diff --git a/policy-20070501.patch b/policy-20070501.patch index bbdff07..4df120a 100644 --- a/policy-20070501.patch +++ b/policy-20070501.patch @@ -1,6 +1,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-2.6.4/man/man8/ftpd_selinux.8 ---- nsaserefpolicy/man/man8/ftpd_selinux.8 2007-04-02 10:58:34.000000000 -0400 -+++ serefpolicy-2.6.4/man/man8/ftpd_selinux.8 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/man/man8/ftpd_selinux.8 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/man/man8/ftpd_selinux.8 2007-05-21 10:46:53.000000000 -0400 @@ -12,7 +12,7 @@ .TP chcon -R -t public_content_t /var/ftp @@ -11,8 +11,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 sere chcon -t public_content_rw_t /var/ftp/incoming .TP diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.6.4/policy/flask/access_vectors ---- nsaserefpolicy/policy/flask/access_vectors 2007-02-26 09:43:33.000000000 -0500 -+++ serefpolicy-2.6.4/policy/flask/access_vectors 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/flask/access_vectors 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/flask/access_vectors 2007-05-21 10:46:53.000000000 -0400 @@ -598,6 +598,8 @@ shmempwd shmemgrp @@ -32,8 +32,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors class key diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans serefpolicy-2.6.4/policy/global_booleans ---- nsaserefpolicy/policy/global_booleans 2006-11-16 17:15:26.000000000 -0500 -+++ serefpolicy-2.6.4/policy/global_booleans 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/global_booleans 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/global_booleans 2007-05-21 10:46:53.000000000 -0400 @@ -4,7 +4,6 @@ # file should be used. # @@ -51,8 +51,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans seref ## ##

diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.6.4/policy/global_tunables ---- nsaserefpolicy/policy/global_tunables 2007-03-26 16:24:14.000000000 -0400 -+++ serefpolicy-2.6.4/policy/global_tunables 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/global_tunables 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/global_tunables 2007-05-21 10:46:53.000000000 -0400 @@ -102,12 +102,6 @@ ## gen_tunable(use_samba_home_dirs,false) @@ -80,8 +80,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables seref +gen_tunable(allow_console_login,false) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.6.4/policy/mls ---- nsaserefpolicy/policy/mls 2007-03-09 13:02:20.000000000 -0500 -+++ serefpolicy-2.6.4/policy/mls 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/mls 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/mls 2007-05-21 10:46:53.000000000 -0400 @@ -89,12 +89,14 @@ mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton } (( l1 eq l2 ) or @@ -154,8 +154,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.6.4 mlsconstrain association { polmatch } diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.6.4/policy/modules/admin/acct.te ---- nsaserefpolicy/policy/modules/admin/acct.te 2007-03-26 10:39:08.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/admin/acct.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/acct.te 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/acct.te 2007-05-21 10:46:53.000000000 -0400 @@ -9,6 +9,7 @@ type acct_t; type acct_exec_t; @@ -165,8 +165,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te type acct_data_t; logging_log_file(acct_data_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-2.6.4/policy/modules/admin/alsa.fc ---- nsaserefpolicy/policy/modules/admin/alsa.fc 2006-11-16 17:15:26.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc 2007-05-17 12:16:25.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/alsa.fc 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc 2007-05-21 10:46:53.000000000 -0400 @@ -1,4 +1,7 @@ /etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) @@ -176,8 +176,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc /usr/bin/ainit -- gen_context(system_u:object_r:alsa_exec_t,s0) +/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-2.6.4/policy/modules/admin/alsa.te ---- nsaserefpolicy/policy/modules/admin/alsa.te 2007-01-02 12:57:51.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-05-17 11:22:07.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/alsa.te 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-05-21 10:46:53.000000000 -0400 @@ -20,20 +20,23 @@ # Local policy # @@ -225,14 +225,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.fc serefpolicy-2.6.4/policy/modules/admin/amtu.fc --- nsaserefpolicy/policy/modules/admin/amtu.fc 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/admin/amtu.fc 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/amtu.fc 2007-05-21 10:46:53.000000000 -0400 @@ -0,0 +1,3 @@ + +/usr/bin/amtu -- gen_context(system_u:object_r:amtu_exec_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.if serefpolicy-2.6.4/policy/modules/admin/amtu.if --- nsaserefpolicy/policy/modules/admin/amtu.if 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/admin/amtu.if 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/amtu.if 2007-05-21 10:46:53.000000000 -0400 @@ -0,0 +1,53 @@ +##

+## abstract Machine Test Utility @@ -289,7 +289,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.if +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.te serefpolicy-2.6.4/policy/modules/admin/amtu.te --- nsaserefpolicy/policy/modules/admin/amtu.te 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/admin/amtu.te 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/amtu.te 2007-05-21 10:46:53.000000000 -0400 @@ -0,0 +1,57 @@ +policy_module(amtu,1.0.23) + @@ -349,8 +349,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.te +'); + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.6.4/policy/modules/admin/bootloader.te ---- nsaserefpolicy/policy/modules/admin/bootloader.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/admin/bootloader.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/bootloader.te 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/bootloader.te 2007-05-21 10:46:53.000000000 -0400 @@ -65,6 +65,8 @@ files_tmp_filetrans(bootloader_t,bootloader_tmp_t,{ dir file lnk_file chr_file blk_file }) # for tune2fs (cjp: ?) @@ -369,8 +369,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloa optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.6.4/policy/modules/admin/consoletype.te ---- nsaserefpolicy/policy/modules/admin/consoletype.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/admin/consoletype.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/consoletype.te 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/consoletype.te 2007-05-21 10:46:53.000000000 -0400 @@ -8,7 +8,12 @@ type consoletype_t; @@ -403,8 +403,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/console domain_use_interactive_fds(consoletype_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.6.4/policy/modules/admin/dmesg.te ---- nsaserefpolicy/policy/modules/admin/dmesg.te 2006-11-16 17:15:26.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/admin/dmesg.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/dmesg.te 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/dmesg.te 2007-05-21 10:46:53.000000000 -0400 @@ -10,6 +10,7 @@ type dmesg_t; type dmesg_exec_t; @@ -414,8 +414,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.t ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.6.4/policy/modules/admin/kudzu.te ---- nsaserefpolicy/policy/modules/admin/kudzu.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/admin/kudzu.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/kudzu.te 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/kudzu.te 2007-05-21 10:46:53.000000000 -0400 @@ -21,8 +21,8 @@ # Local policy # @@ -437,8 +437,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.t # the inittab after configuring serial consoles init_telinit(kudzu_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-2.6.4/policy/modules/admin/logrotate.te ---- nsaserefpolicy/policy/modules/admin/logrotate.te 2007-03-26 10:39:08.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/admin/logrotate.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/logrotate.te 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/logrotate.te 2007-05-21 10:46:53.000000000 -0400 @@ -75,6 +75,7 @@ mls_file_read_up(logrotate_t) mls_file_write_down(logrotate_t) @@ -448,8 +448,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota selinux_get_fs_mount(logrotate_t) selinux_get_enforce_mode(logrotate_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.6.4/policy/modules/admin/logwatch.te ---- nsaserefpolicy/policy/modules/admin/logwatch.te 2007-05-02 15:04:46.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/admin/logwatch.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/logwatch.te 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/logwatch.te 2007-05-21 10:46:53.000000000 -0400 @@ -63,6 +63,8 @@ files_search_mnt(logwatch_t) files_dontaudit_search_home(logwatch_t) @@ -460,8 +460,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc fs_getattr_all_fs(logwatch_t) fs_dontaudit_list_auto_mountpoints(logwatch_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.6.4/policy/modules/admin/netutils.te ---- nsaserefpolicy/policy/modules/admin/netutils.te 2007-04-30 10:41:38.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/admin/netutils.te 2007-05-16 13:16:15.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/netutils.te 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/netutils.te 2007-05-21 10:46:53.000000000 -0400 @@ -31,6 +31,7 @@ type traceroute_t; type traceroute_exec_t; @@ -470,9 +470,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil role system_r types traceroute_t; ######################################## +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.6.4/policy/modules/admin/prelink.te +--- nsaserefpolicy/policy/modules/admin/prelink.te 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/prelink.te 2007-05-21 11:37:13.000000000 -0400 +@@ -26,7 +26,7 @@ + # Local policy + # + +-allow prelink_t self:capability { chown dac_override fowner fsetid }; ++allow prelink_t self:capability { chown dac_override fowner fsetid sys_resource }; + allow prelink_t self:process { execheap execmem execstack signal }; + allow prelink_t self:fifo_file rw_fifo_file_perms; + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.6.4/policy/modules/admin/readahead.te ---- nsaserefpolicy/policy/modules/admin/readahead.te 2007-01-02 12:57:51.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/admin/readahead.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/readahead.te 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/readahead.te 2007-05-21 10:46:53.000000000 -0400 @@ -18,7 +18,8 @@ # Local policy # @@ -501,8 +513,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe + logging_dontaudit_search_audit_config(readahead_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.6.4/policy/modules/admin/rpm.fc ---- nsaserefpolicy/policy/modules/admin/rpm.fc 2006-11-16 17:15:26.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/admin/rpm.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/rpm.fc 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/rpm.fc 2007-05-21 10:46:53.000000000 -0400 @@ -21,6 +21,9 @@ /usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0) /usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0) @@ -514,8 +526,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc /var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.6.4/policy/modules/admin/rpm.if ---- nsaserefpolicy/policy/modules/admin/rpm.if 2007-04-11 10:19:43.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/admin/rpm.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/rpm.if 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/rpm.if 2007-05-21 10:46:53.000000000 -0400 @@ -225,8 +225,29 @@ type rpm_script_tmp_t; ') @@ -595,8 +607,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if + dontaudit $1 rpm_tmp_t:file rw_file_perms; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.6.4/policy/modules/admin/rpm.te ---- nsaserefpolicy/policy/modules/admin/rpm.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/admin/rpm.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/rpm.te 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/rpm.te 2007-05-21 10:46:53.000000000 -0400 @@ -9,6 +9,8 @@ type rpm_t; type rpm_exec_t; @@ -607,8 +619,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te domain_role_change_exemption(rpm_t) domain_system_change_exemption(rpm_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-2.6.4/policy/modules/admin/sudo.if ---- nsaserefpolicy/policy/modules/admin/sudo.if 2007-03-26 10:39:08.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/admin/sudo.