diff --git a/policy-20070501.patch b/policy-20070501.patch
index f64cc05..f744005 100644
--- a/policy-20070501.patch
+++ b/policy-20070501.patch
@@ -186,17 +186,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te
logging_log_file(acct_data_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-2.6.4/policy/modules/admin/alsa.fc
--- nsaserefpolicy/policy/modules/admin/alsa.fc 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc 2007-10-09 16:20:44.000000000 -0400
-@@ -1,4 +1,9 @@
++++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc 2007-10-18 15:53:35.000000000 -0400
+@@ -1,4 +1,11 @@
- /etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
+/etc/alsa/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0)
+ /etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
+/etc/asound(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
+/etc/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0)
/usr/bin/ainit -- gen_context(system_u:object_r:alsa_exec_t,s0)
+/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0)
+/sbin/salsa -- gen_context(system_u:object_r:alsa_exec_t,s0)
++/var/lib/alsa(/.*)? gen_context(system_u:object_r:alsa_var_lib_t,s0)
++/bin/alsaunmute -- gen_context(system_u:object_r:alsa_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.if serefpolicy-2.6.4/policy/modules/admin/alsa.if
--- nsaserefpolicy/policy/modules/admin/alsa.if 2007-05-07 14:51:04.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/admin/alsa.if 2007-10-09 16:21:00.000000000 -0400
@@ -242,7 +244,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.if
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-2.6.4/policy/modules/admin/alsa.te
--- nsaserefpolicy/policy/modules/admin/alsa.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-10-09 16:22:07.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-10-18 15:53:28.000000000 -0400
@@ -1,5 +1,5 @@
-policy_module(alsa,1.1.0)
@@ -250,7 +252,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te
########################################
#
-@@ -8,32 +8,44 @@
+@@ -8,32 +8,47 @@
type alsa_t;
type alsa_exec_t;
@@ -289,6 +291,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te
+manage_dirs_pattern(alsa_t,alsa_var_lib_t,alsa_var_lib_t)
+manage_files_pattern(alsa_t,alsa_var_lib_t,alsa_var_lib_t)
+
++corecmd_exec_bin(alsa_t)
++can_exec(alsa_t, alsa_exec_t)
++
+files_search_home(alsa_t)
files_read_etc_files(alsa_t)
@@ -300,7 +305,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te
libs_use_ld_so(alsa_t)
libs_use_shared_libs(alsa_t)
-@@ -44,7 +56,17 @@
+@@ -44,7 +59,17 @@
userdom_manage_unpriv_user_semaphores(alsa_t)
userdom_manage_unpriv_user_shared_mem(alsa_t)
@@ -1398,6 +1403,47 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool
hal_rw_pid_files(vbetool_t)
+ hal_write_log(vbetool_t)
')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.fc serefpolicy-2.6.4/policy/modules/admin/vpn.fc
+--- nsaserefpolicy/policy/modules/admin/vpn.fc 2007-05-07 14:51:05.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/vpn.fc 2007-10-17 10:38:07.000000000 -0400
+@@ -7,3 +7,5 @@
+ # sbin
+ #
+ /sbin/vpnc -- gen_context(system_u:object_r:vpnc_exec_t,s0)
++
++/var/run/vpnc(/.*)? gen_context(system_u:object_r:vpnc_var_run_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-2.6.4/policy/modules/admin/vpn.te
+--- nsaserefpolicy/policy/modules/admin/vpn.te 2007-05-07 14:51:04.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/vpn.te 2007-10-17 10:37:50.000000000 -0400
+@@ -24,7 +24,7 @@
+ # Local policy
+ #
+
+-allow vpnc_t self:capability { net_admin ipc_lock net_raw };
++allow vpnc_t self:capability { dac_override net_admin ipc_lock net_raw };
+ allow vpnc_t self:process getsched;
+ allow vpnc_t self:fifo_file { getattr ioctl read write };
+ allow vpnc_t self:netlink_route_socket rw_netlink_socket_perms;
+@@ -40,8 +40,9 @@
+ manage_files_pattern(vpnc_t,vpnc_tmp_t,vpnc_tmp_t)
+ files_tmp_filetrans(vpnc_t, vpnc_tmp_t, { file dir })
+
++manage_dirs_pattern(vpnc_t,vpnc_var_run_t,vpnc_var_run_t)
