Merge branches 'master', 'master', 'master', 'master', 'master', 'master', 'master', 'master', 'master', 'master' and 'master' of ssh://pkgs.fedoraproject.org/selinux-policy

This commit is contained in:
Dan Walsh 2010-12-15 16:29:18 -05:00
commit b4f1891ade
4 changed files with 133 additions and 128 deletions

1
.gitignore vendored
View File

@ -231,3 +231,4 @@ serefpolicy*
/serefpolicy-3.9.8.tgz /serefpolicy-3.9.8.tgz
/serefpolicy-3.9.9.tgz /serefpolicy-3.9.9.tgz
/serefpolicy-3.9.10.tgz /serefpolicy-3.9.10.tgz
/serefpolicy-3.9.11.tgz

View File

@ -220,7 +220,7 @@ index 90d5203..1392679 100644
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
diff --git a/policy/modules/admin/alsa.te b/policy/modules/admin/alsa.te diff --git a/policy/modules/admin/alsa.te b/policy/modules/admin/alsa.te
index 453834c..9d83d66 100644 index a7c7971..d073f49 100644
--- a/policy/modules/admin/alsa.te --- a/policy/modules/admin/alsa.te
+++ b/policy/modules/admin/alsa.te +++ b/policy/modules/admin/alsa.te
@@ -11,7 +11,10 @@ init_system_domain(alsa_t, alsa_exec_t) @@ -11,7 +11,10 @@ init_system_domain(alsa_t, alsa_exec_t)
@ -250,7 +250,7 @@ index 453834c..9d83d66 100644
manage_files_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t) manage_files_pattern(alsa_t, alsa_var_lib_t, alsa_var_lib_t)
files_search_var_lib(alsa_t) files_search_var_lib(alsa_t)
diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
index f76ed8a..9a9526a 100644 index e81bdbd..63ab279 100644
--- a/policy/modules/admin/anaconda.te --- a/policy/modules/admin/anaconda.te
+++ b/policy/modules/admin/anaconda.te +++ b/policy/modules/admin/anaconda.te
@@ -30,6 +30,7 @@ modutils_domtrans_insmod(anaconda_t) @@ -30,6 +30,7 @@ modutils_domtrans_insmod(anaconda_t)
@ -300,7 +300,7 @@ index 63eb96b..17a9f6d 100644
## <summary> ## <summary>
## Execute bootloader interactively and do ## Execute bootloader interactively and do
diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te
index 40c0192..1a0f72c 100644 index d3da8f2..c171daf 100644
--- a/policy/modules/admin/bootloader.te --- a/policy/modules/admin/bootloader.te
+++ b/policy/modules/admin/bootloader.te +++ b/policy/modules/admin/bootloader.te
@@ -23,7 +23,7 @@ role system_r types bootloader_t; @@ -23,7 +23,7 @@ role system_r types bootloader_t;
@ -346,7 +346,7 @@ index 2c2cdb6..73b3814 100644
+ role $2 types brctl_t; + role $2 types brctl_t;
+') +')
diff --git a/policy/modules/admin/certwatch.te b/policy/modules/admin/certwatch.te diff --git a/policy/modules/admin/certwatch.te b/policy/modules/admin/certwatch.te
index a2e9cb5..b2de42c 100644 index 9de382b..682e78e 100644
--- a/policy/modules/admin/certwatch.te --- a/policy/modules/admin/certwatch.te
+++ b/policy/modules/admin/certwatch.te +++ b/policy/modules/admin/certwatch.te
@@ -31,11 +31,11 @@ auth_var_filetrans_cache(certwatch_t) @@ -31,11 +31,11 @@ auth_var_filetrans_cache(certwatch_t)
@ -364,7 +364,7 @@ index a2e9cb5..b2de42c 100644
optional_policy(` optional_policy(`
apache_exec_modules(certwatch_t) apache_exec_modules(certwatch_t)
diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te
index 66fee7d..1d231b8 100644 index cd5e005..7f3f992 100644
--- a/policy/modules/admin/consoletype.te --- a/policy/modules/admin/consoletype.te
+++ b/policy/modules/admin/consoletype.te +++ b/policy/modules/admin/consoletype.te
@@ -79,16 +79,18 @@ optional_policy(` @@ -79,16 +79,18 @@ optional_policy(`
@ -459,7 +459,7 @@ index 8fa451c..bc5bfc4 100644
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
diff --git a/policy/modules/admin/firstboot.te b/policy/modules/admin/firstboot.te diff --git a/policy/modules/admin/firstboot.te b/policy/modules/admin/firstboot.te
index 66e486e..bfda8e9 100644 index c4d8998..6f193f8 100644
--- a/policy/modules/admin/firstboot.te --- a/policy/modules/admin/firstboot.te
+++ b/policy/modules/admin/firstboot.te +++ b/policy/modules/admin/firstboot.te
@@ -103,6 +103,10 @@ optional_policy(` @@ -103,6 +103,10 @@ optional_policy(`
@ -511,7 +511,7 @@ index 4198ff5..df3f4d6 100644
## <summary> ## <summary>
## Manage kdump configuration file. ## Manage kdump configuration file.
diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te
index 7390b15..a46b249 100644 index 7090dae..a874b65 100644
--- a/policy/modules/admin/logrotate.te --- a/policy/modules/admin/logrotate.te
+++ b/policy/modules/admin/logrotate.te +++ b/policy/modules/admin/logrotate.te
@@ -119,14 +119,20 @@ seutil_dontaudit_read_config(logrotate_t) @@ -119,14 +119,20 @@ seutil_dontaudit_read_config(logrotate_t)
@ -618,10 +618,10 @@ index 56c43c0..de535e4 100644
+/var/run/mcelog-client -s gen_context(system_u:object_r:mcelog_var_run_t,s0) +/var/run/mcelog-client -s gen_context(system_u:object_r:mcelog_var_run_t,s0)
+ +
diff --git a/policy/modules/admin/mcelog.te b/policy/modules/admin/mcelog.te diff --git a/policy/modules/admin/mcelog.te b/policy/modules/admin/mcelog.te
index 5a9cebf..ef413f2 100644 index 5671977..7b4728c 100644
--- a/policy/modules/admin/mcelog.te --- a/policy/modules/admin/mcelog.te
+++ b/policy/modules/admin/mcelog.te +++ b/policy/modules/admin/mcelog.te
@@ -7,9 +7,13 @@ policy_module(mcelog, 1.0.1) @@ -7,9 +7,13 @@ policy_module(mcelog, 1.1.0)
type mcelog_t; type mcelog_t;
type mcelog_exec_t; type mcelog_exec_t;
@ -900,7 +900,7 @@ index c6ca761..46e0767 100644
') ')
diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te
index 6a53a18..1bc14ea 100644 index e0791b9..c083ea8 100644
--- a/policy/modules/admin/netutils.te --- a/policy/modules/admin/netutils.te
+++ b/policy/modules/admin/netutils.te +++ b/policy/modules/admin/netutils.te
@@ -48,6 +48,8 @@ files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir }) @@ -48,6 +48,8 @@ files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
@ -1008,7 +1008,7 @@ index c633aea..b773bc3 100644
type portage_cache_t; type portage_cache_t;
files_type(portage_cache_t) files_type(portage_cache_t)
diff --git a/policy/modules/admin/prelink.te b/policy/modules/admin/prelink.te diff --git a/policy/modules/admin/prelink.te b/policy/modules/admin/prelink.te
index aa0dcc6..0faba2a 100644 index af55369..7d2fcff 100644
--- a/policy/modules/admin/prelink.te --- a/policy/modules/admin/prelink.te
+++ b/policy/modules/admin/prelink.te +++ b/policy/modules/admin/prelink.te
@@ -59,10 +59,11 @@ manage_dirs_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t) @@ -59,10 +59,11 @@ manage_dirs_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
@ -1129,7 +1129,7 @@ index 47c4723..4866a08 100644
+ domtrans_pattern($1, readahead_exec_t, readahead_t) + domtrans_pattern($1, readahead_exec_t, readahead_t)
+') +')
diff --git a/policy/modules/admin/readahead.te b/policy/modules/admin/readahead.te diff --git a/policy/modules/admin/readahead.te b/policy/modules/admin/readahead.te
index 2df2f1d..c1aaa79 100644 index b4ac57e..8fa8451 100644
--- a/policy/modules/admin/readahead.te --- a/policy/modules/admin/readahead.te
+++ b/policy/modules/admin/readahead.te +++ b/policy/modules/admin/readahead.te
@@ -53,6 +53,7 @@ domain_read_all_domains_state(readahead_t) @@ -53,6 +53,7 @@ domain_read_all_domains_state(readahead_t)
@ -1347,11 +1347,11 @@ index d33daa8..e50a5ed 100644
