From e54cb216a830185061d64774c65bd53b3c7c8ebc Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Fri, 28 Mar 2008 22:07:45 +0000
Subject: [PATCH] - Additional access for nsplugin - Allow xdm setcap/getcap
 until pulseaudio is fixed

---
 policy-20071130.patch | 4 ++--
 selinux-policy.spec   | 6 +++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/policy-20071130.patch b/policy-20071130.patch
index 1b3202ca..e8061b73 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -25383,7 +25383,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.3.1/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2007-12-19 11:32:17.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xserver.te	2008-03-28 22:07:37.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xserver.te	2008-03-28 23:04:06.000000000 +0100
 @@ -8,6 +8,14 @@
  
  ## <desc>
@@ -25545,11 +25545,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 -allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
 -allow xdm_t self:process { setexec setpgid getsched setsched setrlimit signal_perms setkeycreate };
 +allow xdm_t self:capability { setgid setuid sys_ptrace sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
-+allow xdm_t self:capability { getcap setcap };
 +
 +dontaudit xdm_t self:capability sys_admin;
 +
 +allow xdm_t self:process { getattr setexec setpgid getsched ptrace setsched setrlimit signal_perms };
++allow xdm_t self:process { getcap setcap };
 +
  allow xdm_t self:fifo_file rw_fifo_file_perms;
  allow xdm_t self:shm create_shm_perms;
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 63aae54e..3209fc3d 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -17,7 +17,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 24%{?dist}
+Release: 25%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -387,6 +387,10 @@ exit 0
 %endif
 
 %changelog
+* Thu Mar 27 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-25
+- Additional access for nsplugin
+- Allow xdm setcap/getcap until pulseaudio is fixed
+
 * Tue Mar 25 2008 Dan Walsh <dwalsh@redhat.com> 3.3.1-24
 - Allow mount to mkdir on tmpfs
 - Allow ifconfig to search debugfs