diff --git a/policy-20070501.patch b/policy-20070501.patch
index 2c255d7..536e072 100644
--- a/policy-20070501.patch
+++ b/policy-20070501.patch
@@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-2.6.4/man/man8/ftpd_selinux.8
--- nsaserefpolicy/man/man8/ftpd_selinux.8 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/man/man8/ftpd_selinux.8 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/man/man8/ftpd_selinux.8 2007-07-13 13:11:46.000000000 -0400
@@ -12,7 +12,7 @@
.TP
chcon -R -t public_content_t /var/ftp
@@ -12,7 +12,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 sere
.TP
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-2.6.4/policy/flask/access_vectors
--- nsaserefpolicy/policy/flask/access_vectors 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/flask/access_vectors 2007-07-12 10:27:08.000000000 -0400
++++ serefpolicy-2.6.4/policy/flask/access_vectors 2007-07-13 13:11:46.000000000 -0400
@@ -598,6 +598,8 @@
shmempwd
shmemgrp
@@ -43,7 +43,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/security_classes serefpolicy-2.6.4/policy/flask/security_classes
--- nsaserefpolicy/policy/flask/security_classes 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/flask/security_classes 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/flask/security_classes 2007-07-13 13:11:46.000000000 -0400
@@ -97,4 +97,6 @@
class dccp_socket
@@ -53,7 +53,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/security_classe
# FLASK
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans serefpolicy-2.6.4/policy/global_booleans
--- nsaserefpolicy/policy/global_booleans 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/global_booleans 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/global_booleans 2007-07-13 13:11:46.000000000 -0400
@@ -4,7 +4,6 @@
# file should be used.
#
@@ -72,7 +72,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_booleans seref
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-2.6.4/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/global_tunables 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/global_tunables 2007-07-13 13:11:46.000000000 -0400
@@ -102,12 +102,6 @@
##
gen_tunable(use_samba_home_dirs,false)
@@ -101,7 +101,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables seref
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.6.4/policy/mls
--- nsaserefpolicy/policy/mls 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/mls 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/mls 2007-07-13 13:11:46.000000000 -0400
@@ -89,12 +89,14 @@
mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton }
(( l1 eq l2 ) or
@@ -175,7 +175,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-2.6.4
mlsconstrain association { polmatch }
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te serefpolicy-2.6.4/policy/modules/admin/acct.te
--- nsaserefpolicy/policy/modules/admin/acct.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/acct.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/acct.te 2007-07-13 13:11:46.000000000 -0400
@@ -9,6 +9,7 @@
type acct_t;
type acct_exec_t;
@@ -186,7 +186,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.te
logging_log_file(acct_data_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc serefpolicy-2.6.4/policy/modules/admin/alsa.fc
--- nsaserefpolicy/policy/modules/admin/alsa.fc 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/alsa.fc 2007-07-13 13:11:46.000000000 -0400
@@ -1,4 +1,7 @@
/etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0)
@@ -197,7 +197,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.fc
+/sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-2.6.4/policy/modules/admin/alsa.te
--- nsaserefpolicy/policy/modules/admin/alsa.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/alsa.te 2007-07-13 13:11:46.000000000 -0400
@@ -20,20 +20,24 @@
# Local policy
#
@@ -246,7 +246,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-2.6.4/policy/modules/admin/amanda.te
--- nsaserefpolicy/policy/modules/admin/amanda.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/amanda.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/amanda.te 2007-07-13 13:11:46.000000000 -0400
@@ -85,7 +85,7 @@
# access to amandas data structure
@@ -268,14 +268,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.
logging_log_filetrans(amanda_t,amanda_log_t,{ file dir })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.fc serefpolicy-2.6.4/policy/modules/admin/amtu.fc
--- nsaserefpolicy/policy/modules/admin/amtu.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/admin/amtu.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/amtu.fc 2007-07-13 13:11:46.000000000 -0400
@@ -0,0 +1,3 @@
+
+/usr/bin/amtu -- gen_context(system_u:object_r:amtu_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.if serefpolicy-2.6.4/policy/modules/admin/amtu.if
--- nsaserefpolicy/policy/modules/admin/amtu.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/admin/amtu.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/amtu.if 2007-07-13 13:11:46.000000000 -0400
@@ -0,0 +1,53 @@
+##
+## abstract Machine Test Utility
@@ -332,7 +332,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.if
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.te serefpolicy-2.6.4/policy/modules/admin/amtu.te
--- nsaserefpolicy/policy/modules/admin/amtu.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/admin/amtu.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/amtu.te 2007-07-13 13:11:46.000000000 -0400
@@ -0,0 +1,57 @@
+policy_module(amtu,1.0.23)
+
@@ -393,7 +393,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amtu.te
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-2.6.4/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/bootloader.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/bootloader.te 2007-07-13 13:11:46.000000000 -0400
@@ -65,6 +65,8 @@
files_tmp_filetrans(bootloader_t,bootloader_tmp_t,{ dir file lnk_file chr_file blk_file })
# for tune2fs (cjp: ?)
@@ -413,7 +413,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloa
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-2.6.4/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/consoletype.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/consoletype.te 2007-07-13 13:11:46.000000000 -0400
@@ -8,7 +8,12 @@
type consoletype_t;
@@ -458,7 +458,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/console
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.te serefpolicy-2.6.4/policy/modules/admin/dmesg.te
--- nsaserefpolicy/policy/modules/admin/dmesg.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/dmesg.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/dmesg.te 2007-07-13 13:11:46.000000000 -0400
@@ -10,6 +10,7 @@
type dmesg_t;
type dmesg_exec_t;
@@ -469,7 +469,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/dmesg.t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-2.6.4/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/kudzu.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/kudzu.te 2007-07-13 13:11:46.000000000 -0400
@@ -21,8 +21,8 @@
# Local policy
#
@@ -492,7 +492,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.t
init_telinit(kudzu_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-2.6.4/policy/modules/admin/logrotate.te
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/logrotate.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/logrotate.te 2007-07-13 13:11:46.000000000 -0400
@@ -75,6 +75,7 @@
mls_file_read_up(logrotate_t)
mls_file_write_down(logrotate_t)
@@ -503,7 +503,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota
selinux_get_enforce_mode(logrotate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-2.6.4/policy/modules/admin/logwatch.te
--- nsaserefpolicy/policy/modules/admin/logwatch.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/logwatch.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/logwatch.te 2007-07-13 13:11:46.000000000 -0400
@@ -30,7 +30,6 @@
allow logwatch_t self:process signal;
allow logwatch_t self:fifo_file rw_file_perms;
@@ -574,7 +574,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-2.6.4/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/netutils.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/netutils.te 2007-07-13 13:11:46.000000000 -0400
@@ -31,6 +31,7 @@
type traceroute_t;
type traceroute_exec_t;
@@ -585,7 +585,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-2.6.4/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/prelink.te 2007-07-06 11:23:51.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/prelink.te 2007-07-13 13:11:46.000000000 -0400
@@ -26,7 +26,7 @@
# Local policy
#
@@ -616,7 +616,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-2.6.4/policy/modules/admin/readahead.te
--- nsaserefpolicy/policy/modules/admin/readahead.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/readahead.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/readahead.te 2007-07-13 13:11:46.000000000 -0400
@@ -18,7 +18,8 @@
# Local policy
#
@@ -646,7 +646,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-2.6.4/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/rpm.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/rpm.fc 2007-07-13 13:11:46.000000000 -0400
@@ -21,6 +21,9 @@
/usr/sbin/pup -- gen_context(system_u:object_r:rpm_exec_t,s0)
/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -659,7 +659,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc
/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-2.6.4/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/rpm.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/rpm.if 2007-07-13 13:11:46.000000000 -0400
@@ -211,6 +211,24 @@
########################################
@@ -804,7 +804,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-2.6.4/policy/modules/admin/rpm.te
--- nsaserefpolicy/policy/modules/admin/rpm.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/rpm.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/rpm.te 2007-07-13 13:11:46.000000000 -0400
@@ -9,6 +9,8 @@
type rpm_t;
type rpm_exec_t;
@@ -816,7 +816,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te
domain_system_change_exemption(rpm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-2.6.4/policy/modules/admin/sudo.if
--- nsaserefpolicy/policy/modules/admin/sudo.if 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/sudo.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/sudo.if 2007-07-13 13:11:46.000000000 -0400
@@ -69,7 +69,6 @@
allow $1_sudo_t self:unix_stream_socket create_stream_socket_perms;
allow $1_sudo_t self:unix_dgram_socket sendto;
@@ -865,7 +865,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-2.6.4/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/su.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/su.if 2007-07-13 13:11:46.000000000 -0400
@@ -41,12 +41,11 @@
allow $2 $1_su_t:process signal;
@@ -941,7 +941,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-2.6.4/policy/modules/admin/usermanage.if
--- nsaserefpolicy/policy/modules/admin/usermanage.if 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/usermanage.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/usermanage.if 2007-07-13 13:11:46.000000000 -0400
@@ -278,5 +278,5 @@
type crack_db_t;
')
@@ -951,7 +951,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-2.6.4/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/usermanage.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/usermanage.te 2007-07-13 13:11:46.000000000 -0400
@@ -99,6 +99,7 @@
dev_read_urand(chfn_t)
@@ -1121,7 +1121,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-2.6.4/policy/modules/admin/vbetool.te
--- nsaserefpolicy/policy/modules/admin/vbetool.te 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/admin/vbetool.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/admin/vbetool.te 2007-07-13 13:11:46.000000000 -0400
@@ -32,4 +32,5 @@
optional_policy(`
@@ -1130,7 +1130,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.fc serefpolicy-2.6.4/policy/modules/apps/games.fc
--- nsaserefpolicy/policy/modules/apps/games.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/games.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/games.fc 2007-07-13 13:11:46.000000000 -0400
@@ -1,22 +1,16 @@
#
# /usr
@@ -1159,7 +1159,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.fc
/usr/bin/gataxx -- gen_context(system_u:object_r:games_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-2.6.4/policy/modules/apps/gnome.if
--- nsaserefpolicy/policy/modules/apps/gnome.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/gnome.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/gnome.if 2007-07-13 13:11:46.000000000 -0400
@@ -35,6 +35,7 @@
template(`gnome_per_role_template',`
gen_require(`
@@ -1215,7 +1215,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if
## This is a templated interface, and should only
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-2.6.4/policy/modules/apps/gpg.fc
--- nsaserefpolicy/policy/modules/apps/gpg.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/gpg.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/gpg.fc 2007-07-13 13:11:46.000000000 -0400
@@ -7,6 +7,4 @@
/usr/lib/gnupg/.* -- gen_context(system_u:object_r:gpg_exec_t,s0)
/usr/lib/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
@@ -1225,7 +1225,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-2.6.4/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/java.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/java.if 2007-07-13 13:11:46.000000000 -0400
@@ -224,3 +224,35 @@
refpolicywarn(`$0($1) has no effect in strict policy.')