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/sudo.if 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/sudo.if 2007-05-21 10:46:53.000000000 -0400 @@ -69,7 +69,6 @@ allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms; allow $1_sudo_t self:unix_dgram_socket sendto; @@ -656,8 +668,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.6.4/policy/modules/admin/su.if ---- nsaserefpolicy/policy/modules/admin/su.if 2007-04-30 10:41:38.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/admin/su.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/su.if 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/su.if 2007-05-21 10:46:53.000000000 -0400 @@ -41,12 +41,11 @@ allow $2 $1_su_t:process signal; @@ -731,8 +743,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s allow $1_su_t $1_home_t:file manage_file_perms; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-2.6.4/policy/modules/admin/usermanage.if ---- nsaserefpolicy/policy/modules/admin/usermanage.if 2007-03-26 10:39:08.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/admin/usermanage.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/usermanage.if 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/usermanage.if 2007-05-21 10:46:53.000000000 -0400 @@ -278,5 +278,5 @@ type crack_db_t; ') @@ -741,8 +753,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman + read_files_pattern($1,crack_db_t,crack_db_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.6.4/policy/modules/admin/usermanage.te ---- nsaserefpolicy/policy/modules/admin/usermanage.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/admin/usermanage.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/usermanage.te 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/usermanage.te 2007-05-21 10:46:53.000000000 -0400 @@ -184,7 +184,7 @@ # Groupadd local policy # @@ -903,8 +915,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman + rpm_dontaudit_rw_tmp_files(useradd_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-2.6.4/policy/modules/admin/vbetool.te ---- nsaserefpolicy/policy/modules/admin/vbetool.te 2006-11-16 17:15:26.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/admin/vbetool.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/admin/vbetool.te 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/admin/vbetool.te 2007-05-21 10:46:53.000000000 -0400 @@ -32,4 +32,5 @@ optional_policy(` @@ -912,8 +924,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool + hal_write_log(vbetool_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-2.6.4/policy/modules/apps/gnome.if ---- nsaserefpolicy/policy/modules/apps/gnome.if 2007-02-19 11:32:52.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/apps/gnome.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/apps/gnome.if 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/apps/gnome.if 2007-05-21 10:46:53.000000000 -0400 @@ -35,6 +35,7 @@ template(`gnome_per_role_template',` gen_require(` @@ -968,8 +980,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if ##

## This is a templated interface, and should only diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-2.6.4/policy/modules/apps/gpg.fc ---- nsaserefpolicy/policy/modules/apps/gpg.fc 2006-11-16 17:15:07.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/apps/gpg.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/apps/gpg.fc 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/apps/gpg.fc 2007-05-21 10:46:53.000000000 -0400 @@ -7,6 +7,4 @@ /usr/lib/gnupg/.* -- gen_context(system_u:object_r:gpg_exec_t,s0) /usr/lib/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0) @@ -977,9 +989,48 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s -ifdef(`targeted_policy',`',` HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:ROLE_gpg_secret_t,s0) -') +diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-2.6.4/policy/modules/apps/java.if +--- nsaserefpolicy/policy/modules/apps/java.if 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/apps/java.if 2007-05-21 10:47:26.000000000 -0400 +@@ -224,3 +224,35 @@ + refpolicywarn(`$0($1) has no effect in strict policy.') + ') + ') ++ ++######################################## ++##

++## Execute a java in the specified domain ++## ++## ++##

++## Execute the java command in the specified domain. This allows ++## the specified domain to execute any file ++## on these filesystems in the specified ++## domain. ++##

++## ++## ++## ++## Domain allowed access. ++## ++## ++## ++## ++## The type of the new process. ++## ++## ++# ++interface(`java_spec_domtrans',` ++ gen_require(` ++ type java_exec_t; ++ ') ++ ++ domain_trans($1,java_exec_t,$2) ++ type_transition $1 java_exec_t:process $2; ++') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.if serefpolicy-2.6.4/policy/modules/apps/loadkeys.if ---- nsaserefpolicy/policy/modules/apps/loadkeys.if 2007-01-02 12:57:22.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/apps/loadkeys.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/apps/loadkeys.if 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/apps/loadkeys.if 2007-05-21 10:46:53.000000000 -0400 @@ -11,16 +11,12 @@ ## # @@ -1047,8 +1098,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys + can_exec($1,loadkeys_exec_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-2.6.4/policy/modules/apps/mozilla.if ---- nsaserefpolicy/policy/modules/apps/mozilla.if 2007-03-26 16:24:09.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/apps/mozilla.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/apps/mozilla.if 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/apps/mozilla.if 2007-05-21 10:46:53.000000000 -0400 @@ -150,6 +150,7 @@ corenet_dontaudit_tcp_bind_generic_port($1_mozilla_t) @@ -1058,8 +1109,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla. dev_read_sound($1_mozilla_t) dev_dontaudit_rw_dri($1_mozilla_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-2.6.4/policy/modules/apps/slocate.te ---- nsaserefpolicy/policy/modules/apps/slocate.te 2007-04-30 11:25:12.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/apps/slocate.te 2007-05-15 11:05:16.000000000 -0400 +--- nsaserefpolicy/policy/modules/apps/slocate.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/apps/slocate.te 2007-05-21 10:46:53.000000000 -0400 @@ -39,11 +39,12 @@ files_list_all(locate_t) @@ -1075,8 +1126,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate. libs_use_shared_libs(locate_t) libs_use_ld_so(locate_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.if serefpolicy-2.6.4/policy/modules/apps/uml.if ---- nsaserefpolicy/policy/modules/apps/uml.if 2007-03-26 10:38:58.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/apps/uml.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/apps/uml.if 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/apps/uml.if 2007-05-21 10:46:53.000000000 -0400 @@ -193,33 +193,6 @@ nis_use_ypbind($1_uml_t) ') @@ -1112,8 +1163,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.if s ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc ---- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-04-11 15:52:53.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc 2007-05-21 10:46:53.000000000 -0400 @@ -36,6 +36,11 @@ /etc/cipe/ip-up.* -- gen_context(system_u:object_r:bin_t,s0) /etc/cipe/ip-down.* -- gen_context(system_u:object_r:bin_t,s0) @@ -1133,8 +1184,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco +/usr/lib/vmware-tools/sbin32(/.*)? gen_context(system_u:object_r:bin_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.6.4/policy/modules/kernel/corecommands.if ---- nsaserefpolicy/policy/modules/kernel/corecommands.if 2007-03-26 10:38:57.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.if 2007-05-21 10:46:53.000000000 -0400 @@ -988,3 +988,23 @@ mmap_files_pattern($1,bin_t,exec_type) @@ -1160,8 +1211,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.6.4/policy/modules/kernel/corenetwork.te.in ---- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-05-07 10:32:44.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/kernel/corenetwork.te.in 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/corenetwork.te.in 2007-05-21 10:46:53.000000000 -0400 @@ -48,6 +48,11 @@ type reserved_port_t, port_type, reserved_port_type; @@ -1211,8 +1262,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene portcon udp 1-1023 gen_context(system_u:object_r:reserved_port_t, s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.6.4/policy/modules/kernel/devices.fc ---- nsaserefpolicy/policy/modules/kernel/devices.fc 2007-03-01 10:01:48.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/kernel/devices.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/devices.fc 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/devices.fc 2007-05-21 10:46:53.000000000 -0400 @@ -19,6 +19,7 @@ /dev/evtchn -c gen_context(system_u:object_r:xen_device_t,s0) /dev/fb[0-9]* -c gen_context(system_u:object_r:framebuf_device_t,s0) @@ -1231,8 +1282,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device /dev/cpu/mtrr -c gen_context(system_u:object_r:mtrr_device_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.6.4/policy/modules/kernel/devices.if ---- nsaserefpolicy/policy/modules/kernel/devices.if 2007-05-07 14:50:42.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/kernel/devices.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/devices.if 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/devices.if 2007-05-21 10:46:53.000000000 -0400 @@ -2729,6 +2729,24 @@ ######################################## @@ -1338,8 +1389,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-2.6.4/policy/modules/kernel/devices.te ---- nsaserefpolicy/policy/modules/kernel/devices.te 2007-05-07 14:50:42.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/kernel/devices.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/devices.te 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/devices.te 2007-05-21 10:46:53.000000000 -0400 @@ -139,6 +139,12 @@ # # Type for sound devices and mixers @@ -1354,8 +1405,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device dev_node(sound_device_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-2.6.4/policy/modules/kernel/domain.if ---- nsaserefpolicy/policy/modules/kernel/domain.if 2007-02-19 11:32:51.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/kernel/domain.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/domain.if 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/domain.if 2007-05-21 10:46:53.000000000 -0400 @@ -1254,3 +1254,21 @@ typeattribute $1 can_change_object_identity; typeattribute $1 set_curr_context; @@ -1379,8 +1430,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain + allow $1 domain:association { sendto recvfrom }; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.6.4/policy/modules/kernel/domain.te ---- nsaserefpolicy/policy/modules/kernel/domain.te 2007-04-23 09:35:56.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/kernel/domain.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/domain.te 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/domain.te 2007-05-21 10:46:53.000000000 -0400 @@ -6,6 +6,29 @@ # Declarations # @@ -1439,8 +1490,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain + ') +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.6.4/policy/modules/kernel/files.fc ---- nsaserefpolicy/policy/modules/kernel/files.fc 2006-11-16 17:15:04.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/kernel/files.fc 2007-05-16 17:44:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/files.fc 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/files.fc 2007-05-21 10:46:53.000000000 -0400 @@ -45,7 +45,6 @@ /etc -d gen_context(system_u:object_r:etc_t,s0) /etc/.* gen_context(system_u:object_r:etc_t,s0) @@ -1458,8 +1509,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files. /etc/nohotplug -- gen_context(system_u:object_r:etc_runtime_t,s0) /etc/nologin.* -- gen_context(system_u:object_r:etc_runtime_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.6.4/policy/modules/kernel/files.if ---- nsaserefpolicy/policy/modules/kernel/files.if 2007-02-26 14:17:21.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/kernel/files.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/files.if 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/files.if 2007-05-21 10:46:53.000000000 -0400 @@ -343,8 +343,7 @@ ######################################## @@ -1637,8 +1688,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files. + allow $1 root_t:file { create getattr write }; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-2.6.4/policy/modules/kernel/files.te ---- nsaserefpolicy/policy/modules/kernel/files.te 2007-04-23 09:35:56.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/kernel/files.te 2007-05-17 14:00:25.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/files.