+ manage_files_pattern(vpnc_t,vpnc_var_run_t,vpnc_var_run_t)
+-files_pid_filetrans(vpnc_t,vpnc_var_run_t,file)
++files_pid_filetrans(vpnc_t,vpnc_var_run_t,{ file dir})
+
+ kernel_read_system_state(vpnc_t)
+ kernel_read_network_state(vpnc_t)
+@@ -97,7 +98,7 @@
+ seutil_dontaudit_search_config(vpnc_t)
+ seutil_use_newrole_fds(vpnc_t)
+
+-sysnet_exec_ifconfig(vpnc_t)
++sysnet_domtrans_ifconfig(vpnc_t)
+ sysnet_etc_filetrans_config(vpnc_t)
+ sysnet_manage_config(vpnc_t)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.fc serefpolicy-2.6.4/policy/modules/apps/games.fc
--- nsaserefpolicy/policy/modules/apps/games.fc 2007-05-07 14:51:02.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/apps/games.fc 2007-08-07 09:42:35.000000000 -0400
@@ -1541,6 +1587,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
+ domain_trans($1,java_exec_t,$2)
+ type_transition $1 java_exec_t:process $2;
+')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-2.6.4/policy/modules/apps/java.te
+--- nsaserefpolicy/policy/modules/apps/java.te 2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/java.te 2007-10-11 09:16:04.000000000 -0400
+@@ -31,4 +31,5 @@
+
+ unconfined_domain_noaudit(java_t)
+ unconfined_dbus_chat(java_t)
++ hal_dbus_chat(java_t)
+ ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.if serefpolicy-2.6.4/policy/modules/apps/loadkeys.if
--- nsaserefpolicy/policy/modules/apps/loadkeys.if 2007-05-07 14:51:02.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/apps/loadkeys.if 2007-08-07 09:42:35.000000000 -0400
@@ -1699,6 +1754,57 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
auth_manage_pam_pid($1_userhelper_t)
auth_manage_var_auth($1_userhelper_t)
auth_search_pam_console_data($1_userhelper_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-2.6.4/policy/modules/apps/vmware.fc
+--- nsaserefpolicy/policy/modules/apps/vmware.fc 2007-05-07 14:51:02.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/vmware.fc 2007-10-17 14:14:20.000000000 -0400
+@@ -1,11 +1,9 @@
+ #
+ # HOME_DIR/
+ #
+-ifdef(`strict_policy',`
+ HOME_DIR/\.vmware(/.*)? gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
+-HOME_DIR/vmware(/.*)? gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
+ HOME_DIR/\.vmware[^/]*/.*\.cfg -- gen_context(system_u:object_r:ROLE_vmware_conf_t,s0)
+-')
++HOME_DIR/vmware(/.*)? gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
+
+ #
+ # /etc
+@@ -15,7 +13,7 @@
+ #
+ # /usr
+ #
+-/usr/bin/vmnet-bridg -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
++/usr/bin/vmnet-bridge -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmnet-dhcpd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmnet-natd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmnet-netifup -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+@@ -23,18 +21,25 @@
+ /usr/bin/vmware-nmbd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-ping -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-smbd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
++/usr/sbin/vmware-guest.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-smbpasswd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-smbpasswd\.bin -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
++/usr/bin/vmware-vmx -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-wizard -- gen_context(system_u:object_r:vmware_exec_t,s0)
+ /usr/bin/vmware -- gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/sbin/vmware-serverd -- gen_context(system_u:object_r:vmware_exec_t,s0)
+
+ /usr/lib/vmware/config -- gen_context(system_u:object_r:vmware_sys_conf_t,s0)
+ /usr/lib/vmware/bin/vmware-mks -- gen_context(system_u:object_r:vmware_exec_t,s0)
+ /usr/lib/vmware/bin/vmware-ui -- gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib/vmware/bin/vmplayer -- gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib/vmware/bin/vmware-vmx -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+
+ /usr/lib64/vmware/config -- gen_context(system_u:object_r:vmware_sys_conf_t,s0)
