- Add back xserver_manage_home_fonts

modules-minimum.conf

@@ -2009,6 +2009,20 @@ xguest = module
 # 
 courier = module
 
+# Layer: services
+# Module: cgroup
+#
+# Tools and libraries to control and monitor control groups
+# 
+cgroup = module
+
+# Layer: services
+# Module: denyhosts
+#
+#  script to help thwart ssh server attacks
+# 
+denyhosts = module
+
 # Layer: apps
 # Module: livecd
 #

modules-mls.conf

@@ -32,6 +32,13 @@ alsa = base
 # 
 ada = module
 
+# Layer: services
+# Module: cgroup
+#
+# Tools and libraries to control and monitor control groups
+# 
+cgroup = module
+
 # Layer: apps
 # Module: cpufreqselector 
 #

modules-targeted.conf

@@ -2009,6 +2009,20 @@ xguest = module
 # 
 courier = module
 
+# Layer: services
+# Module: cgroup
+#
+# Tools and libraries to control and monitor control groups
+# 
+cgroup = module
+
+# Layer: services
+# Module: denyhosts
+#
+#  script to help thwart ssh server attacks
+# 
+denyhosts = module
+
 # Layer: apps
 # Module: livecd
 #

policy-F13.patch

@@ -26105,7 +26105,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +/var/lib/nxserver/home/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.7.5/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2009-12-04 09:43:33.000000000 -0500
-+++ serefpolicy-3.7.5/policy/modules/services/xserver.if	2009-12-22 09:50:42.000000000 -0500
++++ serefpolicy-3.7.5/policy/modules/services/xserver.if	2009-12-22 12:24:34.000000000 -0500
 @@ -56,6 +56,13 @@
  
  	domtrans_pattern($2, iceauth_exec_t, iceauth_t)
@@ -26199,7 +26199,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  ')
  
  ########################################
-@@ -1219,3 +1232,301 @@
+@@ -1219,3 +1232,329 @@
  	typeattribute $1 x_domain;
  	typeattribute $1 xserver_unconfined_type;
  ')
@@ -26234,6 +26234,34 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 +########################################
 +## <summary>
++##	append to .xsession-errors file
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit
++##	</summary>
++## </param>
++#
++interface(`xserver_append_xdm_home_files',`
++	gen_require(`
++		type xdm_home_t;
++		type xserver_tmp_t;
++	')
++
++	allow $1 xdm_home_t:file append_file_perms;
++	allow $1 xserver_tmp_t:file append_file_perms;
++
++	tunable_policy(`use_nfs_home_dirs',`
++		fs_append_nfs_files($1)
++	')
++
++	tunable_policy(`use_samba_home_dirs',`
++		fs_append_cifs_files($1)
++	')
++')
++
++########################################
++## <summary>
 +##	Manage the xdm_spool files
 +## </summary>
 +## <param name="domain">

selinux-policy.spec

@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.7.5
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -449,6 +449,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Dec 22 2009 Dan Walsh <dwalsh@redhat.com> 3.7.5-3
+- Add back xserver_manage_home_fonts
+
 * Mon Dec 21 2009 Dan Walsh <dwalsh@redhat.com> 3.7.5-2
 - Dontaudit sandbox trying to read nscd and sssd