- Update to upstream

- Additional mail ports - Add virt_use_usb boolean for svirt
2009-06-19 11:41:44 +00:00 · 2009-06-19 11:41:44 +00:00 · 6071093529
parent 9386d6f55f
commit 6071093529
4 changed files with 60 additions and 132 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -171,3 +171,4 @@ serefpolicy-3.6.13.tgz
 serefpolicy-3.6.14.tgz
 serefpolicy-3.6.15.tgz
 serefpolicy-3.6.16.tgz
+serefpolicy-3.6.17.tgz
--- a/policy-F12.patch
+++ b/policy-F12.patch
@ -1565,41 +1565,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 type sudo_exec_t;
 application_executable_file(sudo_exec_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.6.16/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/admin/su.if	2009-06-12 15:59:08.000000000 -0400
-@@ -90,15 +90,6 @@
- 
- 	miscfiles_read_localization($1_su_t)
- 
-	ifdef(`distro_redhat',`
-		# RHEL5 and possibly newer releases incl. Fedora
-		auth_domtrans_upd_passwd($1_su_t)
-
-		optional_policy(`
-			locallogin_search_keys($1_su_t)
-		')
-	')
-
- 	ifdef(`distro_rhel4',`
- 		domain_role_change_exemption($1_su_t)
- 		domain_subj_id_change_exemption($1_su_t)
-@@ -227,15 +218,6 @@
- 	userdom_use_user_terminals($1_su_t)
- 	userdom_search_user_home_dirs($1_su_t)
- 
-	ifdef(`distro_redhat',`
-		# RHEL5 and possibly newer releases incl. Fedora
-		auth_domtrans_upd_passwd($1_su_t)
-
-		optional_policy(`
-			locallogin_search_keys($1_su_t)
-		')
-	')
-
- 	ifdef(`distro_rhel4',`
- 		domain_role_change_exemption($1_su_t)
- 		domain_subj_id_change_exemption($1_su_t)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.6.16/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2008-11-11 16:13:49.000000000 -0500
 +++ serefpolicy-3.6.16/policy/modules/admin/tmpreaper.te	2009-06-12 15:59:08.000000000 -0400
@ -4249,7 +4214,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/qemu.te serefpolicy-3.6.16/policy/modules/apps/qemu.te
 --- nsaserefpolicy/policy/modules/apps/qemu.te	2009-01-19 11:03:28.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/apps/qemu.te	2009-06-12 15:59:08.000000000 -0400
+++ serefpolicy-3.6.16/policy/modules/apps/qemu.te	2009-06-19 07:21:45.000000000 -0400
@@ -13,28 +13,97 @@
 ## </desc>
 gen_tunable(qemu_full_network, false)
@ -5351,7 +5316,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.6.16/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2009-06-12 09:08:48.000000000 -0400
-+++ serefpolicy-3.6.16/policy/modules/kernel/corenetwork.te.in	2009-06-12 15:59:08.000000000 -0400
+++ serefpolicy-3.6.16/policy/modules/kernel/corenetwork.te.in	2009-06-19 07:01:21.000000000 -0400
@@ -65,6 +65,7 @@
 type server_packet_t, packet_type, server_packet_type;
 
@ -5390,7 +5355,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
 network_port(howl, tcp,5335,s0, udp,5353,s0)
 network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
-@@ -121,6 +128,7 @@
+@@ -121,16 +128,18 @@
 network_port(kerberos_admin, tcp,464,s0, udp,464,s0, tcp,749,s0)
 network_port(kerberos_master, tcp,4444,s0, udp,4444,s0)
 network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0)
@ -5398,7 +5363,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 network_port(kprop, tcp,754,s0)
 network_port(ktalkd, udp,517,s0, udp,518,s0)
 network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
-@@ -131,6 +139,7 @@
+ type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
+ network_port(lmtp, tcp,24,s0, udp,24,s0)
+-network_port(mail, tcp,2000,s0)
+network_port(mail, tcp,2000,s0, tcp,3905,s0)
+ network_port(memcache, tcp,11211,s0, udp,11211,s0)
 network_port(mmcc, tcp,5050,s0, udp,5050,s0)
 network_port(monopd, tcp,1234,s0)
 network_port(msnp, tcp,1863,s0, udp,1863,s0)
@ -5683,7 +5652,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 type lvm_control_t;
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.6.16/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2009-06-12 09:08:48.000000000 -0400
-+++ serefpolicy-3.6.16/policy/modules/kernel/domain.if	2009-06-12 15:59:08.000000000 -0400
+++ serefpolicy-3.6.16/policy/modules/kernel/domain.if	2009-06-19 06:16:32.000000000 -0400
@@ -65,7 +65,8 @@
 	')
 