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/files.te 2007-05-21 10:46:53.000000000 -0400 @@ -54,6 +54,7 @@ files_type(etc_t) # compatibility aliases for removed types: @@ -1648,8 +1699,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files. # # etc_runtime_t is the type of various diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.6.4/policy/modules/kernel/filesystem.if ---- nsaserefpolicy/policy/modules/kernel/filesystem.if 2007-03-26 16:24:09.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.if 2007-05-21 10:46:53.000000000 -0400 @@ -1096,6 +1096,24 @@ ######################################## @@ -1726,8 +1777,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy + allow $1 fusefs_t:filesystem mount; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.6.4/policy/modules/kernel/filesystem.te ---- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-04-23 09:35:56.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.te 2007-05-16 11:07:59.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.te 2007-05-21 10:46:53.000000000 -0400 @@ -54,17 +54,29 @@ type capifs_t; @@ -1783,8 +1834,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy # tmpfs_t is the type for tmpfs filesystems # diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.6.4/policy/modules/kernel/kernel.if ---- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-05-02 15:04:46.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/kernel/kernel.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/kernel.if 2007-05-21 10:46:53.000000000 -0400 @@ -1848,6 +1848,26 @@ ######################################## @@ -1823,8 +1874,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.6.4/policy/modules/kernel/kernel.te ---- nsaserefpolicy/policy/modules/kernel/kernel.te 2007-05-02 15:04:46.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/kernel/kernel.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/kernel.te 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/kernel.te 2007-05-21 10:46:53.000000000 -0400 @@ -146,6 +146,8 @@ type unlabeled_t; sid unlabeled gen_context(system_u:object_r:unlabeled_t,mls_systemhigh) @@ -1843,8 +1894,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if serefpolicy-2.6.4/policy/modules/kernel/mls.if ---- nsaserefpolicy/policy/modules/kernel/mls.if 2006-11-16 17:15:04.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/kernel/mls.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/mls.if 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/mls.if 2007-05-21 10:46:53.000000000 -0400 @@ -154,6 +154,26 @@ ######################################## ## @@ -1873,8 +1924,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if ## ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.6.4/policy/modules/kernel/mls.te ---- nsaserefpolicy/policy/modules/kernel/mls.te 2007-01-02 12:57:13.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/kernel/mls.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/mls.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/mls.te 2007-05-21 10:46:53.000000000 -0400 @@ -18,6 +18,7 @@ attribute mlsnetreadtoclr; attribute mlsnetwrite; @@ -1893,8 +1944,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te attribute privrangetrans; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-2.6.4/policy/modules/kernel/selinux.if ---- nsaserefpolicy/policy/modules/kernel/selinux.if 2007-02-27 14:37:10.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/kernel/selinux.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/selinux.if 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/selinux.if 2007-05-21 10:46:53.000000000 -0400 @@ -51,6 +51,44 @@ ######################################## @@ -1941,8 +1992,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu ## ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-2.6.4/policy/modules/kernel/storage.if ---- nsaserefpolicy/policy/modules/kernel/storage.if 2007-01-02 12:57:13.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/kernel/storage.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/storage.if 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/storage.if 2007-05-21 10:46:53.000000000 -0400 @@ -100,6 +100,7 @@ dev_list_all_dev_nodes($1) @@ -1960,8 +2011,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.6.4/policy/modules/kernel/terminal.if ---- nsaserefpolicy/policy/modules/kernel/terminal.if 2007-02-20 16:35:52.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/kernel/terminal.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/terminal.if 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/terminal.if 2007-05-21 10:46:53.000000000 -0400 @@ -278,6 +278,25 @@ ######################################## @@ -1998,8 +2049,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.te serefpolicy-2.6.4/policy/modules/kernel/terminal.te ---- nsaserefpolicy/policy/modules/kernel/terminal.te 2007-04-23 09:35:56.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/kernel/terminal.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/kernel/terminal.te 2007-05-07 14:51:04.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/kernel/terminal.te 2007-05-21 10:46:53.000000000 -0400 @@ -28,6 +28,7 @@ type devpts_t; files_mountpoint(devpts_t) @@ -2009,8 +2060,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin fs_use_trans devpts gen_context(system_u:object_r:devpts_t,s0); diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide.fc serefpolicy-2.6.4/policy/modules/services/aide.fc ---- nsaserefpolicy/policy/modules/services/aide.fc 2007-04-30 11:25:12.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/aide.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/aide.fc 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/aide.fc 2007-05-21 10:46:53.000000000 -0400 @@ -2,5 +2,5 @@ /var/lib/aide(/.*) gen_context(system_u:object_r:aide_db_t,mls_systemhigh) @@ -2019,8 +2070,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide /var/log/aide.log -- gen_context(system_u:object_r:aide_log_t,mls_systemhigh) +/var/log/aide(/.*)? gen_context(system_u:object_r:aide_log_t,mls_systemhigh) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide.te serefpolicy-2.6.4/policy/modules/services/aide.te ---- nsaserefpolicy/policy/modules/services/aide.te 2007-04-30 11:25:12.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/aide.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/aide.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/aide.te 2007-05-21 10:46:53.000000000 -0400 @@ -26,7 +26,7 @@ allow aide_t self:capability { dac_override fowner }; @@ -2031,8 +2082,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide # database actions manage_files_pattern(aide_t,aide_db_t,aide_db_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.if serefpolicy-2.6.4/policy/modules/services/amavis.if ---- nsaserefpolicy/policy/modules/services/amavis.if 2007-01-02 12:57:43.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/amavis.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/amavis.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/amavis.if 2007-05-21 10:46:53.000000000 -0400 @@ -167,3 +167,22 @@ allow $1 amavis_var_run_t:file setattr; files_search_pids($1) @@ -2057,8 +2108,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav + files_search_pids($1) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.6.4/policy/modules/services/apache.fc ---- nsaserefpolicy/policy/modules/services/apache.fc 2007-02-23 16:50:01.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/apache.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/apache.fc 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/apache.fc 2007-05-21 10:46:53.000000000 -0400 @@ -1,10 +1,5 @@ # temporary hack till genhomedircon is fixed -ifdef(`targeted_policy',` @@ -2091,8 +2142,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac +/var/spool/viewvc(/.*)? gen_context(system_u:object_r:httpd_sys_script_rw_t, s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.6.4/policy/modules/services/apache.if ---- nsaserefpolicy/policy/modules/services/apache.if 2007-04-02 10:58:34.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/apache.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/apache.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/apache.if 2007-05-21 10:46:53.000000000 -0400 @@ -18,10 +18,6 @@ attribute httpd_script_exec_type; type httpd_t, httpd_suexec_t, httpd_log_t; @@ -2312,8 +2363,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.6.4/policy/modules/services/apache.te ---- nsaserefpolicy/policy/modules/services/apache.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/apache.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/apache.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/apache.te 2007-05-21 10:46:53.000000000 -0400 @@ -106,6 +106,27 @@ ## gen_tunable(httpd_unified,false) @@ -2478,8 +2529,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.fc serefpolicy-2.6.4/policy/modules/services/apcupsd.fc ---- nsaserefpolicy/policy/modules/services/apcupsd.fc 2007-05-07 11:11:55.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/apcupsd.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/apcupsd.fc 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/apcupsd.fc 2007-05-21 10:46:53.000000000 -0400 @@ -3,3 +3,8 @@ /var/log/apcupsd\.events.* -- gen_context(system_u:object_r:apcupsd_log_t,s0) @@ -2490,8 +2541,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu +/var/www/apcupsd/upsimage.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0) +/var/www/apcupsd/upsstats.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.if serefpolicy-2.6.4/policy/modules/services/apcupsd.if ---- nsaserefpolicy/policy/modules/services/apcupsd.if 2007-05-07 11:11:55.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/apcupsd.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/apcupsd.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/apcupsd.if 2007-05-21 10:46:53.000000000 -0400 @@ -79,3 +79,25 @@ allow $1 apcupsd_log_t:dir list_dir_perms; allow $1 apcupsd_log_t:file { getattr append }; @@ -2519,8 +2570,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu + allow httpd_apcupsd_cgi_script_t $1:process sigchld; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-2.6.4/policy/modules/services/apcupsd.te ---- nsaserefpolicy/policy/modules/services/apcupsd.te 2007-05-07 11:11:55.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/apcupsd.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/apcupsd.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/apcupsd.te 2007-05-21 10:46:53.000000000 -0400 @@ -24,6 +24,7 @@ # apcupsd local policy # @@ -2568,8 +2619,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu +corenet_udp_sendrecv_all_ports(httpd_apcupsd_cgi_script_t) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.6.4/policy/modules/services/automount.te ---- nsaserefpolicy/policy/modules/services/automount.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/automount.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/automount.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/automount.te 2007-05-21 10:46:53.000000000 -0400 @@ -69,6 +69,7 @@ files_mounton_all_mountpoints(automount_t) files_mount_all_file_type_fs(automount_t) @@ -2587,8 +2638,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto domain_use_interactive_fds(automount_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-2.6.4/policy/modules/services/avahi.te ---- nsaserefpolicy/policy/modules/services/avahi.te 2007-05-03 08:50:57.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/avahi.te 2007-05-15 11:02:52.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/avahi.te 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/avahi.te 2007-05-21 10:46:53.000000000 -0400 @@ -18,7 +18,7 @@ # Local policy # @@ -2599,8 +2650,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah allow avahi_t self:process { setrlimit signal_perms setcap }; allow avahi_t self:fifo_file { read write }; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-2.6.4/policy/modules/services/bind.te ---- nsaserefpolicy/policy/modules/services/bind.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/bind.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/bind.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/bind.te 2007-05-21 10:46:53.000000000 -0400 @@ -236,6 +236,7 @@ corenet_tcp_sendrecv_all_nodes(ndc_t) corenet_tcp_sendrecv_all_ports(ndc_t) @@ -2610,8 +2661,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind fs_getattr_xattr_fs(ndc_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-2.6.4/policy/modules/services/clamav.te ---- nsaserefpolicy/policy/modules/services/clamav.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/clamav.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/clamav.te 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/clamav.te 2007-05-21 10:46:53.000000000 -0400 @@ -126,6 +126,7 @@ amavis_read_lib_files(clamd_t) amavis_read_spool_files(clamd_t) @@ -2621,8 +2672,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-2.6.4/policy/modules/services/consolekit.te ---- nsaserefpolicy/policy/modules/services/consolekit.te 2007-05-04 12:19:22.