- Update rhcs policy

policy-F12.patch

@@ -388,7 +388,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /usr/bin/online_update		--	gen_context(system_u:object_r:rpm_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.6.32/policy/modules/admin/rpm.if
 --- nsaserefpolicy/policy/modules/admin/rpm.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/admin/rpm.if	2009-09-29 10:11:37.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/admin/rpm.if	2009-09-29 16:46:01.000000000 -0400
 @@ -13,11 +13,34 @@
  interface(`rpm_domtrans',`
  	gen_require(`
@@ -2593,8 +2593,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/usr/lib(64)?/mozilla/plugins-wrapped(/.*)?			gen_context(system_u:object_r:nsplugin_rw_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.6.32/policy/modules/apps/nsplugin.if
 --- nsaserefpolicy/policy/modules/apps/nsplugin.if	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.32/policy/modules/apps/nsplugin.if	2009-09-29 15:46:41.000000000 -0400
-@@ -0,0 +1,322 @@
++++ serefpolicy-3.6.32/policy/modules/apps/nsplugin.if	2009-09-29 16:37:24.000000000 -0400
+@@ -0,0 +1,323 @@
 +
 +## <summary>policy for nsplugin</summary>
 +
@@ -2680,6 +2680,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +		type nsplugin_config_t;
 +		class x_drawable all_x_drawable_perms;
 +		class x_resource all_x_resource_perms;
++		class dbus send_msg;
 +	')
 +
 +	role $1 types nsplugin_t;
@@ -8398,7 +8399,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	All of the rules required to administrate 
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/abrt.te serefpolicy-3.6.32/policy/modules/services/abrt.te
 --- nsaserefpolicy/policy/modules/services/abrt.te	2009-09-16 09:09:20.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/abrt.te	2009-09-24 11:54:43.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/abrt.te	2009-09-29 16:46:09.000000000 -0400
 @@ -75,6 +75,7 @@
  
  corecmd_exec_bin(abrt_t)
@@ -8407,7 +8408,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  corenet_tcp_connect_http_port(abrt_t)
  
-@@ -105,13 +106,20 @@
+@@ -105,13 +106,22 @@
  	dbus_system_bus_client(abrt_t)
  ')
  
@@ -8420,6 +8421,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 -	rpm_manage_db(abrt_t)
 -	rpm_domtrans(abrt_t)
 +	rpm_manage_cache(abrt_t)
++	rpm_read_db(abrt_t)
++	rpm_dontaudit_manage_db(abrt_t)
 +	rpm_domtrans_debuginfo(abrt_t)
 +	rpm_signull(abrt_t)
  ')
@@ -12124,7 +12127,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.6.32/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.6.32/policy/modules/services/dovecot.te	2009-09-16 10:03:09.000000000 -0400
++++ serefpolicy-3.6.32/policy/modules/services/dovecot.te	2009-09-29 16:39:40.000000000 -0400
 @@ -103,6 +103,7 @@
  dev_read_urand(dovecot_t)
  
@@ -12133,6 +12136,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  fs_search_auto_mountpoints(dovecot_t)
  fs_list_inotifyfs(dovecot_t)
  
+@@ -159,7 +160,7 @@
+ #
+ 
+ allow dovecot_auth_t self:capability { chown dac_override setgid setuid };
+-allow dovecot_auth_t self:process signal_perms;
++allow dovecot_auth_t self:process { signal_perms getcap setcap };
+ allow dovecot_auth_t self:fifo_file rw_fifo_file_perms;
+ allow dovecot_auth_t self:unix_dgram_socket create_socket_perms;
+ allow dovecot_auth_t self:unix_stream_socket create_stream_socket_perms;
 @@ -220,9 +221,15 @@
  ')