')
@@ -1264,7 +1264,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.if serefpolicy-2.6.4/policy/modules/apps/loadkeys.if
--- nsaserefpolicy/policy/modules/apps/loadkeys.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/loadkeys.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/loadkeys.if 2007-07-13 13:11:46.000000000 -0400
@@ -11,16 +11,12 @@
##
#
@@ -1333,7 +1333,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-2.6.4/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/mozilla.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/mozilla.if 2007-07-13 13:11:46.000000000 -0400
@@ -150,6 +150,7 @@
corenet_dontaudit_tcp_bind_generic_port($1_mozilla_t)
@@ -1344,7 +1344,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
dev_dontaudit_rw_dri($1_mozilla_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-2.6.4/policy/modules/apps/slocate.te
--- nsaserefpolicy/policy/modules/apps/slocate.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/slocate.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/slocate.te 2007-07-13 13:11:46.000000000 -0400
@@ -29,8 +29,11 @@
manage_dirs_pattern(locate_t,locate_var_lib_t,locate_var_lib_t)
manage_files_pattern(locate_t,locate_var_lib_t,locate_var_lib_t)
@@ -1374,7 +1374,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.
libs_use_ld_so(locate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.if serefpolicy-2.6.4/policy/modules/apps/uml.if
--- nsaserefpolicy/policy/modules/apps/uml.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/uml.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/uml.if 2007-07-13 13:11:46.000000000 -0400
@@ -193,33 +193,6 @@
nis_use_ypbind($1_uml_t)
')
@@ -1411,7 +1411,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.if s
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.if serefpolicy-2.6.4/policy/modules/apps/userhelper.if
--- nsaserefpolicy/policy/modules/apps/userhelper.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/apps/userhelper.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/apps/userhelper.if 2007-07-13 13:11:46.000000000 -0400
@@ -131,6 +131,7 @@
term_use_all_user_ptys($1_userhelper_t)
@@ -1422,7 +1422,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
auth_search_pam_console_data($1_userhelper_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc
--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.fc 2007-07-13 13:11:46.000000000 -0400
@@ -36,6 +36,11 @@
/etc/cipe/ip-up.* -- gen_context(system_u:object_r:bin_t,s0)
/etc/cipe/ip-down.* -- gen_context(system_u:object_r:bin_t,s0)
@@ -1459,7 +1459,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
+/etc/apcupsd/onbattery -- gen_context(system_u:object_r:bin_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-2.6.4/policy/modules/kernel/corecommands.if
--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/corecommands.if 2007-07-13 13:11:46.000000000 -0400
@@ -988,3 +988,23 @@
mmap_files_pattern($1,bin_t,exec_type)
@@ -1486,7 +1486,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-2.6.4/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/corenetwork.te.in 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/corenetwork.te.in 2007-07-13 13:11:46.000000000 -0400
@@ -48,6 +48,11 @@
type reserved_port_t, port_type, reserved_port_type;
@@ -1537,7 +1537,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-2.6.4/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.fc 2007-07-11 16:41:50.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.fc 2007-07-13 13:11:46.000000000 -0400
@@ -19,6 +19,7 @@
/dev/evtchn -c gen_context(system_u:object_r:xen_device_t,s0)
/dev/fb[0-9]* -c gen_context(system_u:object_r:framebuf_device_t,s0)
@@ -1574,7 +1574,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-2.6.4/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.if 2007-07-13 13:11:46.000000000 -0400
@@ -2729,6 +2729,24 @@
########################################
@@ -1681,7 +1681,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-2.6.4/policy/modules/kernel/devices.te
--- nsaserefpolicy/policy/modules/kernel/devices.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/devices.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/devices.te 2007-07-13 13:11:46.000000000 -0400
@@ -139,6 +139,12 @@
#
# Type for sound devices and mixers
@@ -1697,7 +1697,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-2.6.4/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/domain.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/domain.if 2007-07-13 13:11:46.000000000 -0400
@@ -64,6 +64,7 @@
')
@@ -1753,7 +1753,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-2.6.4/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/domain.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/domain.te 2007-07-13 13:11:46.000000000 -0400
@@ -6,6 +6,29 @@
# Declarations
#
@@ -1824,7 +1824,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-2.6.4/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/files.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/files.fc 2007-07-13 13:11:46.000000000 -0400
@@ -45,7 +45,6 @@
/etc -d gen_context(system_u:object_r:etc_t,s0)
/etc/.* gen_context(system_u:object_r:etc_t,s0)
@@ -1843,7 +1843,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
/etc/nologin.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-2.6.4/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/files.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/files.if 2007-07-13 13:11:46.000000000 -0400
@@ -343,8 +343,7 @@
########################################
@@ -2072,7 +2072,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-2.6.4/policy/modules/kernel/files.te
--- nsaserefpolicy/policy/modules/kernel/files.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/files.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/files.te 2007-07-13 13:11:46.000000000 -0400
@@ -54,6 +54,7 @@
files_type(etc_t)
# compatibility aliases for removed types:
@@ -2083,7 +2083,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
# etc_runtime_t is the type of various
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-2.6.4/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.if 2007-07-13 13:11:46.000000000 -0400
@@ -1096,6 +1096,24 @@
########################################
@@ -2161,7 +2161,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-2.6.4/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/filesystem.te 2007-07-13 13:11:46.000000000 -0400
@@ -54,17 +54,29 @@
type capifs_t;
@@ -2223,7 +2223,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-2.6.4/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/kernel.if 2007-07-10 12:50:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/kernel.if 2007-07-13 13:11:46.000000000 -0400
@@ -333,6 +333,24 @@
########################################
@@ -2288,7 +2288,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-2.6.4/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/kernel.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/kernel.te 2007-07-13 13:11:46.000000000 -0400
@@ -146,6 +146,8 @@
type unlabeled_t;
sid unlabeled gen_context(system_u:object_r:unlabeled_t,mls_systemhigh)
@@ -2308,7 +2308,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if serefpolicy-2.6.4/policy/modules/kernel/mls.if
--- nsaserefpolicy/policy/modules/kernel/mls.if 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/mls.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/mls.if 2007-07-13 13:11:46.000000000 -0400
@@ -154,6 +154,26 @@
########################################
##
@@ -2338,7 +2338,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te serefpolicy-2.6.4/policy/modules/kernel/mls.te
--- nsaserefpolicy/policy/modules/kernel/mls.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/mls.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/mls.te 2007-07-13 13:11:46.000000000 -0400
@@ -18,6 +18,7 @@
attribute mlsnetreadtoclr;
attribute mlsnetwrite;
@@ -2358,7 +2358,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.te
attribute privrangetrans;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-2.6.4/policy/modules/kernel/selinux.if
--- nsaserefpolicy/policy/modules/kernel/selinux.if 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/selinux.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/selinux.if 2007-07-13 13:11:46.000000000 -0400
@@ -51,6 +51,44 @@
########################################
@@ -2406,7 +2406,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-2.6.4/policy/modules/kernel/storage.fc
--- nsaserefpolicy/policy/modules/kernel/storage.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/storage.fc 2007-07-06 10:36:25.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/storage.fc 2007-07-13 13:11:46.000000000 -0400
@@ -23,6 +23,7 @@
/dev/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
/dev/lvm -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
@@ -2417,7 +2417,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
/dev/optcd -b gen_context(system_u:object_r:removable_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-2.6.4/policy/modules/kernel/storage.if
--- nsaserefpolicy/policy/modules/kernel/storage.if 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/storage.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/storage.if 2007-07-13 13:11:46.000000000 -0400
@@ -100,6 +100,7 @@
dev_list_all_dev_nodes($1)
@@ -2436,7 +2436,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.fc serefpolicy-2.6.4/policy/modules/kernel/terminal.fc
--- nsaserefpolicy/policy/modules/kernel/terminal.fc 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/terminal.fc 2007-07-11 16:40:40.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/terminal.fc 2007-07-13 13:11:46.000000000 -0400
@@ -8,6 +8,7 @@
/dev/dcbri[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0)
/dev/hvc.* -c gen_context(system_u:object_r:tty_device_t,s0)
@@ -2447,7 +2447,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin
/dev/isdn.* -c gen_context(system_u:object_r:tty_device_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-2.6.4/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/terminal.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/terminal.if 2007-07-13 13:11:46.000000000 -0400
@@ -278,6 +278,25 @@
########################################
@@ -2485,7 +2485,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.te serefpolicy-2.6.4/policy/modules/kernel/terminal.te
--- nsaserefpolicy/policy/modules/kernel/terminal.te 2007-05-07 14:51:04.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/kernel/terminal.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/kernel/terminal.te 2007-07-13 13:11:46.000000000 -0400
@@ -28,6 +28,7 @@
type devpts_t;
files_mountpoint(devpts_t)
@@ -2496,7 +2496,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide.fc serefpolicy-2.6.4/policy/modules/services/aide.fc
--- nsaserefpolicy/policy/modules/services/aide.fc 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/aide.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/aide.fc 2007-07-13 13:11:46.000000000 -0400
