From ba65f59092bd3c102700d05e89c884bdb1d1ed54 Mon Sep 17 00:00:00 2001
From: Lukas Vrabec <lvrabec@redhat.com>
Date: Mon, 3 Nov 2014 16:31:25 +0100
Subject: [PATCH] Fixed mistakes in build.

---
 policy-rawhide-contrib.patch | 58 +++++++++++++++++-------------------
 selinux-policy.spec          |  2 ++
 2 files changed, 29 insertions(+), 31 deletions(-)

diff --git a/policy-rawhide-contrib.patch b/policy-rawhide-contrib.patch
index 53800e9c..7d8b345c 100644
--- a/policy-rawhide-contrib.patch
+++ b/policy-rawhide-contrib.patch
@@ -20732,7 +20732,7 @@ index dda905b..ccd0ba9 100644
  /var/named/chroot/var/run/dbus(/.*)?	gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
 +')
 diff --git a/dbus.if b/dbus.if
-index 62d22cb..5f27946 100644
+index 62d22cb..e1b35aa 100644
 --- a/dbus.if
 +++ b/dbus.if
 @@ -1,4 +1,4 @@
@@ -20858,7 +20858,7 @@ index 62d22cb..5f27946 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -103,91 +129,86 @@ template(`dbus_role_template',`
+@@ -103,91 +129,84 @@ template(`dbus_role_template',`
  #
  interface(`dbus_system_bus_client',`
  	gen_require(`
@@ -20868,13 +20868,11 @@ index 62d22cb..5f27946 100644
 +		type system_dbusd_var_run_t, system_dbusd_var_lib_t;
  		class dbus send_msg;
 +		attribute dbusd_unconfined;
-+		attribute system_bus_client;
  	')
  
 -	typeattribute $1 dbusd_system_bus_client;
 -
 +	# SE-DBus specific permissions
-+	typeattribute $1 system_bus_client;
  	allow $1 { system_dbusd_t self }:dbus send_msg;
 -	allow system_dbusd_t $1:dbus send_msg;
 +	allow { system_dbusd_t dbusd_unconfined } $1:dbus send_msg;
@@ -20986,7 +20984,7 @@ index 62d22cb..5f27946 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -195,15 +216,18 @@ interface(`dbus_connect_spec_session_bus',`
+@@ -195,15 +214,18 @@ interface(`dbus_connect_spec_session_bus',`
  ##	</summary>
  ## </param>
  #
@@ -21011,7 +21009,7 @@ index 62d22cb..5f27946 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -211,57 +235,39 @@ interface(`dbus_session_bus_client',`
+@@ -211,57 +233,39 @@ interface(`dbus_session_bus_client',`
  ##	</summary>
  ## </param>
  #
@@ -21083,7 +21081,7 @@ index 62d22cb..5f27946 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -269,15 +275,19 @@ interface(`dbus_spec_session_bus_client',`
+@@ -269,15 +273,19 @@ interface(`dbus_spec_session_bus_client',`
  ##	</summary>
  ## </param>
  #
@@ -21109,7 +21107,7 @@ index 62d22cb..5f27946 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -285,44 +295,52 @@ interface(`dbus_send_session_bus',`
+@@ -285,44 +293,52 @@ interface(`dbus_send_session_bus',`
  ##	</summary>
  ## </param>
  #
@@ -21176,7 +21174,7 @@ index 62d22cb..5f27946 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -330,18 +348,18 @@ interface(`dbus_send_spec_session_bus',`
+@@ -330,18 +346,18 @@ interface(`dbus_send_spec_session_bus',`
  ##	</summary>
  ## </param>
  #
@@ -21200,7 +21198,7 @@ index 62d22cb..5f27946 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -349,20 +367,18 @@ interface(`dbus_read_config',`
+@@ -349,20 +365,18 @@ interface(`dbus_read_config',`
  ##	</summary>
  ## </param>
  #
@@ -21226,7 +21224,7 @@ index 62d22cb..5f27946 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -370,26 +386,20 @@ interface(`dbus_read_lib_files',`
+@@ -370,26 +384,20 @@ interface(`dbus_read_lib_files',`
  ##	</summary>
  ## </param>
  #
@@ -21259,7 +21257,7 @@ index 62d22cb..5f27946 100644
  ## <param name="domain">
  ##	<summary>
  ##	Type to be used as a domain.
-@@ -397,81 +407,67 @@ interface(`dbus_manage_lib_files',`
+@@ -397,81 +405,67 @@ interface(`dbus_manage_lib_files',`
  ## </param>
  ## <param name="entry_point">
  ##	<summary>
@@ -21369,7 +21367,7 @@ index 62d22cb..5f27946 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -479,18 +475,18 @@ interface(`dbus_spec_session_domain',`
+@@ -479,18 +473,18 @@ interface(`dbus_spec_session_domain',`
  ##	</summary>
  ## </param>
  #
@@ -21393,7 +21391,7 @@ index 62d22cb..5f27946 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -498,98 +494,100 @@ interface(`dbus_connect_system_bus',`
+@@ -498,98 +492,100 @@ interface(`dbus_connect_system_bus',`
  ##	</summary>
  ## </param>
  #
@@ -21537,7 +21535,7 @@ index 62d22cb..5f27946 100644
  ## </summary>
  ## <param name="domain">
  ##	<summary>
-@@ -597,28 +595,51 @@ interface(`dbus_use_system_bus_fds',`
+@@ -597,28 +593,50 @@ interface(`dbus_use_system_bus_fds',`
  ##	</summary>
  ## </param>
  #
@@ -21572,13 +21570,12 @@ index 62d22cb..5f27946 100644
  	gen_require(`
 -		attribute dbusd_unconfined;
 +		attribute system_bus_type;
-+		attribute system_bus_client;
 +		class dbus send_msg;
  	')
  
