diff --git a/policy-20080710.patch b/policy-20080710.patch
index f45f40d..59081c2 100644
--- a/policy-20080710.patch
+++ b/policy-20080710.patch
@@ -1538,6 +1538,59 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xserver_exec_pid(vbetool_t)
+ xserver_write_pid(vbetool_t)
+')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.5.12/policy/modules/admin/vpn.if
+--- nsaserefpolicy/policy/modules/admin/vpn.if 2008-10-08 19:00:27.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/admin/vpn.if 2008-10-16 14:46:43.000000000 -0400
+@@ -53,6 +53,24 @@
+
+ ########################################
+ ##
++## Send sigkill to VPN clients.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`vpn_sigkill',`
++ gen_require(`
++ type vpnc_t;
++ ')
++
++ allow $1 vpnc_t:process sigkill;
++')
++
++########################################
++##
+ ## Send generic signals to VPN clients.
+ ##
+ ##
+@@ -71,6 +89,24 @@
+
+ ########################################
+ ##
++## Send signull to VPN clients.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`vpn_signull',`
++ gen_require(`
++ type vpnc_t;
++ ')
++
++ allow $1 vpnc_t:process signull;
++')
++
++########################################
++##
+ ## Send and receive messages from
+ ## Vpnc over dbus.
+ ##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.fc serefpolicy-3.5.12/policy/modules/apps/ethereal.fc
--- nsaserefpolicy/policy/modules/apps/ethereal.fc 2008-08-07 11:15:03.000000000 -0400
+++ serefpolicy-3.5.12/policy/modules/apps/ethereal.fc 2008-10-14 15:00:15.000000000 -0400
@@ -8034,6 +8087,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
neverallow ~{ selinux_unconfined_type can_load_policy } security_t:security load_policy;
neverallow ~{ selinux_unconfined_type can_setenforce } security_t:security setenforce;
neverallow ~{ selinux_unconfined_type can_setsecparam } security_t:security setsecparam;
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.5.12/policy/modules/kernel/storage.fc
+--- nsaserefpolicy/policy/modules/kernel/storage.fc 2008-10-08 19:00:23.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/kernel/storage.fc 2008-10-16 14:21:31.000000000 -0400
+@@ -36,7 +36,7 @@
+ /dev/pg[0-3] -c gen_context(system_u:object_r:removable_device_t,s0)
+ /dev/ps3d.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+ /dev/ram.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+-/dev/rawctl -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
++/dev/(raw/)?rawctl -c gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+ /dev/rd.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
+ ifdef(`distro_redhat', `
+ /dev/root -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.5.12/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2008-08-07 11:15:01.000000000 -0400
+++ serefpolicy-3.5.12/policy/modules/kernel/terminal.if 2008-10-14 15:00:15.000000000 -0400
@@ -11245,8 +11310,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/usr/lib/avahi-autoipd(/.*) gen_context(system_u:object_r:avahi_var_lib_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.5.12/policy/modules/services/avahi.if
--- nsaserefpolicy/policy/modules/services/avahi.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/avahi.if 2008-10-14 15:00:15.000000000 -0400
-@@ -2,6 +2,84 @@
++++ serefpolicy-3.5.12/policy/modules/services/avahi.if 2008-10-16 14:48:40.000000000 -0400
+@@ -2,6 +2,103 @@
########################################
##
@@ -11290,6 +11355,25 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+########################################
+##
++## Send avahi a sigkill
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++#
++interface(`avahi_sigkill',`
++ gen_require(`
++ type avahi_t;
++ ')
++
++ allow $1 avahi_t:process sigkill;
++')
++
++########################################
++##
+## Send avahi a signal
+##
+##
@@ -11309,21 +11393,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+########################################
+##
-+## Send avahi a sigkill
++## Send avahi a signull
+##
+##
+##
-+## Domain allowed access.
++## The type of the process performing this action.
