From 8151ad88de8cb802071ec4ad72c2b3e1386fcfdb Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: May 19 2010 21:03:17 +0000
Subject: - Add labels for /sys

- Allow sshd to getattr on shutdown
- Fixes for munin
- Allow sssd to use the kernel key ring
- Allow tor to send syslog messages
- Allow iptabels to read usr files
- allow policykit to read all domains state Resolves: #591561

---

diff --git a/policy-F13.patch b/policy-F13.patch
index ea004ed..4f4b3e7 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -7471,7 +7471,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.7.19/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2010-03-05 10:46:32.000000000 -0500
-+++ serefpolicy-3.7.19/policy/modules/kernel/devices.fc	2010-05-19 10:46:23.000000000 -0400
++++ serefpolicy-3.7.19/policy/modules/kernel/devices.fc	2010-05-19 17:00:41.000000000 -0400
 @@ -108,6 +108,7 @@
  /dev/urandom		-c	gen_context(system_u:object_r:urandom_device_t,s0)
  /dev/ub[a-c]		-c	gen_context(system_u:object_r:usb_device_t,s0)
@@ -7496,7 +7496,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
 +#
 +# /sys
 +#
-+/sys/.*				gen_context(system_u:object_r:sysfs_t,s0)
++/sys(/.*)?			gen_context(system_u:object_r:sysfs_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.7.19/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2010-03-05 10:46:32.000000000 -0500
 +++ serefpolicy-3.7.19/policy/modules/kernel/devices.if	2010-05-17 11:06:34.000000000 -0400
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 4ab1bf8..8bc0ff7 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.7.19
-Release: 18%{?dist}
+Release: 19%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -468,7 +468,7 @@ exit 0
 %endif
 
 %changelog
-* Wed May 19 2010 Dan Walsh <dwalsh@redhat.com> 3.7.19-18
+* Wed May 19 2010 Dan Walsh <dwalsh@redhat.com> 3.7.19-19
 - Add labels for /sys
 - Allow sshd to getattr on shutdown
 - Fixes for munin