Remove tzdata policy

Remove ada domain

execmem.patch

@@ -1,7 +1,6 @@
-diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
-index 8d3c1d8..a7b1b65 100644
---- a/policy/modules/admin/rpm.te
-+++ b/policy/modules/admin/rpm.te
+diff -up serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem serefpolicy-3.10.0/policy/modules/admin/rpm.te
+--- serefpolicy-3.10.0/policy/modules/admin/rpm.te.execmem	2011-10-20 11:53:35.312262063 -0400
++++ serefpolicy-3.10.0/policy/modules/admin/rpm.te	2011-10-20 11:53:35.825261313 -0400
 @@ -416,14 +416,6 @@ optional_policy(`
  	unconfined_domain_noaudit(rpm_script_t)
  	unconfined_domtrans(rpm_script_t)
@@ -17,11 +16,10 @@ index 8d3c1d8..a7b1b65 100644
  ')
  
  optional_policy(`
-diff --git a/policy/modules/apps/execmem.fc b/policy/modules/apps/execmem.fc
-index 6f3570a..70c661e 100644
---- a/policy/modules/apps/execmem.fc
-+++ b/policy/modules/apps/execmem.fc
-@@ -46,3 +46,48 @@ ifdef(`distro_gentoo',`
+diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.fc
+--- serefpolicy-3.10.0/policy/modules/apps/execmem.fc.execmem	2011-10-20 11:53:35.331262035 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/execmem.fc	2011-10-20 11:53:54.447234072 -0400
+@@ -47,3 +47,56 @@ ifdef(`distro_gentoo',`
  /opt/Komodo-Edit-5/lib/mozilla/komodo-bin -- gen_context(system_u:object_r:execmem_exec_t,s0)
  /opt/Adobe/Reader9/Reader/intellinux/bin/acroread -- gen_context(system_u:object_r:execmem_exec_t,s0)
  /usr/local/Wolfram/Mathematica(/.*)?MathKernel	  -- gen_context(system_u:object_r:execmem_exec_t,s0)
@@ -70,19 +68,25 @@ index 6f3570a..70c661e 100644
 +/usr/java/eclipse[^/]*/eclipse	--	gen_context(system_u:object_r:execmem_exec_t,s0)
 +')
 +/usr/bin/mono.*	--	gen_context(system_u:object_r:execmem_exec_t,s0)
-diff --git a/policy/modules/apps/execmem.if b/policy/modules/apps/execmem.if
-index e23f640..a78bec0 100644
---- a/policy/modules/apps/execmem.if
-+++ b/policy/modules/apps/execmem.if
++
++#
++# Conflicts with ada domain
++#
++/usr/bin/gnatbind	--	gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/bin/gnatls		--	gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/bin/gnatmake	--	gen_context(system_u:object_r:execmem_exec_t,s0)
++/usr/libexec/gcc(/.*)?/gnat1 -- gen_context(system_u:object_r:execmem_exec_t,s0)
+diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.if
+--- serefpolicy-3.10.0/policy/modules/apps/execmem.if.execmem	2011-10-20 11:53:35.332262034 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/execmem.if	2011-10-20 11:53:35.826261312 -0400
 @@ -129,4 +129,3 @@ interface(`execmem_execmod',`
  
  	allow $1 execmem_exec_t:file execmod;
  ')
 -
-diff --git a/policy/modules/apps/execmem.te b/policy/modules/apps/execmem.te
-index a7d37e2..fd8450f 100644
---- a/policy/modules/apps/execmem.te
-+++ b/policy/modules/apps/execmem.te
+diff -up serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem serefpolicy-3.10.0/policy/modules/apps/execmem.te
+--- serefpolicy-3.10.0/policy/modules/apps/execmem.te.execmem	2011-10-20 11:53:35.332262034 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/execmem.te	2011-10-20 11:53:35.827261310 -0400
 @@ -4,7 +4,25 @@ policy_module(execmem, 1.0.0)
  #
  # Declarations
@@ -110,10 +114,9 @@ index a7d37e2..fd8450f 100644
 +	nsplugin_rw_shm(execmem_type)
 +	nsplugin_rw_semaphores(execmem_type)
 +')
-diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
-index d1b1280..f93103b 100644
---- a/policy/modules/apps/mozilla.te
-+++ b/policy/modules/apps/mozilla.te
+diff -up serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem serefpolicy-3.10.0/policy/modules/apps/mozilla.te
+--- serefpolicy-3.10.0/policy/modules/apps/mozilla.te.execmem	2011-10-20 11:53:35.350262007 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/mozilla.te	2011-10-20 11:53:35.827261310 -0400
 @@ -273,10 +273,6 @@ optional_policy(`
  ')
  
