##
@@ -14152,24 +13599,24 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_sigchld_newrole(ftpd_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.6.12/policy/modules/services/git.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.6.13/policy/modules/services/git.te
--- nsaserefpolicy/policy/modules/services/git.te 2009-04-07 15:53:35.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/git.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/git.te 2009-05-21 09:48:24.000000000 -0400
@@ -7,3 +7,4 @@
#
apache_content_template(git)
+permissive httpd_git_script_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.6.12/policy/modules/services/gnomeclock.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.6.13/policy/modules/services/gnomeclock.fc
--- nsaserefpolicy/policy/modules/services/gnomeclock.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/gnomeclock.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/gnomeclock.fc 2009-05-21 09:48:24.000000000 -0400
@@ -0,0 +1,3 @@
+
+/usr/libexec/gnome-clock-applet-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.6.12/policy/modules/services/gnomeclock.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.6.13/policy/modules/services/gnomeclock.if
--- nsaserefpolicy/policy/modules/services/gnomeclock.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/gnomeclock.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/gnomeclock.if 2009-05-21 09:48:24.000000000 -0400
@@ -0,0 +1,69 @@
+
+## policy for gnomeclock
@@ -14240,9 +13687,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 gnomeclock_t:dbus send_msg;
+ allow gnomeclock_t $1:dbus send_msg;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.12/policy/modules/services/gnomeclock.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.6.13/policy/modules/services/gnomeclock.te
--- nsaserefpolicy/policy/modules/services/gnomeclock.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/gnomeclock.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/gnomeclock.te 2009-05-21 09:48:24.000000000 -0400
@@ -0,0 +1,51 @@
+policy_module(gnomeclock, 1.0.0)
+########################################
@@ -14295,9 +13742,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ polkit_read_reload(gnomeclock_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.if serefpolicy-3.6.12/policy/modules/services/gpm.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.if serefpolicy-3.6.13/policy/modules/services/gpm.if
--- nsaserefpolicy/policy/modules/services/gpm.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/gpm.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/gpm.if 2009-05-21 09:48:24.000000000 -0400
@@ -16,7 +16,7 @@
type gpmctl_t, gpm_t;
')
@@ -14307,9 +13754,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow $1 gpm_t:unix_stream_socket connectto;
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.6.12/policy/modules/services/gpm.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.6.13/policy/modules/services/gpm.te
--- nsaserefpolicy/policy/modules/services/gpm.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/gpm.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/gpm.te 2009-05-21 09:48:24.000000000 -0400
@@ -54,6 +54,8 @@
dev_rw_input_dev(gpm_t)
dev_rw_mouse(gpm_t)
@@ -14319,16 +13766,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
fs_getattr_all_fs(gpm_t)
fs_search_auto_mountpoints(gpm_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.6.12/policy/modules/services/gpsd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.fc serefpolicy-3.6.13/policy/modules/services/gpsd.fc
--- nsaserefpolicy/policy/modules/services/gpsd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/gpsd.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/gpsd.fc 2009-05-21 09:48:24.000000000 -0400
@@ -0,0 +1,3 @@
+
+/usr/sbin/gpsd -- gen_context(system_u:object_r:gpsd_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.if serefpolicy-3.6.12/policy/modules/services/gpsd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.if serefpolicy-3.6.13/policy/modules/services/gpsd.if
--- nsaserefpolicy/policy/modules/services/gpsd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/gpsd.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/gpsd.if 2009-05-21 09:48:24.000000000 -0400
@@ -0,0 +1,83 @@
+## gpsd monitor daemon
+
@@ -14413,9 +13860,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ rw_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
+ read_lnk_files_pattern($1, gpsd_tmpfs_t, gpsd_tmpfs_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.6.12/policy/modules/services/gpsd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.6.13/policy/modules/services/gpsd.te
--- nsaserefpolicy/policy/modules/services/gpsd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/gpsd.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/gpsd.te 2009-05-21 09:48:24.000000000 -0400
@@ -0,0 +1,52 @@
+policy_module(gpsd,1.0.0)
+
@@ -14469,9 +13916,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.6.12/policy/modules/services/hal.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.6.13/policy/modules/services/hal.fc
--- nsaserefpolicy/policy/modules/services/hal.fc 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/hal.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/hal.fc 2009-05-21 09:48:24.000000000 -0400
@@ -5,6 +5,7 @@
/usr/bin/hal-setup-keymap -- gen_context(system_u:object_r:hald_keymap_exec_t,s0)
@@ -14480,9 +13927,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/libexec/hal-hotplug-map -- gen_context(system_u:object_r:hald_exec_t,s0)
/usr/libexec/hal-system-sonypic -- gen_context(system_u:object_r:hald_sonypic_exec_t,s0)
/usr/libexec/hald-addon-macbookpro-backlight -- gen_context(system_u:object_r:hald_mac_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.12/policy/modules/services/hal.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.6.13/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2008-11-19 11:51:44.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/hal.if 2009-05-14 10:34:08.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/hal.if 2009-05-21 09:48:24.000000000 -0400
@@ -20,6 +20,24 @@
########################################
@@ -14608,9 +14055,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ logging_log_filetrans($1, hald_log_t, file)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.12/policy/modules/services/hal.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.6.13/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/hal.te 2009-05-18 13:42:49.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/hal.te 2009-05-21 09:48:24.000000000 -0400
@@ -49,6 +49,15 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -14797,313 +14244,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+miscfiles_read_localization(hald_dccm_t)
+
+permissive hald_dccm_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.fc serefpolicy-3.6.12/policy/modules/services/ifplugd.fc
---- nsaserefpolicy/policy/modules/services/ifplugd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ifplugd.fc 2009-05-12 15:30:13.000000000 -0400
-@@ -0,0 +1,9 @@
-+
-+/etc/ifplugd(/.*)? gen_context(system_u:object_r:ifplugd_etc_t,s0)
-+
-+/etc/rc\.d/init\.d/ifplugd -- gen_context(system_u:object_r:ifplugd_initrc_exec_t,s0)
-+
-+/usr/sbin/ifplugd -- gen_context(system_u:object_r:ifplugd_exec_t,s0)
-+
-+/var/run/ifplugd.* gen_context(system_u:object_r:ifplugd_var_run_t,s0)
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.if serefpolicy-3.6.12/policy/modules/services/ifplugd.if
---- nsaserefpolicy/policy/modules/services/ifplugd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ifplugd.if 2009-05-12 15:30:13.000000000 -0400
-@@ -0,0 +1,194 @@
-+## policy for ifplugd
-+
-+########################################
-+##
-+## Execute a domain transition to run ifplugd.
-+##
-+##
-+##
-+## Domain allowed to transition.
-+##
-+##
-+#
-+interface(`ifplugd_domtrans',`
-+ gen_require(`
-+ type ifplugd_t, ifplugd_exec_t;
-+ ')
-+
-+ domtrans_pattern($1,ifplugd_exec_t,ifplugd_t)
-+')
-+
-+########################################
-+##
-+## Read and write ifplugd UDP sockets.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`ifplugd_rw_udp_sockets',`
-+ gen_require(`
-+ type ifplugd_t;
-+ ')
-+
-+ allow $1 ifplugd_t:udp_socket { read write };
-+')
-+
-+########################################
-+##
-+## Read and write ifplugd packet sockets.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`ifplugd_rw_packet_sockets',`
-+ gen_require(`
-+ type ifplugd_t;
-+ ')
-+
-+ allow $1 ifplugd_t:packet_socket { read write };
-+')
-+
-+########################################
-+##
-+## Read and write ifplugd netlink
-+## routing sockets.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`ifplugd_rw_routing_sockets',`
-+ gen_require(`
-+ type ifplugd_t;
-+ ')
-+
-+ allow $1 ifplugd_t:netlink_route_socket { read write };
-+')
-+
-+########################################
-+##
-+## Send a generic signal to ifplugd
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`ifplugd_signal',`
-+ gen_require(`
-+ type ifplugd_t;
-+ ')
-+
-+ allow $1 ifplugd_t:process signal;
-+')
-+
-+########################################
-+##
-+## Read ifplugd etc configuration files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+#
-+interface(`ifplugd_read_etc',`
-+ gen_require(`
-+ type ifplugd_etc_t;
-+ ')
-+
-+ files_search_etc($1)
-+ read_files_pattern($1, ifplugd_etc_t, ifplugd_etc_t)
-+')
-+
-+########################################
-+##
-+## Manage ifplugd etc configuration files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+#
-+interface(`ifplugd_manage_etc',`
-+ gen_require(`
-+ type ifplugd_etc_t;
-+ ')
-+
-+ files_search_etc($1)
-+ manage_dirs_pattern($1, ifplugd_etc_t, ifplugd_etc_t)
-+ manage_files_pattern($1, ifplugd_etc_t, ifplugd_etc_t)
-+
-+')
-+
-+########################################
-+##
-+## Read ifplugd PID files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+#
-+interface(`ifplugd_read_pid_files',`
-+ gen_require(`
-+ type ifplugd_var_run_t;
-+ ')
-+
-+ files_search_pids($1)
-+ allow $1 ifplugd_var_run_t:file read_file_perms;
-+')
-+
-+########################################
-+##
-+## All of the rules required to administrate
-+## an ifplugd environment
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+##
-+## The role to be allowed to manage the ifplugd domain.