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/consolekit.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/consolekit.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/consolekit.te 2007-05-21 10:46:53.000000000 -0400 @@ -10,7 +10,6 @@ type consolekit_exec_t; init_daemon_domain(consolekit_t, consolekit_exec_t) @@ -2666,16 +2717,16 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-2.6.4/policy/modules/services/cron.fc ---- nsaserefpolicy/policy/modules/services/cron.fc 2006-11-16 17:15:21.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/cron.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/cron.fc 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/cron.fc 2007-05-21 10:46:53.000000000 -0400 @@ -45,3 +45,4 @@ /var/spool/fcron/systab\.orig -- gen_context(system_u:object_r:system_cron_spool_t,s0) /var/spool/fcron/systab -- gen_context(system_u:object_r:system_cron_spool_t,s0) /var/spool/fcron/new\.systab -- gen_context(system_u:object_r:system_cron_spool_t,s0) +/var/lib/misc(/.*)? gen_context(system_u:object_r:crond_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.6.4/policy/modules/services/cron.if ---- nsaserefpolicy/policy/modules/services/cron.if 2007-03-26 10:39:05.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/cron.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/cron.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/cron.if 2007-05-21 10:46:53.000000000 -0400 @@ -35,6 +35,7 @@ # template(`cron_per_role_template',` @@ -2785,8 +2836,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron tunable_policy(`fcron_crond',` # fcron wants an instant update of a crontab change for the administrator diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.6.4/policy/modules/services/cron.te ---- nsaserefpolicy/policy/modules/services/cron.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/cron.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/cron.te 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/cron.te 2007-05-21 10:46:53.000000000 -0400 @@ -42,6 +42,9 @@ type cron_log_t; logging_log_file(cron_log_t) @@ -2925,8 +2976,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-2.6.4/policy/modules/services/cups.fc ---- nsaserefpolicy/policy/modules/services/cups.fc 2006-11-16 17:15:21.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/cups.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/cups.fc 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/cups.fc 2007-05-21 10:46:53.000000000 -0400 @@ -8,6 +8,7 @@ /etc/cups/ppd/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0) /etc/cups/ppds\.dat -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0) @@ -2936,8 +2987,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups /etc/cups/certs/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.6.4/policy/modules/services/cups.te ---- nsaserefpolicy/policy/modules/services/cups.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/cups.te 2007-05-11 18:40:14.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/cups.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/cups.te 2007-05-21 10:46:53.000000000 -0400 @@ -93,8 +93,6 @@ # generic socket here until appletalk socket is available in kernels allow cupsd_t self:socket create_socket_perms; @@ -2998,8 +3049,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.6.4/policy/modules/services/cvs.te ---- nsaserefpolicy/policy/modules/services/cvs.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/cvs.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/cvs.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/cvs.te 2007-05-21 10:46:53.000000000 -0400 @@ -16,6 +16,7 @@ type cvs_t; type cvs_exec_t; @@ -3009,8 +3060,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs. type cvs_data_t; # customizable diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-2.6.4/policy/modules/services/cyrus.te ---- nsaserefpolicy/policy/modules/services/cyrus.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/cyrus.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/cyrus.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/cyrus.te 2007-05-21 10:46:53.000000000 -0400 @@ -145,6 +145,7 @@ optional_policy(` @@ -3020,8 +3071,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.6.4/policy/modules/services/dbus.if ---- nsaserefpolicy/policy/modules/services/dbus.if 2007-03-26 10:39:04.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/dbus.if 2007-05-14 15:57:48.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/dbus.if 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/dbus.if 2007-05-21 10:46:53.000000000 -0400 @@ -49,6 +49,12 @@ ## # @@ -3150,8 +3201,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-2.6.4/policy/modules/services/dbus.te ---- nsaserefpolicy/policy/modules/services/dbus.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/dbus.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/dbus.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/dbus.te 2007-05-21 10:46:53.000000000 -0400 @@ -40,8 +40,6 @@ # Receive notifications of policy reloads and enforcing status changes. allow system_dbusd_t self:netlink_selinux_socket { create bind read }; @@ -3181,8 +3232,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-2.6.4/policy/modules/services/dhcp.te ---- nsaserefpolicy/policy/modules/services/dhcp.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/dhcp.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/dhcp.te 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/dhcp.te 2007-05-21 10:46:53.000000000 -0400 @@ -119,6 +119,8 @@ dbus_system_bus_client_template(dhcpd,dhcpd_t) dbus_connect_system_bus(dhcpd_t) @@ -3193,8 +3244,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbdns.te serefpolicy-2.6.4/policy/modules/services/djbdns.te ---- nsaserefpolicy/policy/modules/services/djbdns.te 2007-01-02 12:57:43.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/djbdns.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/djbdns.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/djbdns.te 2007-05-21 10:46:53.000000000 -0400 @@ -44,4 +44,7 @@ libs_use_ld_so(djbdns_axfrdns_t) libs_use_shared_libs(djbdns_axfrdns_t) @@ -3205,8 +3256,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbd +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-2.6.4/policy/modules/services/dovecot.fc ---- nsaserefpolicy/policy/modules/services/dovecot.fc 2006-11-16 17:15:21.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/dovecot.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/dovecot.fc 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/dovecot.fc 2007-05-21 10:46:53.000000000 -0400 @@ -17,10 +17,12 @@ ifdef(`distro_debian', ` @@ -3221,8 +3272,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove # diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-2.6.4/policy/modules/services/dovecot.if ---- nsaserefpolicy/policy/modules/services/dovecot.if 2007-01-02 12:57:43.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/dovecot.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/dovecot.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/dovecot.if 2007-05-21 10:46:53.000000000 -0400 @@ -18,3 +18,43 @@ manage_files_pattern($1,dovecot_spool_t,dovecot_spool_t) manage_lnk_files_pattern($1,dovecot_spool_t,dovecot_spool_t) @@ -3268,8 +3319,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.6.4/policy/modules/services/dovecot.te ---- nsaserefpolicy/policy/modules/services/dovecot.te 2007-05-07 10:32:44.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/dovecot.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/dovecot.te 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/dovecot.te 2007-05-21 10:46:53.000000000 -0400 @@ -15,6 +15,12 @@ domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t) role system_r types dovecot_auth_t; @@ -3389,8 +3440,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove + term_dontaudit_use_generic_ptys(dovecot_deliver_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.6.4/policy/modules/services/ftp.te ---- nsaserefpolicy/policy/modules/services/ftp.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/ftp.te 2007-05-17 13:03:23.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/ftp.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/ftp.te 2007-05-21 10:46:53.000000000 -0400 @@ -168,6 +168,7 @@ libs_use_shared_libs(ftpd_t) @@ -3416,8 +3467,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp. tunable_policy(`ftp_home_dir && use_nfs_home_dirs',` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-2.6.4/policy/modules/services/hal.fc ---- nsaserefpolicy/policy/modules/services/hal.fc 2007-05-07 14:50:43.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/hal.fc 2007-05-10 16:08:49.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/hal.fc 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/hal.fc 2007-05-21 10:46:53.000000000 -0400 @@ -2,15 +2,20 @@ /etc/hal/device\.d/printer_remove\.hal -- gen_context(system_u:object_r:hald_exec_t,s0) /etc/hal/capability\.d/printer_update\.hal -- gen_context(system_u:object_r:hald_exec_t,s0) @@ -3445,8 +3496,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal. +/var/log/pm-suspend.log gen_context(system_u:object_r:hald_log_t,s0) + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-2.6.4/policy/modules/services/hal.if ---- nsaserefpolicy/policy/modules/services/hal.if 2007-02-19 11:32:53.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/hal.if 2007-05-16 17:46:44.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/hal.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/hal.if 2007-05-21 10:46:53.000000000 -0400 @@ -208,3 +208,98 @@ files_search_pids($1) allow $1 hald_var_run_t:file rw_file_perms; @@ -3547,8 +3598,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal. +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.6.4/policy/modules/services/hal.te ---- nsaserefpolicy/policy/modules/services/hal.te 2007-05-07 14:50:43.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/hal.te 2007-05-16 18:05:54.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/hal.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/hal.te 2007-05-21 10:46:53.000000000 -0400 @@ -61,8 +61,6 @@ # For backwards compatibility with older kernels allow hald_t self:netlink_socket create_socket_perms; @@ -3612,8 +3663,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal. dev_setattr_generic_usb_dev(hald_acl_t) dev_setattr_usbfs_files(hald_acl_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.te serefpolicy-2.6.4/policy/modules/services/inetd.te ---- nsaserefpolicy/policy/modules/services/inetd.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/inetd.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/inetd.te 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/inetd.te 2007-05-21 10:46:53.000000000 -0400 @@ -135,8 +135,8 @@ mls_fd_use_all_levels(inetd_t) mls_fd_share_all_levels(inetd_t) @@ -3635,8 +3686,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inet manage_dirs_pattern(inetd_child_t,inetd_child_tmp_t,inetd_child_tmp_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-2.6.4/policy/modules/services/kerberos.if ---- nsaserefpolicy/policy/modules/services/kerberos.if 2007-04-10 13:21:52.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/kerberos.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/kerberos.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/kerberos.if 2007-05-21 10:46:53.000000000 -0400 @@ -33,43 +33,10 @@ # interface(`kerberos_use',` @@ -3784,8 +3835,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb + allow $1 krb5_keytab_t:file read_file_perms; ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-2.6.4/policy/modules/services/kerberos.te ---- nsaserefpolicy/policy/modules/services/kerberos.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/kerberos.te 2007-05-18 08:58:24.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/kerberos.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/kerberos.te 2007-05-21 10:46:53.000000000 -0400 @@ -5,6 +5,7 @@ # # Declarations @@ -3848,8 +3899,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb + ') +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-2.6.4/policy/modules/services/mailman.if ---- nsaserefpolicy/policy/modules/services/mailman.if 2007-01-02 12:57:43.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/mailman.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/mailman.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/mailman.if 2007-05-21 10:46:53.000000000 -0400 @@ -275,6 +275,25 @@ ####################################### @@ -3877,8 +3928,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail ## ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-2.6.4/policy/modules/services/mta.if ---- nsaserefpolicy/policy/modules/services/mta.if 2007-03-26 10:39:04.