- Allow dhcpc to restart ypbind

- Fixup labeling in /var/run

modules-minimum.conf

@@ -182,6 +182,13 @@ cdrecord = module
 # 
 certwatch = module
 
+# Layer: admin
+# Module: certmaster
+#
+# Digital Certificate Tracking
+# 
+certmanager = module
+
 # Layer: services
 # Module: cipe
 #

modules-targeted.conf

@@ -182,6 +182,13 @@ cdrecord = module
 # 
 certwatch = module
 
+# Layer: admin
+# Module: certmaster
+#
+# Digital Certificate Tracking
+# 
+certmanager = module
+
 # Layer: services
 # Module: cipe
 #

policy-20080710.patch

@@ -12178,8 +12178,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/var/log/certmaster(/.*)?  				gen_context(system_u:object_r:certmaster_var_log_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.if serefpolicy-3.5.13/policy/modules/services/certmaster.if
 --- nsaserefpolicy/policy/modules/services/certmaster.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.5.13/policy/modules/services/certmaster.if	2008-10-30 14:44:58.000000000 -0400
-@@ -0,0 +1,133 @@
++++ serefpolicy-3.5.13/policy/modules/services/certmaster.if	2008-11-03 15:55:54.000000000 -0500
+@@ -0,0 +1,132 @@
 +## <summary>policy for certmaster</summary>
 +
 +########################################
@@ -12205,15 +12205,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +#######################################
-+### <summary>
-+###      read
-+###      certmaster logs.
-+### </summary>
-+### <param name="domain">
-+###      <summary>
-+###      Domain allowed access.
-+###      </summary>
-+### </param>
++## <summary>
++##      read
++##      certmaster logs.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
 +##
 +#
 +interface(`certmaster_read_log',`
@@ -12225,14 +12225,14 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +#######################################
-+### <summary>
-+###      Append to certmaster logs.
-+### </summary>
-+### <param name="domain">
-+###      <summary>
-+###      Domain allowed access.
-+###      </summary>
-+### </param>
++## <summary>
++##      Append to certmaster logs.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
 +##
 +#
 +interface(`certmaster_append_log',`
@@ -12244,15 +12244,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +#######################################
-+### <summary>
-+###      Create, read, write, and delete
-+###      certmaster logs.
-+### </summary>
-+### <param name="domain">
-+###      <summary>
-+###      Domain allowed access.
-+###      </summary>
-+### </param>
++## <summary>
++##      Create, read, write, and delete
++##      certmaster logs.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
 +##
 +#
 +interface(`certmaster_manage_log',`
@@ -12265,22 +12265,22 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +########################################
-+### <summary>
-+###      All of the rules required to administrate 
-+###      an snort environment
-+### </summary>
-+### <param name="domain">
-+###      <summary>
-+###      Domain allowed access.
-+###      </summary>
-+### </param>
-+### <param name="role">
-+###      <summary>
-+###      The role to be allowed to manage the syslog domain.
-+###      </summary>
-+### </param>
-+### <rolecap/>
-+##
++## <summary>
++##      All of the rules required to administrate 
++##      an snort environment
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
++## <param name="role">
++##      <summary>
++##      The role to be allowed to manage the syslog domain.
++##      </summary>
++## </param>
++## <rolecap/>
++#
 +
 +interface(`certmaster_admin',`
 +        gen_require(`
@@ -12312,7 +12312,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	files_list_var_lib($1)
 +	admin_pattern($1, certmaster_var_lib_t)
 +')
-+
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/certmaster.te serefpolicy-3.5.13/policy/modules/services/certmaster.te
 --- nsaserefpolicy/policy/modules/services/certmaster.te	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.5.13/policy/modules/services/certmaster.te	2008-10-30 14:48:03.000000000 -0400

selinux-policy.spec

@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.5.13
-Release: 11%{?dist}
+Release: 13%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -457,6 +457,13 @@ exit 0
 %endif
 
 %changelog
+* Mon Nov 3 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-13
+- Allow dhcpc to restart ypbind
+- Fixup labeling in /var/run
+
+* Thu Oct 30 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-12
+- Add certmaster policy
+
 * Wed Oct 29 2008 Dan Walsh <dwalsh@redhat.com> 3.5.13-11
 - Fix confined users 
 - Allow xguest to read/write xguest_dbusd_t