From 81794767c684ef5d4fe754a6217df9c9231ba59b Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Feb 17 2009 14:07:10 +0000
Subject: - Fix squidGuard labeling


---

diff --git a/policy-20090105.patch b/policy-20090105.patch
index f1d202a..9c0874b 100644
--- a/policy-20090105.patch
+++ b/policy-20090105.patch
@@ -18513,7 +18513,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.6/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.6/policy/modules/services/postfix.te	2009-02-16 13:18:06.000000000 -0500
++++ serefpolicy-3.6.6/policy/modules/services/postfix.te	2009-02-17 08:27:34.000000000 -0500
 @@ -6,6 +6,15 @@
  # Declarations
  #
@@ -18829,7 +18829,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	mailman_read_data_files(postfix_smtpd_t)
  ')
  
-@@ -572,7 +666,7 @@
+@@ -572,12 +666,13 @@
  files_tmp_filetrans(postfix_virtual_t, postfix_virtual_tmp_t, { file dir })
  
  # connect to master process
@@ -18838,6 +18838,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corecmd_exec_shell(postfix_virtual_t)
  corecmd_exec_bin(postfix_virtual_t)
+ 
+ files_read_etc_files(postfix_virtual_t)
++files_read_usr_files(postfix_virtual_t)
+ 
+ mta_read_aliases(postfix_virtual_t)
+ mta_delete_spool(postfix_virtual_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.6/policy/modules/services/postgresql.fc
 --- nsaserefpolicy/policy/modules/services/postgresql.fc	2008-08-14 13:08:27.000000000 -0400
 +++ serefpolicy-3.6.6/policy/modules/services/postgresql.fc	2009-02-16 13:18:06.000000000 -0500
@@ -22455,6 +22461,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  optional_policy(`
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.6.6/policy/modules/services/squid.fc
+--- nsaserefpolicy/policy/modules/services/squid.fc	2008-10-08 19:00:27.000000000 -0400
++++ serefpolicy-3.6.6/policy/modules/services/squid.fc	2009-02-17 09:06:28.000000000 -0500
+@@ -6,7 +6,11 @@
+ /usr/sbin/squid		--	gen_context(system_u:object_r:squid_exec_t,s0)
+ /usr/share/squid(/.*)?		gen_context(system_u:object_r:squid_conf_t,s0)
+ 
++/var/squidGuard(/.*)?		gen_context(system_u:object_r:squid_cache_t,s0)
+ /var/cache/squid(/.*)?		gen_context(system_u:object_r:squid_cache_t,s0)
++
+ /var/log/squid(/.*)?		gen_context(system_u:object_r:squid_log_t,s0)
++/var/log/squidGuard(/.*)?	gen_context(system_u:object_r:squid_log_t,s0)
++
+ /var/run/squid\.pid	--	gen_context(system_u:object_r:squid_var_run_t,s0)
+ /var/spool/squid(/.*)?		gen_context(system_u:object_r:squid_cache_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.6.6/policy/modules/services/squid.if
 --- nsaserefpolicy/policy/modules/services/squid.if	2008-11-11 16:13:45.000000000 -0500
 +++ serefpolicy-3.6.6/policy/modules/services/squid.if	2009-02-16 13:18:06.000000000 -0500
@@ -26077,7 +26098,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.6.6/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.6/policy/modules/system/libraries.fc	2009-02-16 13:18:06.000000000 -0500
++++ serefpolicy-3.6.6/policy/modules/system/libraries.fc	2009-02-17 08:47:24.000000000 -0500
 @@ -60,12 +60,15 @@
  #
  # /opt
@@ -26169,6 +26190,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/lib(64)?/libSDL-.*\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/lib(64)?/xorg/modules/dri/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/X11R6/lib/modules/dri/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+@@ -233,7 +250,7 @@
+ /usr/lib(64)?/php/modules/.+\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ 
+ # Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
+-/usr/lib(64)?.*/libmpg123\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib(64)?.*/libmpg123\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/codecs/drv[1-9c]\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libpostproc\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+ /usr/lib(64)?/libavformat.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 @@ -246,12 +263,13 @@
  
  # Flash plugin, Macromedia
@@ -31490,7 +31520,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.6.6/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2008-10-16 17:21:16.000000000 -0400
-+++ serefpolicy-3.6.6/policy/support/obj_perm_sets.spt	2009-02-16 13:18:06.000000000 -0500
++++ serefpolicy-3.6.6/policy/support/obj_perm_sets.spt	2009-02-17 08:43:20.000000000 -0500
 @@ -179,20 +179,20 @@
  #
  # Directory (dir)
@@ -31521,6 +31551,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  #
  # Regular file (file)
+@@ -225,7 +225,7 @@
+ define(`create_lnk_file_perms',`{ create getattr }')
+ define(`rename_lnk_file_perms',`{ getattr rename }')
+ define(`delete_lnk_file_perms',`{ getattr unlink }')
+-define(`manage_lnk_file_perms',`{ create read getattr setattr unlink rename }')
++define(`manage_lnk_file_perms',`{ create read getattr setattr link unlink rename }')
+ define(`relabelfrom_lnk_file_perms',`{ getattr relabelfrom }')
+ define(`relabelto_lnk_file_perms',`{ getattr relabelto }')
+ define(`relabel_lnk_file_perms',`{ getattr relabelfrom relabelto }')
 @@ -312,3 +312,13 @@
  #
  define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }')
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 929f7e9..ef21ad6 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.6
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Feb 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.6-2
+- Fix squidGuard labeling
+
 * Wed Feb 11 2009 Dan Walsh <dwalsh@redhat.com> 3.6.6-1
 - Re-add corenet_in_generic_if(unlabeled_t)