+ allow rpm_script_t $1:process sigchld; + allow rpm_script_t $1:process sigchld;
+') +')
diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
index 542b820..0b1760d 100644 index 47a8f7d..31f474e 100644
--- a/policy/modules/admin/rpm.te --- a/policy/modules/admin/rpm.te
+++ b/policy/modules/admin/rpm.te +++ b/policy/modules/admin/rpm.te
@@ -1,10 +1,11 @@ @@ -1,10 +1,11 @@
policy_module(rpm, 1.11.2) policy_module(rpm, 1.12.0)
+attribute rpm_transition_domain; +attribute rpm_transition_domain;
+ +
@ -1563,7 +1563,7 @@ index 0948921..f198119 100644
admin_pattern($1, shorewall_tmp_t) admin_pattern($1, shorewall_tmp_t)
') ')
diff --git a/policy/modules/admin/shorewall.te b/policy/modules/admin/shorewall.te diff --git a/policy/modules/admin/shorewall.te b/policy/modules/admin/shorewall.te
index a22e546..ffc0571 100644 index c17b6a6..d412305 100644
--- a/policy/modules/admin/shorewall.te --- a/policy/modules/admin/shorewall.te
+++ b/policy/modules/admin/shorewall.te +++ b/policy/modules/admin/shorewall.te
@@ -58,6 +58,9 @@ exec_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t) @@ -58,6 +58,9 @@ exec_files_pattern(shorewall_t, shorewall_var_lib_t, shorewall_var_lib_t)
@ -1684,10 +1684,10 @@ index d0604cf..679d61c 100644
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
diff --git a/policy/modules/admin/shutdown.te b/policy/modules/admin/shutdown.te diff --git a/policy/modules/admin/shutdown.te b/policy/modules/admin/shutdown.te
index 3863241..344a158 100644 index 8966ec9..80939b0 100644
--- a/policy/modules/admin/shutdown.te --- a/policy/modules/admin/shutdown.te
+++ b/policy/modules/admin/shutdown.te +++ b/policy/modules/admin/shutdown.te
@@ -7,6 +7,7 @@ policy_module(shutdown, 1.0.1) @@ -7,6 +7,7 @@ policy_module(shutdown, 1.1.0)
type shutdown_t; type shutdown_t;
type shutdown_exec_t; type shutdown_exec_t;
@ -1724,7 +1724,7 @@ index 3863241..344a158 100644
xserver_dontaudit_write_log(shutdown_t) xserver_dontaudit_write_log(shutdown_t)
') ')
diff --git a/policy/modules/admin/smoltclient.te b/policy/modules/admin/smoltclient.te diff --git a/policy/modules/admin/smoltclient.te b/policy/modules/admin/smoltclient.te
index f48e9dd..b72049a 100644 index bc00875..3c1b37b 100644
--- a/policy/modules/admin/smoltclient.te --- a/policy/modules/admin/smoltclient.te
+++ b/policy/modules/admin/smoltclient.te +++ b/policy/modules/admin/smoltclient.te
@@ -46,6 +46,7 @@ fs_list_auto_mountpoints(smoltclient_t) @@ -46,6 +46,7 @@ fs_list_auto_mountpoints(smoltclient_t)
@ -1833,7 +1833,7 @@ index 975af1a..30a7f38 100644
fs_manage_nfs_files($1_sudo_t) fs_manage_nfs_files($1_sudo_t)
') ')
diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te
index 91944a8..d1c11b9 100644 index 7aacfc2..9829fc3 100644
--- a/policy/modules/admin/sudo.te --- a/policy/modules/admin/sudo.te
+++ b/policy/modules/admin/sudo.te +++ b/policy/modules/admin/sudo.te
@@ -7,3 +7,7 @@ attribute sudodomain; @@ -7,3 +7,7 @@ attribute sudodomain;
@ -1894,7 +1894,7 @@ index 6a5004b..c59c3cd 100644
') ')
diff --git a/policy/modules/admin/tzdata.te b/policy/modules/admin/tzdata.te diff --git a/policy/modules/admin/tzdata.te b/policy/modules/admin/tzdata.te
index 332ba93..e6d3bd9 100644 index d0f2a64..7df0825 100644
--- a/policy/modules/admin/tzdata.te --- a/policy/modules/admin/tzdata.te
+++ b/policy/modules/admin/tzdata.te +++ b/policy/modules/admin/tzdata.te
@@ -15,7 +15,7 @@ application_domain(tzdata_t, tzdata_exec_t) @@ -15,7 +15,7 @@ application_domain(tzdata_t, tzdata_exec_t)
@ -1921,7 +1921,7 @@ index 81fb26f..cd18ca8 100644
optional_policy(` optional_policy(`
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index 65f8143..16a8510 100644 index 441cf22..e1b55f8 100644
--- a/policy/modules/admin/usermanage.te --- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te +++ b/policy/modules/admin/usermanage.te
@@ -88,9 +88,7 @@ fs_search_auto_mountpoints(chfn_t) @@ -88,9 +88,7 @@ fs_search_auto_mountpoints(chfn_t)
@ -1990,7 +1990,7 @@ index 65f8143..16a8510 100644
mta_manage_spool(useradd_t) mta_manage_spool(useradd_t)
diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te
index a870982..6067b85 100644 index ebf4b26..c7cb8c5 100644
--- a/policy/modules/admin/vpn.te --- a/policy/modules/admin/vpn.te
+++ b/policy/modules/admin/vpn.te +++ b/policy/modules/admin/vpn.te
@@ -106,7 +106,8 @@ sysnet_etc_filetrans_config(vpnc_t) @@ -106,7 +106,8 @@ sysnet_etc_filetrans_config(vpnc_t)
@ -2235,7 +2235,7 @@ index 0000000..0852151
+ fs_dontaudit_append_cifs_files(chrome_sandbox_t) + fs_dontaudit_append_cifs_files(chrome_sandbox_t)
+') +')
diff --git a/policy/modules/apps/cpufreqselector.te b/policy/modules/apps/cpufreqselector.te diff --git a/policy/modules/apps/cpufreqselector.te b/policy/modules/apps/cpufreqselector.te
index 7fd0900..899e234 100644 index 0457de1..f702cfe 100644
--- a/policy/modules/apps/cpufreqselector.te --- a/policy/modules/apps/cpufreqselector.te
+++ b/policy/modules/apps/cpufreqselector.te +++ b/policy/modules/apps/cpufreqselector.te
@@ -27,7 +27,7 @@ dev_rw_sysfs(cpufreqselector_t) @@ -27,7 +27,7 @@ dev_rw_sysfs(cpufreqselector_t)
@ -3210,10 +3210,10 @@ index f5afe78..2c8f94a 100644
+ allow gconfdefaultsm_t $1:dbus send_msg; + allow gconfdefaultsm_t $1:dbus send_msg;
+') +')
diff --git a/policy/modules/apps/gnome.te b/policy/modules/apps/gnome.te diff --git a/policy/modules/apps/gnome.te b/policy/modules/apps/gnome.te
index 35f7486..26852d2 100644 index 2505654..c1f491f 100644
--- a/policy/modules/apps/gnome.te --- a/policy/modules/apps/gnome.te
+++ b/policy/modules/apps/gnome.te +++ b/policy/modules/apps/gnome.te
@@ -6,11 +6,24 @@ policy_module(gnome, 2.0.1) @@ -6,11 +6,24 @@ policy_module(gnome, 2.1.0)
# #
attribute gnomedomain; attribute gnomedomain;
@ -3421,10 +3421,10 @@ index 40e0a2a..13d939a 100644
## <summary> ## <summary>
## Send generic signals to user gpg processes. ## Send generic signals to user gpg processes.
diff --git a/policy/modules/apps/gpg.te b/policy/modules/apps/gpg.te diff --git a/policy/modules/apps/gpg.te b/policy/modules/apps/gpg.te
index 4525c37..e9a7937 100644 index 9050e8c..8af881a 100644
--- a/policy/modules/apps/gpg.te --- a/policy/modules/apps/gpg.te
+++ b/policy/modules/apps/gpg.te +++ b/policy/modules/apps/gpg.te
@@ -4,6 +4,7 @@ policy_module(gpg, 2.3.1) @@ -4,6 +4,7 @@ policy_module(gpg, 2.4.0)
# #
# Declarations # Declarations
# #
@ -3432,7 +3432,7 @@ index 4525c37..e9a7937 100644
## <desc> ## <desc>
## <p> ## <p>
@@ -13,7 +14,15 @@ policy_module(gpg, 2.3.1) @@ -13,7 +14,15 @@ policy_module(gpg, 2.4.0)
## </desc> ## </desc>
gen_tunable(gpg_agent_env_file, false) gen_tunable(gpg_agent_env_file, false)
@ -3808,7 +3808,7 @@ index e6d84e8..b027189 100644
######################################## ########################################
diff --git a/policy/modules/apps/java.te b/policy/modules/apps/java.te diff --git a/policy/modules/apps/java.te b/policy/modules/apps/java.te
index 726e853..90ce46a 100644 index 167950d..97853ff 100644
--- a/policy/modules/apps/java.te --- a/policy/modules/apps/java.te
+++ b/policy/modules/apps/java.te +++ b/policy/modules/apps/java.te
@@ -82,12 +82,12 @@ dev_read_urand(java_t) @@ -82,12 +82,12 @@ dev_read_urand(java_t)
