From 7b43f5254f69c59890532c61a5f74fbd3ff74c2c Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Dec 02 2008 19:59:35 +0000
Subject: - Fix labeling on /var/spool/rsyslog


---

diff --git a/modules-mls.conf b/modules-mls.conf
index 38a8db0..5525889 100644
--- a/modules-mls.conf
+++ b/modules-mls.conf
@@ -1143,7 +1143,7 @@ rpcbind = module
 #
 # X windows window manager
 # 
-wm = module
+#wm = module
 
 # Layer: services
 # Module: virt
diff --git a/policy-20081111.patch b/policy-20081111.patch
index 502a25b..968e8e7 100644
--- a/policy-20081111.patch
+++ b/policy-20081111.patch
@@ -3638,7 +3638,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wm.te serefpolicy-3.6.1/policy/modules/apps/wm.te
 --- nsaserefpolicy/policy/modules/apps/wm.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/apps/wm.te	2008-11-25 09:45:43.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/apps/wm.te	2008-12-02 14:52:51.000000000 -0500
 @@ -0,0 +1,104 @@
 +policy_module(wm,0.0.4)
 +
@@ -3684,22 +3684,22 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +allow wm_t self:fifo_file { write read };
 +
 +
-+allow wm_t $2_client_xevent_t:x_synthetic_event send;
-+allow wm_t $2_focus_xevent_t:x_event receive;
-+allow wm_t $2_input_xevent_t:x_event receive;
-+allow wm_t $2_manage_xevent_t:x_event receive;
-+allow wm_t $2_manage_xevent_t:x_synthetic_event { receive send };
-+allow wm_t $2_property_xevent_t:x_event receive;
-+allow wm_t $2_xproperty_t:x_property { read write destroy };
-+allow wm_t $2_rootwindow_t:x_colormap { install uninstall use add_color remove_color read };
-+allow wm_t $2_rootwindow_t:x_drawable { read write manage setattr get_property hide show receive set_property create send add_child remove_child getattr list_property blend list_child destroy override };
-+allow wm_t $2_xproperty_t:x_property { write read };
++allow wm_t client_xevent_t:x_synthetic_event send;
++allow wm_t focus_xevent_t:x_event receive;
++allow wm_t input_xevent_t:x_event receive;
++allow wm_t manage_xevent_t:x_event receive;
++allow wm_t manage_xevent_t:x_synthetic_event { receive send };
++allow wm_t property_xevent_t:x_event receive;
++allow wm_t xproperty_t:x_property { read write destroy };
++allow wm_t rootwindow_t:x_colormap { install uninstall use add_color remove_color read };
++allow wm_t rootwindow_t:x_drawable { read write manage setattr get_property hide show receive set_property create send add_child remove_child getattr list_property blend list_child destroy override };
++allow wm_t xproperty_t:x_property { write read };
 +allow wm_t xserver_t:x_device { force_cursor setfocus use setattr grab manage getattr freeze write };
 +allow wm_t xserver_t:x_resource { read write };
 +allow wm_t xserver_t:x_screen setattr;
 +allow wm_t xselection_t:x_selection setattr;
 +
-+allow wm_t $2_t:x_drawable { get_property setattr show receive manage send read getattr list_child set_property };
++allow wm_t :x_drawable { get_property setattr show receive manage send read getattr list_child set_property };
 +allow wm_t $2_t:x_resource { read write };
 +
 +ifdef(`enable_mls',`
@@ -25126,7 +25126,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.6.1/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-11-13 18:40:02.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/system/userdomain.if	2008-12-02 14:39:39.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/system/userdomain.if	2008-12-02 14:58:08.000000000 -0500
 @@ -30,8 +30,9 @@
  	')
  
@@ -26414,7 +26414,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Send a dbus message to all user domains.
  ## </summary>
  ## <param name="domain">
-@@ -2981,3 +3165,247 @@
+@@ -2981,3 +3165,245 @@
  
  	allow $1 userdomain:dbus send_msg;
  ')
@@ -26636,14 +26636,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +#
 +interface(`userdom_dgram_send',`
 +	gen_require(`
-+		attribute 
++		attribute unpriv_userdomain;
 +	')
 +
 +	allow $1 unpriv_userdomain:unix_dgram_socket sendto;
 +')
 +
-+
-+
 +#######################################
 +## <summary>
 +##	Allow execmod on files in homedirectory