- Fix sysnet/net_conf_t

policy-20090105.patch

@@ -28096,7 +28096,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.6.6/policy/modules/system/sysnetwork.if
 --- nsaserefpolicy/policy/modules/system/sysnetwork.if	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.6/policy/modules/system/sysnetwork.if	2009-02-16 17:51:03.000000000 -0500
++++ serefpolicy-3.6.6/policy/modules/system/sysnetwork.if	2009-02-17 11:02:02.000000000 -0500
 @@ -43,6 +43,39 @@
  
  	sysnet_domtrans_dhcpc($1)
@@ -28173,16 +28173,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  #######################################
-@@ -323,7 +374,7 @@
+@@ -323,7 +374,8 @@
  		type net_conf_t;
  	')
  
 -	allow $1 net_conf_t:file manage_file_perms;
++	allow $1 net_conf_t:dir list_dir_perms;
 +	manage_files_pattern($1, net_conf_t, net_conf_t)
  ')
  
  #######################################
-@@ -541,6 +592,7 @@
+@@ -541,6 +593,7 @@
  		type net_conf_t;
  	')
  
@@ -28190,7 +28191,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	allow $1 self:tcp_socket create_socket_perms;
  	allow $1 self:udp_socket create_socket_perms;
  
-@@ -557,6 +609,14 @@
+@@ -557,6 +610,14 @@
  
  	files_search_etc($1)
  	allow $1 net_conf_t:file read_file_perms;
@@ -28205,7 +28206,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -586,6 +646,8 @@
+@@ -586,6 +647,8 @@
  
  	files_search_etc($1)
  	allow $1 net_conf_t:file read_file_perms;
@@ -28214,7 +28215,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  ########################################
-@@ -620,3 +682,49 @@
+@@ -620,3 +683,49 @@
  	files_search_etc($1)
  	allow $1 net_conf_t:file read_file_perms;
  ')
@@ -28266,7 +28267,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.6.6/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.6/policy/modules/system/sysnetwork.te	2009-02-16 17:27:59.000000000 -0500
++++ serefpolicy-3.6.6/policy/modules/system/sysnetwork.te	2009-02-17 11:14:42.000000000 -0500
 @@ -20,6 +20,9 @@
  init_daemon_domain(dhcpc_t,dhcpc_exec_t)
  role system_r types dhcpc_t;
@@ -28304,6 +28305,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  manage_files_pattern(dhcpc_t,dhcpc_state_t,dhcpc_state_t)
  filetrans_pattern(dhcpc_t,dhcp_state_t,dhcpc_state_t,file)
  
+@@ -65,7 +69,7 @@
+ 
+ # Allow read/write to /etc/resolv.conf and /etc/ntp.conf. Note that any files
+ # in /etc created by dhcpcd will be labelled net_conf_t.
+-allow dhcpc_t net_conf_t:file manage_file_perms;
++sysnet_manage_config(dhcpc_t)
+ files_etc_filetrans(dhcpc_t,net_conf_t,file)
+ 
+ # create temp files
 @@ -116,7 +120,7 @@
  corecmd_exec_shell(dhcpc_t)
  

selinux-policy.spec

@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.6
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -444,6 +444,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Feb 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.6-3
+- Fix sysnet/net_conf_t
+
 * Tue Feb 17 2009 Dan Walsh <dwalsh@redhat.com> 3.6.6-2
 - Fix squidGuard labeling