@ -6286,7 +6255,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/dev/shm		-d	gen_context(system_u:object_r:tmpfs_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.6.16/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2009-06-12 09:08:48.000000000 -0400
-+++ serefpolicy-3.6.16/policy/modules/kernel/kernel.if	2009-06-12 15:59:08.000000000 -0400
+++ serefpolicy-3.6.16/policy/modules/kernel/kernel.if	2009-06-19 06:12:19.000000000 -0400
@@ -1807,7 +1807,7 @@
 	')
 
@ -13004,7 +12973,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ## <param name="domain">
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.6.16/policy/modules/services/dnsmasq.te
 --- nsaserefpolicy/policy/modules/services/dnsmasq.te	2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.16/policy/modules/services/dnsmasq.te	2009-06-12 15:59:08.000000000 -0400
+++ serefpolicy-3.6.16/policy/modules/services/dnsmasq.te	2009-06-19 07:12:42.000000000 -0400
@@ -42,8 +42,7 @@
 files_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, file)
 
@ -13015,7 +12984,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 corenet_all_recvfrom_unlabeled(dnsmasq_t)
 corenet_all_recvfrom_netlabel(dnsmasq_t)
-@@ -84,6 +83,14 @@
+@@ -84,6 +83,18 @@
 userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
 
 optional_policy(`
@ -13023,6 +12992,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +optional_policy(`
+	dbus_system_bus_client(dnsmasq_t)
+')
+
+optional_policy(`
 +	tftp_read_content(dnsmasq_t)
 +')
 +
@ -13687,8 +13660,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.16/policy/modules/services/gnomeclock.te
 --- nsaserefpolicy/policy/modules/services/gnomeclock.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/services/gnomeclock.te	2009-06-12 15:59:08.000000000 -0400
-@@ -0,0 +1,49 @@
+++ serefpolicy-3.6.16/policy/modules/services/gnomeclock.te	2009-06-19 05:26:32.000000000 -0400
+@@ -0,0 +1,50 @@
 +policy_module(gnomeclock, 1.0.0)
 +########################################
 +#
@ -13733,6 +13706,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 +
 +optional_policy(`
+	polkit_dbus_chat(gnomeclock_t)
 +	polkit_domtrans_auth(gnomeclock_t)
 +	polkit_read_lib(gnomeclock_t)
 +	polkit_read_reload(gnomeclock_t)
@ -14494,27 +14468,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 optional_policy(`
 	cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.fc serefpolicy-3.6.16/policy/modules/services/milter.fc
--- nsaserefpolicy/policy/modules/services/milter.fc	2009-05-21 08:43:08.000000000 -0400
-+++ serefpolicy-3.6.16/policy/modules/services/milter.fc	2009-06-12 15:59:08.000000000 -0400
-@@ -1,8 +1,15 @@
- /usr/sbin/milter-regex				--	gen_context(system_u:object_r:regex_milter_exec_t,s0)
-/var/spool/milter-regex(/.*)?				gen_context(system_u:object_r:regex_milter_data_t,s0)
-
- /usr/sbin/spamass-milter			--	gen_context(system_u:object_r:spamass_milter_exec_t,s0)
-+/usr/sbin/milter-greylist			--	gen_context(system_u:object_r:greylist_milter_exec_t,s0)
-+
-+/var/spool/milter-regex(/.*)?				gen_context(system_u:object_r:regex_milter_data_t,s0)
- 
- /var/lib/spamass-milter(/.*)?				gen_context(system_u:object_r:spamass_milter_state_t,s0)
-+/var/lib/milter-greylist(/.*)?				gen_context(system_u:object_r:greylist_milter_data_t,s0)
-+/var/lib/miltermilter.*					gen_context(system_u:object_r:spamass_milter_state_t,s0)
-+
-+/var/run/milter.*				--	gen_context(system_u:object_r:spamass_milter_data_t,s0)
-+/var/run/milter-greylist(/.*)?				gen_context(system_u:object_r:greylist_milter_data_t,s0)
-+/var/run/milter-greylist\.pid			--	gen_context(system_u:object_r:greylist_milter_data_t,s0)
- /var/run/spamass-milter(/.*)?				gen_context(system_u:object_r:spamass_milter_data_t,s0)
- /var/run/spamass-milter\.pid			--	gen_context(system_u:object_r:spamass_milter_data_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.6.16/policy/modules/services/milter.if
 --- nsaserefpolicy/policy/modules/services/milter.if	2009-05-21 08:43:08.000000000 -0400
 +++ serefpolicy-3.6.16/policy/modules/services/milter.if	2009-06-12 15:59:08.000000000 -0400
@ -14527,50 +14480,6 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 	allow $1_milter_t self:fifo_file rw_fifo_file_perms;
 
