From 28178e2357eb6c967514c8fe7a3e62a37be6e518 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Jan 23 2008 20:16:45 +0000
Subject: - Allow zebra to listen on port 521


---

diff --git a/policy-20070703.patch b/policy-20070703.patch
index 22b8fad..fe1da2b 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -4151,7 +4151,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.0.8/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2007-10-22 13:21:41.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/kernel/corenetwork.te.in	2008-01-17 09:03:07.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/kernel/corenetwork.te.in	2008-01-22 09:06:06.000000000 -0500
 @@ -55,6 +55,11 @@
  type reserved_port_t, port_type, reserved_port_type;
  
@@ -4214,7 +4214,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(pop, tcp,106,s0, tcp,109,s0, tcp,110,s0, tcp,143,s0, tcp,220,s0, tcp,993,s0, tcp,995,s0, tcp,1109,s0)
  network_port(portmap, udp,111,s0, tcp,111,s0)
  network_port(postgresql, tcp,5432,s0)
-@@ -141,12 +154,12 @@
+@@ -137,16 +150,16 @@
+ network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
+ network_port(rlogind, tcp,513,s0)
+ network_port(rndc, tcp,953,s0)
+-network_port(router, udp,520,s0)
++network_port(router, udp,520,s0, udp,521,s0, tcp,521,s0)
  network_port(rsh, tcp,514,s0)
  network_port(rsync, tcp,873,s0, udp,873,s0)
  network_port(rwho, udp,513,s0)
@@ -11002,7 +11007,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.0.8/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te	2008-01-17 09:03:07.000000000 -0500
++++ serefpolicy-3.0.8/policy/modules/services/networkmanager.te	2008-01-22 09:24:05.000000000 -0500
 @@ -13,6 +13,9 @@
  type NetworkManager_var_run_t;
  files_pid_file(NetworkManager_var_run_t)
@@ -11041,7 +11046,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  
  init_read_utmp(NetworkManager_t)
  init_domtrans_script(NetworkManager_t)
-@@ -129,15 +137,13 @@
+@@ -129,15 +137,17 @@
  ')
  
  optional_policy(`
@@ -11056,10 +11061,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  	dbus_send_system_bus(NetworkManager_t)
 +	dbus_dontaudit_rw_system_selinux_socket(NetworkManager_t)
 +	dbus_system_domain(NetworkManager_t,NetworkManager_exec_t)
++')
++
++optional_policy(`
++	hal_write_log(NetworkManager_t)
  ')
  
  optional_policy(`
-@@ -151,6 +157,8 @@
+@@ -151,6 +161,8 @@
  optional_policy(`
  	nscd_socket_use(NetworkManager_t)
  	nscd_signal(NetworkManager_t)
@@ -11068,7 +11077,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  ')
  
  optional_policy(`
-@@ -162,6 +170,7 @@
+@@ -162,6 +174,7 @@
  	ppp_domtrans(NetworkManager_t)
  	ppp_read_pid_files(NetworkManager_t)
  	ppp_signal(NetworkManager_t)
@@ -11076,7 +11085,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
  ')
  
  optional_policy(`
-@@ -173,8 +182,10 @@
+@@ -173,8 +186,10 @@
  ')
  
  optional_policy(`
@@ -19498,9 +19507,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.0.8/policy/modules/system/unconfined.fc
 --- nsaserefpolicy/policy/modules/system/unconfined.fc	2007-10-22 13:21:39.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/system/unconfined.fc	2008-01-17 09:03:07.000000000 -0500
-@@ -10,3 +10,7 @@
- /usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
++++ serefpolicy-3.0.8/policy/modules/system/unconfined.fc	2008-01-22 09:29:20.000000000 -0500
+@@ -7,6 +7,10 @@
+ /usr/bin/vncserver		--	gen_context(system_u:object_r:unconfined_exec_t,s0)
+ 
+ /usr/lib/ia32el/ia32x_loader 	--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
+-/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
++/usr/lib(64)?/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
  
  /usr/local/RealPlayer/realplay\.bin --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 +/usr/bin/rhythmbox		    --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 425df0c..2905620 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 80%{?dist}
+Release: 81%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -381,6 +381,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Jan 22 2008 Dan Walsh <dwalsh@redhat.com> 3.0.8-81
+- Allow zebra to listen on port 521
+
 * Thu Jan 17 2008 Dan Walsh <dwalsh@redhat.com> 3.0.8-79
 - Add procmail_log support
 - Lots of fixes for munin