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/mta.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/mta.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/mta.if 2007-05-21 10:46:53.000000000 -0400 @@ -847,6 +847,25 @@ manage_files_pattern($1,mqueue_spool_t,mqueue_spool_t) ') @@ -3906,8 +3957,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta. ## ## Read sendmail binary. diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.6.4/policy/modules/services/mta.te ---- nsaserefpolicy/policy/modules/services/mta.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/mta.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/mta.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/mta.te 2007-05-21 10:46:53.000000000 -0400 @@ -27,6 +27,7 @@ type sendmail_exec_t; @@ -3925,8 +3976,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta. # apache should set close-on-exec apache_dontaudit_append_log(system_mail_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-2.6.4/policy/modules/services/networkmanager.if ---- nsaserefpolicy/policy/modules/services/networkmanager.if 2006-11-16 17:15:20.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/networkmanager.if 2007-05-16 08:30:20.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/networkmanager.if 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/networkmanager.if 2007-05-21 10:46:53.000000000 -0400 @@ -78,3 +78,22 @@ allow $1 NetworkManager_t:dbus send_msg; allow NetworkManager_t $1:dbus send_msg; @@ -3951,8 +4002,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw + +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-2.6.4/policy/modules/services/nis.if ---- nsaserefpolicy/policy/modules/services/nis.if 2007-03-26 10:39:04.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/nis.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/nis.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/nis.if 2007-05-21 10:46:53.000000000 -0400 @@ -48,8 +48,8 @@ corenet_udp_bind_all_nodes($1) corenet_tcp_bind_generic_port($1) @@ -3965,8 +4016,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis. corenet_dontaudit_udp_bind_all_ports($1) corenet_tcp_connect_portmap_port($1) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-2.6.4/policy/modules/services/nis.te ---- nsaserefpolicy/policy/modules/services/nis.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/nis.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/nis.te 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/nis.te 2007-05-21 10:46:53.000000000 -0400 @@ -120,6 +120,13 @@ ') @@ -4000,8 +4051,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis. corenet_dontaudit_udp_bind_all_reserved_ports(ypxfr_t) corenet_tcp_connect_all_ports(ypxfr_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-2.6.4/policy/modules/services/nscd.te ---- nsaserefpolicy/policy/modules/services/nscd.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/nscd.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/nscd.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/nscd.te 2007-05-21 10:46:53.000000000 -0400 @@ -28,14 +28,14 @@ # Local policy # @@ -4041,8 +4092,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.6.4/policy/modules/services/ntp.te ---- nsaserefpolicy/policy/modules/services/ntp.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/ntp.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/ntp.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/ntp.te 2007-05-21 10:46:53.000000000 -0400 @@ -137,6 +137,10 @@ ') @@ -4055,8 +4106,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp. ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-2.6.4/policy/modules/services/oddjob.te ---- nsaserefpolicy/policy/modules/services/oddjob.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/oddjob.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/oddjob.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/oddjob.te 2007-05-21 10:46:53.000000000 -0400 @@ -27,7 +27,7 @@ # oddjob local policy # @@ -4067,8 +4118,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj allow oddjob_t self:fifo_file { read write }; allow oddjob_t self:unix_stream_socket create_stream_socket_perms; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openct.fc serefpolicy-2.6.4/policy/modules/services/openct.fc ---- nsaserefpolicy/policy/modules/services/openct.fc 2006-11-16 17:15:20.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/openct.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/openct.fc 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/openct.fc 2007-05-21 10:46:53.000000000 -0400 @@ -2,6 +2,7 @@ # /usr # @@ -4078,8 +4129,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open # # /var diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openct.if serefpolicy-2.6.4/policy/modules/services/openct.if ---- nsaserefpolicy/policy/modules/services/openct.if 2006-11-16 17:15:20.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/openct.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/openct.if 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/openct.if 2007-05-21 10:46:53.000000000 -0400 @@ -1 +1,83 @@ -## Service for handling smart card readers. + @@ -4166,8 +4217,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open + allow $1 openct_t:process signull; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openct.te serefpolicy-2.6.4/policy/modules/services/openct.te ---- nsaserefpolicy/policy/modules/services/openct.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/openct.te 2007-05-14 13:25:28.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/openct.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/openct.te 2007-05-21 10:46:53.000000000 -0400 @@ -24,6 +24,8 @@ manage_files_pattern(openct_t,openct_var_run_t,openct_var_run_t) files_pid_filetrans(openct_t,openct_var_run_t,file) @@ -4187,8 +4238,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open domain_use_interactive_fds(openct_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.fc serefpolicy-2.6.4/policy/modules/services/openvpn.fc ---- nsaserefpolicy/policy/modules/services/openvpn.fc 2006-11-16 17:15:21.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/openvpn.fc 2007-05-14 11:26:36.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/openvpn.fc 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/openvpn.fc 2007-05-21 10:46:53.000000000 -0400 @@ -11,5 +11,5 @@ # # /var @@ -4198,8 +4249,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open +/var/log/openvpn(/.*)? gen_context(system_u:object_r:openvpn_var_log_t,s0) +/var/run/openvpn(/.*)? gen_context(system_u:object_r:openvpn_var_run_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-2.6.4/policy/modules/services/pcscd.te ---- nsaserefpolicy/policy/modules/services/pcscd.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/pcscd.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/pcscd.te 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/pcscd.te 2007-05-21 10:46:53.000000000 -0400 @@ -21,6 +21,7 @@ # @@ -4223,8 +4274,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcsc + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.6.4/policy/modules/services/pegasus.if ---- nsaserefpolicy/policy/modules/services/pegasus.if 2006-11-16 17:15:21.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/pegasus.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/pegasus.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/pegasus.if 2007-05-21 10:46:53.000000000 -0400 @@ -1 +1,19 @@ ## The Open Group Pegasus CIM/WBEM Server. + @@ -4246,8 +4297,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pega + domtrans_pattern($1,pegasus_exec_t,pegasus_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.6.4/policy/modules/services/pegasus.te ---- nsaserefpolicy/policy/modules/services/pegasus.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/pegasus.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/pegasus.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/pegasus.te 2007-05-21 10:46:53.000000000 -0400 @@ -38,8 +38,6 @@ allow pegasus_t self:unix_stream_socket create_stream_socket_perms; allow pegasus_t self:tcp_socket create_stream_socket_perms; @@ -4290,8 +4341,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pega optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-2.6.4/policy/modules/services/postfix.if ---- nsaserefpolicy/policy/modules/services/postfix.if 2007-03-26 10:39:04.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/postfix.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/postfix.if 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/postfix.if 2007-05-21 10:46:53.000000000 -0400 @@ -122,6 +122,7 @@ allow postfix_$1_t postfix_master_t:unix_stream_socket { connectto rw_stream_socket_perms }; allow postfix_$1_t self:tcp_socket create_socket_perms; @@ -4324,8 +4375,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post + create_sock_files_pattern($1,postfix_private_t,postfix_private_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.6.4/policy/modules/services/postfix.te ---- nsaserefpolicy/policy/modules/services/postfix.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/postfix.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/postfix.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/postfix.te 2007-05-21 10:46:53.000000000 -0400 @@ -169,6 +169,8 @@ mta_rw_aliases(postfix_master_t) mta_read_sendmail_bin(postfix_master_t) @@ -4436,8 +4487,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-2.6.4/policy/modules/services/ppp.te ---- nsaserefpolicy/policy/modules/services/ppp.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/ppp.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/ppp.te 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/ppp.te 2007-05-21 10:46:53.000000000 -0400 @@ -155,7 +155,7 @@ files_exec_etc_files(pppd_t) @@ -4448,8 +4499,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp. # for scripts diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.6.4/policy/modules/services/procmail.te ---- nsaserefpolicy/policy/modules/services/procmail.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/procmail.te 2007-05-17 12:20:51.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/procmail.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/procmail.te 2007-05-21 10:46:53.000000000 -0400 @@ -10,6 +10,7 @@ type procmail_exec_t; domain_type(procmail_t) @@ -4482,8 +4533,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-2.6.4/policy/modules/services/pyzor.te ---- nsaserefpolicy/policy/modules/services/pyzor.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/pyzor.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/pyzor.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/pyzor.te 2007-05-21 10:46:53.000000000 -0400 @@ -54,6 +54,11 @@ corenet_udp_sendrecv_all_nodes(pyzor_t) corenet_udp_sendrecv_all_ports(pyzor_t) @@ -4513,8 +4564,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-2.6.4/policy/modules/services/radius.te ---- nsaserefpolicy/policy/modules/services/radius.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/radius.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/radius.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/radius.te 2007-05-21 10:46:53.000000000 -0400 @@ -130,3 +130,7 @@ optional_policy(` udev_read_db(radiusd_t) @@ -4524,8 +4575,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi + samba_read_var_files(radiusd_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-2.6.4/policy/modules/services/rlogin.te ---- nsaserefpolicy/policy/modules/services/rlogin.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/rlogin.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/rlogin.te 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/rlogin.te 2007-05-21 10:46:53.000000000 -0400 @@ -64,6 +64,7 @@ fs_search_auto_mountpoints(rlogind_t) @@ -4536,7 +4587,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.fc serefpolicy-2.6.4/policy/modules/services/rpcbind.fc --- nsaserefpolicy/policy/modules/services/rpcbind.fc 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/rpcbind.fc 2007-05-09 19:47:47.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/rpcbind.fc 2007-05-21 10:46:53.000000000 -0400 @@ -0,0 +1,6 @@ + +/sbin/rpcbind -- gen_context(system_u:object_r:rpcbind_exec_t,s0) @@ -4546,7 +4597,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb +/var/lib/rpcbind(/.