- Fix git

2010-01-15 22:27:38 +00:00 · 2010-01-15 22:27:38 +00:00 · fd56540d50
commit fd56540d50
parent 3b54668c40
1 changed files with 144 additions and 144 deletions
--- a/policy-F13.patch
+++ b/policy-F13.patch
@ -5867,7 +5867,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/coreco
 ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.7.7/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2010-01-11 09:40:36.000000000 -0500
-+++ serefpolicy-3.7.7/policy/modules/kernel/corenetwork.te.in	2010-01-11 14:18:47.000000000 -0500
+++ serefpolicy-3.7.7/policy/modules/kernel/corenetwork.te.in	2010-01-15 09:09:38.000000000 -0500
@@ -65,6 +65,7 @@
 type server_packet_t, packet_type, server_packet_type;
@ -5891,8 +5891,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
 network_port(dccm, tcp,5679,s0, udp,5679,s0)
 -network_port(dhcpc, udp,68,s0)
 -network_port(dhcpd, udp,67,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0, tcp,7911,s0)
-+network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0, udp,547,s0, tcp, 547,s0)
+network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0)
-+network_port(dhcpd, udp,67,s0, udp,548,s0, tcp, 548,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0, tcp,7911,s0)
+network_port(dhcpd, udp,67,s0, udp,547,s0, tcp, 547,s0, udp,548,s0, tcp, 548,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0, tcp,7911,s0)
 network_port(dict, tcp,2628,s0)
 network_port(distccd, tcp,3632,s0)
 network_port(dns, udp,53,s0, tcp,53,s0)
@ -11572,7 +11572,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.7.7/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2009-08-14 16:14:31.000000000 -0400
-+++ serefpolicy-3.7.7/policy/modules/services/apache.te	2010-01-11 09:53:58.000000000 -0500
+++ serefpolicy-3.7.7/policy/modules/services/apache.te	2010-01-15 14:47:16.000000000 -0500
@@ -19,6 +19,8 @@
 # Declarations
 #
@ -11764,7 +11764,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 manage_dirs_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
 manage_files_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
 manage_lnk_files_pattern(httpd_t, httpd_cache_t, httpd_cache_t)
-+files_var_filetrans(httpd_t, httpd_cache_t, dir)
+files_var_filetrans(httpd_t, httpd_cache_t, { file dir })
 # Allow the httpd_t to read the web servers config files
 allow httpd_t httpd_config_t:dir list_dir_perms;
@ -16488,26 +16488,26 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.fc serefpolicy-3.7.7/policy/modules/services/git.fc
 --- nsaserefpolicy/policy/modules/services/git.fc	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.7/policy/modules/services/git.fc	2010-01-14 15:37:45.000000000 -0500
+++ serefpolicy-3.7.7/policy/modules/services/git.fc	2010-01-15 16:56:35.000000000 -0500
@@ -1,3 +1,12 @@
 -/var/cache/cgit(/.*)?		gen_context(system_u:object_r:httpd_git_script_rw_t,s0)
 -/var/lib/git(/.*)?		gen_context(system_u:object_r:httpd_git_content_t,s0)
 -/var/www/cgi-bin/cgit	--	gen_context(system_u:object_r:httpd_git_script_exec_t,s0)
-+HOME_DIR/public_git(/.*)?			gen_context(system_u:object_r:gitd_session_content_t, s0)
+HOME_DIR/public_git(/.*)?			gen_context(system_u:object_r:git_session_content_t, s0)
-+HOME_DIR/\.gitconfig		--		gen_context(system_u:object_r:gitd_session_content_t, s0)
+HOME_DIR/\.gitconfig		--		gen_context(system_u:object_r:git_session_content_t, s0)
 +
-+/srv/git(/.*)?					gen_context(system_u:object_r:gitd_system_content_t, s0)
+/srv/git(/.*)?					gen_context(system_u:object_r:git_system_content_t, s0)
 +
 +/usr/libexec/git-core/git-daemon	--	gen_context(system_u:object_r:gitd_exec_t, s0)
 +
 +/var/cache/cgit(/.*)?				gen_context(system_u:object_r:httpd_git_script_rw_t,s0)
 +/var/www/cgi-bin/cgit		--		gen_context(system_u:object_r:httpd_git_script_exec_t,s0)
 +
-+/var/lib/git(/.*)?				gen_context(system_u:object_r:gitd_system_content_t, s0)
+/var/lib/git(/.*)?				gen_context(system_u:object_r:git_system_content_t, s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.if serefpolicy-3.7.7/policy/modules/services/git.if
 --- nsaserefpolicy/policy/modules/services/git.if	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.7/policy/modules/services/git.if	2010-01-14 16:07:07.000000000 -0500
+++ serefpolicy-3.7.7/policy/modules/services/git.if	2010-01-15 16:56:37.000000000 -0500
@@ -1 +1,535 @@
 -## <summary>GIT revision control system</summary>
 +## <summary>Git - Fast Version Control System.</summary>
@ -16537,7 +16537,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +#
 +interface(`git_session_role',`
 +	gen_require(`
-+		type gitd_session_t, gitd_exec_t;
+		type git_session_t, gitd_exec_t;
 +	')
 +
 +	########################################
@ -16545,17 +16545,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +	# Git daemon session shared declarations.