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.te serefpolicy-3.6.16/policy/modules/services/milter.te
--- nsaserefpolicy/policy/modules/services/milter.te	2009-05-21 08:43:08.000000000 -0400
-+++ serefpolicy-3.6.16/policy/modules/services/milter.te	2009-06-12 15:59:08.000000000 -0400
-@@ -63,3 +63,40 @@
- 
- # The main job of the milter is to pipe spam through spamc and act on the result
- spamassassin_domtrans_client(spamass_milter_t)
-+
-+########################################
-+#
-+# milter-greylist Declarations
-+#
-+
-+milter_template(greylist)
-+
-+########################################
-+#
-+# milter-greylist local policy
-+#   ensure smtp clients retry mail like real MTAs and not spamware
-+#   http://hcpnet.free.fr/milter-greylist/
-+#
-+
-+# Look up username for dropping privs
-+auth_use_nsswitch(greylist_milter_t)
-+
-+# It creates a pid file /var/run/milter-greylist.pid
-+files_pid_filetrans(greylist_milter_t, greylist_milter_data_t, file)
-+
-+# It removes any existing socket (not owned by root) whilst running as root,
-+# fixes permissions, renices itself and then calls setgid() and setuid() to
-+# drop privileges
-+kernel_read_kernel_sysctls(greylist_milter_t)
-+allow greylist_milter_t self:capability { chown dac_override setgid setuid sys_nice };
-+allow greylist_milter_t self:process { setsched getsched };
-+
-+# Allow the milter to read a GeoIP database in /usr/share
-+files_read_usr_files(greylist_milter_t)
-+
-+# The milter runs from /var/lib/milter-greylist and maintains files there
-+files_search_var_lib(greylist_milter_t);
-+
-+# Config is in /etc/mail/greylist.conf
-+mta_read_config(greylist_milter_t)
-+
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.16/policy/modules/services/mta.fc
 --- nsaserefpolicy/policy/modules/services/mta.fc	2008-09-12 10:48:05.000000000 -0400
 +++ serefpolicy-3.6.16/policy/modules/services/mta.fc	2009-06-12 15:59:08.000000000 -0400
@ -18123,7 +18032,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 # /sbin
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.16/policy/modules/services/ppp.if
 --- nsaserefpolicy/policy/modules/services/ppp.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/services/ppp.if	2009-06-15 15:36:20.000000000 -0400
+++ serefpolicy-3.6.16/policy/modules/services/ppp.if	2009-06-18 15:55:53.000000000 -0400
@@ -58,6 +58,25 @@
 
 ########################################
@ -23031,8 +22940,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/virt.te serefpolicy-3.6.16/policy/modules/services/virt.te
 --- nsaserefpolicy/policy/modules/services/virt.te	2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.16/policy/modules/services/virt.te	2009-06-16 11:25:30.000000000 -0400
-@@ -8,19 +8,31 @@
+++ serefpolicy-3.6.16/policy/modules/services/virt.te	2009-06-19 07:22:38.000000000 -0400
+@@ -8,19 +8,38 @@
 
 ## <desc>
 ## <p>
@ -23053,6 +22962,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -attribute virt_image_type;
 +## <desc>
 +## <p>
+## Allow svirt to use usb devices
+## </p>
+## </desc>
+gen_tunable(virt_use_usb, true)
+
+## <desc>
+## <p>
 +## Allow svirt to manage device configuration, (pci)
 +## </p>
 +## </desc>
@ -23067,7 +22983,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 type virt_etc_t;
 files_config_file(virt_etc_t)
-@@ -29,8 +41,13 @@
+@@ -29,8 +48,13 @@
 files_type(virt_etc_rw_t)
 
 # virt Image files
@ -23083,7 +22999,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 type virt_log_t;
 logging_log_file(virt_log_t)
-@@ -48,17 +65,39 @@
+@@ -48,17 +72,39 @@
 type virtd_initrc_exec_t;
 init_script_file(virtd_initrc_exec_t)
 
@ -23125,7 +23041,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 read_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
 read_lnk_files_pattern(virtd_t, virt_etc_t, virt_etc_t)
 
-@@ -67,7 +106,11 @@
+@@ -67,7 +113,11 @@
 manage_lnk_files_pattern(virtd_t, virt_etc_rw_t, virt_etc_rw_t)
 filetrans_pattern(virtd_t, virt_etc_t, virt_etc_rw_t, dir)
 