@@ -2,5 +2,5 @@
/var/lib/aide(/.*) gen_context(system_u:object_r:aide_db_t,mls_systemhigh)
@@ -2506,7 +2506,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide
+/var/log/aide(/.*)? gen_context(system_u:object_r:aide_log_t,mls_systemhigh)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide.te serefpolicy-2.6.4/policy/modules/services/aide.te
--- nsaserefpolicy/policy/modules/services/aide.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/aide.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/aide.te 2007-07-13 13:11:46.000000000 -0400
@@ -26,7 +26,7 @@
allow aide_t self:capability { dac_override fowner };
@@ -2518,7 +2518,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide
manage_files_pattern(aide_t,aide_db_t,aide_db_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.if serefpolicy-2.6.4/policy/modules/services/amavis.if
--- nsaserefpolicy/policy/modules/services/amavis.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/amavis.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/amavis.if 2007-07-13 13:11:46.000000000 -0400
@@ -167,3 +167,22 @@
allow $1 amavis_var_run_t:file setattr;
files_search_pids($1)
@@ -2544,7 +2544,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-2.6.4/policy/modules/services/amavis.te
--- nsaserefpolicy/policy/modules/services/amavis.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/amavis.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/amavis.te 2007-07-13 13:11:46.000000000 -0400
@@ -170,6 +170,7 @@
optional_policy(`
@@ -2555,7 +2555,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-2.6.4/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/apache.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/apache.fc 2007-07-13 13:11:46.000000000 -0400
@@ -1,10 +1,5 @@
# temporary hack till genhomedircon is fixed
-ifdef(`targeted_policy',`
@@ -2589,7 +2589,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-2.6.4/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/apache.if 2007-07-06 13:03:11.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/apache.if 2007-07-13 13:11:46.000000000 -0400
@@ -18,10 +18,6 @@
attribute httpd_script_exec_type;
type httpd_t, httpd_suexec_t, httpd_log_t;
@@ -2829,7 +2829,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-2.6.4/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/apache.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/apache.te 2007-07-13 13:11:46.000000000 -0400
@@ -47,6 +47,13 @@
## Allow http daemon to tcp connect
##
@@ -3050,7 +3050,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.fc serefpolicy-2.6.4/policy/modules/services/apcupsd.fc
--- nsaserefpolicy/policy/modules/services/apcupsd.fc 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/apcupsd.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/apcupsd.fc 2007-07-13 13:11:46.000000000 -0400
@@ -3,3 +3,8 @@
/var/log/apcupsd\.events.* -- gen_context(system_u:object_r:apcupsd_log_t,s0)
@@ -3062,7 +3062,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
+/var/www/apcupsd/upsstats.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.if serefpolicy-2.6.4/policy/modules/services/apcupsd.if
--- nsaserefpolicy/policy/modules/services/apcupsd.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/apcupsd.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/apcupsd.if 2007-07-13 13:11:46.000000000 -0400
@@ -79,3 +79,25 @@
allow $1 apcupsd_log_t:dir list_dir_perms;
allow $1 apcupsd_log_t:file { getattr append };
@@ -3091,7 +3091,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-2.6.4/policy/modules/services/apcupsd.te
--- nsaserefpolicy/policy/modules/services/apcupsd.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/apcupsd.te 2007-07-06 12:56:31.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/apcupsd.te 2007-07-13 13:11:46.000000000 -0400
@@ -16,6 +16,9 @@
type apcupsd_log_t;
logging_log_file(apcupsd_log_t)
@@ -3195,7 +3195,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.te serefpolicy-2.6.4/policy/modules/services/arpwatch.te
--- nsaserefpolicy/policy/modules/services/arpwatch.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/arpwatch.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/arpwatch.te 2007-07-13 13:11:46.000000000 -0400
@@ -28,7 +28,6 @@
allow arpwatch_t self:process signal_perms;
allow arpwatch_t self:unix_dgram_socket create_socket_perms;
@@ -3224,7 +3224,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/audioentropy.te serefpolicy-2.6.4/policy/modules/services/audioentropy.te
--- nsaserefpolicy/policy/modules/services/audioentropy.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/audioentropy.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/audioentropy.te 2007-07-13 13:11:46.000000000 -0400
@@ -18,7 +18,7 @@
# Local policy
#
@@ -3245,7 +3245,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/audi
fs_getattr_all_fs(entropyd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-2.6.4/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/automount.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/automount.te 2007-07-13 13:11:46.000000000 -0400
@@ -69,6 +69,7 @@
files_mounton_all_mountpoints(automount_t)
files_mount_all_file_type_fs(automount_t)
@@ -3264,7 +3264,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
domain_use_interactive_fds(automount_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-2.6.4/policy/modules/services/avahi.te
--- nsaserefpolicy/policy/modules/services/avahi.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/avahi.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/avahi.te 2007-07-13 13:11:46.000000000 -0400
@@ -18,7 +18,7 @@
# Local policy
#
@@ -3303,7 +3303,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-2.6.4/policy/modules/services/bind.fc
--- nsaserefpolicy/policy/modules/services/bind.fc 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/bind.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/bind.fc 2007-07-13 13:11:46.000000000 -0400
@@ -45,4 +45,7 @@
/var/named/chroot/var/named/slaves(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
/var/named/chroot/var/named/data(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
@@ -3314,7 +3314,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-2.6.4/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/bind.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/bind.te 2007-07-13 13:11:46.000000000 -0400
@@ -119,6 +119,10 @@
corenet_sendrecv_rndc_server_packets(named_t)
corenet_sendrecv_rndc_client_packets(named_t)
@@ -3336,7 +3336,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
fs_getattr_xattr_fs(ndc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-2.6.4/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/clamav.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/clamav.te 2007-07-13 13:11:46.000000000 -0400
@@ -126,6 +126,7 @@
amavis_read_lib_files(clamd_t)
amavis_read_spool_files(clamd_t)
@@ -3365,7 +3365,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-2.6.4/policy/modules/services/consolekit.te
--- nsaserefpolicy/policy/modules/services/consolekit.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/consolekit.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/consolekit.te 2007-07-13 13:11:46.000000000 -0400
@@ -10,7 +10,6 @@
type consolekit_exec_t;
init_daemon_domain(consolekit_t, consolekit_exec_t)
@@ -3413,7 +3413,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-2.6.4/policy/modules/services/courier.te
--- nsaserefpolicy/policy/modules/services/courier.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/courier.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/courier.te 2007-07-13 13:11:46.000000000 -0400
@@ -58,6 +58,7 @@
files_getattr_tmp_dirs(courier_authdaemon_t)
@@ -3424,7 +3424,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-2.6.4/policy/modules/services/cron.fc
--- nsaserefpolicy/policy/modules/services/cron.fc 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cron.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/cron.fc 2007-07-13 13:11:46.000000000 -0400
@@ -17,6 +17,8 @@
/var/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0)
/var/run/fcron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -3441,7 +3441,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
+/var/lib/misc(/.*)? gen_context(system_u:object_r:crond_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-2.6.4/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cron.if 2007-07-11 15:50:58.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/cron.if 2007-07-13 13:11:46.000000000 -0400
@@ -35,6 +35,7 @@
#
template(`cron_per_role_template',`
@@ -3578,7 +3578,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-2.6.4/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cron.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/cron.te 2007-07-13 13:11:46.000000000 -0400
@@ -42,6 +42,9 @@
type cron_log_t;
logging_log_file(cron_log_t)
@@ -3788,7 +3788,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-2.6.4/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cups.fc 2007-07-06 10:56:37.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/cups.fc 2007-07-13 13:11:46.000000000 -0400
@@ -8,6 +8,7 @@
/etc/cups/ppd/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/cups/ppds\.dat -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -3805,7 +3805,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-2.6.4/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cups.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/cups.te 2007-07-13 13:11:46.000000000 -0400
@@ -93,8 +93,6 @@
# generic socket here until appletalk socket is available in kernels
allow cupsd_t self:socket create_socket_perms;
@@ -3898,7 +3898,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
fs_search_auto_mountpoints(hplip_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-2.6.4/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cvs.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/cvs.te 2007-07-13 13:11:46.000000000 -0400
@@ -16,6 +16,7 @@
type cvs_t;
type cvs_exec_t;
@@ -3925,7 +3925,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-2.6.4/policy/modules/services/cyrus.te
--- nsaserefpolicy/policy/modules/services/cyrus.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/cyrus.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/cyrus.te 2007-07-13 13:11:46.000000000 -0400
@@ -145,6 +145,7 @@
optional_policy(`
@@ -3936,7 +3936,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-2.6.4/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/dbus.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/dbus.if 2007-07-13 13:11:46.000000000 -0400
@@ -49,6 +49,12 @@
##
#
@@ -4066,7 +4066,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-2.6.4/policy/modules/services/dbus.te
--- nsaserefpolicy/policy/modules/services/dbus.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/dbus.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/dbus.te 2007-07-13 13:11:46.000000000 -0400
