diff --git a/policy-F13.patch b/policy-F13.patch
index eebfdc4..646da3f 100644
--- a/policy-F13.patch
+++ b/policy-F13.patch
@@ -3181,8 +3181,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.i
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.te serefpolicy-3.7.19/policy/modules/apps/chrome.te
--- nsaserefpolicy/policy/modules/apps/chrome.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.7.19/policy/modules/apps/chrome.te 2010-10-18 14:45:28.963650461 +0200
-@@ -0,0 +1,90 @@
++++ serefpolicy-3.7.19/policy/modules/apps/chrome.te 2010-12-06 17:06:13.870042468 +0100
+@@ -0,0 +1,91 @@
+policy_module(chrome,1.0.0)
+
+########################################
@@ -3208,6 +3208,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/chrome.t
+#
+allow chrome_sandbox_t self:capability { chown dac_override fsetid setgid setuid sys_admin sys_chroot sys_ptrace };
+allow chrome_sandbox_t self:process { signal_perms setrlimit execmem execstack };
++allow chrome_sandbox_t self:process setsched;
+allow chrome_sandbox_t self:fifo_file manage_file_perms;
+allow chrome_sandbox_t self:unix_stream_socket create_stream_socket_perms;
+allow chrome_sandbox_t self:unix_dgram_socket { create_socket_perms sendto };
@@ -25958,7 +25959,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.7.19/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/mta.te 2010-10-13 08:30:08.233650680 +0200
++++ serefpolicy-3.7.19/policy/modules/services/mta.te 2010-12-03 10:28:21.175042789 +0100
@@ -21,8 +21,8 @@
type etc_mail_t;
files_config_file(etc_mail_t)
@@ -26051,7 +26052,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
')
optional_policy(`
-@@ -142,6 +153,10 @@
+@@ -142,7 +153,12 @@
')
optional_policy(`
@@ -26060,9 +26061,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
+
+optional_policy(`
nagios_read_tmp_files(system_mail_t)
++ nagios_dontaudit_rw_log(system_mail_t)
')
-@@ -154,18 +169,6 @@
+ optional_policy(`
+@@ -154,18 +170,6 @@
files_etc_filetrans(system_mail_t, etc_aliases_t, { file lnk_file sock_file fifo_file })
domain_use_interactive_fds(system_mail_t)
@@ -26081,7 +26084,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
')
optional_policy(`
-@@ -185,6 +188,10 @@
+@@ -185,6 +189,10 @@
')
optional_policy(`
@@ -26092,7 +26095,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
smartmon_read_tmp_files(system_mail_t)
')
-@@ -216,7 +223,8 @@
+@@ -216,7 +224,8 @@
create_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
read_lnk_files_pattern(mailserver_delivery, mail_spool_t, mail_spool_t)
@@ -26102,7 +26105,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
read_files_pattern(mailserver_delivery, system_mail_tmp_t, system_mail_tmp_t)
-@@ -245,6 +253,10 @@
+@@ -245,6 +254,10 @@
mailman_read_data_symlinks(mailserver_delivery)
')
@@ -26113,7 +26116,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
########################################
#
# User send mail local policy
-@@ -288,3 +300,33 @@
+@@ -288,3 +301,33 @@
postfix_read_config(user_mail_t)
postfix_list_spool(user_mail_t)
')
@@ -26692,7 +26695,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
+/usr/lib(64)?/nagios/plugins/check_by_ssh -- gen_context(system_u:object_r:nagios_unconfined_plugin_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.7.19/policy/modules/services/nagios.if
--- nsaserefpolicy/policy/modules/services/nagios.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/nagios.if 2010-11-15 15:07:11.971147348 +0100
++++ serefpolicy-3.7.19/policy/modules/services/nagios.if 2010-12-03 10:05:34.581045938 +0100
@@ -64,8 +64,8 @@
########################################
@@ -26721,7 +26724,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
')