*)? gen_context(system_u:object_r:rpcbind_var_lib_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-2.6.4/policy/modules/services/rpcbind.if --- nsaserefpolicy/policy/modules/services/rpcbind.if 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/rpcbind.if 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/rpcbind.if 2007-05-21 10:46:53.000000000 -0400 @@ -0,0 +1,104 @@ + +## policy for rpcbind @@ -4654,7 +4705,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-2.6.4/policy/modules/services/rpcbind.te --- nsaserefpolicy/policy/modules/services/rpcbind.te 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/rpcbind.te 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/rpcbind.te 2007-05-21 10:46:53.000000000 -0400 @@ -0,0 +1,83 @@ +policy_module(rpcbind,1.0.0) + @@ -4740,8 +4791,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-2.6.4/policy/modules/services/rpc.if ---- nsaserefpolicy/policy/modules/services/rpc.if 2007-03-20 23:38:10.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/rpc.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/rpc.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/rpc.if 2007-05-21 10:46:53.000000000 -0400 @@ -89,8 +89,11 @@ # bind to arbitary unused ports corenet_tcp_bind_generic_port($1_t) @@ -4756,8 +4807,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc. fs_rw_rpc_named_pipes($1_t) fs_search_auto_mountpoints($1_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.6.4/policy/modules/services/rpc.te ---- nsaserefpolicy/policy/modules/services/rpc.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/rpc.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/rpc.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/rpc.te 2007-05-21 10:46:53.000000000 -0400 @@ -79,6 +79,7 @@ optional_policy(` @@ -4775,8 +4826,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc. tunable_policy(`nfs_export_all_ro',` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-2.6.4/policy/modules/services/rsync.te ---- nsaserefpolicy/policy/modules/services/rsync.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/rsync.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/rsync.te 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/rsync.te 2007-05-21 10:46:53.000000000 -0400 @@ -17,6 +17,7 @@ type rsync_t; type rsync_exec_t; @@ -4786,8 +4837,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn type rsync_data_t; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.if serefpolicy-2.6.4/policy/modules/services/rwho.if ---- nsaserefpolicy/policy/modules/services/rwho.if 2007-04-30 22:35:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/rwho.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/rwho.if 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/rwho.if 2007-05-21 10:46:53.000000000 -0400 @@ -1 +1,84 @@ -## Who is logged in on other machines? + @@ -4875,8 +4926,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho + files_search_spool($1) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-2.6.4/policy/modules/services/samba.fc ---- nsaserefpolicy/policy/modules/services/samba.fc 2007-02-23 16:50:01.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/samba.fc 2007-05-16 08:24:46.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/samba.fc 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/samba.fc 2007-05-21 10:46:53.000000000 -0400 @@ -3,6 +3,7 @@ # /etc # @@ -4896,8 +4947,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb /var/log/samba(/.*)? gen_context(system_u:object_r:samba_log_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-2.6.4/policy/modules/services/samba.if ---- nsaserefpolicy/policy/modules/services/samba.if 2007-01-02 12:57:43.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/samba.if 2007-05-17 13:05:00.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/samba.if 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/samba.if 2007-05-21 10:46:53.000000000 -0400 @@ -177,6 +177,27 @@ ######################################## @@ -5044,8 +5095,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb + +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.6.4/policy/modules/services/samba.te ---- nsaserefpolicy/policy/modules/services/samba.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-05-17 13:03:49.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/samba.te 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-05-21 10:46:53.000000000 -0400 @@ -28,6 +28,35 @@ ## gen_tunable(samba_share_nfs,false) @@ -5283,8 +5334,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-2.6.4/policy/modules/services/sasl.te ---- nsaserefpolicy/policy/modules/services/sasl.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/sasl.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/sasl.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/sasl.te 2007-05-21 10:46:53.000000000 -0400 @@ -63,6 +63,7 @@ selinux_compute_access_vector(saslauthd_t) @@ -5294,8 +5345,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl domain_use_interactive_fds(saslauthd_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-2.6.4/policy/modules/services/sendmail.if ---- nsaserefpolicy/policy/modules/services/sendmail.if 2006-11-16 17:15:21.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/sendmail.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/sendmail.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/sendmail.if 2007-05-21 10:46:53.000000000 -0400 @@ -76,6 +76,26 @@ ######################################## @@ -5333,8 +5384,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send ######################################## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.6.4/policy/modules/services/setroubleshoot.te ---- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/setroubleshoot.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/setroubleshoot.te 2007-05-21 10:46:53.000000000 -0400 @@ -28,7 +28,7 @@ # @@ -5345,8 +5396,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr allow setroubleshootd_t self:tcp_socket create_stream_socket_perms; allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto }; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-2.6.4/policy/modules/services/smartmon.te ---- nsaserefpolicy/policy/modules/services/smartmon.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/smartmon.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/smartmon.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/smartmon.te 2007-05-21 10:46:53.000000000 -0400 @@ -60,6 +60,7 @@ fs_search_auto_mountpoints(fsdaemon_t) @@ -5356,8 +5407,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar storage_raw_read_fixed_disk(fsdaemon_t) storage_raw_write_fixed_disk(fsdaemon_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-2.6.4/policy/modules/services/snmp.fc ---- nsaserefpolicy/policy/modules/services/snmp.fc 2006-11-16 17:15:20.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/snmp.fc 2007-05-17 13:59:01.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/snmp.fc 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/snmp.fc 2007-05-21 10:46:53.000000000 -0400 @@ -1,11 +1,5 @@ # @@ -5371,8 +5422,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp # /usr/sbin/snmp(trap)?d -- gen_context(system_u:object_r:snmpd_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-2.6.4/policy/modules/services/snmp.te ---- nsaserefpolicy/policy/modules/services/snmp.te 2007-05-07 10:32:44.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/snmp.te 2007-05-17 14:05:57.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/snmp.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/snmp.te 2007-05-21 10:46:53.000000000 -0400 @@ -9,9 +9,6 @@ type snmpd_exec_t; init_daemon_domain(snmpd_t,snmpd_exec_t) @@ -5424,8 +5475,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.6.4/policy/modules/services/spamassassin.te ---- nsaserefpolicy/policy/modules/services/spamassassin.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/spamassassin.te 2007-05-14 13:42:25.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/spamassassin.te 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/spamassassin.te 2007-05-21 10:46:53.000000000 -0400 @@ -6,14 +6,12 @@ # Declarations # @@ -5480,8 +5531,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-2.6.4/policy/modules/services/squid.fc ---- nsaserefpolicy/policy/modules/services/squid.fc 2006-11-16 17:15:21.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/squid.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/squid.fc 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/squid.fc 2007-05-21 10:46:53.000000000 -0400 @@ -12,3 +12,5 @@ /var/run/squid\.pid -- gen_context(system_u:object_r:squid_var_run_t,s0) @@ -5489,8 +5540,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi +/usr/lib/squid/cachemgr\.cgi -- gen_context(system_u:object_r:httpd_squid_script_exec_t,s0) +/usr/lib64/squid/cachemgr\.cgi -- gen_context(system_u:object_r:httpd_squid_script_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-2.6.4/policy/modules/services/squid.te ---- nsaserefpolicy/policy/modules/services/squid.te 2007-05-07 10:32:44.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/squid.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/squid.te 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/squid.te 2007-05-21 10:46:53.000000000 -0400 @@ -185,3 +185,12 @@ #squid requires the following when run in diskd mode, the recommended setting allow squid_t tmpfs_t:file { read write }; @@ -5505,8 +5556,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi + corenet_non_ipsec_sendrecv(httpd_squid_script_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-2.6.4/policy/modules/services/ssh.if ---- nsaserefpolicy/policy/modules/services/ssh.if 2007-04-30 10:41:38.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/ssh.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/ssh.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/ssh.if 2007-05-21 10:46:53.000000000 -0400 @@ -709,3 +709,42 @@ dontaudit $1 sshd_key_t:file { getattr read }; @@ -5551,8 +5602,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh. +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.6.4/policy/modules/services/ssh.te ---- nsaserefpolicy/policy/modules/services/ssh.te 2007-04-30 10:41:38.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/ssh.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/ssh.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/ssh.te 2007-05-21 10:46:53.000000000 -0400 @@ -24,11 +24,11 @@ # Type for the ssh-agent executable. @@ -5587,8 +5638,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh. tunable_policy(`ssh_sysadm_login',` # Relabel and access ptys created by sshd diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-2.6.4/policy/modules/services/tftp.te ---- nsaserefpolicy/policy/modules/services/tftp.te 2007-04-23 09:36:01.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/services/tftp.te 2007-05-14 16:13:37.000000000 -0400 +--- nsaserefpolicy/policy/modules/services/tftp.te 2007-05-07 14:50:57.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/tftp.te 2007-05-21 10:46:53.000000000 -0400 @@ -69,6 +69,7 @@ logging_send_syslog_msg(tftpd_t) @@ -5604,18 +5655,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.fc serefpolicy-2.6.4/policy/modules/services/w3c.fc --- nsaserefpolicy/policy/modules/services/w3c.fc 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/w3c.fc 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/w3c.fc 2007-05-21 10:46:53.000000000 -0400 @@ -0,0 +1,2 @@ +/usr/share/w3c-markup-validator(/.*)? gen_context(system_u:object_r:httpd_w3c_validator_content_t,s0) +/usr/share/w3c-markup-validator/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.if serefpolicy-2.6.4/policy/modules/services/w3c.if --- nsaserefpolicy/policy/modules/services/w3c.if 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/w3c.if 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/w3c.if 2007-05-21 10:46:53.000000000 -0400 @@ -0,0 +1 @@ +## W3C diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-2.6.4/policy/modules/services/w3c.te --- nsaserefpolicy/policy/modules/services/w3c.te 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/services/w3c.te 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/services/w3c.te 2007-05-21 10:46:53.000000000 -0400 @@ -0,0 +1,14 @@ +policy_module(w3c,1.2.1) + @@ -5633,12 +5684,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c. +miscfiles_read_certs(httpd_w3c_validator_script_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.fc serefpolicy-2.6.4/policy/modules/system/application.fc --- nsaserefpolicy/policy/modules/system/application.fc 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/application.fc 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/application.fc 2007-05-21 10:46:53.000000000 -0400 @@ -0,0 +1 @@ +# No application file contexts. diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.if serefpolicy-2.6.4/policy/modules/system/application.if --- nsaserefpolicy/policy/modules/system/application.if 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/application.if 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/application.if 2007-05-21 10:46:53.000000000 -0400 @@ -0,0 +1,104 @@ +## Policy for application domains + @@ -5746,7 +5797,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-2.6.4/policy/modules/system/application.te --- nsaserefpolicy/policy/modules/system/application.te 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/application.te 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/application.te 2007-05-21 10:46:53.000000000 -0400 @@ -0,0 +1,14 @@ + +policy_module(application,1.0.0) @@ -5763,8 +5814,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-2.6.4/policy/modules/system/authlogin.fc ---- nsaserefpolicy/policy/modules/system/authlogin.fc 2006-11-16 17:15:24.