From 2f648d978d903b25443e4c2bcf07fd0798aa0f16 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Feb 27 2008 02:30:24 +0000
Subject: - Add cyphesis policy


---

diff --git a/policy-20071130.patch b/policy-20071130.patch
index 709d107..052634b 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -6716,7 +6716,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  type lvm_control_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.3.1/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2007-12-19 05:32:07.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/kernel/domain.te	2008-02-26 08:29:22.000000000 -0500
++++ serefpolicy-3.3.1/policy/modules/kernel/domain.te	2008-02-26 21:27:47.000000000 -0500
 @@ -5,6 +5,13 @@
  #
  # Declarations
@@ -6739,7 +6739,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
  
  # create child processes in the domain
  allow domain self:process { fork sigchld };
-@@ -140,7 +148,7 @@
+@@ -96,6 +104,7 @@
+ 
+ # list the root directory
+ files_list_root(domain)
++files_getattr_all_dirs(domain)
+ 
+ tunable_policy(`global_ssp',`
+ 	# enable reading of urandom for all domains:
+@@ -140,7 +149,7 @@
  
  # For /proc/pid
  allow unconfined_domain_type domain:dir list_dir_perms;
@@ -6748,7 +6756,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
  allow unconfined_domain_type domain:lnk_file { read_lnk_file_perms ioctl lock };
  
  # act on all domains keys
-@@ -148,3 +156,27 @@
+@@ -148,3 +157,27 @@
  
  # receive from all domains over labeled networking
  domain_all_recvfrom_all_domains(unconfined_domain_type)