Merge branch 'master' of ssh://pkgs.fedoraproject.org/selinux-policy

2012-07-30 12:03:01 -04:00 · 2012-07-30 12:03:01 -04:00 · 6e4df5a8d6
parent fc246ab63a 42c4091430
commit 6e4df5a8d6
3 changed files with 364 additions and 168 deletions
--- a/policy-rawhide.patch
+++ b/policy-rawhide.patch
--- a/policy_contrib-rawhide.patch
+++ b/policy_contrib-rawhide.patch
@ -4742,7 +4742,7 @@ index 61c74bc..17b3ecc 100644
 +	allow $1 avahi_unit_file_t:service all_service_perms;
 ')
 diff --git a/avahi.te b/avahi.te
-index a7a0e71..65bbd77 100644
+index a7a0e71..258486d 100644
 --- a/avahi.te
 +++ b/avahi.te
@@ -17,6 +17,10 @@ files_pid_file(avahi_var_lib_t)
@ -4769,15 +4769,17 @@ index a7a0e71..65bbd77 100644
 corenet_all_recvfrom_netlabel(avahi_t)
 corenet_tcp_sendrecv_generic_if(avahi_t)
 corenet_udp_sendrecv_generic_if(avahi_t)
-@@ -74,7 +78,6 @@ fs_list_inotifyfs(avahi_t)
+@@ -73,8 +77,8 @@ fs_search_auto_mountpoints(avahi_t)
+ fs_list_inotifyfs(avahi_t)
 
 domain_use_interactive_fds(avahi_t)
+domain_dontaudit_signull_all_domains(avahi_t)
 
 -files_read_etc_files(avahi_t)
 files_read_etc_runtime_files(avahi_t)
 files_read_usr_files(avahi_t)
 
-@@ -92,6 +95,8 @@ sysnet_domtrans_ifconfig(avahi_t)
+@@ -92,6 +96,8 @@ sysnet_domtrans_ifconfig(avahi_t)
 sysnet_manage_config(avahi_t)
 sysnet_etc_filetrans_config(avahi_t)
 
@ -4786,7 +4788,7 @@ index a7a0e71..65bbd77 100644
 userdom_dontaudit_use_unpriv_user_fds(avahi_t)
 userdom_dontaudit_search_user_home_dirs(avahi_t)
 
-@@ -104,6 +109,10 @@ optional_policy(`
+@@ -104,6 +110,10 @@ optional_policy(`
 ')
 
 optional_policy(`
@ -13551,7 +13553,7 @@ index 0000000..284fbae
 +	sysnet_domtrans_ifconfig(ctdbd_t)
 +')
 diff --git a/cups.fc b/cups.fc
-index 848bb92..306cd8e 100644
+index 848bb92..624fc09 100644
 --- a/cups.fc
 +++ b/cups.fc
@@ -19,7 +19,10 @@
@ -13586,9 +13588,9 @@ index 848bb92..306cd8e 100644
 /var/run/udev-configure-printer(/.*)? 	gen_context(system_u:object_r:cupsd_config_var_run_t,s0)
 /var/turboprint(/.*)?		gen_context(system_u:object_r:cupsd_var_run_t,s0)
 +
-+/usr/local/Brother/fax/.*\.log.*		gen_context(system_u:object_r:cupsd_log_t,s0)
-+/usr/local/Brother/(.*/)?inf(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-+/usr/local/Printer/(.*/)?inf(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
+/usr/Brother/fax/.*\.log.*		gen_context(system_u:object_r:cupsd_log_t,s0)
+/usr/Brother/(.*/)?inf(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
+/usr/Printer/(.*/)?inf(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
 +
 +/usr/local/linuxprinter/ppd(/.*)?      gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
 +
@ -25918,6 +25920,19 @@ index 53e53ca..92520eb 100644
 +miscfiles_read_localization(jabberd_domain)
 +
 +sysnet_read_config(jabberd_domain)
+diff --git a/java.fc b/java.fc
+index 72f3df0..43b488f 100644
+--- a/java.fc
+++ b/java.fc
+@@ -28,8 +28,6 @@
+ /usr/lib/opera(/.*)?/opera	--	gen_context(system_u:object_r:java_exec_t,s0)
+ /usr/lib/opera(/.*)?/works	--	gen_context(system_u:object_r:java_exec_t,s0)
+ 
+-/usr/local/matlab.*/bin.*/MATLAB.* --	gen_context(system_u:object_r:java_exec_t,s0)
+-
+ /usr/matlab.*/bin.*/MATLAB.*	--	gen_context(system_u:object_r:java_exec_t,s0)
+ 
+ ifdef(`distro_redhat',`
 diff --git a/java.te b/java.te
 index 95771f4..9d7f599 100644
 --- a/java.te
@ -26864,9 +26879,27 @@ index 0c52f60..a085fbd 100644
 