-+##
-+##
-+##
-+##
-+#
-+interface(`ifplugd_admin',`
-+ gen_require(`
-+ type ifplugd_t, ifplugd_etc_t;
-+ type ifplugd_var_run_t, ifplugd_initrc_exec_t;
-+ ')
-+
-+ allow $1 ifplugd_t:process { ptrace signal_perms };
-+ ps_process_pattern($1, ifplugd_t)
-+
-+ init_labeled_script_domtrans($1, ifplugd_initrc_exec_t)
-+ domain_system_change_exemption($1)
-+ role_transition $2 ifplugd_initrc_exec_t system_r;
-+ allow $2 system_r;
-+
-+ files_list_etc($1)
-+ admin_pattern($1, ifplugd_etc_t)
-+
-+ files_list_pids($1)
-+ admin_pattern($1, ifplugd_var_run_t)
-+
-+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ifplugd.te serefpolicy-3.6.12/policy/modules/services/ifplugd.te
---- nsaserefpolicy/policy/modules/services/ifplugd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ifplugd.te 2009-05-12 15:30:13.000000000 -0400
-@@ -0,0 +1,89 @@
-+policy_module(ifplugd,1.0.0)
-+
-+########################################
-+#
-+# Declarations
-+#
-+
-+type ifplugd_t;
-+type ifplugd_exec_t;
-+init_daemon_domain(ifplugd_t, ifplugd_exec_t)
-+
-+type ifplugd_initrc_exec_t;
-+init_script_file(ifplugd_initrc_exec_t)
-+
-+# config files
-+type ifplugd_etc_t;
-+files_type(ifplugd_etc_t)
-+
-+# pid files
-+type ifplugd_var_run_t;
-+files_pid_file(ifplugd_var_run_t)
-+
-+########################################
-+#
-+# ifplugd local policy
-+#
-+
-+allow ifplugd_t self:capability { net_admin sys_nice net_bind_service };
-+dontaudit ifplugd_t self:capability { sys_tty_config sys_ptrace };
-+allow ifplugd_t self:process { signal signull };
-+
-+allow ifplugd_t self:fifo_file rw_fifo_file_perms;
-+allow ifplugd_t self:tcp_socket create_stream_socket_perms;
-+allow ifplugd_t self:udp_socket create_socket_perms;
-+allow ifplugd_t self:netlink_route_socket create_netlink_socket_perms;
-+allow ifplugd_t self:packet_socket create_socket_perms;
-+
-+# pid file
-+manage_files_pattern(ifplugd_t, ifplugd_var_run_t,ifplugd_var_run_t)
-+manage_sock_files_pattern(ifplugd_t, ifplugd_var_run_t,ifplugd_var_run_t)
-+files_pid_filetrans(ifplugd_t,ifplugd_var_run_t, { file sock_file })
-+
-+# config files
-+read_files_pattern(ifplugd_t,ifplugd_etc_t,ifplugd_etc_t)
-+exec_files_pattern(ifplugd_t,ifplugd_etc_t,ifplugd_etc_t)
-+
-+kernel_read_system_state(ifplugd_t)
-+kernel_read_network_state(ifplugd_t)
-+kernel_search_network_sysctl(ifplugd_t)
-+kernel_rw_net_sysctls(ifplugd_t)
-+kernel_read_kernel_sysctls(ifplugd_t)
-+
-+# reading of hardware information
-+dev_read_sysfs(ifplugd_t)
-+
-+corecmd_exec_shell(ifplugd_t)
-+corecmd_exec_bin(ifplugd_t)
-+
-+domain_read_confined_domains_state(ifplugd_t)
-+domain_dontaudit_read_all_domains_state(ifplugd_t)
-+
-+auth_use_nsswitch(ifplugd_t)
-+
-+libs_use_ld_so(ifplugd_t)
-+libs_use_shared_libs(ifplugd_t)
-+miscfiles_read_localization(ifplugd_t)
-+
-+logging_send_syslog_msg(ifplugd_t)
-+
-+netutils_domtrans(ifplugd_t)
-+# transition to ifconfig & dhcpc
-+sysnet_domtrans_ifconfig(ifplugd_t)
-+sysnet_domtrans_dhcpc(ifplugd_t)
-+
-+sysnet_delete_dhcpc_pid(ifplugd_t)
-+sysnet_read_dhcpc_pid(ifplugd_t)
-+sysnet_signal_dhcpc(ifplugd_t)
-+#sysnet_kill_dhcpc(ifplugd_t)
-+#sysnet_manage_config(ifplugd_t)
-+#sysnet_read_dhcp_config(ifplugd_t)
-+#sysnet_search_dhcp_state(ifplugd_t)
-+
-+optional_policy(`
-+ consoletype_exec(ifplugd_t)
-+')
-+
-+permissive ifplugd_t;
-+
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.if serefpolicy-3.6.12/policy/modules/services/inetd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.if serefpolicy-3.6.13/policy/modules/services/inetd.if
--- nsaserefpolicy/policy/modules/services/inetd.if 2008-09-03 07:59:15.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/inetd.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/inetd.if 2009-05-21 09:48:24.000000000 -0400
@@ -36,8 +36,7 @@
role system_r types $1;
@@ -15114,9 +14257,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.6.12/policy/modules/services/kerberos.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.6.13/policy/modules/services/kerberos.fc
--- nsaserefpolicy/policy/modules/services/kerberos.fc 2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/kerberos.fc 2009-05-18 13:00:35.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/kerberos.fc 2009-05-21 09:48:24.000000000 -0400
@@ -1,3 +1,6 @@
+HOME_DIR/\.k5login -- gen_context(system_u:object_r:krb5_home_t,s0)
+/root/\.k5login -- gen_context(system_u:object_r:krb5_home_t,s0)
@@ -15149,9 +14292,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/log/krb5kdc\.log gen_context(system_u:object_r:krb5kdc_log_t,s0)
/var/log/kadmin(d)?\.log gen_context(system_u:object_r:kadmind_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.6.12/policy/modules/services/kerberos.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.6.13/policy/modules/services/kerberos.if
--- nsaserefpolicy/policy/modules/services/kerberos.if 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/kerberos.if 2009-05-18 14:48:49.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/kerberos.if 2009-05-21 09:48:24.000000000 -0400
@@ -124,10 +124,12 @@
interface(`kerberos_read_config',`
gen_require(`
@@ -15165,9 +14308,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.12/policy/modules/services/kerberos.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.6.13/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/kerberos.te 2009-05-18 12:59:46.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/kerberos.te 2009-05-21 09:48:24.000000000 -0400
@@ -33,6 +33,7 @@
type kpropd_t;
type kpropd_exec_t;
@@ -15194,9 +14337,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_files_pattern(kpropd_t, krb5kdc_conf_t, krb5kdc_principal_t)
corecmd_exec_bin(kpropd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.6.12/policy/modules/services/kerneloops.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.6.13/policy/modules/services/kerneloops.if
--- nsaserefpolicy/policy/modules/services/kerneloops.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/kerneloops.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/kerneloops.if 2009-05-21 09:48:24.000000000 -0400
@@ -63,6 +63,25 @@
########################################
@@ -15239,9 +14382,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, kerneloops_tmp_t)
')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.6.12/policy/modules/services/kerneloops.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.6.13/policy/modules/services/kerneloops.te
--- nsaserefpolicy/policy/modules/services/kerneloops.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/kerneloops.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/kerneloops.te 2009-05-21 09:48:24.000000000 -0400
@@ -13,6 +13,9 @@
type kerneloops_initrc_exec_t;
init_script_file(kerneloops_initrc_exec_t)
@@ -15286,9 +14429,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- dbus_connect_system_bus(kerneloops_t)
+ dbus_system_domain(kerneloops_t, kerneloops_exec_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-3.6.12/policy/modules/services/ktalk.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ktalk.te serefpolicy-3.6.13/policy/modules/services/ktalk.te
--- nsaserefpolicy/policy/modules/services/ktalk.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ktalk.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/ktalk.te 2009-05-21 09:48:24.000000000 -0400
@@ -69,6 +69,7 @@
files_read_etc_files(ktalkd_t)
@@ -15297,176 +14440,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
auth_use_nsswitch(ktalkd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.fc serefpolicy-3.6.12/policy/modules/services/lircd.fc
---- nsaserefpolicy/policy/modules/services/lircd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/lircd.fc 2009-05-12 15:30:13.000000000 -0400
-@@ -0,0 +1,9 @@
-+
-+/dev/lircd -s gen_context(system_u:object_r:lircd_sock_t,s0)
-+
-+/etc/rc\.d/init\.d/lirc -- gen_context(system_u:object_r:lircd_initrc_exec_t,s0)
-+/etc/lircd\.conf -- gen_context(system_u:object_r:lircd_etc_t,s0)
-+
-+/usr/sbin/lircd -- gen_context(system_u:object_r:lircd_exec_t,s0)
-+
-+/var/run/lircd\.pid gen_context(system_u:object_r:lircd_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.if serefpolicy-3.6.12/policy/modules/services/lircd.if
---- nsaserefpolicy/policy/modules/services/lircd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/lircd.if 2009-05-12 15:30:13.000000000 -0400
-@@ -0,0 +1,100 @@
-+## Lirc daemon
-+
-+########################################
-+##
-+## Execute a domain transition to run lircd.
-+##
-+##
-+##
-+## Domain allowed to transition.
-+##
-+##
-+#
-+interface(`lircd_domtrans',`
-+ gen_require(`
-+ type lircd_t, lircd_exec_t;
-+ ')
-+
-+ domain_auto_trans($1,lircd_exec_t,lircd_t)
-+
-+')
-+
-+#######################################
-+##
-+## Read lircd etc file
-+##
-+##
-+##
-+## The type of the process performing this action.
-+##
-+##
-+#
-+interface(`lircd_read_etc',`
-+ gen_require(`
-+ type lircd_etc_t;
-+ ')
-+
-+ read_files_pattern($1, lircd_etc_t, lircd_etc_t)
-+')
-+
-+######################################
-+##
-+## Connect to lircd over a unix domain
-+## stream socket.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`lircd_stream_connect',`
-+ gen_require(`
-+ type lircd_sock_t, lircd_t;
-+ ')
-+
-+ allow $1 lircd_t:unix_stream_socket connectto;
-+ allow $1 lircd_sock_t:sock_file { getattr write };
-+ files_search_pids($1)
-+')
-+
-+########################################
-+##
-+## All of the rules required to administrate
-+## an lircd environment
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+##
-+## The role to be allowed to manage the syslog domain.
-+##
-+##
-+##
-+#
-+interface(`lircd_admin',`
-+ gen_require(`
-+ type lircd_t, lircd_var_run_t, lircd_sock_t;
-+ type lircd_initrc_exec_t, lircd_etc_t;
-+ ')
-+
-+ allow $1 lircd_t:process { ptrace signal_perms };
-+ ps_process_pattern($1, lircd_t)
-+
-+ init_labeled_script_domtrans($1, lircd_initrc_exec_t)
-+ domain_system_change_exemption($1)
-+ role_transition $2 lircd_initrc_exec_t system_r;
-+ allow $2 system_r;
-+
-+ files_search_etc($1)
-+ admin_pattern($1, lircd_etc_t)
-+
-+ files_search_pids($1)
-+ admin_pattern($1, lircd_var_run_t)
-+
-+ admin_pattern($1, lircd_sock_t)
-+')
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.6.12/policy/modules/services/lircd.te
---- nsaserefpolicy/policy/modules/services/lircd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/lircd.te 2009-05-12 15:30:13.000000000 -0400
-@@ -0,0 +1,58 @@
-+policy_module(lircd,1.0.0)
-+
-+########################################
-+#
-+# Declarations
-+#
-+
-+type lircd_t;
-+type lircd_exec_t;
-+init_daemon_domain(lircd_t, lircd_exec_t)
-+
-+type lircd_initrc_exec_t;
-+init_script_file(lircd_initrc_exec_t)
-+
-+# pid files
-+type lircd_var_run_t;
-+files_pid_file(lircd_var_run_t)
-+
-+# etc file
-+type lircd_etc_t;
-+files_config_file(lircd_etc_t)
-+
-+# type for lircd /dev/ sock file
-+type lircd_sock_t;
-+files_type(lircd_sock_t)
-+
-+########################################
-+#
-+# lircd local policy
-+#
-+
-+allow lircd_t self:process signal;
-+allow lircd_t self:unix_dgram_socket create_socket_perms;
-+
-+# etc file
-+read_files_pattern(lircd_t, lircd_etc_t, lircd_etc_t)
-+
-+# pid file
-+manage_dirs_pattern(lircd_t, lircd_var_run_t, lircd_var_run_t)
-+manage_files_pattern(lircd_t, lircd_var_run_t, lircd_var_run_t)
-+files_pid_filetrans(lircd_t,lircd_var_run_t, { dir file })
-+
-+# /dev/lircd socket
-+manage_sock_files_pattern(lircd_t, lircd_sock_t, lircd_sock_t)
-+dev_filetrans(lircd_t, lircd_sock_t, sock_file )
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lircd.te serefpolicy-3.6.13/policy/modules/services/lircd.te
+--- nsaserefpolicy/policy/modules/services/lircd.te 2009-05-21 08:43:08.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/lircd.te 2009-05-21 09:48:24.000000000 -0400
+@@ -42,7 +42,16 @@
+ # /dev/lircd socket
+ manage_sock_files_pattern(lircd_t, lircd_sock_t, lircd_sock_t)
+ dev_filetrans(lircd_t, lircd_sock_t, sock_file )
+dev_read_generic_usb_dev(lircd_t)
-+
-+logging_send_syslog_msg(lircd_t)
-+
+
+ logging_send_syslog_msg(lircd_t)
+
+files_read_etc_files(lircd_t)
+files_list_var(lircd_t)
+files_manage_generic_locks(lircd_t)
@@ -15474,11 +14458,11 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+fs_list_inotifyfs(lircd_t)
+
-+miscfiles_read_localization(lircd_t)
+ miscfiles_read_localization(lircd_t)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-3.6.12/policy/modules/services/lpd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-3.6.13/policy/modules/services/lpd.if
--- nsaserefpolicy/policy/modules/services/lpd.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/lpd.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/lpd.if 2009-05-21 09:48:24.000000000 -0400
@@ -134,6 +134,7 @@
files_search_spool($1)
manage_dirs_pattern($1, print_spool_t, print_spool_t)
@@ -15487,17 +14471,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.6.12/policy/modules/services/mailman.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.6.13/policy/modules/services/mailman.fc
--- nsaserefpolicy/policy/modules/services/mailman.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/mailman.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/mailman.fc 2009-05-21 09:48:24.000000000 -0400
@@ -31,3 +31,4 @@
/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
/var/spool/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
')
+/usr/lib/mailman/mail/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.6.12/policy/modules/services/mailman.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.6.13/policy/modules/services/mailman.if
--- nsaserefpolicy/policy/modules/services/mailman.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/mailman.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/mailman.if 2009-05-21 09:48:24.000000000 -0400
@@ -31,6 +31,12 @@
allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
allow mailman_$1_t self:udp_socket create_socket_perms;
@@ -15561,9 +14545,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## Append to mailman logs.
