- Remove ifdef strict policy from upstream

policy-20070525.patch

@@ -2747,8 +2747,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin
  #
  # usbtty_device_t is the type of /dev/usr/tty*
  #
-Binary files nsaserefpolicy/policy/modules/services/afs.pp and serefpolicy-3.0.1/policy/modules/services/afs.pp differ
-Binary files nsaserefpolicy/policy/modules/services/aide.pp and serefpolicy-3.0.1/policy/modules/services/aide.pp differ
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.if serefpolicy-3.0.1/policy/modules/services/amavis.if
 --- nsaserefpolicy/policy/modules/services/amavis.if	2007-05-29 14:10:57.000000000 -0400
 +++ serefpolicy-3.0.1/policy/modules/services/amavis.if	2007-06-21 05:35:11.000000000 -0400
@@ -2775,7 +2773,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
 +	allow $1 amavis_var_run_t:file create_file_perms;
 +	files_search_pids($1)
 +')
-Binary files nsaserefpolicy/policy/modules/services/amavis.pp and serefpolicy-3.0.1/policy/modules/services/amavis.pp differ
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-3.0.1/policy/modules/services/amavis.te
 --- nsaserefpolicy/policy/modules/services/amavis.te	2007-05-29 14:10:57.000000000 -0400
 +++ serefpolicy-3.0.1/policy/modules/services/amavis.te	2007-06-21 05:35:33.000000000 -0400
@@ -3089,7 +3086,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +	allow $1 httpd_bugzilla_content_t:dir search_dir_perms;
 +')
 +
-Binary files nsaserefpolicy/policy/modules/services/apache.pp and serefpolicy-3.0.1/policy/modules/services/apache.pp differ
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.0.1/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2007-06-11 16:05:30.000000000 -0400
 +++ serefpolicy-3.0.1/policy/modules/services/apache.te	2007-06-19 17:06:27.000000000 -0400
@@ -3461,7 +3457,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
 +	allow httpd_apcupsd_cgi_script_t $1:fifo_file rw_file_perms;
 +	allow httpd_apcupsd_cgi_script_t $1:process sigchld;
 +')
-Binary files nsaserefpolicy/policy/modules/services/apcupsd.pp and serefpolicy-3.0.1/policy/modules/services/apcupsd.pp differ
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.0.1/policy/modules/services/apcupsd.te
 --- nsaserefpolicy/policy/modules/services/apcupsd.te	2007-05-30 11:47:29.000000000 -0400
 +++ serefpolicy-3.0.1/policy/modules/services/apcupsd.te	2007-06-19 17:06:27.000000000 -0400
@@ -3732,7 +3727,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.0.1/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2007-05-29 14:10:57.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/services/consolekit.te	2007-06-21 10:49:23.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/services/consolekit.te	2007-06-23 06:03:21.000000000 -0400
 @@ -10,7 +10,6 @@
  type consolekit_exec_t;
  init_daemon_domain(consolekit_t, consolekit_exec_t)
@@ -3749,7 +3744,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
  manage_files_pattern(consolekit_t,consolekit_var_run_t,consolekit_var_run_t)
  files_pid_filetrans(consolekit_t,consolekit_var_run_t, file)
  
-@@ -50,8 +48,15 @@
+@@ -38,6 +36,7 @@
+ 
+ domain_read_all_domains_state(consolekit_t)
+ domain_use_interactive_fds(consolekit_t)
++domain_dontaudit_ptrace_all_domains(consolekit_t)
+ 
+ files_read_etc_files(consolekit_t)
+ # needs to read /var/lib/dbus/machine-id
+@@ -50,8 +49,15 @@
  libs_use_ld_so(consolekit_t)
  libs_use_shared_libs(consolekit_t)
  
@@ -3765,7 +3768,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
  optional_policy(`
  	dbus_system_bus_client_template(consolekit, consolekit_t)
  	dbus_send_system_bus(consolekit_t)
-@@ -62,9 +67,17 @@
+@@ -62,9 +68,17 @@
  	optional_policy(`
  		unconfined_dbus_chat(consolekit_t)
  	')
@@ -8128,9 +8131,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  
  # manage pid file
  manage_files_pattern(racoon_t,ipsec_var_run_t,ipsec_var_run_t)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.0.1/policy/modules/system/iptables.te
+--- nsaserefpolicy/policy/modules/system/iptables.te	2007-06-15 14:54:34.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/system/iptables.te	2007-06-25 06:54:25.000000000 -0400
+@@ -62,6 +62,7 @@
+ init_use_script_ptys(iptables_t)
+ # to allow rules to be saved on reboot:
+ init_rw_script_tmp_files(iptables_t)
++init_rw_script_stream_sockets(iptables_t)
+ 
+ libs_use_ld_so(iptables_t)
+ libs_use_shared_libs(iptables_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.0.1/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2007-06-15 14:54:34.000000000 -0400
-+++ serefpolicy-3.0.1/policy/modules/system/libraries.fc	2007-06-22 09:05:47.000000000 -0400
++++ serefpolicy-3.0.1/policy/modules/system/libraries.fc	2007-06-26 06:05:08.000000000 -0400
 @@ -158,8 +158,11 @@
  /usr/(local/)?.*\.so(\.[^/]*)*		--	gen_context(system_u:object_r:shlib_t,s0)
  /usr/(local/)?lib(64)?/wine/.+\.so  	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -8138,8 +8152,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
 +
  /usr/NX/lib/libXcomp\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/NX/lib/libjpeg\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/lib/NX/libXcomp\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib/nx/libXcomp\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-+/usr/lib/NX/libjpeg\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
++/usr/lib/nx/libjpeg\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  
  /usr/X11R6/lib/libGL\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
  /usr/X11R6/lib/libXvMCNVIDIA\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_t,s0)