@ -4219,10 +4219,10 @@ index 9a6d67d..b0c1197 100644
## mozilla over dbus. ## mozilla over dbus.
## </summary> ## </summary>
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index cbf4bec..e3517da 100644 index 2a91fa8..451a1c0 100644
--- a/policy/modules/apps/mozilla.te --- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te +++ b/policy/modules/apps/mozilla.te
@@ -7,7 +7,7 @@ policy_module(mozilla, 2.2.2) @@ -7,7 +7,7 @@ policy_module(mozilla, 2.3.0)
## <desc> ## <desc>
## <p> ## <p>
@ -4496,7 +4496,7 @@ index d8ea41d..8bdc526 100644
+ domtrans_pattern($1, mplayer_exec_t, $2) + domtrans_pattern($1, mplayer_exec_t, $2)
+') +')
diff --git a/policy/modules/apps/mplayer.te b/policy/modules/apps/mplayer.te diff --git a/policy/modules/apps/mplayer.te b/policy/modules/apps/mplayer.te
index 815a467..192d54e 100644 index 931304b..e8c6795 100644
--- a/policy/modules/apps/mplayer.te --- a/policy/modules/apps/mplayer.te
+++ b/policy/modules/apps/mplayer.te +++ b/policy/modules/apps/mplayer.te
@@ -32,6 +32,7 @@ files_config_file(mplayer_etc_t) @@ -32,6 +32,7 @@ files_config_file(mplayer_etc_t)
@ -5524,7 +5524,7 @@ index 0000000..a842371
+# +#
+ +
diff --git a/policy/modules/apps/podsleuth.te b/policy/modules/apps/podsleuth.te diff --git a/policy/modules/apps/podsleuth.te b/policy/modules/apps/podsleuth.te
index 690589e..815d35d 100644 index a2f6124..9d62060 100644
--- a/policy/modules/apps/podsleuth.te --- a/policy/modules/apps/podsleuth.te
+++ b/policy/modules/apps/podsleuth.te +++ b/policy/modules/apps/podsleuth.te
@@ -27,7 +27,7 @@ ubac_constrained(podsleuth_tmpfs_t) @@ -27,7 +27,7 @@ ubac_constrained(podsleuth_tmpfs_t)
@ -5585,7 +5585,7 @@ index 2ba7787..9f12b51 100644
') ')
diff --git a/policy/modules/apps/pulseaudio.te b/policy/modules/apps/pulseaudio.te diff --git a/policy/modules/apps/pulseaudio.te b/policy/modules/apps/pulseaudio.te
index 5c2680c..db96581 100644 index c2d20a2..1773e24 100644
--- a/policy/modules/apps/pulseaudio.te --- a/policy/modules/apps/pulseaudio.te
+++ b/policy/modules/apps/pulseaudio.te +++ b/policy/modules/apps/pulseaudio.te
@@ -44,6 +44,7 @@ allow pulseaudio_t self:netlink_kobject_uevent_socket create_socket_perms; @@ -44,6 +44,7 @@ allow pulseaudio_t self:netlink_kobject_uevent_socket create_socket_perms;
@ -5780,7 +5780,7 @@ index c1d5f50..989f88c 100644
+ +
+ +
diff --git a/policy/modules/apps/qemu.te b/policy/modules/apps/qemu.te diff --git a/policy/modules/apps/qemu.te b/policy/modules/apps/qemu.te
index a3225d4..bc10481 100644 index 5ef2f7d..5a13201 100644
--- a/policy/modules/apps/qemu.te --- a/policy/modules/apps/qemu.te
+++ b/policy/modules/apps/qemu.te +++ b/policy/modules/apps/qemu.te
@@ -21,7 +21,7 @@ gen_tunable(qemu_use_cifs, true) @@ -21,7 +21,7 @@ gen_tunable(qemu_use_cifs, true)
@ -6856,7 +6856,7 @@ index 7590165..e5ef7b3 100644
') ')
+ +
diff --git a/policy/modules/apps/slocate.te b/policy/modules/apps/slocate.te diff --git a/policy/modules/apps/slocate.te b/policy/modules/apps/slocate.te
index e9134f0..3d2ef30 100644 index e43c380..410027f 100644
--- a/policy/modules/apps/slocate.te --- a/policy/modules/apps/slocate.te
+++ b/policy/modules/apps/slocate.te +++ b/policy/modules/apps/slocate.te
@@ -38,6 +38,7 @@ dev_getattr_all_blk_files(locate_t) @@ -38,6 +38,7 @@ dev_getattr_all_blk_files(locate_t)
@ -7484,10 +7484,10 @@ index ced285a..2e50976 100644
+ ') + ')
+') +')
diff --git a/policy/modules/apps/userhelper.te b/policy/modules/apps/userhelper.te diff --git a/policy/modules/apps/userhelper.te b/policy/modules/apps/userhelper.te
index d584dff..b46a20e 100644 index 13b2cea..45731eb 100644
--- a/policy/modules/apps/userhelper.te --- a/policy/modules/apps/userhelper.te
+++ b/policy/modules/apps/userhelper.te +++ b/policy/modules/apps/userhelper.te
@@ -6,9 +6,61 @@ policy_module(userhelper, 1.5.1) @@ -6,9 +6,61 @@ policy_module(userhelper, 1.6.0)
# #
attribute userhelper_type; attribute userhelper_type;
@ -7561,7 +7561,7 @@ index 5872ea2..028c994 100644
/var/run/vmnat.* -s gen_context(system_u:object_r:vmware_var_run_t,s0) /var/run/vmnat.* -s gen_context(system_u:object_r:vmware_var_run_t,s0)
/var/run/vmware.* gen_context(system_u:object_r:vmware_var_run_t,s0) /var/run/vmware.* gen_context(system_u:object_r:vmware_var_run_t,s0)
diff --git a/policy/modules/apps/vmware.te b/policy/modules/apps/vmware.te diff --git a/policy/modules/apps/vmware.te b/policy/modules/apps/vmware.te
index 1f803bb..4bdcbe3 100644 index c76ceb2..d7df452 100644
--- a/policy/modules/apps/vmware.te --- a/policy/modules/apps/vmware.te
+++ b/policy/modules/apps/vmware.te +++ b/policy/modules/apps/vmware.te
@@ -126,6 +126,7 @@ dev_getattr_all_blk_files(vmware_host_t) @@ -126,6 +126,7 @@ dev_getattr_all_blk_files(vmware_host_t)
@ -7708,7 +7708,7 @@ index 0440b4c..4b055c1 100644
+ allow $1 wine_t:shm rw_shm_perms; + allow $1 wine_t:shm rw_shm_perms;
+') +')
diff --git a/policy/modules/apps/wine.te b/policy/modules/apps/wine.te diff --git a/policy/modules/apps/wine.te b/policy/modules/apps/wine.te
index f9a123a..277543a 100644 index 953cb28..646620a 100644
--- a/policy/modules/apps/wine.te --- a/policy/modules/apps/wine.te
+++ b/policy/modules/apps/wine.te +++ b/policy/modules/apps/wine.te
@@ -51,7 +51,11 @@ optional_policy(` @@ -51,7 +51,11 @@ optional_policy(`
@ -7725,7 +7725,7 @@ index f9a123a..277543a 100644
optional_policy(` optional_policy(`
diff --git a/policy/modules/apps/wireshark.te b/policy/modules/apps/wireshark.te diff --git a/policy/modules/apps/wireshark.te b/policy/modules/apps/wireshark.te
index d4e9877..ebb6ca4 100644 index 8bfe97d..6bba1a8 100644
--- a/policy/modules/apps/wireshark.te --- a/policy/modules/apps/wireshark.te
+++ b/policy/modules/apps/wireshark.te +++ b/policy/modules/apps/wireshark.te
@@ -15,6 +15,7 @@ ubac_constrained(wireshark_t) @@ -15,6 +15,7 @@ ubac_constrained(wireshark_t)
@ -7915,7 +7915,7 @@ index b06df19..c0763c2 100644
## </summary> ## </summary>
## <param name="domain"> ## <param name="domain">
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 36ba519..e2d8b49 100644 index edefaf3..e00278f 100644
--- a/policy/modules/kernel/corenetwork.te.in --- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in +++ b/policy/modules/kernel/corenetwork.te.in
@@ -15,6 +15,7 @@ attribute rpc_port_type; @@ -15,6 +15,7 @@ attribute rpc_port_type;
@ -8501,7 +8501,7 @@ index 15a7bef..ee7727f 100644
######################################## ########################################
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index ae138bb..95f6137 100644 index 41f892f..cab1bfc 100644
--- a/policy/modules/kernel/devices.te --- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te +++ b/policy/modules/kernel/devices.te
@@ -102,6 +102,7 @@ dev_node(ksm_device_t) @@ -102,6 +102,7 @@ dev_node(ksm_device_t)
@ -8591,10 +8591,10 @@ index aad8c52..0d8458a 100644
+ dontaudit $1 domain:socket_class_set { read write }; + dontaudit $1 domain:socket_class_set { read write };
+') +')
diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te diff --git a/policy/modules/kernel/domain.te b/policy/modules/kernel/domain.te
index 099f57f..5843cad 100644 index bc534c1..778d512 100644
--- a/policy/modules/kernel/domain.te --- a/policy/modules/kernel/domain.te
+++ b/policy/modules/kernel/domain.te +++ b/policy/modules/kernel/domain.te
@@ -4,6 +4,21 @@ policy_module(domain, 1.8.1) @@ -4,6 +4,21 @@ policy_module(domain, 1.9.0)
# #
# Declarations # Declarations
# #
@ -9892,7 +9892,7 @@ index ed203b2..bfb7926 100644