@@ -40,8 +40,6 @@
# Receive notifications of policy reloads and enforcing status changes.
allow system_dbusd_t self:netlink_selinux_socket { create bind read };
@@ -4097,7 +4097,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-2.6.4/policy/modules/services/dhcp.te
--- nsaserefpolicy/policy/modules/services/dhcp.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/dhcp.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/dhcp.te 2007-07-13 13:11:46.000000000 -0400
@@ -119,6 +119,8 @@
dbus_system_bus_client_template(dhcpd,dhcpd_t)
dbus_connect_system_bus(dhcpd_t)
@@ -4109,7 +4109,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbdns.te serefpolicy-2.6.4/policy/modules/services/djbdns.te
--- nsaserefpolicy/policy/modules/services/djbdns.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/djbdns.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/djbdns.te 2007-07-13 13:11:46.000000000 -0400
@@ -44,4 +44,7 @@
libs_use_ld_so(djbdns_axfrdns_t)
libs_use_shared_libs(djbdns_axfrdns_t)
@@ -4121,7 +4121,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/djbd
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-2.6.4/policy/modules/services/dovecot.fc
--- nsaserefpolicy/policy/modules/services/dovecot.fc 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/dovecot.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/dovecot.fc 2007-07-13 13:11:46.000000000 -0400
@@ -17,10 +17,12 @@
ifdef(`distro_debian', `
@@ -4137,7 +4137,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-2.6.4/policy/modules/services/dovecot.if
--- nsaserefpolicy/policy/modules/services/dovecot.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/dovecot.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/dovecot.if 2007-07-13 13:11:46.000000000 -0400
@@ -18,3 +18,43 @@
manage_files_pattern($1,dovecot_spool_t,dovecot_spool_t)
manage_lnk_files_pattern($1,dovecot_spool_t,dovecot_spool_t)
@@ -4184,7 +4184,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-2.6.4/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/dovecot.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/dovecot.te 2007-07-13 13:11:46.000000000 -0400
@@ -15,6 +15,12 @@
domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -4331,7 +4331,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-2.6.4/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/ftp.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/ftp.te 2007-07-13 13:11:46.000000000 -0400
@@ -88,6 +88,7 @@
allow ftpd_t self:unix_stream_socket create_stream_socket_perms;
allow ftpd_t self:tcp_socket create_stream_socket_perms;
@@ -4375,7 +4375,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
tunable_policy(`ftp_home_dir && use_nfs_home_dirs',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-2.6.4/policy/modules/services/hal.fc
--- nsaserefpolicy/policy/modules/services/hal.fc 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/hal.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/hal.fc 2007-07-13 13:11:46.000000000 -0400
@@ -2,15 +2,20 @@
/etc/hal/device\.d/printer_remove\.hal -- gen_context(system_u:object_r:hald_exec_t,s0)
/etc/hal/capability\.d/printer_update\.hal -- gen_context(system_u:object_r:hald_exec_t,s0)
@@ -4404,7 +4404,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-2.6.4/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/hal.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/hal.if 2007-07-13 13:11:46.000000000 -0400
@@ -208,3 +208,98 @@
files_search_pids($1)
allow $1 hald_var_run_t:file rw_file_perms;
@@ -4506,7 +4506,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-2.6.4/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/hal.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/hal.te 2007-07-13 13:11:46.000000000 -0400
@@ -61,8 +61,6 @@
# For backwards compatibility with older kernels
allow hald_t self:netlink_socket create_socket_perms;
@@ -4571,7 +4571,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
dev_setattr_usbfs_files(hald_acl_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.te serefpolicy-2.6.4/policy/modules/services/inetd.te
--- nsaserefpolicy/policy/modules/services/inetd.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/inetd.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/inetd.te 2007-07-13 13:11:46.000000000 -0400
@@ -135,8 +135,8 @@
mls_fd_use_all_levels(inetd_t)
mls_fd_share_all_levels(inetd_t)
@@ -4594,7 +4594,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inet
manage_dirs_pattern(inetd_child_t,inetd_child_tmp_t,inetd_child_tmp_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-2.6.4/policy/modules/services/kerberos.if
--- nsaserefpolicy/policy/modules/services/kerberos.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/kerberos.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/kerberos.if 2007-07-13 13:11:46.000000000 -0400
@@ -33,43 +33,10 @@
#
interface(`kerberos_use',`
@@ -4743,7 +4743,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-2.6.4/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/kerberos.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/kerberos.te 2007-07-13 13:11:46.000000000 -0400
@@ -5,6 +5,7 @@
#
# Declarations
@@ -4825,7 +4825,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-2.6.4/policy/modules/services/lpd.if
--- nsaserefpolicy/policy/modules/services/lpd.if 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/lpd.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/lpd.if 2007-07-13 13:11:46.000000000 -0400
@@ -394,3 +394,22 @@
domtrans_pattern($2, lpr_exec_t, $1_lpr_t)
@@ -4851,7 +4851,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-2.6.4/policy/modules/services/mailman.if
--- nsaserefpolicy/policy/modules/services/mailman.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/mailman.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/mailman.if 2007-07-13 13:11:46.000000000 -0400
@@ -275,6 +275,25 @@
#######################################
@@ -4880,7 +4880,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-2.6.4/policy/modules/services/mailman.te
--- nsaserefpolicy/policy/modules/services/mailman.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/mailman.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/mailman.te 2007-07-13 13:11:46.000000000 -0400
@@ -96,6 +96,7 @@
kernel_read_proc_symlinks(mailman_queue_t)
@@ -4891,13 +4891,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.fc serefpolicy-2.6.4/policy/modules/services/mailscanner.fc
--- nsaserefpolicy/policy/modules/services/mailscanner.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/services/mailscanner.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/mailscanner.fc 2007-07-13 13:11:46.000000000 -0400
@@ -0,0 +1,2 @@
+/var/spool/MailScanner(/.*)? gen_context(system_u:object_r:mailscanner_spool_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.if serefpolicy-2.6.4/policy/modules/services/mailscanner.if
--- nsaserefpolicy/policy/modules/services/mailscanner.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/services/mailscanner.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/mailscanner.if 2007-07-13 13:11:46.000000000 -0400
@@ -0,0 +1,59 @@
+## Anti-Virus and Anti-Spam Filter
+
@@ -4960,10 +4960,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.te serefpolicy-2.6.4/policy/modules/services/mailscanner.te
--- nsaserefpolicy/policy/modules/services/mailscanner.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/services/mailscanner.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/mailscanner.te 2007-07-14 07:34:09.000000000 -0400
@@ -0,0 +1,8 @@
+
-+policy_module(moilscanner,1.0.0)
++policy_module(mailscanner,1.0.0)
+
+type mailscanner_spool_t;
+files_type(mailscanner_spool_t)
@@ -4972,7 +4972,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-2.6.4/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/mta.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/mta.if 2007-07-13 13:11:46.000000000 -0400
@@ -394,6 +394,7 @@
allow $1 mail_spool_t:dir list_dir_perms;
create_files_pattern($1,mail_spool_t,mail_spool_t)
@@ -5009,7 +5009,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
## Read sendmail binary.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-2.6.4/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/mta.te 2007-07-11 15:52:40.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/mta.te 2007-07-13 13:11:46.000000000 -0400
@@ -27,6 +27,7 @@
type sendmail_exec_t;
@@ -5043,7 +5043,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-2.6.4/policy/modules/services/nagios.te
--- nsaserefpolicy/policy/modules/services/nagios.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/nagios.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/nagios.te 2007-07-13 13:11:46.000000000 -0400
@@ -73,8 +73,10 @@
corenet_udp_sendrecv_all_nodes(nagios_t)
corenet_tcp_sendrecv_all_ports(nagios_t)
@@ -5075,7 +5075,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-2.6.4/policy/modules/services/networkmanager.fc
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/networkmanager.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/networkmanager.fc 2007-07-13 13:11:46.000000000 -0400
@@ -1,5 +1,6 @@
/usr/(s)?bin/NetworkManager -- gen_context(system_u:object_r:NetworkManager_exec_t,s0)
@@ -5085,7 +5085,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-2.6.4/policy/modules/services/networkmanager.if
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/networkmanager.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/networkmanager.if 2007-07-13 13:11:46.000000000 -0400
@@ -78,3 +78,22 @@
allow $1 NetworkManager_t:dbus send_msg;
allow NetworkManager_t $1:dbus send_msg;
@@ -5111,7 +5111,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-2.6.4/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/networkmanager.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/networkmanager.te 2007-07-13 13:11:46.000000000 -0400
@@ -41,6 +41,8 @@
kernel_read_kernel_sysctls(NetworkManager_t)
kernel_load_module(NetworkManager_t)
@@ -5140,7 +5140,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-2.6.4/policy/modules/services/nis.fc
--- nsaserefpolicy/policy/modules/services/nis.fc 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/nis.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/nis.fc 2007-07-13 13:11:46.000000000 -0400
@@ -4,6 +4,7 @@
/sbin/ypbind -- gen_context(system_u:object_r:ypbind_exec_t,s0)
@@ -5151,7 +5151,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
/usr/sbin/rpc\.ypxfrd -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-2.6.4/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/nis.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/nis.if 2007-07-13 13:11:46.000000000 -0400
@@ -48,8 +48,8 @@
corenet_udp_bind_all_nodes($1)
corenet_tcp_bind_generic_port($1)
@@ -5165,7 +5165,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
corenet_tcp_connect_portmap_port($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-2.6.4/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/nis.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/nis.te 2007-07-13 13:11:46.000000000 -0400
@@ -120,6 +120,13 @@
')
@@ -5219,7 +5219,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
corenet_tcp_connect_all_ports(ypxfr_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-2.6.4/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/nscd.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/nscd.te 2007-07-13 13:11:46.000000000 -0400
@@ -28,14 +28,14 @@
# Local policy
#
@@ -5283,7 +5283,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-2.6.4/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/ntp.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/ntp.te 2007-07-13 13:11:46.000000000 -0400
@@ -36,6 +36,7 @@
dontaudit ntpd_t self:capability { net_admin sys_tty_config fsetid sys_nice };
allow ntpd_t self:process { signal_perms setcap setsched setrlimit };
@@ -5305,7 +5305,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-2.6.4/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/oddjob.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/oddjob.te 2007-07-13 13:11:46.000000000 -0400
@@ -27,7 +27,7 @@
# oddjob local policy
#
@@ -5317,7 +5317,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
allow oddjob_t self:unix_stream_socket create_stream_socket_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openct.fc serefpolicy-2.6.4/policy/modules/services/openct.fc
--- nsaserefpolicy/policy/modules/services/openct.fc 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/openct.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/openct.fc 2007-07-13 13:11:46.000000000 -0400
@@ -2,6 +2,7 @@
# /usr
#
@@ -5328,7 +5328,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
# /var
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openct.if serefpolicy-2.6.4/policy/modules/services/openct.if
--- nsaserefpolicy/policy/modules/services/openct.if 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/openct.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/openct.if 2007-07-13 13:11:46.000000000 -0400
@@ -1 +1,83 @@
-## Service for handling smart card readers.