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/authlogin.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/authlogin.fc 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/authlogin.fc 2007-05-21 10:46:53.000000000 -0400 @@ -14,6 +14,7 @@ /sbin/pam_timestamp_check -- gen_context(system_u:object_r:pam_exec_t,s0) /sbin/unix_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0) @@ -5774,8 +5825,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo /sbin/unix2_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.6.4/policy/modules/system/authlogin.if ---- nsaserefpolicy/policy/modules/system/authlogin.if 2007-03-26 10:39:07.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/authlogin.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/authlogin.if 2007-05-21 10:46:53.000000000 -0400 @@ -27,11 +27,9 @@ domain_type($1_chkpwd_t) domain_entry_file($1_chkpwd_t,chkpwd_exec_t) @@ -6039,8 +6090,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.6.4/policy/modules/system/authlogin.te ---- nsaserefpolicy/policy/modules/system/authlogin.te 2007-04-30 10:41:38.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/authlogin.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/authlogin.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/authlogin.te 2007-05-21 10:46:53.000000000 -0400 @@ -9,6 +9,13 @@ attribute can_read_shadow_passwords; attribute can_write_shadow_passwords; @@ -6104,8 +6155,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo + nscd_socket_use(updpwd_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/clock.te serefpolicy-2.6.4/policy/modules/system/clock.te ---- nsaserefpolicy/policy/modules/system/clock.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/clock.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/clock.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/clock.te 2007-05-21 10:46:53.000000000 -0400 @@ -26,8 +26,6 @@ allow hwclock_t self:process signal_perms; allow hwclock_t self:fifo_file { getattr read write }; @@ -6124,8 +6175,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/clock. miscfiles_read_localization(hwclock_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-2.6.4/policy/modules/system/fstools.fc ---- nsaserefpolicy/policy/modules/system/fstools.fc 2006-11-16 17:15:24.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/fstools.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/fstools.fc 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/fstools.fc 2007-05-21 10:46:53.000000000 -0400 @@ -19,7 +19,6 @@ /sbin/mkfs.* -- gen_context(system_u:object_r:fsadm_exec_t,s0) /sbin/mkraid -- gen_context(system_u:object_r:fsadm_exec_t,s0) @@ -6135,8 +6186,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool /sbin/partprobe -- gen_context(system_u:object_r:fsadm_exec_t,s0) /sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.6.4/policy/modules/system/fstools.te ---- nsaserefpolicy/policy/modules/system/fstools.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/fstools.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/fstools.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/fstools.te 2007-05-21 10:46:53.000000000 -0400 @@ -9,6 +9,7 @@ type fsadm_t; type fsadm_exec_t; @@ -6147,7 +6198,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool type fsadm_log_t; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.fc serefpolicy-2.6.4/policy/modules/system/fusermount.fc --- nsaserefpolicy/policy/modules/system/fusermount.fc 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/fusermount.fc 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/fusermount.fc 2007-05-21 10:46:53.000000000 -0400 @@ -0,0 +1,6 @@ +# fusermount executable will have: +# label: system_u:object_r:fusermount_exec_t @@ -6157,7 +6208,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fuserm +/usr/bin/fusermount -- gen_context(system_u:object_r:fusermount_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.if serefpolicy-2.6.4/policy/modules/system/fusermount.if --- nsaserefpolicy/policy/modules/system/fusermount.if 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/fusermount.if 2007-05-08 09:59:33.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/fusermount.if 2007-05-21 10:46:53.000000000 -0400 @@ -0,0 +1,41 @@ +## policy for fusermount + @@ -6203,7 +6254,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fuserm \ No newline at end of file diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.te serefpolicy-2.6.4/policy/modules/system/fusermount.te --- nsaserefpolicy/policy/modules/system/fusermount.te 1969-12-31 19:00:00.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/fusermount.te 2007-05-14 15:36:32.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/fusermount.te 2007-05-21 10:46:53.000000000 -0400 @@ -0,0 +1,51 @@ +policy_module(fusermount,1.0.0) + @@ -6257,8 +6308,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fuserm +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-2.6.4/policy/modules/system/getty.te ---- nsaserefpolicy/policy/modules/system/getty.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/getty.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/getty.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/getty.te 2007-05-21 10:46:53.000000000 -0400 @@ -33,7 +33,8 @@ # @@ -6270,8 +6321,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty. allow getty_t self:process { getpgid setpgid getsession signal_perms }; allow getty_t self:fifo_file rw_fifo_file_perms; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.6.4/policy/modules/system/hostname.te ---- nsaserefpolicy/policy/modules/system/hostname.te 2007-01-02 12:57:49.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/hostname.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/hostname.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/hostname.te 2007-05-21 10:46:53.000000000 -0400 @@ -8,8 +8,12 @@ type hostname_t; @@ -6299,8 +6350,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna + unconfined_dontaudit_rw_pipes(hostname_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.6.4/policy/modules/system/init.if ---- nsaserefpolicy/policy/modules/system/init.if 2007-04-30 10:41:38.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/init.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/init.if 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/init.if 2007-05-21 10:46:53.000000000 -0400 @@ -194,11 +194,14 @@ gen_require(` type initrc_t; @@ -6369,8 +6420,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i + allow $1 init_t:process ptrace; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.6.4/policy/modules/system/init.te ---- nsaserefpolicy/policy/modules/system/init.te 2007-04-30 10:41:38.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/init.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/init.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/init.te 2007-05-21 10:46:53.000000000 -0400 @@ -10,13 +10,20 @@ # Declarations # @@ -6469,8 +6520,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-2.6.4/policy/modules/system/ipsec.if ---- nsaserefpolicy/policy/modules/system/ipsec.if 2007-03-26 16:24:13.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/ipsec.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/ipsec.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/ipsec.if 2007-05-21 10:46:53.000000000 -0400 @@ -114,6 +114,26 @@ ######################################## @@ -6499,8 +6550,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec. ## ## diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-2.6.4/policy/modules/system/ipsec.te ---- nsaserefpolicy/policy/modules/system/ipsec.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/ipsec.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/ipsec.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/ipsec.te 2007-05-21 10:46:53.000000000 -0400 @@ -289,6 +289,7 @@ allow racoon_t self:netlink_selinux_socket { bind create read }; allow racoon_t self:udp_socket create_socket_perms; @@ -6510,8 +6561,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec. # manage pid file manage_files_pattern(racoon_t,ipsec_var_run_t,ipsec_var_run_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-2.6.4/policy/modules/system/iptables.te ---- nsaserefpolicy/policy/modules/system/iptables.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/iptables.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/iptables.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/iptables.te 2007-05-21 10:46:53.000000000 -0400 @@ -56,6 +56,7 @@ domain_use_interactive_fds(iptables_t) @@ -6529,8 +6580,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl + fail2ban_append_log(iptables_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.6.4/policy/modules/system/libraries.fc ---- nsaserefpolicy/policy/modules/system/libraries.fc 2007-05-04 12:19:22.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/libraries.fc 2007-05-14 14:18:52.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/libraries.fc 2007-05-21 10:46:53.000000000 -0400 @@ -81,8 +81,8 @@ /opt/cisco-vpnclient/lib/libvpnapi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -6560,8 +6611,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar /usr/lib(64)?/fglrx/libGL\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libGLU\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-2.6.4/policy/modules/system/libraries.te ---- nsaserefpolicy/policy/modules/system/libraries.te 2007-05-04 12:19:23.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/libraries.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/libraries.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/libraries.te 2007-05-21 10:46:53.000000000 -0400 @@ -62,7 +62,8 @@ manage_dirs_pattern(ldconfig_t,ldconfig_tmp_t,ldconfig_tmp_t) @@ -6581,8 +6632,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.6.4/policy/modules/system/locallogin.te ---- nsaserefpolicy/policy/modules/system/locallogin.te 2007-03-26 10:39:07.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/locallogin.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/locallogin.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/locallogin.te 2007-05-21 10:46:53.000000000 -0400 @@ -48,6 +48,8 @@ allow local_login_t self:msgq create_msgq_perms; allow local_login_t self:msg { send receive }; @@ -6624,8 +6675,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locall gpm_setattr_gpmctl(local_login_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-2.6.4/policy/modules/system/logging.if ---- nsaserefpolicy/policy/modules/system/logging.if 2007-03-26 10:39:07.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/logging.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/logging.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/logging.if 2007-05-21 10:46:53.000000000 -0400 @@ -302,6 +302,25 @@ ######################################## @@ -6793,8 +6844,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.6.4/policy/modules/system/logging.te ---- nsaserefpolicy/policy/modules/system/logging.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/logging.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/logging.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/logging.te 2007-05-21 10:46:53.000000000 -0400 @@ -7,10 +7,15 @@ # @@ -6881,8 +6932,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin # /initrd is not umounted before minilog starts files_dontaudit_search_isid_type_dirs(syslogd_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-2.6.4/policy/modules/system/lvm.fc ---- nsaserefpolicy/policy/modules/system/lvm.fc 2007-01-02 12:57:49.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/lvm.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/lvm.fc 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/lvm.fc 2007-05-21 10:46:53.000000000 -0400 @@ -15,6 +15,7 @@ # /etc/lvm(/.*)? gen_context(system_u:object_r:lvm_etc_t,s0) @@ -6892,8 +6943,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc /etc/lvm/backup(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0) /etc/lvm/lock(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.6.4/policy/modules/system/lvm.te ---- nsaserefpolicy/policy/modules/system/lvm.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/lvm.te 2007-05-14 13:22:54.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/lvm.