########################################
-@@ -99,3 +100,157 @@
+@@ -99,3 +100,158 @@
domtrans_pattern($1, nrpe_exec_t, nrpe_t)
')
@@ -26816,6 +26819,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
+
+ # needed by command.cfg
+ domtrans_pattern(nagios_t, nagios_$1_plugin_exec_t, nagios_$1_plugin_t)
++ allow nagios_t nagios_$1_plugin_exec_t:file ioctl;
+
+ allow nagios_t nagios_$1_plugin_t:process signal_perms;
+
@@ -26881,7 +26885,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.7.19/policy/modules/services/nagios.te
--- nsaserefpolicy/policy/modules/services/nagios.te 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/services/nagios.te 2010-11-11 16:15:32.446172203 +0100
++++ serefpolicy-3.7.19/policy/modules/services/nagios.te 2010-12-03 10:08:04.831042328 +0100
@@ -10,13 +10,12 @@
type nagios_exec_t;
init_daemon_domain(nagios_t, nagios_exec_t)
@@ -27131,7 +27135,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
seutil_sigchld_newrole(nrpe_t)
')
-@@ -209,3 +266,145 @@
+@@ -209,3 +266,148 @@
optional_policy(`
udev_read_db(nrpe_t)
')
@@ -27205,6 +27209,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
+# needed by ioctl()
+allow nagios_checkdisk_plugin_t self:capability { sys_admin sys_rawio };
+
++kernel_read_software_raid_state(nagios_checkdisk_plugin_t)
++
++files_read_etc_runtime_files(nagios_checkdisk_plugin_t)
+files_read_etc_runtime_files(nagios_checkdisk_plugin_t)
+
+fs_getattr_all_fs(nagios_checkdisk_plugin_t)
@@ -39536,7 +39543,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
/var/run/sepermit(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.7.19/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2010-04-13 20:44:37.000000000 +0200
-+++ serefpolicy-3.7.19/policy/modules/system/authlogin.if 2010-11-02 16:59:22.380650718 +0100
++++ serefpolicy-3.7.19/policy/modules/system/authlogin.if 2010-12-06 18:48:03.147042522 +0100
@@ -41,7 +41,6 @@
##
#
@@ -39616,11 +39623,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
tunable_policy(`allow_polyinstantiation',`
files_polyinstantiate_all($1)
')
-@@ -365,13 +407,15 @@
+@@ -365,13 +407,21 @@
')
optional_policy(`
- pcscd_read_pub_files($1)
++ openct_stream_connect($1)
++ openct_signull($1)
++ openct_read_pid_files($1)
++ ')
++
++ optional_policy(`
+ pcscd_manage_pub_files($1)
+ pcscd_manage_pub_pipes($1)
pcscd_stream_connect($1)
@@ -39633,7 +39646,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
')
########################################
-@@ -418,6 +462,7 @@
+@@ -418,6 +468,7 @@
auth_domtrans_chk_passwd($1)
role $2 types chkpwd_t;
@@ -39641,7 +39654,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
')
########################################
-@@ -694,7 +739,7 @@
+@@ -694,7 +745,7 @@
')
files_search_etc($1)
@@ -39650,7 +39663,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
typeattribute $1 can_relabelto_shadow_passwords;
')
-@@ -1500,6 +1545,8 @@
+@@ -1500,6 +1551,8 @@
#
interface(`auth_use_nsswitch',`
@@ -39659,7 +39672,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
files_list_var_lib($1)
# read /etc/nsswitch.conf
-@@ -1531,7 +1578,15 @@
+@@ -1531,7 +1584,15 @@
')
optional_policy(`
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 75f2e63..a3ec752 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.7.19
-Release: 74%{?dist}
+Release: 75%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -470,6 +470,10 @@ exit 0
%endif
%changelog
+* Wed Dec 6 2010 Miroslav Grepl 3.7.19-75
+- nagios needs to to read the state information for software raid
+- Add addtional support for OpenCT from Dominic
+
* Wed Dec 1 2010 Miroslav Grepl 3.7.19-74
- Fix dirsrv.te to talk to rpcbind
- certmonger needs to manage dirsrv data