+
@@ -5416,7 +5416,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openct.te serefpolicy-2.6.4/policy/modules/services/openct.te
--- nsaserefpolicy/policy/modules/services/openct.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/openct.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/openct.te 2007-07-13 13:11:46.000000000 -0400
@@ -21,9 +21,13 @@
dontaudit openct_t self:capability sys_tty_config;
allow openct_t self:process signal_perms;
@@ -5442,7 +5442,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.fc serefpolicy-2.6.4/policy/modules/services/openvpn.fc
--- nsaserefpolicy/policy/modules/services/openvpn.fc 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/openvpn.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/openvpn.fc 2007-07-13 13:11:46.000000000 -0400
@@ -11,5 +11,5 @@
#
# /var
@@ -5453,7 +5453,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
+/var/run/openvpn(/.*)? gen_context(system_u:object_r:openvpn_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-2.6.4/policy/modules/services/openvpn.if
--- nsaserefpolicy/policy/modules/services/openvpn.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/openvpn.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/openvpn.if 2007-07-13 13:11:46.000000000 -0400
@@ -22,3 +22,71 @@
read_files_pattern($1,openvpn_etc_t,openvpn_etc_t)
read_lnk_files_pattern($1,openvpn_etc_t,openvpn_etc_t)
@@ -5528,7 +5528,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-2.6.4/policy/modules/services/openvpn.te
--- nsaserefpolicy/policy/modules/services/openvpn.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/openvpn.te 2007-07-13 11:31:03.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/openvpn.te 2007-07-13 13:11:46.000000000 -0400
@@ -1,11 +1,18 @@
-policy_module(openvpn,1.2.0)
@@ -5571,17 +5571,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
kernel_read_kernel_sysctls(openvpn_t)
kernel_read_net_sysctls(openvpn_t)
-@@ -53,7 +62,8 @@
- corecmd_exec_bin(openvpn_t)
- corecmd_exec_shell(openvpn_t)
-
--corenet_non_ipsec_sendrecv(openvpn_t)
-+corenet_all_recvfrom_unlabeled(openvpn_t)
-+corenet_all_recvfrom_netlabel(openvpn_t)
- corenet_tcp_sendrecv_all_if(openvpn_t)
- corenet_udp_sendrecv_all_if(openvpn_t)
- corenet_tcp_sendrecv_generic_node(openvpn_t)
-@@ -66,6 +76,7 @@
+@@ -66,6 +75,7 @@
corenet_udp_bind_openvpn_port(openvpn_t)
corenet_sendrecv_openvpn_server_packets(openvpn_t)
corenet_rw_tun_tap_dev(openvpn_t)
@@ -5589,7 +5579,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
dev_search_sysfs(openvpn_t)
dev_read_rand(openvpn_t)
-@@ -80,15 +91,31 @@
+@@ -80,15 +90,31 @@
logging_send_syslog_msg(openvpn_t)
miscfiles_read_localization(openvpn_t)
@@ -5626,7 +5616,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-2.6.4/policy/modules/services/pcscd.te
--- nsaserefpolicy/policy/modules/services/pcscd.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/pcscd.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/pcscd.te 2007-07-13 13:11:46.000000000 -0400
@@ -21,6 +21,7 @@
#
@@ -5651,7 +5641,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcsc
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.if serefpolicy-2.6.4/policy/modules/services/pegasus.if
--- nsaserefpolicy/policy/modules/services/pegasus.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/pegasus.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/pegasus.if 2007-07-13 13:11:46.000000000 -0400
@@ -1 +1,19 @@
## The Open Group Pegasus CIM/WBEM Server.
+
@@ -5674,7 +5664,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pega
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-2.6.4/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/pegasus.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/pegasus.te 2007-07-13 13:11:46.000000000 -0400
@@ -38,8 +38,6 @@
allow pegasus_t self:unix_stream_socket create_stream_socket_perms;
allow pegasus_t self:tcp_socket create_stream_socket_perms;
@@ -5719,7 +5709,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pega
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portslave.te serefpolicy-2.6.4/policy/modules/services/portslave.te
--- nsaserefpolicy/policy/modules/services/portslave.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/portslave.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/portslave.te 2007-07-13 13:11:46.000000000 -0400
@@ -84,6 +84,7 @@
auth_rw_login_records(portslave_t)
@@ -5730,7 +5720,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-2.6.4/policy/modules/services/postfix.fc
--- nsaserefpolicy/policy/modules/services/postfix.fc 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/postfix.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/postfix.fc 2007-07-13 13:11:46.000000000 -0400
@@ -5,6 +5,7 @@
/usr/libexec/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec_t,s0)
/usr/libexec/postfix/lmtp -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0)
@@ -5741,7 +5731,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
/usr/libexec/postfix/(n)?qmgr -- gen_context(system_u:object_r:postfix_qmgr_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-2.6.4/policy/modules/services/postfix.if
--- nsaserefpolicy/policy/modules/services/postfix.if 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/postfix.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/postfix.if 2007-07-13 13:11:46.000000000 -0400
@@ -124,6 +124,7 @@
allow postfix_$1_t self:udp_socket create_socket_perms;
@@ -5856,7 +5846,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-2.6.4/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/postfix.te 2007-07-06 11:46:10.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/postfix.te 2007-07-13 13:11:46.000000000 -0400
@@ -84,6 +84,12 @@
type postfix_var_run_t;
files_pid_file(postfix_var_run_t)
@@ -6004,7 +5994,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+mta_manage_spool(postfix_virtual_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-2.6.4/policy/modules/services/ppp.te
--- nsaserefpolicy/policy/modules/services/ppp.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/ppp.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/ppp.te 2007-07-13 13:11:46.000000000 -0400
@@ -155,7 +155,7 @@
files_exec_etc_files(pppd_t)
@@ -6016,7 +6006,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
# for scripts
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-2.6.4/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/procmail.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/procmail.te 2007-07-13 13:11:46.000000000 -0400
@@ -10,6 +10,7 @@
type procmail_exec_t;
domain_type(procmail_t)
@@ -6067,7 +6057,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-2.6.4/policy/modules/services/pyzor.te
--- nsaserefpolicy/policy/modules/services/pyzor.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/pyzor.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/pyzor.te 2007-07-13 13:11:46.000000000 -0400
@@ -54,6 +54,11 @@
corenet_udp_sendrecv_all_nodes(pyzor_t)
corenet_udp_sendrecv_all_ports(pyzor_t)
@@ -6098,7 +6088,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-2.6.4/policy/modules/services/radius.te
--- nsaserefpolicy/policy/modules/services/radius.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/radius.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/radius.te 2007-07-13 13:11:46.000000000 -0400
@@ -81,6 +81,7 @@
auth_read_shadow(radiusd_t)
@@ -6117,7 +6107,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-2.6.4/policy/modules/services/radvd.te
--- nsaserefpolicy/policy/modules/services/radvd.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/radvd.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/radvd.te 2007-07-13 13:11:46.000000000 -0400
@@ -34,7 +34,7 @@
files_pid_filetrans(radvd_t,radvd_var_run_t,file)
@@ -6129,7 +6119,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radv
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-2.6.4/policy/modules/services/rhgb.te
--- nsaserefpolicy/policy/modules/services/rhgb.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/rhgb.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/rhgb.te 2007-07-13 13:11:46.000000000 -0400
@@ -105,6 +105,7 @@
userdom_dontaudit_use_unpriv_user_fds(rhgb_t)
@@ -6140,7 +6130,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb
xserver_kill_xdm_xserver(rhgb_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-2.6.4/policy/modules/services/ricci.te
--- nsaserefpolicy/policy/modules/services/ricci.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/ricci.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/ricci.te 2007-07-13 13:11:46.000000000 -0400
@@ -137,6 +137,7 @@
files_create_boot_flag(ricci_t)
@@ -6162,7 +6152,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-2.6.4/policy/modules/services/rlogin.te
--- nsaserefpolicy/policy/modules/services/rlogin.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/rlogin.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/rlogin.te 2007-07-13 13:11:46.000000000 -0400
@@ -64,6 +64,7 @@
fs_search_auto_mountpoints(rlogind_t)
@@ -6173,7 +6163,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.fc serefpolicy-2.6.4/policy/modules/services/rpcbind.fc
--- nsaserefpolicy/policy/modules/services/rpcbind.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/services/rpcbind.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/rpcbind.fc 2007-07-13 13:11:46.000000000 -0400
@@ -0,0 +1,6 @@
+
+/sbin/rpcbind -- gen_context(system_u:object_r:rpcbind_exec_t,s0)
@@ -6183,7 +6173,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
+/var/lib/rpcbind(/.*)? gen_context(system_u:object_r:rpcbind_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-2.6.4/policy/modules/services/rpcbind.if
--- nsaserefpolicy/policy/modules/services/rpcbind.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/services/rpcbind.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/rpcbind.if 2007-07-13 13:11:46.000000000 -0400
@@ -0,0 +1,104 @@
+
+## policy for rpcbind
@@ -6291,7 +6281,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-2.6.4/policy/modules/services/rpcbind.te
--- nsaserefpolicy/policy/modules/services/rpcbind.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/services/rpcbind.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/rpcbind.te 2007-07-13 13:11:46.000000000 -0400