@@ -134,10 +137,9 @@ index d1b1280..f93103b 100644
  ')
  
  optional_policy(`
-diff --git a/policy/modules/apps/podsleuth.te b/policy/modules/apps/podsleuth.te
-index ccc15ab..9d0e298 100644
---- a/policy/modules/apps/podsleuth.te
-+++ b/policy/modules/apps/podsleuth.te
+diff -up serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem serefpolicy-3.10.0/policy/modules/apps/podsleuth.te
+--- serefpolicy-3.10.0/policy/modules/apps/podsleuth.te.execmem	2011-06-27 14:18:04.000000000 -0400
++++ serefpolicy-3.10.0/policy/modules/apps/podsleuth.te	2011-10-20 11:53:35.828261308 -0400
 @@ -85,5 +85,5 @@ optional_policy(`
  ')
  
@@ -145,10 +147,9 @@ index ccc15ab..9d0e298 100644
 -	mono_exec(podsleuth_t)
 +	execmem_exec(podsleuth_t)
  ')
-diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
-index bfabe3f..fbbce55 100644
---- a/policy/modules/roles/staff.te
-+++ b/policy/modules/roles/staff.te
+diff -up serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem serefpolicy-3.10.0/policy/modules/roles/staff.te
+--- serefpolicy-3.10.0/policy/modules/roles/staff.te.execmem	2011-10-20 11:53:35.411261918 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/staff.te	2011-10-20 11:53:35.829261306 -0400
 @@ -268,10 +268,6 @@ ifndef(`distro_redhat',`
  	')
  
@@ -160,11 +161,10 @@ index bfabe3f..fbbce55 100644
  		lockdev_role(staff_r, staff_t)
  	')
  
-diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
-index 7cd6d4f..e120bbc 100644
---- a/policy/modules/roles/sysadm.te
-+++ b/policy/modules/roles/sysadm.te
-@@ -524,10 +524,6 @@ ifndef(`distro_redhat',`
+diff -up serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem serefpolicy-3.10.0/policy/modules/roles/sysadm.te
+--- serefpolicy-3.10.0/policy/modules/roles/sysadm.te.execmem	2011-10-20 11:53:35.412261917 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/sysadm.te	2011-10-20 11:53:35.829261306 -0400
+@@ -520,10 +520,6 @@ ifndef(`distro_redhat',`
  	')
  
  	optional_policy(`
@@ -175,11 +175,10 @@ index 7cd6d4f..e120bbc 100644
  		lockdev_role(sysadm_r, sysadm_t)
  	')
  
-diff --git a/policy/modules/roles/unconfineduser.te b/policy/modules/roles/unconfineduser.te
-index fcc8949..6f1425f 100644
---- a/policy/modules/roles/unconfineduser.te
-+++ b/policy/modules/roles/unconfineduser.te
-@@ -337,10 +337,6 @@ optional_policy(`
+diff -up serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te
+--- serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te.execmem	2011-10-20 11:53:35.820261320 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/unconfineduser.te	2011-10-20 11:53:35.830261305 -0400
+@@ -342,10 +342,6 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -190,7 +189,7 @@ index fcc8949..6f1425f 100644
  	kerberos_filetrans_named_content(unconfined_t)
  ')
  
-@@ -361,13 +357,6 @@ optional_policy(`
+@@ -366,13 +362,6 @@ optional_policy(`
  ')
  
  optional_policy(`
@@ -204,10 +203,9 @@ index fcc8949..6f1425f 100644
  	mozilla_role_plugin(unconfined_r)
  
  	tunable_policy(`unconfined_mozilla_plugin_transition', `
-diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
-index e5a8559..68013b7 100644
---- a/policy/modules/roles/unprivuser.te
-+++ b/policy/modules/roles/unprivuser.te
+diff -up serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem serefpolicy-3.10.0/policy/modules/roles/unprivuser.te
+--- serefpolicy-3.10.0/policy/modules/roles/unprivuser.te.execmem	2011-10-20 11:53:35.414261914 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/unprivuser.te	2011-10-20 11:53:35.831261304 -0400
 @@ -148,10 +148,6 @@ ifndef(`distro_redhat',`
  	')
  
@@ -219,10 +217,9 @@ index e5a8559..68013b7 100644
  		lockdev_role(user_r, user_t)
  	')
  
-diff --git a/policy/modules/roles/xguest.te b/policy/modules/roles/xguest.te
-index 1cd57fd..a1db79d 100644
---- a/policy/modules/roles/xguest.te
-+++ b/policy/modules/roles/xguest.te
+diff -up serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem serefpolicy-3.10.0/policy/modules/roles/xguest.te
+--- serefpolicy-3.10.0/policy/modules/roles/xguest.te.execmem	2011-10-20 11:53:35.415261912 -0400
++++ serefpolicy-3.10.0/policy/modules/roles/xguest.te	2011-10-20 11:53:35.831261304 -0400
 @@ -107,14 +107,6 @@ optional_policy(`
  ')
  
