diff --git a/refpolicy/policy/modules/admin/amanda.te b/refpolicy/policy/modules/admin/amanda.te
index 7c8285f9..cf3b5528 100644
--- a/refpolicy/policy/modules/admin/amanda.te
+++ b/refpolicy/policy/modules/admin/amanda.te
@@ -1,5 +1,5 @@
-policy_module(amanda,1.3.3)
+policy_module(amanda,1.3.4)
#######################################
#
@@ -248,10 +248,6 @@ sysnet_read_config(amanda_recover_t)
userdom_search_sysadm_home_content_dirs(amanda_recover_t)
-optional_policy(`
- mount_send_nfs_client_request(amanda_recover_t)
-')
-
optional_policy(`
nis_use_ypbind(amanda_recover_t)
')
diff --git a/refpolicy/policy/modules/admin/dpkg.te b/refpolicy/policy/modules/admin/dpkg.te
index e2bb49c5..12a842bc 100644
--- a/refpolicy/policy/modules/admin/dpkg.te
+++ b/refpolicy/policy/modules/admin/dpkg.te
@@ -1,5 +1,5 @@
-policy_module(dpkg,1.0.2)
+policy_module(dpkg,1.0.3)
########################################
#
@@ -181,10 +181,6 @@ ifdef(`targeted_policy',`
# cron_system_entry(dpkg_t,dpkg_exec_t)
#')
-optional_policy(`
- mount_send_nfs_client_request(dpkg_t)
-')
-
optional_policy(`
nis_use_ypbind(dpkg_t)
')
diff --git a/refpolicy/policy/modules/admin/rpm.te b/refpolicy/policy/modules/admin/rpm.te
index b7d32b64..a12a0d4f 100644
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@@ -1,5 +1,5 @@
-policy_module(rpm,1.3.8)
+policy_module(rpm,1.3.9)
########################################
#
@@ -190,10 +190,6 @@ optional_policy(`
cron_system_entry(rpm_t,rpm_exec_t)
')
-optional_policy(`
- mount_send_nfs_client_request(rpm_t)
-')
-
optional_policy(`
nis_use_ypbind(rpm_t)
')
diff --git a/refpolicy/policy/modules/admin/vpn.te b/refpolicy/policy/modules/admin/vpn.te
index 8fe4572f..0c6b8776 100644
--- a/refpolicy/policy/modules/admin/vpn.te
+++ b/refpolicy/policy/modules/admin/vpn.te
@@ -1,5 +1,5 @@
-policy_module(vpn,1.2.2)
+policy_module(vpn,1.2.3)
########################################
#
@@ -112,10 +112,6 @@ optional_policy(`
')
')
-optional_policy(`
- mount_send_nfs_client_request(vpnc_t)
-')
-
optional_policy(`
nis_use_ypbind(vpnc_t)
')
diff --git a/refpolicy/policy/modules/apps/uml.if b/refpolicy/policy/modules/apps/uml.if
index 121b95fe..abc568f5 100644
--- a/refpolicy/policy/modules/apps/uml.if
+++ b/refpolicy/policy/modules/apps/uml.if
@@ -184,10 +184,6 @@ template(`uml_per_userdomain_template',`
userdom_use_user_terminals($1,$1_uml_t)
- optional_policy(`
- mount_send_nfs_client_request($1_uml_t)
- ')
-
optional_policy(`
nis_use_ypbind($1_uml_t)
')
diff --git a/refpolicy/policy/modules/apps/uml.te b/refpolicy/policy/modules/apps/uml.te
index 938d4d2c..4b63b593 100644
--- a/refpolicy/policy/modules/apps/uml.te
+++ b/refpolicy/policy/modules/apps/uml.te
@@ -1,5 +1,5 @@
-policy_module(uml,1.0.1)
+policy_module(uml,1.0.2)
########################################
#
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index 8b9d63df..43a5333f 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -1,5 +1,5 @@
-policy_module(kernel,1.3.12)
+policy_module(kernel,1.3.13)
########################################
#
@@ -273,7 +273,7 @@ optional_policy(`
')
optional_policy(`
- portmap_udp_send(kernel_t)
+ portmap_udp_chat(kernel_t)
')
optional_policy(`
diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index a31e9567..e284ddfb 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -1,5 +1,5 @@