+ allow $1 file_type:kernel_service create_files_as; + allow $1 file_type:kernel_service create_files_as;
+') +')
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index ba9529a..cd45491 100644 index e8a6b1d..fd53860 100644
--- a/policy/modules/kernel/files.te --- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te +++ b/policy/modules/kernel/files.te
@@ -11,6 +11,7 @@ attribute lockfile; @@ -11,6 +11,7 @@ attribute lockfile;
@ -10468,7 +10468,7 @@ index dfe361a..496954e 100644
+') +')
+ +
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te
index 6d21b3d..255b47a 100644 index e49c148..995fade 100644
--- a/policy/modules/kernel/filesystem.te --- a/policy/modules/kernel/filesystem.te
+++ b/policy/modules/kernel/filesystem.te +++ b/policy/modules/kernel/filesystem.te
@@ -52,6 +52,7 @@ type anon_inodefs_t; @@ -52,6 +52,7 @@ type anon_inodefs_t;
@ -10669,7 +10669,7 @@ index b4ad6d7..67e89f0 100644
+') +')
+ +
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 25a817f..7426f2a 100644 index 9e2e6d7..08e82d9 100644
--- a/policy/modules/kernel/kernel.te --- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te +++ b/policy/modules/kernel/kernel.te
@@ -50,6 +50,8 @@ sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh) @@ -50,6 +50,8 @@ sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh)
@ -11048,7 +11048,7 @@ index 492bf76..525563a 100644
+ allow $1 virtio_device_t:chr_file rw_chr_file_perms; + allow $1 virtio_device_t:chr_file rw_chr_file_perms;
+') +')
diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te
index 646bbcf..49d77df 100644 index e004757..b5be387 100644
--- a/policy/modules/kernel/terminal.te --- a/policy/modules/kernel/terminal.te
+++ b/policy/modules/kernel/terminal.te +++ b/policy/modules/kernel/terminal.te
@@ -29,6 +29,7 @@ files_mountpoint(devpts_t) @@ -29,6 +29,7 @@ files_mountpoint(devpts_t)
@ -11093,7 +11093,7 @@ index 0000000..e1ebd1a
+ +
+corenet_enable_unlabeled_packets() +corenet_enable_unlabeled_packets()
diff --git a/policy/modules/roles/auditadm.te b/policy/modules/roles/auditadm.te diff --git a/policy/modules/roles/auditadm.te b/policy/modules/roles/auditadm.te
index b0d5b27..a96f2e6 100644 index 0faef68..46c58bd 100644
--- a/policy/modules/roles/auditadm.te --- a/policy/modules/roles/auditadm.te
+++ b/policy/modules/roles/auditadm.te +++ b/policy/modules/roles/auditadm.te
@@ -28,10 +28,13 @@ logging_manage_audit_log(auditadm_t) @@ -28,10 +28,13 @@ logging_manage_audit_log(auditadm_t)
@ -11131,7 +11131,7 @@ index 1875064..e9c9277 100644
+ sudo_role_template(dbadm, dbadm_r, dbadm_t) + sudo_role_template(dbadm, dbadm_r, dbadm_t)
+') +')
diff --git a/policy/modules/roles/guest.te b/policy/modules/roles/guest.te diff --git a/policy/modules/roles/guest.te b/policy/modules/roles/guest.te
index 531c616..f332441 100644 index 1cb7311..1de82b2 100644
--- a/policy/modules/roles/guest.te --- a/policy/modules/roles/guest.te
+++ b/policy/modules/roles/guest.te +++ b/policy/modules/roles/guest.te
@@ -9,9 +9,15 @@ role guest_r; @@ -9,9 +9,15 @@ role guest_r;
@ -11152,7 +11152,7 @@ index 531c616..f332441 100644
+ +
+gen_user(guest_u, user, guest_r, s0, s0) +gen_user(guest_u, user, guest_r, s0, s0)
diff --git a/policy/modules/roles/secadm.te b/policy/modules/roles/secadm.te diff --git a/policy/modules/roles/secadm.te b/policy/modules/roles/secadm.te
index 5a3d720..924baee 100644 index be4de58..cce681a 100644
--- a/policy/modules/roles/secadm.te --- a/policy/modules/roles/secadm.te
+++ b/policy/modules/roles/secadm.te +++ b/policy/modules/roles/secadm.te
@@ -9,6 +9,8 @@ role secadm_r; @@ -9,6 +9,8 @@ role secadm_r;
@ -11165,10 +11165,10 @@ index 5a3d720..924baee 100644
######################################## ########################################
# #
diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te
index d62886d..2e8ae26 100644 index 2be17d2..96d3fbf 100644
--- a/policy/modules/roles/staff.te --- a/policy/modules/roles/staff.te
+++ b/policy/modules/roles/staff.te +++ b/policy/modules/roles/staff.te
@@ -8,12 +8,48 @@ policy_module(staff, 2.1.4) @@ -8,12 +8,48 @@ policy_module(staff, 2.2.0)
role staff_r; role staff_r;
userdom_unpriv_user_template(staff) userdom_unpriv_user_template(staff)
@ -11336,7 +11336,7 @@ index d62886d..2e8ae26 100644
') ')
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index d5e88be..fd670dd 100644 index 1ae9a94..27404e7 100644
--- a/policy/modules/roles/sysadm.te --- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te +++ b/policy/modules/roles/sysadm.te
@@ -24,20 +24,41 @@ ifndef(`enable_mls',` @@ -24,20 +24,41 @@ ifndef(`enable_mls',`
@ -12857,7 +12857,7 @@ index 0000000..7d5de28
+ +
+gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats) +gen_user(unconfined_u, user, unconfined_r system_r, s0, s0 - mls_systemhigh, mcs_allcats)
diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te
index 606a257..aa3da20 100644 index 1e0753e..4ae4116 100644
--- a/policy/modules/roles/unprivuser.te --- a/policy/modules/roles/unprivuser.te
+++ b/policy/modules/roles/unprivuser.te +++ b/policy/modules/roles/unprivuser.te
@@ -12,15 +12,51 @@ role user_r; @@ -12,15 +12,51 @@ role user_r;
@ -13222,10 +13222,10 @@ index 0b827c5..8961dba 100644
admin_pattern($1, abrt_tmp_t) admin_pattern($1, abrt_tmp_t)
') ')
diff --git a/policy/modules/services/abrt.te b/policy/modules/services/abrt.te diff --git a/policy/modules/services/abrt.te b/policy/modules/services/abrt.te
index 98646c4..5fdea83 100644 index 30861ec..7065b02 100644
--- a/policy/modules/services/abrt.te --- a/policy/modules/services/abrt.te
+++ b/policy/modules/services/abrt.te +++ b/policy/modules/services/abrt.te
@@ -5,6 +5,14 @@ policy_module(abrt, 1.1.1) @@ -5,6 +5,14 @@ policy_module(abrt, 1.2.0)
# Declarations # Declarations
# #
@ -13459,7 +13459,7 @@ index 8559cdc..49c0cc8 100644
# Allow afs_admin to restart the afs service # Allow afs_admin to restart the afs service
afs_initrc_domtrans($1) afs_initrc_domtrans($1)
diff --git a/policy/modules/services/afs.te b/policy/modules/services/afs.te diff --git a/policy/modules/services/afs.te b/policy/modules/services/afs.te
index de8b791..7e2cdf2 100644 index a496fde..847609a 100644
--- a/policy/modules/services/afs.te --- a/policy/modules/services/afs.te
+++ b/policy/modules/services/afs.te +++ b/policy/modules/services/afs.te
@@ -107,6 +107,10 @@ miscfiles_read_localization(afs_t) @@ -107,6 +107,10 @@ miscfiles_read_localization(afs_t)
@ -15463,7 +15463,7 @@ index 08dfa0c..b02e348 100644
+ userdom_read_user_home_content_files(httpd_user_script_t) + userdom_read_user_home_content_files(httpd_user_script_t)
') ')
diff --git a/policy/modules/services/apcupsd.te b/policy/modules/services/apcupsd.te diff --git a/policy/modules/services/apcupsd.te b/policy/modules/services/apcupsd.te
index 3b7d9eb..6a7073b 100644 index d052bf0..8478eca 100644
--- a/policy/modules/services/apcupsd.te --- a/policy/modules/services/apcupsd.te
+++ b/policy/modules/services/apcupsd.te +++ b/policy/modules/services/apcupsd.te
@@ -94,6 +94,10 @@ optional_policy(` @@ -94,6 +94,10 @@ optional_policy(`
@ -15653,7 +15653,7 @@ index 61c74bc..c6b0498 100644
allow avahi_t $1:dbus send_msg; allow avahi_t $1:dbus send_msg;
') ')
diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te
index fd64068..647fff8 100644 index a7a0e71..15686e9 100644
--- a/policy/modules/services/avahi.te --- a/policy/modules/services/avahi.te
+++ b/policy/modules/services/avahi.te +++ b/policy/modules/services/avahi.te