+ /usr/lib64/vmware/bin/vmware-mks -- gen_context(system_u:object_r:vmware_exec_t,s0)
+ /usr/lib64/vmware/bin/vmware-ui -- gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib64/vmware/bin/vmplayer -- gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib64/vmware/bin/vmware-vmx -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+
+ ifdef(`distro_gentoo',`
+ /opt/vmware/workstation/bin/vmnet-bridge -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-05-07 14:51:04.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc 2007-09-04 15:55:30.000000000 -0400
@@ -2323,7 +2429,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
/usr/src/kernels/.+/lib(/.*)? gen_context(system_u:object_r:usr_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.6.4/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/files.if 2007-10-05 10:05:49.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/files.if 2007-10-18 16:07:57.000000000 -0400
@@ -343,8 +343,7 @@
########################################
@@ -3339,8 +3445,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-2.6.4/policy/modules/services/amavis.te
--- nsaserefpolicy/policy/modules/services/amavis.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/amavis.te 2007-08-07 09:42:35.000000000 -0400
-@@ -170,6 +170,7 @@
++++ serefpolicy-2.6.4/policy/modules/services/amavis.te 2007-10-17 10:28:20.000000000 -0400
+@@ -65,6 +65,7 @@
+ # Spool Files
+ manage_dirs_pattern(amavis_t,amavis_spool_t,amavis_spool_t)
+ manage_files_pattern(amavis_t,amavis_spool_t,amavis_spool_t)
++manage_lnk_files_pattern(amavis_t,amavis_spool_t,amavis_spool_t)
+ manage_sock_files_pattern(amavis_t,amavis_spool_t,amavis_spool_t)
+ filetrans_pattern(amavis_t,amavis_spool_t,amavis_var_run_t,sock_file)
+ files_search_spool(amavis_t)
+@@ -170,6 +171,7 @@
optional_policy(`
pyzor_domtrans(amavis_t)
@@ -4051,8 +4165,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
+/var/www/apcupsd/upsstats.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.if serefpolicy-2.6.4/policy/modules/services/apcupsd.if
--- nsaserefpolicy/policy/modules/services/apcupsd.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/apcupsd.if 2007-08-07 09:42:35.000000000 -0400
-@@ -79,3 +79,25 @@
++++ serefpolicy-2.6.4/policy/modules/services/apcupsd.if 2007-10-18 09:24:50.000000000 -0400
+@@ -79,3 +79,43 @@
allow $1 apcupsd_log_t:dir list_dir_perms;
allow $1 apcupsd_log_t:file { getattr append };
')
@@ -4067,7 +4181,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
+##
+##
+#
-+interface(`httpd_apcupsd_cgi_script_domtrans',`
++interface(`apcupsd_cgi_script_domtrans',`
+ gen_require(`
+ type httpd_apcupsd_cgi_script_t, httpd_apcupsd_cgi_script_exec_t;
+ ')
@@ -4078,6 +4192,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
+ allow httpd_apcupsd_cgi_script_t $1:fifo_file rw_file_perms;
+ allow httpd_apcupsd_cgi_script_t $1:process sigchld;
+')
++
++########################################
++##
++## Read apcupsd tmp files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`apcupsd_read_tmp_files',`
++ gen_require(`
++ type apcupsd_tmp_t;
++ ')
++
++ allow $1 apcupsd_tmp_t:file read_file_perms;
++')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-2.6.4/policy/modules/services/apcupsd.te
--- nsaserefpolicy/policy/modules/services/apcupsd.te 2007-05-07 14:51:01.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/services/apcupsd.te 2007-09-10 10:51:56.000000000 -0400
@@ -5510,7 +5642,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
--- nsaserefpolicy/policy/modules/services/exim.fc 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.6.4/policy/modules/services/exim.fc 2007-10-05 09:28:27.000000000 -0400
@@ -0,0 +1,16 @@
-+# $Id: policy-20070501.patch,v 1.66 2007/10/09 21:21:41 dwalsh Exp $
++# $Id: policy-20070501.patch,v 1.67 2007/10/18 21:08:24 dwalsh Exp $
+# Draft SELinux refpolicy module for the Exim MTA
+#
+# Devin Carraway
@@ -5691,7 +5823,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