@@ -238,21 +235,19 @@ index 1cd57fd..a1db79d 100644
  	mozilla_run_plugin(xguest_usertype, xguest_r)
  ')
  
-diff --git a/policy/modules/services/boinc.te b/policy/modules/services/boinc.te
-index 1442451..add9ada 100644
---- a/policy/modules/services/boinc.te
-+++ b/policy/modules/services/boinc.te
-@@ -168,5 +168,5 @@ miscfiles_read_fonts(boinc_project_t)
+diff -up serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem serefpolicy-3.10.0/policy/modules/services/boinc.te
+--- serefpolicy-3.10.0/policy/modules/services/boinc.te.execmem	2011-10-20 11:53:35.445261869 -0400
++++ serefpolicy-3.10.0/policy/modules/services/boinc.te	2011-10-20 11:53:35.832261303 -0400
+@@ -170,5 +170,5 @@ miscfiles_read_fonts(boinc_project_t)
  miscfiles_read_localization(boinc_project_t)
  
  optional_policy(`
 -	java_exec(boinc_project_t)
 +	execmem_exec(boinc_project_t)
  ')
-diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te
-index 86ea0ba..a2c41fd 100644
---- a/policy/modules/services/cron.te
-+++ b/policy/modules/services/cron.te
+diff -up serefpolicy-3.10.0/policy/modules/services/cron.te.execmem serefpolicy-3.10.0/policy/modules/services/cron.te
+--- serefpolicy-3.10.0/policy/modules/services/cron.te.execmem	2011-10-20 11:53:35.479261819 -0400
++++ serefpolicy-3.10.0/policy/modules/services/cron.te	2011-10-20 11:53:35.833261301 -0400
 @@ -299,10 +299,6 @@ optional_policy(`
  ')
  
@@ -275,7 +270,7 @@ index 86ea0ba..a2c41fd 100644
  	mrtg_append_create_logs(system_cronjob_t)
  ')
  
-@@ -709,11 +701,6 @@ tunable_policy(`fcron_crond',`
+@@ -710,11 +702,6 @@ tunable_policy(`fcron_crond',`
  	allow crond_t user_cron_spool_t:file manage_file_perms;
  ')
  
@@ -287,10 +282,9 @@ index 86ea0ba..a2c41fd 100644
  optional_policy(`
  	nis_use_ypbind(cronjob_t)
  ')
-diff --git a/policy/modules/services/hadoop.if b/policy/modules/services/hadoop.if
-index 1e40c00..ae34382 100644
---- a/policy/modules/services/hadoop.if
-+++ b/policy/modules/services/hadoop.if
+diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem serefpolicy-3.10.0/policy/modules/services/hadoop.if
+--- serefpolicy-3.10.0/policy/modules/services/hadoop.if.execmem	2011-10-20 11:53:35.529261745 -0400
++++ serefpolicy-3.10.0/policy/modules/services/hadoop.if	2011-10-20 11:53:35.834261299 -0400
 @@ -127,7 +127,7 @@ template(`hadoop_domain_template',`
  
  	hadoop_exec_config(hadoop_$1_t)
@@ -300,10 +294,9 @@ index 1e40c00..ae34382 100644
  
  	kerberos_use(hadoop_$1_t)
  
-diff --git a/policy/modules/services/hadoop.te b/policy/modules/services/hadoop.te
-index 3889dc9..32dc803 100644
---- a/policy/modules/services/hadoop.te
-+++ b/policy/modules/services/hadoop.te
+diff -up serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem serefpolicy-3.10.0/policy/modules/services/hadoop.te
+--- serefpolicy-3.10.0/policy/modules/services/hadoop.te.execmem	2011-10-20 11:53:35.530261744 -0400
++++ serefpolicy-3.10.0/policy/modules/services/hadoop.te	2011-10-20 11:53:35.835261297 -0400
 @@ -167,7 +167,7 @@ miscfiles_read_localization(hadoop_t)
  
  userdom_use_inherited_user_terminals(hadoop_t)
@@ -322,16 +315,15 @@ index 3889dc9..32dc803 100644
  
  ########################################
  #
-@@ -427,4 +427,4 @@ miscfiles_read_localization(zookeeper_server_t)
+@@ -427,4 +427,4 @@ miscfiles_read_localization(zookeeper_se
  
  sysnet_read_config(zookeeper_server_t)
  
 -java_exec(zookeeper_server_t)
 +execmem_exec(zookeeper_server_t)
-diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
-index 60e0e2d..d14f2d6 100644
---- a/policy/modules/services/xserver.te
-+++ b/policy/modules/services/xserver.te
+diff -up serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem serefpolicy-3.10.0/policy/modules/services/xserver.te
+--- serefpolicy-3.10.0/policy/modules/services/xserver.te.execmem	2011-10-20 11:53:35.719261468 -0400
++++ serefpolicy-3.10.0/policy/modules/services/xserver.te	2011-10-20 11:53:35.837261295 -0400
 @@ -1247,10 +1247,6 @@ optional_policy(`
  ')
  