 optional_policy(`
 diff --git a/kerberos.fc b/kerberos.fc
-index 3525d24..ad19527 100644
+index 3525d24..de533f9 100644
 --- a/kerberos.fc
 +++ b/kerberos.fc
+@@ -13,13 +13,13 @@ HOME_DIR/\.k5login		--	gen_context(system_u:object_r:krb5_home_t,s0)
+ /etc/rc\.d/init\.d/krb524d	--	gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
+ /etc/rc\.d/init\.d/krb5kdc	--	gen_context(system_u:object_r:kerberos_initrc_exec_t,s0)
+ 
+-/usr/(local/)?(kerberos/)?sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0)
+-/usr/(local/)?(kerberos/)?sbin/kadmind -- gen_context(system_u:object_r:kadmind_exec_t,s0)
+/usr/(kerberos/)?sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0)
+/usr/(kerberos/)?sbin/kadmind -- gen_context(system_u:object_r:kadmind_exec_t,s0)
+ /usr/kerberos/sbin/kadmin\.local --	gen_context(system_u:object_r:kadmind_exec_t,s0)
+ /usr/kerberos/sbin/kpropd	--	gen_context(system_u:object_r:kpropd_exec_t,s0)
+ 
+-/usr/local/var/krb5kdc(/.*)?		gen_context(system_u:object_r:krb5kdc_conf_t,s0)
+-/usr/local/var/krb5kdc/principal.*	gen_context(system_u:object_r:krb5kdc_principal_t,s0)
+/usr/var/krb5kdc(/.*)?		gen_context(system_u:object_r:krb5kdc_conf_t,s0)
+/usr/var/krb5kdc/principal.*	gen_context(system_u:object_r:krb5kdc_principal_t,s0)
+ 
+ /var/kerberos/krb5kdc(/.*)?		gen_context(system_u:object_r:krb5kdc_conf_t,s0)
+ /var/kerberos/krb5kdc/from_master.*	gen_context(system_u:object_r:krb5kdc_lock_t,s0)
@@ -27,7 +27,15 @@ HOME_DIR/\.k5login		--	gen_context(system_u:object_r:krb5_home_t,s0)
 /var/kerberos/krb5kdc/principal.*	gen_context(system_u:object_r:krb5kdc_principal_t,s0)
 /var/kerberos/krb5kdc/principal.*\.ok	gen_context(system_u:object_r:krb5kdc_lock_t,s0)
@ -29116,7 +29149,7 @@ index 572b5db..1e55f43 100644
 +userdom_use_inherited_user_terminals(lockdev_t)
 +
 diff --git a/logrotate.te b/logrotate.te
-index 7090dae..0b9e946 100644
+index 7090dae..ea589dd 100644
 --- a/logrotate.te
 +++ b/logrotate.te
@@ -29,9 +29,7 @@ files_type(logrotate_var_lib_t)
@ -29178,12 +29211,13 @@ index 7090dae..0b9e946 100644
 
 # cjp: why is this needed?
 init_domtrans_script(logrotate_t)
-@@ -116,17 +118,17 @@ miscfiles_read_localization(logrotate_t)
+@@ -116,17 +118,18 @@ miscfiles_read_localization(logrotate_t)
 
 seutil_dontaudit_read_config(logrotate_t)
 
 -userdom_use_user_terminals(logrotate_t)
 +systemd_exec_systemctl(logrotate_t)
+systemd_getattr_unit_files(logrotate_t)
 +init_stream_connect(logrotate_t)
 +
 +userdom_use_inherited_user_terminals(logrotate_t)
@ -29203,7 +29237,7 @@ index 7090dae..0b9e946 100644
 	# for savelog
 	can_exec(logrotate_t, logrotate_exec_t)
 