@@ -0,0 +1,83 @@
+policy_module(rpcbind,1.0.0)
+
@@ -6378,7 +6368,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-2.6.4/policy/modules/services/rpc.if
--- nsaserefpolicy/policy/modules/services/rpc.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/rpc.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/rpc.if 2007-07-13 13:11:46.000000000 -0400
@@ -89,8 +89,11 @@
# bind to arbitary unused ports
corenet_tcp_bind_generic_port($1_t)
@@ -6394,7 +6384,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
fs_search_auto_mountpoints($1_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-2.6.4/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/rpc.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/rpc.te 2007-07-13 13:11:46.000000000 -0400
@@ -79,6 +79,7 @@
optional_policy(`
@@ -6423,7 +6413,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
tunable_policy(`nfs_export_all_ro',`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-2.6.4/policy/modules/services/rshd.te
--- nsaserefpolicy/policy/modules/services/rshd.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/rshd.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/rshd.te 2007-07-13 13:11:46.000000000 -0400
@@ -44,6 +44,7 @@
selinux_compute_user_contexts(rshd_t)
@@ -6434,7 +6424,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-2.6.4/policy/modules/services/rsync.te
--- nsaserefpolicy/policy/modules/services/rsync.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/rsync.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/rsync.te 2007-07-13 13:11:46.000000000 -0400
@@ -17,6 +17,7 @@
type rsync_t;
type rsync_exec_t;
@@ -6445,7 +6435,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
type rsync_data_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.if serefpolicy-2.6.4/policy/modules/services/rwho.if
--- nsaserefpolicy/policy/modules/services/rwho.if 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/rwho.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/rwho.if 2007-07-13 13:11:46.000000000 -0400
@@ -1 +1,84 @@
-## Who is logged in on other machines?
+
@@ -6534,7 +6524,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-2.6.4/policy/modules/services/samba.fc
--- nsaserefpolicy/policy/modules/services/samba.fc 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/samba.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/samba.fc 2007-07-13 13:11:46.000000000 -0400
@@ -3,6 +3,7 @@
# /etc
#
@@ -6555,7 +6545,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-2.6.4/policy/modules/services/samba.if
--- nsaserefpolicy/policy/modules/services/samba.if 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/samba.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/samba.if 2007-07-13 13:11:46.000000000 -0400
@@ -177,6 +177,27 @@
########################################
@@ -6721,7 +6711,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-2.6.4/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/samba.te 2007-07-13 13:11:46.000000000 -0400
@@ -28,6 +28,35 @@
##
gen_tunable(samba_share_nfs,false)
@@ -7044,7 +7034,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+unconfined_domain(samba_unconfined_script_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-2.6.4/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/sasl.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/sasl.te 2007-07-13 13:11:46.000000000 -0400
@@ -63,6 +63,7 @@
selinux_compute_access_vector(saslauthd_t)
@@ -7064,7 +7054,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-2.6.4/policy/modules/services/sendmail.if
--- nsaserefpolicy/policy/modules/services/sendmail.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/sendmail.if 2007-07-06 11:45:34.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/sendmail.if 2007-07-13 13:11:46.000000000 -0400
@@ -76,6 +76,26 @@
########################################
@@ -7124,7 +7114,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-2.6.4/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/setroubleshoot.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/setroubleshoot.te 2007-07-13 13:11:47.000000000 -0400
@@ -28,7 +28,7 @@
#
@@ -7136,7 +7126,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
allow setroubleshootd_t self:unix_stream_socket { create_stream_socket_perms connectto };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-2.6.4/policy/modules/services/smartmon.te
--- nsaserefpolicy/policy/modules/services/smartmon.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/smartmon.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/smartmon.te 2007-07-13 13:11:47.000000000 -0400
@@ -60,6 +60,7 @@
fs_search_auto_mountpoints(fsdaemon_t)
@@ -7147,7 +7137,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
storage_raw_write_fixed_disk(fsdaemon_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-2.6.4/policy/modules/services/snmp.fc
--- nsaserefpolicy/policy/modules/services/snmp.fc 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/snmp.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/snmp.fc 2007-07-13 13:11:47.000000000 -0400
@@ -1,11 +1,5 @@
#
@@ -7162,7 +7152,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
/usr/sbin/snmp(trap)?d -- gen_context(system_u:object_r:snmpd_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-2.6.4/policy/modules/services/snmp.te
--- nsaserefpolicy/policy/modules/services/snmp.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/snmp.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/snmp.te 2007-07-13 13:11:47.000000000 -0400
@@ -9,9 +9,6 @@
type snmpd_exec_t;
init_daemon_domain(snmpd_t,snmpd_exec_t)
@@ -7215,7 +7205,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-2.6.4/policy/modules/services/spamassassin.fc
--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/spamassassin.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/spamassassin.fc 2007-07-13 13:11:47.000000000 -0400
@@ -9,6 +9,10 @@
/var/lib/spamassassin(/.*)? gen_context(system_u:object_r:spamd_var_lib_t,s0)
@@ -7229,7 +7219,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:ROLE_spamassassin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-2.6.4/policy/modules/services/spamassassin.if
--- nsaserefpolicy/policy/modules/services/spamassassin.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/spamassassin.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/spamassassin.if 2007-07-13 13:11:47.000000000 -0400
@@ -466,6 +466,7 @@
')
@@ -7240,7 +7230,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-2.6.4/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/spamassassin.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/spamassassin.te 2007-07-13 13:11:47.000000000 -0400
@@ -6,14 +6,12 @@
# Declarations
#
@@ -7307,7 +7297,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-2.6.4/policy/modules/services/squid.fc
--- nsaserefpolicy/policy/modules/services/squid.fc 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/squid.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/squid.fc 2007-07-13 13:11:47.000000000 -0400
@@ -12,3 +12,5 @@
/var/run/squid\.pid -- gen_context(system_u:object_r:squid_var_run_t,s0)
@@ -7316,7 +7306,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
+/usr/lib64/squid/cachemgr\.cgi -- gen_context(system_u:object_r:httpd_squid_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-2.6.4/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/squid.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/squid.te 2007-07-13 13:11:47.000000000 -0400
@@ -108,6 +108,8 @@
fs_getattr_all_fs(squid_t)
@@ -7344,7 +7334,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-2.6.4/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/ssh.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/ssh.if 2007-07-13 13:11:47.000000000 -0400
@@ -709,3 +709,42 @@
dontaudit $1 sshd_key_t:file { getattr read };
@@ -7390,7 +7380,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-2.6.4/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/ssh.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/ssh.te 2007-07-13 13:11:47.000000000 -0400
@@ -24,11 +24,11 @@
# Type for the ssh-agent executable.
@@ -7426,7 +7416,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
# Relabel and access ptys created by sshd
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-2.6.4/policy/modules/services/tftp.te
--- nsaserefpolicy/policy/modules/services/tftp.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/tftp.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/tftp.te 2007-07-13 13:11:47.000000000 -0400
@@ -69,6 +69,7 @@
logging_send_syslog_msg(tftpd_t)
@@ -7442,7 +7432,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uwimap.te serefpolicy-2.6.4/policy/modules/services/uwimap.te
--- nsaserefpolicy/policy/modules/services/uwimap.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/uwimap.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/uwimap.te 2007-07-13 13:11:47.000000000 -0400
@@ -63,6 +63,7 @@
fs_search_auto_mountpoints(imapd_t)
@@ -7453,18 +7443,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uwim
libs_use_shared_libs(imapd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.fc serefpolicy-2.6.4/policy/modules/services/w3c.fc
--- nsaserefpolicy/policy/modules/services/w3c.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/services/w3c.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/w3c.fc 2007-07-13 13:11:47.000000000 -0400
@@ -0,0 +1,2 @@
+/usr/share/w3c-markup-validator(/.*)? gen_context(system_u:object_r:httpd_w3c_validator_content_t,s0)
+/usr/share/w3c-markup-validator/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.if serefpolicy-2.6.4/policy/modules/services/w3c.if
--- nsaserefpolicy/policy/modules/services/w3c.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/services/w3c.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/w3c.if 2007-07-13 13:11:47.000000000 -0400
@@ -0,0 +1 @@
+## W3C
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-2.6.4/policy/modules/services/w3c.te
--- nsaserefpolicy/policy/modules/services/w3c.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/services/w3c.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/w3c.te 2007-07-13 13:11:47.000000000 -0400
@@ -0,0 +1,14 @@
+policy_module(w3c,1.2.1)
+
@@ -7482,7 +7472,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.