@@ -343,11 +335,10 @@ index 60e0e2d..d14f2d6 100644
  	rhgb_rw_shm(xserver_t)
  	rhgb_rw_tmpfs_files(xserver_t)
  ')
-diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
-index 53f3bfe..20dd3a0 100644
---- a/policy/modules/system/init.te
-+++ b/policy/modules/system/init.te
-@@ -1190,10 +1190,6 @@ optional_policy(`
+diff -up serefpolicy-3.10.0/policy/modules/system/init.te.execmem serefpolicy-3.10.0/policy/modules/system/init.te
+--- serefpolicy-3.10.0/policy/modules/system/init.te.execmem	2011-10-20 11:53:35.738261440 -0400
++++ serefpolicy-3.10.0/policy/modules/system/init.te	2011-10-20 11:53:35.838261294 -0400
+@@ -1192,10 +1192,6 @@ optional_policy(`
  		unconfined_dontaudit_rw_pipes(daemon)
  	')
  
@@ -358,11 +349,10 @@ index 53f3bfe..20dd3a0 100644
  	# Allow SELinux aware applications to request rpm_script_t execution
  	rpm_transition_script(initrc_t)
  	
-diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
-index e7a65ae..a001ce9 100644
---- a/policy/modules/system/userdomain.if
-+++ b/policy/modules/system/userdomain.if
-@@ -1281,14 +1281,6 @@ template(`userdom_unpriv_user_template', `
+diff -up serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem serefpolicy-3.10.0/policy/modules/system/userdomain.if
+--- serefpolicy-3.10.0/policy/modules/system/userdomain.if.execmem	2011-10-20 11:53:35.775261386 -0400
++++ serefpolicy-3.10.0/policy/modules/system/userdomain.if	2011-10-20 11:53:35.840261291 -0400
+@@ -1281,14 +1281,6 @@ template(`userdom_unpriv_user_template',
  	')
  
  	optional_policy(`

modules-mls.conf

@@ -32,13 +32,6 @@ acct = module
 # 
 alsa = module
 
-# Layer: apps
-# Module: ada
-#
-# ada executable
-# 
-ada = module
-
 # Layer: services
 # Module: cachefilesd
 #

modules-targeted.conf

@@ -39,13 +39,6 @@ ajaxterm = module
 # 
 alsa = module
 
-# Layer: apps
-# Module: ada
-#
-# ada executable
-# 
-ada = module
-
 # Layer: services
 # Module: callweaver
 #
@@ -2452,4 +2445,23 @@ cfengine = module
 #
 polipo = module
 
+# Layer: services
+# Module: nova
+#
+#  openstack-nova
+#
+nova = module
 
+# Layer: services
+# Module: rabbitmq
+#
+#  rabbitmq daemons 
+#
+rabbitmq = module
+
+# Layer: services
+# Module: cloudform
+# 
+#  cloudform daemons 
+#
+cloudform = module

selinux-policy.spec

@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.10.0
-Release: 43%{?dist}
+Release: 45%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -219,7 +219,7 @@ fi;
 if [ -e /etc/selinux/%2/.rebuild ]; then \
    rm /etc/selinux/%2/.rebuild; \
    if [ %1 -ne 1 ]; then \
-	/usr/sbin/semodule -n -s %2 -r tzdata hal hotplug howl java mono moilscanner gamin audio_entropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger qpidd 2>/dev/null; \
+	/usr/sbin/semodule -n -s %2 -r ada tzdata hal hotplug howl java mono moilscanner gamin audio_entropy iscsid polkit_auth polkit rtkit_daemon ModemManager telepathysofiasip ethereal passanger qpidd 2>/dev/null; \
    fi \
    /usr/sbin/semodule -B -s %2; \
 else \
@@ -250,7 +250,7 @@ Based off of reference policy: Checked out revision  2.20091117
 %patch5 -p1 -b .userdomain
 %patch6 -p1 -b .apache
 %patch7 -p1 -b .ptrace
-#%patch8 -p1 -b .default_trans
+%patch8 -p1 -b .default_trans
 
 %install
 mkdir selinux_config
@@ -482,6 +482,15 @@ SELinux Reference policy mls base module.
 %endif
 
 %changelog
+* Thu Oct 20 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-45
+- Remove tzdata policy
+- Remove ada domain
+
+* Thu Oct 20 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-44
+- Add labeling for udev
+- Add cloudform policy
+- Fixes for bootloader policy
+
 * Wed Oct 19 2011 Miroslav Grepl <mgrepl@redhat.com> 3.10.0-43
 - Add policies for nova openstack