 +	#
 +
-+	role $1 types gitd_session_t;
+	role $1 types git_session_t;
 +
 +	########################################
 +	#
 +	# Git daemon session shared policy.
 +	#
 +
-+	domtrans_pattern($2, gitd_exec_t, gitd_session_t)
+	domtrans_pattern($2, gitd_exec_t, git_session_t)
 +
-+	allow $2 gitd_session_t:process { ptrace signal_perms };
+	allow $2 git_session_t:process { ptrace signal_perms };
-+	ps_process_pattern($2, gitd_session_t)
+	ps_process_pattern($2, git_session_t)
 +')
 +
 +########################################
@ -16572,8 +16572,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +template(`git_content_template',`
 +
 +	gen_require(`
-+		attribute gitd_system_content;
+		attribute git_system_content;
-+		attribute gitd_content;
+		attribute git_content;
 +	')
 +
 +	########################################
@ -16581,8 +16581,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +	# Git daemon content shared declarations.
 +	#
 +
-+	type gitd_$1_content_t, gitd_system_content, gitd_content;
+	type git_$1_content_t, git_system_content, git_content;
-+	files_type(gitd_$1_content_t)
+	files_type(git_$1_content_t)
 +')
 +
 +########################################
@ -16643,13 +16643,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +
 +	ssh_rw_stream_sockets($1_t)
 +
-+	tunable_policy(`gitd_system_use_cifs',`
+	tunable_policy(`git_system_use_cifs',`
 +		fs_exec_cifs_files($1_t)
 +		fs_manage_cifs_dirs($1_t)
 +		fs_manage_cifs_files($1_t)
 +	')
 +
-+	tunable_policy(`gitd_system_use_nfs',`
+	tunable_policy(`git_system_use_nfs',`
 +		fs_exec_nfs_files($1_t)
 +		fs_manage_nfs_dirs($1_t)
 +		fs_manage_nfs_files($1_t)
@ -16686,13 +16686,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +	manage_files_pattern($1, $2, $2)
 +	files_search_var($1)
 +
-+	tunable_policy(`gitd_system_use_cifs',`
+	tunable_policy(`git_system_use_cifs',`
 +		fs_exec_cifs_files($1)
 +		fs_manage_cifs_dirs($1)
 +		fs_manage_cifs_files($1)
 +	')
 +
-+	tunable_policy(`gitd_system_use_nfs',`
+	tunable_policy(`git_system_use_nfs',`
 +		fs_exec_nfs_files($1)
 +		fs_manage_nfs_dirs($1)
 +		fs_manage_nfs_files($1)
@ -16713,12 +16713,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +#
 +interface(`git_rwx_all_content',`
 +	gen_require(`
-+		attribute gitd_content;
+		attribute git_content;
 +	')
 +
-+	exec_files_pattern($1, gitd_content, gitd_content)
+	exec_files_pattern($1, git_content, git_content)
-+	manage_dirs_pattern($1, gitd_content, gitd_content)
+	manage_dirs_pattern($1, git_content, git_content)
-+	manage_files_pattern($1, gitd_content, gitd_content)
+	manage_files_pattern($1, git_content, git_content)
 +	userdom_search_user_home_dirs($1)
 +	files_search_var($1)
 +
@ -16734,13 +16734,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +		fs_manage_cifs_files($1)
 +	')
 +
-+	tunable_policy(`gitd_system_use_cifs',`
+	tunable_policy(`git_system_use_cifs',`
 +		fs_exec_cifs_files($1)
 +		fs_manage_cifs_dirs($1)
 +		fs_manage_cifs_files($1)
 +	')
 +
-+	tunable_policy(`gitd_system_use_nfs',`
+	tunable_policy(`git_system_use_nfs',`
 +		fs_exec_nfs_files($1)
 +		fs_manage_nfs_dirs($1)
 +		fs_manage_nfs_files($1)
@ -16761,21 +16761,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +#
 +interface(`git_rwx_all_system_content',`