@@ -46,6 +46,7 @@ files_pid_filetrans(avahi_t, avahi_var_run_t, { dir file }) @@ -46,6 +46,7 @@ files_pid_filetrans(avahi_t, avahi_var_run_t, { dir file })
@ -15823,7 +15823,7 @@ index 4deca04..42aa033 100644
optional_policy(` optional_policy(`
diff --git a/policy/modules/services/bitlbee.te b/policy/modules/services/bitlbee.te diff --git a/policy/modules/services/bitlbee.te b/policy/modules/services/bitlbee.te
index 5f239ca..29de096 100644 index f4e7ad3..6591639 100644
--- a/policy/modules/services/bitlbee.te --- a/policy/modules/services/bitlbee.te
+++ b/policy/modules/services/bitlbee.te +++ b/policy/modules/services/bitlbee.te
@@ -28,7 +28,7 @@ files_type(bitlbee_var_t) @@ -28,7 +28,7 @@ files_type(bitlbee_var_t)
@ -16704,7 +16704,7 @@ index 0000000..575c16e
+ +
+init_sigchld_script(cachefiles_kernel_t) +init_sigchld_script(cachefiles_kernel_t)
diff --git a/policy/modules/services/canna.te b/policy/modules/services/canna.te diff --git a/policy/modules/services/canna.te b/policy/modules/services/canna.te
index a0dfd2f..d60e2bf 100644 index 1d25efe..1b16191 100644
--- a/policy/modules/services/canna.te --- a/policy/modules/services/canna.te
+++ b/policy/modules/services/canna.te +++ b/policy/modules/services/canna.te
@@ -34,7 +34,7 @@ allow canna_t self:unix_dgram_socket create_stream_socket_perms; @@ -34,7 +34,7 @@ allow canna_t self:unix_dgram_socket create_stream_socket_perms;
@ -16821,7 +16821,7 @@ index fa62787..ffd0da5 100644
admin_pattern($1, certmaster_etc_rw_t) admin_pattern($1, certmaster_etc_rw_t)
diff --git a/policy/modules/services/certmaster.te b/policy/modules/services/certmaster.te diff --git a/policy/modules/services/certmaster.te b/policy/modules/services/certmaster.te
index 73f03ff..d5c4c94 100644 index 3384132..daef4e1 100644
--- a/policy/modules/services/certmaster.te --- a/policy/modules/services/certmaster.te
+++ b/policy/modules/services/certmaster.te +++ b/policy/modules/services/certmaster.te
@@ -43,23 +43,23 @@ files_var_lib_filetrans(certmaster_t, certmaster_var_lib_t, { file dir }) @@ -43,23 +43,23 @@ files_var_lib_filetrans(certmaster_t, certmaster_var_lib_t, { file dir })
@ -16881,7 +16881,7 @@ index 7a6e5ba..d664be8 100644
admin_pattern($1, certmonger_var_run_t) admin_pattern($1, certmonger_var_run_t)
') ')
diff --git a/policy/modules/services/certmonger.te b/policy/modules/services/certmonger.te diff --git a/policy/modules/services/certmonger.te b/policy/modules/services/certmonger.te
index 1a65b5e..ec0594e 100644 index c3e3f79..23c4087 100644
--- a/policy/modules/services/certmonger.te --- a/policy/modules/services/certmonger.te
+++ b/policy/modules/services/certmonger.te +++ b/policy/modules/services/certmonger.te
@@ -23,7 +23,8 @@ files_type(certmonger_var_lib_t) @@ -23,7 +23,8 @@ files_type(certmonger_var_lib_t)
@ -17285,11 +17285,11 @@ index 1f11572..7f6a7ab 100644
') ')
diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te
index 8c36027..28863a5 100644 index f758323..f1571f1 100644
--- a/policy/modules/services/clamav.te --- a/policy/modules/services/clamav.te
+++ b/policy/modules/services/clamav.te +++ b/policy/modules/services/clamav.te
@@ -1,9 +1,9 @@ @@ -1,9 +1,9 @@
policy_module(clamav, 1.8.1) policy_module(clamav, 1.9.0)
## <desc> ## <desc>
-## <p> -## <p>
@ -18417,7 +18417,7 @@ index 9971337..f081899 100644
') ')
diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te diff --git a/policy/modules/services/courier.te b/policy/modules/services/courier.te
index 37f4810..cc93958 100644 index 2802dbb..5d323df 100644
--- a/policy/modules/services/courier.te --- a/policy/modules/services/courier.te
+++ b/policy/modules/services/courier.te +++ b/policy/modules/services/courier.te
@@ -93,7 +93,7 @@ allow courier_pop_t courier_authdaemon_t:process sigchld; @@ -93,7 +93,7 @@ allow courier_pop_t courier_authdaemon_t:process sigchld;
@ -19650,7 +19650,7 @@ index 0d5711c..3874025 100644
+ delete_files_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t) + delete_files_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t)
+') +')
diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te
index 9ce6713..ea78dc1 100644 index 98e5af6..61bb74a 100644
--- a/policy/modules/services/dbus.te --- a/policy/modules/services/dbus.te
+++ b/policy/modules/services/dbus.te +++ b/policy/modules/services/dbus.te
@@ -74,9 +74,10 @@ files_tmp_filetrans(system_dbusd_t, system_dbusd_tmp_t, { file dir }) @@ -74,9 +74,10 @@ files_tmp_filetrans(system_dbusd_t, system_dbusd_tmp_t, { file dir })
@ -19717,7 +19717,7 @@ index 784753e..bf65e7d 100644
stream_connect_pattern($1, dcc_var_t, dccifd_var_run_t, dccifd_t) stream_connect_pattern($1, dcc_var_t, dccifd_var_run_t, dccifd_t)
') ')
diff --git a/policy/modules/services/dcc.te b/policy/modules/services/dcc.te diff --git a/policy/modules/services/dcc.te b/policy/modules/services/dcc.te
index 8bab059..284a888 100644 index ec19ff4..d110456 100644
--- a/policy/modules/services/dcc.te --- a/policy/modules/services/dcc.te
+++ b/policy/modules/services/dcc.te +++ b/policy/modules/services/dcc.te
@@ -36,7 +36,7 @@ type dcc_var_t; @@ -36,7 +36,7 @@ type dcc_var_t;
@ -20919,7 +20919,7 @@ index 0000000..01c3755
+ snmp_stream_connect(dirsrv_snmp_t) + snmp_stream_connect(dirsrv_snmp_t)
+') +')
diff --git a/policy/modules/services/djbdns.te b/policy/modules/services/djbdns.te diff --git a/policy/modules/services/djbdns.te b/policy/modules/services/djbdns.te
index 0c6a473..51e2ce8 100644 index 03b5286..fcafa0b 100644
--- a/policy/modules/services/djbdns.te --- a/policy/modules/services/djbdns.te
+++ b/policy/modules/services/djbdns.te +++ b/policy/modules/services/djbdns.te
@@ -23,9 +23,6 @@ djbdns_daemontools_domain_template(tinydns) @@ -23,9 +23,6 @@ djbdns_daemontools_domain_template(tinydns)
@ -23199,7 +23199,7 @@ index 87b4531..db2d189 100644
+ files_list_etc($1) + files_list_etc($1)
') ')
diff --git a/policy/modules/services/hddtemp.te b/policy/modules/services/hddtemp.te diff --git a/policy/modules/services/hddtemp.te b/policy/modules/services/hddtemp.te
index 267bb4c..1647fc4 100644 index c234b32..a7b6bf7 100644
--- a/policy/modules/services/hddtemp.te --- a/policy/modules/services/hddtemp.te
+++ b/policy/modules/services/hddtemp.te +++ b/policy/modules/services/hddtemp.te
@@ -46,4 +46,3 @@ storage_raw_read_fixed_disk(hddtemp_t) @@ -46,4 +46,3 @@ storage_raw_read_fixed_disk(hddtemp_t)
@ -23252,10 +23252,10 @@ index ecab47a..40affd8 100644
- -
') ')
diff --git a/policy/modules/services/icecast.te b/policy/modules/services/icecast.te diff --git a/policy/modules/services/icecast.te b/policy/modules/services/icecast.te
index f368bf3..d43b779 100644 index fdb7e9a..1c02a45 100644
--- a/policy/modules/services/icecast.te --- a/policy/modules/services/icecast.te
+++ b/policy/modules/services/icecast.te +++ b/policy/modules/services/icecast.te
@@ -5,6 +5,14 @@ policy_module(icecast, 1.0.1) @@ -5,6 +5,14 @@ policy_module(icecast, 1.1.0)
# Declarations # Declarations
# #
@ -24275,7 +24275,7 @@ index 771e04b..81d98b3 100644
manage_files_pattern($1_t, $1_var_run_t, $1_var_run_t) manage_files_pattern($1_t, $1_var_run_t, $1_var_run_t)
files_pid_filetrans($1_t, $1_var_run_t, file) files_pid_filetrans($1_t, $1_var_run_t, file)
diff --git a/policy/modules/services/likewise.te b/policy/modules/services/likewise.te diff --git a/policy/modules/services/likewise.te b/policy/modules/services/likewise.te
index ae9d49f..931d2f5 100644 index 3acbf1d..ef07a0e 100644
--- a/policy/modules/services/likewise.te --- a/policy/modules/services/likewise.te