--- nsaserefpolicy/policy/modules/services/exim.te 1969-12-31 19:00:00.000000000 -0500
+++ serefpolicy-2.6.4/policy/modules/services/exim.te 2007-10-05 09:28:22.000000000 -0400
@@ -0,0 +1,229 @@
-+# $Id: policy-20070501.patch,v 1.66 2007/10/09 21:21:41 dwalsh Exp $
++# $Id: policy-20070501.patch,v 1.67 2007/10/18 21:08:24 dwalsh Exp $
+# Draft SELinux refpolicy module for the Exim MTA
+#
+# Devin Carraway
@@ -6530,16 +6662,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-2.6.4/policy/modules/services/mailman.te
--- nsaserefpolicy/policy/modules/services/mailman.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/mailman.te 2007-08-13 19:39:50.000000000 -0400
-@@ -55,6 +55,7 @@
++++ serefpolicy-2.6.4/policy/modules/services/mailman.te 2007-10-12 09:27:04.000000000 -0400
+@@ -55,6 +55,8 @@
apache_use_fds(mailman_cgi_t)
apache_dontaudit_append_log(mailman_cgi_t)
apache_search_sys_script_state(mailman_cgi_t)
+ apache_read_config(mailman_cgi_t)
++ apache_dontaudit_rw_stream_sockets(mailman_cgi_t)
optional_policy(`
nscd_socket_use(mailman_cgi_t)
-@@ -96,6 +97,7 @@
+@@ -96,6 +98,7 @@
kernel_read_proc_symlinks(mailman_queue_t)
auth_domtrans_chk_passwd(mailman_queue_t)
@@ -6725,7 +6858,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
## Read sendmail binary.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.6.4/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/mta.te 2007-10-06 08:53:21.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/mta.te 2007-10-18 09:25:13.000000000 -0400
@@ -6,6 +6,7 @@
# Declarations
#
@@ -6757,8 +6890,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
init_use_script_ptys(system_mail_t)
userdom_use_sysadm_terms(system_mail_t)
-@@ -91,12 +96,14 @@
+@@ -89,14 +94,20 @@
+ ')
+
optional_policy(`
++ apcupsd_read_tmp_files(system_mail_t)
++')
++
++optional_policy(`
apache_read_squirrelmail_data(system_mail_t)
apache_append_squirrelmail_data(system_mail_t)
+ apache_search_bugzilla_dirs(system_mail_t)
@@ -6772,7 +6911,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
')
optional_policy(`
-@@ -109,6 +116,7 @@
+@@ -109,6 +120,7 @@
optional_policy(`
cron_read_system_job_tmp_files(system_mail_t)
@@ -6961,7 +7100,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.6.4/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/networkmanager.te 2007-10-01 16:09:26.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/networkmanager.te 2007-10-17 14:24:35.000000000 -0400
@@ -20,7 +20,7 @@
# networkmanager will ptrace itself if gdb is installed
@@ -6990,7 +7129,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
')
optional_policy(`
-@@ -161,6 +166,11 @@
+@@ -161,9 +166,15 @@
')
optional_policy(`
@@ -7002,7 +7141,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
ppp_domtrans(NetworkManager_t)
ppp_read_pid_files(NetworkManager_t)
ppp_signal(NetworkManager_t)
-@@ -178,3 +188,4 @@
++ ppp_read_read_config(NetworkManager_t)
+ ')
+
+ optional_policy(`
+@@ -178,3 +189,4 @@
vpn_domtrans(NetworkManager_t)
vpn_signal(NetworkManager_t)
')
@@ -7841,7 +7984,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.6.4/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/postfix.te 2007-09-04 16:10:20.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/postfix.te 2007-10-12 09:13:26.000000000 -0400
@@ -6,6 +6,14 @@
# Declarations
#
@@ -7881,26 +8024,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
########################################
#
# Postfix master process local policy
-@@ -169,12 +187,18 @@
+@@ -94,6 +112,7 @@
+ allow postfix_master_t self:fifo_file rw_fifo_file_perms;
+ allow postfix_master_t self:tcp_socket create_stream_socket_perms;
+ allow postfix_master_t self:udp_socket create_socket_perms;
++allow postfix_master_t self:process setrlimit;
+
+ allow postfix_master_t postfix_etc_t:file rw_file_perms;
+
+@@ -168,6 +187,9 @@
+
mta_rw_aliases(postfix_master_t)
mta_read_sendmail_bin(postfix_master_t)
-
-+term_dontaudit_search_ptys(postfix_master_t)
++mta_getattr_spool(postfix_master_t)
+
++term_dontaudit_search_ptys(postfix_master_t)