 +	gen_require(`
-+		attribute gitd_system_content;
+		attribute git_system_content;
 +	')
 +
-+	exec_files_pattern($1, gitd_system_content, gitd_system_content)
+	exec_files_pattern($1, git_system_content, git_system_content)
-+	manage_dirs_pattern($1, gitd_system_content, gitd_system_content)
+	manage_dirs_pattern($1, git_system_content, git_system_content)
-+	manage_files_pattern($1, gitd_system_content, gitd_system_content)
+	manage_files_pattern($1, git_system_content, git_system_content)
 +	files_search_var($1)
 +
-+	tunable_policy(`gitd_system_use_cifs',`
+	tunable_policy(`git_system_use_cifs',`
 +		fs_exec_cifs_files($1)
 +		fs_manage_cifs_dirs($1)
 +		fs_manage_cifs_files($1)
 +	')
 +
-+	tunable_policy(`gitd_system_use_nfs',`
+	tunable_policy(`git_system_use_nfs',`
 +		fs_exec_nfs_files($1)
 +		fs_manage_nfs_dirs($1)
 +		fs_manage_nfs_files($1)
@ -16796,21 +16796,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +#
 +interface(`git_rwx_generic_system_content',`
 +	gen_require(`
-+		type gitd_system_content_t;
+		type git_system_content_t;
 +	')
 +
-+	exec_files_pattern($1, gitd_system_content_t, gitd_system_content_t)
+	exec_files_pattern($1, git_system_content_t, git_system_content_t)
-+	manage_dirs_pattern($1, gitd_system_content_t, gitd_system_content_t)
+	manage_dirs_pattern($1, git_system_content_t, git_system_content_t)
-+	manage_files_pattern($1, gitd_system_content_t, gitd_system_content_t)
+	manage_files_pattern($1, git_system_content_t, git_system_content_t)
 +	files_search_var($1)
 +
-+	tunable_policy(`gitd_system_use_cifs',`
+	tunable_policy(`git_system_use_cifs',`
 +		fs_exec_cifs_files($1)
 +		fs_manage_cifs_dirs($1)
 +		fs_manage_cifs_files($1)
 +	')
 +
-+	tunable_policy(`gitd_system_use_nfs',`
+	tunable_policy(`git_system_use_nfs',`
 +		fs_exec_nfs_files($1)
 +		fs_manage_nfs_dirs($1)
 +		fs_manage_nfs_files($1)
@ -16831,11 +16831,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +#
 +interface(`git_read_all_content_files',`
 +	gen_require(`
-+		attribute gitd_content;
+		attribute git_content;
 +	')
 +
-+	list_dirs_pattern($1, gitd_content, gitd_content)
+	list_dirs_pattern($1, git_content, git_content)
-+	read_files_pattern($1, gitd_content, gitd_content)
+	read_files_pattern($1, git_content, git_content)
 +	userdom_search_user_home_dirs($1)
 +	files_search_var($1)
 +
@ -16849,12 +16849,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +		fs_read_cifs_files($1)
 +	')
 +
-+	tunable_policy(`gitd_system_use_cifs',`
+	tunable_policy(`git_system_use_cifs',`
 +		fs_list_cifs($1)
 +		fs_read_cifs_files($1)
 +	')
 +
-+	tunable_policy(`gitd_system_use_nfs',`
+	tunable_policy(`git_system_use_nfs',`
 +		fs_list_nfs($1)
 +		fs_read_nfs_files($1)
 +	')
@ -16874,11 +16874,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +#
 +interface(`git_read_session_content_files',`
 +	gen_require(`
-+		type gitd_session_content_t;
+		type git_session_content_t;
 +	')
 +
-+	list_dirs_pattern($1, gitd_session_content_t, gitd_session_content_t)
+	list_dirs_pattern($1, git_session_content_t, git_session_content_t)
-+	read_files_pattern($1, gitd_session_content_t, gitd_session_content_t)
+	read_files_pattern($1, git_session_content_t, git_session_content_t)
 +	userdom_search_user_home_dirs($1)
 +
