From 2e1316427a411c3b8f9b9f4610f4dc976656e432 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@fedoraproject.org>
Date: Mar 27 2009 08:33:15 +0000
Subject: - Allow bitlbee_t to read /proc/meminfo


---

diff --git a/policy-20080710.patch b/policy-20080710.patch
index d0d1b80..6f3aa51 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -9698,8 +9698,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/logadm.
 +logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.te serefpolicy-3.5.13/policy/modules/roles/staff.te
 --- nsaserefpolicy/policy/modules/roles/staff.te	2008-10-17 14:49:14.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/roles/staff.te	2009-02-10 15:07:15.000000000 +0100
-@@ -4,27 +4,79 @@
++++ serefpolicy-3.5.13/policy/modules/roles/staff.te	2009-03-27 09:03:11.000000000 +0100
+@@ -4,27 +4,81 @@
  ########################################
  #
  # Declarations
@@ -9721,6 +9721,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/staff.t
 +kernel_getattr_message_if(staff_t)
 +kernel_read_software_raid_state(staff_t)
 +
++term_use_unallocated_ttys(staff_t)
++
 +auth_domtrans_pam_console(staff_t)
 +
 +libs_manage_shared_libs(staff_t)
@@ -13240,6 +13242,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
  # for /etc/rndc.key
  ifdef(`distro_redhat',`
  	allow ndc_t named_conf_t:dir search;
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.5.13/policy/modules/services/bitlbee.te
+--- nsaserefpolicy/policy/modules/services/bitlbee.te	2008-10-17 14:49:13.000000000 +0200
++++ serefpolicy-3.5.13/policy/modules/services/bitlbee.te	2009-03-27 09:08:23.000000000 +0100
+@@ -69,6 +69,8 @@
+ corenet_tcp_connect_http_port(bitlbee_t)
+ corenet_tcp_sendrecv_http_port(bitlbee_t)
+ 
++kernel_read_system_state(bitlbee_t)  
++
+ dev_read_rand(bitlbee_t)
+ dev_read_urand(bitlbee_t)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.5.13/policy/modules/services/bluetooth.fc
 --- nsaserefpolicy/policy/modules/services/bluetooth.fc	2008-10-17 14:49:13.000000000 +0200
 +++ serefpolicy-3.5.13/policy/modules/services/bluetooth.fc	2009-02-10 15:07:15.000000000 +0100
@@ -32696,7 +32710,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.5.13/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/init.te	2009-02-10 15:07:15.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/system/init.te	2009-03-27 09:06:57.000000000 +0100
 @@ -17,6 +17,20 @@
  ## </desc>
  gen_tunable(init_upstart,false)
@@ -32943,7 +32957,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  	vmware_read_system_config(initrc_t)
  	vmware_append_system_config(initrc_t)
  ')
-@@ -795,3 +864,11 @@
+@@ -795,3 +864,17 @@
  optional_policy(`
  	zebra_read_config(initrc_t)
  ')
@@ -32954,6 +32968,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
 +
 +optional_policy(`
 +	xserver_rw_xdm_home_files(daemon)
++	tunable_policy(`use_nfs_home_dirs',`
++		fs_dontaudit_rw_nfs_files(daemon)
++	')
++	tunable_policy(`use_samba_home_dirs',`
++ 		fs_dontaudit_rw_cifs_files(daemon)
++	')
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.5.13/policy/modules/system/ipsec.fc
 --- nsaserefpolicy/policy/modules/system/ipsec.fc	2008-10-17 14:49:13.000000000 +0200
@@ -33100,7 +33120,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  allow setkey_t ipsec_conf_file_t:dir list_dir_perms;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.fc serefpolicy-3.5.13/policy/modules/system/iptables.fc
 --- nsaserefpolicy/policy/modules/system/iptables.fc	2008-10-17 14:49:13.000000000 +0200
-+++ serefpolicy-3.5.13/policy/modules/system/iptables.fc	2009-03-25 01:47:29.000000000 +0100
++++ serefpolicy-3.5.13/policy/modules/system/iptables.fc	2009-03-25 22:38:51.000000000 +0100
 @@ -6,3 +6,4 @@
  /usr/sbin/ip6tables.*	--	gen_context(system_u:object_r:iptables_exec_t,s0)
  /usr/sbin/ipchains.*	--	gen_context(system_u:object_r:iptables_exec_t,s0)