 -	typeattribute $1 dbusd_unconfined;
-+	allow $1 { system_bus_type system_bus_client }:dbus send_msg;
-+	allow { system_bus_type system_bus_client } $1:dbus send_msg;
++	allow $1 system_bus_type:dbus send_msg;
++	allow system_bus_type $1:dbus send_msg;
 +')
 +
 +#######################################
@@ -21598,10 +21595,10 @@ index 62d22cb..5f27946 100644
 +    files_var_filetrans($1, system_dbusd_var_lib_t, dir, "ibus")
  ')
 diff --git a/dbus.te b/dbus.te
-index c9998c8..4e0254d 100644
+index c9998c8..94ff984 100644
 --- a/dbus.te
 +++ b/dbus.te
-@@ -4,17 +4,16 @@ gen_require(`
+@@ -4,17 +4,15 @@ gen_require(`
  	class dbus all_dbus_perms;
  ')
  
@@ -21614,7 +21611,6 @@ index c9998c8..4e0254d 100644
  
  attribute dbusd_unconfined;
 +attribute system_bus_type;
-+attribute system_bus_client;
  attribute session_bus_type;
  
 -attribute dbusd_system_bus_client;
@@ -21623,7 +21619,7 @@ index c9998c8..4e0254d 100644
  type dbusd_etc_t;
  files_config_file(dbusd_etc_t)
  
-@@ -22,9 +21,6 @@ type dbusd_exec_t;
+@@ -22,9 +20,6 @@ type dbusd_exec_t;
  corecmd_executable_file(dbusd_exec_t)
  typealias dbusd_exec_t alias system_dbusd_exec_t;
  
@@ -21633,7 +21629,7 @@ index c9998c8..4e0254d 100644
  type session_dbusd_tmp_t;
  typealias session_dbusd_tmp_t alias { user_dbusd_tmp_t staff_dbusd_tmp_t sysadm_dbusd_tmp_t };
  typealias session_dbusd_tmp_t alias { auditadm_dbusd_tmp_t secadm_dbusd_tmp_t };
-@@ -41,7 +37,8 @@ files_type(system_dbusd_var_lib_t)
+@@ -41,7 +36,8 @@ files_type(system_dbusd_var_lib_t)
  
  type system_dbusd_var_run_t;
  files_pid_file(system_dbusd_var_run_t)
@@ -21643,7 +21639,7 @@ index c9998c8..4e0254d 100644
  
  ifdef(`enable_mcs',`
  	init_ranged_system_domain(system_dbusd_t, dbusd_exec_t, s0 - mcs_systemhigh)
-@@ -51,59 +48,62 @@ ifdef(`enable_mls',`
+@@ -51,59 +47,62 @@ ifdef(`enable_mls',`
  	init_ranged_system_domain(system_dbusd_t, dbusd_exec_t, s0 - mls_systemhigh)
  ')
  