 +	tunable_policy(`use_nfs_home_dirs',`
@ -16906,19 +16906,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +#
 +interface(`git_read_all_system_content_files',`
 +	gen_require(`
-+		attribute gitd_system_content;
+		attribute git_system_content;
 +	')
 +
-+	list_dirs_pattern($1, gitd_system_content, gitd_system_content)
+	list_dirs_pattern($1, git_system_content, git_system_content)
-+	read_files_pattern($1, gitd_system_content, gitd_system_content)
+	read_files_pattern($1, git_system_content, git_system_content)
 +	files_search_var($1)
 +
-+	tunable_policy(`gitd_system_use_cifs',`
+	tunable_policy(`git_system_use_cifs',`
 +		fs_list_cifs($1)
 +		fs_read_cifs_files($1)
 +	')
 +
-+	tunable_policy(`gitd_system_use_nfs',`
+	tunable_policy(`git_system_use_nfs',`
 +		fs_list_nfs($1)
 +		fs_read_nfs_files($1)
 +	')
@ -16938,19 +16938,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +#
 +interface(`git_read_generic_system_content_files',`
 +	gen_require(`
-+		type gitd_system_content_t;
+		type git_system_content_t;
 +	')
 +
-+	list_dirs_pattern($1, gitd_system_content_t, gitd_system_content_t)
+	list_dirs_pattern($1, git_system_content_t, git_system_content_t)
-+	read_files_pattern($1, gitd_system_content_t, gitd_system_content_t)
+	read_files_pattern($1, git_system_content_t, git_system_content_t)
 +	files_search_var($1)
 +
-+	tunable_policy(`gitd_system_use_cifs',`
+	tunable_policy(`git_system_use_cifs',`
 +		fs_list_cifs($1)
 +		fs_read_cifs_files($1)
 +	')
 +
-+	tunable_policy(`gitd_system_use_nfs',`
+	tunable_policy(`git_system_use_nfs',`
 +		fs_list_nfs($1)
 +		fs_read_nfs_files($1)
 +	')
@ -16970,11 +16970,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +#
 +interface(`git_relabel_all_content',`
 +	gen_require(`
-+		attribute gitd_content;
+		attribute git_content;
 +	')
 +
-+	relabel_dirs_pattern($1, gitd_content, gitd_content)
+	relabel_dirs_pattern($1, git_content, git_content)
-+	relabel_files_pattern($1, gitd_content, gitd_content)
+	relabel_files_pattern($1, git_content, git_content)
 +	userdom_search_user_home_dirs($1)
 +	files_search_var($1)
 +')
@ -16993,11 +16993,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +#
 +interface(`git_relabel_all_system_content',`
 +	gen_require(`
-+		attribute gitd_system_content;
+		attribute git_system_content;
 +	')
 +
-+	relabel_dirs_pattern($1, gitd_system_content, gitd_system_content)
+	relabel_dirs_pattern($1, git_system_content, git_system_content)
-+	relabel_files_pattern($1, gitd_system_content, gitd_system_content)
+	relabel_files_pattern($1, git_system_content, git_system_content)
 +	files_search_var($1)
 +')
 +
@ -17015,11 +17015,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +#
 +interface(`git_relabel_generic_system_content',`
 +	gen_require(`
-+		type gitd_system_content_t;
+		type git_system_content_t;
 +	')
 +
-+	relabel_dirs_pattern($1, gitd_system_content_t, gitd_system_content_t)
+	relabel_dirs_pattern($1, git_system_content_t, git_system_content_t)
-+	relabel_files_pattern($1, gitd_system_content_t, gitd_system_content_t)
+	relabel_files_pattern($1, git_system_content_t, git_system_content_t)
 +	files_search_var($1)
 +')
 +
@ -17037,51 +17037,51 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +#
 +interface(`git_relabel_session_content',`