+
ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_ttys(postfix_master_t)
- term_dontaudit_use_generic_ptys(postfix_master_t)
- ')
-
- optional_policy(`
-+ auth_use_nsswitch(postfix_master_t)
-+')
-+
-+optional_policy(`
- cyrus_stream_connect(postfix_master_t)
- ')
-
-@@ -184,9 +208,17 @@
+@@ -184,9 +206,17 @@
')
optional_policy(`
@@ -7918,7 +8060,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
###########################################################
#
# Partially converted rules. THESE ARE ONLY TEMPORARY
-@@ -268,6 +300,8 @@
+@@ -268,6 +298,8 @@
files_read_etc_files(postfix_local_t)
@@ -7927,7 +8069,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
mta_read_aliases(postfix_local_t)
mta_delete_spool(postfix_local_t)
# For reading spamassasin
-@@ -386,7 +420,7 @@
+@@ -280,6 +312,7 @@
+ optional_policy(`
+ # for postalias
+ mailman_manage_data_files(postfix_local_t)
++ mailman_append_log(postfix_local_t)
+ ')
+
+ optional_policy(`
+@@ -386,7 +419,7 @@
# Postfix pipe local policy
#
@@ -7936,7 +8086,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
write_sock_files_pattern(postfix_pipe_t,postfix_private_t,postfix_private_t)
-@@ -395,6 +429,10 @@
+@@ -395,6 +428,10 @@
rw_files_pattern(postfix_pipe_t,postfix_spool_t,postfix_spool_t)
optional_policy(`
@@ -7947,7 +8097,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
procmail_domtrans(postfix_pipe_t)
')
-@@ -441,6 +479,10 @@
+@@ -403,6 +440,10 @@
+ ')
+
+ optional_policy(`
++ mta_manage_spool(postfix_pipe_t)
++')
++
++optional_policy(`
+ uucp_domtrans_uux(postfix_pipe_t)
+ ')
+
+@@ -441,6 +482,10 @@
')
optional_policy(`
@@ -7958,7 +8119,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
ppp_use_fds(postfix_postqueue_t)
ppp_sigchld(postfix_postqueue_t)
')
-@@ -519,8 +561,6 @@
+@@ -519,8 +564,6 @@
# Postfix smtp delivery local policy
#
@@ -7967,7 +8128,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
# connect to master process
stream_connect_pattern(postfix_smtp_t,{ postfix_private_t postfix_public_t },{ postfix_private_t postfix_public_t },postfix_master_t)
-@@ -528,6 +568,8 @@
+@@ -528,6 +571,8 @@
allow postfix_smtp_t postfix_spool_t:file rw_file_perms;
@@ -7976,7 +8137,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
optional_policy(`
cyrus_stream_connect(postfix_smtp_t)
')
-@@ -536,6 +578,7 @@
+@@ -536,6 +581,7 @@
#
# Postfix smtpd local policy
#
@@ -7984,7 +8145,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
allow postfix_smtpd_t postfix_master_t:tcp_socket rw_stream_socket_perms;
# connect to master process
-@@ -552,9 +595,45 @@
+@@ -552,9 +598,45 @@
mta_read_aliases(postfix_smtpd_t)
optional_policy(`
@@ -8030,6 +8191,35 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+# For reading spamassasin
+mta_read_config(postfix_virtual_t)
+mta_manage_spool(postfix_virtual_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-2.6.4/policy/modules/services/ppp.if
+--- nsaserefpolicy/policy/modules/services/ppp.if 2007-05-07 14:51:01.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/ppp.if 2007-10-17 14:23:28.000000000 -0400
+@@ -159,6 +159,25 @@
+
+ ########################################
+ ##
++## Read ppp configuration files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`ppp_read_read_config',`
++ gen_require(`
++ type pppd_etc_t;
++ ')
++
++ read_files_pattern($1, pppd_etc_t, pppd_etc_t)
++ files_search_etc($1)
++')
++
++########################################
++##
+ ## Read PPP-writable configuration files.
+ ##
+ ##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-2.6.4/policy/modules/services/ppp.te
--- nsaserefpolicy/policy/modules/services/ppp.te 2007-05-07 14:50:57.000000000 -0400
+++ serefpolicy-2.6.4/policy/modules/services/ppp.te 2007-08-07 09:42:35.000000000 -0400
@@ -9053,7 +9243,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.6.4/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-10-09 10:45:19.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-10-18 10:21:16.000000000 -0400