-@@ -138,7 +140,7 @@ ifdef(`distro_debian', `
+@@ -138,7 +141,7 @@ ifdef(`distro_debian', `
 ')
 
 optional_policy(`
@ -29212,7 +29246,7 @@ index 7090dae..0b9e946 100644
 ')
 
 optional_policy(`
-@@ -154,6 +156,10 @@ optional_policy(`
+@@ -154,6 +157,10 @@ optional_policy(`
 ')
 
 optional_policy(`
@ -29223,7 +29257,7 @@ index 7090dae..0b9e946 100644
 	asterisk_domtrans(logrotate_t)
 ')
 
-@@ -162,10 +168,20 @@ optional_policy(`
+@@ -162,10 +169,20 @@ optional_policy(`
 ')
 
 optional_policy(`
@ -29244,7 +29278,7 @@ index 7090dae..0b9e946 100644
 	cups_domtrans(logrotate_t)
 ')
 
-@@ -178,6 +194,10 @@ optional_policy(`
+@@ -178,6 +195,10 @@ optional_policy(`
 ')
 
 optional_policy(`
@ -29255,7 +29289,7 @@ index 7090dae..0b9e946 100644
 	icecast_signal(logrotate_t)
 ')
 
-@@ -194,15 +214,19 @@ optional_policy(`
+@@ -194,15 +215,19 @@ optional_policy(`
 ')
 
 optional_policy(`
@ -29276,7 +29310,7 @@ index 7090dae..0b9e946 100644
 
 optional_policy(`
 	samba_exec_log(logrotate_t)
-@@ -228,3 +252,14 @@ optional_policy(`
+@@ -228,3 +253,14 @@ optional_policy(`
 optional_policy(`
 	varnishd_manage_log(logrotate_t)
 ')
@ -29409,9 +29443,18 @@ index 75ce30f..7f05283 100644
 +	cron_use_system_job_fds(logwatch_mail_t)
 +')
 diff --git a/lpd.fc b/lpd.fc
-index 5c9eb68..ca4fd2b 100644
+index 5c9eb68..e4f3c24 100644
 --- a/lpd.fc
 +++ b/lpd.fc
+@@ -24,7 +24,7 @@
+ /usr/sbin/lpinfo	--	gen_context(system_u:object_r:lpr_exec_t,s0)
+ /usr/sbin/lpmove	--	gen_context(system_u:object_r:lpr_exec_t,s0)
+ 
+-/usr/local/linuxprinter/bin/l?lpr -- gen_context(system_u:object_r:lpr_exec_t,s0)
+/usr/linuxprinter/bin/l?lpr -- gen_context(system_u:object_r:lpr_exec_t,s0)
+ 
+ /usr/share/printconf/.* --	gen_context(system_u:object_r:printconf_t,s0)
+ 
@@ -35,3 +35,4 @@
 /var/spool/cups-pdf(/.*)?	gen_context(system_u:object_r:print_spool_t,mls_systemhigh)
 /var/spool/lpd(/.*)?		gen_context(system_u:object_r:print_spool_t,s0)
@ -32973,7 +33016,7 @@ index afa18c8..f6e2bb8 100644
 +/var/spool/mqueue\.in(/.*)?	gen_context(system_u:object_r:mqueue_spool_t,s0)
 /var/spool/mail(/.*)?		gen_context(system_u:object_r:mail_spool_t,s0)
 diff --git a/mta.if b/mta.if
-index 4e2a5ba..68e2429 100644
+index 4e2a5ba..c3643f0 100644
 --- a/mta.if
 +++ b/mta.if
@@ -37,6 +37,7 @@ interface(`mta_stub',`
@ -33127,7 +33170,7 @@ index 4e2a5ba..68e2429 100644
 ########################################
 ## <summary>
 ##	Make the specified type by a system MTA.
-@@ -306,10 +257,11 @@ interface(`mta_mailserver_sender',`
+@@ -306,10 +257,15 @@ interface(`mta_mailserver_sender',`
 interface(`mta_mailserver_delivery',`
 	gen_require(`
 		attribute mailserver_delivery;
@ -33137,10 +33180,14 @@ index 4e2a5ba..68e2429 100644
 	typeattribute $1 mailserver_delivery;
 +
 +	userdom_home_manager($1)
+
+	optional_policy(`
+		mta_rw_delivery_tcp_sockets($1)
+	')
 ')
 