##
##
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.6.12/policy/modules/services/mailman.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.6.13/policy/modules/services/mailman.te
--- nsaserefpolicy/policy/modules/services/mailman.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/mailman.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/mailman.te 2009-05-21 09:48:24.000000000 -0400
@@ -53,10 +53,8 @@
apache_use_fds(mailman_cgi_t)
apache_dontaudit_append_log(mailman_cgi_t)
@@ -15630,30 +14614,30 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
cron_system_entry(mailman_queue_t, mailman_queue_exec_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.fc serefpolicy-3.6.12/policy/modules/services/milter.fc
---- nsaserefpolicy/policy/modules/services/milter.fc 2008-11-25 09:01:08.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/milter.fc 2009-05-12 15:30:13.000000000 -0400
-@@ -1,6 +1,15 @@
--/usr/sbin/milter-regex -- gen_context(system_u:object_r:regex_milter_exec_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.fc serefpolicy-3.6.13/policy/modules/services/milter.fc
+--- nsaserefpolicy/policy/modules/services/milter.fc 2009-05-21 08:43:08.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/milter.fc 2009-05-21 09:48:24.000000000 -0400
+@@ -1,8 +1,15 @@
+ /usr/sbin/milter-regex -- gen_context(system_u:object_r:regex_milter_exec_t,s0)
-/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:regex_milter_data_t,s0)
-
-+/usr/sbin/milter-regex -- gen_context(system_u:object_r:regex_milter_exec_t,s0)
+-
/usr/sbin/spamass-milter -- gen_context(system_u:object_r:spamass_milter_exec_t,s0)
-+/var/lib/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_state_t,s0)
- /var/run/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_data_t,s0)
- /var/run/spamass-milter\.pid -- gen_context(system_u:object_r:spamass_milter_data_t,s0)
-+/var/run/milter.* -- gen_context(system_u:object_r:spamass_milter_data_t,s0)
-+/var/lib/miltermilter.* gen_context(system_u:object_r:spamass_milter_state_t,s0)
-+
-+/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:regex_milter_data_t,s0)
+/usr/sbin/milter-greylist -- gen_context(system_u:object_r:greylist_milter_exec_t,s0)
+
++/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:regex_milter_data_t,s0)
+
+ /var/lib/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_state_t,s0)
+/var/lib/milter-greylist(/.*)? gen_context(system_u:object_r:greylist_milter_data_t,s0)
++/var/lib/miltermilter.* gen_context(system_u:object_r:spamass_milter_state_t,s0)
++
++/var/run/milter.* -- gen_context(system_u:object_r:spamass_milter_data_t,s0)
+/var/run/milter-greylist(/.*)? gen_context(system_u:object_r:greylist_milter_data_t,s0)
+/var/run/milter-greylist\.pid -- gen_context(system_u:object_r:greylist_milter_data_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.6.12/policy/modules/services/milter.if
---- nsaserefpolicy/policy/modules/services/milter.if 2008-11-25 09:01:08.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/milter.if 2009-05-12 15:30:13.000000000 -0400
+ /var/run/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_data_t,s0)
+ /var/run/spamass-milter\.pid -- gen_context(system_u:object_r:spamass_milter_data_t,s0)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.if serefpolicy-3.6.13/policy/modules/services/milter.if
+--- nsaserefpolicy/policy/modules/services/milter.if 2009-05-21 08:43:08.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/milter.if 2009-05-21 09:48:24.000000000 -0400
@@ -24,7 +24,7 @@
# Type for the milter data (e.g. the socket used to communicate with the MTA)
@@ -15663,59 +14647,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow $1_milter_t self:fifo_file rw_fifo_file_perms;
-@@ -77,3 +77,24 @@
- getattr_dirs_pattern($1, milter_data_type, milter_data_type)
- getattr_sock_files_pattern($1, milter_data_type, milter_data_type)
- ')
-+
-+########################################
-+##
-+## Manage spamassassin milter state
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`milter_manage_spamass_state',`
-+ gen_require(`
-+ type spamass_milter_state_t;
-+ ')
-+
-+ files_search_var_lib($1)
-+ manage_files_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
-+ manage_dirs_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
-+ manage_lnk_files_pattern($1, spamass_milter_state_t, spamass_milter_state_t)
-+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.te serefpolicy-3.6.12/policy/modules/services/milter.te
---- nsaserefpolicy/policy/modules/services/milter.te 2008-11-25 09:01:08.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/milter.te 2009-05-12 15:30:13.000000000 -0400
-@@ -14,6 +14,12 @@
- milter_template(regex)
- milter_template(spamass)
-
-+# Type for the spamass-milter home directory, under which spamassassin will
-+# store system-wide preferences, bayes databases etc. if not configured to
-+# use per-user configuration
-+type spamass_milter_state_t;
-+files_type(spamass_milter_state_t);
-+
- ########################################
- #
- # milter-regex local policy
-@@ -41,6 +47,10 @@
- # http://savannah.nongnu.org/projects/spamass-milt/
- #
-
-+# The milter runs from /var/lib/spamass-milter
-+files_search_var_lib(spamass_milter_t);
-+allow spamass_milter_t spamass_milter_state_t:dir search_dir_perms;
-+
- kernel_read_system_state(spamass_milter_t)
-
- # When used with -b or -B options, the milter invokes sendmail to send mail
-@@ -53,3 +63,40 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/milter.te serefpolicy-3.6.13/policy/modules/services/milter.te
+--- nsaserefpolicy/policy/modules/services/milter.te 2009-05-21 08:43:08.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/milter.te 2009-05-21 09:48:24.000000000 -0400
+@@ -63,3 +63,40 @@
# The main job of the milter is to pipe spam through spamc and act on the result
spamassassin_domtrans_client(spamass_milter_t)
@@ -15756,9 +14691,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+# Config is in /etc/mail/greylist.conf
+mta_read_config(greylist_milter_t)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.12/policy/modules/services/mta.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.6.13/policy/modules/services/mta.fc
--- nsaserefpolicy/policy/modules/services/mta.fc 2008-09-12 10:48:05.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/mta.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/mta.fc 2009-05-21 09:48:24.000000000 -0400
@@ -1,4 +1,4 @@
-/bin/mail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
+/bin/mail(x)? -- gen_context(system_u:object_r:sendmail_exec_t,s0)
@@ -15789,9 +14724,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-#')
+HOME_DIR/\.forward -- gen_context(system_u:object_r:mail_forward_t,s0)
+/root/\.forward -- gen_context(system_u:object_r:mail_forward_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.12/policy/modules/services/mta.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.6.13/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/mta.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/mta.if 2009-05-21 09:48:24.000000000 -0400
@@ -130,6 +130,15 @@
sendmail_create_log($1_mail_t)
')
@@ -15893,9 +14828,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
manage_files_pattern($1, mqueue_spool_t, mqueue_spool_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.6.12/policy/modules/services/mta.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.6.13/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/mta.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/mta.te 2009-05-21 09:48:24.000000000 -0400
@@ -27,6 +27,9 @@
type mail_spool_t;
files_mountpoint(mail_spool_t)
@@ -16041,9 +14976,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
# User send mail local policy
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.6.12/policy/modules/services/munin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.6.13/policy/modules/services/munin.fc
--- nsaserefpolicy/policy/modules/services/munin.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/munin.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/munin.fc 2009-05-21 09:48:24.000000000 -0400
@@ -1,4 +1,5 @@
/etc/munin(/.*)? gen_context(system_u:object_r:munin_etc_t,s0)
+/etc/rc\.d/init\.d/munin-node -- gen_context(system_u:object_r:munin_initrc_exec_t,s0)
@@ -16061,9 +14996,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/www/html/munin(/.*)? gen_context(system_u:object_r:httpd_munin_content_t,s0)
+/var/www/html/munin/cgi(/.*)? gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.6.12/policy/modules/services/munin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.6.13/policy/modules/services/munin.if
--- nsaserefpolicy/policy/modules/services/munin.if 2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/munin.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/munin.if 2009-05-21 09:48:24.000000000 -0400
@@ -59,8 +59,9 @@
type munin_log_t;
')
@@ -16131,9 +15066,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, httpd_munin_content_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.6.12/policy/modules/services/munin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.6.13/policy/modules/services/munin.te
--- nsaserefpolicy/policy/modules/services/munin.te 2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/munin.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/munin.te 2009-05-21 09:48:24.000000000 -0400
@@ -13,6 +13,9 @@
type munin_etc_t alias lrrd_etc_t;
files_config_file(munin_etc_t)
@@ -16268,181 +15203,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+manage_dirs_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
+manage_files_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.6.12/policy/modules/services/mysql.fc
---- nsaserefpolicy/policy/modules/services/mysql.fc 2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/mysql.fc 2009-05-12 15:30:13.000000000 -0400
-@@ -12,6 +12,8 @@
- #
- /usr/libexec/mysqld -- gen_context(system_u:object_r:mysqld_exec_t,s0)
-
-+/usr/bin/mysqld_safe -- gen_context(system_u:object_r:mysqld_safe_exec_t,s0)
-+
- /usr/sbin/mysqld(-max)? -- gen_context(system_u:object_r:mysqld_exec_t,s0)
-
- #
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.6.12/policy/modules/services/mysql.if
---- nsaserefpolicy/policy/modules/services/mysql.if 2008-11-18 18:57:20.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/mysql.if 2009-05-12 15:30:13.000000000 -0400
-@@ -121,6 +121,44 @@
- allow $1 mysqld_db_t:dir rw_dir_perms;
- ')
-
-+#######################################
-+##
-+## Append to the MySQL database directory.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`mysql_append_db_files',`
-+ gen_require(`
-+ type mysqld_db_t;
-+ ')
-+
-+ files_search_var_lib($1)
-+ append_files_pattern($1, mysqld_db_t, mysqld_db_t)
-+')
-+
-+#######################################
-+##
-+## Read and write to the MySQL database directory.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`mysql_rw_db_files',`
-+ gen_require(`
-+ type mysqld_db_t;
-+ ')
-+
-+ files_search_var_lib($1)
-+ rw_files_pattern($1,mysqld_db_t,mysqld_db_t)
-+')
-+
- ########################################
- ##
- ## Create, read, write, and delete MySQL database directories.