@@ -21723,7 +21719,7 @@ index c9998c8..4e0254d 100644
  mls_fd_use_all_levels(system_dbusd_t)
  mls_rangetrans_target(system_dbusd_t)
  mls_file_read_all_levels(system_dbusd_t)
-@@ -123,66 +123,165 @@ term_dontaudit_use_console(system_dbusd_t)
+@@ -123,66 +122,165 @@ term_dontaudit_use_console(system_dbusd_t)
  auth_use_nsswitch(system_dbusd_t)
  auth_read_pam_console_data(system_dbusd_t)
  
@@ -21903,7 +21899,7 @@ index c9998c8..4e0254d 100644
  kernel_read_kernel_sysctls(session_bus_type)
  
  corecmd_list_bin(session_bus_type)
-@@ -191,23 +290,18 @@ corecmd_read_bin_files(session_bus_type)
+@@ -191,23 +289,18 @@ corecmd_read_bin_files(session_bus_type)
  corecmd_read_bin_pipes(session_bus_type)
  corecmd_read_bin_sockets(session_bus_type)
  
@@ -21928,7 +21924,7 @@ index c9998c8..4e0254d 100644
  files_dontaudit_search_var(session_bus_type)
  
  fs_getattr_romfs(session_bus_type)
-@@ -215,7 +309,6 @@ fs_getattr_xattr_fs(session_bus_type)
+@@ -215,7 +308,6 @@ fs_getattr_xattr_fs(session_bus_type)
  fs_list_inotifyfs(session_bus_type)
  fs_dontaudit_list_nfs(session_bus_type)
  
@@ -21936,7 +21932,7 @@ index c9998c8..4e0254d 100644
  selinux_validate_context(session_bus_type)
  selinux_compute_access_vector(session_bus_type)
  selinux_compute_create_context(session_bus_type)
-@@ -225,18 +318,36 @@ selinux_compute_user_contexts(session_bus_type)
+@@ -225,18 +317,36 @@ selinux_compute_user_contexts(session_bus_type)
  auth_read_pam_console_data(session_bus_type)
  
  logging_send_audit_msgs(session_bus_type)
@@ -21978,7 +21974,7 @@ index c9998c8..4e0254d 100644
  ')
  
  ########################################
-@@ -244,5 +355,9 @@ optional_policy(`
+@@ -244,5 +354,9 @@ optional_policy(`
  # Unconfined access to this module
  #
  
@@ -108556,7 +108552,7 @@ index ae919b9..32cbf8c 100644
  
  optional_policy(`
 diff --git a/wine.if b/wine.if
-index fd2b6cc..111b5b7 100644
+index fd2b6cc..c5ea35d 100644
 --- a/wine.if
 +++ b/wine.if
 @@ -1,46 +1,58 @@
@@ -108670,7 +108666,7 @@ index fd2b6cc..111b5b7 100644
  	userdom_unpriv_usertype($1, $1_wine_t)
 -	userdom_manage_user_tmpfs_files($1_wine_t)
 +	userdom_manage_tmpfs_role($2, $1_wine_t)
-+	userdom_manage_home_role($1_wine_t, $2)
++	userdom_manage_home_role($2 ,$1_wine_t)
  
  	domain_mmap_low($1_wine_t)
  
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3a5d9007..66747765 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -619,6 +619,8 @@ SELinux Reference policy mls base module.
 - Allow nslcd to read /dev/urandom.
 - Allow dovecot to create user's home directory when they log into IMAP.
 - Label also logrotate.status.tmp as logrotate_var_lib_t. BZ(1158835)
+- Allow wine domains to read user homedir content
+- Add fixes to allow docker to create more content in tmpfs ,and donaudit reading /proc
 
 * Wed Oct 29 2014 Lukas Vrabec <lvrabec@redhat.com> 3.13.1-89
 - Allow keystone_cgi_script_t to bind on commplex_main_port. BZ (#1138424)