+##
+##
+#
+#
-+interface(`avahi_sigkill',`
++interface(`avahi_signull',`
+ gen_require(`
+ type avahi_t;
+ ')
+
-+ allow $1 avahi_t:process sigkill;
++ allow $1 avahi_t:process signull;
+')
+
+########################################
@@ -11331,7 +11415,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Send and receive messages from
## avahi over dbus.
##
-@@ -57,3 +135,38 @@
+@@ -57,3 +154,38 @@
dontaudit $1 avahi_var_run_t:dir search_dir_perms;
')
@@ -11433,8 +11517,51 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.5.12/policy/modules/services/bind.if
--- nsaserefpolicy/policy/modules/services/bind.if 2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/bind.if 2008-10-14 15:00:15.000000000 -0400
-@@ -257,6 +257,25 @@
++++ serefpolicy-3.5.12/policy/modules/services/bind.if 2008-10-16 14:45:01.000000000 -0400
+@@ -38,6 +38,42 @@
+
+ ########################################
+ ##
++## Send signulls to BIND.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`bind_signull',`
++ gen_require(`
++ type named_t;
++ ')
++
++ allow $1 named_t:process signull;
++')
++
++########################################
++##
++## Send sigkills to BIND.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`bind_sigkill',`
++ gen_require(`
++ type named_t;
++ ')
++
++ allow $1 named_t:process sigkill;
++')
++
++########################################
++##
+ ## Execute ndc in the ndc domain, and
+ ## allow the specified role the ndc domain.
+ ##
+@@ -257,6 +293,25 @@
########################################
##
@@ -11460,7 +11587,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## All of the rules required to administrate
## an bind environment
##
-@@ -267,19 +286,18 @@
+@@ -267,19 +322,18 @@
##
##
##
@@ -11486,7 +11613,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
allow $1 named_t:process { ptrace signal_perms };
-@@ -289,4 +307,28 @@
+@@ -289,4 +343,28 @@
ps_process_pattern($1, ndc_t)
bind_run_ndc($1, $2, $3)
@@ -14149,8 +14276,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.5.12/policy/modules/services/dnsmasq.if
--- nsaserefpolicy/policy/modules/services/dnsmasq.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/dnsmasq.if 2008-10-14 15:00:15.000000000 -0400
-@@ -1 +1,117 @@
++++ serefpolicy-3.5.12/policy/modules/services/dnsmasq.if 2008-10-16 14:44:18.000000000 -0400
+@@ -1 +1,137 @@
## dnsmasq DNS forwarder and DHCP server
+
+########################################
@@ -14212,6 +14339,26 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 dnsmasq_t:process signal;
+')
+
++
++########################################
++##
++## Send dnsmasq a signull
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++#
++interface(`dnsmasq_signull',`
++ gen_require(`
++ type dnsmasq_t;
++ ')
++
++ allow $1 dnsmasq_t:process signull;
++')
++
+########################################
+##
+## Send dnsmasq a sigkill
@@ -16465,7 +16612,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.5.12/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/networkmanager.te 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/networkmanager.te 2008-10-16 14:35:40.000000000 -0400
@@ -33,9 +33,9 @@
# networkmanager will ptrace itself if gdb is installed
@@ -16525,7 +16672,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
libs_use_ld_so(NetworkManager_t)
libs_use_shared_libs(NetworkManager_t)
-@@ -119,23 +128,33 @@
+@@ -119,27 +128,40 @@
seutil_read_config(NetworkManager_t)
@@ -16558,14 +16705,21 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+optional_policy(`
+ avahi_domtrans(NetworkManager_t)
-+ avahi_signal(NetworkManager_t)
+ avahi_sigkill(NetworkManager_t)
++ avahi_signal(NetworkManager_t)
++ avahi_signull(NetworkManager_t)
+')
+
optional_policy(`
bind_domtrans(NetworkManager_t)
bind_manage_cache(NetworkManager_t)
-@@ -151,8 +170,17 @@
+ bind_signal(NetworkManager_t)
++ bind_signull(NetworkManager_t)
++ bind_sigkill(NetworkManager_t)
+ ')
+
+ optional_policy(`
+@@ -151,8 +173,18 @@
')
optional_policy(`
@@ -16578,6 +16732,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ dnsmasq_initrc_domtrans(NetworkManager_t)
+ dnsmasq_signal(NetworkManager_t)
+ dnsmasq_sigkill(NetworkManager_t)
++ dnsmasq_signull(NetworkManager_t)
+')
+
+optional_policy(`
@@ -16585,7 +16740,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -160,12 +188,18 @@
+@@ -160,23 +192,48 @@
')
optional_policy(`