-policy_module(bind,1.1.5)
+policy_module(bind,1.1.6)
########################################
#
@@ -182,10 +182,6 @@ optional_policy(`
')
')
-optional_policy(`
- mount_send_nfs_client_request(named_t)
-')
-
optional_policy(`
# this seems like fds that arent being
# closed. these should probably be
diff --git a/refpolicy/policy/modules/services/cyrus.te b/refpolicy/policy/modules/services/cyrus.te
index 65d55511..21dc5dae 100644
--- a/refpolicy/policy/modules/services/cyrus.te
+++ b/refpolicy/policy/modules/services/cyrus.te
@@ -1,5 +1,5 @@
-policy_module(cyrus,1.1.2)
+policy_module(cyrus,1.1.3)
########################################
#
@@ -122,10 +122,6 @@ optional_policy(`
cron_system_entry(cyrus_t,cyrus_exec_t)
')
-optional_policy(`
- mount_send_nfs_client_request(cyrus_t)
-')
-
optional_policy(`
nis_use_ypbind(cyrus_t)
')
diff --git a/refpolicy/policy/modules/services/dbus.if b/refpolicy/policy/modules/services/dbus.if
index bc1fed4c..dd77cfc1 100644
--- a/refpolicy/policy/modules/services/dbus.if
+++ b/refpolicy/policy/modules/services/dbus.if
@@ -166,10 +166,9 @@ template(`dbus_per_userdomain_template',`
nscd_socket_use($1_dbusd_t)
')
- ifdef(`TODO',`
- ifdef(`xdm.te', `
- can_pipe_xdm($1_dbusd_t)
- ')
+ optional_policy(`
+ xserver_use_xdm_fds($1_dbusd_t)
+ xserver_rw_xdm_pipes($1_dbusd_t)
')
')
diff --git a/refpolicy/policy/modules/services/dbus.te b/refpolicy/policy/modules/services/dbus.te
index b8824eb0..6fd0076c 100644
--- a/refpolicy/policy/modules/services/dbus.te
+++ b/refpolicy/policy/modules/services/dbus.te
@@ -1,5 +1,5 @@
-policy_module(dbus,1.2.5)
+policy_module(dbus,1.2.6)
gen_require(`
class dbus { send_msg acquire_svc };
diff --git a/refpolicy/policy/modules/services/dhcp.te b/refpolicy/policy/modules/services/dhcp.te
index d4a84a04..eff134a5 100644
--- a/refpolicy/policy/modules/services/dhcp.te
+++ b/refpolicy/policy/modules/services/dhcp.te
@@ -1,5 +1,5 @@
-policy_module(dhcp,1.1.1)
+policy_module(dhcp,1.1.2)
########################################
#
@@ -123,10 +123,6 @@ optional_policy(`
bind_read_dnssec_keys(dhcpd_t)
')
-optional_policy(`
- mount_send_nfs_client_request(dhcpd_t)
-')
-
optional_policy(`
nis_use_ypbind(dhcpd_t)
')
diff --git a/refpolicy/policy/modules/services/i18n_input.te b/refpolicy/policy/modules/services/i18n_input.te
index 5152da58..9cabd74d 100644
--- a/refpolicy/policy/modules/services/i18n_input.te
+++ b/refpolicy/policy/modules/services/i18n_input.te
@@ -1,5 +1,5 @@
-policy_module(i18n_input,1.1.2)
+policy_module(i18n_input,1.1.3)
########################################
#
@@ -105,10 +105,6 @@ optional_policy(`
canna_stream_connect(i18n_input_t)
')
-optional_policy(`
- mount_send_nfs_client_request(i18n_input_t)
-')
-
optional_policy(`
nis_use_ypbind(i18n_input_t)
')
diff --git a/refpolicy/policy/modules/services/inetd.te b/refpolicy/policy/modules/services/inetd.te
index 21b27a83..d4c00505 100644
--- a/refpolicy/policy/modules/services/inetd.te
+++ b/refpolicy/policy/modules/services/inetd.te
@@ -1,5 +1,5 @@
-policy_module(inetd,1.1.3)
+policy_module(inetd,1.1.4)
########################################
#
@@ -145,10 +145,6 @@ optional_policy(`
amanda_search_lib(inetd_t)
')
-optional_policy(`
- mount_send_nfs_client_request(inetd_t)
-')