+++ b/policy/modules/services/likewise.te +++ b/policy/modules/services/likewise.te
@@ -17,7 +17,7 @@ type likewise_var_lib_t; @@ -17,7 +17,7 @@ type likewise_var_lib_t;
@ -24657,10 +24657,10 @@ index ed1af3c..40b5f0e 100644
+ delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t) + delete_files_pattern($1, dkim_milter_data_t, dkim_milter_data_t)
+') +')
diff --git a/policy/modules/services/milter.te b/policy/modules/services/milter.te diff --git a/policy/modules/services/milter.te b/policy/modules/services/milter.te
index 1b6dea0..b90c727 100644 index 47e3612..98801a7 100644
--- a/policy/modules/services/milter.te --- a/policy/modules/services/milter.te
+++ b/policy/modules/services/milter.te +++ b/policy/modules/services/milter.te
@@ -9,6 +9,13 @@ policy_module(milter, 1.2.1) @@ -9,6 +9,13 @@ policy_module(milter, 1.3.0)
attribute milter_domains; attribute milter_domains;
attribute milter_data_type; attribute milter_data_type;
@ -26616,7 +26616,7 @@ index 8581040..cfcdf10 100644
allow $1 nagios_t:process { ptrace signal_perms }; allow $1 nagios_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te
index da5b33d..8b56967 100644 index bf64a4c..55b3ce7 100644
--- a/policy/modules/services/nagios.te --- a/policy/modules/services/nagios.te
+++ b/policy/modules/services/nagios.te +++ b/policy/modules/services/nagios.te
@@ -107,13 +107,11 @@ files_read_etc_files(nagios_t) @@ -107,13 +107,11 @@ files_read_etc_files(nagios_t)
@ -27309,7 +27309,7 @@ index 23c769c..be5a5b4 100644
+ admin_pattern($1, nslcd_var_run_t, nslcd_var_run_t) + admin_pattern($1, nslcd_var_run_t, nslcd_var_run_t)
') ')
diff --git a/policy/modules/services/nslcd.te b/policy/modules/services/nslcd.te diff --git a/policy/modules/services/nslcd.te b/policy/modules/services/nslcd.te
index 34eee5f..a9f19d8 100644 index 4e28d58..01faaef 100644
--- a/policy/modules/services/nslcd.te --- a/policy/modules/services/nslcd.te
+++ b/policy/modules/services/nslcd.te +++ b/policy/modules/services/nslcd.te
@@ -16,7 +16,7 @@ type nslcd_var_run_t; @@ -16,7 +16,7 @@ type nslcd_var_run_t;
@ -27633,7 +27633,7 @@ index bb4fae5..b1b5e51 100644
+ admin_pattern($1, oidentd_config_t) + admin_pattern($1, oidentd_config_t)
+') +')
diff --git a/policy/modules/services/oident.te b/policy/modules/services/oident.te diff --git a/policy/modules/services/oident.te b/policy/modules/services/oident.te
index f0da874..18f8a8c 100644 index 8845174..98f541f 100644
--- a/policy/modules/services/oident.te --- a/policy/modules/services/oident.te
+++ b/policy/modules/services/oident.te +++ b/policy/modules/services/oident.te
@@ -26,10 +26,10 @@ files_config_file(oidentd_config_t) @@ -26,10 +26,10 @@ files_config_file(oidentd_config_t)
@ -28022,10 +28022,10 @@ index 1c2a091..ea5ae69 100644
# #
interface(`pcscd_domtrans',` interface(`pcscd_domtrans',`
diff --git a/policy/modules/services/pcscd.te b/policy/modules/services/pcscd.te diff --git a/policy/modules/services/pcscd.te b/policy/modules/services/pcscd.te
index 3116191..df751a6 100644 index ceafba6..eca6852 100644
--- a/policy/modules/services/pcscd.te --- a/policy/modules/services/pcscd.te
+++ b/policy/modules/services/pcscd.te +++ b/policy/modules/services/pcscd.te
@@ -7,7 +7,6 @@ policy_module(pcscd, 1.6.1) @@ -7,7 +7,6 @@ policy_module(pcscd, 1.7.0)
type pcscd_t; type pcscd_t;
type pcscd_exec_t; type pcscd_exec_t;
@ -29228,7 +29228,7 @@ index 4313a6f..1d9fa76 100644
/sbin/portreserve -- gen_context(system_u:object_r:portreserve_exec_t,s0) /sbin/portreserve -- gen_context(system_u:object_r:portreserve_exec_t,s0)
diff --git a/policy/modules/services/portreserve.te b/policy/modules/services/portreserve.te diff --git a/policy/modules/services/portreserve.te b/policy/modules/services/portreserve.te
index 0b1f471..075a550 100644 index 152af92..1594066 100644
--- a/policy/modules/services/portreserve.te --- a/policy/modules/services/portreserve.te
+++ b/policy/modules/services/portreserve.te +++ b/policy/modules/services/portreserve.te
@@ -13,7 +13,7 @@ type portreserve_initrc_exec_t; @@ -13,7 +13,7 @@ type portreserve_initrc_exec_t;
@ -30011,7 +30011,7 @@ index 539a7c9..4782bdb 100644
postgresql_tcp_connect($1) postgresql_tcp_connect($1)
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
index 39abf57..b4101fa 100644 index 4b18978..1ab2e1d 100644
--- a/policy/modules/services/postgresql.te --- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te +++ b/policy/modules/services/postgresql.te
@@ -15,16 +15,16 @@ gen_require(` @@ -15,16 +15,16 @@ gen_require(`
@ -30354,7 +30354,7 @@ index 2316653..77ef768 100644
+ admin_pattern($1, prelude_lml_tmp_t) + admin_pattern($1, prelude_lml_tmp_t)
') ')
diff --git a/policy/modules/services/prelude.te b/policy/modules/services/prelude.te diff --git a/policy/modules/services/prelude.te b/policy/modules/services/prelude.te
index 7e84587..febda2f 100644 index b1bc02c..8f0b07e 100644
--- a/policy/modules/services/prelude.te --- a/policy/modules/services/prelude.te
+++ b/policy/modules/services/prelude.te +++ b/policy/modules/services/prelude.te
@@ -35,7 +35,6 @@ files_pid_file(prelude_audisp_var_run_t) @@ -35,7 +35,6 @@ files_pid_file(prelude_audisp_var_run_t)
@ -30391,10 +30391,10 @@ index 7e84587..febda2f 100644
dev_read_rand(prelude_lml_t) dev_read_rand(prelude_lml_t)
diff --git a/policy/modules/services/privoxy.te b/policy/modules/services/privoxy.te diff --git a/policy/modules/services/privoxy.te b/policy/modules/services/privoxy.te
index 6f1b2c3..3f1a3fe 100644 index 2dbf4d4..abb4475 100644
--- a/policy/modules/services/privoxy.te --- a/policy/modules/services/privoxy.te
+++ b/policy/modules/services/privoxy.te +++ b/policy/modules/services/privoxy.te
@@ -6,10 +6,10 @@ policy_module(privoxy, 1.10.1) @@ -6,10 +6,10 @@ policy_module(privoxy, 1.11.0)
# #
## <desc> ## <desc>
@ -31556,10 +31556,10 @@ index f04a595..3203212 100644
+ read_files_pattern($1, razor_var_lib_t, razor_var_lib_t) + read_files_pattern($1, razor_var_lib_t, razor_var_lib_t)
+') +')
diff --git a/policy/modules/services/razor.te b/policy/modules/services/razor.te diff --git a/policy/modules/services/razor.te b/policy/modules/services/razor.te
index 340a6c0..f24c52e 100644 index 852840b..1244ab2 100644
--- a/policy/modules/services/razor.te --- a/policy/modules/services/razor.te
+++ b/policy/modules/services/razor.te +++ b/policy/modules/services/razor.te
@@ -5,118 +5,139 @@ policy_module(razor, 2.1.1) @@ -5,118 +5,139 @@ policy_module(razor, 2.2.0)
# Declarations # Declarations
# #
@ -34256,7 +34256,7 @@ index 4804f14..6f49778 100644
term_dontaudit_search_ptys(fsdaemon_t) term_dontaudit_search_ptys(fsdaemon_t)
diff --git a/policy/modules/services/smokeping.te b/policy/modules/services/smokeping.te diff --git a/policy/modules/services/smokeping.te b/policy/modules/services/smokeping.te
index 688fbd0..5873bce 100644 index 740994a..a92ba26 100644
--- a/policy/modules/services/smokeping.te --- a/policy/modules/services/smokeping.te
+++ b/policy/modules/services/smokeping.te +++ b/policy/modules/services/smokeping.te
@@ -23,7 +23,7 @@ files_type(smokeping_var_lib_t) @@ -23,7 +23,7 @@ files_type(smokeping_var_lib_t)
@ -34452,7 +34452,7 @@ index c117e8b..88ebedb 100644
+ files_list_pids($1) + files_list_pids($1)
') ')
diff --git a/policy/modules/services/snort.te b/policy/modules/services/snort.te diff --git a/policy/modules/services/snort.te b/policy/modules/services/snort.te
index d7f4bd4..012723c 100644 index 179bc1b..735c400 100644
