trunk: 3 patches from dan.

policy/modules/system/iscsi.te

@@ -1,5 +1,5 @@
 
-policy_module(iscsi, 1.5.2)
+policy_module(iscsi, 1.5.3)
 
 ########################################
 #
@@ -28,7 +28,7 @@ files_pid_file(iscsi_var_run_t)
 # iscsid local policy
 #
 
-allow iscsid_t self:capability { dac_override ipc_lock net_admin sys_nice sys_resource };
+allow iscsid_t self:capability { dac_override ipc_lock net_admin net_raw sys_admin sys_nice sys_resource };
 allow iscsid_t self:process { setrlimit setsched signal };
 allow iscsid_t self:fifo_file rw_fifo_file_perms;
 allow iscsid_t self:unix_stream_socket { create_stream_socket_perms connectto };
@@ -39,8 +39,8 @@ allow iscsid_t self:netlink_socket create_socket_perms;
 allow iscsid_t self:netlink_route_socket rw_netlink_socket_perms;
 allow iscsid_t self:tcp_socket create_stream_socket_perms;
 
-allow iscsid_t iscsi_lock_t:file manage_file_perms;
-files_lock_filetrans(iscsid_t,iscsi_lock_t,file)
+manage_files_pattern(iscsid_t, iscsi_lock_t, iscsi_lock_t)
+files_lock_filetrans(iscsid_t, iscsi_lock_t, file)
 
 allow iscsid_t iscsi_tmp_t:dir manage_dir_perms;
 allow iscsid_t iscsi_tmp_t:file manage_file_perms;

policy/modules/system/miscfiles.fc

@@ -35,6 +35,7 @@ ifdef(`distro_redhat',`
 /usr/lib(64)?/perl5/man(/.*)?	gen_context(system_u:object_r:man_t,s0)
 
 /usr/local/man(/.*)?		gen_context(system_u:object_r:man_t,s0)
+/usr/local/share/man(/.*)?	gen_context(system_u:object_r:man_t,s0)
 
 /usr/local/share/fonts(/.*)?	gen_context(system_u:object_r:fonts_t,s0)
 

policy/modules/system/miscfiles.if

@@ -21,6 +21,45 @@ interface(`miscfiles_read_certs',`
 	read_lnk_files_pattern($1,cert_t,cert_t)
 ')
 
+########################################
+## <summary>
+##	manange system SSL certificates.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`miscfiles_manage_cert_dirs',`
+	gen_require(`
+		type cert_t;
+	')
+
+	manage_dirs_pattern($1, cert_t, cert_t)
+')
+
+########################################
+## <summary>
+##	manange system SSL certificates.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`miscfiles_manage_cert_files',`
+	gen_require(`
+		type cert_t;
+	')
+
+	manage_files_pattern($1, cert_t, cert_t)
+	read_lnk_files_pattern($1, cert_t, cert_t)
+')
+
 ########################################
 ## <summary>
 ##	Read fonts.
@@ -62,7 +101,7 @@ interface(`miscfiles_dontaudit_write_fonts',`
 		type fonts_t;
 	')
 
-	dontaudit $1 fonts_t:dir write;
+	dontaudit $1 fonts_t:dir { write setattr };
 	dontaudit $1 fonts_t:file write;
 ')
 

policy/modules/system/miscfiles.te

@@ -1,5 +1,5 @@
 
-policy_module(miscfiles, 1.6.0)
+policy_module(miscfiles, 1.6.1)
 
 ########################################
 #

policy/modules/system/raid.te

@@ -1,5 +1,5 @@
 
-policy_module(raid, 1.8.0)
+policy_module(raid, 1.8.1)
 
 ########################################
 #
@@ -39,6 +39,7 @@ dev_dontaudit_getattr_all_chr_files(mdadm_t)
 dev_dontaudit_getattr_generic_files(mdadm_t)
 dev_dontaudit_getattr_generic_chr_files(mdadm_t)
 dev_dontaudit_getattr_generic_blk_files(mdadm_t)
+dev_read_realtime_clock(mdadm_t)
 
 fs_search_auto_mountpoints(mdadm_t)
 fs_dontaudit_list_tmpfs(mdadm_t)