-
# Communicate with the portmapper.
optional_policy(`
portmap_udp_send(inetd_t)
diff --git a/refpolicy/policy/modules/services/inn.te b/refpolicy/policy/modules/services/inn.te
index 84869b0a..d5312191 100644
--- a/refpolicy/policy/modules/services/inn.te
+++ b/refpolicy/policy/modules/services/inn.te
@@ -1,5 +1,5 @@
-policy_module(inn,1.1.2)
+policy_module(inn,1.1.3)
########################################
#
@@ -129,10 +129,6 @@ optional_policy(`
hostname_exec(innd_t)
')
-optional_policy(`
- mount_send_nfs_client_request(innd_t)
-')
-
optional_policy(`
nis_use_ypbind(innd_t)
')
diff --git a/refpolicy/policy/modules/services/mailman.if b/refpolicy/policy/modules/services/mailman.if
index 8e3360f1..68a2588e 100644
--- a/refpolicy/policy/modules/services/mailman.if
+++ b/refpolicy/policy/modules/services/mailman.if
@@ -86,10 +86,6 @@ template(`mailman_domain_template', `
sysnet_read_config(mailman_$1_t)
- optional_policy(`
- mount_send_nfs_client_request(mailman_$1_t)
- ')
-
optional_policy(`
nis_use_ypbind(mailman_$1_t)
')
diff --git a/refpolicy/policy/modules/services/mailman.te b/refpolicy/policy/modules/services/mailman.te
index ad12df54..f5ccc551 100644
--- a/refpolicy/policy/modules/services/mailman.te
+++ b/refpolicy/policy/modules/services/mailman.te
@@ -1,5 +1,5 @@
-policy_module(mailman,1.1.4)
+policy_module(mailman,1.1.5)
########################################
#
diff --git a/refpolicy/policy/modules/services/mysql.te b/refpolicy/policy/modules/services/mysql.te
index 09f43fa0..052381d1 100644
--- a/refpolicy/policy/modules/services/mysql.te
+++ b/refpolicy/policy/modules/services/mysql.te
@@ -1,5 +1,5 @@
-policy_module(mysql,1.2.4)
+policy_module(mysql,1.2.5)
########################################
#
@@ -123,10 +123,6 @@ optional_policy(`
daemontools_service_domain(mysqld_t, mysqld_exec_t)
')
-optional_policy(`
- mount_send_nfs_client_request(mysqld_t)
-')
-
optional_policy(`
nis_use_ypbind(mysqld_t)
')
diff --git a/refpolicy/policy/modules/services/networkmanager.te b/refpolicy/policy/modules/services/networkmanager.te
index c6eda322..418ba83d 100644
--- a/refpolicy/policy/modules/services/networkmanager.te
+++ b/refpolicy/policy/modules/services/networkmanager.te
@@ -1,5 +1,5 @@
-policy_module(networkmanager,1.3.5)
+policy_module(networkmanager,1.3.6)
########################################
#
@@ -148,10 +148,6 @@ optional_policy(`
howl_signal(NetworkManager_t)
')
-optional_policy(`
- mount_send_nfs_client_request(NetworkManager_t)
-')
-
optional_policy(`
nis_use_ypbind(NetworkManager_t)
')
diff --git a/refpolicy/policy/modules/services/nis.te b/refpolicy/policy/modules/services/nis.te
index 31dfc8f8..a5fd29be 100644
--- a/refpolicy/policy/modules/services/nis.te
+++ b/refpolicy/policy/modules/services/nis.te
@@ -1,5 +1,5 @@
-policy_module(nis,1.1.4)
+policy_module(nis,1.1.5)
########################################
#
@@ -128,10 +128,6 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_files(ypbind_t)
')
-optional_policy(`
- mount_send_nfs_client_request(ypbind_t)
-')
-
optional_policy(`
seutil_sigchld_newrole(ypbind_t)
')
diff --git a/refpolicy/policy/modules/services/ntp.te b/refpolicy/policy/modules/services/ntp.te
index a679b2fe..859cf22f 100644
--- a/refpolicy/policy/modules/services/ntp.te
+++ b/refpolicy/policy/modules/services/ntp.te
@@ -1,5 +1,5 @@
-policy_module(ntp,1.1.3)
+policy_module(ntp,1.1.4)
########################################
#
@@ -138,10 +138,6 @@ optional_policy(`
logrotate_exec(ntpd_t)
')
-optional_policy(`
- mount_send_nfs_client_request(ntpd_t)
-')
-
optional_policy(`
nis_use_ypbind(ntpd_t)
')
diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te
index edd777bc..06e0af5f 100644
--- a/refpolicy/policy/modules/services/portmap.te