-@@ -140,6 +178,25 @@
- allow $1 mysqld_db_t:dir manage_dir_perms;
- ')
-
-+#######################################
-+##
-+## Create, read, write, and delete MySQL database files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`mysql_manage_db_files',`
-+ gen_require(`
-+ type mysqld_db_t;
-+ ')
-+
-+ files_search_var_lib($1)
-+ manage_files_pattern($1,mysqld_db_t,mysqld_db_t)
-+')
-+
- ########################################
- ##
- ## Read and write to the MySQL database
-@@ -161,6 +218,25 @@
- allow $1 mysqld_db_t:sock_file rw_sock_file_perms;
- ')
-
-+#####################################
-+##
-+## Search MySQL PID files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+#
-+interface(`mysql_search_pid_files',`
-+ gen_require(`
-+ type mysqld_var_run_t;
-+ ')
-+
-+ search_dirs_pattern($1, mysqld_var_run_t, mysqld_var_run_t)
-+')
-+
- ########################################
- ##
- ## Write to the MySQL log.
-@@ -177,7 +253,7 @@
- ')
-
- logging_search_logs($1)
-- allow $1 mysqld_log_t:file { write_file_perms setattr };
-+ allow $1 mysqld_log_t:file { write_file_perms setattr getattr };
- ')
-
- ########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.6.12/policy/modules/services/mysql.te
---- nsaserefpolicy/policy/modules/services/mysql.te 2009-03-12 11:16:47.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/mysql.te 2009-05-12 15:30:13.000000000 -0400
-@@ -10,6 +10,10 @@
- type mysqld_exec_t;
- init_daemon_domain(mysqld_t, mysqld_exec_t)
-
-+type mysqld_safe_t;
-+type mysqld_safe_exec_t;
-+init_daemon_domain(mysqld_safe_t, mysqld_safe_exec_t)
-+
- type mysqld_var_run_t;
- files_pid_file(mysqld_var_run_t)
-
-@@ -121,3 +125,36 @@
- optional_policy(`
- udev_read_db(mysqld_t)
- ')
-+
-+#######################################
-+#
-+# Local mysqld_safe policy
-+#
-+
-+domtrans_pattern(mysqld_safe_t,mysqld_exec_t,mysqld_t)
-+
-+allow mysqld_safe_t self:capability { dac_override fowner chown };
-+allow mysqld_safe_t self:fifo_file rw_fifo_file_perms;
-+
-+allow mysqld_safe_t mysqld_log_t:file manage_file_perms;
-+logging_log_filetrans(mysqld_safe_t, mysqld_log_t, file)
-+
-+mysql_append_db_files(mysqld_safe_t)
-+mysql_read_config(mysqld_safe_t)
-+mysql_search_pid_files(mysqld_safe_t)
-+mysql_write_log(mysqld_safe_t)
-+
-+kernel_read_system_state(mysqld_safe_t)
-+
-+dev_list_sysfs(mysqld_safe_t)
-+
-+files_read_etc_files(mysqld_safe_t)
-+files_read_usr_files(mysqld_safe_t)
-+
-+corecmd_exec_bin(mysqld_safe_t)
-+
-+miscfiles_read_localization(mysqld_safe_t)
-+
-+hostname_exec(mysqld_safe_t)
-+
-+permissive mysqld_safe_t;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.6.12/policy/modules/services/nagios.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.6.13/policy/modules/services/nagios.fc
--- nsaserefpolicy/policy/modules/services/nagios.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/nagios.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/nagios.fc 2009-05-21 09:48:24.000000000 -0400
@@ -1,16 +1,19 @@
/etc/nagios(/.*)? gen_context(system_u:object_r:nagios_etc_t,s0)
/etc/nagios/nrpe\.cfg -- gen_context(system_u:object_r:nrpe_etc_t,s0)
@@ -16467,9 +15230,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
+/usr/lib(64)?/cgi-bin/nagios(/.+)? gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.6.12/policy/modules/services/nagios.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.6.13/policy/modules/services/nagios.if
--- nsaserefpolicy/policy/modules/services/nagios.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/nagios.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/nagios.if 2009-05-21 09:48:24.000000000 -0400
@@ -44,7 +44,7 @@
########################################
@@ -16589,9 +15352,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ admin_pattern($1, nrpe_etc_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.6.12/policy/modules/services/nagios.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.6.13/policy/modules/services/nagios.te
--- nsaserefpolicy/policy/modules/services/nagios.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/nagios.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/nagios.te 2009-05-21 09:48:24.000000000 -0400
@@ -10,13 +10,12 @@
type nagios_exec_t;
init_daemon_domain(nagios_t, nagios_exec_t)
@@ -16687,9 +15450,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
########################################
#
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.6.12/policy/modules/services/networkmanager.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.6.13/policy/modules/services/networkmanager.fc
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2008-09-24 09:07:28.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/networkmanager.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/networkmanager.fc 2009-05-21 09:48:24.000000000 -0400
@@ -1,12 +1,25 @@
+/etc/rc\.d/init\.d/wicd -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t, s0)
+/etc/NetworkManager/dispatcher\.d(/.*) gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
@@ -16716,9 +15479,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.6.12/policy/modules/services/networkmanager.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.6.13/policy/modules/services/networkmanager.if
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/networkmanager.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/networkmanager.if 2009-05-21 09:48:24.000000000 -0400
@@ -118,6 +118,24 @@
########################################
@@ -16775,9 +15538,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ role $2 types NetworkManager_t;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.12/policy/modules/services/networkmanager.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.6.13/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/networkmanager.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/networkmanager.te 2009-05-21 09:48:24.000000000 -0400
@@ -19,6 +19,9 @@
type NetworkManager_tmp_t;
files_tmp_file(NetworkManager_tmp_t)
@@ -17007,9 +15770,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
########################################
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.6.12/policy/modules/services/nis.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.6.13/policy/modules/services/nis.fc
--- nsaserefpolicy/policy/modules/services/nis.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/nis.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/nis.fc 2009-05-21 09:48:24.000000000 -0400
@@ -1,9 +1,13 @@
-
+/etc/rc\.d/init\.d/ypbind -- gen_context(system_u:object_r:ypbind_initrc_exec_t,s0)
@@ -17025,9 +15788,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/rpc\.yppasswdd -- gen_context(system_u:object_r:yppasswdd_exec_t,s0)
/usr/sbin/rpc\.ypxfrd -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.6.12/policy/modules/services/nis.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.6.13/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/nis.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/nis.if 2009-05-21 09:48:24.000000000 -0400
@@ -28,7 +28,7 @@
type var_yp_t;
')
@@ -17205,9 +15968,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ role $2 types ypbind_t;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.6.12/policy/modules/services/nis.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.6.13/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/nis.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/nis.te 2009-05-21 09:48:24.000000000 -0400
@@ -13,6 +13,9 @@
type ypbind_exec_t;
init_daemon_domain(ypbind_t, ypbind_exec_t)
@@ -17282,17 +16045,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_dontaudit_tcp_bind_all_reserved_ports(ypxfr_t)
corenet_dontaudit_udp_bind_all_reserved_ports(ypxfr_t)
corenet_tcp_connect_all_ports(ypxfr_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.6.12/policy/modules/services/nscd.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.6.13/policy/modules/services/nscd.fc
--- nsaserefpolicy/policy/modules/services/nscd.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/nscd.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/nscd.fc 2009-05-21 09:48:24.000000000 -0400
@@ -1,3 +1,4 @@
+/etc/rc\.d/init\.d/nscd -- gen_context(system_u:object_r:nscd_initrc_exec_t,s0)
/usr/sbin/nscd -- gen_context(system_u:object_r:nscd_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.6.12/policy/modules/services/nscd.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.6.13/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/nscd.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/nscd.if 2009-05-21 09:48:24.000000000 -0400
@@ -58,6 +58,42 @@
########################################
@@ -17415,9 +16178,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, nscd_var_run_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.6.12/policy/modules/services/nscd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.6.13/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/nscd.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/nscd.te 2009-05-21 09:48:24.000000000 -0400
@@ -20,6 +20,9 @@
type nscd_exec_t;
init_daemon_domain(nscd_t, nscd_exec_t)
@@ -17515,9 +16278,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ samba_read_config(nscd_t)
+ samba_read_var_files(nscd_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.6.12/policy/modules/services/ntp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.6.13/policy/modules/services/ntp.if
--- nsaserefpolicy/policy/modules/services/ntp.if 2008-10-14 11:58:09.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/ntp.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/ntp.if 2009-05-21 09:48:24.000000000 -0400
@@ -37,6 +37,32 @@
########################################
@@ -17615,9 +16378,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
## All of the rules required to administrate
## an ntp environment
##
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.6.12/policy/modules/services/ntp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.6.13/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ntp.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/ntp.te 2009-05-21 09:48:24.000000000 -0400
@@ -25,6 +25,9 @@
type ntpd_tmp_t;
files_tmp_file(ntpd_tmp_t)
@@ -17682,9 +16445,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
firstboot_dontaudit_use_fds(ntpd_t)
firstboot_dontaudit_rw_pipes(ntpd_t)
firstboot_dontaudit_rw_stream_sockets(ntpd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.6.12/policy/modules/services/nx.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.te serefpolicy-3.6.13/policy/modules/services/nx.te
--- nsaserefpolicy/policy/modules/services/nx.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/nx.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/nx.te 2009-05-21 09:48:24.000000000 -0400
@@ -25,6 +25,9 @@
type nx_server_var_run_t;
files_pid_file(nx_server_var_run_t)
@@ -17705,18 +16468,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_system_state(nx_server_t)
kernel_read_kernel_sysctls(nx_server_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.6.12/policy/modules/services/oddjob.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.6.13/policy/modules/services/oddjob.fc
--- nsaserefpolicy/policy/modules/services/oddjob.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/oddjob.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/oddjob.fc 2009-05-21 09:48:24.000000000 -0400
@@ -1,4 +1,4 @@
-/usr/lib/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
+/usr/lib(64)?/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
/usr/sbin/oddjobd -- gen_context(system_u:object_r:oddjob_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.6.12/policy/modules/services/oddjob.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.6.13/policy/modules/services/oddjob.if
--- nsaserefpolicy/policy/modules/services/oddjob.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/oddjob.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/oddjob.if 2009-05-21 09:48:24.000000000 -0400
@@ -44,6 +44,7 @@
')
@@ -17754,9 +16517,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ oddjob_domtrans_mkhomedir($1)
+ role $2 types oddjob_mkhomedir_t;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.6.12/policy/modules/services/oddjob.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.6.13/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/oddjob.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/oddjob.te 2009-05-21 09:48:24.000000000 -0400
@@ -10,14 +10,21 @@
type oddjob_exec_t;
domain_type(oddjob_t)
@@ -17813,9 +16576,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
# Add/remove user home directories
userdom_home_filetrans_user_home_dir(oddjob_mkhomedir_t)
userdom_manage_user_home_content_dirs(oddjob_mkhomedir_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.fc serefpolicy-3.6.12/policy/modules/services/pads.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.fc serefpolicy-3.6.13/policy/modules/services/pads.fc
--- nsaserefpolicy/policy/modules/services/pads.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pads.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/pads.fc 2009-05-21 09:48:24.000000000 -0400
@@ -0,0 +1,12 @@
+
+/etc/pads-ether-codes -- gen_context(system_u:object_r:pads_config_t, s0)
@@ -17829,9 +16592,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/var/run/pads.pid -- gen_context(system_u:object_r:pads_var_run_t, s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.if serefpolicy-3.6.12/policy/modules/services/pads.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.if serefpolicy-3.6.13/policy/modules/services/pads.if
--- nsaserefpolicy/policy/modules/services/pads.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pads.if 2009-05-18 08:59:32.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/pads.if 2009-05-21 09:48:24.000000000 -0400
@@ -0,0 +1,44 @@
+## SELinux policy for PADS daemon.