--- a/policy/modules/services/snort.te --- a/policy/modules/services/snort.te
+++ b/policy/modules/services/snort.te +++ b/policy/modules/services/snort.te
@@ -32,17 +32,17 @@ files_pid_file(snort_var_run_t) @@ -32,17 +32,17 @@ files_pid_file(snort_var_run_t)
@ -34699,10 +34699,10 @@ index c954f31..7f57f22 100644
+ admin_pattern($1, spamd_var_run_t) + admin_pattern($1, spamd_var_run_t)
') ')
diff --git a/policy/modules/services/spamassassin.te b/policy/modules/services/spamassassin.te diff --git a/policy/modules/services/spamassassin.te b/policy/modules/services/spamassassin.te
index 9d40380..56e4c2e 100644 index ec1eb1e..9948efa 100644
--- a/policy/modules/services/spamassassin.te --- a/policy/modules/services/spamassassin.te
+++ b/policy/modules/services/spamassassin.te +++ b/policy/modules/services/spamassassin.te
@@ -6,54 +6,93 @@ policy_module(spamassassin, 2.3.1) @@ -6,54 +6,93 @@ policy_module(spamassassin, 2.4.0)
# #
## <desc> ## <desc>
@ -35956,10 +35956,10 @@ index 6073656..eaf49b2 100644
allow $1 stunnel_t:tcp_socket rw_socket_perms; allow $1 stunnel_t:tcp_socket rw_socket_perms;
') ')
diff --git a/policy/modules/services/stunnel.te b/policy/modules/services/stunnel.te diff --git a/policy/modules/services/stunnel.te b/policy/modules/services/stunnel.te
index 7ecb27b..296e5ba 100644 index f646c66..b8eec46 100644
--- a/policy/modules/services/stunnel.te --- a/policy/modules/services/stunnel.te
+++ b/policy/modules/services/stunnel.te +++ b/policy/modules/services/stunnel.te
@@ -6,17 +6,7 @@ policy_module(stunnel, 1.9.1) @@ -6,17 +6,7 @@ policy_module(stunnel, 1.10.0)
# #
type stunnel_t; type stunnel_t;
@ -36372,7 +36372,7 @@ index 904f13e..464347f 100644
init_labeled_script_domtrans($1, tor_initrc_exec_t) init_labeled_script_domtrans($1, tor_initrc_exec_t)
diff --git a/policy/modules/services/tor.te b/policy/modules/services/tor.te diff --git a/policy/modules/services/tor.te b/policy/modules/services/tor.te
index f793912..8e58d40 100644 index c842cad..fe5deee 100644
--- a/policy/modules/services/tor.te --- a/policy/modules/services/tor.te
+++ b/policy/modules/services/tor.te +++ b/policy/modules/services/tor.te
@@ -42,6 +42,7 @@ files_pid_file(tor_var_run_t) @@ -42,6 +42,7 @@ files_pid_file(tor_var_run_t)
@ -36510,7 +36510,7 @@ index 831b4a3..a206464 100644
/var/log/ulogd(/.*)? gen_context(system_u:object_r:ulogd_var_log_t,s0) /var/log/ulogd(/.*)? gen_context(system_u:object_r:ulogd_var_log_t,s0)
diff --git a/policy/modules/services/ulogd.te b/policy/modules/services/ulogd.te diff --git a/policy/modules/services/ulogd.te b/policy/modules/services/ulogd.te
index 00aa99e..5f1ad7d 100644 index 3b953f5..70f687a 100644
--- a/policy/modules/services/ulogd.te --- a/policy/modules/services/ulogd.te
+++ b/policy/modules/services/ulogd.te +++ b/policy/modules/services/ulogd.te
@@ -11,7 +11,7 @@ init_daemon_domain(ulogd_t, ulogd_exec_t) @@ -11,7 +11,7 @@ init_daemon_domain(ulogd_t, ulogd_exec_t)
@ -36551,7 +36551,7 @@ index c2cf97e..037a1e8 100644
allow uptimed_t uptimed_etc_t:file read_file_perms; allow uptimed_t uptimed_etc_t:file read_file_perms;
files_search_etc(uptimed_t) files_search_etc(uptimed_t)
diff --git a/policy/modules/services/uucp.te b/policy/modules/services/uucp.te diff --git a/policy/modules/services/uucp.te b/policy/modules/services/uucp.te
index 9001230..7ff3ef8 100644 index d4349e9..d9dbcc2 100644
--- a/policy/modules/services/uucp.te --- a/policy/modules/services/uucp.te
+++ b/policy/modules/services/uucp.te +++ b/policy/modules/services/uucp.te
@@ -125,6 +125,8 @@ optional_policy(` @@ -125,6 +125,8 @@ optional_policy(`
@ -36564,10 +36564,10 @@ index 9001230..7ff3ef8 100644
uucp_manage_spool(uux_t) uucp_manage_spool(uux_t)
diff --git a/policy/modules/services/varnishd.te b/policy/modules/services/varnishd.te diff --git a/policy/modules/services/varnishd.te b/policy/modules/services/varnishd.te
index e385c83..10710fd 100644 index f9310f3..064171e 100644
--- a/policy/modules/services/varnishd.te --- a/policy/modules/services/varnishd.te
+++ b/policy/modules/services/varnishd.te +++ b/policy/modules/services/varnishd.te
@@ -6,10 +6,10 @@ policy_module(varnishd, 1.1.1) @@ -6,10 +6,10 @@ policy_module(varnishd, 1.2.0)
# #
## <desc> ## <desc>
@ -39108,7 +39108,7 @@ index da2601a..6b12229 100644
+ manage_files_pattern($1, user_fonts_config_t, user_fonts_config_t) + manage_files_pattern($1, user_fonts_config_t, user_fonts_config_t)
+') +')
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index e226da4..1ada171 100644 index 145fc4b..6b4d8c9 100644
--- a/policy/modules/services/xserver.te --- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te
@@ -26,27 +26,50 @@ gen_require(` @@ -26,27 +26,50 @@ gen_require(`
@ -40220,7 +40220,7 @@ index d77e631..4776863 100644
# #
interface(`zabbix_append_log',` interface(`zabbix_append_log',`
diff --git a/policy/modules/services/zabbix.te b/policy/modules/services/zabbix.te diff --git a/policy/modules/services/zabbix.te b/policy/modules/services/zabbix.te
index b8dd21a..20d7cde 100644 index c26ecf5..b906c48 100644
--- a/policy/modules/services/zabbix.te --- a/policy/modules/services/zabbix.te
+++ b/policy/modules/services/zabbix.te +++ b/policy/modules/services/zabbix.te
@@ -26,11 +26,11 @@ files_pid_file(zabbix_var_run_t) @@ -26,11 +26,11 @@ files_pid_file(zabbix_var_run_t)
@ -40561,10 +40561,10 @@ index 6b87605..347f754 100644
allow $1 zebra_t:process { ptrace signal_perms }; allow $1 zebra_t:process { ptrace signal_perms };
diff --git a/policy/modules/services/zebra.te b/policy/modules/services/zebra.te diff --git a/policy/modules/services/zebra.te b/policy/modules/services/zebra.te
index c349adc..a4855b1 100644 index ade6c2c..2b78f0d 100644
--- a/policy/modules/services/zebra.te --- a/policy/modules/services/zebra.te
+++ b/policy/modules/services/zebra.te +++ b/policy/modules/services/zebra.te
@@ -6,11 +6,10 @@ policy_module(zebra, 1.11.1) @@ -6,11 +6,10 @@ policy_module(zebra, 1.12.0)
# #
## <desc> ## <desc>
@ -41463,7 +41463,7 @@ index 408f4e6..55c2d03 100644
auth_rw_login_records(getty_t) auth_rw_login_records(getty_t)
diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te
index 1fcd657..52063bc 100644 index c310775..d5fc685 100644
--- a/policy/modules/system/hostname.te --- a/policy/modules/system/hostname.te
+++ b/policy/modules/system/hostname.te +++ b/policy/modules/system/hostname.te
@@ -28,15 +28,18 @@ dev_read_sysfs(hostname_t) @@ -28,15 +28,18 @@ dev_read_sysfs(hostname_t)
@ -42005,7 +42005,7 @@ index df3fa64..473d2b4 100644
+ allow $1 init_t:unix_dgram_socket sendto; + allow $1 init_t:unix_dgram_socket sendto;
+') +')
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index 8a105fd..2be1d2a 100644 index 2fbb25a..2cba7c4 100644
--- a/policy/modules/system/init.te --- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te +++ b/policy/modules/system/init.te
@@ -16,6 +16,27 @@ gen_require(` @@ -16,6 +16,27 @@ gen_require(`
@ -43936,7 +43936,7 @@ index c7cfb62..620e0a4 100644
init_labeled_script_domtrans($1, syslogd_initrc_exec_t) init_labeled_script_domtrans($1, syslogd_initrc_exec_t)
domain_system_change_exemption($1) domain_system_change_exemption($1)
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index aa2b0a6..304fbba 100644 index 9b5a9ed..2b30dd6 100644
--- a/policy/modules/system/logging.te --- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te
@@ -55,11 +55,12 @@ type klogd_var_run_t; @@ -55,11 +55,12 @@ type klogd_var_run_t;