+++ b/refpolicy/policy/modules/services/portmap.te
@@ -1,5 +1,5 @@
-policy_module(portmap,1.2.3)
+policy_module(portmap,1.2.4)
########################################
#
@@ -107,10 +107,6 @@ optional_policy(`
inetd_udp_send(portmap_t)
')
-optional_policy(`
- mount_send_nfs_client_request(portmap_t)
-')
-
optional_policy(`
nis_use_ypbind(portmap_t)
nis_udp_send_ypbind(portmap_t)
@@ -132,25 +128,6 @@ optional_policy(`
udev_read_db(portmap_t)
')
-ifdef(`TODO',`
-ifdef(`rpcd.te',`can_udp_send(portmap_t, rpcd_t)')
-allow portmap_t rpcd_t:udp_socket sendto;
-allow rpcd_t portmap_t:udp_socket recvfrom;
-
-ifdef(`lpd.te',`can_udp_send(portmap_t, lpd_t)')
-allow portmap_t lpd_t:udp_socket sendto;
-allow lpd_t portmap_t:udp_socket recvfrom;
-
-can_udp_send(portmap_t, kernel_t)
-allow portmap_t kernel_t:udp_socket sendto;
-allow kernel_t portmap_t:udp_socket recvfrom;
-
-can_udp_send(kernel_t, portmap_t)
-allow kernel_t portmap_t:udp_socket sendto;
-allow portmap_t kernel_t:udp_socket recvfrom;
-
-') dnl end TODO
-
########################################
#
# Portmap helper local policy
@@ -202,10 +179,6 @@ ifdef(`targeted_policy', `
term_dontaudit_use_generic_ptys(portmap_helper_t)
')
-optional_policy(`
- mount_send_nfs_client_request(portmap_helper_t)
-')
-
optional_policy(`
nis_use_ypbind(portmap_helper_t)
')
diff --git a/refpolicy/policy/modules/services/postfix.te b/refpolicy/policy/modules/services/postfix.te
index d2f75154..8a1dd9f4 100644
--- a/refpolicy/policy/modules/services/postfix.te
+++ b/refpolicy/policy/modules/services/postfix.te
@@ -1,5 +1,5 @@
-policy_module(postfix,1.2.8)
+policy_module(postfix,1.2.9)
########################################
#
@@ -180,10 +180,6 @@ optional_policy(`
mailman_manage_data_files(postfix_master_t)
')
-optional_policy(`
- mount_send_nfs_client_request(postfix_master_t)
-')
-
optional_policy(`
nis_use_ypbind(postfix_master_t)
')
diff --git a/refpolicy/policy/modules/services/postgresql.te b/refpolicy/policy/modules/services/postgresql.te
index 116ac084..452f96c5 100644
--- a/refpolicy/policy/modules/services/postgresql.te
+++ b/refpolicy/policy/modules/services/postgresql.te
@@ -1,5 +1,5 @@
-policy_module(postgresql,1.1.1)
+policy_module(postgresql,1.1.2)
#################################
#
@@ -169,10 +169,6 @@ optional_policy(`
kerberos_use(postgresql_t)
')
-optional_policy(`
- mount_send_nfs_client_request(postgresql_t)
-')
-
optional_policy(`
nis_use_ypbind(postgresql_t)
')
diff --git a/refpolicy/policy/modules/services/privoxy.te b/refpolicy/policy/modules/services/privoxy.te
index 2049d5bb..866b3e38 100644
--- a/refpolicy/policy/modules/services/privoxy.te
+++ b/refpolicy/policy/modules/services/privoxy.te
@@ -1,5 +1,5 @@
-policy_module(privoxy,1.1.3)
+policy_module(privoxy,1.1.4)
########################################
#
@@ -92,10 +92,6 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_files(privoxy_t)
')
-optional_policy(`
- mount_send_nfs_client_request(privoxy_t)
-')
-
optional_policy(`
nis_use_ypbind(privoxy_t)
')
diff --git a/refpolicy/policy/modules/services/roundup.te b/refpolicy/policy/modules/services/roundup.te
index 1a9d03c2..a4dd1abe 100644
--- a/refpolicy/policy/modules/services/roundup.te
+++ b/refpolicy/policy/modules/services/roundup.te
@@ -1,5 +1,5 @@
-policy_module(roundup,1.0.1)
+policy_module(roundup,1.0.2)
########################################
#
@@ -95,10 +95,6 @@ ifdef(`targeted_policy',`
term_dontaudit_use_generic_ptys(roundup_t)
')
-optional_policy(`
- mount_send_nfs_client_request(roundup_t)
-')
-
optional_policy(`
mysql_stream_connect(roundup_t)
mysql_search_db(roundup_t)
diff --git a/refpolicy/policy/modules/services/rpc.if b/refpolicy/policy/modules/services/rpc.if
index 429e099d..831a1cbb 100644
--- a/refpolicy/policy/modules/services/rpc.if