+##
@@ -17877,9 +16640,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, pads_var_run_t)
+ admin_pattern($1, pads_config_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.te serefpolicy-3.6.12/policy/modules/services/pads.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pads.te serefpolicy-3.6.13/policy/modules/services/pads.te
--- nsaserefpolicy/policy/modules/services/pads.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pads.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/pads.te 2009-05-21 09:48:24.000000000 -0400
@@ -0,0 +1,65 @@
+
+policy_module(pads, 0.0.1)
@@ -17946,9 +16709,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+optional_policy(`
+ prelude_manage_spool(pads_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.6.12/policy/modules/services/pegasus.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.6.13/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pegasus.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/pegasus.te 2009-05-21 09:48:24.000000000 -0400
@@ -30,7 +30,7 @@
# Local policy
#
@@ -18020,185 +16783,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ xen_stream_connect(pegasus_t)
+ xen_stream_connect_xenstore(pegasus_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.fc serefpolicy-3.6.12/policy/modules/services/pingd.fc
---- nsaserefpolicy/policy/modules/services/pingd.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pingd.fc 2009-05-12 15:30:13.000000000 -0400
-@@ -0,0 +1,11 @@
-+
-+/etc/pingd.conf -- gen_context(system_u:object_r:pingd_etc_t,s0)
-+
-+/etc/rc\.d/init\.d/whatsup-pingd -- gen_context(system_u:object_r:pingd_initrc_exec_t,s0)
-+
-+/usr/lib/pingd(/.*)? gen_context(system_u:object_r:pingd_modules_t,s0)
-+
-+/usr/sbin/pingd -- gen_context(system_u:object_r:pingd_exec_t,s0)
-+
-+
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.if serefpolicy-3.6.12/policy/modules/services/pingd.if
---- nsaserefpolicy/policy/modules/services/pingd.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pingd.if 2009-05-12 15:30:13.000000000 -0400
-@@ -0,0 +1,99 @@
-+## policy for pingd
-+
-+########################################
-+##
-+## Execute a domain transition to run pingd.
-+##
-+##
-+##
-+## Domain allowed to transition.
-+##
-+##
-+#
-+interface(`pingd_domtrans',`
-+ gen_require(`
-+ type pingd_t, pingd_exec_t;
-+ ')
-+
-+ domtrans_pattern($1,pingd_exec_t,pingd_t)
-+')
-+
-+#######################################
-+##
-+## Read pingd etc configuration files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`pingd_read_etc',`
-+ gen_require(`
-+ type pingd_etc_t;
-+ ')
-+
-+ files_search_etc($1)
-+ read_files_pattern($1, pingd_etc_t, pingd_etc_t)
-+')
-+
-+#######################################
-+##
-+## Manage pingd etc configuration files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`pingd_manage_etc',`
-+ gen_require(`
-+ type pingd_etc_t;
-+ ')
-+
-+ files_search_etc($1)
-+ manage_dirs_pattern($1, pingd_etc_t, pingd_etc_t)
-+ manage_files_pattern($1, pingd_etc_t, pingd_etc_t)
-+
-+')
-+
-+#######################################
-+##
-+## All of the rules required to administrate
-+## an pingd environment
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+##
-+## The role to be allowed to manage the pingd domain.
-+##
-+##
-+##
-+#
-+interface(`pingd_admin',`
-+ gen_require(`
-+ type pingd_t, pingd_etc_t;
-+ type pingd_initrc_exec_t, pingd_modules_t;
-+ ')
-+
-+ allow $1 pingd_t:process { ptrace signal_perms };
-+ ps_process_pattern($1, pingd_t)
-+
-+ init_labeled_script_domtrans($1, pingd_initrc_exec_t)
-+ domain_system_change_exemption($1)
-+ role_transition $2 pingd_initrc_exec_t system_r;
-+ allow $2 system_r;
-+
-+ files_list_etc($1)
-+ admin_pattern($1, pingd_etc_t)
-+
-+ files_list_usr($1)
-+ admin_pattern($1, pingd_modules_t)
-+
-+')
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pingd.te serefpolicy-3.6.12/policy/modules/services/pingd.te
---- nsaserefpolicy/policy/modules/services/pingd.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pingd.te 2009-05-12 15:30:13.000000000 -0400
-@@ -0,0 +1,54 @@
-+policy_module(pingd,1.0.0)
-+
-+########################################
-+#
-+# Declarations
-+#
-+
-+type pingd_t;
-+type pingd_exec_t;
-+init_daemon_domain(pingd_t, pingd_exec_t)
-+
-+type pingd_initrc_exec_t;
-+init_script_file(pingd_initrc_exec_t)
-+
-+# type for config
-+type pingd_etc_t;
-+files_type(pingd_etc_t);
-+
-+# type for pingd modules
-+type pingd_modules_t;
-+files_type(pingd_modules_t)
-+
-+########################################
-+#
-+# pingd local policy
-+#
-+
-+allow pingd_t self:capability net_raw;
-+allow pingd_t self:tcp_socket create_stream_socket_perms;
-+allow pingd_t self:rawip_socket { write read create bind };
-+
-+read_files_pattern(pingd_t, pingd_etc_t, pingd_etc_t)
-+
-+read_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t)
-+mmap_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t)
-+
-+corenet_raw_bind_generic_node(pingd_t)
-+corenet_tcp_bind_generic_node(pingd_t)
-+corenet_tcp_bind_pingd_port(pingd_t)
-+
-+auth_use_nsswitch(pingd_t)
-+
-+files_search_usr(pingd_t)
-+
-+libs_use_ld_so(pingd_t)
-+libs_use_shared_libs(pingd_t)
-+miscfiles_read_localization(pingd_t)
-+
-+logging_send_syslog_msg(pingd_t)
-+
-+permissive pingd_t;
-+
-+
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.6.12/policy/modules/services/polkit.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.6.13/policy/modules/services/polkit.fc
--- nsaserefpolicy/policy/modules/services/polkit.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/polkit.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/polkit.fc 2009-05-21 09:48:24.000000000 -0400
@@ -0,0 +1,11 @@
+
+/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:polkit_auth_exec_t,s0)
@@ -18211,9 +16798,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+/var/lib/PolicyKit-public(/.*)? gen_context(system_u:object_r:polkit_var_lib_t,s0)
+
+/var/lib/misc/PolicyKit.reload gen_context(system_u:object_r:polkit_reload_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.6.12/policy/modules/services/polkit.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.6.13/policy/modules/services/polkit.if
--- nsaserefpolicy/policy/modules/services/polkit.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/polkit.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/polkit.if 2009-05-21 09:48:24.000000000 -0400
@@ -0,0 +1,241 @@
+
+## policy for polkit_auth
@@ -18456,9 +17043,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ allow $1 polkit_t:dbus send_msg;
+ allow polkit_t $1:dbus send_msg;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.6.12/policy/modules/services/polkit.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.6.13/policy/modules/services/polkit.te
--- nsaserefpolicy/policy/modules/services/polkit.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/polkit.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/polkit.te 2009-05-21 09:48:24.000000000 -0400
@@ -0,0 +1,237 @@
+policy_module(polkit_auth, 1.0.0)
+
@@ -18697,150 +17284,27 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ unconfined_ptrace(polkit_resolve_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.fc serefpolicy-3.6.12/policy/modules/services/portreserve.fc
---- nsaserefpolicy/policy/modules/services/portreserve.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/portreserve.fc 2009-05-12 15:30:13.000000000 -0400
-@@ -0,0 +1,12 @@
-+# portreserve executable will have:
-+# label: system_u:object_r:portreserve_exec_t
-+# MLS sensitivity: s0
-+# MCS categories:
-+
-+#exec
-+/sbin/portreserve -- gen_context(system_u:object_r:portreserve_exec_t,s0)
-+
-+/var/run/portreserve(/.*)? gen_context(system_u:object_r:portreserve_var_run_t,s0)
-+
-+/etc/portreserve(/.*)? gen_context(system_u:object_r:portreserve_etc_t,s0)
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.if serefpolicy-3.6.12/policy/modules/services/portreserve.if
---- nsaserefpolicy/policy/modules/services/portreserve.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/portreserve.if 2009-05-12 15:30:13.000000000 -0400
-@@ -0,0 +1,66 @@
-+## policy for portreserve
-+
-+########################################
-+##
-+## Execute a domain transition to run portreserve.
-+##
-+##
-+##
-+## Domain allowed to transition.
