trunk: 7 patches from dan.

policy/modules/services/fetchmail.if

@@ -21,10 +21,10 @@ interface(`fetchmail_admin',`
 	ps_process_pattern($1, fetchmail_t)
 
 	files_list_etc($1)
-	manage_files_pattern($1, fetchmail_etc_t, fetchmail_etc_t)
+	admin_pattern($1, fetchmail_etc_t)
 
-	manage_files_pattern($1, fetchmail_uidl_cache_t, fetchmail_uidl_cache_t)
+	admin_pattern($1, fetchmail_uidl_cache_t)
 
 	files_list_pids($1)
-	manage_files_pattern($1, fetchmail_var_run_t, fetchmail_var_run_t)
+	admin_pattern($1, fetchmail_var_run_t)
 ')

policy/modules/services/fetchmail.te

@@ -1,5 +1,5 @@
 
-policy_module(fetchmail, 1.7.1)
+policy_module(fetchmail, 1.7.2)
 
 ########################################
 #
@@ -86,6 +86,10 @@ optional_policy(`
 	procmail_domtrans(fetchmail_t)
 ')
 
+optional_policy(`
+	sendmail_manage_log(fetchmail_t)
+')
+
 optional_policy(`
 	seutil_sigchld_newrole(fetchmail_t)
 ')

policy/modules/services/portmap.te

@@ -1,5 +1,5 @@
 
-policy_module(portmap, 1.7.1)
+policy_module(portmap, 1.7.2)
 
 ########################################
 #
@@ -41,9 +41,8 @@ files_tmp_filetrans(portmap_t, portmap_tmp_t, { file dir })
 manage_files_pattern(portmap_t, portmap_var_run_t, portmap_var_run_t)
 files_pid_filetrans(portmap_t, portmap_var_run_t, file)
 
+kernel_read_system_state(portmap_t)
 kernel_read_kernel_sysctls(portmap_t)
-kernel_list_proc(portmap_t)
-kernel_read_proc_symlinks(portmap_t)
 
 corenet_all_recvfrom_unlabeled(portmap_t)
 corenet_all_recvfrom_netlabel(portmap_t)

policy/modules/services/radius.te

@@ -1,5 +1,5 @@
 
-policy_module(radius, 1.9.1)
+policy_module(radius, 1.9.2)
 
 ########################################
 #
@@ -59,8 +59,9 @@ logging_log_filetrans(radiusd_t, radiusd_log_t,{ file dir })
 
 manage_files_pattern(radiusd_t, radiusd_var_lib_t, radiusd_var_lib_t)
 
+manage_sock_files_pattern(radiusd_t, radiusd_var_run_t, radiusd_var_run_t)
 manage_files_pattern(radiusd_t, radiusd_var_run_t, radiusd_var_run_t)
-files_pid_filetrans(radiusd_t, radiusd_var_run_t, file)
+files_pid_filetrans(radiusd_t, radiusd_var_run_t, { file sock_file })
 
 kernel_read_kernel_sysctls(radiusd_t)
 kernel_read_system_state(radiusd_t)

policy/modules/services/rpcbind.fc

@@ -1,4 +1,4 @@
-/etc/rc.d/init.d/rpcbind --	gen_context(system_u:object_r:rpcbind_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/rpcbind	--	gen_context(system_u:object_r:rpcbind_initrc_exec_t,s0)
 
 /sbin/rpcbind		--	gen_context(system_u:object_r:rpcbind_exec_t,s0)
 

policy/modules/services/rpcbind.te

@@ -1,5 +1,5 @@
 
-policy_module(rpcbind, 1.2.0)
+policy_module(rpcbind, 1.2.1)
 
 ########################################
 #
@@ -60,6 +60,7 @@ corenet_udp_bind_all_rpc_ports(rpcbind_t)
 domain_use_interactive_fds(rpcbind_t)
 
 files_read_etc_files(rpcbind_t)
+files_read_etc_runtime_files(rpcbind_t)
 
 logging_send_syslog_msg(rpcbind_t)
 

policy/modules/services/rsync.fc

@@ -3,4 +3,4 @@
 
 /var/log/rsync\.log      --	gen_context(system_u:object_r:rsync_log_t,s0)
 
-/var/run/rsyncd\.lock      --	gen_context(system_u:object_r:rsync_log_t,s0)
+/var/run/rsyncd\.lock      --	gen_context(system_u:object_r:rsync_var_run_t,s0)

policy/modules/services/rsync.te

@@ -1,5 +1,5 @@
 
-policy_module(rsync, 1.7.0)
+policy_module(rsync, 1.7.1)
 
 ########################################
 #
@@ -45,7 +45,7 @@ files_pid_file(rsync_var_run_t)
 # Local policy
 #
 
-allow rsync_t self:capability { dac_read_search dac_override setuid setgid sys_chroot };
+allow rsync_t self:capability { chown dac_read_search dac_override fowner fsetid setuid setgid sys_chroot };
 allow rsync_t self:process signal_perms;
 allow rsync_t self:fifo_file rw_fifo_file_perms;
 allow rsync_t self:tcp_socket create_stream_socket_perms;

policy/modules/services/sysstat.te

@@ -1,5 +1,5 @@
 
-policy_module(sysstat, 1.3.1)
+policy_module(sysstat, 1.3.2)
 
 ########################################
 #
@@ -47,6 +47,7 @@ files_read_etc_runtime_files(sysstat_t)
 files_read_etc_files(sysstat_t)
 
 fs_getattr_xattr_fs(sysstat_t)
+fs_list_inotifyfs(sysstat_t)
 
 term_use_console(sysstat_t)
 term_use_all_terms(sysstat_t)

policy/modules/services/tftp.te

@@ -1,5 +1,5 @@
 
-policy_module(tftp, 1.9.1)
+policy_module(tftp, 1.9.2)
 
 ########################################
 #
@@ -75,6 +75,7 @@ fs_search_auto_mountpoints(tftpd_t)
 domain_use_interactive_fds(tftpd_t)
 
 files_read_etc_files(tftpd_t);
+files_read_etc_runtime_files(tftpd_t);
 files_read_var_files(tftpd_t)
 files_read_var_symlinks(tftpd_t)
 files_search_var(tftpd_t)