- Allod hald_dccm_t to create sock_files in /tmp

policy-F12.patch

@@ -10579,7 +10579,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.26/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2009-07-28 13:28:33.000000000 -0400
-+++ serefpolicy-3.6.26/policy/modules/services/hal.te	2009-07-30 17:31:42.000000000 -0400
++++ serefpolicy-3.6.26/policy/modules/services/hal.te	2009-07-31 06:43:31.000000000 -0400
 @@ -55,6 +55,9 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -10664,8 +10664,13 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow hald_dccm_t self:process getsched;
  allow hald_dccm_t self:tcp_socket create_stream_socket_perms;
  allow hald_dccm_t self:udp_socket create_socket_perms;
-@@ -471,8 +491,12 @@
+@@ -469,10 +489,17 @@
+ manage_files_pattern(hald_dccm_t, hald_var_lib_t, hald_var_lib_t)
+ files_search_var_lib(hald_dccm_t)
  
++manage_sock_files_pattern(hald_dccm_t, hald_tmp_t, hald_tmp_t)
++files_tmp_filetrans(hald_dccm_t, hald_tmp_t, sock_file)
++
  write_files_pattern(hald_dccm_t, hald_log_t, hald_log_t)
  
 +dev_read_urand(hald_dccm_t)
@@ -10677,7 +10682,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_all_recvfrom_unlabeled(hald_dccm_t)
  corenet_all_recvfrom_netlabel(hald_dccm_t)
  corenet_tcp_sendrecv_generic_if(hald_dccm_t)
-@@ -484,6 +508,7 @@
+@@ -484,6 +511,7 @@
  corenet_tcp_bind_generic_node(hald_dccm_t)
  corenet_udp_bind_generic_node(hald_dccm_t)
  corenet_udp_bind_dhcpc_port(hald_dccm_t)
@@ -10685,7 +10690,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  corenet_tcp_bind_dccm_port(hald_dccm_t)
  
  logging_send_syslog_msg(hald_dccm_t)
-@@ -491,3 +516,9 @@
+@@ -491,3 +519,9 @@
  files_read_usr_files(hald_dccm_t)
  
  miscfiles_read_localization(hald_dccm_t)
@@ -11899,8 +11904,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ## </summary>
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.6.26/policy/modules/services/nscd.te
 --- nsaserefpolicy/policy/modules/services/nscd.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.6.26/policy/modules/services/nscd.te	2009-07-30 15:33:09.000000000 -0400
++++ serefpolicy-3.6.26/policy/modules/services/nscd.te	2009-07-31 07:01:44.000000000 -0400
-@@ -90,6 +90,7 @@
+@@ -65,6 +65,7 @@
+ 
+ fs_getattr_all_fs(nscd_t)
+ fs_search_auto_mountpoints(nscd_t)
++fs_list_inotifyfs(nscd_t)
+ 
+ # for when /etc/passwd has just been updated and has the wrong type
+ auth_getattr_shadow(nscd_t)
+@@ -90,6 +91,7 @@
  selinux_compute_relabel_context(nscd_t)
  selinux_compute_user_contexts(nscd_t)
  domain_use_interactive_fds(nscd_t)
@@ -11908,7 +11921,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  files_read_etc_files(nscd_t)
  files_read_generic_tmp_symlinks(nscd_t)
-@@ -127,3 +128,12 @@
+@@ -127,3 +129,12 @@
  	xen_dontaudit_rw_unix_stream_sockets(nscd_t)
  	xen_append_log(nscd_t)
  ')
@@ -12381,13 +12394,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.fc serefpolicy-3.6.26/policy/modules/services/policykit.fc
 --- nsaserefpolicy/policy/modules/services/policykit.fc	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.6.26/policy/modules/services/policykit.fc	2009-07-30 15:33:09.000000000 -0400
++++ serefpolicy-3.6.26/policy/modules/services/policykit.fc	2009-07-31 06:55:00.000000000 -0400
-@@ -1,7 +1,7 @@
+@@ -1,7 +1,9 @@
  /usr/libexec/polkit-read-auth-helper	--	gen_context(system_u:object_r:policykit_auth_exec_t,s0)
++/usr/libexec/polkit-gnome-authentication-agent-1	--	gen_context(system_u:object_r:policykit_auth_exec_t,s0)
  /usr/libexec/polkit-grant-helper.*	--	gen_context(system_u:object_r:policykit_grant_exec_t,s0)
  /usr/libexec/polkit-resolve-exe-helper.* --	gen_context(system_u:object_r:policykit_resolve_exec_t,s0)
 -/usr/libexec/polkitd			--	gen_context(system_u:object_r:policykit_exec_t,s0)
-+/usr/libexec/polkit.*				gen_context(system_u:object_r:policykit_exec_t,s0)
++/usr/libexec/polkitd.*			--	gen_context(system_u:object_r:policykit_exec_t,s0)
++/usr/libexec/polkit-1/polkitd.*		--	gen_context(system_u:object_r:policykit_exec_t,s0)
  
  /var/lib/misc/PolicyKit.reload			gen_context(system_u:object_r:policykit_reload_t,s0)
  /var/lib/PolicyKit(/.*)?			gen_context(system_u:object_r:policykit_var_lib_t,s0)

selinux-policy.spec

@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.26
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -475,7 +475,10 @@ exit 0
 %endif
 
 %changelog
-* Thu Jul 28 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-1
+* Fri Jul 31 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-2
+- Allod hald_dccm_t to create sock_files in /tmp
+
+* Thu Jul 30 2009 Dan Walsh <dwalsh@redhat.com> 3.6.26-1
 - More fixes from upstream
 
 * Tue Jul 28 2009 Dan Walsh <dwalsh@redhat.com> 3.6.25-1