-+##
-+##
-+#
-+interface(`portreserve_domtrans',`
-+ gen_require(`
-+ type portreserve_t, portreserve_exec_t;
-+ ')
-+
-+ domtrans_pattern($1,portreserve_exec_t,portreserve_t)
-+')
-+
-+#######################################
-+##
-+## Allow the specified domain to read
-+## portreserve etcuration files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+##
-+#
-+interface(`portreserve_read_etc',`
-+ gen_require(`
-+ type portreserve_etc_t;
-+ ')
-+
-+ files_search_etc($1)
-+ allow $1 portreserve_etc_t:dir list_dir_perms;
-+ read_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
-+ read_lnk_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
-+')
-+
-+#######################################
-+##
-+## Allow the specified domain to manage
-+## portreserve etcuration files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+#
-+interface(`portreserve_manage_etc',`
-+ gen_require(`
-+ type portreserve_etc_t;
-+ ')
-+
-+ files_search_etc($1)
-+ manage_dirs_pattern($1, portreserve_etc_t, portreserve_etc_t)
-+ manage_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
-+ read_lnk_files_pattern($1, portreserve_etc_t, portreserve_etc_t)
-+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.6.12/policy/modules/services/portreserve.te
---- nsaserefpolicy/policy/modules/services/portreserve.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/portreserve.te 2009-05-12 15:30:13.000000000 -0400
-@@ -0,0 +1,51 @@
-+policy_module(portreserve,1.0.0)
-+
-+########################################
-+#
-+# Declarations
-+#
-+
-+type portreserve_t;
-+type portreserve_exec_t;
-+init_daemon_domain(portreserve_t, portreserve_exec_t)
-+
-+type portreserve_etc_t;
-+files_type(portreserve_etc_t)
-+
-+type portreserve_var_run_t;
-+files_pid_file(portreserve_var_run_t)
-+
-+########################################
-+#
-+# Portreserve local policy
-+#
-+allow portreserve_t self:fifo_file rw_fifo_file_perms;
-+allow portreserve_t self:unix_stream_socket create_stream_socket_perms;
-+allow portreserve_t self:unix_dgram_socket { create_socket_perms sendto };
-+allow portreserve_t self:tcp_socket create_socket_perms;
-+allow portreserve_t self:udp_socket create_socket_perms;
-+
-+# Read etc files
-+list_dirs_pattern(portreserve_t, portreserve_etc_t, portreserve_etc_t)
-+read_files_pattern(portreserve_t, portreserve_etc_t, portreserve_etc_t)
-+
-+# Manage /var/run/portreserve/*
-+manage_dirs_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
-+manage_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
-+manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
-+files_pid_filetrans(portreserve_t,portreserve_var_run_t, { file sock_file })
-+
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portreserve.te serefpolicy-3.6.13/policy/modules/services/portreserve.te
+--- nsaserefpolicy/policy/modules/services/portreserve.te 2009-05-21 08:43:08.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/portreserve.te 2009-05-21 09:48:24.000000000 -0400
+@@ -37,9 +37,12 @@
+ manage_sock_files_pattern(portreserve_t, portreserve_var_run_t, portreserve_var_run_t)
+ files_pid_filetrans(portreserve_t, portreserve_var_run_t, { file sock_file })
+
+corenet_all_recvfrom_unlabeled(portreserve_t)
+corenet_all_recvfrom_netlabel(portreserve_t)
+corenet_tcp_bind_all_ports(portreserve_t)
+corenet_tcp_bind_all_ports(portreserve_t)
-+corenet_tcp_bind_generic_node(portreserve_t)
-+corenet_udp_bind_generic_node(portreserve_t)
+ corenet_tcp_bind_generic_node(portreserve_t)
+ corenet_udp_bind_generic_node(portreserve_t)
+-corenet_tcp_bind_all_reserved_ports(portreserve_t)
+-corenet_udp_bind_all_reserved_ports(portreserve_t)
+corenet_udp_bind_all_ports(portreserve_t)
-+
-+files_read_etc_files(portreserve_t)
-+
-+# Init script handling
-+#init_use_fds(portreserve_t)
-+#init_use_script_ptys(portreserve_t)
-+#domain_use_interactive_fds(portreserve_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.6.12/policy/modules/services/postfix.fc
+
+ files_read_etc_files(portreserve_t)
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.6.13/policy/modules/services/postfix.fc
--- nsaserefpolicy/policy/modules/services/postfix.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/postfix.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/postfix.fc 2009-05-21 09:48:24.000000000 -0400
@@ -29,12 +29,10 @@
/usr/lib/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
/usr/lib/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
@@ -18854,9 +17318,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
/usr/sbin/postdrop -- gen_context(system_u:object_r:postfix_postdrop_exec_t,s0)
/usr/sbin/postfix -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postkick -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.6.12/policy/modules/services/postfix.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.6.13/policy/modules/services/postfix.if
--- nsaserefpolicy/policy/modules/services/postfix.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/postfix.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/postfix.if 2009-05-21 09:48:24.000000000 -0400
@@ -46,6 +46,7 @@
allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
@@ -19070,9 +17534,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ role $2 types postfix_postdrop_t;
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.12/policy/modules/services/postfix.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.6.13/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/postfix.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/postfix.te 2009-05-21 09:48:24.000000000 -0400
@@ -6,6 +6,15 @@
# Declarations
#
@@ -19450,9 +17914,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+userdom_manage_user_home_content(postfix_virtual_t)
+userdom_home_filetrans_user_home_dir(postfix_virtual_t)
+userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, {file dir })
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.12/policy/modules/services/postgresql.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.6.13/policy/modules/services/postgresql.fc
--- nsaserefpolicy/policy/modules/services/postgresql.fc 2008-08-14 13:08:27.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/postgresql.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/postgresql.fc 2009-05-21 09:48:24.000000000 -0400
@@ -2,6 +2,7 @@
# /etc
#
@@ -19461,10 +17925,10 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
# /usr
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.6.12/policy/modules/services/postgresql.if
---- nsaserefpolicy/policy/modules/services/postgresql.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/postgresql.if 2009-05-12 15:30:13.000000000 -0400
-@@ -351,3 +351,46 @@
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.6.13/policy/modules/services/postgresql.if
+--- nsaserefpolicy/policy/modules/services/postgresql.if 2009-05-22 10:28:56.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/postgresql.if 2009-05-21 09:48:24.000000000 -0400
+@@ -384,3 +384,46 @@
typeattribute $1 sepgsql_unconfined_type;
')
@@ -19511,9 +17975,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ admin_pattern($1, postgresql_tmp_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.6.12/policy/modules/services/postgresql.te
---- nsaserefpolicy/policy/modules/services/postgresql.te 2009-02-03 22:50:50.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/postgresql.te 2009-05-12 15:30:13.000000000 -0400
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.6.13/policy/modules/services/postgresql.te
+--- nsaserefpolicy/policy/modules/services/postgresql.te 2009-05-22 10:28:56.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/postgresql.te 2009-05-21 09:48:24.000000000 -0400
@@ -32,6 +32,9 @@
type postgresql_etc_t;
files_config_file(postgresql_etc_t)
@@ -19524,7 +17988,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
type postgresql_lock_t;
files_lock_file(postgresql_lock_t)
-@@ -124,6 +127,7 @@
+@@ -139,6 +142,7 @@
dontaudit postgresql_t self:capability { sys_tty_config sys_admin };
allow postgresql_t self:process signal_perms;
allow postgresql_t self:fifo_file rw_fifo_file_perms;
@@ -19532,7 +17996,16 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
allow postgresql_t self:sem create_sem_perms;
allow postgresql_t self:shm create_shm_perms;
allow postgresql_t self:tcp_socket create_stream_socket_perms;
-@@ -178,7 +182,7 @@
+@@ -158,7 +162,7 @@
+ type_transition postgresql_t sepgsql_database_type:db_table sepgsql_sysobj_t;
+
+ allow postgresql_t sepgsql_procedure_type:db_procedure *;
+-type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_exec_t;
++type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_t;
+
+ allow postgresql_t sepgsql_blob_type:db_blob *;
+ type_transition postgresql_t sepgsql_database_type:db_blob sepgsql_blob_t;
+@@ -193,7 +197,7 @@
manage_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
manage_sock_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
@@ -19541,7 +18014,7 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_kernel_sysctls(postgresql_t)
kernel_read_system_state(postgresql_t)
-@@ -194,6 +198,7 @@
+@@ -209,6 +213,7 @@
corenet_udp_sendrecv_generic_node(postgresql_t)
corenet_tcp_sendrecv_all_ports(postgresql_t)
corenet_udp_sendrecv_all_ports(postgresql_t)
@@ -19549,27 +18022,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
corenet_tcp_bind_generic_node(postgresql_t)
corenet_tcp_bind_postgresql_port(postgresql_t)
corenet_tcp_connect_auth_port(postgresql_t)
-@@ -304,7 +309,7 @@
- allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select };
+@@ -347,7 +352,7 @@
+ type_transition sepgsql_unconfined_type sepgsql_unconfined_type:db_database sepgsql_db_t;
- allow sepgsql_client_type sepgsql_proc_t:db_procedure { getattr execute install };
--allow sepgsql_client_type sepgsql_trusted_proc_t:db_procedure { getattr execute entrypoint };
-+allow sepgsql_client_type sepgsql_trusted_proc_exec_t:db_procedure { getattr execute entrypoint };
+ type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t;
+-type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t;
++type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_t;
+ type_transition sepgsql_unconfined_type sepgsql_database_type:db_blob sepgsql_blob_t;
- allow sepgsql_client_type sepgsql_blob_t:db_blob { create drop getattr setattr read write };
- allow sepgsql_client_type sepgsql_ro_blob_t:db_blob { getattr read };
-@@ -345,7 +350,7 @@
-
- # unconfined domain is not allowed to invoke user defined procedure directly.
- # They have to confirm and relabel it at first.
--allow sepgsql_unconfined_type { sepgsql_proc_t sepgsql_trusted_proc_t }:db_procedure *;
-+allow sepgsql_unconfined_type { sepgsql_proc_t sepgsql_trusted_proc_exec_t }:db_procedure *;
- allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure { create drop getattr setattr relabelfrom relabelto };
-
- allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.6.12/policy/modules/services/ppp.fc
+ allow sepgsql_unconfined_type sepgsql_table_type:{ db_table db_column db_tuple } *;
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.6.13/policy/modules/services/ppp.fc
--- nsaserefpolicy/policy/modules/services/ppp.fc 2008-09-11 11:28:34.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/ppp.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/ppp.fc 2009-05-21 09:48:24.000000000 -0400
@@ -1,7 +1,7 @@
#
# /etc
@@ -19590,9 +18054,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
#
# /sbin
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.12/policy/modules/services/ppp.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.6.13/policy/modules/services/ppp.if
--- nsaserefpolicy/policy/modules/services/ppp.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ppp.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/ppp.if 2009-05-21 09:48:24.000000000 -0400
@@ -58,6 +58,25 @@
########################################
@@ -19693,9 +18157,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
- manage_files_pattern($1, pptp_var_run_t, pptp_var_run_t)
+ admin_pattern($1, pptp_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.6.12/policy/modules/services/ppp.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.6.13/policy/modules/services/ppp.te
--- nsaserefpolicy/policy/modules/services/ppp.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ppp.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/ppp.te 2009-05-21 09:48:24.000000000 -0400
@@ -37,8 +37,8 @@
type pppd_etc_rw_t;
files_type(pppd_etc_rw_t)
@@ -19831,9 +18295,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-
-# FIXME:
-domtrans_pattern(pppd_t, pppd_script_exec_t, initrc_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.fc serefpolicy-3.6.12/policy/modules/services/prelude.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.fc serefpolicy-3.6.13/policy/modules/services/prelude.fc
--- nsaserefpolicy/policy/modules/services/prelude.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/prelude.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/prelude.fc 2009-05-21 09:48:24.000000000 -0400
@@ -1,3 +1,9 @@
+/etc/prelude-correlator(/.*)? gen_context(system_u:object_r:prelude_correlator_config_t, s0)
+
@@ -19860,9 +18324,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/usr/bin/prelude-correlator -- gen_context(system_u:object_r:prelude_correlator_exec_t, s0)
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.6.12/policy/modules/services/prelude.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.6.13/policy/modules/services/prelude.if
--- nsaserefpolicy/policy/modules/services/prelude.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/prelude.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/prelude.if 2009-05-21 09:48:24.000000000 -0400
@@ -6,7 +6,7 @@
##
##
@@ -19975,9 +18439,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, prelude_lml_tmp_t)
+ admin_pattern($1, prelude_lml_var_run_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.6.12/policy/modules/services/prelude.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.6.13/policy/modules/services/prelude.te
--- nsaserefpolicy/policy/modules/services/prelude.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/prelude.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/prelude.te 2009-05-21 09:48:24.000000000 -0400
@@ -13,25 +13,57 @@
type prelude_spool_t;
files_type(prelude_spool_t)
@@ -20247,9 +18711,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
mysql_search_db(httpd_prewikka_script_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.6.12/policy/modules/services/privoxy.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.6.13/policy/modules/services/privoxy.te
--- nsaserefpolicy/policy/modules/services/privoxy.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/privoxy.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/privoxy.te 2009-05-21 09:48:24.000000000 -0400
@@ -6,6 +6,14 @@
# Declarations
#
@@ -20292,9 +18756,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
')
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.6.12/policy/modules/services/procmail.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.6.13/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/procmail.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/procmail.te 2009-05-21 09:48:24.000000000 -0400
@@ -77,6 +77,7 @@
files_read_usr_files(procmail_t)
@@ -20331,461 +18795,23 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
sendmail_rw_unix_stream_sockets(procmail_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.fc serefpolicy-3.6.12/policy/modules/services/psad.fc
---- nsaserefpolicy/policy/modules/services/psad.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/psad.fc 2009-05-12 15:30:13.000000000 -0400
-@@ -0,0 +1,17 @@
-+
-+
-+/etc/rc\.d/init\.d/psad -- gen_context(system_u:object_r:psad_initrc_exec_t,s0)
-+
-+/etc/psad(/.*)? gen_context(system_u:object_r:psad_etc_t,s0)
-+
-+/usr/sbin/psad -- gen_context(system_u:object_r:psad_exec_t,s0)
-+
-+#/usr/sbin/psadwatchd -- gen_context(system_u:object_r:psadwatchd_exec_t,s0)
-+
-+#/usr/sbin/kmsgsd -- gen_context(system_u:object_r:kmsgsd_exec_t,s0)
-+
-+/var/run/psad(/.*)? gen_context(system_u:object_r:psad_var_run_t,s0)
-+
-+/var/lib/psad(/.*)? gen_context(system_u:object_r:psad_var_lib_t,s0)
-+
-+/var/log/psad(/.*)? gen_context(system_u:object_r:psad_var_log_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.if serefpolicy-3.6.12/policy/modules/services/psad.if
---- nsaserefpolicy/policy/modules/services/psad.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/psad.if 2009-05-12 15:30:13.000000000 -0400
-@@ -0,0 +1,304 @@
-+## Psad SELinux policy
-+
-+########################################
-+##
-+## Execute a domain transition to run psad.
