From 810e69636e0b60295f7ad837ad6cc3118adb6f01 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: May 14 2007 19:54:57 +0000
Subject: - Update to latest from upstream


---

diff --git a/policy-20070501.patch b/policy-20070501.patch
index f5963f7..ded66f2 100644
--- a/policy-20070501.patch
+++ b/policy-20070501.patch
@@ -5978,8 +5978,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fuserm
 \ No newline at end of file
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.te serefpolicy-2.6.4/policy/modules/system/fusermount.te
 --- nsaserefpolicy/policy/modules/system/fusermount.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/system/fusermount.te	2007-05-08 09:59:33.000000000 -0400
-@@ -0,0 +1,50 @@
++++ serefpolicy-2.6.4/policy/modules/system/fusermount.te	2007-05-14 15:36:32.000000000 -0400
+@@ -0,0 +1,51 @@
 +policy_module(fusermount,1.0.0)
 +
 +########################################
@@ -6019,6 +6019,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fuserm
 +optional_policy(`
 +	hal_write_log(fusermount_t)
 +	hal_use_fds(fusermount_t)
++	hal_rw_pipes(fusermount_t)
 +')
 +
 +optional_policy(`
@@ -6304,7 +6305,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.6.4/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2007-05-04 12:19:22.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/libraries.fc	2007-05-08 09:59:33.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/libraries.fc	2007-05-14 14:18:52.000000000 -0400
 @@ -81,8 +81,8 @@
  /opt/cisco-vpnclient/lib/libvpnapi\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -6315,7 +6316,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  
  ifdef(`distro_gentoo',`
  # despite the extensions, they are actually libs
-@@ -132,8 +132,10 @@
+@@ -132,13 +132,16 @@
  
  /usr/(.*/)?nvidia/.+\.so(\..*)?		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
@@ -6327,6 +6328,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  
  /usr/(.*/)?lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?(/.*)?/nvidia/.+\.so(\..*)? --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libsipphoneapi\.so.*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/ati-fglrx/.+\.so(\..*)?	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?/xorg/libGL\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/fglrx/libGL\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libGLU\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-2.6.4/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2007-05-04 12:19:23.000000000 -0400
 +++ serefpolicy-2.6.4/policy/modules/system/libraries.te	2007-05-08 09:59:33.000000000 -0400
@@ -6789,7 +6796,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.6.4/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/mount.te	2007-05-08 09:59:33.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/mount.te	2007-05-14 15:36:25.000000000 -0400
 @@ -9,6 +9,13 @@
  ifdef(`targeted_policy',`
  ## <desc>
@@ -6844,7 +6851,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  	')
  ')
  
-@@ -205,3 +222,52 @@
+@@ -205,3 +222,53 @@
  	files_etc_filetrans_etc_runtime(unconfined_mount_t,file)
  	unconfined_domain(unconfined_mount_t)
  ')
@@ -6891,6 +6898,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 +optional_policy(`
 +	hal_write_log(mount_ntfs_t)
 +	hal_use_fds(mount_ntfs_t)
++	hal_rw_pipes(mount_ntfs_t)
 +')
 +
 +ifdef(`targeted_policy',`
@@ -8117,7 +8125,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.6.4/policy/modules/system/xen.if
 --- nsaserefpolicy/policy/modules/system/xen.if	2007-01-02 12:57:49.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/system/xen.if	2007-05-11 18:25:10.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/xen.if	2007-05-14 15:38:19.000000000 -0400
 @@ -72,12 +72,35 @@
  	')
  
@@ -8154,7 +8162,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
  ##	Do not audit attempts to read and write
  ##	Xen unix domain stream sockets.  These
  ##	are leaked file descriptors.
-@@ -151,3 +174,45 @@
+@@ -151,3 +174,25 @@
  
  	domtrans_pattern($1,xm_exec_t,xm_t)
  ')
@@ -8172,26 +8180,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
 +#
 +interface(`xen_read_image_files',`
 +	gen_require(`
-+		type xen_image_t;
-+	')
-+
-+	files_list_var_lib($1)
-+	read_files_pattern($1,xen_image_t,xen_image_t)
-+')
-+
-+########################################
-+## <summary>
-+##	Allow the specified domain to read
-+##	xend image files.
-+## </summary>
-+## <param name="domain">
-+## 	<summary>
-+##	Domain allowed to transition.
-+## 	</summary>
-+## </param>
-+#
-+interface(`xen_read_image_files',`
-+	gen_require(`
 +		type xen_image_t, xend_var_lib_t;
 +	')
 +
@@ -8202,7 +8190,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.6.4/policy/modules/system/xen.te
 --- nsaserefpolicy/policy/modules/system/xen.te	2007-04-23 09:36:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/xen.te	2007-05-14 13:27:09.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/xen.te	2007-05-14 15:40:20.000000000 -0400
 @@ -25,6 +25,10 @@
  domain_type(xend_t)
  init_daemon_domain(xend_t, xend_exec_t)
@@ -8236,8 +8224,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
  manage_sock_files_pattern(xend_t,xend_var_log_t,xend_var_log_t)
  logging_log_filetrans(xend_t,xend_var_log_t,{ sock_file file dir })
  
-+manage_files_Patter(xend_t,xend_tmp_t,xend_tmp_t)
-+manage_dirs_Patter(xend_t,xend_tmp_t,xend_tmp_t)
++manage_files_pattern(xend_t,xend_tmp_t,xend_tmp_t)
++manage_dirs_pattern(xend_t,xend_tmp_t,xend_tmp_t)
 +files_tmp_filetrans(xend_t, xend_tmp_t, { file dir })
 +
  # var/lib files for xend
diff --git a/selinux-policy.spec b/selinux-policy.spec
index add403d..b1af9db 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -359,6 +359,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init
 %endif
 
 %changelog
+* Mon May 14 2007 Dan Walsh <dwalsh@redhat.com> 2.6.4-1
+- Update to latest from upstream
+
 * Fri May 4 2007 Dan Walsh <dwalsh@redhat.com> 2.6.3-1
 - Update to latest from upstream