trunk: small fixes for gentoo system.

policy/modules/system/init.te

@@ -1,5 +1,5 @@
 
-policy_module(init,1.9.2)
+policy_module(init,1.9.3)
 
 gen_require(`
 	class passwd rootok;
@@ -427,6 +427,11 @@ ifdef(`distro_gentoo',`
 	# happens during boot (/sbin/rc execs init scripts)
 	seutil_read_default_contexts(initrc_t)
 
+	# /lib/rcscripts/net/system.sh rewrites resolv.conf :(
+	sysnet_create_config(initrc_t)
+	sysnet_write_config(initrc_t)
+	sysnet_setattr_config(initrc_t)	
+
 	optional_policy(`
 		arpwatch_manage_data_files(initrc_t)
 	')

policy/modules/system/logging.fc

@@ -20,6 +20,8 @@
 /usr/sbin/syslog-ng	--	gen_context(system_u:object_r:syslogd_exec_t,s0)
 /usr/sbin/syslogd	--	gen_context(system_u:object_r:syslogd_exec_t,s0)
 
+/var/lib/syslog-ng.persist --	gen_context(system_u:object_r:syslogd_var_lib_t,s0)
+
 ifdef(`distro_suse', `
 /var/lib/stunnel/dev/log -s	gen_context(system_u:object_r:devlog_t,s0)
 ')

policy/modules/system/logging.te

@@ -1,5 +1,5 @@
 
-policy_module(logging,1.9.1)
+policy_module(logging,1.9.2)
 
 ########################################
 #

policy/modules/system/sysnetwork.if

@@ -203,11 +203,30 @@ interface(`sysnet_read_dhcpc_state',`
 
 #######################################
 ## <summary>
-##	Allow network init to read network config files.
+##	Set the attributes of network config files.
 ## </summary>
 ## <param name="domain">
 ##	<summary>
-##	The type of the process performing this action.
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`sysnet_setattr_config',`
+	gen_require(`
+		type net_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 net_conf_t:file setattr;
+')
+
+#######################################
+## <summary>
+##	Read network config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
 ##	</summary>
 ## </param>
 #
@@ -238,6 +257,44 @@ interface(`sysnet_dontaudit_read_config',`
 	dontaudit $1 net_conf_t:file read_file_perms;
 ')
 
+#######################################
+## <summary>
+##	Write network config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`sysnet_write_config',`
+	gen_require(`
+		type net_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 net_conf_t:file write_file_perms;
+')
+
+#######################################
+## <summary>
+##	Create network config files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`sysnet_create_config',`
+	gen_require(`
+		type net_conf_t;
+	')
+
+	files_search_etc($1)
+	allow $1 net_conf_t:file create_file_perms;
+')
+
 #######################################
 ## <summary>
 ##	Create files in /etc with the type used for

policy/modules/system/sysnetwork.te

@@ -1,5 +1,5 @@
 
-policy_module(sysnetwork,1.5.0)
+policy_module(sysnetwork,1.5.1)
 
 ########################################
 #
@@ -50,7 +50,7 @@ allow dhcpc_t self:fifo_file rw_file_perms;
 allow dhcpc_t self:tcp_socket create_stream_socket_perms;
 allow dhcpc_t self:udp_socket create_socket_perms;
 allow dhcpc_t self:packet_socket create_socket_perms;
-allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read };
+allow dhcpc_t self:netlink_route_socket { create_socket_perms nlmsg_read nlmsg_write };
 
 allow dhcpc_t dhcp_etc_t:dir list_dir_perms;
 read_lnk_files_pattern(dhcpc_t,dhcp_etc_t,dhcp_etc_t)