+miscfiles_read_certs(httpd_w3c_validator_script_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-2.6.4/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/xserver.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/xserver.if 2007-07-13 13:11:47.000000000 -0400
@@ -83,6 +83,8 @@
manage_files_pattern($1_xserver_t,xserver_log_t,xserver_log_t)
logging_log_filetrans($1_xserver_t,xserver_log_t,file)
@@ -7518,7 +7508,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-2.6.4/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2007-05-07 14:50:57.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/services/xserver.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/services/xserver.te 2007-07-13 13:11:47.000000000 -0400
@@ -448,6 +448,10 @@
rhgb_rw_tmpfs_files(xdm_xserver_t)
')
@@ -7532,12 +7522,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
# perhaps define derived types.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.fc serefpolicy-2.6.4/policy/modules/system/application.fc
--- nsaserefpolicy/policy/modules/system/application.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/system/application.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/application.fc 2007-07-13 13:11:47.000000000 -0400
@@ -0,0 +1 @@
+# No application file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.if serefpolicy-2.6.4/policy/modules/system/application.if
--- nsaserefpolicy/policy/modules/system/application.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/system/application.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/application.if 2007-07-13 13:11:47.000000000 -0400
@@ -0,0 +1,104 @@
+## Policy for application domains
+
@@ -7645,7 +7635,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-2.6.4/policy/modules/system/application.te
--- nsaserefpolicy/policy/modules/system/application.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/system/application.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/application.te 2007-07-13 13:11:47.000000000 -0400
@@ -0,0 +1,14 @@
+
+policy_module(application,1.0.0)
@@ -7663,7 +7653,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-2.6.4/policy/modules/system/authlogin.fc
--- nsaserefpolicy/policy/modules/system/authlogin.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/authlogin.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/authlogin.fc 2007-07-13 13:11:47.000000000 -0400
@@ -14,6 +14,7 @@
/sbin/pam_timestamp_check -- gen_context(system_u:object_r:pam_exec_t,s0)
/sbin/unix_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0)
@@ -7674,7 +7664,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-2.6.4/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/authlogin.if 2007-07-11 13:34:31.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/authlogin.if 2007-07-13 13:11:47.000000000 -0400
@@ -27,11 +27,9 @@
domain_type($1_chkpwd_t)
domain_entry_file($1_chkpwd_t,chkpwd_exec_t)
@@ -7961,7 +7951,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-2.6.4/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/authlogin.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/authlogin.te 2007-07-13 13:11:47.000000000 -0400
@@ -9,6 +9,13 @@
attribute can_read_shadow_passwords;
attribute can_write_shadow_passwords;
@@ -8053,13 +8043,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.fc serefpolicy-2.6.4/policy/modules/system/brctl.fc
--- nsaserefpolicy/policy/modules/system/brctl.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/system/brctl.fc 2007-07-10 12:08:30.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/brctl.fc 2007-07-13 13:11:47.000000000 -0400
@@ -0,0 +1,2 @@
+
+/usr/sbin/brctl -- gen_context(system_u:object_r:brctl_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.if serefpolicy-2.6.4/policy/modules/system/brctl.if
--- nsaserefpolicy/policy/modules/system/brctl.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/system/brctl.if 2007-07-10 12:08:30.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/brctl.if 2007-07-13 13:11:47.000000000 -0400
@@ -0,0 +1,24 @@
+
+## policy for brctl
@@ -8087,8 +8077,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.te serefpolicy-2.6.4/policy/modules/system/brctl.te
--- nsaserefpolicy/policy/modules/system/brctl.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/system/brctl.te 2007-07-12 15:50:34.000000000 -0400
-@@ -0,0 +1,41 @@
++++ serefpolicy-2.6.4/policy/modules/system/brctl.te 2007-07-13 13:11:47.000000000 -0400
+@@ -0,0 +1,44 @@
+policy_module(brctl,1.0.0)
+
+########################################
@@ -8106,6 +8096,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.
+# brctl local policy
+#
+
++allow brctl_t self:capability net_admin;
++
+allow brctl_t self:tcp_socket create_socket_perms;
+allow brctl_t self:unix_dgram_socket create_socket_perms;
+
@@ -8114,6 +8106,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.
+
+kernel_load_module(brctl_t)
+kernel_read_network_state(brctl_t)
++kernel_read_sysctl(brctl_t)
+
+## internal communication is often done using fifo and unix sockets.
+allow brctl_t self:fifo_file rw_file_perms;
@@ -8132,7 +8125,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/brctl.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/clock.te serefpolicy-2.6.4/policy/modules/system/clock.te
--- nsaserefpolicy/policy/modules/system/clock.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/clock.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/clock.te 2007-07-13 13:11:47.000000000 -0400
@@ -26,8 +26,6 @@
allow hwclock_t self:process signal_perms;
allow hwclock_t self:fifo_file { getattr read write };
@@ -8158,7 +8151,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/clock.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-2.6.4/policy/modules/system/fstools.fc
--- nsaserefpolicy/policy/modules/system/fstools.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/fstools.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/fstools.fc 2007-07-13 13:11:47.000000000 -0400
@@ -19,7 +19,6 @@
/sbin/mkfs.* -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/mkraid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -8169,7 +8162,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.if serefpolicy-2.6.4/policy/modules/system/fstools.if
--- nsaserefpolicy/policy/modules/system/fstools.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/fstools.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/fstools.if 2007-07-13 13:11:47.000000000 -0400
@@ -124,3 +124,22 @@
allow $1 swapfile_t:file getattr;
@@ -8195,7 +8188,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-2.6.4/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/fstools.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/fstools.te 2007-07-13 13:11:47.000000000 -0400
@@ -9,6 +9,7 @@
type fsadm_t;
type fsadm_exec_t;
@@ -8206,7 +8199,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
type fsadm_log_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.fc serefpolicy-2.6.4/policy/modules/system/fusermount.fc
--- nsaserefpolicy/policy/modules/system/fusermount.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/system/fusermount.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/fusermount.fc 2007-07-13 13:11:47.000000000 -0400
@@ -0,0 +1,6 @@
+# fusermount executable will have:
+# label: system_u:object_r:fusermount_exec_t
@@ -8216,7 +8209,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fuserm
+/usr/bin/fusermount -- gen_context(system_u:object_r:fusermount_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.if serefpolicy-2.6.4/policy/modules/system/fusermount.if
--- nsaserefpolicy/policy/modules/system/fusermount.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/system/fusermount.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/fusermount.if 2007-07-13 13:11:47.000000000 -0400
@@ -0,0 +1,41 @@
+## policy for fusermount
+
@@ -8262,7 +8255,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fuserm
\ No newline at end of file
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fusermount.te serefpolicy-2.6.4/policy/modules/system/fusermount.te
--- nsaserefpolicy/policy/modules/system/fusermount.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-2.6.4/policy/modules/system/fusermount.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/fusermount.te 2007-07-13 13:11:47.000000000 -0400
@@ -0,0 +1,51 @@
+policy_module(fusermount,1.0.0)
+
@@ -8317,7 +8310,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fuserm
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-2.6.4/policy/modules/system/getty.te
--- nsaserefpolicy/policy/modules/system/getty.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/getty.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/getty.te 2007-07-13 13:11:47.000000000 -0400
@@ -33,7 +33,8 @@
#
@@ -8330,7 +8323,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.