 #######################################
-@@ -393,12 +345,19 @@ interface(`mta_send_mail',`
+@@ -393,12 +349,19 @@ interface(`mta_send_mail',`
 #
 interface(`mta_sendmail_domtrans',`
 	gen_require(`
@ -33162,7 +33209,7 @@ index 4e2a5ba..68e2429 100644
 ')
 
 ########################################
-@@ -411,7 +370,6 @@ interface(`mta_sendmail_domtrans',`
+@@ -411,7 +374,6 @@ interface(`mta_sendmail_domtrans',`
 ##	</summary>
 ## </param>
 #
@ -33170,7 +33217,7 @@ index 4e2a5ba..68e2429 100644
 interface(`mta_signal_system_mail',`
 	gen_require(`
 		type system_mail_t;
-@@ -422,6 +380,60 @@ interface(`mta_signal_system_mail',`
+@@ -422,6 +384,60 @@ interface(`mta_signal_system_mail',`
 
 ########################################
 ## <summary>
@ -33231,7 +33278,7 @@ index 4e2a5ba..68e2429 100644
 ##	Execute sendmail in the caller domain.
 ## </summary>
 ## <param name="domain">
-@@ -440,6 +452,26 @@ interface(`mta_sendmail_exec',`
+@@ -440,6 +456,26 @@ interface(`mta_sendmail_exec',`
 
 ########################################
 ## <summary>
@ -33258,7 +33305,7 @@ index 4e2a5ba..68e2429 100644
 ##	Read mail server configuration.
 ## </summary>
 ## <param name="domain">
-@@ -496,6 +528,7 @@ interface(`mta_read_aliases',`
+@@ -496,6 +532,7 @@ interface(`mta_read_aliases',`
 
 	files_search_etc($1)
 	allow $1 etc_aliases_t:file read_file_perms;
@ -33266,7 +33313,7 @@ index 4e2a5ba..68e2429 100644
 ')
 
 ########################################
-@@ -534,7 +567,7 @@ interface(`mta_etc_filetrans_aliases',`
+@@ -534,7 +571,7 @@ interface(`mta_etc_filetrans_aliases',`
 		type etc_aliases_t;
 	')
 
@ -33275,7 +33322,7 @@ index 4e2a5ba..68e2429 100644
 ')
 
 ########################################
-@@ -554,7 +587,7 @@ interface(`mta_rw_aliases',`
+@@ -554,7 +591,7 @@ interface(`mta_rw_aliases',`
 	')
 
 	files_search_etc($1)
@ -33284,7 +33331,33 @@ index 4e2a5ba..68e2429 100644
 ')
 
 #######################################
-@@ -648,8 +681,8 @@ interface(`mta_dontaudit_getattr_spool_files',`
+@@ -576,6 +613,25 @@ interface(`mta_dontaudit_rw_delivery_tcp_sockets',`
+ 	dontaudit $1 mailserver_delivery:tcp_socket { read write };
+ ')
+ 
+######################################
+## <summary>
+##  Allow attempts to read and write TCP
+##  sockets of mail delivery domains.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain to not audit.
+##  </summary>
+## </param>
+#
+interface(`mta_rw_delivery_tcp_sockets',`
+    gen_require(`
+        attribute mailserver_delivery;
+    ')
+
+    allow $1 mailserver_delivery:tcp_socket { read write };
+')
+
+ #######################################
+ ## <summary>
+ ##	Connect to all mail servers over TCP.  (Deprecated)
+@@ -648,8 +704,8 @@ interface(`mta_dontaudit_getattr_spool_files',`
 
 	files_dontaudit_search_spool($1)
 	dontaudit $1 mail_spool_t:dir search_dir_perms;
@ -33295,7 +33368,7 @@ index 4e2a5ba..68e2429 100644
 ')
 