@@ -16597,6 +16752,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- nscd_socket_use(NetworkManager_t)
+ nscd_domtrans(NetworkManager_t)
nscd_signal(NetworkManager_t)
++ nscd_signull(NetworkManager_t)
++ nscd_sigkill(NetworkManager_t)
+ nscd_initrc_domtrans(NetworkManager_t)
+')
+
@@ -16606,15 +16763,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -174,9 +208,24 @@
- ')
-
- optional_policy(`
-+ polkit_domtrans_auth(NetworkManager_t)
-+ polkit_read_lib(NetworkManager_t)
+ openvpn_domtrans(NetworkManager_t)
+ openvpn_signal(NetworkManager_t)
++ openvpn_signull(NetworkManager_t)
++ openvpn_sigkill(NetworkManager_t)
+')
+
+optional_policy(`
++ polkit_domtrans_auth(NetworkManager_t)
++ polkit_read_lib(NetworkManager_t)
+ ')
+
+ optional_policy(`
+ ppp_initrc_domtrans(NetworkManager_t)
ppp_domtrans(NetworkManager_t)
ppp_read_pid_files(NetworkManager_t)
@@ -16631,35 +16791,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-@@ -221,3 +270,28 @@
- miscfiles_read_localization(wpa_cli_t)
+@@ -194,7 +251,9 @@
- term_dontaudit_use_console(wpa_cli_t)
-+
-+########################################
-+#
-+# wpa_cli local policy
-+#
-+allow wpa_cli_t self:capability dac_override;
-+allow wpa_cli_t self:unix_dgram_socket create_socket_perms;
-+
-+allow wpa_cli_t NetworkManager_t:unix_dgram_socket sendto;
-+
-+manage_sock_files_pattern(wpa_cli_t, NetworkManager_tmp_t, NetworkManager_tmp_t)
-+files_tmp_filetrans(wpa_cli_t, NetworkManager_tmp_t, sock_file)
-+
-+list_dirs_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
-+rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_run_t)
-+
-+init_dontaudit_use_fds(wpa_cli_t)
-+init_use_script_ptys(wpa_cli_t)
-+
-+libs_use_ld_so(wpa_cli_t)
-+libs_use_shared_libs(wpa_cli_t)
-+
-+miscfiles_read_localization(wpa_cli_t)
-+
-+term_dontaudit_use_console(wpa_cli_t)
+ optional_policy(`
+ vpn_domtrans(NetworkManager_t)
++ vpn_sigkill(NetworkManager_t)
+ vpn_signal(NetworkManager_t)
++ vpn_signull(NetworkManager_t)
+ ')
+
+ ########################################
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.5.12/policy/modules/services/nis.fc
--- nsaserefpolicy/policy/modules/services/nis.fc 2008-08-07 11:15:11.000000000 -0400
+++ serefpolicy-3.5.12/policy/modules/services/nis.fc 2008-10-14 15:00:15.000000000 -0400
@@ -16891,8 +17032,51 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.5.12/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/nscd.if 2008-10-14 15:00:15.000000000 -0400
-@@ -70,15 +70,14 @@
++++ serefpolicy-3.5.12/policy/modules/services/nscd.if 2008-10-16 14:11:03.000000000 -0400
+@@ -20,6 +20,42 @@
+
+ ########################################
+ ##
++## Send signulls to NSCD.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`nscd_signull',`
++ gen_require(`
++ type nscd_t;
++ ')
++
++ allow $1 nscd_t:process signull;
++')
++
++########################################
++##
++## Send sigkills to NSCD.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`nscd_sigkill',`
++ gen_require(`
++ type nscd_t;
++ ')
++
++ allow $1 nscd_t:process sigkill;
++')
++
++########################################
++##
+ ## Execute NSCD in the nscd domain.
+ ##
+ ##
+@@ -70,15 +106,14 @@
interface(`nscd_socket_use',`
gen_require(`
type nscd_t, nscd_var_run_t;
@@ -16910,7 +17094,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
files_search_pids($1)
stream_connect_pattern($1, nscd_var_run_t, nscd_var_run_t, nscd_t)
dontaudit $1 nscd_var_run_t:file { getattr read };
-@@ -204,3 +203,60 @@
+@@ -204,3 +239,60 @@
role $2 types nscd_t;
dontaudit nscd_t $3:chr_file rw_term_perms;
')
@@ -17236,6 +17420,59 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Add/remove user home directories
unprivuser_home_filetrans_home_dir(oddjob_mkhomedir_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-3.5.12/policy/modules/services/openvpn.if
+--- nsaserefpolicy/policy/modules/services/openvpn.if 2008-10-08 19:00:27.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/openvpn.if 2008-10-16 14:45:47.000000000 -0400
+@@ -52,6 +52,24 @@
+
+ ########################################
+ ##
++## Send sigkills to OPENVPN clients.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`openvpn_sigkill',`
++ gen_require(`
++ type openvpn_t;
++ ')
++
++ allow $1 openvpn_t:process sigkill;
++')
++
++########################################
++##
+ ## Send generic signals to OPENVPN clients.