@@ -16,6 +16,14 @@
##
@@ -9207,7 +9397,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
userdom_dontaudit_search_sysadm_home_dirs(smbd_t)
userdom_dontaudit_use_unpriv_user_fds(smbd_t)
userdom_use_unpriv_users_fds(smbd_t)
-@@ -312,6 +344,12 @@
+@@ -312,10 +344,27 @@
miscfiles_manage_public_files(smbd_t)
')
@@ -9220,22 +9410,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
# Support Samba sharing of NFS mount points
tunable_policy(`samba_share_nfs',`
fs_manage_nfs_dirs(smbd_t)
-@@ -319,6 +357,14 @@
- ')
-
- optional_policy(`
-+ kerberos_read_keytab(smbd_t)
+ fs_manage_nfs_files(smbd_t)
++ fs_manage_nfs_symlinks(smbd_t)
++ fs_manage_nfs_named_pipes(smbd_t)
++ fs_manage_nfs_named_sockets(smbd_t)
+')
+
+optional_policy(`
-+ lpd_exec_lpr(smbd_t)
++ kerberos_read_keytab(smbd_t)
+')
+
+optional_policy(`
- cups_read_rw_config(smbd_t)
- cups_stream_connect(smbd_t)
++ lpd_exec_lpr(smbd_t)
')
-@@ -339,6 +385,23 @@
+
+ optional_policy(`
+@@ -339,6 +388,23 @@
udev_read_db(smbd_t)
')
@@ -9259,7 +9449,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
########################################
#
# nmbd Local policy
-@@ -352,7 +415,7 @@
+@@ -352,7 +418,7 @@
allow nmbd_t self:msgq create_msgq_perms;
allow nmbd_t self:sem create_sem_perms;
allow nmbd_t self:shm create_shm_perms;
@@ -9268,7 +9458,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
allow nmbd_t self:tcp_socket create_stream_socket_perms;
allow nmbd_t self:udp_socket create_socket_perms;
allow nmbd_t self:unix_dgram_socket { create_socket_perms sendto };
-@@ -362,9 +425,11 @@
+@@ -362,9 +428,11 @@
files_pid_filetrans(nmbd_t,nmbd_var_run_t,file)
read_files_pattern(nmbd_t,samba_etc_t,samba_etc_t)
@@ -9282,7 +9472,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
read_files_pattern(nmbd_t,samba_log_t,samba_log_t)
create_files_pattern(nmbd_t,samba_log_t,samba_log_t)
allow nmbd_t samba_log_t:dir setattr;
-@@ -373,6 +438,8 @@
+@@ -373,6 +441,8 @@
allow nmbd_t smbd_var_run_t:dir rw_dir_perms;
@@ -9291,7 +9481,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
kernel_getattr_core_if(nmbd_t)
kernel_getattr_message_if(nmbd_t)
kernel_read_kernel_sysctls(nmbd_t)
-@@ -391,6 +458,7 @@
+@@ -391,6 +461,7 @@
corenet_udp_bind_nmbd_port(nmbd_t)
corenet_sendrecv_nmbd_server_packets(nmbd_t)
corenet_sendrecv_nmbd_client_packets(nmbd_t)
@@ -9299,7 +9489,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
dev_read_sysfs(nmbd_t)
dev_getattr_mtrr_dev(nmbd_t)
-@@ -402,6 +470,7 @@
+@@ -402,6 +473,7 @@
files_read_usr_files(nmbd_t)
files_read_etc_files(nmbd_t)
@@ -9307,7 +9497,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
libs_use_ld_so(nmbd_t)
libs_use_shared_libs(nmbd_t)
-@@ -411,8 +480,6 @@
+@@ -411,8 +483,6 @@
miscfiles_read_localization(nmbd_t)
@@ -9316,7 +9506,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
userdom_dontaudit_search_sysadm_home_dirs(nmbd_t)
userdom_dontaudit_use_unpriv_user_fds(nmbd_t)
userdom_use_unpriv_users_fds(nmbd_t)
-@@ -457,6 +524,7 @@
+@@ -457,6 +527,7 @@
allow smbmount_t samba_secrets_t:file manage_file_perms;
@@ -9324,7 +9514,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
allow smbmount_t samba_var_t:dir rw_dir_perms;
manage_files_pattern(smbmount_t,samba_var_t,samba_var_t)
manage_lnk_files_pattern(smbmount_t,samba_var_t,samba_var_t)
-@@ -489,6 +557,8 @@
+@@ -489,6 +560,8 @@
term_list_ptys(smbmount_t)
term_use_controlling_term(smbmount_t)
@@ -9333,7 +9523,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
corecmd_list_bin(smbmount_t)
files_list_mnt(smbmount_t)
-@@ -508,21 +578,11 @@
+@@ -508,21 +581,11 @@
logging_search_logs(smbmount_t)
@@ -9356,7 +9546,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
')
########################################
-@@ -530,22 +590,36 @@
+@@ -530,22 +593,36 @@
# SWAT Local policy
#
@@ -9400,7 +9590,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
allow swat_t smbd_t:process signull;
-@@ -558,7 +632,11 @@
+@@ -558,7 +635,11 @@
manage_files_pattern(swat_t,swat_var_run_t,swat_var_run_t)