@ -44296,10 +44296,10 @@ index 926ba65..1dfa62a 100644
## transfer services. ## transfer services.
## </summary> ## </summary>
diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te diff --git a/policy/modules/system/miscfiles.te b/policy/modules/system/miscfiles.te
index 2cb10d4..6c33b3b 100644 index 703944c..1d3a6a9 100644
--- a/policy/modules/system/miscfiles.te --- a/policy/modules/system/miscfiles.te
+++ b/policy/modules/system/miscfiles.te +++ b/policy/modules/system/miscfiles.te
@@ -4,7 +4,6 @@ policy_module(miscfiles, 1.8.2) @@ -4,7 +4,6 @@ policy_module(miscfiles, 1.9.0)
# #
# Declarations # Declarations
# #
@ -44710,7 +44710,7 @@ index 8b5c196..b195f9d 100644
+ role $2 types showmount_t; + role $2 types showmount_t;
') ')
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 6fe8471..21de81b 100644 index 1899313..c6b6821 100644
--- a/policy/modules/system/mount.te --- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te +++ b/policy/modules/system/mount.te
@@ -17,8 +17,15 @@ type mount_exec_t; @@ -17,8 +17,15 @@ type mount_exec_t;
@ -45945,7 +45945,7 @@ index ff5d72d..9cd171a 100644
+ unconfined_domain(setfiles_mac_t) + unconfined_domain(setfiles_mac_t)
') ')
diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te
index 0e48679..78b3429 100644 index 1447687..cdc0223 100644
--- a/policy/modules/system/setrans.te --- a/policy/modules/system/setrans.te
+++ b/policy/modules/system/setrans.te +++ b/policy/modules/system/setrans.te
@@ -12,6 +12,7 @@ gen_require(` @@ -12,6 +12,7 @@ gen_require(`
@ -47350,10 +47350,10 @@ index 416e668..20a28e7 100644
- allow $1 unconfined_t:dbus acquire_svc; - allow $1 unconfined_t:dbus acquire_svc;
-') -')
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
index 8a4ee77..f0dca4c 100644 index eae5001..71e46b2 100644
--- a/policy/modules/system/unconfined.te --- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te +++ b/policy/modules/system/unconfined.te
@@ -4,231 +4,4 @@ policy_module(unconfined, 3.2.1) @@ -4,231 +4,4 @@ policy_module(unconfined, 3.3.0)
# #
# Declarations # Declarations
# #
@ -50099,10 +50099,10 @@ index 35f1476..1571559 100644
+ type_transition $1 user_tmp_t:process $2; + type_transition $1 user_tmp_t:process $2;
+') +')
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index a7088c6..2c840bc 100644 index df29ca1..97b3c20 100644
--- a/policy/modules/system/userdomain.te --- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te +++ b/policy/modules/system/userdomain.te
@@ -7,7 +7,7 @@ policy_module(userdomain, 4.4.4) @@ -7,7 +7,7 @@ policy_module(userdomain, 4.5.0)
## <desc> ## <desc>
## <p> ## <p>

View File

@ -20,8 +20,8 @@
%define CHECKPOLICYVER 2.0.21-1 %define CHECKPOLICYVER 2.0.21-1
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 3.9.10 Version: 3.9.11
Release: 13%{?dist} Release: 1%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Base Group: System Environment/Base
Source: serefpolicy-%{version}.tgz Source: serefpolicy-%{version}.tgz
@ -471,17 +471,21 @@ exit 0
%endif %endif
%changelog %changelog
* Tue Dec 14 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-13 * Wed Dec 15 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.11-1
- Update to upstream
- Fix version of policy in spec file
* Tue Dec 14 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-13
- Allow sandbox to run on nfs partitions, fixes for systemd_tmpfs - Allow sandbox to run on nfs partitions, fixes for systemd_tmpfs
- remove per sandbox domains devpts types - remove per sandbox domains devpts types
- Allow dkim-milter sending signal to itself - Allow dkim-milter sending signal to itself
* Mon Dec 13 2010 Dan Walsh <dwalsh@redhat.com> 3.9.9-12 * Mon Dec 13 2010 Dan Walsh <dwalsh@redhat.com> 3.9.10-12
- Allow domains that transition to ping or traceroute, kill them - Allow domains that transition to ping or traceroute, kill them
- Allow user_t to conditionally transition to ping_t and traceroute_t - Allow user_t to conditionally transition to ping_t and traceroute_t
- Add fixes to systemd- tools, including new labeling for systemd-fsck, systemd-cryptsetup - Add fixes to systemd- tools, including new labeling for systemd-fsck, systemd-cryptsetup
* Mon Dec 13 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-11 * Mon Dec 13 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-11
- Turn on systemd policy - Turn on systemd policy
- mozilla_plugin needs to read certs in the homedir. - mozilla_plugin needs to read certs in the homedir.
- Dontaudit leaked file descriptors from devicekit - Dontaudit leaked file descriptors from devicekit
@ -494,19 +498,19 @@ exit 0
- systemd is creating symlinks in /dev - systemd is creating symlinks in /dev
- Change label on /etc/httpd/alias to be all cert_t - Change label on /etc/httpd/alias to be all cert_t
* Fri Dec 10 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-10 * Fri Dec 10 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-10
- Fixes for clamscan and boinc policy - Fixes for clamscan and boinc policy
- Add boinc_project_t setpgid - Add boinc_project_t setpgid
- Allow alsa to create tmp files in /tmp - Allow alsa to create tmp files in /tmp
* Tue Dec 7 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-9 * Tue Dec 7 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-9
- Push fixes to allow disabling of unlabeled_t packet access - Push fixes to allow disabling of unlabeled_t packet access
- Enable unlabelednet policy - Enable unlabelednet policy
* Tue Dec 7 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-8 * Tue Dec 7 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-8
- Fixes for lvm to work with systemd - Fixes for lvm to work with systemd
* Mon Dec 6 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-7 * Mon Dec 6 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-7
- Fix the label for wicd log - Fix the label for wicd log
- plymouthd creates force-display-on-active-vt file - plymouthd creates force-display-on-active-vt file
- Allow avahi to request the kernel to load a module - Allow avahi to request the kernel to load a module
@ -518,19 +522,19 @@ exit 0
- Fix the label for wicd log - Fix the label for wicd log
- Add systemd policy - Add systemd policy
* Fri Dec 3 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-6 * Fri Dec 3 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-6
- Fix gnome_manage_data interface - Fix gnome_manage_data interface
- Dontaudit sys_ptrace capability for iscsid - Dontaudit sys_ptrace capability for iscsid
- Fixes for nagios plugin policy - Fixes for nagios plugin policy
* Thu Dec 1 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.9-5 * Thu Dec 1 2010 Miroslav Grepl <mgrepl@redhat.com> 3.9.10-5
- Fix cron to run ranged when started by init - Fix cron to run ranged when started by init
- Fix devicekit to use log files - Fix devicekit to use log files
- Dontaudit use of devicekit_var_run_t for fstools - Dontaudit use of devicekit_var_run_t for fstools
- Allow init to setattr on logfile directories - Allow init to setattr on logfile directories
- Allow hald to manage files in /var/run/pm-utils/ dir which is now labeled as devicekit_var_run_t - Allow hald to manage files in /var/run/pm-utils/ dir which is now labeled as devicekit_var_run_t
* Tue Nov 30 2010 Dan Walsh <dwalsh@redhat.com> 3.9.9-4 * Tue Nov 30 2010 Dan Walsh <dwalsh@redhat.com> 3.9.10-4
- Fix up handling of dnsmasq_t creating /var/run/libvirt/network - Fix up handling of dnsmasq_t creating /var/run/libvirt/network
- Turn on sshd_forward_ports boolean by default - Turn on sshd_forward_ports boolean by default
- Allow sysadmin to dbus chat with rpm - Allow sysadmin to dbus chat with rpm

View File

@ -1,2 +1,2 @@
409b40c8102b1617681ba17c31032e66 config.tgz 409b40c8102b1617681ba17c31032e66 config.tgz
1deb2db0ad303b26fc44b5c7f7497c32 serefpolicy-3.9.10.tgz 7e14bb9fd00b6aabaf1372bab00914cc serefpolicy-3.9.11.tgz