- Update to upstream

.cvsignore

@@ -132,3 +132,4 @@ serefpolicy-3.1.2.tgz
 serefpolicy-3.2.1.tgz
 serefpolicy-3.2.2.tgz
 serefpolicy-3.2.3.tgz
+serefpolicy-3.2.4.tgz

policy-20071130.patch

@@ -5055,7 +5055,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 +/var/lib/misc(/.*)?			gen_context(system_u:object_r:system_crond_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.2.4/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2007-10-12 08:56:07.000000000 -0400
-+++ serefpolicy-3.2.4/policy/modules/services/cron.if	2007-12-13 13:34:36.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/services/cron.if	2007-12-13 14:22:04.000000000 -0500
 @@ -35,38 +35,23 @@
  #
  template(`cron_per_role_template',`
@@ -5923,9 +5923,37 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
 +
 +')
 +
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.if serefpolicy-3.2.4/policy/modules/services/dcc.if
+--- nsaserefpolicy/policy/modules/services/dcc.if	2007-03-26 10:39:05.000000000 -0400
++++ serefpolicy-3.2.4/policy/modules/services/dcc.if	2007-12-13 15:58:07.000000000 -0500
+@@ -72,6 +72,24 @@
+ 
+ ########################################
+ ## <summary>
++##	Send a signal to the dcc_client.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`dcc_signal_client',`
++	gen_require(`
++		type dcc_client_t;
++	')
++
++	allow $1 dcc_client_t:process signal;
++')
++
++########################################
++## <summary>
+ ##	Execute dcc_client in the dcc_client domain, and
+ ##	allow the specified role the dcc_client domain.
+ ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.2.4/policy/modules/services/dcc.te
 --- nsaserefpolicy/policy/modules/services/dcc.te	2007-10-12 08:56:07.000000000 -0400
-+++ serefpolicy-3.2.4/policy/modules/services/dcc.te	2007-12-13 13:34:36.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/services/dcc.te	2007-12-13 15:52:57.000000000 -0500
 @@ -124,7 +124,7 @@
  # dcc procmail interface local policy
  #
@@ -5935,6 +5963,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.
  allow dcc_client_t self:unix_dgram_socket create_socket_perms;
  allow dcc_client_t self:udp_socket create_socket_perms;
  
+@@ -148,6 +148,8 @@
+ files_read_etc_files(dcc_client_t)
+ files_read_etc_runtime_files(dcc_client_t)
+ 
++kernel_read_system_state(dcc_client_t)
++
+ libs_use_ld_so(dcc_client_t)
+ libs_use_shared_libs(dcc_client_t)
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.fc serefpolicy-3.2.4/policy/modules/services/dictd.fc
 --- nsaserefpolicy/policy/modules/services/dictd.fc	2006-11-16 17:15:20.000000000 -0500
 +++ serefpolicy-3.2.4/policy/modules/services/dictd.fc	2007-12-13 13:34:36.000000000 -0500
@@ -6054,7 +6091,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.2.4/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2007-12-04 11:02:50.000000000 -0500
-+++ serefpolicy-3.2.4/policy/modules/services/dovecot.te	2007-12-13 13:34:36.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/services/dovecot.te	2007-12-13 15:31:36.000000000 -0500
 @@ -15,6 +15,12 @@
  domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
  role system_r types dovecot_auth_t;
@@ -9815,7 +9852,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.2.4/policy/modules/services/spamassassin.te
 --- nsaserefpolicy/policy/modules/services/spamassassin.te	2007-10-12 08:56:07.000000000 -0400
-+++ serefpolicy-3.2.4/policy/modules/services/spamassassin.te	2007-12-13 13:34:37.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/services/spamassassin.te	2007-12-13 15:58:16.000000000 -0500
 @@ -44,6 +44,15 @@
  type spamassassin_exec_t;
  application_executable_file(spamassassin_exec_t)
@@ -9858,6 +9895,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
  	fs_manage_cifs_files(spamd_t)
  ')
  
+@@ -171,6 +183,7 @@
+ 
+ optional_policy(`
+ 	dcc_domtrans_client(spamd_t)
++	dcc_signal_client(spamd_t)
+ 	dcc_stream_connect_dccifd(spamd_t)
+ ')
+ 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.2.4/policy/modules/services/squid.fc
 --- nsaserefpolicy/policy/modules/services/squid.fc	2006-11-16 17:15:21.000000000 -0500
 +++ serefpolicy-3.2.4/policy/modules/services/squid.fc	2007-12-13 13:34:37.000000000 -0500
@@ -11789,7 +11834,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.2.4/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2007-12-04 11:02:50.000000000 -0500
-+++ serefpolicy-3.2.4/policy/modules/system/init.te	2007-12-13 13:34:37.000000000 -0500
++++ serefpolicy-3.2.4/policy/modules/system/init.te	2007-12-13 14:23:31.000000000 -0500
 @@ -10,6 +10,20 @@
  # Declarations
  #
@@ -11943,7 +11988,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
  ')
  
  optional_policy(`
-@@ -743,6 +779,10 @@
+@@ -729,6 +765,11 @@
+ 	uml_setattr_util_sockets(initrc_t)
+ ')
+ 
++# Cron jobs used to start and stop services
++optional_policy(`
++	cron_read_pipes(daemon)
++')
++
+ optional_policy(`
+ 	unconfined_domain(initrc_t)
+ 
+@@ -743,6 +784,10 @@
  ')
  
  optional_policy(`

sources

@@ -1 +1 @@
-37b636c3ce51c9c50ebe45aa01b6bb9b  serefpolicy-3.2.3.tgz
+cef1db667a75f7bcc53d3541c01a4a2d  serefpolicy-3.2.4.tgz