 #######################################
-@@ -679,7 +712,26 @@ interface(`mta_spool_filetrans',`
+@@ -679,7 +735,26 @@ interface(`mta_spool_filetrans',`
 	')
 
 	files_search_spool($1)
@ -33323,7 +33396,7 @@ index 4e2a5ba..68e2429 100644
 ')
 
 ########################################
-@@ -699,8 +751,8 @@ interface(`mta_rw_spool',`
+@@ -699,8 +774,8 @@ interface(`mta_rw_spool',`
 
 	files_search_spool($1)
 	allow $1 mail_spool_t:dir list_dir_perms;
@ -33334,7 +33407,7 @@ index 4e2a5ba..68e2429 100644
 	read_lnk_files_pattern($1, mail_spool_t, mail_spool_t)
 ')
 
-@@ -840,7 +892,7 @@ interface(`mta_dontaudit_rw_queue',`
+@@ -840,7 +915,7 @@ interface(`mta_dontaudit_rw_queue',`
 	')
 
 	dontaudit $1 mqueue_spool_t:dir search_dir_perms;
@ -33343,7 +33416,7 @@ index 4e2a5ba..68e2429 100644
 ')
 
 ########################################
-@@ -866,6 +918,36 @@ interface(`mta_manage_queue',`
+@@ -866,6 +941,36 @@ interface(`mta_manage_queue',`
 
 #######################################
 ## <summary>
@ -33380,7 +33453,7 @@ index 4e2a5ba..68e2429 100644
 ##	Read sendmail binary.
 ## </summary>
 ## <param name="domain">
-@@ -901,3 +983,170 @@ interface(`mta_rw_user_mail_stream_sockets',`
+@@ -901,3 +1006,170 @@ interface(`mta_rw_user_mail_stream_sockets',`
 
 	allow $1 user_mail_domain:unix_stream_socket rw_socket_perms;
 ')
@ -39606,18 +39679,17 @@ index b246bdd..99f27c0 100644
 files_read_etc_files(pads_t)
 files_search_spool(pads_t)
 diff --git a/passenger.fc b/passenger.fc
-index 545518d..e275c31 100644
+index 545518d..7d5bf4c 100644
 --- a/passenger.fc
 +++ b/passenger.fc
-@@ -3,6 +3,12 @@
+@@ -3,6 +3,11 @@
 /usr/lib/ruby/gems/.*/passenger-.*/agents/PassengerLoggingAgent			-- 	gen_context(system_u:object_r:passenger_exec_t,s0)
 /usr/lib/ruby/gems/.*/passenger-.*/agents/apache2/PassengerHelperAgent		-- 	gen_context(system_u:object_r:passenger_exec_t,s0)
 
-+/usr/local/share/gems/.*/passenger-.*/ext/apache2/ApplicationPoolServerExecutable  --  gen_context(system_u:object_r:passenger_exec_t,s0)
-+/usr/local/share/gems/.*/passenger-.*/agents/PassengerWatchdog		--	gen_context(system_u:object_r:passenger_exec_t,s0)
-+/usr/local/gems/.*/passenger-.*/agents/PassengerLoggingAgent         --  gen_context(system_u:object_r:passenger_exec_t,s0)
-+/usr/local/gems/.*/passenger-.*/agents/apache2/PassengerHelperAgent      --  gen_context(system_u:object_r:passenger_exec_t,s0)
-+
+/usr/share/gems/.*/passenger-.*/ext/apache2/ApplicationPoolServerExecutable  --  gen_context(system_u:object_r:passenger_exec_t,s0)
+/usr/share/gems/.*/passenger-.*/agents/PassengerWatchdog		--	gen_context(system_u:object_r:passenger_exec_t,s0)
+/usr/gems/.*/passenger-.*/agents/PassengerLoggingAgent         --  gen_context(system_u:object_r:passenger_exec_t,s0)
+/usr/gems/.*/passenger-.*/agents/apache2/PassengerHelperAgent      --  gen_context(system_u:object_r:passenger_exec_t,s0)
 +
 /var/lib/passenger(/.*)?		gen_context(system_u:object_r:passenger_var_lib_t,s0)
 