allow getty_t self:fifo_file rw_fifo_file_perms;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-2.6.4/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/hostname.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/hostname.te 2007-07-13 13:11:47.000000000 -0400
@@ -8,8 +8,12 @@
type hostname_t;
@@ -8359,7 +8352,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-2.6.4/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/init.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/init.if 2007-07-13 13:11:47.000000000 -0400
@@ -194,11 +194,14 @@
gen_require(`
type initrc_t;
@@ -8438,7 +8431,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-2.6.4/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/init.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/init.te 2007-07-13 13:11:47.000000000 -0400
@@ -10,13 +10,20 @@
# Declarations
#
@@ -8539,7 +8532,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-2.6.4/policy/modules/system/ipsec.if
--- nsaserefpolicy/policy/modules/system/ipsec.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/ipsec.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/ipsec.if 2007-07-13 13:11:47.000000000 -0400
@@ -114,6 +114,26 @@
########################################
@@ -8569,7 +8562,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-2.6.4/policy/modules/system/ipsec.te
--- nsaserefpolicy/policy/modules/system/ipsec.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/ipsec.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/ipsec.te 2007-07-13 13:11:47.000000000 -0400
@@ -289,6 +289,7 @@
allow racoon_t self:netlink_selinux_socket { bind create read };
allow racoon_t self:udp_socket create_socket_perms;
@@ -8580,7 +8573,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
manage_files_pattern(racoon_t,ipsec_var_run_t,ipsec_var_run_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-2.6.4/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/iptables.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/iptables.te 2007-07-13 13:11:47.000000000 -0400
@@ -56,11 +56,13 @@
domain_use_interactive_fds(iptables_t)
@@ -8605,7 +8598,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-2.6.4/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/libraries.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/libraries.fc 2007-07-13 13:11:47.000000000 -0400
@@ -81,8 +81,8 @@
/opt/cisco-vpnclient/lib/libvpnapi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -8654,7 +8647,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
# vmware
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-2.6.4/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/libraries.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/libraries.te 2007-07-13 13:11:47.000000000 -0400
@@ -62,7 +62,8 @@
manage_dirs_pattern(ldconfig_t,ldconfig_tmp_t,ldconfig_tmp_t)
@@ -8684,7 +8677,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-2.6.4/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/locallogin.te 2007-07-11 14:11:45.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/locallogin.te 2007-07-13 13:11:47.000000000 -0400
@@ -48,6 +48,8 @@
allow local_login_t self:msgq create_msgq_perms;
allow local_login_t self:msg { send receive };
@@ -8732,7 +8725,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locall
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-2.6.4/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/logging.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/logging.fc 2007-07-13 13:11:47.000000000 -0400
@@ -43,3 +43,5 @@
/var/spool/postfix/pid -d gen_context(system_u:object_r:var_run_t,s0)
@@ -8741,7 +8734,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+/var/log/syslog-ng(/.*)? -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-2.6.4/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/logging.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/logging.if 2007-07-13 13:11:47.000000000 -0400
@@ -223,6 +223,25 @@
########################################
@@ -8936,7 +8929,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-2.6.4/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/logging.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/logging.te 2007-07-13 13:11:47.000000000 -0400
@@ -7,10 +7,15 @@
#
@@ -9039,7 +9032,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
files_dontaudit_search_isid_type_dirs(syslogd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-2.6.4/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/lvm.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/lvm.fc 2007-07-13 13:11:47.000000000 -0400
@@ -15,6 +15,7 @@
#
/etc/lvm(/.*)? gen_context(system_u:object_r:lvm_etc_t,s0)
@@ -9050,7 +9043,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc
/etc/lvm/lock(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-2.6.4/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/lvm.te 2007-07-10 08:42:52.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/lvm.te 2007-07-13 13:11:47.000000000 -0400
@@ -16,6 +16,7 @@
type lvm_t;
type lvm_exec_t;
@@ -9122,7 +9115,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-2.6.4/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/modutils.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/modutils.te 2007-07-13 13:11:47.000000000 -0400
@@ -43,7 +43,7 @@
# insmod local policy
#
@@ -9186,7 +9179,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-2.6.4/policy/modules/system/mount.fc
--- nsaserefpolicy/policy/modules/system/mount.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/mount.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/mount.fc 2007-07-13 13:11:47.000000000 -0400
@@ -1,4 +1,3 @@
/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
@@ -9195,7 +9188,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+/sbin/mount.ntfs-3g -- gen_context(system_u:object_r:mount_ntfs_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-2.6.4/policy/modules/system/mount.if
--- nsaserefpolicy/policy/modules/system/mount.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/mount.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/mount.if 2007-07-13 13:11:47.000000000 -0400
@@ -143,3 +143,40 @@
mount_domtrans($1)
')
@@ -9239,7 +9232,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-2.6.4/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/mount.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/mount.te 2007-07-13 13:11:47.000000000 -0400
@@ -9,6 +9,13 @@
ifdef(`targeted_policy',`
##
@@ -9373,7 +9366,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlabel.te serefpolicy-2.6.4/policy/modules/system/netlabel.te
--- nsaserefpolicy/policy/modules/system/netlabel.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/netlabel.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/netlabel.te 2007-07-13 13:11:47.000000000 -0400
@@ -20,6 +20,10 @@
allow netlabel_mgmt_t self:capability net_admin;
allow netlabel_mgmt_t self:netlink_socket create_socket_perms;
@@ -9387,7 +9380,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlab
libs_use_ld_so(netlabel_mgmt_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-2.6.4/policy/modules/system/raid.te
--- nsaserefpolicy/policy/modules/system/raid.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/raid.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/raid.te 2007-07-13 13:11:47.000000000 -0400
@@ -19,7 +19,7 @@
# Local policy
#
@@ -9407,7 +9400,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-2.6.4/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/selinuxutil.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/selinuxutil.fc 2007-07-13 13:11:47.000000000 -0400
@@ -40,6 +40,7 @@
/usr/sbin/setfiles.* -- gen_context(system_u:object_r:setfiles_exec_t,s0)
/usr/sbin/setsebool -- gen_context(system_u:object_r:semanage_exec_t,s0)
@@ -9418,7 +9411,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-2.6.4/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/selinuxutil.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/selinuxutil.if 2007-07-13 13:11:47.000000000 -0400
@@ -445,6 +445,7 @@
role $2 types run_init_t;
allow run_init_t $3:chr_file rw_term_perms;
@@ -9455,7 +9448,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-2.6.4/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/selinuxutil.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/selinuxutil.te 2007-07-13 13:11:47.000000000 -0400
@@ -1,10 +1,8 @@
policy_module(selinuxutil,1.5.0)
@@ -9689,7 +9682,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-2.6.4/policy/modules/system/sysnetwork.if
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/sysnetwork.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/sysnetwork.if 2007-07-13 13:11:47.000000000 -0400
@@ -520,6 +520,9 @@
files_search_etc($1)
@@ -9702,7 +9695,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-2.6.4/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/sysnetwork.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/sysnetwork.te 2007-07-13 13:11:47.000000000 -0400
@@ -164,6 +164,10 @@
dbus_connect_system_bus(dhcpc_t)
dbus_send_system_bus(dhcpc_t)
@@ -9732,7 +9725,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-2.6.4/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/udev.te 2007-07-10 12:09:06.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/udev.te 2007-07-13 13:11:47.000000000 -0400
@@ -18,11 +18,6 @@
type udev_etc_t alias etc_udev_t;
files_config_file(udev_etc_t)
@@ -9852,7 +9845,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-2.6.4/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/unconfined.fc 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/unconfined.fc 2007-07-13 13:11:47.000000000 -0400
@@ -10,4 +10,5 @@
/usr/bin/valgrind -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/local/RealPlayer/realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
@@ -9861,7 +9854,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-2.6.4/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/unconfined.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/unconfined.if 2007-07-13 13:11:47.000000000 -0400
@@ -18,7 +18,7 @@
')
@@ -9947,7 +9940,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-2.6.4/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/unconfined.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/unconfined.te 2007-07-13 13:11:47.000000000 -0400
@@ -6,6 +6,15 @@
# Declarations
#
@@ -10032,7 +10025,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
init_dbus_chat_script(unconfined_execmem_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-2.6.4/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/userdomain.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/userdomain.if 2007-07-13 13:11:47.000000000 -0400
@@ -114,6 +114,22 @@
# Allow making the stack executable via mprotect.
allow $1_t self:process execstack;
@@ -10584,7 +10577,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-2.6.4/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/userdomain.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/userdomain.te 2007-07-13 13:11:47.000000000 -0400
@@ -15,7 +15,6 @@
# Declarations
#
@@ -10782,7 +10775,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-2.6.4/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2007-05-07 14:51:01.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/xen.if 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/xen.if 2007-07-13 13:11:47.000000000 -0400
@@ -72,12 +72,34 @@
')
@@ -10846,7 +10839,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-2.6.4/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2007-05-07 14:51:02.000000000 -0400
-+++ serefpolicy-2.6.4/policy/modules/system/xen.te 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/modules/system/xen.te 2007-07-13 13:11:47.000000000 -0400
@@ -25,6 +25,10 @@
domain_type(xend_t)
init_daemon_domain(xend_t, xend_exec_t)
@@ -10982,7 +10975,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns.spt serefpolicy-2.6.4/policy/support/misc_patterns.spt
--- nsaserefpolicy/policy/support/misc_patterns.spt 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/support/misc_patterns.spt 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/support/misc_patterns.spt 2007-07-13 13:11:47.000000000 -0400
@@ -41,11 +41,6 @@
#
# Other process permissions
@@ -10997,7 +10990,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/misc_patterns
allow $1 $2:{ file lnk_file } { read getattr };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-2.6.4/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/policy/support/obj_perm_sets.spt 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/policy/support/obj_perm_sets.spt 2007-07-13 13:11:47.000000000 -0400
@@ -203,7 +203,6 @@
define(`add_entry_dir_perms',`{ getattr search lock ioctl write add_name }')
define(`del_entry_dir_perms',`{ getattr search lock ioctl write remove_name }')
@@ -11031,7 +11024,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-2.6.4/Rules.modular
--- nsaserefpolicy/Rules.modular 2007-05-07 14:51:05.000000000 -0400
-+++ serefpolicy-2.6.4/Rules.modular 2007-07-06 10:36:14.000000000 -0400
++++ serefpolicy-2.6.4/Rules.modular 2007-07-13 13:11:47.000000000 -0400
@@ -167,7 +167,7 @@
# these have to run individually because order matters:
$(verbose) $(GREP) '^sid ' $(tmpdir)/all_te_files.conf >> $(tmpdir)/all_post.conf || true