hide broken symptoms

refpolicy/policy/modules/services/cups.if

@@ -1 +1,19 @@
 ## <summary>Common UNIX printing system</summary>
+
+########################################
+## <summary>
+##	Read cups-writable configuration files.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+interface(`cups_read_rw_config',`
+	gen_require(`
+		type cupsd_etc_t, cupsd_rw_etc_t;
+	')
+
+	files_search_etc($1)
+	allow $1 cupsd_etc_t:dir search_dir_perms;
+	allow $1 cupsd_rw_etc_t:file { getattr read };
+')

refpolicy/policy/modules/services/samba.te

@@ -208,6 +208,8 @@ allow smbd_t smbd_var_run_t:file create_file_perms;
 allow smbd_t smbd_var_run_t:sock_file create_file_perms;
 files_create_pid(smbd_t,smbd_var_run_t)
 
+allow smbd_t winbind_var_run_t:sock_file { read write getattr };
+
 kernel_getattr_core(smbd_t)
 kernel_getattr_message_if(smbd_t)
 kernel_read_network_state(smbd_t)
@@ -281,6 +283,10 @@ tunable_policy(`allow_smbd_anon_write',`
 	miscfiles_manage_public_files(smbd_t)
 ') 
 
+optional_policy(`cups.te',`
+	cups_read_rw_config(smbd_t)
+')
+
 optional_policy(`kerberos.te',`
 	kerberos_use(smbd_t)
 ')
@@ -305,11 +311,13 @@ ifdef(`TODO',`
 optional_policy(`rhgb.te',`
 	rhgb_domain(smbd_t)
 ')
+') dnl end TODO
+
 ifdef(`hide_broken_symptoms', `
 dontaudit smbd_t { devpts_t boot_t default_t tmpfs_t }:dir getattr;
 dontaudit smbd_t devpts_t:dir getattr;
 ')
-')
+allow smbd_t mtrr_device_t:file getattr;
 
 ########################################
 #

refpolicy/policy/modules/system/selinuxutil.te

@@ -342,7 +342,7 @@ ifdef(`distro_redhat', `
 ')
 
 ifdef(`hide_broken_symptoms',`
-	udev_donaudit_rw_unix_dgram_socket(restorecon_t)
+	udev_dontaudit_rw_unix_dgram_socket(restorecon_t)
 ')
 
 optional_policy(`hotplug.te',`

refpolicy/policy/modules/system/sysnetwork.te

@@ -329,7 +329,7 @@ ifdef(`hide_broken_symptoms',`
 	')
 
 	optional_policy(`udev.te',`
-		udev_donaudit_rw_unix_dgram_socket(ifconfig_t)
+		udev_dontaudit_rw_unix_dgram_socket(ifconfig_t)
 	')
 ')