-+##
-+##
-+##
-+## Domain allowed to transition.
-+##
-+##
-+#
-+interface(`psad_domtrans',`
-+ gen_require(`
-+ type psad_t, psad_exec_t;
-+ ')
-+
-+ domtrans_pattern($1, psad_exec_t, psad_t)
-+')
-+
-+########################################
-+##
-+## Read and write psad UDP sockets.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`psad_rw_udp_sockets',`
-+ gen_require(`
-+ type psad_t;
-+ ')
-+
-+ allow $1 psad_t:udp_socket { read write };
-+')
-+
-+########################################
-+##
-+## Read and write psad packet sockets.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`psad_rw_packet_sockets',`
-+ gen_require(`
-+ type psad_t;
-+ ')
-+
-+ allow $1 psad_t:packet_socket { read write };
-+')
-+
-+########################################
-+##
-+## Send a generic signal to psad
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`psad_signal',`
-+ gen_require(`
-+ type psad_t;
-+ ')
-+
-+ allow $1 psad_t:process signal;
-+')
-+
-+#######################################
-+##
-+## Send a null signal to psad.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`psad_signull',`
-+ gen_require(`
-+ type psad_t;
-+ ')
-+
-+ allow $1 psad_t:process signull;
-+')
-+
-+########################################
-+##
-+## Read psad etc configuration files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+#
-+interface(`psad_read_etc',`
-+ gen_require(`
-+ type psad_etc_t;
-+ ')
-+
-+ files_search_etc($1)
-+ read_files_pattern($1, psad_etc_t, psad_etc_t)
-+')
-+
-+########################################
-+##
-+## Manage psad etc configuration files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+#
-+interface(`psad_manage_etc',`
-+ gen_require(`
-+ type psad_etc_t;
-+ ')
-+
-+ files_search_etc($1)
-+ manage_dirs_pattern($1, psad_etc_t, psad_etc_t)
-+ manage_files_pattern($1, psad_etc_t, psad_etc_t)
-+
-+')
-+
-+########################################
-+##
-+## Read psad PID files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+#
-+interface(`psad_read_pid_files',`
-+ gen_require(`
-+ type psad_var_run_t;
-+ ')
-+
-+ files_search_pids($1)
-+ read_files_pattern($1, psad_var_run_t, psad_var_run_t)
-+')
-+
-+########################################
-+##
-+## Read psad PID files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+#
-+interface(`psad_rw_pid_files',`
-+ gen_require(`
-+ type psad_var_run_t;
-+ ')
-+
-+ files_search_pids($1)
-+ rw_files_pattern($1, psad_var_run_t, psad_var_run_t)
-+')
-+
-+########################################
-+##
-+## Allow the specified domain to read psad's log files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+##
-+#
-+interface(`psad_read_log',`
-+ gen_require(`
-+ type psad_var_log_t;
-+ ')
-+
-+ logging_search_logs($1)
-+ list_dirs_pattern($1, psad_var_log_t, psad_var_log_t)
-+ read_files_pattern($1, psad_var_log_t, psad_var_log_t)
-+')
-+
-+########################################
-+##
-+## Allow the specified domain to append to psad's log files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+##
-+#
-+interface(`psad_append_log',`
-+ gen_require(`
-+ type psad_var_log_t;
-+ ')
-+
-+ logging_search_logs($1)
-+ list_dirs_pattern($1, psad_var_log_t, psad_var_log_t)
-+ append_files_pattern($1, psad_var_log_t, psad_var_log_t)
-+')
-+
-+########################################
-+##
-+## Read and write psad fifo files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`psad_rw_fifo_file',`
-+ gen_require(`
-+ type psad_t;
-+ ')
-+
-+ files_search_var_lib($1)
-+ search_dirs_pattern($1, psad_var_lib_t, psad_var_lib_t)
-+ rw_fifo_files_pattern($1, psad_var_lib_t, psad_var_lib_t)
-+')
-+
-+#######################################
-+##
-+## Read and write psad tmp files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+#
-+interface(`psad_rw_tmp_files',`
-+ gen_require(`
-+ type psad_tmp_t;
-+ ')
-+
-+ files_search_tmp($1)
-+ rw_files_pattern($1, psad_tmp_t, psad_tmp_t)
-+')
-+
-+########################################
-+##
-+## All of the rules required to administrate
-+## an psad environment
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
-+##
-+##
-+## The role to be allowed to manage the syslog domain.
-+##
-+##
-+##
-+#
-+interface(`psad_admin',`
-+ gen_require(`
-+ type psad_t, psad_var_run_t, psad_var_log_t;
-+ type psad_initrc_exec_t, psad_var_lib_t;
-+ type psad_tmp_t;
-+ ')
-+
-+ allow $1 psad_t:process { ptrace signal_perms };
-+ ps_process_pattern($1, psad_t)
-+
-+ init_labeled_script_domtrans($1, psad_initrc_exec_t)
-+ domain_system_change_exemption($1)
-+ role_transition $2 psad_initrc_exec_t system_r;
-+ allow $2 system_r;
-+
-+ files_search_etc($1)
-+ admin_pattern($1, psad_etc_t)
-+
-+ files_search_pids($1)
-+ admin_pattern($1, psad_var_run_t)
-+
-+ logging_search_logs($1)
-+ admin_pattern($1, psad_var_log_t)
-+
-+ files_search_var_lib($1)
-+ admin_pattern($1, psad_var_lib_t)
-+
-+ files_search_tmp($1)
-+ admin_pattern($1, psad_tmp_t)
-+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/psad.te serefpolicy-3.6.12/policy/modules/services/psad.te
---- nsaserefpolicy/policy/modules/services/psad.te 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/psad.te 2009-05-12 15:30:13.000000000 -0400
-@@ -0,0 +1,107 @@
-+policy_module(psad,1.0.0)
-+
-+########################################
-+#
-+# Declarations
-+#
-+type psad_t;
-+type psad_exec_t;
-+init_daemon_domain(psad_t, psad_exec_t)
-+
-+type psad_initrc_exec_t;
-+init_script_file(psad_initrc_exec_t)
-+
-+# config files
-+type psad_etc_t;
-+files_config_file(psad_etc_t)
-+
-+# var/lib files
-+type psad_var_lib_t;
-+files_type(psad_var_lib_t)
-+
-+# log files
-+type psad_var_log_t;
-+logging_log_file(psad_var_log_t)
-+
-+# pid files
-+type psad_var_run_t;
-+files_pid_file(psad_var_run_t)
-+
-+# tmp files
-+type psad_tmp_t;
-+files_tmp_file(psad_tmp_t)
-+
-+########################################
-+#
-+# psad local policy
-+#
-+
-+allow psad_t self:capability { net_admin net_raw setuid setgid dac_override };
-+dontaudit psad_t self:capability { sys_tty_config };
-+allow psad_t self:process signull;
-+
-+allow psad_t self:fifo_file rw_fifo_file_perms;
-+allow psad_t self:rawip_socket create_socket_perms;
-+
-+# config files
-+read_files_pattern(psad_t,psad_etc_t,psad_etc_t)
-+list_dirs_pattern(psad_t,psad_etc_t,psad_etc_t)
-+
-+# pid file
-+manage_files_pattern(psad_t, psad_var_run_t,psad_var_run_t)
-+manage_sock_files_pattern(psad_t, psad_var_run_t,psad_var_run_t)
-+files_pid_filetrans(psad_t,psad_var_run_t, { file sock_file })
-+
-+# log files
-+manage_files_pattern(psad_t, psad_var_log_t, psad_var_log_t)
-+manage_dirs_pattern(psad_t, psad_var_log_t, psad_var_log_t)
-+logging_log_filetrans(psad_t,psad_var_log_t, { file dir })
-+
-+# tmp files
-+manage_dirs_pattern(psad_t,psad_tmp_t,psad_tmp_t)
-+manage_files_pattern(psad_t,psad_tmp_t,psad_tmp_t)
-+files_tmp_filetrans(psad_t, psad_tmp_t, { file dir })
-+
-+# /var/lib files
-+search_dirs_pattern(psad_t, psad_var_lib_t, psad_var_lib_t)
-+manage_fifo_files_pattern(psad_t, psad_var_lib_t, psad_var_lib_t)
-+
-+kernel_read_system_state(psad_t)
-+kernel_read_network_state(psad_t)
-+#kernel_read_kernel_sysctls(psad_t)
-+kernel_read_net_sysctls(psad_t)
-+
-+corecmd_exec_shell(psad_t)
-+corecmd_exec_bin(psad_t)
-+
-+auth_use_nsswitch(psad_t)
-+
-+corenet_tcp_connect_whois_port(psad_t)
-+
-+dev_read_urand(psad_t)
-+
-+files_read_etc_runtime_files(psad_t)
-+
-+fs_getattr_all_fs(psad_t)
-+
-+libs_use_ld_so(psad_t)
-+libs_use_shared_libs(psad_t)
-+
-+miscfiles_read_localization(psad_t)
-+
-+logging_read_generic_logs(psad_t)
-+logging_read_syslog_config(psad_t)
-+logging_send_syslog_msg(psad_t)
-+
-+#sysnet_domtrans_ifconfig(psad_t)
-+sysnet_exec_ifconfig(psad_t)
-+iptables_domtrans(psad_t)
-+
-+optional_policy(`
-+ mta_send_mail(psad_t)
-+ mta_read_queue(psad_t)
-+')
-+
-+permissive psad_t;
-+
-+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.6.12/policy/modules/services/pyzor.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.6.13/policy/modules/services/pyzor.fc
--- nsaserefpolicy/policy/modules/services/pyzor.fc 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pyzor.fc 2009-05-12 15:30:13.000000000 -0400
-@@ -1,6 +1,8 @@
++++ serefpolicy-3.6.13/policy/modules/services/pyzor.fc 2009-05-21 09:48:24.000000000 -0400
+@@ -1,6 +1,10 @@
/etc/pyzor(/.*)? gen_context(system_u:object_r:pyzor_etc_t, s0)
+/etc/rc\.d/init\.d/pyzord -- gen_context(system_u:object_r:pyzord_initrc_exec_t,s0)
HOME_DIR/\.pyzor(/.*)? gen_context(system_u:object_r:pyzor_home_t,s0)
+HOME_DIR/\.spamd(/.*)? gen_context(system_u:object_r:pyzor_home_t,s0)
++/root/\.pyzor(/.*)? gen_context(system_u:object_r:pyzor_home_t,s0)
++/root/\.spamd(/.*)? gen_context(system_u:object_r:pyzor_home_t,s0)
/usr/bin/pyzor -- gen_context(system_u:object_r:pyzor_exec_t,s0)
/usr/bin/pyzord -- gen_context(system_u:object_r:pyzord_exec_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.6.12/policy/modules/services/pyzor.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.6.13/policy/modules/services/pyzor.if
--- nsaserefpolicy/policy/modules/services/pyzor.if 2008-11-11 16:13:46.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pyzor.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/pyzor.if 2009-05-21 09:48:24.000000000 -0400
@@ -88,3 +88,50 @@
corecmd_search_bin($1)
can_exec($1, pyzor_exec_t)
@@ -20837,9 +18863,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.6.12/policy/modules/services/pyzor.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.6.13/policy/modules/services/pyzor.te
--- nsaserefpolicy/policy/modules/services/pyzor.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/pyzor.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/pyzor.te 2009-05-21 09:48:24.000000000 -0400
@@ -6,6 +6,38 @@
# Declarations
#
@@ -20896,17 +18922,17 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
userdom_dontaudit_search_user_home_dirs(pyzor_t)
optional_policy(`
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.6.12/policy/modules/services/razor.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.6.13/policy/modules/services/razor.fc
--- nsaserefpolicy/policy/modules/services/razor.fc 2008-11-11 16:13:45.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/razor.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/razor.fc 2009-05-21 09:48:24.000000000 -0400
@@ -1,3 +1,4 @@
+/root/\.razor(/.*)? gen_context(system_u:object_r:razor_home_t,s0)
HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:razor_home_t,s0)
/etc/razor(/.*)? gen_context(system_u:object_r:razor_etc_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.6.12/policy/modules/services/razor.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.6.13/policy/modules/services/razor.if
--- nsaserefpolicy/policy/modules/services/razor.if 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/razor.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/razor.if 2009-05-21 09:48:24.000000000 -0400
@@ -157,3 +157,45 @@
domtrans_pattern($1, razor_exec_t, razor_t)
@@ -20953,9 +18979,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ read_files_pattern($1, razor_var_lib_t, razor_var_lib_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.6.12/policy/modules/services/razor.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.6.13/policy/modules/services/razor.te
--- nsaserefpolicy/policy/modules/services/razor.te 2009-01-19 11:07:32.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/razor.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/razor.te 2009-05-21 09:48:24.000000000 -0400
@@ -6,6 +6,32 @@
# Declarations
#
@@ -21007,9 +19033,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-3.6.12/policy/modules/services/rhgb.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-3.6.13/policy/modules/services/rhgb.te
--- nsaserefpolicy/policy/modules/services/rhgb.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/rhgb.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/rhgb.te 2009-05-21 09:48:24.000000000 -0400
@@ -118,7 +118,7 @@
xserver_domtrans(rhgb_t)
xserver_signal(rhgb_t)
