- Allow cupsd_config_t to be started by dbus

- Add smoltclient policy

.cvsignore

@@ -183,3 +183,4 @@ serefpolicy-3.6.24.tgz
 serefpolicy-3.6.25.tgz
 serefpolicy-3.6.26.tgz
 serefpolicy-3.6.27.tgz
+serefpolicy-3.6.28.tgz

modules-minimum.conf

@@ -1337,6 +1337,13 @@ slocate = module
 # 
 smartmon = module
 
+# Layer: admin
+# Module: smoltclient
+#
+# The Fedora hardware profiler client
+# 
+smoltclient = module
+
 # Layer: services
 # Module: snmp
 #

modules-targeted.conf

@@ -1337,6 +1337,13 @@ slocate = module
 # 
 smartmon = module
 
+# Layer: admin
+# Module: smoltclient
+#
+# The Fedora hardware profiler client
+# 
+smoltclient = module
+
 # Layer: services
 # Module: snmp
 #

nsadiff

@@ -1 +1 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.27 > /tmp/diff
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.28 > /tmp/diff

policy-F12.patch

@@ -1,12 +1,3 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/Changelog serefpolicy-3.6.28/Changelog
---- nsaserefpolicy/Changelog	2009-08-18 11:41:14.000000000 -0400
-+++ serefpolicy-3.6.28/Changelog	2009-08-18 13:23:29.000000000 -0400
-@@ -1,5 +1,3 @@
--- Debian policykit fixes from Martin Orr.
--- Fix unconfined_r use of unconfined_java_t.
- - Add missing x_device rules for XI2 functions, from Eamon Walsh.
- - Add missing rules to make unconfined_cronjob_t a valid cron job domain.
- - Add btrfs and ext4 to labeling targets.
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/default_contexts serefpolicy-3.6.28/config/appconfig-mcs/default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/default_contexts	2009-07-14 14:19:57.000000000 -0400
 +++ serefpolicy-3.6.28/config/appconfig-mcs/default_contexts	2009-08-18 13:23:29.000000000 -0400
@@ -639,9 +630,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/portage.te serefpolicy-3.6.28/policy/modules/admin/portage.te
---- nsaserefpolicy/policy/modules/admin/portage.te	2009-08-14 16:14:31.000000000 -0400
+--- nsaserefpolicy/policy/modules/admin/portage.te	2009-08-18 18:39:50.000000000 -0400
 +++ serefpolicy-3.6.28/policy/modules/admin/portage.te	2009-08-18 13:23:29.000000000 -0400
-@@ -195,7 +195,7 @@
+@@ -196,7 +195,7 @@
  # - for rsync and distfile fetching
  #
  
@@ -1485,8 +1476,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/awstats.te serefpolicy-3.6.28/policy/modules/apps/awstats.te
 --- nsaserefpolicy/policy/modules/apps/awstats.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.28/policy/modules/apps/awstats.te	2009-08-18 13:23:29.000000000 -0400
++++ serefpolicy-3.6.28/policy/modules/apps/awstats.te	2009-08-18 18:38:21.000000000 -0400
-@@ -51,6 +51,8 @@
+@@ -28,6 +28,8 @@
+ awstats_rw_pipes(awstats_t)
+ awstats_cgi_exec(awstats_t)
+ 
++can_exec(awstats_t, awstats_exec_t)
++
+ manage_dirs_pattern(awstats_t, awstats_tmp_t, awstats_tmp_t)
+ manage_files_pattern(awstats_t, awstats_tmp_t, awstats_tmp_t)
+ files_tmp_filetrans(awstats_t, awstats_tmp_t, { dir file })
+@@ -51,6 +53,8 @@
  
  libs_read_lib_files(awstats_t)
  
@@ -10804,7 +10804,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
  ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.6.28/policy/modules/services/dbus.te
---- nsaserefpolicy/policy/modules/services/dbus.te	2009-08-14 16:14:31.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/dbus.te	2009-08-18 18:39:50.000000000 -0400
 +++ serefpolicy-3.6.28/policy/modules/services/dbus.te	2009-08-18 13:23:29.000000000 -0400
 @@ -86,6 +86,7 @@
  dev_read_sysfs(system_dbusd_t)
@@ -13587,7 +13587,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/PolicyKit(/.*)?			gen_context(system_u:object_r:policykit_var_run_t,s0)
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.if serefpolicy-3.6.28/policy/modules/services/policykit.if
---- nsaserefpolicy/policy/modules/services/policykit.if	2009-07-23 14:11:04.000000000 -0400
+--- nsaserefpolicy/policy/modules/services/policykit.if	2009-08-18 18:39:50.000000000 -0400
 +++ serefpolicy-3.6.28/policy/modules/services/policykit.if	2009-08-18 13:23:29.000000000 -0400
 @@ -17,6 +17,8 @@
  		class dbus send_msg;
@@ -13598,23 +13598,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	allow $1 policykit_t:dbus send_msg;
  	allow policykit_t $1:dbus send_msg;
  ')
-@@ -41,7 +43,6 @@
- 
- ########################################
- ## <summary>
--##	Execute a policy_auth in the policy_auth domain, and
- ##	allow the specified role the policy_auth domain,
- ## </summary>
- ## <param name="domain">
-@@ -167,7 +168,7 @@
- 
- 	domtrans_pattern($1, policykit_resolve_exec_t, policykit_resolve_t)
- 
--	ps_process_pattern(policykit_resolve_t $1)
-+	ps_process_pattern(policykit_resolve_t, $1)
- ')
- 
- ########################################
 @@ -206,4 +207,47 @@
  
  	files_search_var_lib($1)

selinux-policy.spec

@@ -19,7 +19,7 @@
 %define CHECKPOLICYVER 2.0.16-3
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 3.6.27
+Version: 3.6.28
 Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
@@ -475,6 +475,10 @@ exit 0
 %endif
 
 %changelog
+* Tue Aug 18 2009 Dan Walsh <dwalsh@redhat.com> 3.6.28-1
+- Allow cupsd_config_t to be started by dbus
+- Add smoltclient policy
+
 * Fri Aug 14 2009 Dan Walsh <dwalsh@redhat.com> 3.6.27-1
 - Add policycoreutils-python to pre install
 

sources

@@ -1 +1 @@
-7539a9e100f4f48bcd47dd870e03e2c6  serefpolicy-3.6.27.tgz
+7ce2872c7c331710af3741606add5664  serefpolicy-3.6.28.tgz