 +	gen_require(`
-+		type gitd_session_content_t;
+		type git_session_content_t;
 +	')
 +
-+	relabel_dirs_pattern($1, gitd_session_content_t, gitd_session_content_t)
+	relabel_dirs_pattern($1, git_session_content_t, git_session_content_t)
-+	relabel_files_pattern($1, gitd_session_content_t, gitd_session_content_t)
+	relabel_files_pattern($1, git_session_content_t, git_session_content_t)
 +	userdom_search_user_home_dirs($1)
 +')
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.te serefpolicy-3.7.7/policy/modules/services/git.te
 --- nsaserefpolicy/policy/modules/services/git.te	2009-07-14 14:19:57.000000000 -0400
-+++ serefpolicy-3.7.7/policy/modules/services/git.te	2010-01-14 16:12:14.000000000 -0500
+++ serefpolicy-3.7.7/policy/modules/services/git.te	2010-01-15 17:11:34.000000000 -0500
@@ -1,9 +1,181 @@
 -policy_module(git, 1.0)
-+policy_module(gitd, 1.0.3)
+policy_module(git, 1.0.3)
 +
 +## <desc>
 +## <p>
 +## Allow Git daemon system to search home directories.
 +## </p>
 +## </desc>
-+gen_tunable(gitd_system_enable_homedirs, false)
+gen_tunable(git_system_enable_homedirs, false)
 +
 +## <desc>
 +## <p>
 +## Allow Git daemon system to access cifs file systems.
 +## </p>
 +## </desc>
-+gen_tunable(gitd_system_use_cifs, false)
+gen_tunable(git_system_use_cifs, false)
 +
 +## <desc>
 +## <p>
 +## Allow Git daemon system to access nfs file systems.
 +## </p>
 +## </desc>
-+gen_tunable(gitd_system_use_nfs, false)
+gen_tunable(git_system_use_nfs, false)
 +
 +########################################
 +#
 +# Git daemon global private declarations.
 +#
 +
-+attribute gitd_domains;
+attribute git_domains;
-+attribute gitd_system_content;
+attribute git_system_content;
-+attribute gitd_content;
+attribute git_content;
 +
 +type gitd_exec_t;
 +
@ -17090,13 +17090,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +# Git daemon system private declarations.
 +#
 +
-+type gitd_system_t, gitd_domains;
+type git_system_t, git_domains;
-+inetd_service_domain(gitd_system_t, gitd_exec_t)
+inetd_service_domain(git_system_t, gitd_exec_t)
-+role system_r types gitd_system_t;
+role system_r types git_system_t;
 +
-+type gitd_system_content_t, gitd_system_content, gitd_content;
+type git_system_content_t, git_system_content, git_content;
-+files_type(gitd_system_content_t)
+files_type(git_system_content_t)
-+typealias gitd_system_content_t alias git_data_t;
+typealias git_system_content_t alias git_data_t;
 +
 +########################################
 +#
@ -17109,84 +17109,84 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +## tcp sockets to all unreserved ports.
 +## </p>
 +## </desc>
-+gen_tunable(gitd_session_bind_all_unreserved_ports, false)
+gen_tunable(git_session_bind_all_unreserved_ports, false)
 +
-+type gitd_session_t, gitd_domains;
+type git_session_t, git_domains;
-+application_domain(gitd_session_t, gitd_exec_t)
+application_domain(git_session_t, gitd_exec_t)
-+ubac_constrained(gitd_session_t)
+ubac_constrained(git_session_t)
 +
-+type gitd_session_content_t, gitd_content;
+type git_session_content_t, git_content;
-+userdom_user_home_content(gitd_session_content_t)
+userdom_user_home_content(git_session_content_t)
 +
 +########################################
 +#
 +# Git daemon global private policy.