@@ -21019,9 +19045,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
consoletype_exec(rhgb_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.6.12/policy/modules/services/ricci.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.te serefpolicy-3.6.13/policy/modules/services/ricci.te
--- nsaserefpolicy/policy/modules/services/ricci.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/ricci.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/ricci.te 2009-05-21 09:48:24.000000000 -0400
@@ -133,6 +133,8 @@
dev_read_urand(ricci_t)
@@ -21126,18 +19152,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
optional_policy(`
ccs_stream_connect(ricci_modstorage_t)
ccs_read_config(ricci_modstorage_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.fc serefpolicy-3.6.12/policy/modules/services/rlogin.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.fc serefpolicy-3.6.13/policy/modules/services/rlogin.fc
--- nsaserefpolicy/policy/modules/services/rlogin.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/rlogin.fc 2009-05-18 12:57:27.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/rlogin.fc 2009-05-21 09:48:24.000000000 -0400
@@ -4,3 +4,5 @@
/usr/lib(64)?/telnetlogin -- gen_context(system_u:object_r:rlogind_exec_t,s0)
/usr/sbin/in\.rlogind -- gen_context(system_u:object_r:rlogind_exec_t,s0)
+
+HOME_DIR/\.rlogin -- gen_context(system_u:object_r:rlogind_home_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.if serefpolicy-3.6.12/policy/modules/services/rlogin.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.if serefpolicy-3.6.13/policy/modules/services/rlogin.if
--- nsaserefpolicy/policy/modules/services/rlogin.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/rlogin.if 2009-05-18 14:47:15.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/rlogin.if 2009-05-21 09:48:24.000000000 -0400
@@ -18,3 +18,30 @@
corecmd_search_bin($1)
domtrans_pattern($1, rlogind_exec_t, rlogind_t)
@@ -21169,9 +19195,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ read_files_pattern($1, rlogind_home_t, rlogind_home_t)
+ read_lnk_files_pattern($1, rlogind_home_t, rlogind_home_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.6.12/policy/modules/services/rlogin.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.6.13/policy/modules/services/rlogin.te
--- nsaserefpolicy/policy/modules/services/rlogin.te 2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/rlogin.te 2009-05-18 20:38:31.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/rlogin.te 2009-05-21 09:48:24.000000000 -0400
@@ -20,6 +20,9 @@
type rlogind_var_run_t;
files_pid_file(rlogind_var_run_t)
@@ -21191,9 +19217,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
miscfiles_read_localization(rlogind_t)
seutil_read_config(rlogind_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.6.12/policy/modules/services/rpcbind.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.6.13/policy/modules/services/rpcbind.te
--- nsaserefpolicy/policy/modules/services/rpcbind.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/rpcbind.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/rpcbind.te 2009-05-21 09:48:24.000000000 -0400
@@ -40,6 +40,8 @@
manage_sock_files_pattern(rpcbind_t, rpcbind_var_lib_t, rpcbind_var_lib_t)
files_var_lib_filetrans(rpcbind_t, rpcbind_var_lib_t, { file dir sock_file })
@@ -21203,9 +19229,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
kernel_read_system_state(rpcbind_t)
kernel_read_network_state(rpcbind_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.12/policy/modules/services/rpc.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.6.13/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2009-03-20 12:39:39.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/rpc.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/rpc.te 2009-05-21 09:48:24.000000000 -0400
@@ -23,7 +23,7 @@
gen_tunable(allow_nfsd_anon_write, false)
@@ -21304,9 +19330,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tunable_policy(`allow_gssd_read_tmp',`
userdom_list_user_tmp(gssd_t)
userdom_read_user_tmp_files(gssd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.6.12/policy/modules/services/rshd.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.6.13/policy/modules/services/rshd.te
--- nsaserefpolicy/policy/modules/services/rshd.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/rshd.te 2009-05-18 20:38:49.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/rshd.te 2009-05-21 09:48:24.000000000 -0400
@@ -51,7 +51,7 @@
files_list_home(rshd_t)
@@ -21327,9 +19353,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
tcpd_wrapped_domain(rshd_t, rshd_exec_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.12/policy/modules/services/rsync.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.6.13/policy/modules/services/rsync.te
--- nsaserefpolicy/policy/modules/services/rsync.te 2009-03-23 13:47:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/rsync.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/rsync.te 2009-05-21 09:48:24.000000000 -0400
@@ -8,6 +8,13 @@
##
@@ -21357,9 +19383,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+')
+
auth_can_read_shadow_passwords(rsync_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.6.12/policy/modules/services/samba.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.6.13/policy/modules/services/samba.fc
--- nsaserefpolicy/policy/modules/services/samba.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/samba.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/samba.fc 2009-05-21 09:48:24.000000000 -0400
@@ -2,6 +2,9 @@
#
# /etc
@@ -21386,9 +19412,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ifndef(`enable_mls',`
+/var/lib/samba/scripts(/.*)? gen_context(system_u:object_r:samba_unconfined_script_exec_t,s0)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.6.12/policy/modules/services/samba.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.6.13/policy/modules/services/samba.if
--- nsaserefpolicy/policy/modules/services/samba.if 2009-01-05 15:39:43.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/samba.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/samba.if 2009-05-21 09:48:24.000000000 -0400
@@ -4,6 +4,45 @@
## from Windows NT servers.
##
@@ -21786,9 +19812,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ admin_pattern($1, samba_unconfined_script_exec_t)
+')
+
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.6.12/policy/modules/services/samba.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.6.13/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2009-01-19 11:07:34.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/samba.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/samba.te 2009-05-21 09:48:24.000000000 -0400
@@ -66,6 +66,13 @@
##
gen_tunable(samba_share_nfs, false)
@@ -22255,9 +20281,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+allow winbind_t smbcontrol_t:process signal;
+
+allow smbcontrol_t nmbd_var_run_t:file { read lock };
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.6.12/policy/modules/services/sasl.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.6.13/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/sasl.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/sasl.te 2009-05-21 09:48:24.000000000 -0400
@@ -99,6 +99,7 @@
optional_policy(`
@@ -22277,9 +20303,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
seutil_sigchld_newrole(saslauthd_t)
')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.6.12/policy/modules/services/sendmail.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.6.13/policy/modules/services/sendmail.if
--- nsaserefpolicy/policy/modules/services/sendmail.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/sendmail.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/sendmail.if 2009-05-21 09:48:24.000000000 -0400
@@ -59,20 +59,20 @@
########################################
@@ -22407,9 +20433,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+ allow $1 sendmail_t:fifo_file rw_fifo_file_perms;
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.6.12/policy/modules/services/sendmail.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.6.13/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/sendmail.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/sendmail.te 2009-05-21 09:48:24.000000000 -0400
@@ -20,13 +20,17 @@
mta_mailserver_delivery(sendmail_t)
mta_mailserver_sender(sendmail_t)
@@ -22581,18 +20607,18 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
-dontaudit sendmail_t admin_tty_type:chr_file { getattr ioctl };
-') dnl end TODO
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.6.12/policy/modules/services/setroubleshoot.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.6.13/policy/modules/services/setroubleshoot.fc
--- nsaserefpolicy/policy/modules/services/setroubleshoot.fc 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/setroubleshoot.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/setroubleshoot.fc 2009-05-21 09:48:24.000000000 -0400
@@ -1,3 +1,5 @@
+/etc/rc\.d/init\.d/setroubleshoot -- gen_context(system_u:object_r:setroubleshoot_initrc_exec_t,s0)
+
/usr/sbin/setroubleshootd -- gen_context(system_u:object_r:setroubleshootd_exec_t,s0)
/var/run/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_run_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.6.12/policy/modules/services/setroubleshoot.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.6.13/policy/modules/services/setroubleshoot.if
--- nsaserefpolicy/policy/modules/services/setroubleshoot.if 2008-08-07 11:15:11.000000000 -0400
-+++ serefpolicy-3.6.12/policy/modules/services/setroubleshoot.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/setroubleshoot.if 2009-05-21 09:48:24.000000000 -0400
@@ -16,8 +16,8 @@
')
@@ -22675,9 +20701,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+ files_list_pids($1)
+ admin_pattern($1, setroubleshoot_var_run_t)
+')
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.12/policy/modules/services/setroubleshoot.te
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.6.13/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2009-01-19 11:06:49.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/setroubleshoot.te 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/setroubleshoot.te 2009-05-21 09:48:24.000000000 -0400
@@ -11,6 +11,9 @@
domain_type(setroubleshootd_t)
init_daemon_domain(setroubleshootd_t, setroubleshootd_exec_t)
@@ -22765,9 +20791,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
rpm_read_db(setroubleshootd_t)
rpm_dontaudit_manage_db(setroubleshootd_t)
rpm_use_script_fds(setroubleshootd_t)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.fc serefpolicy-3.6.12/policy/modules/services/shorewall.fc
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.fc serefpolicy-3.6.13/policy/modules/services/shorewall.fc
--- nsaserefpolicy/policy/modules/services/shorewall.fc 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/shorewall.fc 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/shorewall.fc 2009-05-21 09:48:24.000000000 -0400
@@ -0,0 +1,12 @@
+
+/etc/rc\.d/init\.d/shorewall -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0)
@@ -22781,9 +20807,9 @@ diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/pol
+
+/var/lib/shorewall(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0)
+/var/lib/shorewall-lite(/.*)? gen_context(system_u:object_r:shorewall_var_lib_t,s0)
-diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.if serefpolicy-3.6.12/policy/modules/services/shorewall.if
+diff -b -B --ignore-all-space --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/shorewall.if serefpolicy-3.6.13/policy/modules/services/shorewall.if
--- nsaserefpolicy/policy/modules/services/shorewall.if 1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.6.12/policy/modules/services/shorewall.if 2009-05-12 15:30:13.000000000 -0400
++++ serefpolicy-3.6.13/policy/modules/services/shorewall.if 2009-05-21 09:48:24.000000000 -0400
@@ -0,0 +1,166 @@
+##