+ ##
+ ##
+@@ -70,6 +88,24 @@
+
+ ########################################
+ ##
++## Send signulls to OPENVPN clients.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`openvpn_signull',`
++ gen_require(`
++ type openvpn_t;
++ ')
++
++ allow $1 openvpn_t:process signull;
++')
++
++########################################
++##
+ ## Allow the specified domain to read
+ ## OpenVPN configuration files.
+ ##
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.5.12/policy/modules/services/openvpn.te
--- nsaserefpolicy/policy/modules/services/openvpn.te 2008-10-14 11:58:09.000000000 -0400
+++ serefpolicy-3.5.12/policy/modules/services/openvpn.te 2008-10-14 15:00:15.000000000 -0400
@@ -21046,7 +21283,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.5.12/policy/modules/services/sendmail.if
--- nsaserefpolicy/policy/modules/services/sendmail.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/services/sendmail.if 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/services/sendmail.if 2008-10-16 13:51:54.000000000 -0400
+@@ -89,7 +89,7 @@
+ type sendmail_t;
+ ')
+
+- allow $1 sendmail_t:unix_stream_socket { read write };
++ allow $1 sendmail_t:unix_stream_socket { getattr read write };
+ ')
+
+ ########################################
@@ -149,3 +149,104 @@
logging_log_filetrans($1, sendmail_log_t, file)
@@ -27088,7 +27334,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/etc/share/selinux/mls(/.*)? gen_context(system_u:object_r:semanage_store_t,s0)
diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.5.12/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2008-10-10 15:53:03.000000000 -0400
-+++ serefpolicy-3.5.12/policy/modules/system/selinuxutil.if 2008-10-14 15:00:15.000000000 -0400
++++ serefpolicy-3.5.12/policy/modules/system/selinuxutil.if 2008-10-16 13:47:47.000000000 -0400
@@ -555,6 +555,59 @@
########################################
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 0123514..060595d 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -91,9 +91,6 @@ make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%
make UNK_PERMS=%5 NAME=%1 TYPE=%2 DISTRO=%{distro} DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} POLY=%4 MLS_CATS=1024 MCS_CATS=1024 conf \
cp -f $RPM_SOURCE_DIR/modules-%1.conf ./policy/modules.conf \
cp -f $RPM_SOURCE_DIR/booleans-%1.conf ./policy/booleans.conf \
-# Always create policy module package directories
-mkdir -p %{buildroot}%{_usr}/share/selinux/%1
-ln -s %{_usr}/share/selinux/devel/include %{buildroot}%{_usr}/share/selinux/%1/include
%define moduleList() %([ -f %{_sourcedir}/modules-%{1}.conf ] && \
awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "-i %%s.pp ", $1 }' %{_sourcedir}/modules-%{1}.conf )
@@ -127,7 +124,6 @@ bzip2 %{buildroot}/%{_usr}/share/selinux/%1/*.pp
%defattr(-,root,root) \
%dir %{_usr}/share/selinux/%1 \
%{_usr}/share/selinux/%1/*.pp.bz2 \
-%{_usr}/share/selinux/%1/include \
%dir %{_sysconfdir}/selinux/%1 \
%config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
%ghost %{_sysconfdir}/selinux/%1/seusers \
@@ -217,6 +213,9 @@ mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
touch %{buildroot}%{_sysconfdir}/selinux/config
touch %{buildroot}%{_sysconfdir}/sysconfig/selinux
+# Always create policy module package directories
+mkdir -p %{buildroot}%{_usr}/share/selinux/{targeted,mls}/
+
# Install devel
make clean
%if %{BUILD_TARGETED}
@@ -312,6 +311,7 @@ Obsoletes: selinux-policy-targeted-sources < 2
Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
Requires(pre): coreutils
Requires(pre): selinux-policy = %{version}-%{release}
+Conflicts: audispd-plugins <= 1.7.7-1
%description targeted
SELinux Reference policy targeted base module.