patch from dan

refpolicy/Makefile

@@ -53,7 +53,6 @@ DISTRO = redhat
 # run init scripts, instead of requring run_init.
 # This is a build option, as role transitions do
 # not work in conditional policy.
-# This option will be impled as y for redhat policies.
 DIRECT_INITRC=y
 
 # Build monolithic policy.  Putting n here

refpolicy/policy/modules/admin/su.if

@@ -57,6 +57,7 @@ template(`su_restricted_domain_template', `
 	domain_use_wide_inherit_fd($1_su_t)
 
 	files_read_etc_files($1_su_t)
+	files_read_etc_runtime_files($1_su_t)
 	files_search_var_lib($1_su_t)
 
 	init_dontaudit_use_fd($1_su_t)

refpolicy/policy/modules/admin/su.te

@@ -1,5 +1,5 @@
 
-policy_module(su,1.0)
+policy_module(su,1.0.1)
 
 ########################################
 #

refpolicy/policy/modules/services/cups.te

@@ -632,7 +632,7 @@ ifdef(`targeted_policy', `
 	allow initrc_t cupsd_t:dbus send_msg;
 	allow { cupsd_config_t cupsd_t } unconfined_t:dbus send_msg;
 	allow unconfined_t cupsd_config_t:dbus send_msg;
-	allow { cupsd_t cupsd_config_t } unconfined_t:fifo_file read;
+	allow { cupsd_t cupsd_config_t } unconfined_t:fifo_file r_file_perms;
 	term_use_generic_pty(cupsd_config_t)
 ')
 

refpolicy/policy/modules/services/dovecot.te

@@ -1,5 +1,5 @@
 
-policy_module(dovecot,1.0.1)
+policy_module(dovecot,1.0.2)
 
 ########################################
 #
@@ -159,8 +159,10 @@ kernel_read_system_state(dovecot_auth_t)
 dev_read_urand(dovecot_auth_t)
 
 auth_domtrans_chk_passwd(dovecot_auth_t)
+auth_use_nsswitch(dovecot_auth_t)
 
 files_read_etc_files(dovecot_auth_t)
+files_read_etc_runtime_files(dovecot_auth_t)
 files_search_pids(dovecot_auth_t)
 
 libs_use_ld_so(dovecot_auth_t)

refpolicy/policy/modules/services/privoxy.fc

@@ -1,4 +1,6 @@
 
+/etc/privoxy/user\.action --	gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
+
 /usr/sbin/privoxy	--	gen_context(system_u:object_r:privoxy_exec_t,s0)
 
 /var/log/privoxy(/.*)?		gen_context(system_u:object_r:privoxy_log_t,s0)

refpolicy/policy/modules/services/privoxy.te

@@ -1,5 +1,5 @@
 
-policy_module(privoxy,1.0)
+policy_module(privoxy,1.0.1)
 
 ########################################
 #
@@ -10,6 +10,9 @@ type privoxy_t; # web_client_domain
 type privoxy_exec_t;
 init_daemon_domain(privoxy_t,privoxy_exec_t)
 
+type privoxy_etc_rw_t;
+files_type(privoxy_etc_rw_t)
+
 type privoxy_log_t;
 logging_log_file(privoxy_log_t)
 
@@ -25,6 +28,8 @@ allow privoxy_t self:capability { setgid setuid };
 dontaudit privoxy_t self:capability sys_tty_config;
 allow privoxy_t self:tcp_socket create_stream_socket_perms;
 
+allow privoxy_t privoxy_etc_rw_t:file rw_file_perms;
+
 allow privoxy_t privoxy_log_t:file create_file_perms;
 allow privoxy_t privoxy_log_t:dir rw_dir_perms;
 logging_create_log(privoxy_t,privoxy_log_t)

refpolicy/policy/modules/services/procmail.te

@@ -1,5 +1,5 @@
 
-policy_module(procmail,1.0.0)
+policy_module(procmail,1.0.1)
 
 ########################################
 #
@@ -38,6 +38,7 @@ corenet_tcp_sendrecv_all_ports(procmail_t)
 corenet_udp_sendrecv_all_ports(procmail_t)
 corenet_tcp_bind_all_nodes(procmail_t)
 corenet_udp_bind_all_nodes(procmail_t)
+corenet_tcp_connect_spamd_port(procmail_t)
 
 dev_read_urand(procmail_t)
 

refpolicy/policy/modules/services/sasl.te

@@ -1,5 +1,5 @@
 
-policy_module(sasl,1.0)
+policy_module(sasl,1.0.1)
 
 ########################################
 #
@@ -50,10 +50,12 @@ fs_search_auto_mountpoints(saslauthd_t)
 term_dontaudit_use_console(saslauthd_t)
 
 auth_domtrans_chk_passwd(saslauthd_t)
+auth_use_nsswitch(saslauthd_t)
 
 domain_use_wide_inherit_fd(saslauthd_t)
 
 files_read_etc_files(saslauthd_t)
+files_read_etc_runtime_files(saslauthd_t)
 files_search_var_lib(saslauthd_t)
 files_dontaudit_getattr_home_dir(saslauthd_t)