@ -46004,7 +46076,7 @@ index 5014056..9505fce 100644
 -	allow unconfined_qemu_t qemu_exec_t:file execmod;
 -')
 diff --git a/qmail.fc b/qmail.fc
-index 0055e54..f988f51 100644
+index 0055e54..edee505 100644
 --- a/qmail.fc
 +++ b/qmail.fc
@@ -17,6 +17,7 @@
@ -46015,6 +46087,15 @@ index 0055e54..f988f51 100644
 
 /var/qmail/queue(/.*)?			gen_context(system_u:object_r:qmail_spool_t,s0)
 
+@@ -25,7 +26,7 @@ ifdef(`distro_debian', `
+ 
+ /usr/bin/tcp-env		--	gen_context(system_u:object_r:qmail_tcp_env_exec_t,s0)
+ 
+-#/usr/local/bin/serialmail/.*	--	gen_context(system_u:object_r:qmail_serialmail_exec_t,s0)
+#/usr/bin/serialmail/.*	--	gen_context(system_u:object_r:qmail_serialmail_exec_t,s0)
+ 
+ /usr/sbin/qmail-clean		--	gen_context(system_u:object_r:qmail_clean_exec_t,s0)
+ /usr/sbin/qmail-getpw		--	gen_context(system_u:object_r:qmail_exec_t,s0)
 diff --git a/qmail.if b/qmail.if
 index a55bf44..c6dee66 100644
 --- a/qmail.if
@ -59852,7 +59933,7 @@ index 904f13e..5801347 100644
 +	')
 ')
 diff --git a/tor.te b/tor.te
-index c842cad..7f05b44 100644
+index c842cad..3c0dfe4 100644
 --- a/tor.te
 +++ b/tor.te
@@ -36,12 +36,16 @@ logging_log_file(tor_var_log_t)
@ -59872,15 +59953,18 @@ index c842cad..7f05b44 100644
 allow tor_t self:fifo_file rw_fifo_file_perms;
 allow tor_t self:unix_stream_socket create_stream_socket_perms;
 allow tor_t self:netlink_route_socket r_netlink_socket_perms;
-@@ -75,7 +79,6 @@ files_pid_filetrans(tor_t, tor_var_run_t, { dir file sock_file })
+@@ -73,9 +77,9 @@ manage_sock_files_pattern(tor_t, tor_var_run_t, tor_var_run_t)
+ files_pid_filetrans(tor_t, tor_var_run_t, { dir file sock_file })
+ 
 kernel_read_system_state(tor_t)
+kernel_read_net_sysctls(tor_t)
 
 # networking basics
 -corenet_all_recvfrom_unlabeled(tor_t)
 corenet_all_recvfrom_netlabel(tor_t)
 corenet_tcp_sendrecv_generic_if(tor_t)
 corenet_udp_sendrecv_generic_if(tor_t)
-@@ -87,6 +90,7 @@ corenet_tcp_sendrecv_all_reserved_ports(tor_t)
+@@ -87,6 +91,7 @@ corenet_tcp_sendrecv_all_reserved_ports(tor_t)
 corenet_tcp_bind_generic_node(tor_t)
 corenet_udp_bind_generic_node(tor_t)
 corenet_tcp_bind_tor_port(tor_t)
@ -59888,7 +59972,7 @@ index c842cad..7f05b44 100644
 corenet_udp_bind_dns_port(tor_t)
 corenet_sendrecv_tor_server_packets(tor_t)
 corenet_sendrecv_dns_server_packets(tor_t)
-@@ -95,13 +99,14 @@ corenet_tcp_connect_all_ports(tor_t)
+@@ -95,13 +100,14 @@ corenet_tcp_connect_all_ports(tor_t)
 corenet_sendrecv_all_client_packets(tor_t)
 # ... especially including port 80 and other privileged ports
 corenet_tcp_connect_all_reserved_ports(tor_t)
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@ -19,7 +19,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.11.0
-Release: 13%{?dist}
+Release: 14%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@ -491,6 +491,9 @@ SELinux Reference policy mls base module.
 %endif

 %changelog
+* Mon Jul 30 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-14
+- Add systemd fixes to make rawhide booting
+
 * Fri Jul 27 2012 Miroslav Grepl <mgrepl@redhat.com> 3.11.0-13
 - Add systemd_logind_inhibit_var_run_t attribute
 - Remove corenet_all_recvfrom_unlabeled() for non-contrib policies because we moved it to domain.if for all domain_type