 +#
 +
-+allow gitd_domains self:fifo_file rw_fifo_file_perms;
+allow git_domains self:fifo_file rw_fifo_file_perms;
-+allow gitd_domains self:netlink_route_socket create_netlink_socket_perms;
+allow git_domains self:netlink_route_socket create_netlink_socket_perms;
-+allow gitd_domains self:tcp_socket { create_socket_perms listen };
+allow git_domains self:tcp_socket { create_socket_perms listen };
-+allow gitd_domains self:udp_socket create_socket_perms;
+allow git_domains self:udp_socket create_socket_perms;
-+allow gitd_domains self:unix_dgram_socket create_socket_perms;
+allow git_domains self:unix_dgram_socket create_socket_perms;
 +
-+corenet_all_recvfrom_netlabel(gitd_domains)
+corenet_all_recvfrom_netlabel(git_domains)
-+corenet_all_recvfrom_unlabeled(gitd_domains)
+corenet_all_recvfrom_unlabeled(git_domains)
 +
-+corenet_tcp_bind_generic_node(gitd_domains)
+corenet_tcp_bind_generic_node(git_domains)
 +
-+corenet_tcp_sendrecv_generic_if(gitd_domains)
+corenet_tcp_sendrecv_generic_if(git_domains)
-+corenet_tcp_sendrecv_generic_node(gitd_domains)
+corenet_tcp_sendrecv_generic_node(git_domains)
-+corenet_tcp_sendrecv_generic_port(gitd_domains)
+corenet_tcp_sendrecv_generic_port(git_domains)
 +
-+corenet_tcp_bind_git_port(gitd_domains)
+corenet_tcp_bind_git_port(git_domains)
-+corenet_sendrecv_git_server_packets(gitd_domains)
+corenet_sendrecv_git_server_packets(git_domains)
 +
-+corecmd_exec_bin(gitd_domains)
+corecmd_exec_bin(git_domains)
 +
-+files_read_etc_files(gitd_domains)
+files_read_etc_files(git_domains)
-+files_read_usr_files(gitd_domains)
+files_read_usr_files(git_domains)
 +
-+fs_search_auto_mountpoints(gitd_domains)
+fs_search_auto_mountpoints(git_domains)
 +
-+kernel_read_system_state(gitd_domains)
+kernel_read_system_state(git_domains)
 +
-+auth_use_nsswitch(gitd_domains)
+auth_use_nsswitch(git_domains)
 +
-+logging_send_syslog_msg(gitd_domains)
+logging_send_syslog_msg(git_domains)
 +
-+miscfiles_read_localization(gitd_domains)
+miscfiles_read_localization(git_domains)
 +
 +########################################
 +#
 +# Git daemon system repository private policy.
 +#
 +
-+list_dirs_pattern(gitd_system_t, gitd_content, gitd_content)
+list_dirs_pattern(git_system_t, git_content, git_content)
-+read_files_pattern(gitd_system_t, gitd_content, gitd_content)
+read_files_pattern(git_system_t, git_content, git_content)
-+files_search_var(gitd_system_t)
+files_search_var(git_system_t)
 +
-+tunable_policy(`gitd_system_enable_homedirs', `
+tunable_policy(`git_system_enable_homedirs', `
-+	userdom_search_user_home_dirs(gitd_system_t)
+	userdom_search_user_home_dirs(git_system_t)
 +')
 +
-+tunable_policy(`gitd_system_enable_homedirs && use_nfs_home_dirs', `
+tunable_policy(`git_system_enable_homedirs && use_nfs_home_dirs', `
-+	fs_list_nfs(gitd_system_t)
+	fs_list_nfs(git_system_t)
-+	fs_read_nfs_files(gitd_system_t)
+	fs_read_nfs_files(git_system_t)
 +')
 +
-+tunable_policy(`gitd_system_enable_homedirs && use_samba_home_dirs', `
+tunable_policy(`git_system_enable_homedirs && use_samba_home_dirs', `
-+	fs_list_cifs(gitd_system_t)
+	fs_list_cifs(git_system_t)
-+	fs_read_cifs_files(gitd_system_t)
+	fs_read_cifs_files(git_system_t)
 +')
 +
-+tunable_policy(`gitd_system_use_cifs', `
+tunable_policy(`git_system_use_cifs', `
-+	fs_list_cifs(gitd_system_t)
+	fs_list_cifs(git_system_t)
-+	fs_read_cifs_files(gitd_system_t)
+	fs_read_cifs_files(git_system_t)
 +')
 +
-+tunable_policy(`gitd_system_use_nfs', `
+tunable_policy(`git_system_use_nfs', `
-+	fs_list_nfs(gitd_system_t)
+	fs_list_nfs(git_system_t)
-+	fs_read_nfs_files(gitd_system_t)
+	fs_read_nfs_files(git_system_t)
 +')
 +
 +########################################
@ -17194,24 +17194,24 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 +# Git daemon session repository private policy.
