From 4dba2eb895028584699c055fa40d180caed0121c Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Wed, 19 Oct 2011 08:29:33 -0400
Subject: [PATCH] Allow svirt_lxc_domain to chr_file and blk_file devices if
 they are in the domain Allow init process to setrlimit on itself Take away
 transition rules for users executing ssh-keygen Allow setroubleshoot_fixit_t
 to read /dev/urand Allow sshd to relbale tunnel sockets Allow fail2ban
 domtrans to shorewall in the same way as with iptables Add support for lnk
 files in the /var/lib/sssd directory Allow system mail to connect to
 courier-authdaemon over an unix stream socket

---
 default_trans.patch | 11 +++++++++++
 selinux-policy.spec |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 default_trans.patch

diff --git a/default_trans.patch b/default_trans.patch
new file mode 100644
index 00000000..617a3016
--- /dev/null
+++ b/default_trans.patch
@@ -0,0 +1,11 @@
+diff --git a/policy/mcs b/policy/mcs
+index ed7a0c1..90d0b1e 100644
+--- a/policy/mcs
++++ b/policy/mcs
+@@ -1,4 +1,6 @@
+ ifdef(`enable_mcs',`
++default_trans level dir_file_class_set parent;
++
+ #
+ # Define sensitivities 
+ #
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 76058452..d94654ca 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -250,7 +250,7 @@ Based off of reference policy: Checked out revision  2.20091117
 %patch5 -p1 -b .userdomain
 %patch6 -p1 -b .apache
 %patch7 -p1 -b .ptrace
-%patch8 -p1 -b .default_trans
+#%patch8 -p1 -b .default_trans
 
 %install
 mkdir selinux_config