- Allow execution of gconf

.cvsignore

@@ -120,3 +120,4 @@ serefpolicy-2.6.4.tgz
 serefpolicy-2.6.5.tgz
 serefpolicy-3.0.1.tgz
 serefpolicy-3.0.2.tgz
+serefpolicy-3.0.3.tgz

policy-20070703.patch

@@ -5536,16 +5536,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.0.3/policy/modules/services/ntp.te
 --- nsaserefpolicy/policy/modules/services/ntp.te	2007-07-03 07:06:27.000000000 -0400
-+++ serefpolicy-3.0.3/policy/modules/services/ntp.te	2007-07-19 09:24:25.000000000 -0400
++++ serefpolicy-3.0.3/policy/modules/services/ntp.te	2007-07-19 10:44:14.000000000 -0400
-@@ -40,6 +40,7 @@
+@@ -36,6 +36,7 @@
+ dontaudit ntpd_t self:capability { net_admin sys_tty_config fsetid sys_nice };
+ allow ntpd_t self:process { signal_perms setcap setsched setrlimit };
+ allow ntpd_t self:fifo_file { read write getattr };
++allow ntpd_t self:shm create_shm_perms;
+ allow ntpd_t self:unix_dgram_socket create_socket_perms;
  allow ntpd_t self:unix_stream_socket create_socket_perms;
  allow ntpd_t self:tcp_socket create_stream_socket_perms;
- allow ntpd_t self:udp_socket create_socket_perms;
+@@ -82,6 +83,8 @@
-+allow ntpd_t self:shm create_shm_perms;
  
- manage_files_pattern(ntpd_t,ntp_drift_t,ntp_drift_t)
+ fs_getattr_all_fs(ntpd_t)
+ fs_search_auto_mountpoints(ntpd_t)
++# Necessary to communicate with gpsd devices
++fs_rw_tmpfs_files(ntpd_t)
  
-@@ -107,6 +108,8 @@
+ auth_use_nsswitch(ntpd_t)
+ 
+@@ -107,6 +110,8 @@
  
  sysnet_read_config(ntpd_t)
  
@@ -5554,7 +5563,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
  userdom_dontaudit_use_unpriv_user_fds(ntpd_t)
  userdom_list_sysadm_home_dirs(ntpd_t)
  userdom_dontaudit_list_sysadm_home_dirs(ntpd_t)
-@@ -126,6 +129,10 @@
+@@ -126,9 +131,14 @@
  ')
  
  optional_policy(`
@@ -5565,6 +5574,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
  	seutil_sigchld_newrole(ntpd_t)
  ')
  
+ optional_policy(`
+ 	udev_read_db(ntpd_t)
+ ')
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-3.0.3/policy/modules/services/openvpn.if
 --- nsaserefpolicy/policy/modules/services/openvpn.if	2007-05-29 14:10:57.000000000 -0400
 +++ serefpolicy-3.0.3/policy/modules/services/openvpn.if	2007-07-17 15:46:25.000000000 -0400

selinux-policy.spec

@@ -16,8 +16,8 @@
 %define CHECKPOLICYVER 2.0.3-1
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 3.0.2
+Version: 3.0.3
-Release: 8%{?dist}
+Release: 1%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -172,7 +172,7 @@ fi;
 
 %description
 SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision 2348.
+Based off of reference policy: Checked out revision 2370.
 
 %prep 
 %setup -q -n serefpolicy-%{version}
@@ -357,6 +357,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Jul 17 2007 Dan Walsh <dwalsh@redhat.com> 3.0.2-9
+- Allow execution of gconf
+
 * Sat Jul 14 2007 Dan Walsh <dwalsh@redhat.com> 3.0.2-8
 - Fix moilscanner update problem
 

sources

@@ -1 +1 @@
-7487348a6530067125f23316f43ff369  serefpolicy-3.0.2.tgz
+af54ae49007f995f1cb9e5d6f5baf8bf  serefpolicy-3.0.3.tgz