From 6db69f086d1b42a8f3345228730a0b9331e3f44b Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Jul 09 2008 13:05:54 +0000
Subject: Add nscd inotify fix


---

diff --git a/policy-20080509.patch b/policy-20080509.patch
index 85f3e50..1eb06dc 100644
--- a/policy-20080509.patch
+++ b/policy-20080509.patch
@@ -19221,7 +19221,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.4.2/policy/modules/services/nscd.te
 --- nsaserefpolicy/policy/modules/services/nscd.te	2008-06-12 23:25:05.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/services/nscd.te	2008-07-02 08:47:04.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/services/nscd.te	2008-07-09 07:41:41.000000000 -0400
 @@ -23,19 +23,22 @@
  type nscd_log_t;
  logging_log_file(nscd_log_t)
@@ -19257,7 +19257,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
  kernel_read_kernel_sysctls(nscd_t)
  kernel_list_proc(nscd_t)
  kernel_read_proc_symlinks(nscd_t)
-@@ -73,6 +78,7 @@
+@@ -60,6 +65,7 @@
+ 
+ fs_getattr_all_fs(nscd_t)
+ fs_search_auto_mountpoints(nscd_t)
++fs_list_inotifyfs(nscd_t)
+ 
+ # for when /etc/passwd has just been updated and has the wrong type
+ auth_getattr_shadow(nscd_t)
+@@ -73,6 +79,7 @@
  corenet_udp_sendrecv_all_nodes(nscd_t)
  corenet_tcp_sendrecv_all_ports(nscd_t)
  corenet_udp_sendrecv_all_ports(nscd_t)
@@ -19265,7 +19273,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
  corenet_tcp_connect_all_ports(nscd_t)
  corenet_sendrecv_all_client_packets(nscd_t)
  corenet_rw_tun_tap_dev(nscd_t)
-@@ -84,6 +90,7 @@
+@@ -84,6 +91,7 @@
  selinux_compute_relabel_context(nscd_t)
  selinux_compute_user_contexts(nscd_t)
  domain_use_interactive_fds(nscd_t)
@@ -19273,7 +19281,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
  
  files_read_etc_files(nscd_t)
  files_read_generic_tmp_symlinks(nscd_t)
-@@ -93,6 +100,7 @@
+@@ -93,6 +101,7 @@
  libs_use_ld_so(nscd_t)
  libs_use_shared_libs(nscd_t)
  
@@ -19281,7 +19289,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
  logging_send_syslog_msg(nscd_t)
  
  miscfiles_read_localization(nscd_t)
-@@ -108,6 +116,14 @@
+@@ -108,6 +117,14 @@
  sysadm_dontaudit_search_home_dirs(nscd_t)
  
  optional_policy(`
@@ -19296,7 +19304,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
  	udev_read_db(nscd_t)
  ')
  
-@@ -115,3 +131,12 @@
+@@ -115,3 +132,12 @@
  	xen_dontaudit_rw_unix_stream_sockets(nscd_t)
  	xen_append_log(nscd_t)
  ')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 8c81954..6648fc8 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.4.2
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -278,7 +278,7 @@ SELinux Reference policy targeted base module.
 %post targeted
 if [ $1 -eq 1 ]; then
 %loadpolicy targeted
-semanage user -a -S targeted -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u 
+bnsemanage user -a -S targeted -P user -R "unconfined_r system_r" -r s0-s0:c0.c1023 unconfined_u 
 semanage login -m -S targeted  -s "unconfined_u" -r s0-s0:c0.c1023 __default__
 semanage login -m -S targeted  -s "unconfined_u" -r s0-s0:c0.c1023 root
 semanage user -a -S targeted  -P user -R guest_r guest_u
@@ -375,6 +375,9 @@ exit 0
 %endif
 
 %changelog
+* Wed Jul 9 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-14
+- Add inotify support to nscd
+
 * Tue Jul 8 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-13
 - Allow unconfined_t to setfcap