- Allow gdm to read rpm database

- Allow nsplugin to read mplayer config files

policy-20080509.patch

@@ -2626,7 +2626,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.4.2/policy/modules/apps/gpg.te
 --- nsaserefpolicy/policy/modules/apps/gpg.te	2008-06-12 23:25:03.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/apps/gpg.te	2008-06-12 23:37:51.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/apps/gpg.te	2008-07-01 08:30:42.000000000 -0400
 @@ -15,15 +15,251 @@
  gen_tunable(gpg_agent_env_file, false)
  
@@ -8239,7 +8239,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/sysadm.
  ## <summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivuser.if serefpolicy-3.4.2/policy/modules/roles/unprivuser.if
 --- nsaserefpolicy/policy/modules/roles/unprivuser.if	2008-06-12 23:25:06.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/roles/unprivuser.if	2008-06-24 05:57:35.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/roles/unprivuser.if	2008-07-01 08:30:34.000000000 -0400
 @@ -62,6 +62,26 @@
  	files_home_filetrans($1,user_home_dir_t,dir)
  ')
@@ -8353,7 +8353,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivu
  ')
  
  ########################################
-@@ -323,3 +340,553 @@
+@@ -323,3 +340,555 @@
  	manage_sock_files_pattern($1,{ user_home_dir_t user_home_t },user_home_t)
  ')
  
@@ -8521,6 +8521,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivu
 +		type user_tmp_t;
 +	')
 +
++	files_search_tmp($1)
 +	manage_files_pattern($1, user_tmp_t,  user_tmp_t)
 +')
 +
@@ -8539,6 +8540,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/roles/unprivu
 +		type user_tmp_t;
 +	')
 +
++	files_search_tmp($1)
 +	manage_lnk_files_pattern($1, user_tmp_t,  user_tmp_t)
 +')
 +
@@ -36613,8 +36615,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.i
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.te serefpolicy-3.4.2/policy/modules/system/virt.te
 --- nsaserefpolicy/policy/modules/system/virt.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.4.2/policy/modules/system/virt.te	2008-06-22 06:51:23.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/system/virt.te	2008-07-01 09:38:45.000000000 -0400
-@@ -0,0 +1,198 @@
+@@ -0,0 +1,203 @@
 +
 +policy_module(virt,1.0.0)
 +
@@ -36731,6 +36733,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.t
 +files_read_usr_files(virtd_t)
 +files_read_etc_runtime_files(virtd_t)
 +files_search_all(virtd_t)
++files_list_kernel_modules(virtd_t)
 +
 +fs_list_auto_mountpoints(virtd_t)
 +
@@ -36813,6 +36816,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.t
 +	fs_manage_cifs_files(virtd_t)
 +	fs_read_cifs_symlinks(virtd_t)
 +')
++
++optional_policy(`
++	unconfined_domain(virtd_t)
++')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.fc serefpolicy-3.4.2/policy/modules/system/xen.fc
 --- nsaserefpolicy/policy/modules/system/xen.fc	2008-06-12 23:25:07.000000000 -0400
 +++ serefpolicy-3.4.2/policy/modules/system/xen.fc	2008-06-12 23:37:52.000000000 -0400