- Allow gdm to read rpm database

- Allow nsplugin to read mplayer config files

modules-mls.conf

@@ -1116,3 +1116,9 @@ guest = module
 # 
 xguest = module
 
+# Layer: services
+# Module: courier
+#
+# IMAP and POP3 email servers
+# 
+courier = module

policy-20080509.patch

@@ -12336,7 +12336,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
 +/var/spool/courier(/.*)?		gen_context(system_u:object_r:courier_spool_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.4.2/policy/modules/services/courier.if
 --- nsaserefpolicy/policy/modules/services/courier.if	2008-06-12 23:25:06.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/services/courier.if	2008-06-12 23:37:52.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/services/courier.if	2008-06-30 17:10:40.000000000 -0400
 @@ -123,3 +123,77 @@
  
  	domtrans_pattern($1, courier_pop_exec_t, courier_pop_t)
@@ -12410,10 +12410,10 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
 +#
 +interface(`courier_rw_pipes',`
 +	gen_require(`
-+		type courier_t;
++		type courier_authdaemon_t;
 +	')
 +
-+	allow $1 courier_t:fifo_file rw_fifo_file_perms; 
++	allow $1 courier_authdaemon_t:fifo_file rw_fifo_file_perms; 
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.4.2/policy/modules/services/courier.te
 --- nsaserefpolicy/policy/modules/services/courier.te	2008-06-12 23:25:05.000000000 -0400
@@ -17867,7 +17867,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.4.2/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2008-06-12 23:25:05.000000000 -0400
-+++ serefpolicy-3.4.2/policy/modules/services/mta.te	2008-06-30 08:33:53.000000000 -0400
++++ serefpolicy-3.4.2/policy/modules/services/mta.te	2008-06-30 17:10:20.000000000 -0400
 @@ -6,6 +6,8 @@
  # Declarations
  #
@@ -17939,7 +17939,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  ')
  
  optional_policy(`
-@@ -73,7 +98,10 @@
+@@ -73,7 +98,17 @@
  
  optional_policy(`
  	cron_read_system_job_tmp_files(system_mail_t)
@@ -17947,10 +17947,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  	cron_dontaudit_write_pipes(system_mail_t)
 +	cron_dontaudit_write_system_job_tmp_files(system_mail_t)
 +	cron_rw_system_stream_sockets(system_mail_t)
++')
++
++optional_policy(`
++	courier_read_config(system_mail_t)
++	courier_manage_spool_dirs(system_mail_t)
++	courier_manage_spool_files(system_mail_t)
++#	courier_rw_pipes(system_mail_t)
  ')
  
  optional_policy(`
-@@ -81,6 +109,11 @@
+@@ -81,6 +116,11 @@
  ')
  
  optional_policy(`
@@ -17962,7 +17969,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  	logrotate_read_tmp_files(system_mail_t)
  ')
  
-@@ -136,11 +169,38 @@
+@@ -136,11 +176,38 @@
  ')
  
  optional_policy(`
@@ -18002,7 +18009,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  optional_policy(`
  	# why is mail delivered to a directory of type arpwatch_data_t?
  	arpwatch_search_data(mailserver_delivery)
-@@ -154,3 +214,5 @@
+@@ -154,3 +221,5 @@
  		cron_read_system_job_tmp_files(mta_user_agent)
  	')
  ')

selinux-policy.spec

@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.4.2
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -375,6 +375,10 @@ exit 0
 %endif
 
 %changelog
+* Sun Jun 29 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-9
+- Allow gdm to read rpm database
+- Allow nsplugin to read mplayer config files
+
 * Thu Jun 26 2008 Dan Walsh <dwalsh@redhat.com> 3.4.2-8
 - Allow vpnc to run ifconfig