- Fix polkit label

- Remove hidebrokensymptoms for nss_ldap fix
- Add modemmanager policy
- Lots of merges from upstream
- Begin removing textrel_shlib_t labels, from fixed libraries

.cvsignore

@@ -180,3 +180,4 @@ setroubleshoot-2.2.11.tar.gz
 serefpolicy-3.6.22.tgz
 serefpolicy-3.6.23.tgz
 serefpolicy-3.6.24.tgz
+serefpolicy-3.6.25.tgz

modules-minimum.conf

@@ -850,6 +850,13 @@ nslcd = module
 # 
 nsplugin = module
 
+# Layer: services
+# Module: modemmanager
+#
+# Manager for dynamically switching between modems.
+# 
+modemmanager = module
+
 # Layer: apps
 # Module: mplayer
 #
@@ -1491,13 +1498,6 @@ varnishd = module
 # 
 virt = module
 
-# Layer: system
-# Module: virtual
-#
-# Virtualization libraries
-# 
-virtual = base
-
 # Layer: apps
 # Module: qemu
 #

modules-mls.conf

@@ -787,6 +787,13 @@ miscfiles = base
 # 
 mls = base
 
+# Layer: services
+# Module: modemmanager
+#
+# Manager for dynamically switching between modems.
+# 
+modemmanager = module
+
 # Layer: system
 # Module: modutils
 #
@@ -1428,13 +1435,6 @@ xen = module
 # 
 virt = module
 
-# Layer: system
-# Module: virtual
-#
-# Virtualization libraries
-# 
-virtual = base
-
 # Layer: apps
 # Module: qemu
 #

modules-targeted.conf

@@ -850,6 +850,13 @@ nslcd = module
 # 
 nsplugin = module
 
+# Layer: services
+# Module: modemmanager
+#
+# Manager for dynamically switching between modems.
+# 
+modemmanager = module
+
 # Layer: apps
 # Module: mplayer
 #
@@ -1491,13 +1498,6 @@ varnishd = module
 # 
 virt = module
 
-# Layer: system
-# Module: virtual
-#
-# Virtualization libraries
-# 
-virtual = base
-
 # Layer: apps
 # Module: qemu
 #

nsadiff

@@ -1 +1 @@
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.24 > /tmp/diff
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy serefpolicy-3.6.25 > /tmp/diff

policy-F12.patch

@@ -12593,7 +12593,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/policykit.te serefpolicy-3.6.25/policy/modules/services/policykit.te
 --- nsaserefpolicy/policy/modules/services/policykit.te	2009-07-23 14:11:04.000000000 -0400
-+++ serefpolicy-3.6.25/policy/modules/services/policykit.te	2009-07-29 21:34:35.000000000 -0400
++++ serefpolicy-3.6.25/policy/modules/services/policykit.te	2009-07-30 00:28:51.000000000 -0400
 @@ -38,9 +38,10 @@
  
  allow policykit_t self:capability { setgid setuid };
@@ -12607,7 +12607,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  policykit_domtrans_auth(policykit_t)
  
-@@ -68,8 +69,17 @@
+@@ -62,14 +63,25 @@
+ files_read_etc_files(policykit_t)
+ files_read_usr_files(policykit_t)
+ 
++fs_list_inotifyfs(policykit_t)
++
+ auth_use_nsswitch(policykit_t)
+ 
+ logging_send_syslog_msg(policykit_t)
  
  miscfiles_read_localization(policykit_t)
  
@@ -12625,7 +12633,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  #
  # polkit_auth local policy
-@@ -77,7 +87,8 @@
+@@ -77,7 +89,8 @@
  
  allow policykit_auth_t self:capability setgid;
  allow policykit_auth_t self:process getattr;
@@ -12635,7 +12643,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow policykit_auth_t self:unix_dgram_socket create_socket_perms;
  allow policykit_auth_t self:unix_stream_socket create_stream_socket_perms;
  
-@@ -104,6 +115,8 @@
+@@ -104,6 +117,8 @@
  userdom_dontaudit_read_user_home_content_files(policykit_auth_t)
  
  optional_policy(`
@@ -12644,7 +12652,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	dbus_session_bus_client(policykit_auth_t)
  
  	optional_policy(`
-@@ -116,6 +129,10 @@
+@@ -116,6 +131,10 @@
  	hal_read_state(policykit_auth_t)
  ')
  
@@ -12655,7 +12663,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ########################################
  #
  # polkit_grant local policy
-@@ -123,7 +140,8 @@
+@@ -123,7 +142,8 @@
  
  allow policykit_grant_t self:capability setuid;
  allow policykit_grant_t self:process getattr;
@@ -12665,7 +12673,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  allow policykit_grant_t self:unix_dgram_socket create_socket_perms;
  allow policykit_grant_t self:unix_stream_socket create_stream_socket_perms;
  
-@@ -153,9 +171,12 @@
+@@ -153,9 +173,12 @@
  userdom_read_all_users_state(policykit_grant_t)
  
  optional_policy(`
@@ -12679,7 +12687,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		consolekit_dbus_chat(policykit_grant_t)
  	')
  ')
-@@ -167,7 +188,8 @@
+@@ -167,7 +190,8 @@
  
  allow policykit_resolve_t self:capability { setuid sys_nice sys_ptrace };
  allow policykit_resolve_t self:process getattr;

selinux-policy.spec

@@ -19,7 +19,7 @@
 %define CHECKPOLICYVER 2.0.16-3
 Summary: SELinux policy configuration
 Name: selinux-policy
-Version: 3.6.24
+Version: 3.6.25
 Release: 1%{?dist}
 License: GPLv2+
 Group: System Environment/Base
@@ -475,6 +475,13 @@ exit 0
 %endif
 
 %changelog
+* Tue Jul 28 2009 Dan Walsh <dwalsh@redhat.com> 3.6.25-1
+- Fix polkit label
+- Remove hidebrokensymptoms for nss_ldap fix
+- Add modemmanager policy
+- Lots of merges from upstream
+- Begin removing textrel_shlib_t labels, from fixed libraries
+
 * Tue Jul 28 2009 Dan Walsh <dwalsh@redhat.com> 3.6.24-1
 - Update to upstream
 

sources

@@ -1 +1 @@
-4d74666892956fc2b2a50158e740174e  serefpolicy-3.6.24.tgz
+1bf047937d814f33c84b5fb13f55b620  serefpolicy-3.6.25.tgz