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/lvm.te 2007-05-21 10:46:53.000000000 -0400 @@ -16,6 +16,7 @@ type lvm_t; type lvm_exec_t; @@ -6940,8 +6991,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te + xen_dontaudit_rw_unix_stream_sockets(lvm_t) +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-2.6.4/policy/modules/system/modutils.te ---- nsaserefpolicy/policy/modules/system/modutils.te 2007-05-02 15:04:46.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/modutils.te 2007-05-16 17:09:16.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/modutils.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/modutils.te 2007-05-21 10:46:53.000000000 -0400 @@ -102,6 +102,7 @@ init_use_fds(insmod_t) init_use_script_fds(insmod_t) @@ -6982,8 +7033,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti fs_getattr_xattr_fs(depmod_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-2.6.4/policy/modules/system/mount.fc ---- nsaserefpolicy/policy/modules/system/mount.fc 2006-11-16 17:15:24.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/mount.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/mount.fc 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/mount.fc 2007-05-21 10:46:53.000000000 -0400 @@ -1,4 +1,3 @@ /bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0) /bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0) @@ -6991,8 +7042,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount. -/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0) +/sbin/mount.ntfs-3g -- gen_context(system_u:object_r:mount_ntfs_exec_t,s0) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-2.6.4/policy/modules/system/mount.if ---- nsaserefpolicy/policy/modules/system/mount.if 2007-01-02 12:57:49.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/mount.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/mount.if 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/mount.if 2007-05-21 10:46:53.000000000 -0400 @@ -143,3 +143,40 @@ mount_domtrans($1) ') @@ -7035,8 +7086,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount. + allow $1 mount_ntfs_t:unix_stream_socket { read write }; +') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.6.4/policy/modules/system/mount.te ---- nsaserefpolicy/policy/modules/system/mount.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/mount.te 2007-05-14 15:36:25.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/mount.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/mount.te 2007-05-21 10:46:53.000000000 -0400 @@ -9,6 +9,13 @@ ifdef(`targeted_policy',` ## @@ -7146,8 +7197,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount. +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlabel.te serefpolicy-2.6.4/policy/modules/system/netlabel.te ---- nsaserefpolicy/policy/modules/system/netlabel.te 2006-11-16 17:15:24.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/netlabel.te 2007-05-15 21:07:39.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/netlabel.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/netlabel.te 2007-05-21 10:46:53.000000000 -0400 @@ -20,6 +20,10 @@ allow netlabel_mgmt_t self:capability net_admin; allow netlabel_mgmt_t self:netlink_socket create_socket_perms; @@ -7160,8 +7211,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlab libs_use_ld_so(netlabel_mgmt_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-2.6.4/policy/modules/system/raid.te ---- nsaserefpolicy/policy/modules/system/raid.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/raid.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/raid.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/raid.te 2007-05-21 13:29:06.000000000 -0400 +@@ -19,7 +19,7 @@ + # Local policy + # + +-allow mdadm_t self:capability { dac_override sys_admin ipc_lock }; ++allow mdadm_t self:capability { dac_override mknod sys_admin ipc_lock }; + dontaudit mdadm_t self:capability sys_tty_config; + allow mdadm_t self:process { sigchld sigkill sigstop signull signal }; + allow mdadm_t self:fifo_file rw_fifo_file_perms; @@ -46,6 +46,7 @@ # RAID block device access storage_manage_fixed_disk(mdadm_t) @@ -7171,8 +7231,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.t term_dontaudit_list_ptys(mdadm_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.6.4/policy/modules/system/selinuxutil.fc ---- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2006-11-16 17:15:24.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/selinuxutil.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/selinuxutil.fc 2007-05-21 10:46:53.000000000 -0400 @@ -40,6 +40,7 @@ /usr/sbin/setfiles.* -- gen_context(system_u:object_r:setfiles_exec_t,s0) /usr/sbin/setsebool -- gen_context(system_u:object_r:semanage_exec_t,s0) @@ -7182,8 +7242,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu # diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.6.4/policy/modules/system/selinuxutil.if ---- nsaserefpolicy/policy/modules/system/selinuxutil.if 2007-03-26 10:39:07.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/selinuxutil.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/selinuxutil.if 2007-05-21 10:46:53.000000000 -0400 @@ -445,6 +445,7 @@ role $2 types run_init_t; allow run_init_t $3:chr_file rw_term_perms; @@ -7219,8 +7279,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu read_lnk_files_pattern($1,selinux_config_t,selinux_config_t) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.6.4/policy/modules/system/selinuxutil.te ---- nsaserefpolicy/policy/modules/system/selinuxutil.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/selinuxutil.te 2007-05-11 18:23:21.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/selinuxutil.te 2007-05-21 10:46:53.000000000 -0400 @@ -1,10 +1,8 @@ policy_module(selinuxutil,1.5.0) @@ -7426,8 +7486,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.6.4/policy/modules/system/sysnetwork.te ---- nsaserefpolicy/policy/modules/system/sysnetwork.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/sysnetwork.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/sysnetwork.te 2007-05-21 10:46:53.000000000 -0400 @@ -164,6 +164,10 @@ dbus_connect_system_bus(dhcpc_t) dbus_send_system_bus(dhcpc_t) @@ -7448,8 +7508,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet optional_policy(` diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.6.4/policy/modules/system/udev.te ---- nsaserefpolicy/policy/modules/system/udev.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/udev.te 2007-05-11 18:19:28.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/udev.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/udev.te 2007-05-21 10:46:53.000000000 -0400 @@ -83,12 +83,19 @@ kernel_dgram_send(udev_t) kernel_signal(udev_t) @@ -7496,8 +7556,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-2.6.4/policy/modules/system/unconfined.fc ---- nsaserefpolicy/policy/modules/system/unconfined.fc 2007-02-19 11:32:53.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/unconfined.fc 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/unconfined.fc 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/unconfined.fc 2007-05-21 10:46:53.000000000 -0400 @@ -10,4 +10,5 @@ /usr/bin/valgrind -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) /usr/local/RealPlayer/realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) @@ -7505,8 +7565,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf +/usr/bin/vmware.* -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.6.4/policy/modules/system/unconfined.if ---- nsaserefpolicy/policy/modules/system/unconfined.if 2007-02-19 11:32:53.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/unconfined.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/unconfined.if 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/unconfined.if 2007-05-21 10:46:53.000000000 -0400 @@ -18,7 +18,7 @@ ') @@ -7574,8 +7634,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.6.4/policy/modules/system/unconfined.te ---- nsaserefpolicy/policy/modules/system/unconfined.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/unconfined.te 2007-05-16 08:28:37.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/unconfined.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/unconfined.te 2007-05-21 10:46:53.000000000 -0400 @@ -6,6 +6,15 @@ # Declarations # @@ -7659,8 +7719,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf init_dbus_chat_script(unconfined_execmem_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.6.4/policy/modules/system/userdomain.if ---- nsaserefpolicy/policy/modules/system/userdomain.if 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/userdomain.if 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/userdomain.if 2007-05-21 10:46:53.000000000 -0400 @@ -114,6 +114,18 @@ # Allow making the stack executable via mprotect. allow $1_t self:process execstack; @@ -8207,8 +8267,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.6.4/policy/modules/system/userdomain.te ---- nsaserefpolicy/policy/modules/system/userdomain.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/userdomain.te 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/userdomain.te 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/userdomain.te 2007-05-21 10:46:53.000000000 -0400 @@ -15,7 +15,6 @@ # Declarations # @@ -8386,8 +8446,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo + term_use_console(userdomain) ') diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.6.4/policy/modules/system/xen.if ---- nsaserefpolicy/policy/modules/system/xen.if 2007-01-02 12:57:49.000000000 -0500 -+++ serefpolicy-2.6.4/policy/modules/system/xen.if 2007-05-14 15:38:19.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/xen.if 2007-05-07 14:51:01.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/xen.if 2007-05-21 10:46:53.000000000 -0400 @@ -72,12 +72,35 @@ ') @@ -8451,8 +8511,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if +') + diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.6.4/policy/modules/system/xen.te ---- nsaserefpolicy/policy/modules/system/xen.te 2007-04-23 09:36:02.000000000 -0400 -+++ serefpolicy-2.6.4/policy/modules/system/xen.te 2007-05-14 15:40:20.000000000 -0400 +--- nsaserefpolicy/policy/modules/system/xen.te 2007-05-07 14:51:02.000000000 -0400 ++++ serefpolicy-2.6.4/policy/modules/system/xen.te 2007-05-21 10:46:53.000000000 -0400 @@ -25,6 +25,10 @@ domain_type(xend_t) init_daemon_domain(xend_t, xend_exec_t) @@ -8557,8 +8617,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te +fs_getattr_all_fs(xend_t) +fs_read_dos_files(xend_t) diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns.spt serefpolicy-2.6.4/policy/support/misc_patterns.spt ---- nsaserefpolicy/policy/support/misc_patterns.spt 2007-01-02 12:57:51.000000000 -0500 -+++ serefpolicy-2.6.4/policy/support/misc_patterns.spt 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/policy/support/misc_patterns.spt 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/support/misc_patterns.spt 2007-05-21 10:46:53.000000000 -0400 @@ -41,11 +41,6 @@ # # Other process permissions @@ -8572,8 +8632,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns allow $1 $2:dir { search getattr read }; allow $1 $2:{ file lnk_file } { read getattr }; diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-2.6.4/policy/support/obj_perm_sets.spt ---- nsaserefpolicy/policy/support/obj_perm_sets.spt 2007-05-04 12:19:23.000000000 -0400 -+++ serefpolicy-2.6.4/policy/support/obj_perm_sets.spt 2007-05-16 14:13:26.000000000 -0400 +--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/policy/support/obj_perm_sets.spt 2007-05-21 10:46:53.000000000 -0400 @@ -203,7 +203,6 @@ define(`add_entry_dir_perms',`{ getattr search lock ioctl write add_name }') define(`del_entry_dir_perms',`{ getattr search lock ioctl write remove_name }') @@ -8606,8 +8666,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets + + diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.6.4/Rules.modular ---- nsaserefpolicy/Rules.modular 2007-03-22 14:30:10.000000000 -0400 -+++ serefpolicy-2.6.4/Rules.modular 2007-05-08 09:59:33.000000000 -0400 +--- nsaserefpolicy/Rules.modular 2007-05-07 14:51:05.000000000 -0400 ++++ serefpolicy-2.6.4/Rules.modular 2007-05-21 10:46:53.000000000 -0400 @@ -167,7 +167,7 @@ # these have to run individually because order matters: $(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true diff --git a/selinux-policy.spec b/selinux-policy.spec index 638cb08..f34d592 100644 --- a/selinux-policy.spec +++ b/selinux-policy.spec @@ -17,7 +17,7 @@ Summary: SELinux policy configuration Name: selinux-policy Version: 2.6.4 -Release: 7%{?dist} +Release: 8%{?dist} License: GPL Group: System Environment/Base Source: serefpolicy-%{version}.tgz @@ -359,6 +359,9 @@ semodule -b base.pp -r bootloader -r clock -r dpkg -r fstools -r hotplug -r init %endif %changelog +* Mon May 21 2007 Dan Walsh 2.6.4-8 +- mdadm needs mknod capability + * Fri May 18 2007 Dan Walsh 2.6.4-7 - Allow kerberos servers to use ldap for backing store