files_pid_filetrans(swat_t,swat_var_run_t,file)
@@ -9413,7 +9603,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
kernel_read_kernel_sysctls(swat_t)
kernel_read_system_state(swat_t)
-@@ -582,23 +660,24 @@
+@@ -582,23 +663,24 @@
dev_read_urand(swat_t)
@@ -9440,7 +9630,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
optional_policy(`
cups_read_rw_config(swat_t)
cups_stream_connect(swat_t)
-@@ -612,32 +691,30 @@
+@@ -612,32 +694,30 @@
kerberos_use(swat_t)
')
@@ -9480,7 +9670,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
manage_files_pattern(winbind_t,samba_etc_t,samba_secrets_t)
filetrans_pattern(winbind_t,samba_etc_t,samba_secrets_t,file)
-@@ -645,6 +722,8 @@
+@@ -645,6 +725,8 @@
manage_files_pattern(winbind_t,samba_log_t,samba_log_t)
manage_lnk_files_pattern(winbind_t,samba_log_t,samba_log_t)
@@ -9489,7 +9679,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
manage_files_pattern(winbind_t,samba_var_t,samba_var_t)
manage_lnk_files_pattern(winbind_t,samba_var_t,samba_var_t)
-@@ -682,7 +761,9 @@
+@@ -682,7 +764,9 @@
fs_getattr_all_fs(winbind_t)
fs_search_auto_mountpoints(winbind_t)
@@ -9499,7 +9689,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
domain_use_interactive_fds(winbind_t)
-@@ -695,9 +776,6 @@
+@@ -695,9 +779,6 @@
miscfiles_read_localization(winbind_t)
@@ -9509,7 +9699,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
userdom_dontaudit_use_unpriv_user_fds(winbind_t)
userdom_dontaudit_search_sysadm_home_dirs(winbind_t)
userdom_priveleged_home_dir_manager(winbind_t)
-@@ -713,10 +791,6 @@
+@@ -713,10 +794,6 @@
')
optional_policy(`
@@ -9520,7 +9710,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
seutil_sigchld_newrole(winbind_t)
')
-@@ -736,8 +810,11 @@
+@@ -736,8 +813,11 @@
read_files_pattern(winbind_helper_t,samba_etc_t,samba_etc_t)
read_lnk_files_pattern(winbind_helper_t,samba_etc_t,samba_etc_t)
@@ -9532,7 +9722,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
stream_connect_pattern(winbind_helper_t,winbind_var_run_t,winbind_var_run_t,winbind_t)
term_list_ptys(winbind_helper_t)
-@@ -757,10 +834,68 @@
+@@ -757,10 +837,68 @@
')
optional_policy(`
@@ -9937,7 +10127,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
+/usr/lib64/squid/cachemgr\.cgi -- gen_context(system_u:object_r:httpd_squid_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-2.6.4/policy/modules/services/squid.if
--- nsaserefpolicy/policy/modules/services/squid.if 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/squid.if 2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/squid.if 2007-10-18 17:04:05.000000000 -0400
@@ -131,3 +131,22 @@
interface(`squid_use',`
refpolicywarn(`$0($*) has been deprecated.')
@@ -9959,7 +10149,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
+ type squid_t;
+ ')
+
-+ allow $1 squid_t:unix_stream_socket { read write };
++ allow $1 squid_t:unix_stream_socket { getattr read write };
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-2.6.4/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2007-05-07 14:50:57.000000000 -0400
@@ -10301,8 +10491,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.6.4/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/xserver.te 2007-08-07 09:42:35.000000000 -0400
-@@ -448,6 +448,10 @@
++++ serefpolicy-2.6.4/policy/modules/services/xserver.te 2007-10-18 16:08:28.000000000 -0400
+@@ -228,6 +228,7 @@
+ files_read_usr_files(xdm_t)
+ # Poweroff wants to create the /poweroff file when run from xdm
+ files_create_boot_flag(xdm_t)
++files_dontaudit_getattr_boot_dirs(xdm_t)
+
+ fs_getattr_all_fs(xdm_t)
+ fs_search_auto_mountpoints(xdm_t)
+@@ -448,6 +449,10 @@
rhgb_rw_tmpfs_files(xdm_xserver_t)
')
@@ -10457,7 +10655,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.6.4/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/authlogin.if 2007-10-09 10:29:42.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/authlogin.if 2007-10-18 17:07:12.000000000 -0400
@@ -27,11 +27,9 @@
domain_type($1_chkpwd_t)
domain_entry_file($1_chkpwd_t,chkpwd_exec_t)