 +#
 +
-+list_dirs_pattern(gitd_session_t, gitd_session_content_t, gitd_session_content_t)
+list_dirs_pattern(git_session_t, git_session_content_t, git_session_content_t)
-+read_files_pattern(gitd_session_t, gitd_session_content_t, gitd_session_content_t)
+read_files_pattern(git_session_t, git_session_content_t, git_session_content_t)
-+userdom_search_user_home_dirs(gitd_session_t)
+userdom_search_user_home_dirs(git_session_t)
 +
-+userdom_use_user_terminals(gitd_session_t)
+userdom_use_user_terminals(git_session_t)
 +
-+tunable_policy(`gitd_session_bind_all_unreserved_ports', `
+tunable_policy(`git_session_bind_all_unreserved_ports', `
-+	corenet_tcp_bind_all_unreserved_ports(gitd_session_t)
+	corenet_tcp_bind_all_unreserved_ports(git_session_t)
 +')
 +
 +tunable_policy(`use_nfs_home_dirs', `
-+	fs_list_nfs(gitd_session_t)
+	fs_list_nfs(git_session_t)
-+	fs_read_nfs_files(gitd_session_t)
+	fs_read_nfs_files(git_session_t)
 +')
 +
 +tunable_policy(`use_samba_home_dirs', `
-+	fs_list_cifs(gitd_session_t)
+	fs_list_cifs(git_session_t)
-+	fs_read_cifs_files(gitd_session_t)
+	fs_read_cifs_files(git_session_t)
 +')
 +
 +########################################
@ -17231,8 +17231,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/git.
 #
 -apache_content_template(git)
-+git_role_template(git_shell)
+#git_role_template(git_shell)
-+gen_user(git_shell_u, user, git_shell_r, s0, s0)
+#gen_user(git_shell_u, user, git_shell_r, s0, s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpsd.te serefpolicy-3.7.7/policy/modules/services/gpsd.te
 --- nsaserefpolicy/policy/modules/services/gpsd.te	2010-01-07 14:53:53.000000000 -0500
 +++ serefpolicy-3.7.7/policy/modules/services/gpsd.te	2010-01-11 09:53:58.000000000 -0500
@ -25697,7 +25697,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd
 ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd.te serefpolicy-3.7.7/policy/modules/services/sssd.te
 --- nsaserefpolicy/policy/modules/services/sssd.te	2010-01-07 14:53:53.000000000 -0500
-+++ serefpolicy-3.7.7/policy/modules/services/sssd.te	2010-01-11 09:53:58.000000000 -0500
+++ serefpolicy-3.7.7/policy/modules/services/sssd.te	2010-01-15 17:18:18.000000000 -0500
@@ -26,8 +26,8 @@
 #
 # sssd local policy
@ -25723,7 +25723,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sssd
 miscfiles_read_localization(sssd_t)
-+userdom_manage_tmp_role(system_t, sssd_t)
+userdom_manage_tmp_role(system_r, sssd_t)
 +
 optional_policy(`
 	dbus_system_bus_client(sssd_t)