From 492612d3396a867500cd16cc533f29f548c3164b Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Oct 01 2007 21:20:16 +0000
Subject: - Fix exim policy


---

diff --git a/policy-20070703.patch b/policy-20070703.patch
index f2bdeb5..0c636f5 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -5854,8 +5854,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.fc serefpolicy-3.0.8/policy/modules/services/exim.fc
 --- nsaserefpolicy/policy/modules/services/exim.fc	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.0.8/policy/modules/services/exim.fc	2007-09-29 08:32:19.000000000 -0400
-@@ -0,0 +1,17 @@
++++ serefpolicy-3.0.8/policy/modules/services/exim.fc	2007-10-01 15:30:10.000000000 -0400
+@@ -0,0 +1,16 @@
 +# $Id$
 +# Draft SELinux refpolicy module for the Exim MTA
 +# 
@@ -5865,7 +5865,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
 +/var/run/exim4?(/.*)?     gen_context(system_u:object_r:exim_var_run_t,s0)
 +/var/log/exim4?(/.*)?     gen_context(system_u:object_r:exim_log_t,s0)
 +/usr/sbin/exim4?          gen_context(system_u:object_r:exim_exec_t,s0)
-+/usr/sbin/eximstats       gen_context(system_u:object_r:exim_stats_exec_t, s0)
 +ifdef(`distro_debian', `
 +/usr/sbin/update-exim4\.conf    gen_context(system_u:object_r:exim_conf_update_exec_t,s0)
 +# work around a misparse if the word template appears without adjustment
@@ -8771,7 +8770,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.0.8/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/samba.te	2007-09-25 17:09:36.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/samba.te	2007-10-01 16:00:57.000000000 -0400
 @@ -137,6 +137,11 @@
  type winbind_var_run_t;
  files_pid_file(winbind_var_run_t)
@@ -9133,7 +9132,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
  ')
  
  ########################################
-@@ -828,3 +837,36 @@
+@@ -828,3 +837,37 @@
  		domtrans_pattern(smbd_t, samba_unconfined_script_exec_t, samba_unconfined_script_t)
  	')
  ')
@@ -9161,6 +9160,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +samba_read_winbind_pid(smbcontrol_t)
 +
 +allow smbcontrol_t smbd_t:process signal;
++domain_use_interactive_fds(smbcontrol_t)
 +allow smbd_t smbcontrol_t:process { signal signull };
 +
 +allow nmbd_t smbcontrol_t:process signal;
@@ -10348,7 +10348,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.0.8/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2007-08-22 07:14:07.000000000 -0400
-+++ serefpolicy-3.0.8/policy/modules/services/xserver.te	2007-09-26 09:40:50.000000000 -0400
++++ serefpolicy-3.0.8/policy/modules/services/xserver.te	2007-10-01 15:49:15.000000000 -0400
 @@ -16,6 +16,13 @@
  
  ## <desc>
@@ -10363,6 +10363,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ## Allow xdm logins as sysadm
  ## </p>
  ## </desc>
+@@ -96,7 +103,7 @@
+ #
+ 
+ allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
+-allow xdm_t self:process { setexec setpgid getsched setsched setrlimit signal_perms setkeycreate };
++allow xdm_t self:process { setexec setpgid getsched ptrace setsched setrlimit signal_perms setkeycreate };
+ allow xdm_t self:fifo_file rw_fifo_file_perms;
+ allow xdm_t self:shm create_shm_perms;
+ allow xdm_t self:sem create_sem_perms;
 @@ -132,15 +139,20 @@
  manage_fifo_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
  manage_sock_files_pattern(xdm_t,xdm_tmpfs_t,xdm_tmpfs_t)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index e13a886..8ea3396 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.0.8
-Release: 15%{?dist}
+Release: 16%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -365,6 +365,9 @@ exit 0
 %endif
 
 %changelog
+* Mon Oct 1 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-16
+- Fix exim policy
+
 * Thu Sep 24 2007 Dan Walsh <dwalsh@redhat.com> 3.0.8-15
 - Allow tmpreadper to read man_t
 - Allow racoon to bind to all nodes