@@ -10643,7 +10841,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
## Get the attributes of the shadow passwords file.
##
##
-@@ -1357,6 +1404,8 @@
+@@ -1337,6 +1384,8 @@
+ allow $1 var_auth_t:dir list_dir_perms;
+ allow $1 var_auth_t:file manage_file_perms;
+ files_list_var_lib($1)
++ # read /etc/nsswitch.conf
++ files_read_etc_files($1)
+
+ miscfiles_read_certs($1)
+
+@@ -1357,6 +1406,8 @@
optional_policy(`
samba_stream_connect_winbind($1)
@@ -10652,7 +10859,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
')
')
-@@ -1391,3 +1440,114 @@
+@@ -1391,3 +1442,114 @@
typeattribute $1 can_write_shadow_passwords;
typeattribute $1 can_relabelto_shadow_passwords;
')
@@ -12182,7 +12389,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc
/etc/lvm/lock(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.6.4/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/lvm.te 2007-08-07 09:42:35.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/lvm.te 2007-10-15 13:53:50.000000000 -0400
@@ -16,6 +16,7 @@
type lvm_t;
type lvm_exec_t;
@@ -12191,7 +12398,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
# needs privowner because it assigns the identity system_u to device nodes
# but runs as the identity of the sysadmin
domain_obj_id_change_exemption(lvm_t)
-@@ -155,7 +156,9 @@
+@@ -122,8 +123,6 @@
+ lvm_read_config(clvmd_t)
+
+ ifdef(`targeted_policy', `
+- term_dontaudit_use_unallocated_ttys(clvmd_t)
+- term_dontaudit_use_generic_ptys(clvmd_t)
+ files_dontaudit_read_root_files(clvmd_t)
+ ')
+
+@@ -155,7 +154,9 @@
# DAC overrides and mknod for modifying /dev entries (vgmknodes)
# rawio needed for dmraid
@@ -12202,7 +12418,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
dontaudit lvm_t self:capability sys_tty_config;
allow lvm_t self:process { sigchld sigkill sigstop signull signal };
# LVM will complain a lot if it cannot set its priority.
-@@ -165,6 +168,7 @@
+@@ -165,6 +166,7 @@
allow lvm_t self:unix_dgram_socket create_socket_perms;
allow lvm_t self:netlink_kobject_uevent_socket create_socket_perms;
@@ -12210,7 +12426,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
allow lvm_t clvmd_t:unix_stream_socket connectto;
manage_dirs_pattern(lvm_t,lvm_tmp_t,lvm_tmp_t)
-@@ -189,7 +193,8 @@
+@@ -189,7 +191,8 @@
manage_dirs_pattern(lvm_t,lvm_var_run_t,lvm_var_run_t)
manage_files_pattern(lvm_t,lvm_var_run_t,lvm_var_run_t)
manage_sock_files_pattern(lvm_t,lvm_var_run_t,lvm_var_run_t)
@@ -12220,7 +12436,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
read_files_pattern(lvm_t,lvm_etc_t,lvm_etc_t)
read_lnk_files_pattern(lvm_t,lvm_etc_t,lvm_etc_t)
-@@ -233,6 +238,8 @@
+@@ -233,6 +236,8 @@
dev_dontaudit_getattr_generic_blk_files(lvm_t)
dev_dontaudit_getattr_generic_pipes(lvm_t)
dev_create_generic_dirs(lvm_t)
@@ -12229,7 +12445,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
fs_getattr_xattr_fs(lvm_t)
fs_search_auto_mountpoints(lvm_t)
-@@ -251,6 +258,7 @@
+@@ -251,6 +256,7 @@
storage_dev_filetrans_fixed_disk(lvm_t)
# Access raw devices and old /dev/lvm (c 109,0). Is this needed?
storage_manage_fixed_disk(lvm_t)
@@ -12237,7 +12453,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
term_getattr_all_user_ttys(lvm_t)
term_list_ptys(lvm_t)
-@@ -305,5 +313,14 @@
+@@ -305,5 +311,14 @@
')
optional_policy(`
@@ -12906,7 +13122,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
allow ifconfig_t self:udp_socket create_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.6.4/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/udev.te 2007-08-31 06:15:18.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/udev.te 2007-10-15 13:46:47.000000000 -0400
@@ -18,11 +18,6 @@
type udev_etc_t alias etc_udev_t;
files_config_file(udev_etc_t)
@@ -12979,10 +13195,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
userdom_use_sysadm_ttys(udev_t)
userdom_dontaudit_search_all_users_home_content(udev_t)
-@@ -176,6 +187,10 @@
+@@ -176,6 +187,16 @@
')
optional_policy(`
++ alsa_domtrans(udev_t)
++ alsa_search_lib(udev_t)
++ alsa_read_lib(udev_t)
++')
++
++optional_policy(`
+ brctl_domtrans(udev_t)
+')
+
@@ -12990,7 +13212,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
consoletype_exec(udev_t)
')
-@@ -184,6 +199,10 @@
+@@ -184,6 +205,10 @@
')
optional_policy(`
@@ -13001,7 +13223,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
hal_dgram_send(udev_t)
')
-@@ -194,5 +213,24 @@
+@@ -194,5 +219,24 @@
')
optional_policy(`