@ -23138,7 +23054,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 manage_dirs_pattern(virtd_t, virt_log_t, virt_log_t)
 manage_files_pattern(virtd_t, virt_log_t, virt_log_t)
-@@ -86,6 +129,7 @@
+@@ -86,6 +136,7 @@
 kernel_read_network_state(virtd_t)
 kernel_rw_net_sysctls(virtd_t)
 kernel_load_module(virtd_t)
@ -23146,7 +23062,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 corecmd_exec_bin(virtd_t)
 corecmd_exec_shell(virtd_t)
-@@ -96,30 +140,51 @@
+@@ -96,30 +147,51 @@
 corenet_tcp_sendrecv_generic_node(virtd_t)
 corenet_tcp_sendrecv_all_ports(virtd_t)
 corenet_tcp_bind_generic_node(virtd_t)
@ -23201,7 +23117,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 term_use_ptmx(virtd_t)
 
 auth_use_nsswitch(virtd_t)
-@@ -129,7 +194,15 @@
+@@ -129,7 +201,15 @@
 
 logging_send_syslog_msg(virtd_t)
 
@ -23217,7 +23133,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 
 tunable_policy(`virt_use_nfs',`
 	fs_manage_nfs_dirs(virtd_t)
-@@ -167,22 +240,34 @@
+@@ -167,22 +247,34 @@
 	dnsmasq_domtrans(virtd_t)
 	dnsmasq_signal(virtd_t)
 	dnsmasq_kill(virtd_t)
@ -23236,8 +23152,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	kerberos_keytab_template(virtd, virtd_t)
 +')
-+
-+optional_policy(`
+ 
+ optional_policy(`
+-	qemu_domtrans(virtd_t)
 +	lvm_domtrans(virtd_t)
 +')
 +
@ -23246,9 +23163,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	polkit_domtrans_resolve(virtd_t)
 +	polkit_read_lib(virtd_t)
 +')
- 
- optional_policy(`
-	qemu_domtrans(virtd_t)
+
+optional_policy(`
 +	qemu_spec_domtrans(virtd_t, svirt_t)
 	qemu_read_state(virtd_t)
 	qemu_signal(virtd_t)
@ -23257,7 +23173,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 
 optional_policy(`
-@@ -195,8 +280,86 @@
+@@ -195,8 +287,92 @@
 
 	xen_stream_connect(virtd_t)
 	xen_stream_connect_xenstore(virtd_t)
@ -23326,6 +23242,12 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	dev_rw_sysfs(svirt_t)
 +')
 +
+tunable_policy(`virt_use_usb',`
+	dev_rw_usbfs(svirt_t)
+	fs_manage_dos_dirs(svirt_t)
+	fs_manage_dos_files(svirt_t)
+')
+
 +tunable_policy(`virt_use_nfs',`
 +	fs_manage_nfs_dirs(svirt_t)
 +	fs_manage_nfs_files(svirt_t)
@ -25185,9 +25107,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 ')
 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.6.16/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te	2009-06-12 15:45:03.000000000 -0400
+--- nsaserefpolicy/policy/modules/system/authlogin.te	2009-06-19 07:33:00.000000000 -0400
 +++ serefpolicy-3.6.16/policy/modules/system/authlogin.te	2009-06-12 15:59:08.000000000 -0400
-@@ -124,9 +124,18 @@
+@@ -125,9 +124,18 @@
 ')
 
 optional_policy(`
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -19,8 +19,8 @@
 %define CHECKPOLICYVER 2.0.16-3
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 3.6.16
-Release: 4%{?dist}
+Version: 3.6.17
+Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -183,7 +183,7 @@ fi;

 %description
 SELinux Reference Policy - modular.
-Based off of reference policy: Checked out revision  2996.
+Based off of reference policy: Checked out revision  3000.

 %build

@ -473,6 +473,11 @@ exit 0
 %endif

 %changelog
+* Fri Jun 19 2009 Dan Walsh <dwalsh@redhat.com> 3.6.17-1
+- Update to upstream
+- Additional mail ports
+- Add virt_use_usb boolean for svirt
+
 * Thu Jun 18 2009 Dan Walsh <dwalsh@redhat.com> 3.6.16-4
 - Fix mcs rules to include chr_file and blk_file

--- a/2
+++ b/2
@ -1 +1 @@
-a0c76482dedfe1a4e3fe645a8435f634  serefpolicy-3.6.16.tgz
+ff26e4c0c4b5057f2fae0ecc28f2c5fa  serefpolicy-3.6.17.tgz