- Fix dbus reading /proc information

policy-20081111.patch

@@ -1289,9 +1289,20 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	unconfined_domain(tmpreaper_t)
 +')
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.if serefpolicy-3.6.1/policy/modules/admin/usermanage.if
+--- nsaserefpolicy/policy/modules/admin/usermanage.if	2008-11-11 16:13:49.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/admin/usermanage.if	2008-12-22 17:46:46.000000000 -0500
+@@ -138,6 +138,7 @@
+ 
+ 	usermanage_domtrans_passwd($1)
+ 	role $2 types passwd_t;
++	auth_run_chk_passwd(passwd_t, $2)
+ ')
+ 
+ ########################################
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.6.1/policy/modules/admin/usermanage.te
 --- nsaserefpolicy/policy/modules/admin/usermanage.te	2008-11-11 16:13:49.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/admin/usermanage.te	2008-11-25 09:45:43.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/admin/usermanage.te	2008-12-22 17:45:59.000000000 -0500
 @@ -288,6 +288,7 @@
  term_use_all_user_ttys(passwd_t)
  term_use_all_user_ptys(passwd_t)
@@ -11101,7 +11112,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/run/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.6.1/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/services/dbus.if	2008-12-05 14:40:52.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/services/dbus.if	2008-12-22 17:29:41.000000000 -0500
 @@ -44,6 +44,7 @@
  
  		attribute session_bus_type;
@@ -11119,7 +11130,15 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	allow $1_dbusd_t $3:process sigkill;
  	allow $3 $1_dbusd_t:fd use;
  	allow $3 $1_dbusd_t:fifo_file rw_fifo_file_perms;
-@@ -160,6 +161,10 @@
+@@ -117,6 +118,7 @@
+ 	dev_read_urand($1_dbusd_t)
+ 
+  	domain_use_interactive_fds($1_dbusd_t)
++	domain_read_all_domains_state($1_dbusd_t)
+ 
+ 	files_read_etc_files($1_dbusd_t)
+ 	files_list_home($1_dbusd_t)
+@@ -160,6 +162,10 @@
  	')
  
  	optional_policy(`
@@ -11130,7 +11149,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  		hal_dbus_chat($1_dbusd_t)
  	')
  
-@@ -185,10 +190,12 @@
+@@ -185,10 +191,12 @@
  		type system_dbusd_t, system_dbusd_t;
  		type system_dbusd_var_run_t, system_dbusd_var_lib_t;
  		class dbus send_msg;
@@ -11144,7 +11163,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  
  	read_files_pattern($1, system_dbusd_var_lib_t, system_dbusd_var_lib_t)
  	files_search_var_lib($1)
-@@ -197,6 +204,10 @@
+@@ -197,6 +205,10 @@
  	files_search_pids($1)
  	stream_connect_pattern($1, system_dbusd_var_run_t, system_dbusd_var_run_t, system_dbusd_t)
  	dbus_read_config($1)
@@ -11155,7 +11174,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ')
  
  #######################################
-@@ -244,6 +255,35 @@
+@@ -244,6 +256,35 @@
  
  ########################################
  ## <summary>
@@ -11191,7 +11210,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  ##	Read dbus configuration.
  ## </summary>
  ## <param name="domain">
-@@ -318,3 +358,77 @@
+@@ -318,3 +359,77 @@
  
  	allow $1 system_dbusd_t:dbus *;
  ')
@@ -11271,7 +11290,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.6.1/policy/modules/services/dbus.te
 --- nsaserefpolicy/policy/modules/services/dbus.te	2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/services/dbus.te	2008-12-17 16:46:31.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/services/dbus.te	2008-12-22 17:29:13.000000000 -0500
 @@ -9,14 +9,15 @@
  #
  # Delcarations
@@ -16254,8 +16273,8 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +')
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.6.1/policy/modules/services/polkit.te
 --- nsaserefpolicy/policy/modules/services/polkit.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/services/polkit.te	2008-12-08 10:25:12.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/services/polkit.te	2008-12-22 17:31:32.000000000 -0500
-@@ -0,0 +1,224 @@
+@@ -0,0 +1,229 @@
 +policy_module(polkit_auth, 1.0.0)
 +
 +########################################
@@ -16389,6 +16408,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	hal_read_state(polkit_auth_t)
 +')
 +
++optional_policy(`
++	xserver_dontaudit_write_log(polkit_auth_t)
++')
++
 +########################################
 +#
 +# polkit_grant local policy
@@ -16480,6 +16503,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +optional_policy(`
 +	unconfined_ptrace(polkit_resolve_t)
 +')
++
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.fc serefpolicy-3.6.1/policy/modules/services/portreserve.fc
 --- nsaserefpolicy/policy/modules/services/portreserve.fc	1969-12-31 19:00:00.000000000 -0500
 +++ serefpolicy-3.6.1/policy/modules/services/portreserve.fc	2008-11-25 09:45:43.000000000 -0500
@@ -21354,7 +21378,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
 diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.6.1/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2008-11-11 16:13:47.000000000 -0500
-+++ serefpolicy-3.6.1/policy/modules/services/xserver.if	2008-12-11 14:52:07.000000000 -0500
++++ serefpolicy-3.6.1/policy/modules/services/xserver.if	2008-12-22 17:33:28.000000000 -0500
 @@ -397,11 +397,12 @@
  	gen_require(`
  		type xdm_t, xdm_tmp_t;
@@ -21472,7 +21496,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
  	domtrans_pattern($1, xserver_exec_t, xserver_t)
  ')
  
-@@ -1159,6 +1210,252 @@
+@@ -1159,6 +1210,253 @@
  
  ########################################
  ## <summary>
@@ -21640,6 +21664,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
 +	xserver_stream_connect_xdm($1)
 +	xserver_read_xdm_tmp_files($1)
 +	xserver_xdm_stream_connect($1)
++	xserver_setattr_xdm_tmp_dirs($1)
 +
 +	allow $1 xdm_t:x_client { getattr destroy };
 +	allow $1 xdm_t:x_drawable { read receive get_property getattr send list_child add_child };

selinux-policy.spec

@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.6.1
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -446,6 +446,9 @@ exit 0
 %endif
 
 %changelog
+* Mon Dec 22 2008 Dan Walsh <dwalsh@redhat.com> 3.6.1-13
+- Fix dbus reading /proc information
+
 * Thu Dec 18 2008 Dan Walsh <dwalsh@redhat.com> 3.6.1-12
 - Add missing alias for home directory content