+++ b/refpolicy/policy/modules/services/rpc.if
@@ -103,10 +103,6 @@ template(`rpc_domain_template', `
files_dontaudit_read_root_files($1_t)
')
- optional_policy(`
- mount_send_nfs_client_request($1_t)
- ')
-
optional_policy(`
nis_use_ypbind($1_t)
')
diff --git a/refpolicy/policy/modules/services/rpc.te b/refpolicy/policy/modules/services/rpc.te
index 98e1064d..8536f77e 100644
--- a/refpolicy/policy/modules/services/rpc.te
+++ b/refpolicy/policy/modules/services/rpc.te
@@ -1,5 +1,5 @@
-policy_module(rpc,1.2.8)
+policy_module(rpc,1.2.9)
########################################
#
diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te
index f3b82ab3..5577c67f 100644
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@@ -1,5 +1,5 @@
-policy_module(samba,1.2.7)
+policy_module(samba,1.2.8)
#################################
#
@@ -283,8 +283,6 @@ logging_send_syslog_msg(smbd_t)
miscfiles_read_localization(smbd_t)
miscfiles_read_public_files(smbd_t)
-mount_send_nfs_client_request(smbd_t)
-
sysnet_read_config(smbd_t)
userdom_dontaudit_search_sysadm_home_dirs(smbd_t)
@@ -507,7 +505,6 @@ files_read_etc_files(smbmount_t)
miscfiles_read_localization(smbmount_t)
mount_use_fds(smbmount_t)
-mount_send_nfs_client_request(smbmount_t)
libs_use_ld_so(smbmount_t)
libs_use_shared_libs(smbmount_t)
@@ -725,10 +722,6 @@ optional_policy(`
kerberos_use(winbind_t)
')
-optional_policy(`
- mount_send_nfs_client_request(winbind_t)
-')
-
optional_policy(`
nscd_socket_use(winbind_t)
')
diff --git a/refpolicy/policy/modules/services/squid.te b/refpolicy/policy/modules/services/squid.te
index ee011ae7..a8a9d511 100644
--- a/refpolicy/policy/modules/services/squid.te
+++ b/refpolicy/policy/modules/services/squid.te
@@ -1,5 +1,5 @@
-policy_module(squid,1.1.1)
+policy_module(squid,1.1.2)
########################################
#
@@ -154,10 +154,6 @@ optional_policy(`
cron_write_system_job_pipes(squid_t)
')
-optional_policy(`
- mount_send_nfs_client_request(squid_t)
-')
-
optional_policy(`
nis_use_ypbind(squid_t)
')
diff --git a/refpolicy/policy/modules/system/lvm.te b/refpolicy/policy/modules/system/lvm.te
index b4d3753b..5aca3d07 100644
--- a/refpolicy/policy/modules/system/lvm.te
+++ b/refpolicy/policy/modules/system/lvm.te
@@ -1,5 +1,5 @@
-policy_module(lvm,1.3.3)
+policy_module(lvm,1.3.4)
########################################
#
@@ -110,10 +110,6 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_files(clvmd_t)
')
-optional_policy(`
- mount_send_nfs_client_request(clvmd_t)
-')
-
optional_policy(`
nis_use_ypbind(clvmd_t)
')
diff --git a/refpolicy/policy/modules/system/mount.if b/refpolicy/policy/modules/system/mount.if
index 99cc3807..2bfa5f26 100644
--- a/refpolicy/policy/modules/system/mount.if
+++ b/refpolicy/policy/modules/system/mount.if
@@ -99,18 +99,25 @@ interface(`mount_use_fds',`
## Allow the mount domain to send nfs requests for mounting
## network drives
##
+##
+##
+## Allow the mount domain to send nfs requests for mounting
+## network drives
+##
+##
+## This interface has been deprecated as these rules were
+## a side effect of leaked mount file descriptors. This
+## interface has no effect.
+##
+##
##
##
-## The type of the process performing this action.
+## Domain allowed access.
##
##
#
interface(`mount_send_nfs_client_request',`
- gen_require(`
- type mount_t;
- ')
-
- allow $1 mount_t:udp_socket rw_socket_perms;
+ errprint(__file__:__line__:` $0($*) has been deprecated.'__endline__)
')
########################################
diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te
index d2573747..cb763fef 100644
--- a/refpolicy/policy/modules/system/mount.te
+++ b/refpolicy/policy/modules/system/mount.te
@@ -1,5 +1,5 @@
-policy_module(mount,1.3.7)
+policy_module(mount,1.3.8)
########################################
#