From 4d2a842bc6d4f1d3f4abf2e5921a0aa0dc7c2ce9 Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@fedoraproject.org>
Date: Apr 23 2010 07:20:38 +0000
Subject: - Add ldap_stream_connect_dirsrv interface


---

diff --git a/policy-20090521.patch b/policy-20090521.patch
index 661a867..bc58591 100644
--- a/policy-20090521.patch
+++ b/policy-20090521.patch
@@ -3698,6 +3698,40 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  sysnet_dns_name_resolve(kpropd_t)
  
  kerberos_use(kpropd_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.if serefpolicy-3.6.12/policy/modules/services/ldap.if
+--- nsaserefpolicy/policy/modules/services/ldap.if	2009-04-07 21:54:47.000000000 +0200
++++ serefpolicy-3.6.12/policy/modules/services/ldap.if	2010-04-23 08:45:15.548746369 +0200
+@@ -71,6 +71,30 @@
+ 	files_search_pids($1)
+ 	allow $1 slapd_var_run_t:sock_file write;
+ 	allow $1 slapd_t:unix_stream_socket connectto;
++
++	optional_policy(`
++		ldap_stream_connect_dirsrv($1) 
++	')
++')
++
++#######################################
++## <summary>
++## Connect to dirsrv over an unix stream socket.
++## </summary>
++## <param name="domain">
++## <summary>
++## Domain allowed access.
++## </summary>
++## </param>
++#
++interface(`ldap_stream_connect_dirsrv',`
++	gen_require(`
++		type dirsrv_t, dirsrv_var_run_t;
++	')
++
++	files_search_pids($1)
++	allow $1 dirsrv_var_run_t:sock_file write;
++	allow $1 dirsrv_t:unix_stream_socket connectto;
+ ')
+ 
+ ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.6.12/policy/modules/services/lircd.te
 --- nsaserefpolicy/policy/modules/services/lircd.te	2010-01-19 12:51:12.082608701 +0100
 +++ serefpolicy-3.6.12/policy/modules/services/lircd.te	2010-01-19 12:51:30.782616396 +0100
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 6958068..413e45f 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.12
-Release: 96%{?dist}
+Release: 97%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -442,6 +442,9 @@ exit 0
 %endif
 
 %changelog
+* Fri Apr 23 2010 Miroslav Grepl <mgrepl@redhat.com> 3.6.12-97
+- Add ldap_stream_connect_dirsrv interface
+
 * Tue Mar 23 2010 Miroslav Grepl <mgrepl@redhat.com> 3.6.12-96
 - Dontaudit fail2ban leaks