist} +Release: 86%{?dist} License: GPLv2+ Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -471,6 +471,9 @@ exit 0 %endif %changelog +* Mon Jan 24 2011 Miroslav Grepl 3.7.19-86 +- Add label for /root/.screen + * Thu Jan 20 2011 Miroslav Grepl 3.7.19-85 - Treat irpinit, iprupdate, iprdump services with raid policy - Fixes for kerberos policy